I’ve been kind of goofy these days, especially around computers.

For years I have prided myself on a immaculate infosec record (this is an exaggeration), but sadly, I broke that a couple of days ago when I pushed one of my passwords to GitHub.

I was adding file I/O functionality (storing config and logging) to a script. Halfway through the process, I decided to try it out with my own credentials. It didn’t work as expected, and I somehow thought it was a good idea to make a commit and push it to the repository at this stage.

I completely forgot to create a .gitignore file, and proceeded with the push. Poof! My password and sensitive log file was uploaded to the repo.

It took me a while to discover the incident, and I eventually recreated a repo with the sensitive commit reverted and purged. (The commit could still be accessed via its commit ID, although it’s unlisted in the commits view in the original repo. It seems that GitHub doesn’t automatically remove dangling commits, as evidenced by an 8-year-old dangling commit. To remove such a commit, one needs to contact GitHub support.) I changed my password, and a lesson was learned.

If you find yourself in a similar situation, please refer to Removing sensitive data from a repository on GitHub Help, instead of this random article on the internet.

To be clear, the repository was a private one (since the script still looks like a dirty hack as of now), but it’s always prudent to treat the credentials as compromised and have them regenerated.

On a lighter note, I accidentally formatted the wrong partition today.

I was making backups of my partitions one at a time, and I noted that I was running out of disk space on /. It occurred to me that I can reclaim the space on an already backed up partition to temporarily store images of other partitions, so I created a new ext4 filesystem on sda1. However, for some reasons, I backed up sda2 first instead of sda1. *Oof, *I thought.

Had I formatted sda1 to say, btrfs, I could still more or less recover the old partition from the backup superblocks stored throughout the partition. However, I had overwritten all original superblocks by formatting it in ext4. It wasn’t exactly pleasant to resort to PhotoRec and end up with all my files in one directory (and in a lot of cases PhotoRec either detected many file formats incorrectly or failed to end the recovered file at the right place, leading to trailing data) , but sometimes you have to pay the price for being careless. Silver lining – the files on the partitions turned out to be relatively unimportant.

At least I didn’t run rm -rf / on my machines. (Yes, I know that you have to add the --no-preserve-root flag with GNU coreutils’ rm. BSD FTW!Sorry.)