its a notebook tool like evernote. @sorenpeter@darch.dk linked it above: https://joplinapp.org/

Keeping repository maintainer information accurate
Discover how keeping repository maintainer information accurate through CODEOWNERS files and automating maintenance with tools like cleanowners fosters efficient collaboration and sustainable software projects.

The post Keeping repository maintainer information accurate appeared first on The GitHub Blog. ⌘ Read more

@lyse@lyse.isobeef.org its a hierarchy key value format. I designed it for the network peering tools i use.. I can grant access to different parts of the tree to other users.. kinda like directory permissions. a basic example of the format is:

@namespace
# multi
# line
# comment
root :value

# example space comment
@namespace.name space-tag 

# attribute comments
attribute attr-tag  :value for attribute

# attribute with multiple 
# lines of values
foo :bar
      :bin
      :baz

repeated :value1
repeated :value2

each @ starts the definition of a namespace kinda like [name] in ini format. It can have comments that show up before. then each attribute is key :value and can have their own # comment lines.
Values can be multi line.. and also repeated..

the namespaces and values can also have little meta data tags added to them.

the service can define webhooks/mqtt topics to be notified when the configs are updated. That way it can deploy the changes out when they are updated.

The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.

The post The architecture of SAST tools: An explainer for developers appeared first on The GitHub Blog. ⌘ Read more

A developer’s second brain: Reducing complexity through partnership with AI
As we look to empower developers with AI tools, we inadvertently integrate AI deeper into the way developers work. How do developers feel about that? And what are the most impactful ways to introduce more AI into workflows? We recently conducted 25 in-depth interviews with developers to understand exactly that.

The post [A developer’s second brain: Reducing complexity through partnership … ⌘ Read more

Frenemies to friends: Developers and security tools
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.

The post Frenemies to friends: Developers and security tools appeared first on [The GitHub Blog](http … ⌘ Read more

5 ways to make your DevSecOps strategy developer-friendly
Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction.

The post 5 ways to make your DevSecOps strategy developer-friendly appeared first on The GitHub Blog. ⌘ Read more

From migration tools to updates to Enterprise Managed Users, what’s new in GitHub Enterprise
Read a round-up of the exciting, new innovation coming from GitHub Enterprise.

The post From migration tools to updates to Enterprise Managed Users, what’s new in GitHub Enterprise appeared first on [The GitHub Blog](https://githu … ⌘ Read more

@eapl.me@eapl.me I have many fond memories of Turbo pascal and Turbo C(++). They really did have a great help system. And debug tools! Its rare for language docs to be as approachable. QBasic was great. As was PHP docs when I first came into web.

Universe’s key takeaway: Innovate better with AI-powered workflows on a single, unified platform
Discover new AI-powered features and tools to help developers stay in the flow and organizations innovate at scale.

The post [Universe’s key takeaway: Innovate better with AI-powered workflows on a single, unified platform](https://github.blog/2023-11-15-universes-key-takeaway-innovate-better-with-ai-powered-workflows-on-a-single-unified-pla … ⌘ Read more

@lyse@lyse.isobeef.org I wish more standardization around distributed issues and PRs within the repo ala git-bug was around for this. I see it has added some bridge tooling now.

How to communicate like a GitHub engineer: our principles, practices, and tools
Learn more about how we use GitHub to build GitHub, how we turned our guiding communications principles into prescriptive practices to manage our internal communications signal-to-noise ratio, and how you can contribute to the ongoing conversation.

The post [How to communicate like a GitHub engineer: our principles, practices, and tools](https://github.blog/2023-10-04-how-to-commu … ⌘ Read more

💻 Issue 383 - So, What’s So Special About The Mill Scala Build Tool? ⌘ Read more

@prologic@twtxt.net Horseshit hype:

• AI that we have today cannot think–there is no cognitive capacity
  
• AI that we have today cannot be interviewed–“inter” “viewing” is two minds interacting, but AI of today has no mind, which means this is a puppet show
  
• AI today is not free–it’s a tool, a machine, hardly different from a hammer. It does what a human directs it to do and has no drives, desires, or autonomy. What you’re seeing here is a fancy Mechnical Turk
  

This shit is probably paid for by AI companies who desperately want us to think of the AI as far more capable than it actually is, because that juices sales and gives them a way to argue they aren’t responsible for any harms it causes.

A guide to designing and shipping AI developer tools
GitHub’s design experts share 10 tips and lessons for designing magical user experiences for AI applications and AI coding tools. ⌘ Read more

A checklist and guide to get your repository collaboration-ready
In the world of software development, collaboration can make the difference between a brittle last-minute release and a reliable, maintainable, pain-free project. Whether you’ve been coding for a day or a decade, your colleagues are there to help strengthen your work. But they can only help if you’ve given them the tools to do so. ⌘ Read more

How we build containerized services at GitHub using GitHub
Learn about how we build containerized services that power microservices on the GitHub.com platform and many internal tools. ⌘ Read more

@prologic@twtxt.net Well, you can mute or block individual users, and you can mute conversations too. I think the tools for controlling your interactions aren’t so bad (they could definitely be improved ofc). And in my case, I was replying to something this person said, so it wasn’t outrageous for his reply to be pushed to me. Mostly, I was sad to see how quickly the conversation went bad. I thought I was offering something relatively uncontroversial, and actually I was just agreeing with and amplifying something another person had already said.

Keeping up with big shifts in tech
Deciding whether or not to adopt a tool can be hard enough, but what about when it seems to break the paradigms you know? ⌘ Read more

Google Says It’ll Scrape Everything You Post Online for AI

Google updated its privacy policy over the weekend, explicitly saying the company reserves the right to scrape just about everything you post online to build its AI tools.

Google can eat shit.

The economic impact of the AI-powered developer lifecycle and lessons from GitHub Copilot
Today at Collision Conference we unveiled breaking new research on the economic and productivity impact of generative AI–powered developer tools. The research found that the increase in developer productivity due to AI could boost global GDP by over $1.5 trillion. ⌘ Read more

New tool to secure your GitHub Actions
Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions. ⌘ Read more

CodeQL zero to hero part 2: getting started with CodeQL
Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries. ⌘ Read more

Survey reveals AI’s impact on the developer experience
We surveyed 500 U.S.-based developers at companies with 1,000-plus employees about how managers should consider developer productivity, collaboration, and AI coding tools. ⌘ Read more

Survey reveals AI’s impact on the developer experience
We surveyed 500 U.S.-based developers at companies with 1,000-plus employees about how managers should consider developer productivity, collaboration, and AI coding tools. ⌘ Read more

Announcing the Stale Repos Action
A tool to help you keep your open source catalog organized and up to date. ⌘ Read more

Seems to me you could write a script that:

• Parses a StackOverflow question
  
• Runs it through an AI text generator
  
• Posts the output as a post on StackOverflow
  

and basically pollute the entire information ecosystem there in a matter of a few months? How long before some malicious actor does this? Maybe it’s being done already 🤷

What an asinine, short-sighted decision. An astonishing number of companies are actively reducing headcount because their executives believe they can use this newfangled AI stuff to replace people. But, like the dot com boom and subsequent bust, many of the companies going this direction are going to face serious problems when the hypefest dies down and the reality of what this tech can and can’t do sinks in.

We really, really need to stop trusting important stuff to corporations. They are not tooled to last.

Announcing the public preview of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos. ⌘ Read more

How GitHub Copilot is getting better at understanding your code
With a new Fill-in-the-Middle paradigm, GitHub engineers improved the way GitHub Copilot contextualizes your code. By continuing to develop and test advanced retrieval algorithms, they’re working on making our AI tool even more advanced. ⌘ Read more

@shreyan@twtxt.net I agree re: AR. Vircadia is neat. I stumbled on it years ago when I randomly started wondering “wonder what’s going on with Second Life and those VR things” and started googling around.

Unfortunately, like so many metaverse efforts, it’s almost devoid of life. Interesting worlds to explore, cool tools to build your own stuff, but almost no people in it. It feels depressing, like an abandoned shopping mall.

How companies are boosting productivity with generative AI
Explore how generative AI coding tools are changing the way developers and companies build software. ⌘ Read more

How we work: inclusive retrospectives for the GitHub Accessibility leadership team
Learn about tools and processes the GitHub Accessibility leadership team uses for retrospectives that fully engage every team member. ⌘ Read more

Manage your application security stack effectively with the tool status page
Code scanning’s tool status gives you a bird’s eye view of your application security stack, allowing you to quickly confirm everything is working, or troubleshoot any tool in your application security arsenal. ⌘ Read more

I have no interest in doing anything about it, even if I had the time (which I don’t), but these kind of thing happen all day every day to countless people. My silly blog post isn’t worth getting up in arms about, but there are artists and other creators who pour countless hours, heart and soul into their work, only to have it taken in exactly this way. That’s one of the reasons I’m so extremely negative about the spate of “AI” tools that have popped up recently. They are powered by theft.

There is a “right” way to make something like GitHub CoPilot, but Microsoft did not choose that way. They chose one of the most exploitative options available to them. For that reason, I hope they face significant consequences, though I doubt they will in the current climate. I also hope that CoPilot is shut down, though I’m pretty certain it will not be.

Other than access to the data behind it, Microsoft has nothing special that allows it to create something like CoPilot. The technology behind it has been around for at least a decade. There could be a “public” version of this same tool made by a cooperating group of people volunteering, “leasing”, or selling their source code into it. There could likewise be an ethically-created corporate version. Such a thing would give individual developers or organizations the choice to include their code in the tool, possibly for a fee if that’s something they want or require. The creators of the tool would have to acknowledge that they have suppliers–the people who create the code that makes their tool possible–instead of simply stealing what they need and pretending that’s fine.

This era we’re living through, with large companies stomping over all laws and regulations, blatantly stealing other people’s work for their own profit, cannot come to an end soon enough. It is destroying innovation, and we all suffer for that. Having one nifty tool like CoPilot that gives a bit of convenience is nowhere near worth the tremendous loss that Microsoft’s actions in this instace are creating for everyone.

CLI tricks every developer should know
Learn some tips, tricks, and tools for mastering the command line from GitHub’s own developers. ⌘ Read more

@carsten@yarn.zn80.net

I have to write so many emails to so many idiots who have no idea what they are doing

So it sounds to me like the pressure is to reduce how much time you waste on idiots, which to my mind is a very good reason to use a text generator! I guess in that case you don’t mind too much whether the company making the AI owns your prompt text?

I’d really like to see tools like this that you can run on your desktop or phone, so they don’t send your hard work off to someone else and give a company a chance to take it from you.

💻 Issue 361 - Faster Scala.js development with front-end tooling and new tutorials ⌘ Read more

On LinkedIn I see a lot of posts aimed at software developers along the lines of “If you’re not using these AI tools (X,Y,Z) you’re going to be left behind.”

Two things about that:

1. No you’re not. If you have good soft skills (good communication, show up on time, general time management) then you’re already in excellent shape. No AI can do that stuff, and for that alone no AI can replace people
   
2. This rhetoric is coming directly from the billionaires who are laying off tech people by the 100s of thousands as part of the class war they’ve been conducting against all working people since the 1940s. They want you to believe that you have to scramble and claw over one another to learn the “AI” that they’re forcing onto the world, so that you stop honing the skills that matter (see #1) and are easier to obsolete later. Don’t fall for it. It’s far from clear how this will shake out once governments get off their asses and start regulating this stuff, by the way–most of these “AI” tools are blatantly breaking copyright and other IP laws, and some day that’ll catch up with them.
   

That said, it is helpful to know thy enemy.

How generative AI is changing the way developers work
Rapid advancements in generative AI coding tools like GitHub Copilot are accelerating the next wave of software development. Here’s what you need to know. ⌘ Read more

💻 Issue 360 - New Scala Build Tool ⌘ Read more

What’s new with GitHub Sponsors
GitHub Sponsors is now generally available for organizations. Also, new tooling for bulk sponsorships and an update on how we’re ensuring sustainability for GitHub Sponsors. ⌘ Read more

Level up monitoring and reporting for your enterprise
A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability. ⌘ Read more

CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries. ⌘ Read more

Introducing self-service SBOMs
Developers and compliance teams get a new SBOM generation tool for cloud repositories. ⌘ Read more

RT by @mind_booster: ❗Breaking: Meta Tracking Tools unlawful
In a groundbreaking decision in one of noybs 101 complaints, the Austrian Data Protection Authority decided that the use of Facebook’s tracking pixel directly violates the GDPR: https://noyb.eu/en/austrian-dsb-meta-tracking-tools-illegal?mtc=tw
❗Breaking: Meta Tracking Tools unlawful

In a groundbreaking decision in one of noybs 101 complaints, the Austrian Data Protection Authority decided that the use of Facebook’s tracking pixel directly violates th … ⌘ Read more

An open source project to empower OSPOs everywhere
We are open sourcing our own OSPO policies, tools, and guides to help other OSPOs get started. ⌘ Read more

Introducing GitHub vulnerability management integrations for security professionals
Learn about using GitHub Advanced Security alerts with vulnerability management tools. Check out the integrations and learn about how to get started. ⌘ Read more

Multi-repository variant analysis: a powerful new way to perform security research across GitHub
Multi-repository variant analysis lets you scale security research across thousands of repositories, giving you a powerful tool to find and respond to newly discovered vulnerabilities. ⌘ Read more

Application security orchestration with GitHub Advanced Security
Learn how teams can leverage the power of GitHub Advanced Security’s code scanning and GitHub Actions to integrate the right security testing tools at the right time. ⌘ Read more