Лето в «айтиобщаге»
Этим летом Яндекс открыл «айтиобщагу». В ней жили ребята, которые приехали на стажировку в наши московские офисы из других регионов. «Айтиобщага» приняла первых стажёров в начале июля и проработала до конца сентября. Окончание сезона летних стажировок — хороший повод ещё раз вспомнить, как всё было.
С чего всё началось
Самый стажёрский сезон в Яндексе — лето, когда у студентов каникулы, а самый стажёрский город — Москва. Стажировки идут и в других городах, например в Питере, Екатеринбурге или Новосибир … ⌘ Read more
The next big social network is just the Web ?~L~X https://notiz.blog/b/6k2
Fun fact: Since I started tracking my train journeys in mid-May, I’ve already spent almost 7 whole days on trains. 🚄 ⌘ Read more
I acquired a new, fancy domain for a new side project. A site with tips on how to save money on purchases is something I would like to start. The search for a CMS reminds me of why I built GoBlog: all available options are not optimal. But GoBlog also isn’t optimal for this project for various reasons, as it shouldn’t be a typical personal blog. And now I have this really cool domain and question my plans. 😅 ⌘ Read more
Snikket: On the jabber.ru MITM attack
This post is about a recent security incident on a public XMPP service, which
provides jabber.ru and xmpp.ru. We have received a few questions from Snikket
users about whether they should be concerned about the security of their own
servers (Snikket also uses XMPP).
The good news is that Snikket was not affected by this incident - this was a
targeted attack against the jabber.ru/xmpp.ru service specifically. Later in
the post we’ll share more information about what we’ve done, and … ⌘ Read more
On my blog: Free Culture Book Club — Sugar the Robot, part 2 https://john.colagioia.net/blog/2023/10/21/roboteers-2.html #freeculture #bookclub
On my blog: Toots 🦣 from 10/16 to 10/20 https://john.colagioia.net/blog/2023/10/20/week.html #linkdump #mastodon #socialmedia #week
Docker State of Application Development Survey 2023: Share Your Thoughts on Development
Participate in the Docker State of Application Development Survey 2023 to help us better understand and serve the developer community. We want to know where developers are focused, what they’re working on, and what is most important to them. Your participation and input will help us build the best products and experiences for you. ⌘ Read more
On my blog: Real Life in Star Trek, Transfigurations https://john.colagioia.net/blog/2023/10/19/transfigurations.html #scifi #startrek #closereading
ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software.
The post [ICYMI: improved C++ vulnerability coverage and CodeQL support … ⌘ Read more
ProcessOne: ejabberd 23.10
A new ejabberd release, ejabberd 23.10, is now published with more than 150 commits since the previous 23.04. It includes many new features and improvements, and also many more bugfixes.
- Support for XEP-0402: PEP Native Bookmarks
- Support for XEP-0421: Occupant Id
- Many new options and features
A more detailed explanation of improvements and features:
Added support for XEP-0402: PEP Native Bookmarks[XEP-0402 … ⌘ Read more
Erlang Solutions: Erlang Security Audit
Unlock the Power of Secure Erlang CodeCybersecurity is a non-negotiable aspect of business. The need for robust protection extends to all aspects of your operations, including the security of your Erlang-based code.
At Erlang Solutions, we recognise the vital importance of safeguarding your code from potential vulnerabilities and security threats. We are thrilled to introduce our latest offering – the … ⌘ Read more
Erlang Solutions: MongooseIM Health-Check
Optimise Your Current Deployment with a MongooseIM Health CheckMongooseIM plays a key role in today’s evolving digital landscape. For businesses, it ensures seamless communication within your organisation or application. However, like any other system, it requires regular check-ups to maintain peak performance.
Enter the MongooseIM Health Check from our team at Erlang Solutions – your ticket to a more efficient messaging environment.
**What is a Mo … ⌘ Read moreYour curated GitHub Universe agenda: AI, ethics, and productivity
Gain actionable insights about the intersection of AI and human skills, while tackling ethics, accessibility, and productivity at these GitHub Universe sessions.
The post Your curated GitHub Universe agenda: AI, ethics, and productivity appeared first on The GitHub Blog. ⌘ Read more
The clock is ticking: Atlassian’s support for Bitbucket Server ends on February 15, 2024
Atlassian is ending support for its Server products—including Bitbucket Server—in February 2024. In this post, you’ll learn what that means for you, your options, and how you can move to GitHub.
The post [The clock is ticking: Atlassian’s support for Bitbucket Server ends on February 15, 2024](https://github.blog/2023-10-17-the-clock-is-ticking-atlassians-support … ⌘ Read more
Hello WordPress ?~L~X https://notiz.blog/p/6jp
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
The post [Getting RCE in Chrome with incomplete object initialization in the Maglev compiler](https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the- … ⌘ Read more
Update Tailscale on the GL.iNet Beryl AX (GL-MT3000)
I’ve been toying with my recently received GL.iNet Beryl AX (GL-MT3000) for some days and I have to say, it’s wonderful! It provides all the features I need in combination with my 5G router (like support for IPv6). I was also able to set up a VPN connection using Wireguard to the other home that will keep a wire-based internet connection with a public (but changing) IPv4 address. As it also works perfectly fine with an LTE stick or mobile tethering, I’m quite tempte … ⌘ Read more
Measuring Git performance with OpenTelemetry
Use our new open source Trace2 receiver component and OpenTelemetry to capture and visualize telemetry from your Git commands.
The post Measuring Git performance with OpenTelemetry appeared first on The GitHub Blog. ⌘ Read more
On my blog: Developer Diary, World Food Day https://john.colagioia.net/blog/2023/10/16/food.html #programming #project #devjournal
On my blog: Free Culture Book Club — Sugar the Robot, part 1 https://john.colagioia.net/blog/2023/10/14/roboteers-1.html #freeculture #bookclub
On my blog: Toots 🦣 from 10/09 to 10/13 https://john.colagioia.net/blog/2023/10/13/week.html #linkdump #mastodon #socialmedia #week
Signing Docker Official Images Using OpenPubkey
Learn about the updated Docker Official Images (DOI) signing strategy and how OpenPubkey can be leveraged to smooth the flow and decrease the number of third-party entities the verifier is required to trust. ⌘ Read more
Sam Whited: Co-Op Ideas
This is a list of co-ops I’d like to start one day and where (if applicable).
DIY Bike Kitchen (Cobb County, GA)There is a DIY bike shop, Sopo Bike Co-op in Atlanta, but Cobb has
historically been very transit-averse and it’s hard to get into Atlanta by
bike if you need to get it worked on. Having something local to Cobb could
encourage biking and start to change attitudes to biking on the local city
councils and among the county commissioners.Traditional bik … ⌘ Read more
js13kGames 2023 winners 🏆
The twelfth annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries.
The post js13kGames 2023 winners 🏆 appeared first on The GitHub Blog. ⌘ Read more
On my blog: Real Life in Star Trek, Ménage à Troi https://john.colagioia.net/blog/2023/10/12/menage-troi.html #scifi #startrek #closereading
No hello
Thanks to Tim Hårek Andreassen, I finally have a link I can send my coworkers whenever they send me a “Hi”, “Do you have some time?”, “Can I call you?” instead of asking their question right away or even just mentioning the topic. And there’s also a German version, great! ⌘ Read more
Erlang Solutions: tryMongooseIM: MongooseIM is now easier than ever!
Have you ever found yourself in a situation where you wanted to check the capabilities of MongooseIM, but you were overwhelmed by the sheer amount of configuration of the service itself, or how to deploy it easily?
Imagine you are working on a project and one of the tasks is to evaluate XMPP servers.
You do some res … ⌘ Read more
Ensuring the next generation of open source leaders are truly “all in”
If you are a student from a U.S. minority-serving institution looking to start your journey into open source, join us!
The post Ensuring the next generation of open source leaders are truly “all in” appeared first on The GitHub Blog. ⌘ Read more
Getting Started with JupyterLab as a Docker Extension
JupyterLab is a web-based interactive development environment (IDE) that allows users to create and share documents that contain live code, equations, visualizations, and narrative text. It is the latest evolution of the popular Jupyter Notebook and offers several advantages over its predecessor. We provide an overview the JupyterLab architecture and explain how to start using JupyterLab as a Docker extension. ⌘ Read more
Long term career thoughts
When I read this article by Herman Martinus, creator of Bear Blog and some other projects, about how he stays motivated as a solo creator, it triggered some thoughts about my own career. ⌘ Read more
GitHub Availability Report: September 2023
In September, we experienced two incidents that resulted in degraded performance across GitHub services.
The post GitHub Availability Report: September 2023 appeared first on The GitHub Blog. ⌘ Read more
Enforcing code reliability by requiring workflows with GitHub Repository Rules
GitHub Enterprise Cloud customers can now ensure controlled workflows run and pass before code is merged into any of its repositories.
The post Enforcing code reliability by requiring workflows with GitHub Repository Rules appeared first on [The GitHub Blog](https://g … ⌘ Read more
Research: Quantifying GitHub Copilot’s impact on code quality
Findings show that code quality is better across the board and developers felt more confident, too.
The post Research: Quantifying GitHub Copilot’s impact on code quality appeared first on The GitHub Blog. ⌘ Read more
Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)
CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.
The post Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641) appeared first on The GitHub Blog. ⌘ Read more
Prompting GitHub Copilot Chat to become your personal AI assistant for accessibility
GitHub Copilot Chat can help you learn about accessibility and improve the accessibility of your code. In this blog, we share a sample foundational prompt that instructs GitHub Copilot Chat to become your personal AI assistant for accessibility.
The post [Prompting GitHub Copilot Chat to become your personal AI assistant for accessibility](https://github.blog/2023-10- … ⌘ Read more
Skilling African developers through All In Africa
All In Africa is a gateway to growth, learning, and meaningful connections within the African open source ecosystem and beyond.
The post Skilling African developers through All In Africa appeared first on The GitHub Blog. ⌘ Read more
On my blog: Developer Diary, Hangul Day https://john.colagioia.net/blog/2023/10/09/hangul.html #programming #project #devjournal
5G chaos in my head
One of the reasons I like blogging is that it sometimes helps me organize my thoughts. There’s a lot of chaos in my head before I write them down, and after, my head is sometimes calm. ⌘ Read more
On my blog: Free Culture Book Club — ½ https://john.colagioia.net/blog/2023/10/07/half.html #freeculture #bookclub
On my blog: Toots 🦣 from 10/02 to 10/06 https://john.colagioia.net/blog/2023/10/06/week.html #linkdump #mastodon #socialmedia #week
Security Advisory: High Severity Curl Vulnerability
The maintainers of curl, the popular command-line tool and library for transferring data with URLs, will release curl 8.4.0 on October 11, 2023. This version will include a fix for two common vulnerabilities and exposures (CVEs), one of which the curl maintainers rate as “HIGH” severity and described as “probably the worst curl security flaw in a long time.” In the meantime, you can prepare ahead of exploitability details being released … ⌘ Read more
On my blog: Real Life in Star Trek, Sarek https://john.colagioia.net/blog/2023/10/05/sarek.html #scifi #startrek #closereading
A developer’s guide to open source LLMs and generative AI
Open source generative AI projects are a great way to build new AI-powered features and apps.
The post A developer’s guide to open source LLMs and generative AI appeared first on The GitHub Blog. ⌘ Read more
Introducing a New GenAI Stack: Streamlined AI/ML Integration Made Easy
At DockerCon 2023, with partners Neo4j, LangChain, and Ollama, we announced a new GenAI Stack. We have brought together the top technologies in the generative artificial intelligence (GenAI) space to build a solution that allows developers to deploy a full GenAI stack with only a few clicks. ⌘ Read more
Erlang Solutions: Type-checking Erlang and Elixir
The BEAM community couldn’t be more varied when it comes to opinions about static type systems. For some they’re the most desired feature of other functional languages which we miss. Others shun them and choose our ecosystem exactly because, and not despite the fact that it doesn’t force the perceived overhead of types. Some others still worry whether static types could be successfully applied on the Erlang virtual machine at all.
Over the years, … ⌘ Read more
How to communicate like a GitHub engineer: our principles, practices, and tools
Learn more about how we use GitHub to build GitHub, how we turned our guiding communications principles into prescriptive practices to manage our internal communications signal-to-noise ratio, and how you can contribute to the ongoing conversation.
The post [How to communicate like a GitHub engineer: our principles, practices, and tools](https://github.blog/2023-10-04-how-to-commu … ⌘ Read more
Announcing Udemy + Docker Partnership
Docker and Udemy announced a new partnership at DockerCon to give developers a clear, defined, accessible path for learning how to use Docker, best practices, advanced concepts, and everything in between. As the #1 rated online course platform (as ranked by Stack Overflow), Udemy will be the first to house Docker-accredited content and customized learning paths to provide developers with the latest training materials on how to best use Docker tools. ⌘ Read more
Introducing secret scanning validity checks for major cloud services
Secret scanning now performs validity checks for select AWS, Microsoft, Google, and Slack tokens.
The post Introducing secret scanning validity checks for major cloud services appeared first on The GitHub Blog. ⌘ Read more
Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain
We are excited to announce that Docker Scout General Availability (GA) now allows developers to continuously evaluate container images against a set of out-of-the-box policies, aligned with software supply chain best practices. These new capabilities also include a full suite of integrations enabling you to attain visibility from development into production. These updates strengthen Docker Scout’s position as integral to the software s … ⌘ Read more