@prologic@twtxt.net Error handling especially in Go is very tricky I think. Even though the idea is simple, it’s fairly hard to actually implement and use in a meaningful way in my opinion. All this error wrapping or the lack of it and checking whether some specific error occurred is a mess. errors.As(…) just doesn’t feel natural. errors.Is(…) only just. I mainly avoided it. Yesterday evening I actually researched a bit about that and found this article on errors with Go 1.13. It shed a little bit of light, but I still have a long way to go, I reckon.

We tried several things but haven’t found the holy grail. Currently, we have a mix of different styles, but nothing feels really right. And having plenty of different approaches also doesn’t help, that’s right. I agree, error messages often end up getting wrapped way too much with useless information. We haven’t found a solution yet. We just noticed that it kind of depends on the exact circumstances, sometimes the caller should add more information, sometimes it’s better if the callee already includes what it was supposed to do.

To experiment and get a feel for yesterday’s research results I tried myself on the combined log parser and how to signal three different errors. I’m not happy with it. Any feedback is highly appreciated. The idea is to let the caller check (not implemented yet) whether a specific error occurred. That means I have to define some dedicated errors upfront (ErrInvalidFormat, ErrInvalidStatusCode, ErrInvalidSentBytes) that can be used in the err == ErrInvalidFormat or probably more correct errors.Is(err, ErrInvalidFormat) check at the caller.

All three errors define separate error categories and are created using errors.New(…). But for the invalid status code and invalid sent bytes cases I want to include more detail, the actual invalid number that is. Since these errors are already predefined, I cannot add this dynamic information to them. So I would need to wrap them à la fmt.Errorf("invalid sent bytes '%s': %w", sentBytes, ErrInvalidSentBytes"). Yet, the ErrInvalidSentBytes is wrapped and can be asserted later on using errors.Is(err, ErrInvalidSentBytes), but the big problem is that the message is repeated. I don’t want that!

Having a Python and Java background, exception hierarchies are a well understood concept I’m trying to use here. While typing this long message it occurs to me that this is probably the issue here. Anyways, I thought, I just create a ParseError type, that can hold a custom message and some causing error (one of the three ErrInvalid* above). The custom message is then returned at Error() and the wrapped cause will be matched in Is(…). I then just return a ParseError{fmt.Sprintf("invalid sent bytes '%s'", sentBytes), ErrInvalidSentBytes}, but that looks super weird.

I probably need to scrap the “parent error” ParseError and make all three “suberrors” three dedicated error types implementing Error() string methods where I create a useful error messages. Then the caller probably could just errors.Is(err, InvalidSentBytesError{}). But creating an instance of the InvalidSentBytesError type only to check for such an error category just does feel wrong to me. However, it might be the way to do this. I don’t know. To be tried. Opinions, anyone? Implementing a whole new type is some effort, that I want to avoid.

Alternatively just one ParseError containing an error kind enumeration for InvalidFormat and friends could be used. Also seen that pattern before. But that would then require the much more verbose var parseError ParseError; if errors.As(err, &parseError) && parseError.Kind == InvalidSentBytes { … } or something like that. Far from elegant in my eyes.

GitHub Pages now uses Actions by default
As GitHub Pages, home to 16 million websites, approaches its 15th anniversary, we’re excited to announce that all sites now build and deploy with GitHub Actions. ⌘ Read more

Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. ⌘ Read more

New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore. ⌘ Read more

All GitHub Enterprise users now have access to the security overview
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers. ⌘ Read more

Release Radar · July 2022 Edition
While some of us have been wrapping up the financial year, and enjoying vacation time, others have been hard at work shipping open source projects and releases. These projects include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of the open source projects that released major version updates this July. […] ⌘ Read more

5 simple things you can do with GitHub Packages to level up your workflows
From hosting private packages in a private repository to tightening your security profile with GITHUB_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages. ⌘ Read more

GitHub Availability Report: July 2022
In July, we experienced one incident that resulted in degraded performance for Codespaces. This report also acknowledges two incidents that impacted multiple GitHub.com services in June. ⌘ Read more

Streamline virtual hackathon events with the new Hackathon In The Cloud Experience
Attention all students! Make managing your virtual hackathon events even easier with the new Hackathon In The Cloud Experience. ⌘ Read more

Marketing for maintainers: Promote your project to users and contributors
Marketing your open source project can be intimidating, but three experts share their insider tips and tricks for how to get your hard work on the right people’s radars. ⌘ Read more

GitHub Sponsors available in 30 new regions
GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68. ⌘ Read more

Release Radar · June 2022 Edition
It’s been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of these open source projects that released major updates this […] ⌘ Read more

Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more

Planning next to your code – GitHub Projects is now generally available
Today, we are announcing the general availability of the new and improved Projects powered by GitHub Issues. GitHub Projects connects your planning directly to the work your teams are doing in GitHub and flexibly adapts to whatever your team needs at any point. ⌘ Read more

Launching GitHub Community: Powered by GitHub Discussions
Today, we’re launching GitHub Community, which brings together GitHub Community Forum, GitHub Education Forum, and product feedback into a free, in-product, single space for all user-to-user interactions. ⌘ Read more

Introducing even more security enhancements to npm
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm. ⌘ Read more

Pour une poignée de semaines
Ah sapristi, c’était trop beau pour durer ! Mais c’était prévisible, cela arrive tous les ans à la même époque : des *£*#{] de vacances. Il est temps pour moi de mettre ce blog en pause pour quelques semaines, et laisser tomber l’actualité et son commentaire : compte-tenu du rythme d’enfer que les politiciens actuels nous font subir, […] ⌘ Read more

Tips & tricks for using GitHub projects for personal productivity
GitHub Issues is a core component of how developers get things done and, as we built more project planning capabilities into GitHub, we’ve found some fun and unique ways to use the new projects experience for personal productivity. ⌘ Read more

Here’s how academic research is shaping GitHub Discussions
We strive to understand how developers collaborate and work on GitHub, and we sometimes partner with academics to better understand how we can improve our products. Here’s how we did that to build and evolve GitHub Discussions. ⌘ Read more

6 strategic ways to level up your CI/CD pipeline
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline. ⌘ Read more

Open Source Monthly: July 2022 Edition
July’s Open Source Monthly features Zag.js, which leverages state machines to make framework agnostic components. ⌘ Read more

Research: How GitHub Copilot helps improve developer productivity
We surveyed more than 2,000 developers about whether GitHub Copilot helped them be more productive and improved their coding. Then, we matched this qualitative feedback and subjective perception with quantitative data around objective usage measurements and productivity. ⌘ Read more

Gracefully Degrading Home Automation
Over the past two years, I have gradually increased my use of home
automation in our small city apartment. I started with an IKEA TRÅDFRI
light and a button, and today have over 40 devices doing useful things,
saving electricity and making our living more pleasant. I won’t lie: I
have done a lot of this just for fun and learnt quite a bit in the
process. But if it doesn’t eventually result in utility or aesthetics,
then I get rid of it. I can’t stand keeping frivolous s … ⌘ Read more

Top tips for creating a healthy and sustainable open source community
Read about the six key themes, and tips for each, that ensure sustainable and healthy open source communities. ⌘ Read more

GitHub Availability Report: June 2022
In June, we experienced four incidents resulting in significant impact to multiple GitHub.com services. This report also sheds light into an incident that impacted several GitHub.com services in May. ⌘ Read more

Managing a game dev community with GitHub Actions
A Little Game Called Mario is an open source, collectively developed hell project. Anyone and everyone is welcome to contribute their unique talents to make both the player and developer experience more enjoyable. Find out how the collective leverages GitHub Actions to manage this wonderful little community. ⌘ Read more

Extend your dependency information in the GitHub Dependency Graph with new GitHub Actions
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph. ⌘ Read more

How the GitHub Security Team uses projects and GitHub Actions for planning, tracking, and more
Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly. ⌘ Read more

Write Better Commits, Build Better Projects
High-quality Git commits are the key to a maintainable and collaborative open- or closed-source project. Learn strategies to improve and use commits to streamline your development process. ⌘ Read more

What to do when your open source project becomes a community?
Maintainers answer your questions about how to manage an open source project that grows into a community. ⌘ Read more

Announcing the summer 2022 MLH Fellowship GitHub Contributors
Meet the 2022 MLH Fellowship cohort! This 12-week internship alternative is for aspiring software engineers, and powered by GitHub. ⌘ Read more

The Chromium super (inline cache) type confusion
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome. ⌘ Read more

Improve Git monorepo performance with a file system monitor
Monorepo performance can suffer due to the sheer number of files in your working directory. Git’s new builtin file system monitor makes it easy to speed up monorepo performance. ⌘ Read more

Improving Git protocol security on GitHub Enterprise Server
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6. ⌘ Read more

GitHub Advisory Database now supports Erlang and Elixir packages!
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more. ⌘ Read more

Highlights from Git 2.37
The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release. ⌘ Read more

Thank you to our maintainers
To celebrate Maintainer Month, GitHub has invested an additional $500,000 to help sponsor the open source projects that it depends on. ⌘ Read more

What’s new in Codespaces for Organizations
We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces. ⌘ Read more

GitHub Copilot is generally available to all developers
We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects. ⌘ Read more

GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance. ⌘ Read more

Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities ⌘ Read more

nirvash is live - blog post details some design decisions and stuff

Release Radar · May 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. We cover what the project is and some of their breaking changes. Read about the project, and browse their repositories. Without further ado, here are our top staff picks […] ⌘ Read more

The Android kernel mitigations obstacle race
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit. ⌘ Read more

Git Merge 2022
Git Merge, the conference dedicated to bringing the Git community together returns on September 14-15 in Chicago, Illinois. ⌘ Read more

Prebuilding codespaces is generally available
Teams and GHEC customers can now create blazing fast codespaces, even for your largest and most complex projects. ⌘ Read more

GitHub now publishes malware advisories in the GitHub Advisory Database
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community. ⌘ Read more

Accelerating GitHub theme creation with color tooling
Learn why the GitHub Design Infrastructure team built a dedicated color tool and how they use it to create new color palettes for GitHub. ⌘ Read more

How can the United States build its Open Source Software policy?
We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States. ⌘ Read more

Open Source Monthly: June 2022 Edition
June’s Open Source Monthly features Mondos–a community-focused company building software and hardware that designs digital devices with respect for users’ time, attention, and well-being. ⌘ Read more

Implementing a robust digital identity
How can you robustly assert and identify a user’s identity? ⌘ Read more

How we think about browsers
Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience. ⌘ Read more

Dependabot Updates hit GA in GHES
Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance. ⌘ Read more

Introducing Entitlements: GitHub’s open source Identity and Access Management solution
We’re excited to announce that we’re open sourcing our Identity and Access Management solution: Entitlements. ⌘ Read more

Introducing Achievements: recognizing the many stages of a developer’s coding journey
Available in public beta today, we’re announcing Achievements as a new way to commemorate milestones on GitHub. ⌘ Read more

Sunsetting Atom
We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022. ⌘ Read more

One developer’s journey bringing Dependabot to GitHub Enterprise Server
A personal story about building the feature you want and sharing it with the world. ⌘ Read more

Looking at my Feels blog it is clear that I am terrible at coming up with good post titles…

Introducing GitHub Skills
Today, we’re announcing GitHub Skills, a new learning experience to help you throughout your GitHub journey. ⌘ Read more

A beginner’s guide to CI/CD and automation on GitHub
CI/CD and workflow automation are native capabilities on GitHub platform. Here’s how to start using them and speed up your workflows. ⌘ Read more

What’s new in security and user management for GitHub Enterprise
Learn how you can securely manage users with the latest ships for GitHub Enterprise. ⌘ Read more

GitHub Team or Free? How to choose the right plan
Read about all the features you may not have known come on the GitHub Free plan, and how to choose the right plan for you. ⌘ Read more

Welcome to Maintainer Month! 🎉
During the month of June, we’re holding space for open source maintainers to gather, share, and be celebrated. ⌘ Read more

GitHub Availability Report: May 2022
In May, we experienced three distinct incidents resulting in significant impact to multiple services across GitHub.com. This report also sheds light into the billing incident that impacted Actions and Codespaces users in April. ⌘ Read more

Connecting to a private network from GitHub-hosted Actions runners
Several ways for GitHub-hosted Actions runners to connect to resources on your private network. ⌘ Read more

GitHub Sponsors launches in Brazil
GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities. ⌘ Read more

GitHub Enterprise Server 3.5 is now generally available
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security. ⌘ Read more

Top games + source code from Gamedev.js Jam 2022
The recently-ended Gamedev.js Jam 2022 encouraged game developers to create web games and share their sources on GitHub. GitHub Star ⭐️ @end3r shares the best 13 entries and sees what experts and other participants think of them. ⌘ Read more

20 Jahre bloggen! ?~L~X https://notiz.blog/b/68D

npm security update: Attack campaign using stolen OAuth tokens
npm’s impact analysis of the attack campaign using stolen OAuth tokens and additional findings. ⌘ Read more

How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt. ⌘ Read more

Improved REST API documentation
We’re excited to announce some big improvements to our REST API documentation. We know developers rely on this documentation to integrate with GitHub, and we are committed to making it trustworthy, easy to find, and easy to use. ⌘ Read more

GitHub Sponsors launches in India
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away! ⌘ Read more

Eight years of the GitHub Security Bug Bounty program
It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021! ⌘ Read more

Release Radar · April 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks on projects that shipped major version releases in April. Flyte 1.0 I was lucky enough to discover Flyte during Hacktoberfest last year. Now, Flyte has […] ⌘ Read more

Action needed by GitHub Connect customers using GHES 3.1 and older to adopt new authentication token format updates
Upgrade to GHES 3.2 or newer by June 3rd to continue using GitHub Connect. ⌘ Read more

Math support in Markdown
Mathematical expressions are key to information sharing amongst engineers, scientists, data scientists, and mathematicians. Today we are pleased to announce that math expressions can be rendered in Markdown on GitHub using $$ as a delimiter for code blocks with math content or the $ delimiter for inline math expressions. ⌘ Read more

How we’re continuing to enable all developers to build
Learn about what GitHub is doing to make their products more inclusive, and what’s next. ⌘ Read more

Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how. ⌘ Read more

How to measure innersource across your organization
The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization. ⌘ Read more

How we’re using projects to build projects
At GitHub we use GitHub to build our own products, and the new projects experience is no different. Check out how our team uses projects to build powerful project planning for developers. ⌘ Read more

GitHub Achieves ISO/IEC 27001:2013 Certification!
GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices. ⌘ Read more

WPSR ?~L~X https://notiz.blog/b/67X

Gemini capsule
Gemini is a lightweight Internet protocol. It’s heavier than Gopher
but lighter than HTTP(S), especially if combined with all other web
technologies. The name makes sense if Gopher is Project Mercury and
the web is the Apollo program.

One of its uses is to serve gemtext, which is a lightweight
Markdown-like markup language, instead of HTML. Gemini browsers don’t
have support for neither Javascript, nor CSS, nor any of the other new
web technologies. It can be beautiful anyway, s … ⌘ Read more

Gemini capsule
Gemini is a lightweight Internet
protocol. It’s heavier than Gopher but a bit lighter than HTTP(S).
It’s the Gemini programme if Gopher is Mercury and HTTP is Atlas.

One of its uses is to serve gemtext, which is a lightweight
Markdown-like markup language, instead of HTML. Gemini browsers don’t
have support for neither Javascript, nor CSS, nor any of the other new
web technologies. It can be beautiful anyway, see for instance
[Lagrange]( [http … ⌘ Read more

Graduation is here! Celebrate the Class of 2022, and join GitHub on June 11 🎓
This year, thousands of students from around the world came together and redefined the world we live in, how we learn, and how we move forward. We are honored to be part of the experience and eager to celebrate this milestone. So on June 11 we celebrate the Class of 2022 and welcome them to […] ⌘ Read more

Open Source Monthly – May 2022 Edition
Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors find the right project to contribute to Corporations and individuals find a new project to sponsor Open source maintainers gain more consistent contributors and sponsors […] ⌘ Read more

Enhanced 2FA experience for your npm account
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to the npm registry to make two-factor authentication (2FA) adoption easier for developers. Today, we are launching a public beta for a significantly improved 2FA experience […] ⌘ Read more

Supercharging GitHub Actions with Job Summaries
You can now output and group custom Markdown content on the Actions run summary page. ⌘ Read more

Prepare for next semester with GitHub Global Campus and Codespaces
Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom! ⌘ Read more

some blogs have a “start here” page that is not the default landing page: why? most people visiting your site will be there for the first time, but they have to perform an additional click to go to the “start here” page, unnecessarily.

Today’s most common security vulnerabilities explained
We’re taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves. ⌘ Read more

20 of our favorite games + source code from Ludum Dare 50
20 of our favorite games plus source code from the latest Ludum Dare competition. ⌘ Read more

The ReadME Project Q&A: What you need to know about teaching technical skills
Teaching is a great way to not only help others but to better learn a topic yourself. ⌘ Read more

GitHub Availability Report: April 2022
In April, we experienced two distinct incidents resulting in significant impact and degraded state of availability for Codespaces and GitHub Packages. ⌘ Read more

Software security starts with the developer: Securing developer accounts with 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. ⌘ Read more

Being friendly: Strategies for friendly fork management
This is the second and final post in a series describing friendly forks and alternative strategies for managing them. ⌘ Read more

this month’s blog post riffing on dealing with complexity in software ‘engineering’

Bringing code navigation to communities
Thanks to the efforts of the Elixir community, GitHub supports code navigation for Elixir repositories. Read how favorite language can add this support too! ⌘ Read more

Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today. ⌘ Read more