KubeCon + CloudNativeCon North America 2024 co-located event deep dive: Platform Engineering Day
Co-chairs: Paula Kennedy, Stacey Potter, Vijay Chintha November 12, 2024 Salt Lake City, Utah Platform Engineering Day focuses on solutions over tooling. We believe that Platform Engineering is a vital practice that helps organizations to increase their speed… ⌘ Read more

Docker Best Practices: Using ARG and ENV in Your Dockerfiles
Learn about the ARG and ENV instructions and explore how to use them in your Dockerfiles to make your images more configurable and easier to maintain. ⌘ Read more

Docker Best Practices: Using Tags and Labels to Manage Docker Image Sprawl
Learn best practices for using tags and labels to manage image sprawl in Docker container workflows. ⌘ Read more

More thoughts about changes to twtxt (as if we haven’t had enough thoughts):

1. There are lots of great ideas here! Is there a benefit to putting them all into one document? Seems to me this could more easily be a bunch of separate efforts that can progress at their own pace:
   

1a. Better and longer hashes.

1b. New possibly-controversial ideas like edit: and delete: and location-based references as an alternative to hashes.

1c. Best practices, e.g. Content-Type: text/plain; charset=utf-8

1d. Stuff already described at dev.twtxt.net that doesn’t need any changes.

1. We won’t know what will and won’t work until we try them. So I’m inclined to think of this as a bunch of draft ideas. Maybe later when we’ve seen it play out it could make sense to define a group of recommended twtxt extensions and give them a name.

2. Another reason for 1 (above) is: I like the current situation where all you need to get started is these two short and simple documents:
   https://twtxt.readthedocs.io/en/latest/user/twtxtfile.html
   https://twtxt.readthedocs.io/en/latest/user/discoverability.html
   and everything else is an extension for anyone interested. (Deprecating non-UTC times seems reasonable to me, though.) Having a big long “twtxt v2” document seems less inviting to people looking for something simple. (@prologic@twtxt.net you mentioned an anonymous comment “you’ve ruined twtxt” and while I don’t completely agree with that commenter’s sentiment, I would feel like twtxt had lost something if it moved away from having a super-simple core.)

3. All that being said, these are just my opinions, and I’m not doing the work of writing software or drafting proposals. Maybe I will at some point, but until then, if you’re actually implementing things, you’re in charge of what you decide to make, and I’m grateful for the work.

@prologic@twtxt.net Thanks for writing that up!

I hope it can remain a living document (or sequence of draft revisions) for a good long time while we figure out how this stuff works in practice.

I am not sure how I feel about all this being done at once, vs. letting conventions arise.

For example, even today I could reply to twt abc1234 with “(#abc1234) Edit: …” and I think all you humans would understand it as an edit to (#abc1234). Maybe eventually it would become a common enough convention that clients would start to support it explicitly.

Similarly we could just start using 11-digit hashes. We should iron out whether it’s sha256 or whatever but there’s no need get all the other stuff right at the same time.

I have similar thoughts about how some users could try out location-based replies in a backward-compatible way (append the replyto: stuff after the legacy (#hash) style).

However I recognize that I’m not the one implementing this stuff, and it’s less work to just have everything determined up front.

Misc comments (I haven’t read the whole thing):

• Did you mean to make hashes hexadecimal? You lose 11 bits that way compared to base32. I’d suggest gaining 11 bits with base64 instead.

• “Clients MUST preserve the original hash” — do you mean they MUST preserve the original twt?

• Thanks for phrasing the bit about deletions so neutrally.

• I don’t like the MUST in “Clients MUST follow the chain of reply-to references…”. If someone writes a client as a 40-line shell script that requires the user to piece together the threading themselves, IMO we shouldn’t declare the client non-conforming just because they didn’t get to all the bells and whistles.

• Similarly I don’t like the MUST for user agents. For one thing, you might want to fetch a feed without revealing your identty. Also, it raises the bar for a minimal implementation (I’m again thinking again of the 40-line shell script).

• For “who follows” lists: why must the long, random tokens be only valid for a limited time? Do you have a scenario in mind where they could leak?

• Why can’t feeds be served over HTTP/1.0? Again, thinking about simple software. I recently tried implementing HTTP/1.1 and it wasn’t too bad, but 1.0 would have been slightly simpler.

• Why get into the nitty-gritty about caching headers? This seems like generic advice for HTTP servers and clients.

• I’m a little sad about other protocols being not recommended.

• I don’t know how I feel about including markdown. I don’t mind too much that yarn users emit twts full of markdown, but I’m more of a plain text kind of person. Also it adds to the length. I wonder if putting a separate document would make more sense; that would also help with the length.

I’m still more in favor of (replyto:…). It’s easier to implement and the whole edits-breaking-threads thing resolves itself in a “natural” way without the need to add stuff to the protocol.

I’d love to try this out in practice to see how well it performs. 🤔 It’s all very theoretical at the moment.

Kubecon + CloudNativeCon North America 2024 co-located event deep dive: Data on Kubernetes Day
Co-chairs: Melissa Logan and Adam DurrNovember 12, 2024Salt Lake City, Utah Organizations like Etsy, Grab, Dish Network, and Chick-fil-A have standardized on Kubernetes and shared best practices for running different types of stateful workloads. Our aim for the… ⌘ Read more

One distinct disadvantage of (replyto:…) over (edit:#): (replyto:…) relies on clients always processing the entire feed – otherwise they wouldn’t even notice when a twt gets updated. a) This is more expensive, b) you cannot edit twts once they get rotated into an archived feed, because there is nothing signalling clients that they have to re-fetch that archived feed.

I guess neither matters that much in practice. It’s still a disadvantage.

I’m not advocating in either direction, btw. I haven’t made up my mind yet. 😅 Just braindumping here.

The (replyto:…) proposal is definitely more in the spirit of twtxt, I’d say. It’s much simpler, anyone can use it even with the simplest tools, no need for any client code. That is certainly a great property, if you ask me, and it’s things like that that brought me to twtxt in the first place.

I’d also say that in our tiny little community, message integrity simply doesn’t matter. Signed feeds don’t matter. I signed my feed for a while using GPG, someone else did the same, but in the end, nobody cares. The community is so tiny, there’s enough “implicit trust” or whatever you want to call it.

If twtxt/Yarn was to grow bigger, then this would become a concern again. But even Mastodon allows editing, so how much of a problem can it really be? 😅

I do have to “admit”, though, that hashes feel better. It feels good to know that we can clearly identify a certain twt. It feels more correct and stable.

Hm.

I suspect that the (replyto:…) proposal would work just as well in practice.

@quark@ferengi.one Mine is a little overkill 😂 but I need to do something for practice:

#!/bin/bash
set -e
trap 'echo "!! Something went wrong...!!"' ERR

#============= Variables ==========#

# Source files
LOCAL_DIR=$HOME/twtxt

TWTXT=$LOCAL_DIR/twtxt.txt
HTML=$LOCAL_DIR/log.html
TEMPLATE=$LOCAL_DIR/template.tmpl

# Destination
REMOTE_HOST=remotHostName     # Host already setup in ~/.ssh/config

WEB_DIR="path/to/html/content"
GOPHER_DIR="path/to/phlog/content"
GEMINI_DIR="path/to/gemini-capsule/content"

DIST_DIRS=("$WEB_DIR" "$GOPHER_DIR" "$GEMINI_DIR")


#============ Functions ===========#

# Building log.html:

build_page() {
	twtxt2html -T $TEMPLATE $TWTXT > $HTML
}

# Bulk Copy files to their destinations:

copy_files() {
	for DIR in "${DIST_DIRS[@]}"; do
    # Copy both `txt` and `html` files to the Web server and only `txt`
    # to gemini and gopher server content folders
		if [ "$DIR" == "$WEB_DIR" ]; then
			scp -C "$TWTXT" "$HTML" "$REMOTE_HOST:$DIR/"
		else
			scp -C "$TWTXT" "$REMOTE_HOST:$DIR/"
		fi
	done
}

#========== Call to functions ===========$

build_page && copy_files

CNCF and the Linux Foundation partner with Unified Patents on a community-driven approach to safeguard open source innovation from patent trolls
Now is the time for the open source ecosystem to band together and find strength in numbers  CNCF and The Linux Foundation are expanding their partnership with Unified Patents to protect open source software from non-practicing entities (NPEs), c … ⌘ Read more

Fine-tuned models are now in limited public beta for GitHub Copilot Enterprise
Fine-tuned models empower organizations to receive code suggestions specifically tailored to their coding practices and internal languages.

The post Fine-tuned models are now in limited public beta for GitHub Copilot Enterprise appeared … ⌘ Read more

@prologic@twtxt.net I believe you when you say registries as designed today do not crawl. But when I first read the spec, it conjured in my mind a search engine. Now I don’t know how things work out in practice, but just based on reading, I don’t see why it can’t be an API for a crawling search engine. (In fact I don’t see anything in the spec indicating registry servers shouldn’t crawl.)

(I also noticed that https://twtxt.readthedocs.io/en/latest/user/registry.html recommends “The registries should sync each others user list by using the users endpoint”. If I understood that right, registering with one should be enough to appear on others, even if they don’t crawl.)

Does yarnd provide an API for finding twts? Is it similar?

How to build an open source metrics dashboard
How GitHub volunteers built an open source metrics dashboard for the World Health Organization and some best practices they picked up along the way.

The post How to build an open source metrics dashboard appeared first on The GitHub Blog. ⌘ Read more

Docker Best Practices: Understanding the Differences Between ADD and COPY Instructions in Dockerfiles
What are Docker ADD/COPY instructions and when should you use them? We explain the differences between the ADD and COPY instructions in Dockerfiles, including when to use each based on security, functionality, and build context. ⌘ Read more

Introducing Docker Build Checks: Optimize Dockerfiles with Best Practices
Find out how the newly released Docker Build checks help your team learn and follow best practices for building container images. ⌘ Read more

Spain Launches Investigation Into Apple’s App Store
Spain’s competition authority has launched an investigation into Apple’s App Store over potential anti-competitive practices that could result in hefty fines (via Reuters).

![](https://images.macrumors.com/article-new/2022/01/iOS-App-Store-General-Feature-Black … ⌘ Read more

Esports for old folks: Nintendo turns classic games into bite-sized challenges
Nintendo World Championships: NES Edition challenges you to practice getting mushrooms as Mario or the Triforce as Link, faster than anyone else. ⌘ Read more

I never felt emotional about my email address, until they tried to take it from me
This shake-up by the telcos goes beyond practical inconvenience. It’s an emotional wrench – a loss of identity. ⌘ Read more

Docker Best Practices: Choosing Between RUN, CMD, and ENTRYPOINT
Learn how to optimize Docker command use with our best practices guide on RUN, CMD, and ENTRYPOINT Dockerfile instructions. ⌘ Read more

Advancing responsible practices for open source AI
Outcomes from the Partnership on AI and GitHub workshop.

The post Advancing responsible practices for open source AI appeared first on The GitHub Blog. ⌘ Read more

Understanding the Docker USER Instruction
Discover best practices and common pitfalls associated with the Docker USER instruction. Also get a hands-on demo to learn the importance of these practices. ⌘ Read more

How to Measure DevSecOps Success: Key Metrics Explained
Discover two key metrics to measure your DevSecOps progression effectively. Learn how tracking security vulnerabilities over time and ensuring compliance with security policies can enhance your organization’s security posture, driving continuous improvement in your DevSecOps practices. ⌘ Read more

IBM Sued by State of Missouri for Racist Hiring Practices
More fallout from the IBM / Red Hat Leaks. ⌘ Read more

Mastering DevSecOps with Devtron: a strategic approach
Member post originally published on the Devtron blog by Nishant As the adoption of Kubernetes continues to grow, organizations encounter numerous challenges in securing their software development and deployment processes. Integrating security practices into DevOps, known as DevSecOps,… ⌘ Read more

Sipeed Lichee Book 4A: Affordable RISC-V Laptop with Upgradeable Computer Module
The Sipeed Lichee Book 4A is a cost-effective laptop utilizing RISC-V architecture, designed primarily for developers interested in exploring this platform. It merges standard laptop features with functionalities tailored to RISC-V, offering a practical tool for both software development and general use. According to recent updates on the company’s social media, the Sipeed Lichee Book … ⌘ Read more

Unlocking the power of unstructured data with RAG
Unstructured data holds valuable information about codebases, organizational best practices, and customer feedback. Here are some ways you can leverage it with RAG , or retrieval-augmented generation.

The post Unlocking the power of unstructured data with RAG appeared first on The GitHub Blog. ⌘ Read more

Does your observability practice lack maturity? Here’s what to do
Member blog post originally published on the Logz.io blog by Jake O’Donnell Observability isn’t new. But organizations are struggling to adopt mature observability practices, and the impact on business is palpable. Organizations are seeing the value of observability for… ⌘ Read more

A step-by-step guide to securely upgrading your EKS clusters
Member post originally published on Fairwinds’s blog by Stevie Caldwell As an agile open source project, Kubernetes continues to evolve, as does the cloud computing landscape. Keeping up with the latest versions isn’t practical for many organizations, and… ⌘ Read more

(Updated) Pimoroni’s NVMe Base Duo Brings New Storage Options to Raspberry Pi 5
This week, Pimoroni introduced the NVMe Base Duo, a new storage solution for Raspberry Pi 5 users. It accommodates either one or two M-key NVMe SSDs, ranging from sizes 2230 to 2280. Designed to enhance the Raspberry Pi 5, this device provides a practical method for expanding storage capacity. Leveraging PCIe Gen 2 technology, the […] ⌘ Read more

Get the first look at CloudNativeSecurityCon North America 2024’s schedule, add-on events, and more
The schedule for CloudNativeSecurityCon North America 2024 is now live, and is filled with 75 sessions offering practical solutions and thoughtful discussions of some of the biggest challenges in security today. The conference will be held June 26… ⌘ Read more

Celebrating 1 year of A11y Design Bootcamp: Takeaways and tips
A11y Design Bootcamp is a live educational program that consists of exercises, discussions, and knowledge shares to raise awareness of web accessibility best practices, the role designers play in creating accessible products, and how to advocate for accessibility with cross-functional partners.

The post [Celebrating 1 year of A11y Design Bootcamp: Takeaways and tips](https://github.blog/2024-05-02-celebrating-1- … ⌘ Read more

Early explorations and practices of Xline, a stateful application managed by Karmada
Member post by DatenLord Background and Motivation More and more IT vendors are now embracing cross-cloud multi-clustering as cloud-native technologies and cloud markets continue to mature. Here’s Flexera’s mid-2023 survey on the cloud-native market’s acceptance of multi-cloud, multi-cluster… ⌘ Read more

WebAssembly on Kubernetes: the practice guide (part 02)
Community post by Seven Cheng | View part one here In the previous article, I gave an overview of Wasm’s features and advantages. I also explained how to run Wasm modules within container environments. In this article, I… ⌘ Read more

Is Your Container Image Really Distroless?
Find out what makes an image distroless, tools that make the creation of distroless images practical, and security benefits of this approach. ⌘ Read more

How to use GitHub Copilot in your IDE: tips, tricks, and best practices
GitHub Copilot is a powerful AI assistant. Learn practical strategies to get the most out of GitHub Copilot to generate the most relevant and useful code suggestions in your editor.

The post How to use GitHub Copilot in your IDE: tips, tricks, and best practices appeared first on [The GitHub Bl … ⌘ Read more

started to stream our maintenance practice: a long overdue revision and update of the uxn tutorial | https://compudanzas.net/maintenance_practice.html

Pimoroni’s NVMe Base Duo Brings New Storage Options to Raspberry Pi 5
This week, Pimoroni introduced the NVMe Base Duo, a new storage solution for Raspberry Pi 5 users. It accommodates either one or two M-key NVMe SSDs, ranging from sizes 2230 to 2280. Designed to enhance the Raspberry Pi 5, this device provides a practical method for expanding storage capacity. Leveraging PCIe Gen 2 technology, the […] ⌘ Read more

Azure Container Registry and Docker Hub: Connecting the Dots with Seamless Authentication and Artifact Cache
See best practices for using public images and ensuring the security and reliability of your Docker containers. ⌘ Read more

How we’re using GitHub Projects to standardize our workflows and stay aligned
Learn how we’re managing feature releases and establishing best practices within and across teams at GitHub using GitHub Projects.

The post How we’re using GitHub Projects to standardize our workflows and stay aligned appeared first on [The GitHub Blog](https://github.blog … ⌘ Read more

6 Docker Security Best Practices for Your Application
This comprehensive guide for developers and operators provides actionable insights to enhance the security and efficiency of Docker applications. ⌘ Read more

Microsoft’s Reading Coach
My English pronunciation can be improved — a lot. But now I can use Microsoft’s Reading Coach. This is a new AI tool for practicing reading (in English). ⌘ Read more

AppSec is harder than you think. Here’s how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.

The post AppSec is harder than you think. Here’s how AI can help. appeared first on The GitHub Blog. ⌘ Read more

5 ways to make your DevSecOps strategy developer-friendly
Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction.

The post 5 ways to make your DevSecOps strategy developer-friendly appeared first on The GitHub Blog. ⌘ Read more

I have been doing interview prep for next year. The problems have been great to get practice and make it fun when compared to the dry solve this you get on hacker rank or code scene.

That and so many great write-ups to explain the problems.

I have been doing interview prep for next year. The problems have been great to get practice and make it fun when compared to the dry solve this you get on hacker rank or code scene.

That and so many great write-ups to explain the problems.

Using Authenticated Logins for Docker Hub in Google Cloud
Learn four best practices that your teams can implement to maintain a secure and reliable software delivery process with Docker Hub in Google Cloud. With these guidelines, you can leverage the benefits of open source software while safeguarding your development workflow. ⌘ Read more

Had a really nice time with my daughter at her volleyball practice today, all parents got to play against the kids, it was super fun! Been a long time since I’ve had this much fun, was so nice to be there with her tonight!

The ultimate gifts for the developer in your life this holiday season
If you’re on the hunt for the perfect holiday gifts for the developer who has it all, look no further. We’ve curated a list of 10 must-have items (plus a few more) that strike the perfect balance between practicality and style.

The post [The ultimate gifts for the developer in your life this holiday season](https://github.blog/2023-12-04-the-ultimate-gifts-for-the-developer-in-your-life-this-holid … ⌘ Read more

Ignite Realtime Blog: New Openfire plugin: Reporting Account Affiliations
I’m excited to announce a new Openfire plugin: the Reporting Account Affiliations Plugin!

This plugin implements a new prototype XMPP extension of the same name.

To quote the specification:

In practice, a server may not trust all accounts equally. For example, if a server offers anonymous access or open registration, it … ⌘ Read more

Security best practices for authors of GitHub Actions
Improve your GitHub Action’s security posture by securing your source repository, protecting your maintainers, and making it easy to report security incidents.

The post Security best practices for authors of GitHub Actions appeared first on The GitHub Blog. ⌘ Read more

Erlang Solutions: The Future Trends of Sustainability in Programming Software

Future sustainability changes are now impacting almost every sector worldwide, and both the wider tech sector and programming as a profession aren’t exempt from this trend. As everyone continues to … ⌘ Read more

Watch YouTube Without Ads with FreeTube for Mac, Windows, Linux
YouTube is the webs most popular video site by a long shot, practically serving as a television replacement for millions. But as any Youtube viewer knows, the ads can be very aggressive and there are times where you’ll have to watch a 30 second ad before you can watch one minute of content, which is … Read More ⌘ Read more

logs/blog: words pointing to the sharp blade of practice; garden/food: new recipes

How to communicate like a GitHub engineer: our principles, practices, and tools
Learn more about how we use GitHub to build GitHub, how we turned our guiding communications principles into prescriptive practices to manage our internal communications signal-to-noise ratio, and how you can contribute to the ongoing conversation.

The post [How to communicate like a GitHub engineer: our principles, practices, and tools](https://github.blog/2023-10-04-how-to-commu … ⌘ Read more

Announcing Udemy + Docker Partnership
Docker and Udemy announced a new partnership at DockerCon to give developers a clear, defined, accessible path for learning how to use Docker, best practices, advanced concepts, and everything in between. As the #1 rated online course platform (as ranked by Stack Overflow), Udemy will be the first to house Docker-accredited content and customized learning paths to provide developers with the latest training materials on how to best use Docker tools. ⌘ Read more

Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain
We are excited to announce that Docker Scout General Availability (GA) now allows developers to continuously evaluate container images against a set of out-of-the-box policies, aligned with software supply chain best practices. These new capabilities also include a full suite of integrations enabling you to attain visibility from development into production. These updates strengthen Docker Scout’s position as integral to the software s … ⌘ Read more

Hardening repositories against credential theft
Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.

The post Hardening repositories against credential theft appeared first on The GitHub Blog. ⌘ Read more

Erlang Solutions: 5 ways Elixir programming can improve business performance
Elixir is a simple, lightweight programming language that is built on top of the Erlang virtual machine. It offers straightforward syntax, impressive performance and a raft of powerful features. It uses your digital resources in the most efficient way.

This is all very well, but what does that mean in practice? Aside from impressing your web development team, what can Elixir do for your business?

In this … ⌘ Read more

Best practices for organizations and teams using GitHub Enterprise Cloud
Learn how you can structure your enterprise to get the most value out of GitHub and provide the best experience for your developers! ⌘ Read more

GitHub achieves ISO/IEC 27701:2019, 27018:2019, and CSA STAR certifications
GitHub’s Information Security and Privacy Management System (ISPMS) has been certified against ISO/IEC 27701:2019 (PII Processor) and 27018:2019 standards, as well as the Cloud Controls Matrix (CCM). These standards and frameworks are internationally recognized for security and privacy program best practices. ⌘ Read more

Erlang Solutions: How to Manage Your RabbitMQ Logs: Tips and Best Practices
RabbitMQ is an open-source message broker software that allows you to build distributed systems and implement message-based architectures. It’s a reliable and scalable messaging system that enables efficient communication between different parts of your application. However, managing RabbitMQ logs can be a challenging task, especially when it’s deployed on a large cluster. In this article, we’ll ta … ⌘ Read more

How to use GitHub Copilot: Prompts, tips, and use cases
In this prompt guide for GitHub Copilot, two GitHub developer advocates, Rizel and Michelle, will share examples and best practices for communicating your desired results to the AI pair programmer. ⌘ Read more

Building a culture of innovation in your business with GitHub
Consider the typical software development practices in an organization. Projects are commonly closed, and causes friction across engineering teams. But open source communities work asynchronously, openly, remotely and at global-scale. What if our internal teams could reuse those same practices? ⌘ Read more

Private vulnerability reporting now generally available
Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities. ⌘ Read more

in practice probably ~all systems with qualia are valenced systems, since valence is the primary axis along which qualia can vary

Building organization-wide governance and re-use for CI/CD and automation with GitHub Actions
Many of us are aware of the benefits that a strong focus on automation can bring, particularly in our development workflow and DevOps lifecycle. But silos across businesses can lead to duplication of effort, and potential to lose out on best practices. In this post, we’ll explore how CI/CD can be shared across your entire organization alongside polici … ⌘ Read more

**RT by @mind_booster: 📢 The @EU_Commission finally launched its long-awaited #RighttoRepair proposal

➡️Despite some good steps, the proposal does not address affordability of #repair, anti-repair practices & is a missed opportunity to make the #RighttoRepair universal!

🔽Quick analysis in the🧵**
📢 The @EU_Commission finally launched its long-awaited #RighttoRepair proposal

➡️Despite some good steps, the pr … ⌘ Read more

Responsible AI pair programming with GitHub Copilot
GitHub Copilot boosts developer productivity, but using it responsibly still requires good developer and DevSecOps practices. ⌘ Read more

** Accessibility and the product person **
This post is a slightly modified version of a talk I presented to the product practice at my work. It presents a few ways that product designers and managers can help to move accessibility forward. It is a little bit different than what I normally share, here, but, I thought it may be interesting to some folks.

[![Picture of a slide with the title “Why though?” It also includes a quote from Kat Holmes’ book Mismatch. The quote reads: “There are many challeng … ⌘ Read more

5 Developer Workstation Security Best Practices
Learn how Hardened Docker Desktop can help you follow the five most critical developer workstation security best practices. ⌘ Read more

Announcing the launch of the All In for Maintainers DEI Resource Hub
The DEI Resource Hub is a vetted collection of resources, tools, and best practices designed to help open source maintainers create and maintain inclusive and diverse open source communities. ⌘ Read more

Introducing required workflows and configuration variables to GitHub Actions
Now, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes. ⌘ Read more

GitHub Gives 2022: Creating positive, lasting contributions in our communities
This year, we took GitHub Gives, our company-wide giving campaign, to new heights and wanted to share our learnings to provide best practices in programming a successful hybrid giving campaign for employees. ⌘ Read more

JMP: Writing a Chat Client from Scratch
There are a lot of things that go into building a chat system, such as client, server, and protocol.  Even for only making a client there are lots of areas of focus, such as user experience, features, and performance.  To keep this post a manageable size, we will just be building a client and will use an existing server and protocol (accessing Jabber network services using the XMPP protocol).  We’ll make a practical GUI so we can test things, but not spend too much time on p … ⌘ Read more

the last century was wild: “Her love of tennis included playing naked, with nude tennis ‘a common practice in those days among the more louche members of the middle classes’”, from the Wikipedia article on Enid Blyton.

Developing Go Apps With Docker
Develop Go applications with Docker using these containerization steps, best practices, optimization tips, and more. ⌘ Read more

How to Implement Decentralized Storage Using Docker Extensions
In part one of this two-part series, we discussed the intersection of Web3 and Docker at a conceptual level. Now, it’s time to get our hands dirty and review practical examples involving decentralized storage. ⌘ Read more

3 strategies for consolidating your toolkit and boosting productivity
Explore how GitHub Enterprise can help you transform your software engineering organization and practices. ⌘ Read more

Best practices on rolling out code scanning at enterprise scale
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO. ⌘ Read more

there are actually six hindrances: the original five and thinking about how to practically dovetail the shortest brainfuck quine

Transform your software engineering practices with GitHub Enterprise
Go beyond knowing GitHub as the home of open source and explore how GitHub Enterprise can help you transform your software engineering organization and practices. ⌘ Read more

JMP: Privacy and Threat Modelling
One often hears people ask if a product or service is “good for privacy” or if some practice they intend to incorporate is “good enough” for their privacy needs.  The problem with most such questions is that they often lack the necessary context, called a threat model, in order to even begin to understand how to answer them.  Understanding your own threat model (and making any implicit model you carry more explicit to yourself) is one of the most important steps you can take to im … ⌘ Read more

JMP: Privacy and Threat Modelling
One often hears people ask if a product or service is “good for privacy” or if some practice they intend to incorporate is “good enough” for their privacy needs.  The problem with most such questions is that they often lack the necessary context, called a threat model, in order to even begin to understand how to answer them.  Understanding your own threat model (and making any implicit model you carry more explicit to yourself) is one of the most important steps you can take to im … ⌘ Read more

Paul Schaub: Using Pushdown Automata to verify Packet Sequences
As a software developer, most of my work day is spent working practically by coding and hacking away. Recently though I stumbled across an interesting problem which required another, more theoretical approach;

An OpenPGP message contains of a sequence of packets. There are signatures, encrypted data packets and their accompanying encrypted session keys, compressed data and literal data, the latter being the packet … ⌘ Read more

Join us for OctogatosConf 2022
Live on September 15, 2022, with talks by industry experts in Spanish, Portuguese, and English, on topics including software development, security, technical project management, community, open source, professional development and best practices. ⌘ Read more

In Case You Missed It: Docker Community All-Hands
Get highlights the 6th Docker Community All-Hands, including the latest releases, best practices, and links to all of the talks on YouTube. ⌘ Read more

Dino: Stateless File Sharing: Base implementation
The last few weeks were quite busy for me, but there was also a lot of progress.
I’m happy to say that the base of stateless file sharing is implemented and working.
Let’s explore some of the more interesting topics.

File hashes have some practical applications, such as file validation and duplication detection.
As such, they are part of the [metadata element](https://xmpp.org/extensio … ⌘ Read more

i think in practice people were most convinced by timelines, if not arguments, then observations abt progress.

6 strategic ways to level up your CI/CD pipeline
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline. ⌘ Read more

Prosodical Thoughts: Modernizing XMPP authentication and authorization
We’re excited to announce that we have received funding, from the EU’s
NGI Assure via the NLnet Foundation, to work on
some important enhancements to Prosody and XMPP. Our work will be focusing on
XMPP authentication and authorization, and bringing it up to date with current
and emerging best practices.

What kind of changes are we talking about? Well, there are a few aspects we
are planning to work on. Let’s start with “authent … ⌘ Read more

GitHub Achieves ISO/IEC 27001:2013 Certification!
GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices. ⌘ Read more

Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today. ⌘ Read more

i think posting about personal meditation practice on the EA forum is bad, because personal meditation practice is as relevant to EA as advice on seducing people.

Why everyone should be concerned about Ontario’s critical race theory bill

Image

whether cryptocurrencies are more or less likely to be stable during a multipolar ai takeoff depends on whether our current cryptography is “endgame” or not, i.e. whether it’s in practice basically uncrackable by any advanced actor

Encoding and escaping untrusted data to prevent injection attacks
Practical tips on how to apply OWASP Top 10 Proactive Control C4. ⌘ Read more

The Impacts of an Insecure Software Supply Chain
Today, software regularly integrates open-source code from third-party sources into applications. While this practice empowers developers to create more capable software in a shorter time frame, it brings with it the risk of introducing inadequately vetted code. How aware are we of the security of our open-source code? Most of us use pip or npm […]

The post [The Impacts of an Insecure Software Supply Chain](https://www.docker.com/blog/the-im … ⌘ Read more

Pluriverse instead of Metaverse
This artifact is a follow-up to A Declaration of the Interdependence of Cyberspace, where we introduce the term “pluriverse” and apply it to cyberspace. After the creation of the Declaration, its core stewards were joined by others who were moved by the vision of that artifact, and together, formed Verses. We are a multidisciplinary arts and research collective co-imagining, practicing, and building a commonly-held digital future. ⌘ Read more

DockerCon: What Makes a Successful CFP Submission
The DockerCon 2022 Call for Papers is now open! DockerCon is one of the largest developer events in the world, with over 80,000 developers registering for each of the last two events. At the core of DockerCon is the chance for members of the community to share their tips, tricks, best practices and real-world experiences […]

The post [DockerCon: What Makes a Successful CFP Submission](https://www.docker.com/blog/dockercon-what-makes-a-succe … ⌘ Read more