Ben Toews

@mastahyeti

Posts by this author

An illustration of two octocats repairing a robot.

Soft U2F

In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F: a software-based U2F authenticator for macOS. We’ve long been interested in promoting better…

An illustration of two octocats repairing a robot.

HTTPS for GitHub Pages

Millions of people rely on GitHub Pages to host their websites and millions more visit these websites every day. To better protect traffic to GitHub Pages sites, as well as…

An illustration of two octocats repairing a robot.

Two years of bounties

Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users…

An illustration of two octocats repairing a robot.

LIKE injection

Looking through our exception tracker the other day, I ran across a notice from our slow-query logger that caught my eye. I saw a SELECT … WHERE … LIKE query…

An illustration of two octocats repairing a robot.

Subresource Integrity

Like many sites, GitHub uses a content delivery network (CDN) to serve static assets such as JavaScript, CSS, and images to our users. The CDN makes web browsing faster by…

An illustration of two octocats repairing a robot.

Two-factor Authentication

Today we’re adding two-factor authentication to GitHub. When you enable this feature, it adds an additional layer of security to your account. When logging in to GitHub, after providing your…

An illustration of two octocats repairing a robot.

Introducing GitHub Sudo Mode

In the ongoing effort to keep our users safe, we recently took inspiration from the Unix sudo command. We wanted to require password confirmation for dangerous actions on GitHub.com, but…