Git Commit Uruguay: Lowering barriers to make software development more inclusive and diverse
We delivered two different courses specifically designed to help students in the lowest-income neighborhood of Montevideo, Uruguay learn how to use GitHub and understand the value of open source. ⌘ Read more

Hello from GitHub’s new Chief Product Officer
GitHub is in an exciting phase of our journey as the developer community grows significantly every day, and the needs of the community grow and change with it. Today we’re introducing our new Chief Product officer. ⌘ Read more

Circling back to the IsPreferred method. A hasher can define its own IsPreferred method that will be called to check if the current hash meets the complexity requirements. This is good for updating the password hashes to be more secure over time.

func (p *Passwd) IsPreferred(hash string) bool {
	_, algo := p.getAlgo(hash)
	if algo != nil && algo == p.d {

		// if the algorithm defines its own check for preference.
		if ck, ok := algo.(interface{ IsPreferred(string) bool }); ok {
			return ck.IsPreferred(hash)
		}

		return true
	}
	return false
}

https://github.com/sour-is/go-passwd/blob/main/passwd.go#L62-L74

example: https://github.com/sour-is/go-passwd/blob/main/pkg/argon2/argon2.go#L104-L133

Circling back to the IsPreferred method. A hasher can define its own IsPreferred method that will be called to check if the current hash meets the complexity requirements. This is good for updating the password hashes to be more secure over time.

func (p *Passwd) IsPreferred(hash string) bool {
	_, algo := p.getAlgo(hash)
	if algo != nil && algo == p.d {

		// if the algorithm defines its own check for preference.
		if ck, ok := algo.(interface{ IsPreferred(string) bool }); ok {
			return ck.IsPreferred(hash)
		}

		return true
	}
	return false
}

https://github.com/sour-is/go-passwd/blob/main/passwd.go#L62-L74

example: https://github.com/sour-is/go-passwd/blob/main/pkg/argon2/argon2.go#L104-L133

Hold up now, that example hash doesn’t have a $ prefix!

Well for this there is the option for a hash type to set itself as a fall through if a matching hash doesn’t exist. This is good for legacy password types that don’t follow the convention.

func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
	passwd.Register("plain", p)
	passwd.SetFallthrough(p)
}

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L28-L31

Hold up now, that example hash doesn’t have a $ prefix!

Well for this there is the option for a hash type to set itself as a fall through if a matching hash doesn’t exist. This is good for legacy password types that don’t follow the convention.

func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
	passwd.Register("plain", p)
	passwd.SetFallthrough(p)
}

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L28-L31

Here is an example of usage:

func Example() {
	pass := "my_pass"
	hash := "my_pass"

	pwd := passwd.New(
		&unix.MD5{}, // first is preferred type.
		&plainPasswd{},
	)

	_, err := pwd.Passwd(pass, hash)
	if err != nil {
		fmt.Println("fail: ", err)
	}

	// Check if we want to update.
	if !pwd.IsPreferred(hash) {
		newHash, err := pwd.Passwd(pass, "")
		if err != nil {
			fmt.Println("fail: ", err)
		}

		fmt.Println("new hash:", newHash)
	}

	// Output:
	//  new hash: $1$81ed91e1131a3a5a50d8a68e8ef85fa0
}

This shows how one would set a preferred hashing type and if the current version of ones password is not the preferred type updates it to enhance the security of the hashed password when someone logs in.

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L33-L59

Here is an example of usage:

func Example() {
	pass := "my_pass"
	hash := "my_pass"

	pwd := passwd.New(
		&unix.MD5{}, // first is preferred type.
		&plainPasswd{},
	)

	_, err := pwd.Passwd(pass, hash)
	if err != nil {
		fmt.Println("fail: ", err)
	}

	// Check if we want to update.
	if !pwd.IsPreferred(hash) {
		newHash, err := pwd.Passwd(pass, "")
		if err != nil {
			fmt.Println("fail: ", err)
		}

		fmt.Println("new hash:", newHash)
	}

	// Output:
	//  new hash: $1$81ed91e1131a3a5a50d8a68e8ef85fa0
}

This shows how one would set a preferred hashing type and if the current version of ones password is not the preferred type updates it to enhance the security of the hashed password when someone logs in.

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L33-L59

I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

Will A.I. like ChatGPT or GitHub Copilot replace human programmers?
An in-depth analysis. ⌘ Read more

GitHub Copilot is generally available for businesses
GitHub Copilot for Business is officially here with simple license management, organization-wide policy controls, and industry-leading privacy—all for $19 USD per user per month. ⌘ Read more

GitHub Availability Report: November 2022
In November, we experienced two incidents that resulted in degraded performance across GitHub services. This report also sheds light into an incident that impacted Codespaces in October. ⌘ Read more

New npm features for secure publishing and safe consumption
Now you can create tokens with fine-grained permissions for automating your publishing and organization management workflows. And a new code explorer allows you to view content of a package directly in the npm portal. ⌘ Read more

ICYMI: A look back at GitHub Universe 2022
Catch up on everything we announced and see what else happened during this year’s GitHub Universe conference that took place November 9-10. ⌘ Read more

Evil A.I. made in evil ways: ChatGPT & GitHub Copilot
Listen now (26 min) | The Lunduke Journal Podcast - December 4, 2022 ⌘ Read more

Ignite Realtime Blog: Denial of Service Vulnerability in Smack 4.4 if XMPPTCPConnection is used with StAX
The fantastic folks behind Jitsi have discovered a Denial of Service (DoS) vulnerability in Smack ( JSA-2022-0002, [JSA-2022-0003](https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2022-00 … ⌘ Read more

GitHub, accessibility, and the disability divide
We just published our vision for GitHub accessibility at accessibility.github.com. Here’s the TL;DR: the prime directive of the GitHub accessibility program is to empower people with disabilities to build cool technology. ⌘ Read more

Introducing Mona Sans and Hubot Sans
Learn how to use and express yourself with GitHub’s open source variable fonts, Mona Sans and Hubot Sans. ⌘ Read more

How empowering developers helps teams ship secure software faster
AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals. ⌘ Read more

An enterprise account is coming to all Enterprise customers
Administrators, or enterprise owners, have the increased responsibility of managing their account and keeping it secure. We are excited to introduce what is new with enterprise accounts and what is coming soon. ⌘ Read more

NixOS 22.11 released

Image

Hey everyone, we are Martin Weinelt and Janne Heß,
the release managers for this stable release and we are very proud to announce the public availability of NixOS 22.11 “Raccoon”.

This release will receive bugfixes and security updates for seven months (up until 2023-06-30).

… ⌘ Read more

To infinity and beyond: enabling the future of GitHub’s REST API with API versioning
We’re introducing calendar-based versioning for our REST API, so we can keep evolving our API, whilst still giving integrators a smooth migration path and plenty of time to update their integrations. ⌘ Read more

git-bug

Distributed, offline-first bug tracker embedded in git, with bridges

Interesting!

Exciting New GitHub Features Powering Machine Learning
Discover the exciting enhancements in GitHub that empower Machine Learning practitioners to do more. ⌘ Read more

Octoverse 2022: 10 years of tracking open source
How is open source changing the world and impacting businesses? In this year’s Octoverse report, we identified three big trends to watch. ⌘ Read more

The power of GitHub in the palm of your hand
GitHub Mobile helps keep work going while you’re going. Untether yourself from your office. ⌘ Read more

A better way to search, navigate, and understand code on GitHub
Reading code is a hugely important task for developers. That’s why we built GitHub’s new code search—to help developers search, navigate, and understand code written by them, their team, and the world. ⌘ Read more

The journey of your work has never been clearer
In July, we launched the general availability of GitHub Projects, and now we are excited to bring you even more features designed to make it easier to plan and track in the same place you build! ⌘ Read more

Oh wow! 😳 Looks like Mastodon are planning to add support for Twtxt in Add support for Twtxt protocol 😅

Ignite Realtime Blog: Spark 3.0.0 Released
The Ignite Realtime community is happy to announce the release of Spark 3.0.0 version.

We decided to increase major version to 3.x to coincide with a complete UI refresh of Spark which was contributed by Amos. Now Spark uses only FlatLaf Look and Feel. We are very much grateful for his incredible work. Along that Pade Meetings plugin was added by [Dele](https://discourse.igniterealtime. … ⌘ Read more

Introducing GitHub Actions Importer
GitHub Actions Importer helps you forecast, plan, and facilitate migrations from your current CI/CD tool to GitHub Actions. ⌘ Read more

What’s new with Codespaces from GitHub Universe 2022
We’re giving GitHub users 60 free hours each month on Codespaces. Learn what else we shipped for Codespaces at Universe this year. ⌘ Read more

Lunduke’s Normal Computing News - Nov 9, 2022
Listen now (35 min) | Apple worth more than Google + Facebook + Amazon, Microsoft sued for GitHub Copilot, Canonical shows future of Ubuntu ⌘ Read more

Ignite Realtime Blog: Hazelcast plugin version 2.6.1 released!
The Ignite Realtime community is happy to announce the immediate availability of version 2.6.1 of the Hazelcast plugin for Openfire! The Hazelcast plugin is what allows you to deploy Openfire as a clustered solution.

This release includes only one improvement, but that one can bring a significant performance improvement as compared to older versions … ⌘ Read more

Todas as novidades do GitHub Universe 2022
Veja o que estamos construindo para aprimorar a plataforma de desenvolvimento mais integrada e que permite que pessoas desenvolvedoras e empresas impulsionem a inovação com mais facilidade. Quinze anos atrás, estava sendo escrita a primeira linha de código para a construção do GitHub. Desde então, o objetivo tem sido equipar as pessoas desenvolvedoras com tudo […] ⌘ Read more

An open source economy–built by developers, for developers
Investing in our open source future by supporting the maintainers of today. ⌘ Read more

Everything new from GitHub Universe 2022
See what we’re building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease. ⌘ Read more

Understanding the social impact of open source technologies
Here’s how nonprofits and the social sector are using open source to drive social good. ⌘ Read more

The changing nature of governmental policies around open source
In 2022, governments and the policy community spent a lot of time thinking about open source. Here’s what that means and why it matters. ⌘ Read more

Why more companies are investing in open source program offices
By our estimation at GitHub, over 30% of Fortune 100 companies have now implemented OSPOs. Here’s what that means for open source. ⌘ Read more

The importance of improving supply chain security in open source
We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem. ⌘ Read more

Bringing greater financial sustainability to open source communities
We know that companies benefit from open source. That’s why we’re making it easier for companies to financially support projects. ⌘ Read more

Microsoft declares ownership of all Open Source software
Using the “Finders Keepers clause” of the GitHub Terms of Service. ⌘ Read more

GitHub Enterprise Server 3.7 is now generally available
GitHub Enterprise Server 3.7 is available now, including a single view of code risk, new forking and repository policies, and security enhancements to the management console. ⌘ Read more

How to mitigate OWASP vulnerabilities while staying in the flow
Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities ⌘ Read more

Advocating for developers to the US Copyright Office
How GitHub advocated for developer interests at the US Copyright Office technical measures consultations ⌘ Read more

How GitHub converts previously encrypted and unencrypted columns to ActiveRecord encrypted columns
This post is the second part in a series about ActiveRecord::Encryption that shows how GitHub upgrades previously encrypted and unencrypted columns to ActiveRecord::Encryption. ⌘ Read more

GitHub partners with Arm to revolutionize Internet of Things software development with GitHub Actions
Developers creating Internet of Things software use a complex stack of software that needs to be custom built into their CI/CD platform. Arm is leveraging the simplicity and scalability of GitHub Actions with a native integration that will revolutionize IoT software development. ⌘ Read more

GitHub Availability Report: October 2022
In October, we experienced four incidents that resulted in degraded performance across GitHub services. This report also sheds light into an incident that impacted Codespaces in September. ⌘ Read more

Game Off 2022 theme announcement
It’s the moment you’ve all been waiting for. Are you ready? ⌘ Read more

Preview: referencing public code in GitHub Copilot
We will begin to introduce several new capabilities to GitHub Copilot in 2023 to continue delivering responsible innovation and true happiness at the keyboard. ⌘ Read more

All In for Students: expanding the next generation of open source leaders
We are pleased to announce the expansion of All In for Students! All In for Students introduces college students to open source and provides them with the education, technical training and career development to prepare them for a summer internship in tech. ⌘ Read more

Creating a more inclusive security research field
A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles. ⌘ Read more

it uses the queries you define for add/del/set/keys. which corrispond to something like INSERT INTO <table> (key, value) VALUES ($key, $value), DELETE ..., or UPDATE ...

the commands are issued by using the maddycli but not the running maddy daemon.

see https://maddy.email/reference/table/sql_query/

the best way to locate in source is anything that implements the MutableTable interface… https://github.com/foxcpp/maddy/blob/master/framework/module/table.go#L38

it uses the queries you define for add/del/set/keys. which corrispond to something like INSERT INTO <table> (key, value) VALUES ($key, $value), DELETE ..., or UPDATE ...

the commands are issued by using the maddycli but not the running maddy daemon.

see https://maddy.email/reference/table/sql_query/

the best way to locate in source is anything that implements the MutableTable interface… https://github.com/foxcpp/maddy/blob/master/framework/module/table.go#L38

13 tiny, terrific, and terrifying games to hack, slay, and play this Halloween 🧛🏻‍♀️
Some seriously spooktacular open source games for the web, Windows, macOS, and Linux with all sorts of fun hacks for infinite lives, invulnerability, and playing with time. ⌘ Read more

Cybersecurity spotlight on bug bounty researcher @ahacker1
As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program. ⌘ Read more

Release Radar · September 2022 Edition
Hackatoberfest, hackathons, and open source contributions. It’s been a hectic month with so many community pull requests to all kinds of projects. So many in fact that we had to spend hours going through all the submissions for this blog post. We almost didn’t get it out before the end of October. Nevertheless, we are […] ⌘ Read more

Choose your own GitHub Universe 2022 adventure
You can now build your agenda on GitHubUniverse.com! Whether you’re just getting started or you’re a seasoned industry professional, there’s a session for you. ⌘ Read more

What we learned from the Security Lab’s Community Office Hours
TheGitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate. ⌘ Read more

Diversity, inclusion, and belonging at GitHub in 2022
As GitHub continues to grow, our vision of being the home for all developers continues to materialize, expanding our progress, perspectives, and responsibility to the world. ⌘ Read more

3 strategies for consolidating your toolkit and boosting productivity
Explore how GitHub Enterprise can help you transform your software engineering organization and practices. ⌘ Read more

Why and how GitHub encrypts sensitive database columns using ActiveRecord::Encryption
You may know that GitHub encrypts your source code at rest, but you may not have known that we encrypt sensitive database columns as well. Read about our column encryption strategy and our decision to adopt the Rails column encryption standard. ⌘ Read more

Why we’re excited about the Sigstore general availability
The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future. ⌘ Read more

Build a game this November with Game Off 2022
Save the date! Game Off returns on November 1 for it’s 10th year! 🎉 ⌘ Read more

Git Merge 2022 – that’s a wrap! 🎬
Git Merge 2022 just wrapped up bringing the community together for 16 talks, three workshops, one Git Contributor Summit, and lots of great conversations over two days. Read on for more info, photos from the event, and all of the session recordings. ⌘ Read more

Build a game this November with Game Off 2022
Save the date! Game Off returns on November 1 for it’s 10th year! 🎉 ⌘ Read more

Unboxing fork improvements and unwrapping fork docs
We’re always trying to improve the GitHub developer experience in meaningful ways, and we love learning from our customers. In the last several months we released several new fork capabilities, and we’re publishing revised fork documentation that gives more details with clearer explanations to make fork concepts easier to understand. ⌘ Read more

Improving navigation for GitHub Actions
GitHub Actions changed how developers automate workflows with GitHub. Today, we’re introducing a new navigation to manage your GitHub Actions experience, improving discoverability and accessibility as well as opening up future feature opportunities. ⌘ Read more

Git security vulnerabilities announced
Upgrade your local installation of Git, especially when cloning with –recurse-submodules from untrusted repositories, or if you use git shell interactive mode. ⌘ Read more

Introducing fine-grained personal access tokens for GitHub
Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens. ⌘ Read more

Git security vulnerabilities announced
Upgrade your local installation of Git, especially when cloning with `–recurse-submodules` from untrusted repositories, or if you use `git shell` interactive mode. ⌘ Read more

GitHub at the 77th United Nations General Assembly
Read about how the GitHub Social Impact, Tech for Social Good and Policy teams participated in the 77th session of the United Nations General Assembly, including events we hosted with the World Health Organization and the UN Development Programme. ⌘ Read more

5 tips for embedding security into your workflows
Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease. ⌘ Read more

OSI’s Deep Dive is an essential discussion on the future of AI and open source
GitHub is sponsoring Open Source Initiative’s Deep Dive: AI because we think it’s important for the community to unpack how open source software, process, and principles can help best deliver on the promise of AI. ⌘ Read more

Introducing GitHub Advanced Security SIEM integrations for security professionals
Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started. ⌘ Read more

The Story of Scalar
New to Git v2.38, Scalar is a built-in repository manager for large repos. Here, we’ll tell the story of how Scalar went from a rough VFS for Git successor to a fully-integrated Git tool, with all of the engineering lessons learned in the process. ⌘ Read more

The GitHub Universe 2022 agenda is live
Explore 80+ content sessions delivered by over 120 different speakers, across two days and four content tracks, all designed to level up your skills. ⌘ Read more

On the go with GitHub Projects on GitHub Mobile (public beta)
Stay connected and up to date on your work with GitHub Projects on GitHub Mobile, now in public beta. ⌘ Read more

** uxn laboratory **
As I look to assembly nights 2, and think of trying my own take on it, I wanna have a cozy space ready to play with uxn.

The setup I’ve landed on is sort of inspired by plan9port.

• in home directory, create au directory
  
• inu clone uxn and build it
  
• add~/u/uxn/ to your path as $UXN
  
• add$UXN/bin to your path
  
• moving forward we’ll put any and all*.rom files into … ⌘ Read more

RT by @mind_booster: Se quiserem aprender git e a usar o gitlab e github, o @mind_booster da ANSOL vai dar uma introdução online, no âmbito do Hacktoberfest, no próximo dia 13 de outubro das 22h às 23h. Mais info de como assitir e participar aqui:
https://ansol.org/eventos/2022-10-13-hacktoberfest/
Se quiserem aprender git e a usar o gitlab e github, o @mind_booster da ANSOL vai dar uma introdução online, no âmbito do Hacktoberfest, no próximo dia 13 de outubro d … ⌘ Read more

**R to @mind_booster: And in a different kind of contribution, I’ll also be doing a small introductory presentation on git, gitlab and github (in Portuguese), hosted by @ANSOL:

https://ansol.org/eventos/2022-10-13-hacktoberfest/**
And in a different kind of contribution, I’ll also be doing a small introductory presentation on git, gitlab and github (in Portuguese), hosted by @ANSOL:

ansol.org/eventos/2022-10-13…

![](ht … ⌘ Read more

Developers are now included in the WIPO Global Innovation Index
We’re excited that the World Intellectual Property Organization (WIPO) has launched the 2022 edition of its Global Innovation Index (GII) with an indicator of developer creative outputs based on GitHub commits. ⌘ Read more

GitHub’s supply chain security features now support Dart
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts. ⌘ Read more

js13kGames 2022 winners 🏆
The eleventh annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries. ⌘ Read more

Detect secrets in your code more accurately with dry runs for custom patterns now available in GitHub Advanced Security
Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security. ⌘ Read more

GitHub Availability Report: September 2022
In September, we experienced one incident that resulted in degraded performance across GitHub services. We also experienced one incident resulting in significant impact to Codespaces. We are still investigating that incident and will include it in next month’s report. This report also sheds light into an incident that impacted Codespaces in August and an incident that impacted Actions in August. ⌘ Read more

Working on a creative project? Unleash your originality and start to tinker with the Aspiring Creatives Experience
Develop your design and collaboration skills to get your clever intentions off the ground. ⌘ Read more

Two ways you can experience GitHub Universe
GitHub Universe is back and more robust than ever, with two great ways to engage with everything this global developer event has to offer. ⌘ Read more

Expand your open source contributions during Hacktoberfest 2022
Give back to open source projects during the month of October! This year, we’re encouraging more than code contributions: writing, design, advocacy, and financial donations. ⌘ Read more

Highlights from Git 2.38
Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.38. ⌘ Read more

GitHub supports internet freedom and global availability in Iran
Access to the open internet is essential to defending human rights, and developers have an important role in promoting freedom of expression and transparency. GitHub is committed to keeping Iranians connected to the global developer community. ⌘ Read more

After the offer: staying in tech long-term
Tech can be a tricky industry (to say the least). We talked with three tech professionals who share why they stay, what has helped them the most, and the power of switching things up. ⌘ Read more

Best practices on rolling out code scanning at enterprise scale
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO. ⌘ Read more

Meet the GitHub Campus Experts selected for the fall 2022 MLH Fellowship Cohort, powered by GitHub
Three new Campus Experts are joining the fall 2022 batch of the MLH Fellowship to work with open source maintainers and get real-world experience. ⌘ Read more

GitHub for Startups is generally available
We’re launching GitHub for Startups to give your startup the tools needed to go from idea to unicorn status on the world’s largest developer platform. ⌘ Read more

Security alert: new phishing campaign targets GitHub users
On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations. ⌘ Read more

Applications for micro-mentoring at GitHub Universe 2022 are now live
Students have the opportunity to connect with GitHub employees at GitHub Universe 2022 through Micro-Mentoring sessions hosted by GitHub Social Impact. ⌘ Read more

The ReadME Project: Built for you!
The ReadME Project & Podcast evolve with community expert voices and topics to stoke discussion about the culture and craft of software development. ⌘ Read more