asbjorn: “Made a tiny thing with @0…”
Made a tiny thing with @0

It can redirect you to a random #gamejam #game that has scored top 10 in an Itch.io gamejam, and is playable in a web-browser.

https://randomgame.olli.ng

Source code: https://gitlab.com/pyjam.as/random_game ⌘ Read more

A better way to search, navigate, and understand code on GitHub
Reading code is a hugely important task for developers. That’s why we built GitHub’s new code search—to help developers search, navigate, and understand code written by them, their team, and the world. ⌘ Read more

GitHub Enterprise Server 3.7 is now generally available
GitHub Enterprise Server 3.7 is available now, including a single view of code risk, new forking and repository policies, and security enhancements to the management console. ⌘ Read more

computational complexity theory of self-modifying code. probably not good for execution speed, but great for code size.

Preview: referencing public code in GitHub Copilot
We will begin to introduce several new capabilities to GitHub Copilot in 2023 to continue delivering responsible innovation and true happiness at the keyboard. ⌘ Read more

SourceHut is banning cryptocurrency projects
SourceHut, a source code hosting service, is banning cryptocurrency- and blockchain-projects: ⌘ Read more

accepted in the Hybrid Live Coding Interfaces 2022 workshop with our qiudanz technique proposal | gemini://compudanzas.net/qiudanz_devlog.gmi

JMP: SMS Account Verification
Some apps and services (but not JMP!) require an SMS verification code in order to create a new account.  (Note that this is different from using SMS for authentication; which is a bad idea since SMS can be easily intercepted, are not encrypted in transit, and are v … ⌘ Read more

Why and how GitHub encrypts sensitive database columns using ActiveRecord::Encryption
You may know that GitHub encrypts your source code at rest, but you may not have known that we encrypt sensitive database columns as well. Read about our column encryption strategy and our decision to adopt the Rails column encryption standard. ⌘ Read more

https://github.com/norvig/paip-lisp Lisp code for Paradigms of Artificial Intelligence Programming

Stable Diffusion in Code (AI Image Generation) - Computerphile ⌘ Read more

I was just reminded of this interpreter for an APL/J-like language by Arthur Whitney, the absolute weirdest bit of C code I’ve actually gotten something out of, and thought I’d share: https://code.jsoftware.com/wiki/Essays/Incunabulum

** uxn exit **
This evening I sat down on the couch sleepy. We’d just gotten the kids into bed. I hadn’t planned on writing any code but figured I’d round the evening out with some reading.

First I read through the docs and glossary of uf, a forth system for uxn. Then I read through an example program provided by uf.

…with my palette whetted I [re-visited some other forth documentation](https://eli.li/_assets/bin/P … ⌘ Read more

JMP: SMS Account Verification
Some apps and services (but not JMP!) require an SMS verification code in order to create a new account.  (Note that this is different from using SMS for authentication; which is a bad idea since SMS can be easily intercepted, are not encrypted in transit, and are v … ⌘ Read more

**Hi @hacktoberfest! 👋

Your page says that “YOU’VE BEEN AWARDED A SWAG PACK (OR A TREE PLANTED IN YOUR NAME, IF YOU’D PREFER) FOR YOUR PARTICIPATION.”, and gives a code and a link, but the link appears to only allow for a swag pack…

How/where can I choose the tree 🌳 option?**
Hi @hacktoberfest! 👋

Your page says that “YOU’VE BEEN AWARDED A SWAG PACK (OR A TREE PLANTED IN YOUR NAME, IF YOU’D PREFER) FOR YOUR PARTICIPATION.”, and gives a code and a link, bu … ⌘ Read more

Interview with creator of OS/2-based ArcaOS
Watch now (54 min) | He licensed OS/2 from IBM… and updated it for modern hardware… without the source code! ⌘ Read more

Gajim: Gajim 1.5.2
Gajim 1.5.2 brings another performance boost, better emojis, improvements for group chat moderators, and many bug fixes. Thank you for all your contributions!

Generating performance profiles for Gajim revealed some bottlenecks in Gajim’s code. After fixing these, switching chats should now feel snappier than before.

Did you know that you can use shortcodes for typing emojis? Typing :+1 for example will ope … ⌘ Read more

js13kGames 2022 winners 🏆
The eleventh annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries. ⌘ Read more

Detect secrets in your code more accurately with dry runs for custom patterns now available in GitHub Advanced Security
Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security. ⌘ Read more

Expand your open source contributions during Hacktoberfest 2022
Give back to open source projects during the month of October! This year, we’re encouraging more than code contributions: writing, design, advocacy, and financial donations. ⌘ Read more

applied to the Hybrid Live Coding Interfaces 2022 workshop | gemini://compudanzas.net/qiudanz_devlog.gmi

Best practices on rolling out code scanning at enterprise scale
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO. ⌘ Read more

Tigase Blog: Tigase XMPP Libraries

Actually nothing new and nothing surprising here. We want to have as much of a reusable code as possible. And this
reusable code should have a simple but powerful API to be useful for quickly creating software.

That’s it.

And this is how we design and develop our XMPP libraries. Check them out.

Documentation to all our projects is available online and sample codes? Take a look at our XMPP Chat apps which are
open source too. ⌘ Read more

Security alert: new phishing campaign targets GitHub users
On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations. ⌘ Read more

Concepts: Semiquine (a program that only outputs its code, but never halts); prefixquine (program that outputs its code, but something after that). Trivial other versions are postfixquine, substringquine, prefixsemiquine.

“If you don’t make it beautiful, it’s for sure doomed”: putting the Vault in GitHub’s Arctic Code Vault
GitHub this month installed a massive steel vault, etched with striking AI-generated art, deep within an Arctic mountain, finalizing its Arctic Code Vault. This vault contains the 188 reels of hardened archival film which will preserve the 02/02/202 snapshot of every active public GitHub repository for 1,000 years. It also now includes a … ⌘ Read more

5 tips for prioritizing Dependabot alerts
Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building. ⌘ Read more

HM [02;04;06]: 13 mile run: 13.21 miles, 00:11:02 average pace, 02:25:47 duration
felt great minus high alert for code brown since miles 7 to 11.

last run of the training block!
#running

Paul Schaub: Using Pushdown Automata to verify Packet Sequences
As a software developer, most of my work day is spent working practically by coding and hacking away. Recently though I stumbled across an interesting problem which required another, more theoretical approach;

An OpenPGP message contains of a sequence of packets. There are signatures, encrypted data packets and their accompanying encrypted session keys, compressed data and literal data, the latter being the packet … ⌘ Read more

Dino: Stateless File Sharing: Async, Metadata with Thumbnails and some UI

Asynchronous programming is a neat tool, until you work with a foreign project in a foreign language using it.
As a messenger, Dino uses lots of asynchronous code, not always though.
Usually my progress wasn’t interfered by such instances, but sometimes I had to work around it.

Async in Vala

No surprises here.
Functions are annotated with async, and yield expressions that are asyn … ⌘ Read more

GitHub Actions: introducing the new, larger GitHub-hosted runners beta
Now your team can spend less time managing infrastructure and more time writing code. ⌘ Read more

GitHub Actions: introducing the new, larger GitHub-hosted runners beta
Now your team can spend less time managing infrastructure and more time writing code. ⌘ Read more

@prologic@twtxt.net I don’t know how to code in go or anything really. Not even really know how to do html and css only basic things.

@abucci@anthony.buc.ci Its not better than a Cat5e. I have had two versions of the device. The old ones were only 200Mbps i didn’t have the MAC issue but its like using an old 10baseT. The newer model can support 1Gbps on each port for a total bandwidth of 2Gbps.. i typically would see 400-500Mbps from my Wifi6 router. I am not sure if it was some type of internal timeout or being confused by switching between different wifi access points and seeing the mac on different sides.

Right now I have my wifi connected directly with a cat6e this gets me just under my providers 1.3G downlink. the only thing faster is plugging in directly.

MoCA is a good option, they have 2.5G models in the same price range as the 1G Powerline models BUT, only if you have the coax in wall already.. which puts you in the same spot if you don’t. You are for sure going to have an outlet in every room of the house by code.

** Miscellaneous this and that **
Since my brain injury (which I’ve since learned can be called an“ABI” or“acquired brain injury”) I’ve noticed that I have trouble focusing on programming tasks; I’m able to do what I need to do for work and family but, when it comes time for hobby projects I’m just gloop. Totally oozy.

Because of that I’ve been drawn to do more reading and game playing, but also still wanna code…I’ve found that it is easier to use more“batteries included” kinda languages, namely scheme, over what I’d … ⌘ Read more

Dino: Stateless File Sharing: Sources and Compatibility
This is my next progress post about my Google Summer of Code project of implementing Stateless File Sharing (sfs)

Like everything else we receive, we need to store the sfs sources in a database.
In this case, we are in a unique position:
Not only are there different kinds of sources, but even http sources on their own are not trivial.
For now, we only … ⌘ Read more

The next step for LGTM.com: GitHub code scanning!
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com. ⌘ Read more

(cont.)

Just to give some context on some of the components around the code structure.. I wrote this up around an earlier version of aggregate code. This generic bit simplifies things by removing the need of the Crud functions for each aggregate.

A domain object can be used as an aggregate by adding the event.AggregateRoot struct and finish implementing event.Aggregate. The AggregateRoot implements logic for adding events after they are either Raised by a command or Appended by the eventstore Load or service ApplyFn methods. It also tracks the uncommitted events that are saved using the eventstore Save method.

type User struct {
  Identity string ```json:"identity"`

  CreatedAt time.Time

  event.AggregateRoot
}

// StreamID for the aggregate when stored or loaded from ES.
func (a *User) StreamID() string {
	return "user-" + a.Identity
}
// ApplyEvent to the aggregate state.
func (a *User) ApplyEvent(lis ...event.Event) {
	for _, e := range lis {
		switch e := e.(type) {
		case *UserCreated:
			a.Identity = e.Identity
			a.CreatedAt = e.EventMeta().CreatedDate
        /* ... */
		}
	}
}

Events are applied to the aggregate. They are defined by adding the event.Meta and implementing the getter/setters for event.Event

type UserCreated struct {
	eventMeta event.Meta

	Identity string
}

func (c *UserCreated) EventMeta() (m event.Meta) {
	if c != nil {
		m = c.eventMeta
	}
	return m
}
func (c *UserCreated) SetEventMeta(m event.Meta) {
	if c != nil {
		c.eventMeta = m
	}
}

With a domain object that implements the event.Aggregate the event store client can load events and apply them using the Load(ctx, agg) method.

// GetUser populates an user from event store.
func (rw *User) GetUser(ctx context.Context, userID string) (*domain.User, error) {
	user := &domain.User{Identity: userID}

	err := rw.es.Load(ctx, user)
	if err != nil {
		if err != nil {
			if errors.Is(err, eventstore.ErrStreamNotFound) {
				return user, ErrNotFound
			}
			return user, err
		}
		return nil, err
	}
	return user, err
}

An OnX command will validate the state of the domain object can have the command performed on it. If it can be applied it raises the event using event.Raise() Otherwise it returns an error.

// OnCreate raises an UserCreated event to create the user.
// Note: The handler will check that the user does not already exsist.
func (a *User) OnCreate(identity string) error {
    event.Raise(a, &UserCreated{Identity: identity})
    return nil
}

// OnScored will attempt to score a task.
// If the task is not in a Created state it will fail.
func (a *Task) OnScored(taskID string, score int64, attributes Attributes) error {
	if a.State != TaskStateCreated {
		return fmt.Errorf("task expected created, got %s", a.State)
	}
	event.Raise(a, &TaskScored{TaskID: taskID, Attributes: attributes, Score: score})
	return nil
}

The following functions in the aggregate service can be used to perform creation and updating of aggregates. The Update function will ensure the aggregate exists, where the Create is intended for non-existent aggregates. These can probably be combined into one function.

// Create is used when the stream does not yet exist.
func (rw *User) Create(
  ctx context.Context,
  identity string,
  fn func(*domain.User) error,
) (*domain.User, error) {
	session, err := rw.GetUser(ctx, identity)
	if err != nil && !errors.Is(err, ErrNotFound) {
		return nil, err
	}

	if err = fn(session); err != nil {
		return nil, err
	}

	_, err = rw.es.Save(ctx, session)

	return session, err
}

// Update is used when the stream already exists.
func (rw *User) Update(
  ctx context.Context,
  identity string,
  fn func(*domain.User) error,
) (*domain.User, error) {
	session, err := rw.GetUser(ctx, identity)
	if err != nil {
		return nil, err
	}

	if err = fn(session); err != nil {
		return nil, err
	}

	_, err = rw.es.Save(ctx, session)
	return session, err
}

Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. ⌘ Read more

Scratch? Python? C? Kernighan on Languages for Kids Coding - Computerphile ⌘ Read more

Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more

Planning next to your code – GitHub Projects is now generally available
Today, we are announcing the general availability of the new and improved Projects powered by GitHub Issues. GitHub Projects connects your planning directly to the work your teams are doing in GitHub and flexibly adapts to whatever your team needs at any point. ⌘ Read more

RT by @mind_booster: A device that is designed for sneaky code execution and is legally off-limits to independent auditing is bad. A world of those devices - devices we put inside our bodies and put our bodies inside of - is fucking terrifying. 26/
A device that is designed for sneaky code execution and is legally off-limits to independent auditing is bad. A *world* of those devices - devices we put inside our bodies and put our bodies inside of - is *fucking terrifying*. 26/ ⌘ Read more

Scan QR codes right from your Linux Terminal
… you can export the QR codes as images… or even ASCII art! Neat! ⌘ Read more

Research: How GitHub Copilot helps improve developer productivity
We surveyed more than 2,000 developers about whether GitHub Copilot helped them be more productive and improved their coding. Then, we matched this qualitative feedback and subjective perception with quantitative data around objective usage measurements and productivity. ⌘ Read more

Gajim: Gajim 1.4.6
Gajim 1.4.6 fixes some bugs with the status icon and notifications. Emoji short code detection has been improved.

Several issues have been fixed in this release.

• Improved detection of emoji short codes
  
• Tray icon withlibappindicator has been fixed
  
• Groups are now preserved when changing a contact’s name
  
• Windows: Notifications shouldn’t appear in the taskbar anymore
  

Have a look at the [chan … ⌘ Read more

W3C announces Web 3.11 “Web for Workgroups”
“The original code name ‘Everything is an NFT now’ didn’t focus test as well as we thought.” ⌘ Read more

Dino: Project Stateless File Sharing: First Steps
Hey, this is my first development update!
As some of you might already know from my last blog post, my Google Summer of Code project is implementing Stateless File Sharing for Dino.
This is my first XMPP project and as such, I had to learn very basic things about it.
In my blog posts I’ll try to document the things I learned, with the idea that it might help someone else in the future.
I won’t refrain from explaining terms you might take for gran … ⌘ Read more

The Chromium super (inline cache) type confusion
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome. ⌘ Read more

China questions the safety of open source code amid sanctions and tech dependency risks, but can it build a viable alternative?
Beijing has become increasingly worried that the country’s heavy dependence on Western-dominated open source technologies could eventually backfire. ⌘ Read more