upvote

points

by lemonlime2279 hours ago |
comments
upvoteby dcchuck7 hours ago|
next
[-]
This is a github pages feature. Given an account with the name "example", they can publish static pages to example.github.io

So this being from github.github.io implies it's published by the "github" account on github.

reply
upvoteby eddythompson809 hours ago|
prev|
next
[-]
Why would that be phishy? They own the GitHub org on GitHub, hence github.github.io. I always thought it was a neat recursive/dogfood type thing even if not really that deep. Like when Reddit had /r/reddit.com or twitter having @twitter
reply
upvoteby embedding-shape9 hours ago|
parent|
[-]
When they launched github.io, they said it was for user-generated content, and official stuff will be on github.com. Seemingly that's changed/they forgot, but users seems to have remembered. Microsoft isn't famous for their consistency, so not unexpected exactly.
reply
upvoteby eddythompson809 hours ago|
parent|
[-]
I’m pretty sure they have used it before, or maybe it was githubnext. I’m also pretty sure I have seen many large companies and organizations launch developer facing tools and stuff through GitHub pages. The structure of GitHub pages is pretty simple. You know the user/org from the domain. I’m still not sure what’s phishy about it. Is it a broken promise?
reply
upvoteby DSMan1952767 hours ago|
parent|
[-]
It's phishy because it's breaks the rules people are generally told for avoiding phishing links, mainly that they should pay attention to the domain rather than subdomains. Browser even highlight that part specifically so that you pay attention to it, because you can't fake the real domain. The problem with what GitHub does here is that while `github.github.io` might be the real GitHub, `foobar-github.github.io` is not because anybody can get a github.io via their username, that was part of why they made github.io separate. Additionally they could easily host this via GitHub Pages but still use a custom domain back to github.com, they just don't.

I would say that GitHub is particularly bad about this as they also use `github.blog` for announcements. I'm not sure if they have any others, but then that's the problem, you can't expect people to magically know which of your different domains are and aren't real if you use more than one. They even announced the github.com SSH key change on github.blog.

reply
upvoteby pixl972 hours ago|
parent|
next
[-]
>It's phishy because it's breaks the rules people are generally told for avoiding phishing links

Bank: Avoid phishing links, this is what they look like.

Also bank: Here is an link from our actual marketing department that looks exactly like phishing.

reply
upvoteby resquawk3 hours ago|
parent|
prev|
[-]
Hey, sorry, yes the better link is https://github.github.com/gh-aw/

but we had a redirect set to https://github.github.io/gh-aw/

Both work and we've fixed the redirect now, thanks

reply
upvoteby resquawk2 hours ago|
prev|
next
[-]
Hey, sorry, yes the better link is https://github.github.com/gh-aw/ but we had a redirect set to https://github.github.io/gh-aw/

Both work and we've fixed the redirect now, thanks

reply
upvoteby idan5 hours ago|
prev|
next
[-]
Any github pages site is, by default, ORGNAME.github.io.

We recently moved this out of the githubnext org to the github org, but short of dedicating some route in github.com/whatever, github.github.io is the domain for pages from the github org.

reply
upvoteby hmokiguess9 hours ago|
prev|
next
[-]
So them using their own product makes it phishy? I don’t get it

It’s not like someone else can or could own this link, could they?

reply
upvoteby SkyPuncher7 hours ago|
prev|
[-]
Looks like a pre-release product. This is to lower the branding and reputational risk.
reply