Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions
40% of code produced by GitHub Copilot has at least one well-known security vulnerability, in the test reported in this paper.
Swift support brings broader mobile application security to GitHub Advanced Security
We’ve launched the beta of code scanning support for Swift. This launch, paired with our launch of Kotlin support in November, means that CodeQL covers both IOS and Android development languages, bringing a heightened level of security to the mobile application development process. ⌘ Read more
↳
In-reply-to
»
Erlang Solutions: How ChatGPT improved my Elixir code. Some hacks are included.
I have been working as an Elixir developer for quite some time and recently came across the ChatGPT model. I want to share some of my experience interacting with it.
⤋ Read More
@Planet_Jabber_XMPP@feeds.twtxt.net No. ChatGPT does not improve your code. Coding is thinking. You offloaded your thought to a machine. You will not be able to reproduce what the machine did for you if you don’t have the machine, so you learned nothing.
Erlang Solutions: How ChatGPT improved my Elixir code. Some hacks are included.
I have been working as an Elixir developer for quite some time and recently came across the ChatGPT model. I want to share some of my experience interacting with it.
During my leisure hours, I am developing an open-source Elixir initiative, Crawly, that facilitates the extraction of structured data from the internet.
Here I want to demonstrate how … ⌘ Read more
Rooting with root cause: finding a variant of a Project Zero bug
In this blog, I’ll look at CVE-2022-46395, a variant of CVE-2022-36449 (Project Zero issue 2327), and use it to gain arbitrary kernel code execution and root privileges from the untrusted app domain on an Android phone that uses the Arm Mali GPU. I’ll also explain how root cause analysis of CVE-2022-36449 led to the discovery of CVE-2022-46395. ⌘ Read more
How to automate a Microsoft Power Platform deployment using GitHub Actions
Low-code enables developers and non-developers to build custom applications and solutions with less effort. In this blog, we show you how to automate your low-code deployments using GitHub Actions. ⌘ Read more
How GitHub Copilot is getting better at understanding your code
With a new Fill-in-the-Middle paradigm, GitHub engineers improved the way GitHub Copilot contextualizes your code. By continuing to develop and test advanced retrieval algorithms, they’re working on making our AI tool even more advanced. ⌘ Read more
Navigation and search improvements for accessibility
Discover the accessibility features within our new navigation and code search which make it easier to use for many more people. ⌘ Read more
How companies are boosting productivity with generative AI
Explore how generative AI coding tools are changing the way developers and companies build software. ⌘ Read more
How to fix a ReDoS
Code scanning detects ReDoS vulnerabilities automatically, but fixing them isn’t always easy. This blog post describes a 4-step strategy for fixing ReDoS bugs. ⌘ Read more
GitHub code search is generally available
The world’s code is now at your fingertips. ⌘ Read more
Artificial Intelligence… is really just “Someone Else’s Intelligence”
Someone else’s writing, painting, coding, speaking… someone else’s work. ⌘ Read more
Manage your application security stack effectively with the tool status page
Code scanning’s tool status gives you a bird’s eye view of your application security stack, allowing you to quickly confirm everything is working, or troubleshoot any tool in your application security arsenal. ⌘ Read more
They haven’t written the federation code yet. Its literally run on the staging instance. People are paying to access the alpha. Though if you want a code to see what all the fuss is about there are a few with invites around here.
JMP: Newsletter: Jabber ID Discovery, New Referral Codes
Hi everyone!
Welcome to the latest edition of your pseudo-monthly JMP update!
In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client. Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free … ⌘ Read more
ChatGPT, GitHub Copilot, & the Coming Code Apocalypse
Listen now (24 min) | The Lunduke Journal of Technology Podcast - April 27, 2023 ⌘ Read more
There is a “right” way to make something like GitHub CoPilot, but Microsoft did not choose that way. They chose one of the most exploitative options available to them. For that reason, I hope they face significant consequences, though I doubt they will in the current climate. I also hope that CoPilot is shut down, though I’m pretty certain it will not be.
Other than access to the data behind it, Microsoft has nothing special that allows it to create something like CoPilot. The technology behind it has been around for at least a decade. There could be a “public” version of this same tool made by a cooperating group of people volunteering, “leasing”, or selling their source code into it. There could likewise be an ethically-created corporate version. Such a thing would give individual developers or organizations the choice to include their code in the tool, possibly for a fee if that’s something they want or require. The creators of the tool would have to acknowledge that they have suppliers–the people who create the code that makes their tool possible–instead of simply stealing what they need and pretending that’s fine.
This era we’re living through, with large companies stomping over all laws and regulations, blatantly stealing other people’s work for their own profit, cannot come to an end soon enough. It is destroying innovation, and we all suffer for that. Having one nifty tool like CoPilot that gives a bit of convenience is nowhere near worth the tremendous loss that Microsoft’s actions in this instace are creating for everyone.
@carsten@yarn.zn80.net That’s a dissembling answer from him. Github is owned by Microsoft, and CoPilot is a for-pay product. It would have no value, and no one would pay for it, were it not filled with code snippets that no one consented to giving to Microsoft for this purpose. Microsoft will pay $0 to the people who wrote the code that makes CoPilot valuable to them.
In short, it’s a gigantic resource-grab. They’re greedy assholes taking advantage of the hard work of millions of people without giving a single cent back to any of them. I hope they’re sued so often that this product is destroyed.
A VirusTotal introduziu agora a ferramenta de Inspeção de código usando IA generativa para reforçar a análise de ameaças.
Multi-repository enablement: effortlessly scale code scanning across your repositories
We’ve gotten great feedback on default setup, a simple way to set up code scanning on your repository. Now, you have the ability to use default setup across your organization’s repositories, in just one click. ⌘ Read more
💭 While some people like to jump between blogging software all the time, or go back to Hugo from a custom one, I don’t really miss Hugo after switching to GoBlog in 2020, but enjoy having my own system quite a bit. Not that Hugo, WordPress, etc. are bad blogging systems, but I really enjoy being able to quickly code a fix without having to research docs, StackOverflow, or the source on GitHub. And when I have an idea for a new feature, it would often not be easy to implement in the existing systems. ⌘ Read more
3 benefits of migrating and consolidating your source code
Explore how migrating your source code and collaboration history to GitHub can lead to some surprising benefits. ⌘ Read more
How generative AI is changing the way developers work
Rapid advancements in generative AI coding tools like GitHub Copilot are accelerating the next wave of software development. Here’s what you need to know. ⌘ Read more
Developer of code used by entire Internet tipped $5
“I’m just not used to that sort of generosity.” ⌘ Read more
Building GitHub with Ruby and Rails
Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily. We deploy as often as 20 times a day, and nearly every week one of those deploys is a Rails upgrade. Upgrading Rails weekly Every […] ⌘ Read more
Pwning Pixel 6 with a leftover patch
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes. ⌘ Read more
Enabling a No-Code Performance Testing Platform Using the Ddosify Docker Extension
Learn about the Ddosify Docker Extension and how use it for performance testing. ⌘ Read more
Announcing the GitHub Actions extension for VS Code
Today, we’re excited to announce the release of the public beta of the official GitHub Actions VS Code extension, which provides support for authoring and editing workflows and helps you manage workflow runs without leaving your IDE. ⌘ Read more
Build a secure code mindset with the GitHub Secure Code Game
Writing secure code is as much of an art as writing functional code, and it is the only way to write quality code. Learn how our Secure Code Game can provide you with hands-on training to spot and fix security issues in your code so that you can build a secure code mindset. ⌘ Read more
Raising the bar for software security: GitHub 2FA begins March 13
On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA. ⌘ Read more
Application security orchestration with GitHub Advanced Security
Learn how teams can leverage the power of GitHub Advanced Security’s code scanning and GitHub Actions to integrate the right security testing tools at the right time. ⌘ Read more
How to automate your dev environment with dev containers and GitHub Codespaces
GitHub Codespaces enables you to start coding faster when coupled with dev containers. Learn how to automate a portion of your development environment by adding a dev container to an open source project using GitHub Codespaces. ⌘ Read more
Release Radar · February 2023 Edition
Our community—along with ourselves—took a much needed break over the festive season. Now everyone is back into the full swing of work, and the open source community is showing us it’s all hands on deck. We had dozens of submissions for the February Release Radar—a testament to the amount of code being shipped by the […] ⌘ Read more
On my blog: Commenting Code https://john.colagioia.net/blog/2023/03/05/comments.html #rant #technology
10 things you didn’t know you could do with GitHub Codespaces
Unlock the full potential of GitHub Codespaces with these 10 tips and tricks! From generating AI images to running self-guided coding workshops, discover how to optimize your software development workflow with this powerful tool. ⌘ Read more
The XMPP Standards Foundation: XMPP at Google Summer of Code 2023
XSF and Google Summer of Code 2023
The XSF has been accepted again as hosting organisation at the Google Summer of Code 2023!
Now both students and open-source newcomers are invited to consider and review a participation and
prepare for the application phase. We would like to invite you to review XMPP … ⌘ Read more
The code that wasn’t there: Reading memory on an Android device by accident
CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass. ⌘ Read more
Update on the future stability of source code archives and hashes
A look at what happened on January 30, what measures we’re putting in place to prevent surprises, and how we’ll handle future changes. ⌘ Read more
JMP: SMS Account Verification
Some apps and services (but not JMP!) require an SMS verification code in order to create a new account. (Note that this is different from using SMS for authentication; which is a bad idea since SMS can be easily intercepted, are not encrypted in transit, and are v … ⌘ Read more
Nice, the number of GoBlog users is growing! 🤓 The next step is a growing number of GoBlog developers. It would be great to have more people giving advice on how to improve the code. 😅 Any senior Go devs out there? ⌘ Read more
Legacy Code Conversion - Computerphile ⌘ Read more
The technology behind GitHub’s new code search
A look at what went into building the world’s largest public code search index. ⌘ Read more
Ludum Dare 52 staff picks 🕹
We’ve got ten top games from the latest Ludum Dare game jam plus source code for you to check out. Pun intended. ⌘ Read more
Enable No-Code Kubernetes with the harpoon Docker Extension
Find out how to use the harpoon Docker Extension to deploy Kubernetes without any code right from Docker Desktop. ⌘ Read more
Code Lifespan
⌘ Read more
January Extensions: Deploy Kubernetes and Develop Cloud Apps Locally
Find out what’s new this month in the Docker Extension Marketplace, including no-code kubernetes deployment and local cloud app development. ⌘ Read more
My code is still a mess, but I’m learning
I taught myself Go (and programming in general) by learning by doing. I learned by making a lot of mistakes and after noticing them, doing the necessary research. My Go code is probably a big mess, but it’s so satisfying, after not touching some code for a while, to do a major rewrite and improve the code with everything I’ve learned since the last time. ⌘ Read more
ChatGPT is smart enough to detect what the code in the single minified JavaScript file on my blog front page does. Try it out! 🙃 ⌘ Read more
ChatGPT is smart enough to detect what the code in the single minified JavaScript file on my blog front page does. Try it out! 🙃 ⌘ Read more
Pwning the all Google phone with a non-Google bug
It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit that used this vulnerability to gain arbitrary kernel code execution and root on a Pixel 6 from an Android app. ⌘ Read more