Being friendly: Strategies for friendly fork management
This is the second and final post in a series describing friendly forks and alternative strategies for managing them. ⌘ Read more

Bringing code navigation to communities
Thanks to the efforts of the Elixir community, GitHub supports code navigation for Elixir repositories. Read how favorite language can add this support too! ⌘ Read more

Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today. ⌘ Read more

GitHub Desktop 3.0 brings better integration for your pull requests
GitHub Desktop 3.0 brings better integration with your GitHub Pull Requests. You can now receive real time notifications and review the status of your check runs for your pull request. ⌘ Read more

Celebrating 40 years of ZX Spectrum ❤️ 💛 💚 💙
The ZX Spectrum, one of the best-selling microcomputers of all time, celebrates its 40 years anniversary today. Read more about how the community is still active - creating new content, archiving old content, and hacking on all sorts of hardware. ⌘ Read more

Removing the stigma of a CVE
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub. ⌘ Read more

5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account. ⌘ Read more

Your guide to GitHub InFocus: Improving the way software development teams work in 2022
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work. ⌘ Read more

Improving Git push times through faster server side hooks
The history of pre-receive hooks, how we discovered that the performance was problematic, and how we went about safely replacing them. ⌘ Read more

Organization profiles leading the way
Organization profiles can now display custom content visible only to members of the organization. A new Member view can be tailored to show an alternative README and pinned private repositories. ⌘ Read more

Codespaces for multi-repository and monorepo scenarios
We’re releasing exciting improvements that will streamline your Codespaces experience when working with multi-repository projects and monorepos. ⌘ Read more

Sharing security expertise through CodeQL packs (Part I)
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities. ⌘ Read more

Highlights from Git 2.36
Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.36. ⌘ Read more

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users. ⌘ Read more

9 wikipedia edits today! yay me! (also a bunch of small scale contributions to other people’s texts: https://niplav.github.io/contributions.html)

Dependabot alerts now surface if your code is calling a vulnerability
Today, we’re shipping a new feature for Dependabot alerts which helps you better understand how you’re affected by a vulnerability. ⌘ Read more

Git security vulnerability announced
Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine. ⌘ Read more

What’s new in GitHub Discussions: Organization Discussions, polls, and more
Today, we’re excited to bring you a few new features that will help you communicate, collaborate, and connect seamlessly with teams and communities about the software you’re building with the help of GitHub Discussions. ⌘ Read more

Performance at GitHub: deferring stats with rack.after_reply
How we sped up GitHub.com by moving slow, non-critical code into rack.after_reply. ⌘ Read more

Release Radar · March 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks on projects that shipped major version releases in March. Babylon.js 5.0 We featured Babylon.js in the November 2020 Release Radar. Since then, Babylon.js has come […] ⌘ Read more

Git Credential Manager: authentication for everyone
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy. ⌘ Read more

Achieving SLSA 3 Compliance with GitHub Actions and Sigstore for Go modules
Learn how to build packages with SLSA 3 provenance using GitHub Actions. ⌘ Read more

My website is very Piling. look at the todo list: https://niplav.github.io/todo.html! i can’t tell you much about how it will look like in a year, but i can tell you that it won’t shrink. it’s piling. everything is piling up, forgotten drafts, half-finished experiments, buggy code—fixed over time, sure, but much more slowly than the errors come rolling in. it’s an eternal struggle.

fifth, small & nifty programs. https://niplav.github.io/code/99_klong/sol.kg being exemplary, but i want to write some more code. every single function there is Done. there is only stuff to remove, if at all, and nothing to add.

GitHub Availability Report: March 2022
In March, we experienced several incidents resulting in significant impact to multiple GitHub services. ⌘ Read more

Prevent the introduction of known vulnerabilities into your code
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code. ⌘ Read more

How Dependabot empowers you to keep your projects secure
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure. ⌘ Read more

4 ways we use GitHub Actions to build GitHub
From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub. ⌘ Read more

Proactively prevent secret leaks with GitHub Advanced Security secret scanning
Organizations with GitHub Advanced Security can now proactively protect against secret leaks with secret scanning’s new push protection feature. ⌘ Read more

How GitHub does take home technical interviews
We believe our technical interviews should be as similar as possible to the way we work at GitHub. ⌘ Read more

GitHub Copilot now available for Visual Studio 2022
GitHub Copilot is now available from Visual Studio 2022 for everyone in the technical preview. ⌘ Read more

for what i’ve invested in my site, it’s now probably time to move it off github.io on my own domain

How to secure your end-to-end supply chain on GitHub
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user accounts, commonly used dependencies, and also build systems. Defending against these attacks is hard, because there’s no one thing you can do to protect your […] ⌘ Read more

Unlock all the GitHub secrets within Next.Tech’s newest experience: Break the Code 2!
GitHub Education is fired up for the return of Next.Tech’s developer community competition: Break the Code 2. We’ve hacked in some new enigmas, cheat codes, and easter eggs for digital sleuths to uncover! ⌘ Read more

An update on recent service disruptions
Over the past few weeks, we have experienced multiple incidents due to the health of our database. We wanted to share what we know about these incidents while our team continues to address them. ⌘ Read more

GitHub Actions: secure self-hosted runners by limiting them to specific workflows
You can now enforce consistent usage of self-hosted runner groups across your organization and enterprise. ⌘ Read more

Improving your GitHub feed
Today, we are rolling out a new beta version of GitHub’s home feed, making it easier to discover projects, developers and more across GitHub. ⌘ Read more

Introducing the GHES repository cache
If you’re a GHES customer with heavy read traffic on your monorepo, check out the repository cache, especially if you have CI workloads distributed around the world. ⌘ Read more

Start working on GitHub Issues faster
You can now create a branch to work on an issue directly from the issue page so that it’s easier to get started right away. ⌘ Read more

Validate all the things: improve your security with input validation!
If there’s one habit that can make software more secure, it’s probably input validation. Here’s how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code. ⌘ Read more

Annotate PDFs on Linux
This post is about a GUI tool called pdfrankestein that
fills a gap on mostly Linux machines where a powerful and easy to use
PDF annotator does not exist.

Adobe Acrobat® on Windows and Mac allow you to add text, drawings and
signatures to PDF documents. This is useful when filling forms or
marking notes to send back to someone. Such a tool with similar
capabilities and easy of use does not exist on Linux. The reason that’s
often cited is that PDF is a c … ⌘ Read more

Release Radar · February 2022 Edition
Our community has shipped lots of open source project updates in the last month. Here’s a few of our staff picks. ⌘ Read more

Back to twtxt from the cli with twet https://github.com/jdtron/twet

Back to twtxt from the cli with twet https://github.com/jdtron/twet

Save time with partial re-runs in GitHub Actions
It is now possible to re-run only failed jobs or a single job in GitHub Actions workflows. ⌘ Read more

Improved management for GitHub Enterprise owners
We’ve introduced several new features to help enterprise owners more easily manage their accounts, including two features now in public beta. ⌘ Read more

GitHub Availability Report: February 2022
In February, we experienced one incident resulting in significant impact to multiple GitHub services. ⌘ Read more

Our response to the war in Ukraine
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers. ⌘ Read more

@niplav@niplav.github.io 3½ hours a week…closing your 30-minute Exercise ring right on the dot, with no extra time?

A new way to understand your GitHub-hosted runner capacity
Explore and understand your overall GitHub-hosted Actions runner capacity with the new runner view. ⌘ Read more

Codespaces for the largest repositories just got faster
The ability to prebuild codespaces is entering public beta. Enable fast environment creation times, regardless of the size and complexity of your repositories. ⌘ Read more

Get started with ease using security workflows!
In-line with the other categories, workflows in the Security category will be recommended based on a repository’s content. ⌘ Read more

GitHub Advisory Database now open to community contributions
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories. ⌘ Read more

Code scanning finds more vulnerabilities using machine learning
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities. ⌘ Read more

Leveraging machine learning to find security vulnerabilities
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts. ⌘ Read more

How to make the most out of a mentoring relationship
Tips from our developer advocates on how and why to find a mentor. ⌘ Read more

Encoding and escaping untrusted data to prevent injection attacks
Practical tips on how to apply OWASP Top 10 Proactive Control C4. ⌘ Read more

GitHub Enterprise Server 3.4 improves developer productivity and adds reusable workflows to CI/CD
The GitHub Enterprise Server 3.4 release candidate delivers enhancements to make life easier and more productive, from keyboard shortcuts to auto-generated release notes! ⌘ Read more

The GitHub Stars in our eyes ⭐️
Over the past year, the GitHub Stars have made a tremendous impact in the community with their influence, inspiring and building communities and creating content to help everyone. ⌘ Read more

Announcing the 2022 MLH Fellowship Cohort, powered by GitHub
The MLH Fellowship, powered by GitHub, is a 12-week internship alternative for aspiring software engineers. Meet the 2022 cohort! ⌘ Read more

Include diagrams in your Markdown files with Mermaid
A picture tells a thousand words. Now you can quickly create and edit diagrams in markdown using words with Mermaid support in your Markdown files. ⌘ Read more

Getting started with project planning on GitHub
Stop context switching. Keep your team’s project planning next to your code. ⌘ Read more

How to start using reusable workflows with GitHub Actions
Reusable workflows offer a simple and powerful way to avoid copying and pasting workflows across your repositories. ⌘ Read more

Coordinated vulnerability disclosure (CVD) for open source projects
A comprehensive guide for vulnerability reporters. ⌘ Read more

Improving the developer experience for Dependabot alerts
Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate. ⌘ Read more

Release Radar · January 2022 Edition
Here’s January’s top staff picks on projects that shipped major version releases. ⌘ Read more

GitHub Availability Report: January 2022
In January, we experienced no incidents resulting in service downtime to our core services. ⌘ Read more

How to build a CI/CD pipeline with GitHub Actions in four simple steps
A quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it. ⌘ Read more

New sponsors-only repositories, custom amounts, and more
Along with the release of sponsors-only repositories, here’s a look at what’s new and what’s next for Sponsors. ⌘ Read more

Will have to take a look at Gogs. Ideally wanting it to be easy to have the same ease-of-use to setup a web page as Github and Gitea.

Code scanning and Ruby: turning source code into a queryable database
A deep dive into how GitHub adds support for new languages to CodeQL. ⌘ Read more

Top-100 npm package maintainers now require 2FA, and additional security-focused improvements to npm
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents. ⌘ Read more

Dependency graph now supports GitHub Actions
The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions! ⌘ Read more

2021 Transparency Report
In GitHub’s latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal. ⌘ Read more

One year ago to the date I made the lastest update for #phpub2twtxt to github and now 365 days later I have published #pixelblog as its successor - lets see where things are going for trip around the sun

Image

Thinking beyond SQL injection: OWASP tips for secure database access
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance. ⌘ Read more

** Notes on 6502 Assembly **
The NES runs a very slightly modified 6502 processor. What follows are some very introductory, and not at all exhaustive notes on 6502 Assembly, or ASM.

If you find this at all interesting, Easy 6502 is a really great introductory primer on 6502 Assembly that lets you get your hands dirty right from a web browser.

Numbers pre … ⌘ Read more

Get ready for Campus TV Season 2: 🌱 New Beginnings
Learn new skills, build projects and meet like-minded students with the latest shows from the GitHub Education Stream Team. ⌘ Read more

Highlights from Git 2.35
The open source Git project just released Git 2.35. Here’s GitHub’s look at some of the most interesting features and changes introduced since last time. ⌘ Read more

For the Wordle players around here (@lyse@lyse.isobeef.org, @xuu@txt.sour.is, @movq@www.uninformativ.de), and for those moments in which you rather cheat, than lose: https://github.com/KevinXuxuxu/wordle_machine. 😂

Release Radar · December 2021 Edition
Many of us were wrapping up projects, emails, events, and getting ready for Christmas. While we were all busy getting ready for the festive season, our community was still hard at work shipping open source ⌘ Read more

GoCN 每日新闻 (2022-01-21)
GoCN 每日新闻 (2022-01-21)

1. stream: go 语言并发通信设计模式的泛型实现https://github.com/devnw/stream
   
2. 一个比” ldflags” 更好的方式来添加构建版本号到 go 二进制的方式：https://levelup.gitconnected.com/a-better-way-than-ldflags-to-add-a-build-version-to-your-go-binaries-2258ce419d2d
   
3. 怎么处理 HTTP 错误” context canceld”[https://www.reddit.com/r/golang/comments/s7o5ay/investigating_context_canceled_http_err … ⌘ Read more

Open source creates value, but how do you measure it?
When digital infrastructure is overlooked by governments, it isn’t just a missed opportunity: policies may inadvertently endanger open source collaboration. ⌘ Read more

引领中国分布式数据库企业技术创新力，平凯星辰获得赛迪顾问报告推荐
近日，赛迪顾问正式发布《2021 中国分布式数据库最具成长价值企业研究报告》， 报告从技术创新力和市场影响力两个维度对中国分布式数据库创新企业进行评估，平凯星辰在技术创新力的维度排名第一。

Image

GoCN 每日新闻（2022-01-20）

1. 从 CPU 角度理解 Go 中的结构体内存对齐https://gocn.vip/topics/20967
   
2. 博客 Go beyond workhttps://changelog.com/gotime/212
   
3. 如何绘制随时间变化的 Go 测试覆盖率https://osinet.fr/go/en/articles/plotting-go-test-coverage/
   
4. Redix v5 一个简单的 KeyValue 存储系统https://github.com/alash3al/redix?_v=5.0.0
   
5. 既然 IP 层会分片，为什么 TCP 层也还要分段[https://mp.weixin.qq.com/s/0boFt8cOAbmjH2IRr7XtY … ⌘ Read more

Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google. ⌘ Read more

GoCN 每日新闻（2022-01-19）

1. Go1.18 新特性：多 Module 工作区模式https://mp.weixin.qq.com/s/Aa9s_ORDVfzbj915aJD5_w
   
2. Go 中的可视化 - 绘制股票信息https://www.ardanlabs.com/blog/2022/01/visualizations-in-go.html
   
3. 带你彻底击溃跳表原理及其 Golang 实现！（内含图解） https://mp.weixin.qq.com/s/5wrHQz_LqeQn3NLuF8yu0A
   
4. go-zero 对接分布式事务 dtm 保姆式教程[https://github.com/Mikaelemmmm/gozerodtm](h … ⌘ Read more

How open source is supporting NASA’s new eyes in space
With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science. ⌘ Read more

关于 Go 代码结构的思考

• 原文地址： https://changelog.com/posts/on-go-application-structure
  
• 原文作者：Jon Calhoun
  
• 本文永久链接： https://github.com/gocn/translator/blob/master/2022/w2_Thoughts_on_how_to_structure_Go_code.md
  
• 译者： lsj1342
  
• 校对： xkkhy、 zhuyaguang
  \*\*\*
  … ⌘ Read more

Golang 的 Elastic 链接库

Elasticsearch 是一个分布式、高扩展、高实时的搜索与数据分析引擎，用于海量文档的搜索。有些项目会将 Elasticsearch 当做存储海量数据的数据库使用，可见其查询性能之高效。作为面向文档的搜索引擎，Elasticsearch 比起传统数据库更偏向于结构化数据的高效查询，其独特的倒排索引更能将查询性能提升至极致。在大数据微服务时代，Elasticsearch 在海量数据搜索、数据挖掘、人工智能领域都起到了关键作用。

go get <span class="s2">"github.com/olivere/elastic/v7"</span>

Elasticsearch 的数据来源通常来自于 Logstash 等数据采集中间件，作为 golang 项目来说，其查询功能的使用更加普遍。
此文章以 V7 版本为例来介绍如何使用 golang 对 Elasticsearch 进行查询。

<span class="k">import</span> <span cla ... ⌘ [Read more](https://gocn.vip/topics/20956)

Top-rated entries from Game Off 2021
Here are the top games created in our annual game jam as rated and reviewed by the developers that made them. Game On! 🤘🏻 ⌘ Read more

How five open source communities are using GitHub Discussions
From answering questions about a new release to fielding feature requests, here’s how five open source communities use GitHub Discussions. ⌘ Read more

The Open Source Software Security Summit: securing the world’s code together
My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit to share how securing open source begins by empowering developers. ⌘ Read more

How we ship GitHub Mobile every week
Learn how the GitHub Mobile Team automates their release process with GitHub Actions. ⌘ Read more

GoCN 每日新闻（2022-01-12）
GoCN 每日新闻（2022-01-12）

1. Go 实现的自动保存 Git 项目中未提交代码https://github.com/nikochiko/autosaved
   
2. Go 中快速、简单的全栈 Web 开发入门工具包https://github.com/mikestefanello/pagoda
   
3. Golang Redis RESP3 客户端，自动流水线并支持客户端缓存https://github.com/rueian/rueidis
   
4. Runtime 不变性检查库[https:/ … ⌘ Read more

Go 模糊测试

• 原文地址： https://tip.golang.org/doc/fuzz/
  
• 原文作者：Go Team
  
• 本文永久链接：https:/github.com/gocn/translator/blob/master/2022/w01_Go_Fuzzing.md
  
• 译者： fivezh
  
• 校对： zxmfke
  

从 Go 1.18 版本开始，标准工具集开始支持模糊测试。

模糊测试（Fuzzing）是一种自动化测试方法，通过不断地控制程序输入来发现程序错误�� … ⌘ Read more

GoCN 每日新闻 (2022-01-10)

1. Minecraft 管理 K8S 集群https://eric-jadi.medium.com/minecraft-as-a-k8s-admin-tool-cf16f890de42
   
2. go ebpf 管理包https://github.com/ehids/ebpfmanager
   
3. Go 错误处理https://earthly.dev/blog/golang-errors/
   
4. Go 中实现用户的每日限额（比如一天只能领三次福利） [https://jueji … ⌘ Read more

GoCN 每日新闻 (2022-01-09)

1. 带你探究 Go 语言的 iotahttps://mp.weixin.qq.com/s/V5iJgcLhCYMZd5l8akfbVQ
   
2. 项目实战：使用 Fiber + Gorm 构建 REST APIhttps://mp.weixin.qq.com/s/RqUOLP-OG_wOpCzxVTAl6w
   
3. Effective Error Handling in Golanghttps://earthly.dev/blog/golang-errors/
   
4. 为什么不在 golang 中构建一个 redis 客户端[https://mauricio.github.io/2022/0 … ⌘ Read more

GoCN 每日新闻 (2022-01-08)

1. Go 1.17.6/1.16.13 版本发布https://groups.google.com/g/golang-announce/c/95ZD3rKn4DI/m/93cyN8F1BAAJ
   
2. 高效的 Go 错误处理https://earthly.dev/blog/golang-errors/
   
3. 从零实现一个 RedisClient 了解 Redis 协议https://mauricio.github.io/2022/01/07/redis-protocol.html
   
4. Golang 简洁架构实战[https://zh … ⌘ Read more

GoCN 每日新闻 (2022-01-07)
GoCN 每日新闻 (2022-01-07)

1. 用 golang 在 tor 网络上安全的私有部署共享文件服务https://github.com/R4yGM/garlicshare
   
2. 一个极速的 golang 全栈 web 开发包https://github.com/mikestefanello/pagoda
   
3. ch 一个 clickhouse 客户端，比 rust 和 c++ 的都快https://github.com/go-faster/ch
   
4. 用 gosec 扫描 go 源码的漏洞[https://jcdan3.medium. … ⌘ Read more