How To Access Private and Deleted Github Repositories Data 

looks like it's been changed

Wow, this was fast! 👍👍

It's complete clickbait. You can't make a private fork of a public repo for that very reason. So the issue is, you made a public fork of a public repo, made a bad commit that you now can't completely purge from the data shared between repos. Well, who's fault is that?

@@xl0xl0xl0 Yes exactly. But another caveat is if you originally have the repo private, then make it public, any internal forks of the repo before it was made public are still accessible publically. But that's really no different than accessing the commit history, since that's just how git works. Also, even if you never sync your fork with the upstream, the commits of the fork are still accessible from the root (but again, that should kind of be expected when you think about it).

@@davidt01 are you sure? I don't think you can make a repo private if it has public forks. Edit: read it the other way around.

So, if the original repo is modified then my forked repo will also be modified?

​@@MsSoldadoRasono it's like a copy of the original repo.

@@MsSoldadoRaso No, just like a commit is not automatically applied to every branch. You can merge any updates to the original repo into the forked repo though

Give him the Malk, Josh

​@@Jinnyfir, inside voices please

​@@joshuan. Sorry, dad... my white friends ...

Doesn't generate the same outrage bait if you don't mention Microsoft.

I cast force push delete commit

@@Kermit2k This is just Microsoft® Git. If you push your API key to a repository, it's on the Internet forever.

​@@toooeseven that is just a commit reversing that commit. I'm not even sure if the stuff like filter-repo gets the kill for real

Wrong. BFG cleaner will do the job. This is a problem with forking, a GitHub feature, not a Git feature.

femboy

I use artix, btw.

​@@Skelterbane69runit?

@@Skelterbane69 you must think you are so much better huh? well I got news for you. you are a flippin nerd!

I use mint, btw

It's not, a private repo is private, but data is shared between forks - for that reason you can't make a private fork of a public repo and vice versa.

@@xl0xl0xl0 is right, commits are not public but their hashes are the same across repo's

I mean they could make it to where if your repo is private and then you fork it, you lose commit history. That would kinda make the fork kinda useless but whatever

​@@xl0xl0xl0 serious software companies should be self hosting their repos.

@@penguin1714 Never ever tamper with git history that has already been shown publicly. Even if it seems to have benefits, you will cause fire and flames among anyone using that code.

Lol my exact thought before I opened the vid

Yeah but you can also just fork one of the hundreds of forks and save yourself from the headache of finding commit hashes

isn't zuyu still online and continuing from where yuzu left off? (legit don't know, not a nintendo guy so I don't use those emus)

I switched to ryujinx, for obvious reasons and it's actually way better, imo. Way more games that can be ran and they also run much smoother.

Calm down guys. I pulled it from the AUR after the court decision. It was there for a little while. It's not really hard to find if you look. I was making a joke.

I guess it's surprising to people that deleting the fork doesn't delete the commits. But really, it's no different than branches I guess.

It was for me a known fact since a guy made some shady commit in a fork of linux source tree and commiting it in his repo in Linus Tornvalds name, as such by using the same URL trick you could think that Linus made a commit implemeting a backdoor. That's even why they added the warning about the commit not being from the repository.

@@davidt01 but that's the whole reasoning behind git to keep a history of everything. The video could be as simple as if you leak your private keys the only solution is to change your keys. End of video. But that doesn't generate the same level of engagement.

@@Kermit2k Right, but it was surprising to most people because they thought their forks were like clones, and that deleting would remove the data.

Consider how many Javascript "devs" out in the world use github, do you think they know how git works? Heck most devs don't even know how git works. No one should be surprised that your stuff is going to be leaked if it's on the internet. The cloud and all SaaS is just someone else's computer.

well, It's literally bots, they post in a blink, not like commenting takes them some time or anything also you'd be surprised by MOs reach, plenty of less tech-literate people from 3rd world countries watch his videos where applicable

I don't think they are researching a ton before they unleash the bots. They probably automatically target videos on topic they choose with enough number of views. Also, anyone who thinks he would never fall for X, opens himself to fall for X.

@@xxXXuser69420XXxx yeah I am from a 3rd world country and I am here to BECOME tech-literate

You're mistaking low effort comments for AI. Easy mistake to make.

​@@xxXXuser69420XXxxpretentious i see

No, that's how GitHub works. Git works like this because it's not designed for this. And GitHub is too lazy to fix it

You mean GitHub. Git is more of a open source version control too.

@@Contractor48 nah this is how git works

Ngl he started yapping so I zoned out a few minutes in, but from what I've heard this isn't a bug. Every SE that's ever used Git would tell you that's basically what Git is all about. Not sure why he mentions API keys at all, pushing API keys to Git/GitHub is bad practice and is only done by incompetent companies/developers, so this is not a concern at all.

@@joopie46614 Because that's what the original article mentions. It's actually pretty common for people to fork a repo and then add their own secrets. But the scary part is deleting the fork doesn't delete the commits in that fork. Yes, it's not a bug, it's just how git and Github works, but a lot of people aren't aware of this.

bruh as if anyone cared, maybe organizations but every single dev is still on gh with the schizos on gitlab

@@xxXXuser69420XXxx plz pull something new, try to build it fingers crossed that it works. There has been a new phenomenon where ppl publish coding books with coded partially generated by LLMs which doesn't work. IMO the snake started eating it's own tail.

@@xxXXuser69420XXxx as for orgs, everyone has a private repo behind a VPN and an admin that locks ppl out once they are out of the project

​@@trailblazingfiveso where are top devs pushing their work to now?

@@trailblazingfive yep, when I noticed Gemini Pro replies were super long, I decided to "teach myself rust" by having it write a program/index for an book then writing the "academic level rust" book itself... a couple lessons in and a few programs after Hello World, the code was completely useless. Same thing when I tried to learn Gradio, it kept writing 150 lines for a shared password protected hello world, I then read Gradio's docs and getting a shared, protected helloworld gradio app was literally like 4 lines of code lol

Fr

Till those pesky sites interfere with no right click features, really messes the nefarious vibe.

Github itself has a doc teaching how to erase secrets (rewriting commit history,modifying blobs and force pushing) If i remember correctly the last step is to contact GitHub and ask for a specific commit to be purged from their servers. I wonder if this would actually delete the commit/blob globally for all the forks, or only for the repo you specifically asked

@@sutirk it seems they can't delete those from forks. from docs: If the commit that introduced the sensitive data exists in any forks, it will continue to be accessible there. You will need to coordinate with the owners of the forks, asking them to remove the sensitive data or delete the fork entirely.

The same issue happens on other version control system products.

what the heck is a gigawatt?

Deleting the repo just does the exact same thing as deleting all branches and tags for git, meaning just removing references to commits To remove those commit completely you would have to run git gc which has to detect dangling reference in the entire tree, and it would have to do that every time a push is not just a cannot be solved by a fast-forward (deleting branch, rebasing, git push --force) You can test this behaviour on your computer and is sometimes use with git reflog to be able to get back a lost commit. As for why it does append with forks it's simple fork are in the same repo than the original project (more efficient in space) just having their own references for branches and tags makes a fork just some cloning references and makes things like pull request way more easy to handles as it is the same as a merge/rebase in the same repository.

are you bot?

🤦

A Turk

most definitely not a bug, it's a feature.. yeah

A lawyer

is tornado cash repo a fork?

Exactly, I'm curious now

Where do you get this 64 from?

you mean corporate sysadmins? it's a high calibre channel.

There is nothing in git called 'fork'. Forking is very much a GitHub thing. Ironic how you don't know this basic thing and start spewing nonsense and downplaying risks like you're some know-it-all. Github's fork gives an illusion that you're copying a repo, which will make users think whatever they do in their own fork isn't accessible from somewhere else. Now reading the docs carefully suggests it's more akin to creating a new branch rather than forking, but again, it's not immediately obvious. And everyone knows not to put api keys in source control but mistakes can happen. There should be a way to undo it/privatise it (yes, the most effective way would be to cycle the api key itself, but github should provide a way to protect it just in case). If you're so much about not making mistakes and mistakes can only be made by "idiots", I hope you never use your undo button, because you shouldn't even have made a mistake to begin with (cause you're not an idiot are you?). An attack vector is an attack vector and downplaying it as skill-issue has only ever caused harm. Making things (somewhat) foolproof goes a long in reducing attack vectors. This is why we have password validation forcing users not just give 1234 as password and call it a day. Please educate yourself on git and cyber security before downplaying risks.

@@Dipj01 the user made a bad commit and pushed it remotely. What do you suggest GH do about it? Commit history is a native Git feature and I don’t care what labels GH adds to repos. His commit, if left long enough, is probably in web archives as well. Should GH purge that for you too? Bottom line is you can’t push a bad commit remote, especially to a public repository. This is chiefly a skill issue.

Too poor

nice joke bro.

💀💀💀💀💀💀💀💀💀💀💀💀💀

Me enjoying real tech freedom from Bangladesh because of having no established digital laws at all

Keep that border near Belarus secure. Keep em out

waaay too complicated. i just print it out and post it on the public noticeboard in the town square. that way, privacy is truly a non issue.

@@bashisobsolete.pythonismyn6321 Please only speak after consulting your brain.

if someone knows the hashes force push doesnt help.

@@mxalltheway isn't the main problem then that github doesn't do garbage collection?

Typical people that think you can "erase" leaked sensitive information. That's how the internet works, once it's out the box, it will never get back in the box. The only way to address key leaks is to change the keys. What's the point of erasing credentials? You gonna keep reusing them after leaking them in the hopes nobody saw?

i tell them to my women friends. open secret is best secret.

we're lacking options in this world