Improving Git protocol security on GitHub Enterprise Server
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6. ⌘ Read more
GitHub Advisory Database now supports Erlang and Elixir packages!
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more. ⌘ Read more
Highlights from Git 2.37
The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release. ⌘ Read more
Erlang Solutions: Gaining a Competitive Advantage in Fintech From Your Choice of Tech Stack
In our recent white paper ‘Technology Trends in Financial Services 2022’, we explained the importance of software engineering for gaining a competitive advantage in the industry. Since the start of the year, a lot has occurred on a macro level strengthening our belief that modern financial services must be based on a solid technical foundation to deliver the user experiences and business rel … ⌘ Read more
The XMPP Standards Foundation: On-Boarding Experience with XSF (Converse)
Hi, I am PawBud. I will be working as a GSoC Contributor with XSF. To know more about my project kindly read this blog. Feel free to contact me through my email to ask me anything you want!
Before I start, I feel that some things that I am going to write in this blog might offend someone. **Kindly … ⌘ Read more
Thank you to our maintainers
To celebrate Maintainer Month, GitHub has invested an additional $500,000 to help sponsor the open source projects that it depends on. ⌘ Read more
Ignite Realtime Blog: REST API Openfire plugin 1.8.1 released!
Earlier today, version 1.8.1 of the Openfire REST API plugin was released. This version removes the need to authenticate for status endpoints, adds new endpoints for bulk modifications of affiliations on MUC rooms, as well as a healthy number of other bugfixes.
The updated plugin should become available for download in your Openfire admin console in the course of the next few hours. Alternatively, you can download the pl … ⌘ Read more
What’s new in Codespaces for Organizations
We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces. ⌘ Read more
Erlang Solutions: Contract Programming an Elixir approach – Part 1
This series explores the concepts found in Contract Programming and adapts them to the Elixir language. Erlang and BEAM languages, in general, are surrounded by philosophies like “fail fast”, “defensive programming”, and “offensive programming”, and contract programming can be a nice addition. The series is also available on Github.
You will find a lot … ⌘ Read more
Telegram Premium cheaper and in Germany!
I have found a way, it is possible to subscribe to Telegram Premium at a cheaper price and in Germany (where it is actually not yet officially available)! ⌘ Read more
No more GitHub Copilot for me
I was an avid user of GitHub Copilot during the technical preview phase. Apparently, as many as 1.2 million developers used Copilot. But now Copilot is out of beta and suddenly costs money. ⌘ Read more
GitHub Copilot is generally available to all developers
We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects. ⌘ Read more
ProcessOne: Announcing ejabberd DEB and RPM Repositories
Today, we are happy to announce our official Linux packages repository: a source of .deb and .rpm packages for ejabberd Community Server. This repository provides a new way for the community to install and upgrade ejabberd.
All details on how to set this up are described on the dedicated website:
 and bug fixes.
– Improved MQTT, MUC, and ConverseJS integration
– New installers and container
– Support Erlang/OTP 25
When upgrading from the previous version please notice: there are minor changes in SQL schemas, the included rebar and reba … ⌘ Read more
This is what Crayion thinks about me… ⌘ Read more
GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance. ⌘ Read more
Prosodical Thoughts: Modernizing XMPP authentication and authorization
We’re excited to announce that we have received funding, from the EU’s
NGI Assure via the NLnet Foundation, to work on
some important enhancements to Prosody and XMPP. Our work will be focusing on
XMPP authentication and authorization, and bringing it up to date with current
and emerging best practices.
What kind of changes are we talking about? Well, there are a few aspects we
are planning to work on. Let’s start with “authent … ⌘ Read more
Paul Schaub: Reproducible Builds – Telling of a Debugging Story
Reproducibility is an important tool to empower users. Why would a user care about that? Let me elaborate.
For a piece of software to be reproducible means that everyone with access to the software’s source code is able to build the binary form of it (e.g. the executable that gets distributed). What’s the matter? Isn’t that true for any project with accessible source code? Not at all. Reproducibility means that the r … ⌘ Read more
Telegram Premium is there, at least the announcement that it should be there, but the update on Google Play somehow not yet. Unfortunately, the announcement says that Premium is not (yet) available for users in Germany. ☹️ I’m especially waiting for the feature to be able to convert voice messages to text. 😅 ⌘ Read more
Ask Me Anything
Inspired by Kev’s post, I’d like to give this a try as well: ⌘ Read more
Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities ⌘ Read more
nirvash is live - blog post details some design decisions and stuff
Release Radar · May 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. We cover what the project is and some of their breaking changes. Read about the project, and browse their repositories. Without further ado, here are our top staff picks […] ⌘ Read more
I am a Bunny.net fan as they offer a CDN at a good price, are based in Europe and really care about privacy. The latest tool they offer: Bunny Fonts as a replacement for Google Fonts, because its use is illegal in Germany. 👍 ⌘ Read more
The Android kernel mitigations obstacle race
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit. ⌘ Read more
ProcessOne: Announcing ejabberd DEB and RPM Repositories
Today, we are happy to announce our official Linux packages repository: a source of .deb and .rpm packages for ejabberd Community Server. This repository provides a new way for the community to install and upgrade ejabberd.
All details on how to set this up are described on the dedicated website:
 and figured why not blog about it? So here it is, my smartphone story. ⌘ Read more
Reminder to myself: Don’t delete the Telegram bot you’re using to auto-post new blog posts to Telegram. 🤦♂️ ⌘ Read more
My current state regarding meal replacements
In my 2019 Year in Review, I wrote the following: ⌘ Read more
Implementing a robust digital identity
How can you robustly assert and identify a user’s identity? ⌘ Read more
How we think about browsers
Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience. ⌘ Read more
Dependabot Updates hit GA in GHES
Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance. ⌘ Read more
Introducing Entitlements: GitHub’s open source Identity and Access Management solution
We’re excited to announce that we’re open sourcing our Identity and Access Management solution: Entitlements. ⌘ Read more
Introducing Achievements: recognizing the many stages of a developer’s coding journey
Available in public beta today, we’re announcing Achievements as a new way to commemorate milestones on GitHub. ⌘ Read more
Prosodical Thoughts: Prosody 0.12.1 released
We are pleased to announce a new minor release from our stable branch.
While the 0.12.0 release has been a huge success, inevitably people found some
aspects that didn’t work quite as intended, or weren’t as polished as they
ought to be. With the appreciation for the help from everyone reporting issues
to us, we’re happy to now release our best version yet - 0.12.1 is here!
Notably, we made a couple of changes that improve compatibility with Jitsi
Meet, we fixed some bugs … ⌘ Read more
Sunsetting Atom
We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022. ⌘ Read more
Erlang Solutions: MongooseIM 5.1 Configuration Rework
MongooseIM is a modern messaging server that is designed for scalability and high performance. The use of XMPP (Extensible Messaging and Presence Protocol) extensions (XEPs) means it is also highly customisable. Since version 4.0 it has been using the TOML configuration file format, which is much more user-friendly than the previously used Erlang terms. The latest release, MongooseIM 5.1, makes it more developer-friendly as well by … ⌘ Read more
One developer’s journey bringing Dependabot to GitHub Enterprise Server
A personal story about building the feature you want and sharing it with the world. ⌘ Read more
Erlang Solutions: Modern Software Engineering Principles for Fintechs by Daniel Pilon at SumUp
Daniel Pilon is a Software Engineering Manager at SumUp. Since 2007 he has worked across several industries before arriving in the fintech space. He has experience in many programming languages, such as C#, Java and JavaScript but since discovering Elixir and the power of functional programming a few years ago, he hasn’t looked back.
Right now he is building SumUp Bank, a complete digital banking solution … ⌘ Read more
It’s worth buying Logitech devices. Even though they are not exactly cheap, they are of high quality and in case of a warranty claim, you can get a new device as a replacement without any complications. At least that’s my experience (with my MX Master 3). 😌 ⌘ Read more
Migrating away from Cloudflare
Recently I stumbled across two threads regarding Cloudflare that somehow left a bitter taste. I think it’s a big red flag when users have to seek support via public forums because their accounts have been banned from a service, but no help comes via support. ⌘ Read more
Looking at my Feels blog it is clear that I am terrible at coming up with good post titles…
Introducing GitHub Skills
Today, we’re announcing GitHub Skills, a new learning experience to help you throughout your GitHub journey. ⌘ Read more
A beginner’s guide to CI/CD and automation on GitHub
CI/CD and workflow automation are native capabilities on GitHub platform. Here’s how to start using them and speed up your workflows. ⌘ Read more
What’s new in security and user management for GitHub Enterprise
Learn how you can securely manage users with the latest ships for GitHub Enterprise. ⌘ Read more
Early morning at the train station. 🚉 ⌘ Read more
GitHub Team or Free? How to choose the right plan
Read about all the features you may not have known come on the GitHub Free plan, and how to choose the right plan for you. ⌘ Read more
Welcome to Maintainer Month! 🎉
During the month of June, we’re holding space for open source maintainers to gather, share, and be celebrated. ⌘ Read more
GitHub Availability Report: May 2022
In May, we experienced three distinct incidents resulting in significant impact to multiple services across GitHub.com. This report also sheds light into the billing incident that impacted Actions and Codespaces users in April. ⌘ Read more
Connecting to a private network from GitHub-hosted Actions runners
Several ways for GitHub-hosted Actions runners to connect to resources on your private network. ⌘ Read more
GitHub Sponsors launches in Brazil
GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities. ⌘ Read more
My May ‘22 in Review
May is now over too, it feels like it has flown by. But before the month is completely over, I want to take a short look back… ⌘ Read more
GitHub Enterprise Server 3.5 is now generally available
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security. ⌘ Read more
JMP: Newsletter: Togethr, SMS-only Ports, Snikket Hosting
Hi everyone!
Welcome to the latest edition of your pseudo-monthly JMP update!
In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client. Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free … ⌘ Read more
Top games + source code from Gamedev.js Jam 2022
The recently-ended Gamedev.js Jam 2022 encouraged game developers to create web games and share their sources on GitHub. GitHub Star ⭐️ @end3r shares the best 13 entries and sees what experts and other participants think of them. ⌘ Read more
Hey everyone, I’m Janne Heß,
the release manager for 22.05. As promised, the latest stable
release is here: NixOS 22.05 “Quokka”.
- Release manual - Highlights
- [New\ Services]( … ⌘ Read more
ProcessOne: ejabberd 22.05
A new ejabberd release is finally here! ejabberd 22.05 includes five months of work, 200 commits, including many improvements (MQTT, MUC, PubSub, …) and bug fixes.
– Improved MQTT, MUC, and ConverseJS integration
– New installers and container
– Support Erlang/OTP 25
When upgrading from the previous version please notice: there are minor changes in SQL schemas, the included rebar and reba … ⌘ Read more
20 Jahre bloggen! ?~L~X https://notiz.blog/b/68D
A fun little game: Pocket City
I’m generally not a gamer, playing computer games has never really fascinated me, I find programming more exciting. But sometimes I don’t feel like programming or I don’t have the possibility to do it. Of course it’s important to be bored sometimes, because then you can think about things for a while. But a little entertainment in a free minute is sometimes not bad as well. ⌘ Read more
**Estou de regresso à escrita, e à Ficção Científica.
Desta vez, participo com um pequeno conto para o livro “Lamego 2022 - o antes e o depois”, uma colectânia de textos nos mais variados formatos e estilos, que olha para a cidade onde nasci.
https://tilde.pt/~marado/blog/lamego-2022—o-antes-e-o-depois.html**
Estou de regresso à escrita, e à Ficção Científica.
Desta vez, participo com um pequeno conto para o livro “Lamego 2022 - o antes e o depois”, uma colectânia de textos nos mais variados formatos e est … ⌘ Read more
sqlite3 fiddle
With all my SQL and SQLite posts, this link is probably also quite interesting: sqlite3 fiddle. ⌘ Read more
npm security update: Attack campaign using stolen OAuth tokens
npm’s impact analysis of the attack campaign using stolen OAuth tokens and additional findings. ⌘ Read more
Switzerland has some nice and beautiful places! 🇨🇭 ⌘ Read more
Erlang Solutions: WombatOAM & the machine learning library
WombatOAM, the powerful operations, monitoring, and maintenance platform has a new machine learning library to assist with metric prediction. Learn about the main features, the algorithms used and how you can benefit from it together with WombatOAM’s new UI from Mohamed Ali Khechine, [Tamás Lengyel](https://www.linkedin.com/in/tam%C3%A1s-lengyel-715b7 … ⌘ Read more
How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt. ⌘ Read more
Improved REST API documentation
We’re excited to announce some big improvements to our REST API documentation. We know developers rely on this documentation to integrate with GitHub, and we are committed to making it trustworthy, easy to find, and easy to use. ⌘ Read more
GitHub Sponsors launches in India
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away! ⌘ Read more
Eight years of the GitHub Security Bug Bounty program
It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021! ⌘ Read more
“Common Table Expressions in SQL”
I’m currently working in a project that involves a lot of data processing and therefore databases. This means that we often come into contact with SQL at work and have to write an SQL query at least once a day. ⌘ Read more
I have neglected my homepage for a while. But now I have deleted or updated a few pages, like the list with the hardware I use or the list with my self-hosted services. 🧹 ⌘ Read more
Release Radar · April 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks on projects that shipped major version releases in April. Flyte 1.0 I was lucky enough to discover Flyte during Hacktoberfest last year. Now, Flyte has […] ⌘ Read more
Action needed by GitHub Connect customers using GHES 3.1 and older to adopt new authentication token format updates
Upgrade to GHES 3.2 or newer by June 3rd to continue using GitHub Connect. ⌘ Read more
**RT by @mind_booster: .@OpenSourceOrg to the European Commission: make space for patent-free standards too
some supposedly “open“ standards – including those ratified by SDOs like ISO, CEN and ETSI – can’t be implemented without buying a license
https://blog.opensource.org/osi-to-the-european-commission-make-space-for-patent-free-standards-too/**
. @OpenSourceOrg to the European Commission: make space for patent-free standards too
some supposedly “op … ⌘ Read more
Math support in Markdown
Mathematical expressions are key to information sharing amongst engineers, scientists, data scientists, and mathematicians. Today we are pleased to announce that math expressions can be rendered in Markdown on GitHub using $$ as a delimiter for code blocks with math content or the $ delimiter for inline math expressions. ⌘ Read more
How we’re continuing to enable all developers to build
Learn about what GitHub is doing to make their products more inclusive, and what’s next. ⌘ Read more
Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how. ⌘ Read more
ProcessOne: ejabberd 22.05
A new ejabberd release is finally here! ejabberd 22.05 includes five months of work, 200 commits, including many improvements (MQTT, MUC, PubSub, …) and bug fixes.
- Improved MQTT, MUC, and ConverseJS integration
- New installers and container
- Support Erlang/OTP 25
When upgrading from the previous version please notice: there are minor changes in SQL schemas, the included rebar and rebar3 binaries require Erlang/OTP 22 or higher, and make rel uses different paths. There are no break … ⌘ Read more
How to measure innersource across your organization
The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization. ⌘ Read more
My apartment is a really good starting point for a small evening ride with my pedelec on the bike path, which was originally once a railroad line. In the evening, very few people are on the way, so it’s a free ride. The 45 nm strong rear-wheel motor helps me to drive without effort on average about 25 km/h and also to overcome slopes easily. Even light drizzle has not bothered me today. 🚴♂️ ⌘ Read more
How we’re using projects to build projects
At GitHub we use GitHub to build our own products, and the new projects experience is no different. Check out how our team uses projects to build powerful project planning for developers. ⌘ Read more
GitHub Achieves ISO/IEC 27001:2013 Certification!
GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices. ⌘ Read more
WPSR ?~L~X https://notiz.blog/b/67X
“Friendlier SQL with DuckDB”
I come into contact with SQL almost every day, be it at work (Oracle Database) or while developing my blog software (SQLite). I don’t find SQL as bad as some others might, but sometimes SQL could be better. ⌘ Read more
Gemini capsule
Gemini is a lightweight Internet protocol. It’s heavier than Gopher
but lighter than HTTP(S), especially if combined with all other web
technologies. The name makes sense if Gopher is Project Mercury and
the web is the Apollo program.
One of its uses is to serve gemtext, which is a lightweight
Markdown-like markup language, instead of HTML. Gemini browsers don’t
have support for neither Javascript, nor CSS, nor any of the other new
web technologies. It can be beautiful anyway, s … ⌘ Read more
Gemini capsule
Gemini is a lightweight Internet
protocol. It’s heavier than Gopher but a bit lighter than HTTP(S).
It’s the Gemini programme if Gopher is Mercury and HTTP is Atlas.
One of its uses is to serve gemtext, which is a lightweight
Markdown-like markup language, instead of HTML. Gemini browsers don’t
have support for neither Javascript, nor CSS, nor any of the other new
web technologies. It can be beautiful anyway, see for instance
[Lagrange]( [http … ⌘ Read more
JMP: Togethr: Soprani.ca Social
Last week we launched a sister product from the same team that brings you JMP: Togethr. Why are we launching a second product? Why now? What does this have to do with the mission of JMP in particular, or the Sopranica project in general?
Togethr is a managed hosting platform for small Fediverse instances. It is powered by the ActivityPub protocol that powers Mastodon, PeerTube, and so many others. While there are sev … ⌘ Read more
Graduation is here! Celebrate the Class of 2022, and join GitHub on June 11 🎓
This year, thousands of students from around the world came together and redefined the world we live in, how we learn, and how we move forward. We are honored to be part of the experience and eager to celebrate this milestone. So on June 11 we celebrate the Class of 2022 and welcome them to […] ⌘ Read more
Open Source Monthly – May 2022 Edition
Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors find the right project to contribute to Corporations and individuals find a new project to sponsor Open source maintainers gain more consistent contributors and sponsors […] ⌘ Read more
Enhanced 2FA experience for your npm account
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to the npm registry to make two-factor authentication (2FA) adoption easier for developers. Today, we are launching a public beta for a significantly improved 2FA experience […] ⌘ Read more
Supercharging GitHub Actions with Job Summaries
You can now output and group custom Markdown content on the Actions run summary page. ⌘ Read more
Prepare for next semester with GitHub Global Campus and Codespaces
Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom! ⌘ Read more
some blogs have a “start here” page that is not the default landing page: why? most people visiting your site will be there for the first time, but they have to perform an additional click to go to the “start here” page, unnecessarily.