no more cubes

Tag: github

  • cloud based CI/CD issues – travis-ci

    Travis-CI published a security bulletin the other day, describing a special condition that would allow to access secrets belonging to a foreign repository in Github or Bitbucket. The condition requires a fork from a public repository. That’s how open source work, and very central functionality. Not a corner case.

    Turns out, the cloud service did address the issue, still plenty of secrets have been affected:

    While cloud technology is all great economically, this is another sample of why commercial software vendors need to consider third party vendors in their threat profiles.

  • GitHub’s Public Roadmap

    GitHub just started to publish a public Roadmap. Not even a login is required. Product People will appreciate, this is pretty huge commitment for an organization.

    GitHub starts publishing a public roadmap
    TechCrunch’s article

  • GitHub is now free for all teams

    Github is on a spree to get hold of the entire developer ecosystem. Offering the service for free to all teams, it’s difficult for any development team to ignore the Microsoft based platform.

    GitHub today announced that all of its core features are now available for free to all users, including those that are currently on free accounts. That means free unlimited private repositories with unlimited collaborators for all, including teams that use the service for commercial projects, as well as up to 2,000 minutes per month of […]

    Techcrunch

    via: TechCrunch

  • Github acquires npm

    npm is joining GitHub

    The article mentions the benefit for developers and the ecosystem. I’d rather be curious to understand the drivers that led to the M&A decision on the buying side.

  • City Streets

    Draw all streets at once. Probably qualifies as generative art, which exists way too little in this blog. Even though the author has some roots in it.

  • Github acquires Semmle

    Github acquired Semmle, a service to scan code for vulnerabilities with a semantic code analysis engine. According to The Next Web, no financial details have been disclosed.

    Github Blog”Welcoming Semmle to Github

    The acquisition happened only one day after Github became a CVE Numbering Authority (CNA)

  • GitHub Actions

    GitHub
    GitHub

    GitHub today released a CI/CD Tool, GitHub Actions. With the tight integration into development workflows and rich, community maintained build-command, actions appears an interesting competitor in the market. As a minimum, the release indicates the importance of CI/CD for the modern software development lifecycle.

    Developer productivity and frictionless workflows have been buzzwords for the past half decade and the arrival and rapid growth of Travis-CI, Jenkins or Cirlce-CI have proven the resonance in development organisations. GitHub has outstanding testimonials from day one on the announcement and the ecosystem appears to be ready to go.

    It is an offering that comes with appealing integrations and a competitive price, that sure is worth watching.

    GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.

  • GitHub announces Package Registry

    GitHub announces Package Registry

    Your code. Your packages. One login. Meet GitHub Package Registry.
    https://github.co/2vSuFG2

    From the announcement on LinkedIn
    Octocat Package Registry

    The other day wrote this in their post on LinkedIn. Following the link takes one to the newly announced Github Package Registry, that allows developers to host releases for distribution. It’s currently in beta and supports npm, docker images, maven packages, NuGet and Ruby Gems. The corresponding blog article has a few more insights:

    With GitHub Package Registry your packages are at home with their code—sign up for the limited beta to try it out.

    From the blogpost

    While I appreciate the thought and easiness of integration, the announcement doesn’t leave me with a cosy feeling. It’s a bit like GitHub is trying to become the Facebook of code. The Internet is made to work decentralised and the interesting part always has been the freedom of choice. With functionality merging together in one platform, choice gets lost and there is opportunity of misuse.

    In particular, it seems almost forgotten that Github, just like Linkedin, have been acquired by Microsoft in 2016 and 2018. This perspective throws another light on the added functionality and developers may want to evaluate remaining alternatives.

    Source: Introducing GitHub Package Registry – The GitHub Blog

  • Infocom text adventure classics

    Not actually brand new, but given all of these are 30+ years old, it’s still worth mentioning that all Infocom Text Adventures are on Github now!

    Yes, The Hitchhiker’s Guide to the Galaxy and Zork are both included.

    Source: You can now download the source code for all Infocom text adventure classics | Ars Technica

  • Analysis of the GitHub DDoS.

    NETRESEC took a closer look at the long lasting DDoS attacks on github.com. One of the few instances of this type of attack that even made it to mainstream media.
    The article finds random web browsers from outside China are tricked into reloading two particular pages on github.com. Apparently, this happens by manipulating requests coming from users physically outside China to services in country hosted content at the border infrastructure.

    This is another example of why encryption is a good thing. General usage of SSL/TLS will prevent passive filtering infrastructure from manipulating traffic, and prevent such problems.

    via NETRESEC Network Security Blog.