GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today’s launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.

The post [GitHub found 39M secret leaks in 2024. H … ⌘ Read more

GitHub for Beginners: How to get LLMs to do what you want
Learn how to write effective prompts and troubleshoot results in this installment of our GitHub for Beginners series.

The post GitHub for Beginners: How to get LLMs to do what you want appeared first on The GitHub Blog. ⌘ Read more

Edmundson: a modern Plasma Login Manager
KDE contributor David Edmundson has published
a blog post about improving KDE Plasma’s login experience by
replacing SDDM
with a new Plasma Login Manager.

It’s worth stressing nothing is official or set in stone yet,
whilst it has come up in previous Plasma online meetings and in the
2023 Akademy. I’m posting this whilst starting a more o … ⌘ Read more

5 GitHub Actions every maintainer needs to know
With these actions, you can keep your open source projects organized, minimize repetitive and manual tasks, and focus more on writing code.

The post 5 GitHub Actions every maintainer needs to know appeared first on The GitHub Blog. ⌘ Read more

Hmm so looking at the swagger of the registry spec client it seems to just take a “page”.. That seems worse than doing an offset. Lol.

https://github.com/DracoBlue/twtxt-registry/blob/master/src/swagger.json

golang 每日一庫之 go-pinyin
go-pinyin 漢字轉拼音庫今天要介紹的庫是一個拼音庫，這個庫相對比較冷門，但是開發過母嬰類 app 的道友可能知道。go-pinyin 是一個用於將漢字轉換爲拼音的 Golang 庫，提供多種模式，支持帶音調、無音調、首字母提取等功能。該庫適用於拼音搜索、漢字排序、文本轉換等場景。安裝——使用 go get 下載安裝：go get -u github.com/mozillazg/go ⌘ Read more

Mastering GitHub Copilot: When to use AI agent mode
Discover the differences between agent mode and Copilot Edits with GitHub Copilot—and when to use them in your workflows.

The post Mastering GitHub Copilot: When to use AI agent mode appeared first on The GitHub Blog. ⌘ Read more

Security updates for Tuesday
Security updates have been issued by Debian (ruby-rack), Fedora (chromium, golang-github-openprinting-ipp-usb, OpenIPMI, and python-jinja2), Mageia (kernel, kernel-linus, and wpa_supplicant, hostapd), Red Hat (fence-agents, kernel, kernel-rt, libxml2, libxslt, and pcs), SUSE (cadvisor, docker, freetype2, nodejs-electron, php8, rsync, u-boot, warewulf4, webkit2gtk3, and zvbi), and Ubuntu (elfutils, python3.5, python3.8, ruby-rack, smartdns, and zvbi). ⌘ Read more

爲什麼 Go 語言的錯誤處理其實設計得很好
Go 的臭名昭著的錯誤處理 [1] 引起了編程語言圈外人士的廣泛關注，常常被認爲是該語言最具爭議的設計決策之一。如果你瀏覽 Github 上任何一個用 Go 編寫的項目，幾乎可以保證你會看到以下代碼行比代碼庫中的其他部分出現得更頻繁：if err != nil {    return err}對於剛接觸這門語言的人來說，這可能顯得多餘且不必要，但 Go 將錯誤視爲一等公民（值）的原因，深深植根於編 ⌘ Read more

A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.

The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared fir … ⌘ Read more

Security updates for Monday
Security updates have been issued by Debian (libxslt, mercurial, and webkit2gtk), Fedora (chromium, dotnet8.0, ffmpeg, jupyterlab, and kitty), Mageia (expat and libxslt), Red Hat (pcs), SUSE (apptainer, chromium, kernel, libarchive, mercurial, python311, radare2, xorg-x11-server, and zvbi), and Ubuntu (golang-github-cli-go-gh-v2 and nltk). ⌘ Read more

The Startup CTO’s Handbook
https://github.com/ZachGoldberg/Startup-CTO-Handbook/blob/main/StartupCTOHandbook.md

Well, some time ago I put this in my ~/.Xdefaults:

URxvt.keysym.Control-Up:    \033[1;5A
    URxvt.keysym.Control-Down:  \033[1;5B
URxvt.keysym.Control-Left:  \033[1;5D
    URxvt.keysym.Control-Right: \033[1;5C

Probably to behave more like XTerm and fix a few other issues I had with other programs. But, it turns out, tcell expects the original sequence: https://github.com/gdamore/tcell/blob/main/terminfo/r/rxvt/term.go#L487

Hmm.

Introducing rpi-image-gen for customized Raspberry Pi images
Raspberry Pi has
announced rpi-image-gen,
a tool to create custom software images for its devices.

rpi-image-gen is a Bash orientated scripting engine capable of
producing software images with different on-disk partition layouts,
file systems and profiles using collections of metadata and a defined
flow of execution. It provides the means to create a hig … ⌘ Read more

World Water Day: how GitHub Copilot is helping bring clean water to communities
From simplifying the workflow of a developer to having an impact on the global water crisis, technology and AI are reshaping the way charity: water works.

The post World Water Day: how GitHub Copilot is helping bring clean water to communities appeared first on [Th … ⌘ Read more

I saw 100% I/O wait in htop today but couldn’t find a process which actually does I/O. Turns out, I/O wait isn’t what it used to be anymore:

https://lwn.net/Articles/989272/

In my case, it was mpd which triggered this:

https://github.com/MusicPlayerDaemon/MPD/issues/2241

mpd doesn’t actually do anything, it just sits there and waits for events. To my understanding, this is similar to something blocking on read(). I’m not quite sure yet if displaying this as I/O wait (or “PSI some io”) is intentional or not – but it sure is confusing.

Image

@kat@yarn.girlonthemoon.xyz think i’ll wait and see if the caddy module proposal gets anywhere bc that sounds like it’d make my life easier lol

https://github.com/TecharoHQ/anubis/issues/16

i tried deploying anubis (https://github.com/TecharoHQ/anubis) to protect my site superlove but yall i got so stuck with getting it behind caddy that i felt super dumb and gave up for now T_T

Monero Research Lab meeting scheduled for 26 March 2025 1700 UTC
The next Monero Research Lab1 meeting is scheduled to take place on Wednesday, March 26th 2025 at 17:00 UTC on IRC-Libera/Matrix2 in the #monero-research-lab channels.

• Updates
  
• Maintainers for the research-lab GitHub repo3
  
• FROSTLASS4
  
• ‘Veridise Logarithmic Derivative Review’5
  
• Prize contest to optimize some FCMP cryptography code6
  
• Release o … ⌘ Read more

Video: How to create checklists in Markdown for easier task tracking
Ever wondered how to create checklists in your GitHub repositories, Issues, and PRs? Make task lists more manageable in your GitHub repositories, issues, and pull requests.

The post Video: How to create checklists in Markdown for easier task tracking appeared first on [The … ⌘ Read more

IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions
A look into building IssueOps workflows on GitHub to do everything from CI/CD to handling approvals and more.

The post IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions appeared first on The GitHub Blog. ⌘ Read more

[ANN] Cypher Stack published FROSTLASS security proofs and Eagen’s divisors review
Links:

• https://github.com/cypherstack/frostlass
  
• https://github.com/cypherstack/divisor_deep_dive
  

n/a ⌘ Read more

GitHub for Beginners: Essential features of GitHub Copilot
Get the most out of Copilot with code completion, inline chat, slash commands, Copilot code review, and more.

The post GitHub for Beginners: Essential features of GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

It’s been a long time since I’ve seen a project on Hacker News with 1300 votes (every few days something comes up with 600).
https://github.com/suitenumerique/docs

Chapter 1:
Chapter 2:

if you want a different voice let me know which to use: https://rhasspy.github.io/piper-samples/

Highlights from Git 2.49
The open source Git project just released Git 2.49. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.

The post Highlights from Git 2.49 appeared first on The GitHub Blog. ⌘ Read more

How GitHub engineers learn new codebases
Strategies to quickly get up to speed, whether you’re a seasoned engineer or a newcomer to the field.

The post How GitHub engineers learn new codebases appeared first on The GitHub Blog. ⌘ Read more

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.

The post [Sign in as anyone: Bypassing SAML SSO authentication with parser differentials](https://github.blog/security/sign-in-as-anyone- … ⌘ Read more

GitHub Availability Report: February 2025
In February, we experienced two incidents that resulted in degraded performance across GitHub services.

The post GitHub Availability Report: February 2025 appeared first on The GitHub Blog. ⌘ Read more

[LTH] [Bounty] [0.1 XMR] Stack Wallet - Add missing icons for swap providers
Link: https://bounties.monero.social/posts/184/

b4n6_b4n6 (Github) ⌘ Read more

Why Java endures: The foundation of modern enterprise development
For 30 years, Java has been a cornerstone of enterprise software development. Here’s why—and how to learn Java.

The post Why Java endures: The foundation of modern enterprise development appeared first on The GitHub Blog. ⌘ Read more

golang 每日一庫之 bluele-gcache
bluele/gcache 是一個 高性能、功能豐富的 Go 語言緩存庫，支持多種緩存策略，如 LRU（最近最少使用）、LFU（最少使用頻率）、ARC（自適應緩存替換）等，可以靈活選擇適合的緩存模式。1. 安裝———使用 go get 下載安裝：go get github.com/bluele/gcache然後在代碼中導入：import ”github.com/bluele/gcach ⌘ Read more

selsta posts February 2025 Monero dev report
selsta1 has posted a monthly CCS progress report2 for February 2025, which includes several Monero dev updates.

Milestone 3:
* v0.18.4.0 is code-ready and currently in testing phase
* Traced down a bug in a recently merged PR that is part of v0.18.4.0
* Handle the recent DDoS attempt on public nodes

Note that misc work is not explicitly mentioned in these updates. The full list of changes can be found on Github3’[4 … ⌘ Read more

Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.

The post Full exposure: A practical approach to handling sensitive data leaks appeared first on [The GitHu … ⌘ Read more

Go-redis：執行 Lua 腳本
go-redis (github.com/redis/go-redis) 支持 Lua 腳本 redis.Script，本文在這裏簡單展示其在秒殺場景中使用的代碼片段。秒殺場景在秒殺場景中，一個商品的庫存對應了兩個信息，分別是總庫存量和已秒殺量。可以使用一個 Hash 類型的鍵值對來保存庫存的這兩個信息，如下所示：key: productid value: {total: N, ordered: ⌘ Read more

@lyse@lyse.isobeef.org OK. So how I have worked things like this out is to have the interface in the root package from the implementations. The interface doesn’t need to be tested since it’s just a contract. The implementations don’t need to import storage.Storage

• storage/ defines the Storage interface (no tests!)
  
  • storage/sqlite for the sqlite implementation tests for sqlite directly
    
  • storage/ram for the ram implementation and tests for RAM directly
    
• controller/ can now import both storage and the implementation as needed.
  

So now I am guessing you wanted the RAM test for testing queries against sqlite and have it return some query response?

For that I usually would register a driver for SQL that emulates sqlite. Then it’s just a matter of passing the connection string to open the registered driver on setup.

https://github.com/glebarez/go-sqlite?tab=readme-ov-file#connection-string-examples

everoddandeven releases ‘Monero Daemon GUI’ v1.2.0
everoddandeven1 has released Monero node manager monerod-gui 2 version 1.2.0 Shadowness 3 with various upgrades, fixes and improvements:

Upgrade Electron to v35.0.0
Upgrade Angular to v19
Upgrade dependencies
TOR and I2P service
Private testnet tool
UI fixes and improvements
monerod settings fixes

Consult the Github repository2 for the complete changelog4, a demo … ⌘ Read more

[ANN] Monero Meetup Prague - Fri, 14 Mar @ 20:00
Link: https://monero.town/pictrs/image/0d914eb7-c7ed-453a-b8eb-8d7408dcf2be.jpeg

ajs-xmr (Github) ⌘ Read more

Four steps toward building an open source community
Three maintainers talk about how they fostered their open source communities.

The post Four steps toward building an open source community appeared first on The GitHub Blog. ⌘ Read more

Video: How to run dependency audits with GitHub Copilot
Learn to automate dependency management using GitHub Copilot, GitHub Actions, and Dependabot to eliminate manual checks, improve security, and save time for what really matters.

The post Video: How to run dependency audits with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Not just for developers: How product and security teams can use GitHub Copilot
GitHub Copilot isn’t just for developers! Discover how product managers, security professionals, scrum masters, and more use GitHub Copilot to streamline tasks, automate workflows, and boost productivity across teams.

The post [Not just for developers: How product and security teams can use GitHub Copilot](https://github.blog/ai-and-ml/github-copilot/not-just-for-dev … ⌘ Read more

oetkenpurveyorofcode.github.io

Finding leaked passwords with AI: How we built Copilot secret scanning
Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.

The post [Finding leaked passwords with AI: How we built Copilot secret scanning](https … ⌘ Read more

golang 每日一庫之 go-flags
go-flags 是一個用於處理命令行參數和標誌的 Go 庫，它提供了一種簡潔而靈活的方式來定義和解析命令行標誌（flags）和參數。這個庫對於需要處理命令行輸入的 Go 應用程序非常有用，特別是在構建 CLI（命令行工具）時。1. 安裝 go-flags首先，你需要安裝 go-flags 庫。在命令行中運行以下命令：go get github.com/jessevdk/go-flags這個命令會 ⌘ Read more

GitHub for Beginners: How to get started with GitHub Copilot
Get started with GitHub Copilot and navigate features like Copilot Chat in this installment of the GitHub for Beginners series.

The post GitHub for Beginners: How to get started with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Xid：Go 輕量級 ID 生成器
在分佈式系統中，唯一 ID（GUID）是必不可少的，常見的方案包括 UUID、MongoDB ObjectID 和 Twitter Snowflake。其中 UUID 雖然通用，但長度較長，而 Snowflake 需要額外的機器 / 數據中心配置。xid (github.com/rs/xid) 是一個基於 MongoDB ObjectID 算法的更輕量級、更高效的全局唯一 ID 生成庫，用於生成 ⌘ Read more

golang 每日一庫之 concurrent-map
概述orcaman/concurrent-map/v2 是一個 Go 語言的高性能併發安全哈希表實現。它通過分片鎖（shard locking）策略減少鎖競爭，適用於高併發讀寫場景。與標準庫的 sync.Map 不同，該庫針對通用鍵值類型優化，提供更靈活的 API 和更高性能。項目地址GitHub 倉庫 : https://github.com/orcaman/concurrent- ⌘ Read more

SChernykh releases P2Pool v4.4
SChernykh1 has released P2Pool 2 version 4.43 with various new features and fixes.

New Features:
* Added RPC-SSL support for Monero node connections
* Removed deprecated --config command line parameter
* Faster initial sync (0.5-1 seconds saved on verification of blocks)
Bugfixes:
* Updated internal dependencies

The full list of changes since v4.3 is available on Github4.

Before using the software, you should v … ⌘ Read more

I make a Emacs theme with a contrast ready for colour blind or visually impaired people.
https://github.com/tanrax/thankful-eyes-theme.el
Enjoy!
#emacs #accessibility

golang 每日一庫之 gocarina-gocsv
一、爲什麼選擇 gocsv？Go 標準庫 encoding/csv 提供了基礎的 CSV 讀寫能力，但在處理複雜業務時常常需要：手動轉換字符串到具體類型 維護列索引與結構字段的映射關係 處理嵌套結構等複雜數據類型 處理可選字段和默認值 gocarina/gocsv 通過結構體標籤實現了聲明式的 CSV 解析，極大簡化了開發流程。最新統計顯示，該庫在 GitHub 已獲得 1 ⌘ Read more

I have the feeling, that I have come to a dead end with my first version of the TwtxtReader. That’s why I’m stopping the project and starting again.
But of course, everyone is welcome to take a look at https://github.com/upputter/TwtxtReaderMK1

This document is the result of a series of discussions between Robert “Uncle Bob” Martin and John Ousterhout, held between September 2024 and February 2025. The text addresses three main topics: method length, comments, and Test Driven Development (TDD).
https://github.com/johnousterhout/aposd-vs-clean-code/blob/main/README.md
This is something to read and reflect on for days.

Community managers in action: Leading a developer community for good
GitHub’s Digital Public Goods Open Source Community Manager Program just wrapped up a second successful year, helping Community Managers gain experience in using open source for good.

The post Community managers in action: Leading a developer community for good appeared … ⌘ Read more

golang 每日一庫之 iancoleman-orderedmap
github.com/iancoleman/orderedmap 是一個 Go 語言庫，提供了一個有序字典（OrderedMap）實現，區別於 Go 語言內建的 map 類型，內建的 map 是無序的。該庫的 OrderedMap 能夠保持元素的插入順序，因此適用於需要按插入順序遍歷元素的場景。主要特點：有序性：OrderedMap  保證元素的插入順序，和內建的 map 類型不同， ⌘ Read more

[LTH] [Bounty] [0.35 XMR] Silent.Link - Develop android widget for displaying of account balance
Link: https://bounties.monero.social/posts/179/

b4n6_b4n6 (Github) ⌘ Read more

How to debug code with GitHub Copilot
GitHub Copilot can streamline your debugging process by troubleshooting in your IDE, analyzing pull requests, and more, helping you tackle issues faster and more robustly.

The post How to debug code with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

@andros@twtxt.andros.dev Here is everything written down I know to this stuff: https://github.com/upputter/testing-twtxt-dm/blob/main/README.md

@eapl.me@eapl.me @andros@twtxt.andros.dev Eureka! It works! https://github.com/upputter/testing-twtxt-dm
PBKDF2_KEY_SIZE = 48 was the turning point! My dirty little crypt.class.php can en- and decrypt, accoridng to the OpenSSL standard and options used in https://twtxt.dev/exts/direct-message.html

here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php
The encryption part seems to work, if I decrypt it the message with OpenSSL.
I think it can help you for some key parts not well explained in OpenSSL documentation.

@andros@twtxt.andros.dev reading your spec I wrote a few notes here: https://github.com/eapl-gemugami/twtxt-direct-message-php/blob/main/direct_message_spec.md

@arne@uplegger.eu I haven’t check your repo yet, although you are using sodium, right?

@eapl.me@eapl.me Here is what I’ve got so far: https://github.com/upputter/testing-twtxt-dm

There is a “00_well_known_message.enc” file, which I have the encryption paremters for (https://github.com/upputter/testing-twtxt-dm/blob/9fdf3be6aa8fe810a4cb275375dbb3d4a2a958ee/wellknown_test.php#L28).

According to my finding, I assume, that the saltsize in openssl is “8” and the PBKDF2 algo is “sha256”.

Engaging with the developer community on our approach to content moderation
We share the full year 2024 data update on our Transparency Center and highlight how developers can engage with us on our site policies and content moderation.

The post [Engaging with the developer community on our approach to content moderation](https://github.blog/news-insights/policy-news-and-insights/engaging-with-the-developer-community-on-our-approach- … ⌘ Read more

Retry-Go：Go 優雅重試
在 Go 語言的開發過程中，我們經常需要執行可能失敗的操作，比如網絡請求。如果每次失敗都直接報錯並終止程序，用戶體驗就會很差。通常的做法是重試，即在失敗後等待一段時間再嘗試重新執行。retry-go (github.com/avast/retry-go) 是一個輕量級的 Go 語言重試庫，提供簡單易用的「重試機制」，支持：自定義重試策略（固定間隔、指數回退、隨機回退）。 最大重試次數（避免無 ⌘ Read more

golang 每日一庫之 govalidator
govalidator 是一個用 Go 語言編寫的輕量級的驗證庫，提供了豐富的驗證和清理功能，主要用於驗證和清理用戶輸入的數據（如表單數據、API 請求的 JSON 數據等）。它支持常見的數據驗證功能，如電子郵件、URL、IP 地址、信用卡號等的驗證，同時也支持自定義驗證規則。1. 安裝你可以通過 go get 來安裝 govalidator：go get github.com/asaskevic ⌘ Read more

@bender@twtxt.net @prologic@twtxt.net the markdown list in #jr6ywrq is a “loose” list, e.g. https://github.com/erusev/parsedown/issues/474#issuecomment-280874843
My markdown parser (parsedown PHP) renders the list with p-tags also.

I got promoted today to try using Passkeys on Github.com. Fine 😅 I did that, but I discovered that when you use your Passkey to login, Chrome prompts you for your device’s password (i.e: The password you use to login to your macOS Desktop). Is that intentional? Kind of defeats the point no? I mean sure, now there’s no Password being transmitted, stored or presented to Github.com but still, all an attacker has to do is somehow be on my device and know my login password to my device right? Is that better or worse? 🤔

I’m continuing my tt rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I don’t wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.

The very first dialog I added is viewing the raw message text. Unlike in @arne@uplegger.eu’s TwtxtReader, I’m not able to include the original timestamp, though. I don’t have it in its original form in the database. :-/

Next up is a URL view.

Support the open source projects you love this Valentine’s Day
Show your appreciation to the open-source projects you love. You can help provide much-needed support to the critical but often underfunded projects that keep your infrastructure running smoothly. And remember—every day is a perfect day to support open source! 💖

The post [Support the open source projects you love this Valentine’s Day](https://github.blog/open-source/support-the-open-source-projects-you-love-thi … ⌘ Read more

[ANN] More vitamins for Monero with Carrot - part 1: Overview

A lot of interesting things go on right now in Monero development, but if you don’t happen to attend the two regular dev meetings on Mondays and Wednesdays or hang around in some of our Matrix rooms, you probably wouldn’t know much about it.

Link: https://farside.link/libreddit/r/Monero/comments/1iph8fz/

u/rbrunner7 (Github) ⌘ Read more

1st thought… Run!

Well, I’ve heard you have plenty of experience with Unit Testing and TDD. Perhaps designing a few tests before refactoring?

I’ve heard of Snapshot testing, but have never tried it: https://github.com/spatie/phpunit-snapshot-assertions

Also, what kind of refactor are you trying to do?

GitHub Availability Report: January 2025
In January, we experienced two incidents that resulted in degraded performance across GitHub services.

The post GitHub Availability Report: January 2025 appeared first on The GitHub Blog. ⌘ Read more

How GitHub uses CodeQL to secure GitHub
How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.

The post How GitHub uses CodeQL to secure GitHub appeared first on The GitHub Blog. ⌘ Read more

[LTH] [Bounty] Haveno: Add support for DAI

DAI is useful asset to trade with XMR for access to many liquid and lending markets. CakeWallet supports DAI. This bounty would be complete upon the merge of a pull request, closing these issues.

Links:

• https://bounties.monero.social/posts/175/haveno-add-support-for-dai
  
• https://github.com/haveno-dex/listing/issues/21
  

bvcxza (Github) ⌘ Read more

How to refactor code with GitHub Copilot
Discover how to use GitHub Copilot to refactor your code and see samples of it in action.

The post How to refactor code with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

[LFF] [6.55 XMR] Gupaxx development

Every monero given will be converted to hours of work. When a goal is attained, a new release will occur, including elements present in the roadmap. A release is about 20 hours of work. Bug fixing releases will not wait for a new funding goal to be completed.

Links:

• https://kuno.anne.media/fundraiser/dsrr/
  
• https://github.com/Cyrix126/gupaxx
  

Cyrix126 (Github) ⌘ Read more

From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.

The post [From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA](https://github.blog/security/from-finding-to-fixing-github-advanced-security-integrates … ⌘ Read more

GitHub Copilot: The agent awakens
Introducing agent mode for GitHub Copilot in VS Code, announcing the general availability of Copilot Edits, and providing a first look at our SWE agent.

The post GitHub Copilot: The agent awakens appeared first on The GitHub Blog. ⌘ Read more

5 tips for promoting your open source project
Three open source experts offer their advice on sharing open source projects with the world.

The post 5 tips for promoting your open source project appeared first on The GitHub Blog. ⌘ Read more

在 Go 中實現 TOTP 認證：實踐指南
時間性一次性密碼（TOTP）已成爲現代應用中實現雙因素認證（2FA）的標準。在本指南中，我們將探討如何在 Go 中使用流行的 github.com/pquerna/otp 庫實現 TOTP。 什麼是 TOTP？———TOTP 生成臨時密碼，這些密碼在短時間內（通常是 30 秒）有效。這項技術是 Google Authenticator、Authy 等認證器應用背後的核心技術。TOTP ⌘ Read more

[ANN] Bulletproofs Inner Product Argument & Range Proofs in Monero using Bulletproofs
Link: https://risencrypto.github.io/Bulletproofs/

u/chillband@monero.town (Lemmy) ⌘ Read more

So what are some good alternatives to GitHub, that are not based in USA?
I like the minimal feel of sourcehut but it seem you have to pay if you want your, not just submit patches to others repos. But they also got IRC bouncer and mailing-lists included. Codeberg also looks appealing being based in Germany.

** Pull Requests **
Never has a pull request made me actually cry. This one did that. ⌘ Read more

4 steps to building a natural language search tool
Empowering humanitarian action with open source: A natural language search tool for UN Resolutions.

The post 4 steps to building a natural language search tool appeared first on The GitHub Blog. ⌘ Read more

[ANN] Proposed changes to the Code of Conduct

I would love to hear your feedback on these proposed changes to the Code of Conduct.

Link: https://github.com/monero-project/monero/pulls?q=is%3Apr+is%3Aopen+in%3Atitle+CoC

tobtoht (Github) ⌘ Read more

TKey SSH CA
I wrote a stupidly simple SSH certificate authority that can you can
use directly over SSH to buy new certificates. It can be used with a
Tillitis TKey both for the private key of the CA itself and for the
user authentication to get a SSH certificate:

https://github.com/tillitis/tkey-ssh-ca

SSH certificates, as you my know, is a way of using not just key pairs
for user authentication, but also solving the problem of public key
distribution … ⌘ Read more

TKey SSH CA
I wrote a stupidly simple SSH certificate authority that can you can
use directly over SSH to buy new certificates. It can be used with a
Tillitis TKey both for the private key of the CA itself and for the
user authentication to get a SSH certificate:

https://github.com/tillitis/tkey-ssh-ca

SSH certificates, as you my know, is a way of using not just key pairs
for user authentication, but also solving the problem of public key
distribution … ⌘ Read more

Cybersecurity researchers: Digital detectives in a connected world
Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.

The post Cybersecurity researchers: Digital detectives in a connected world appeared first … ⌘ Read more

[ANN] Gupaxx dev will be live coding at 30 January 14:30 UTC

You will see me in direct coding on Gupaxx. We can see your messages and tips with xmrchat! It will fund the development of Gupaxx.

Links:

• https://peertube.wtf/w/gfhxc2e7qSFrQouGcQ4yJv
  
• https://github.com/Cyrix126/gupaxx
  
• https://xmrchat.com/gupaxx
  
• [MO report](/xmrvsbeast-proposes-bounty-gupax-fork-integrated-xmrvsbeast-bonus-hashrate-raffle-p2pool- … ⌘ Read more

Considerations for making a tree view component accessible
A deep dive on the work that went into making the component that powers repository and pull request file trees.

The post Considerations for making a tree view component accessible appeared first on The GitHub Blog. ⌘ Read more

Open source AI is already finding its way into production
Open source AI models are in widespread use, enabling developers around the world to build custom AI solutions and host them where they choose.

The post Open source AI is already finding its way into production appeared first on The GitHub Blog. ⌘ Read more

My take on the discussion to introduce an ? operator in Go 👈 No. For so many reasons.

@prologic@twtxt.net Or databag self-hosted on a RaspberryPi you can throw on a corner of your basement (or a small vps if one is willing to pay for threema) and never look back. The hardest part is getting others to at least test anything other than the already mainstream apps.

[ANN] Cuprate has achieved full verification sync in under 24 hours!

Cuprate, the upcoming Rust-written monero node has achieved full verification sync in 20 hours. An official development update is coming soon.

Links:

• https://farside.link/libreddit/r/Monero/comments/1ibq7rb/
  
• https://github.com/Cuprate/cuprate/issues/195
  

u/Swimming-Cake-2892 (Reddit) ⌘ Read more

FINALLY!! Got #Caddy server up and running and got rid of nginx proxy manager and Mysql database containers 🥳🥳🥳

Cake Wallet adds XMR/WOW passphrase restore support
Cake Labs1 has released Cake Wallet v4.23.0-RC2 with support for Zano wallets, and passphase restore for Monero and Wownero:

The latest version of Cake Wallet is now live for public beta testing here on Github as well as on Google Play (testers channel) and Apple TestFlight. This release of Cake Wallet brings support for Zano, a privacy-preserving cryptocurrency with additional alias and token functionality to Cake Wal … ⌘ Read more

[ANN] Lighting up the quantum computing horizon with Aurora

Referencing Xanadu’s blog post released on 22nd Jan 2025 about their implementation of fault-tolerant, networked, scaleable quantum computing at room temperature that if i am understanding the post correctly could be used to efficiently build a quantum computer that is resourceful enough to threaten the monero’s cryptography.

Link: [https://github.com/monero-project/research-lab/issues/131#issuecomment-2613839657](https://github.com/monero-project/research-lab/issues/131#i … ⌘ Read more

New to open source? Here’s everything you need to get started
Explore our simple guide to finding projects, understanding guidelines, and making an impact.

The post New to open source? Here’s everything you need to get started appeared first on The GitHub Blog. ⌘ Read more

[LFH] Revuo Monero is looking for python and golang (hugo) contributors!

There are a handful of open issues in Revuo Monero’s repositories: Calc and main. Feel free to take a peek and help if you are capable of and got the volunteering enthusiasm in you!

Links:

• https://github.com/rottenwheel/revuo-weekly/issues
  
• https://github.com/rottenwheel/moner.ooo/issues
  

rottenwheel.com ⌘ Read more

That’s a wrap: GitHub Innovation Graph in 2024
Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 & Q3 2024 data for the Innovation Graph.

The post That’s a wrap: GitHub Innovation Graph in 2024 appeared first on The GitHub Blog. ⌘ Read more

Für heute reicht es dann auch mal. Neue Funktionen:

• Login-Bereich
  
• Wechsler zwischen Zeitachse und Unterhaltung
  
• Paginierung nur noch, wenn benötigt
  
• Twtxt-Parsing optimiert (Parser-Plugins für: Youtube, iFrames, Bilder, Erwähnungen, kaputtes HTML, …)
  
• unter der Haube aufgeräumt
  

Die bisher verwendeten ext. Bibliotheken sind:

• josantonius/session - Sessionverwaltung
  
• typo3fluid/fluid - Templating
  
• phpfastcache/phpfastcache - Caching
  
• erusev/parsedown - Markdown

Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

The post Attacks on Maven proxy repositories appeared first on The GitHub Blog. ⌘ Read more