GitHub Enterprise Server 3.6 is now generally available
GitHub Discussions and Audit Log Streaming, new automation features, and security enhancements are available now in GitHub Enterprise Server 3.6. ⌘ Read more
2022 Transparency Report: January to June
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve continued with the more granular reporting we began in our 2021 reports. ⌘ Read more
The next step for LGTM.com: GitHub code scanning!
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com. ⌘ Read more
↳
In-reply-to
»
Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.
⤋ Read More
Progress! so i have moved into working on aggregates. Which are a grouping of events that replayed on an object set the current state of the object. I came up with this little bit of generic wonder.
type PA[T any] interface {
event.Aggregate
*T
}
// Create uses fn to create a new aggregate and store in db.
func Create[A any, T PA[A]](ctx context.Context, es *EventStore, streamID string, fn func(context.Context, T) error) (agg T, err error) {
ctx, span := logz.Span(ctx)
defer span.End()
agg = new(A)
agg.SetStreamID(streamID)
if err = es.Load(ctx, agg); err != nil {
return
}
if err = event.NotExists(agg); err != nil {
return
}
if err = fn(ctx, agg); err != nil {
return
}
var i uint64
if i, err = es.Save(ctx, agg); err != nil {
return
}
span.AddEvent(fmt.Sprint("wrote events = ", i))
return
}
This lets me do something like this:
a, err := es.Create(ctx, r.es, streamID, func(ctx context.Context, agg *domain.SaltyUser) error {
return agg.OnUserRegister(nick, key)
})
I can tell the function the type being modified and returned using the function argument that is passed in. pretty cray cray.
↳
In-reply-to
»
Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.
⤋ Read More
Progress! so i have moved into working on aggregates. Which are a grouping of events that replayed on an object set the current state of the object. I came up with this little bit of generic wonder.
type PA[T any] interface {
event.Aggregate
*T
}
// Create uses fn to create a new aggregate and store in db.
func Create[A any, T PA[A]](ctx context.Context, es *EventStore, streamID string, fn func(context.Context, T) error) (agg T, err error) {
ctx, span := logz.Span(ctx)
defer span.End()
agg = new(A)
agg.SetStreamID(streamID)
if err = es.Load(ctx, agg); err != nil {
return
}
if err = event.NotExists(agg); err != nil {
return
}
if err = fn(ctx, agg); err != nil {
return
}
var i uint64
if i, err = es.Save(ctx, agg); err != nil {
return
}
span.AddEvent(fmt.Sprint("wrote events = ", i))
return
}
This lets me do something like this:
a, err := es.Create(ctx, r.es, streamID, func(ctx context.Context, agg *domain.SaltyUser) error {
return agg.OnUserRegister(nick, key)
})
I can tell the function the type being modified and returned using the function argument that is passed in. pretty cray cray.
GitHub Pages now uses Actions by default
As GitHub Pages, home to 16 million websites, approaches its 15th anniversary, we’re excited to announce that all sites now build and deploy with GitHub Actions. ⌘ Read more
Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. ⌘ Read more
The US put tornadocash on sanction list. Deleted github accounts and source. Since North Korea used it to launder stolen crypto.
And people are surprised that it happened? Github is and never have been a safe place to store code. Tor/i2p is much more safer places to host code. But I understand why people use github, I do so as well for public project, but I also selfhost my other things
New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore. ⌘ Read more
All GitHub Enterprise users now have access to the security overview
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers. ⌘ Read more
Release Radar · July 2022 Edition
While some of us have been wrapping up the financial year, and enjoying vacation time, others have been hard at work shipping open source projects and releases. These projects include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of the open source projects that released major version updates this July. […] ⌘ Read more
Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.
It’s super basic. Using tidwall/wal as the disk backing. The first use case I am playing with is an implementation of msgbus. I can post events to it and read them back in reverse order.
I plan to expand it to handle other event sourcing type things like aggregates and projections.
Find it here: sour-is/ev
@prologic@twtxt.net @movq@www.uninformativ.de @lyse@lyse.isobeef.org
Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.
It’s super basic. Using tidwall/wal as the disk backing. The first use case I am playing with is an implementation of msgbus. I can post events to it and read them back in reverse order.
I plan to expand it to handle other event sourcing type things like aggregates and projections.
Find it here: sour-is/ev
@prologic@twtxt.net @movq@www.uninformativ.de @lyse@lyse.isobeef.org
Ignite Realtime Blog: REST API Openfire plugin 1.9.1 released!
Woopsie doodle! It turns out that a rather annoying bug was introduced in version 1.9.0 of the REST API plugin for Openfire, that we released earlier today!
To avoid unnecessary issues, we’ve decided to follow up with an immediate new release that addresses this issue. … ⌘ Read more
5 simple things you can do with GitHub Packages to level up your workflows
From hosting private packages in a private repository to tightening your security profile with GITHUB_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages. ⌘ Read more
GitHub Availability Report: July 2022
In July, we experienced one incident that resulted in degraded performance for Codespaces. This report also acknowledges two incidents that impacted multiple GitHub.com services in June. ⌘ Read more
Streamline virtual hackathon events with the new Hackathon In The Cloud Experience
Attention all students! Make managing your virtual hackathon events even easier with the new Hackathon In The Cloud Experience. ⌘ Read more
Gitea Container Registry
I am a Gitea fan! I have been for some time now. But it’s always amazing how fast new features are implemented in the self-hosted GitHub alternative. ⌘ Read more
Marketing for maintainers: Promote your project to users and contributors
Marketing your open source project can be intimidating, but three experts share their insider tips and tricks for how to get your hard work on the right people’s radars. ⌘ Read more
GitHub Sponsors available in 30 new regions
GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68. ⌘ Read more
@niplav@niplav.github.io if he’s willing to be even more nerdy he could use https://lojban.org/publications/cll/cll_v1.1_xhtml-section-chunks/section-evidentials.html and possibly color-code them in some less important color than red
Release Radar · June 2022 Edition
It’s been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of these open source projects that released major updates this […] ⌘ Read more
Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more
Planning next to your code – GitHub Projects is now generally available
Today, we are announcing the general availability of the new and improved Projects powered by GitHub Issues. GitHub Projects connects your planning directly to the work your teams are doing in GitHub and flexibly adapts to whatever your team needs at any point. ⌘ Read more
Launching GitHub Community: Powered by GitHub Discussions
Today, we’re launching GitHub Community, which brings together GitHub Community Forum, GitHub Education Forum, and product feedback into a free, in-product, single space for all user-to-user interactions. ⌘ Read more
Introducing even more security enhancements to npm
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm. ⌘ Read more
Tips & tricks for using GitHub projects for personal productivity
GitHub Issues is a core component of how developers get things done and, as we built more project planning capabilities into GitHub, we’ve found some fun and unique ways to use the new projects experience for personal productivity. ⌘ Read more
Here’s how academic research is shaping GitHub Discussions
We strive to understand how developers collaborate and work on GitHub, and we sometimes partner with academics to better understand how we can improve our products. Here’s how we did that to build and evolve GitHub Discussions. ⌘ Read more
6 strategic ways to level up your CI/CD pipeline
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline. ⌘ Read more
Open Source Monthly: July 2022 Edition
July’s Open Source Monthly features Zag.js, which leverages state machines to make framework agnostic components. ⌘ Read more
Research: How GitHub Copilot helps improve developer productivity
We surveyed more than 2,000 developers about whether GitHub Copilot helped them be more productive and improved their coding. Then, we matched this qualitative feedback and subjective perception with quantitative data around objective usage measurements and productivity. ⌘ Read more
Top tips for creating a healthy and sustainable open source community
Read about the six key themes, and tips for each, that ensure sustainable and healthy open source communities. ⌘ Read more
GitHub Availability Report: June 2022
In June, we experienced four incidents resulting in significant impact to multiple GitHub.com services. This report also sheds light into an incident that impacted several GitHub.com services in May. ⌘ Read more
twtxt auf home.bonn.cafe installiert - von github.com:win0err/twtxt
Managing a game dev community with GitHub Actions
A Little Game Called Mario is an open source, collectively developed hell project. Anyone and everyone is welcome to contribute their unique talents to make both the player and developer experience more enjoyable. Find out how the collective leverages GitHub Actions to manage this wonderful little community. ⌘ Read more
Extend your dependency information in the GitHub Dependency Graph with new GitHub Actions
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph. ⌘ Read more
How the GitHub Security Team uses projects and GitHub Actions for planning, tracking, and more
Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly. ⌘ Read more
Write Better Commits, Build Better Projects
High-quality Git commits are the key to a maintainable and collaborative open- or closed-source project. Learn strategies to improve and use commits to streamline your development process. ⌘ Read more
What to do when your open source project becomes a community?
Maintainers answer your questions about how to manage an open source project that grows into a community. ⌘ Read more
Announcing the summer 2022 MLH Fellowship GitHub Contributors
Meet the 2022 MLH Fellowship cohort! This 12-week internship alternative is for aspiring software engineers, and powered by GitHub. ⌘ Read more
The Chromium super (inline cache) type confusion
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome. ⌘ Read more
Improve Git monorepo performance with a file system monitor
Monorepo performance can suffer due to the sheer number of files in your working directory. Git’s new builtin file system monitor makes it easy to speed up monorepo performance. ⌘ Read more
Ignite Realtime Blog: Smack 4.4.6 released
We are happy to announce the release of Smack 4.4.6. For a high-level overview of what’s changed in Smack 4.4.6, check out Smack’s changelog
This release mostly consists of bug fixes, many of them reported by the Jitsi folks. I would like to thank especially Damian Minkov for detailed problem descriptions, for the fruitful collaboration and for various joint bug hunts whi … ⌘ Read more
Improving Git protocol security on GitHub Enterprise Server
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6. ⌘ Read more
GitHub Advisory Database now supports Erlang and Elixir packages!
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more. ⌘ Read more
Highlights from Git 2.37
The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release. ⌘ Read more
Thank you to our maintainers
To celebrate Maintainer Month, GitHub has invested an additional $500,000 to help sponsor the open source projects that it depends on. ⌘ Read more
What’s new in Codespaces for Organizations
We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces. ⌘ Read more
Erlang Solutions: Contract Programming an Elixir approach – Part 1
This series explores the concepts found in Contract Programming and adapts them to the Elixir language. Erlang and BEAM languages, in general, are surrounded by philosophies like “fail fast”, “defensive programming”, and “offensive programming”, and contract programming can be a nice addition. The series is also available on Github.
You will find a lot … ⌘ Read more
No more GitHub Copilot for me
I was an avid user of GitHub Copilot during the technical preview phase. Apparently, as many as 1.2 million developers used Copilot. But now Copilot is out of beta and suddenly costs money. ⌘ Read more
GitHub Copilot is generally available to all developers
We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects. ⌘ Read more
ProcessOne: Announcing ejabberd DEB and RPM Repositories
Today, we are happy to announce our official Linux packages repository: a source of .deb and .rpm packages for ejabberd Community Server. This repository provides a new way for the community to install and upgrade ejabberd.
All details on how to set this up are described on the dedicated website:
 has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices. ⌘ Read more
Graduation is here! Celebrate the Class of 2022, and join GitHub on June 11 🎓
This year, thousands of students from around the world came together and redefined the world we live in, how we learn, and how we move forward. We are honored to be part of the experience and eager to celebrate this milestone. So on June 11 we celebrate the Class of 2022 and welcome them to […] ⌘ Read more
Open Source Monthly – May 2022 Edition
Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors find the right project to contribute to Corporations and individuals find a new project to sponsor Open source maintainers gain more consistent contributors and sponsors […] ⌘ Read more
Enhanced 2FA experience for your npm account
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to the npm registry to make two-factor authentication (2FA) adoption easier for developers. Today, we are launching a public beta for a significantly improved 2FA experience […] ⌘ Read more
@niplav@niplav.github.io Do you have a particular meaning in mind for “long site”, or do you mean all the possible meanings for “long site”?