Hi devs,
this is my first post on dev.to and I don't know if it is the right place to share my personal website but I want to give you a little in...
For further actions, you may consider blocking this person and/or reporting abuse
What's the point of sharing your public SSH key?
That is a really good question, Jack! I added this because sometimes I don't have my key available. For example on my mobile phone. Then I either tell the one who needs it that she/he can copy it from there.
I don't see a security issue here because the private key can't be generated from the public key.
Also this key is more a temporary key as I always generate a new one for a server. This key is used as first entry key for simplicity and then I replace it with the new one I have generated.
Do you see any security issue when sharing a public key?
I guess I was just under the impression that you would still treat both halves of the SSH key like a password. But I guess I've also never been in a place where I needed SSH access to something where I didn't have the generated keys from that machine already installed.
To be honest it's not possible for me to keep my public key private because I have access to so many different customer's servers.
That's the reason why I create a new key pair for almost every server.
So in most cases, especially when I'm not on my computer, it's just easier for me, to tell someone that she/he can find my public key on my website and I'll replace my key with the new one later.
Ahh.. Ya, that definitely makes sense. Thanks for sharing the insight!
Good point, actually. You give away your public key to some other parties anyway, and you cannot trust them. So yeah, it's a good idea :)
I assume it's mostly a "Hey, you're giving me access to your server. Here's my public key to get access" kind of thing right? I assume there are other scenarios where you'd need to give out the public key?
I can't think of any. I guess even if there are, they fall into 1% of the cases.
Look what I've found: security.stackexchange.com/questio...
Random idea:
I removed the prerender and preconnect instructions for my own domain. That was truely not necessary.
Would you really self-host all external resources including Google Tagmanager and all Google Fonts assets? How would you keep them up-to-date?
How often are fonts updated anyway?
Not that often, but what about Google Tagmanager?
Yup, I had not thought of that...
One
/too much?Darn! You are right. Didn't see that :D thanks!
Did you used a bundle system for your assets? I ask because I saw your CSS assets could be improved by 12% by trimming useless styles (since you talked about optimizations, which is for me the most exciting part of a website). I checked this number using Chrome WebTools Code Coverage. I recently used NPM purify-css, which works like a charm for removing useless CSS rules. Just droping it here :)
Yes, I'm using grunt and grunt-contrib-less to generate my CSS and minify it. Maybe it's not the best compression but GTmetrix tells me my CSS can only be minified one more percent.
I gave purifycss a try:
assets/css/styles.min.cssbefore: 7914 bytesassets/css/styles.min.cssafter: 7289 bytesThat's a good change. π Thank you for the hint!
Bug: if you open either "imprint" or "privacy policy" those links still stay visible but aren't clickable until you close the modal.
Fixed. Thanks for the hint, Ben!