github_blog 

feeds.twtxt.net

The Github Blog

Recent twts from github_blog

2024 is the biggest global election year in history. What’s at stake for developers?
GitHub is considering what is at stake for our users and platform, how we can take responsible action to support free and fair elections, and how developers contribute to resilient democratic processes.

The post [2024 is the biggest global election year in history. What’s at stake for developers?](https://github.blog/news-insights/policy-news- … ⌘ Read more

⤋ Read More

GitHub named a Leader in the Gartner first-ever Magic Quadrant for AI Code Assistants
This year, as part of its annual Magic Quadrant series, Gartner published a first-of-its-kind report analyzing the state of play in the AI Code Assistants market–and named GitHub a Leader.

The post [GitHub named a Leader in the Gartner first-ever Magic Quadrant for AI Code Assistants](https://github.blog/news-insights/company-news/github-named-a-lead … ⌘ Read more

⤋ Read More

Automating open source: How Ersilia distributes AI models to advance global health equity
Discover how the Ersilia Open Source Initiative accelerates drug discovery by using GitHub Actions to disseminate AI/ML models.

The post [Automating open source: How Ersilia distributes AI models to advance global health equity](https://github.blog/open-source/social-impact/automating-open-source-how-ersilia-distributes-ai-models-to-advance-glo … ⌘ Read more

⤋ Read More

What’s new with GitHub Copilot: July 2024
To enhance your coding experience, AI tools should excel at saving you time with repetitive, administrative tasks, while providing accurate solutions to assist developers. Today, we’re spotlighting three updates designed to increase efficiency and boost developer creativity.

The post What’s new with GitHub Copilot: July 2024 appeared first on [The GitHu … ⌘ Read more

⤋ Read More

How we improved availability through iterative simplification
Solving and staying ahead of problems when scaling up a system of GitHub’s size is a delicate process. Here’s a look at some of the tools in GitHub’s toolbox, and how we’ve used them to solve problems.

The post [How we improved availability through iterative simplification](https://github.blog/engineering/engineering-principles/how-we-improved-availability-through-iterative-simplification/ … ⌘ Read more

⤋ Read More

How to review code effectively: A GitHub staff engineer’s philosophy
GitHub Staff Engineer Sarah Vessels discusses her philosophy of code review, what separates good code review from bad, her strategy for finding and reviewing code, and how to get the most from reviews of her own code.

The post [How to review code effectively: A GitHub staff engineer’s philosophy](https://github.blog/developer-skills/github/how-to-review-code-effectively-a-github-staff-eng … ⌘ Read more

⤋ Read More

How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT
An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.

The post [How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT](https://github.blog/2024-07-17-how-researchers-are-using-github-innovation-graph-data-to-estimate-t … ⌘ Read more

⤋ Read More

Exploring the challenges in creating an accessible sortable list (drag-and-drop)
Drag-and-drop is a highly interactive and visual interface. We often use drag-and-drop to perform tasks like uploading files, reordering browser bookmarks, or even moving a card in solitaire.

The post [Exploring the challenges in creating an accessible sortable list (drag-and-drop)](https://github.blog/2024-07-09-exploring-the-challenges-in-creating-an-accessible-sortable-list- … ⌘ Read more

⤋ Read More

Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The post [Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties](https://github.blog/2024-06-26-attack-of-the-cl … ⌘ Read more

⤋ Read More

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.

The post [Execute c … ⌘ Read more

⤋ Read More

Leveraging technology on the frontlines of emergency: How communities of developers are taking action
From sending emergency alerts about nearby fires to mapping services in refugee camps, developers are taking action to solve global problems.

The post [Leveraging technology on the frontlines of emergency: How communities of developers are taking action](https://github.blog/2024-06-12-leveraging-technology-on-the-frontlines-of-emergenc … ⌘ Read more

⤋ Read More

Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners
The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.

The post Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners appeared first on [The GitHub Blog](https://gi … ⌘ Read more

⤋ Read More

Celebrating 1 year of A11y Design Bootcamp: Takeaways and tips
A11y Design Bootcamp is a live educational program that consists of exercises, discussions, and knowledge shares to raise awareness of web accessibility best practices, the role designers play in creating accessible products, and how to advocate for accessibility with cross-functional partners.

The post [Celebrating 1 year of A11y Design Bootcamp: Takeaways and tips](https://github.blog/2024-05-02-celebrating-1- … ⌘ Read more

⤋ Read More

Empowering accessibility: GitHub’s journey building an in-house Champions program
As part of GitHub’s dedication to accessibility, we expanded our internal accessibility program and scaled up our internal auditing process to help remove or lower barriers for users with disabilities. Then, we empowered employees from various disciplines to drive accessibility efforts within their teams.

The post [Empowering accessibility: GitHub’s journey building an … ⌘ Read more

⤋ Read More

A policy proposal on our approach to deepfake tools and responsible AI
We’re asking for feedback on a proposed Acceptable Use Policy update to address the use of synthetic and manipulated media tools for non-consensual intimate imagery and disinformation while protecting valuable research.

The post [A policy proposal on our approach to deepfake tools and responsible AI](https://github.blog/2024-04-18-a-policy-proposal-on-our-approach-to-deepfake-tools-and-responsib … ⌘ Read more

⤋ Read More

Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.

The post [Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting](htt … ⌘ Read more

⤋ Read More

Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL
Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing.

The post [Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL](https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix … ⌘ Read more

⤋ Read More

Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.

The post [Gaining kernel code execution on an MTE-enabled Pixel 8](https://github.blog/2024-03-18-gaining-kerne … ⌘ Read more

⤋ Read More