Security Advisory: High Severity Curl Vulnerability
The maintainers of curl, the popular command-line tool and library for transferring data with URLs, will release curl 8.4.0 on October 11, 2023. This version will include a fix for two common vulnerabilities and exposures (CVEs), one of which the curl maintainers rate as “HIGH” severity and described as “probably the worst curl security flaw in a long time.” In the meantime, you can prepare ahead of exploitability details being released … ⌘ Read more
On my blog: Real Life in Star Trek, Sarek https://john.colagioia.net/blog/2023/10/05/sarek.html #scifi #startrek #closereading
A developer’s guide to open source LLMs and generative AI
Open source generative AI projects are a great way to build new AI-powered features and apps.
The post A developer’s guide to open source LLMs and generative AI appeared first on The GitHub Blog. ⌘ Read more
Introducing a New GenAI Stack: Streamlined AI/ML Integration Made Easy
At DockerCon 2023, with partners Neo4j, LangChain, and Ollama, we announced a new GenAI Stack. We have brought together the top technologies in the generative artificial intelligence (GenAI) space to build a solution that allows developers to deploy a full GenAI stack with only a few clicks. ⌘ Read more
Erlang Solutions: Type-checking Erlang and Elixir
The BEAM community couldn’t be more varied when it comes to opinions about static type systems. For some they’re the most desired feature of other functional languages which we miss. Others shun them and choose our ecosystem exactly because, and not despite the fact that it doesn’t force the perceived overhead of types. Some others still worry whether static types could be successfully applied on the Erlang virtual machine at all.
Over the years, … ⌘ Read more
How to communicate like a GitHub engineer: our principles, practices, and tools
Learn more about how we use GitHub to build GitHub, how we turned our guiding communications principles into prescriptive practices to manage our internal communications signal-to-noise ratio, and how you can contribute to the ongoing conversation.
The post [How to communicate like a GitHub engineer: our principles, practices, and tools](https://github.blog/2023-10-04-how-to-commu … ⌘ Read more
Announcing Udemy + Docker Partnership
Docker and Udemy announced a new partnership at DockerCon to give developers a clear, defined, accessible path for learning how to use Docker, best practices, advanced concepts, and everything in between. As the #1 rated online course platform (as ranked by Stack Overflow), Udemy will be the first to house Docker-accredited content and customized learning paths to provide developers with the latest training materials on how to best use Docker tools. ⌘ Read more
Introducing secret scanning validity checks for major cloud services
Secret scanning now performs validity checks for select AWS, Microsoft, Google, and Slack tokens.
The post Introducing secret scanning validity checks for major cloud services appeared first on The GitHub Blog. ⌘ Read more
Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain
We are excited to announce that Docker Scout General Availability (GA) now allows developers to continuously evaluate container images against a set of out-of-the-box policies, aligned with software supply chain best practices. These new capabilities also include a full suite of integrations enabling you to attain visibility from development into production. These updates strengthen Docker Scout’s position as integral to the software s … ⌘ Read more
Sponsors is expanding
GitHub Sponsors has partnered with Patreon. We’re also expanding to new regions.
The post Sponsors is expanding appeared first on The GitHub Blog. ⌘ Read more
3 strategies to expand your threat model and secure your supply chain
How to get the security basics right at your organization.
The post 3 strategies to expand your threat model and secure your supply chain appeared first on The GitHub Blog. ⌘ Read more
Announcing Docker AI/ML Hackathon
With the return of DockerCon, held October 4-5 in Los Angeles, we’re excited to announce the kick-off of a Docker AI/ML Hackathon. Join us at DockerCon — in-person or virtually — to learn about the latest Docker product announcements. Then, bring your innovative artificial intelligence (AI) and machine learning (ML) solutions to life in the hackathon for a chance to win cool prizes. ⌘ Read more
Announcing Docker Compose Watch GA Release
Docker Compose Watch, a tool to improve the inner loop of application development, is now generally available. We built Docker Compose Watch to smooth away these workflow papercuts. We have learned from many people using our open source Docker Compose project for local development. Now we are natively addressing common workflow friction we observe, like the use case of hot reload for frontend development. ⌘ Read more
Docker Desktop 4.24: Compose Watch, Resource Saver, and Docker Engine
With the release of Docker Desktop 4.24, we announce the official General Availability of Docker Compose Watch and Resource Saver. Combined with our new enhancements to managing Docker Engine in Docker Desktop, these updates will help you be more efficient and make your software development experience more enjoyable. ⌘ Read more
I just lost ¾ of a really good blog post by typing :q! without thinking and I’m having a really hard time rewriting it.
Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
The post [Cybersecurity spotlight on bug bounty researcher @inspector-ambitious](https://github.blog/2023-10-02-cybersecurity-spotlight-on-bug-bounty-researcher-inspector-a … ⌘ Read more
Introducing the new, Apple silicon powered M1 macOS larger runner for GitHub Actions
Speed up your GitHub Actions jobs on macOS with all new, faster Apple silicon powered M1 macOS larger runner for arm64.
The post Introducing the new, Apple silicon powered M1 macOS larger runner for GitHub Actions appeared first on [The GitHub Blog](ht … ⌘ Read more
On my blog: Developer Diary, Batik Day https://john.colagioia.net/blog/2023/10/02/batik.html #programming #project #devjournal
My September ‘23 in Review
Now September is over, and it’s time to take a brief look back at the past month. ⌘ Read more
On my blog: Free Culture Book Club — Full Bloom https://john.colagioia.net/blog/2023/09/30/full-bloom.html #freeculture #bookclub
On my blog: Toots 🦣 from 09/25 to 09/29 https://john.colagioia.net/blog/2023/09/29/week.html #linkdump #mastodon #socialmedia #week
Game Bytes · September 2023
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
The post Game Bytes · September 2023 appeared first on The GitHub Blog. ⌘ Read more
On my blog: Real Life in Star Trek, The Most Toys https://john.colagioia.net/blog/2023/09/28/most-toys.html #scifi #startrek #closereading
GitHub Learning Pathways: Learn from the best
Gain expertise and insights from top organizations through guided tutorials, boosting productivity, enhancing security, and enabling seamless collaboration.
The post GitHub Learning Pathways: Learn from the best appeared first on The GitHub Blog. ⌘ Read more
The field near my second home… Walking here reminds me of when I walked here a year and a half ago, debating whether to accept the new job offer. It feels like an eternity ago. But it was a good decision! ⌘ Read more
Get Started with the Microcks Docker Extension for API Mocking and Testing
Read how running Microcks as a Docker extension enables developers to swiftly create, test, and iterate on APIs without leaving the Docker environment. ⌘ Read more
Erlang Solutions: Introducing Wardley Mapping to Your Business Strategy
Since it’s creation in 2005, Wardley Mapping has been embraced by UK government institutions and companies worldwide. This is thanks to its unique ability to factor both value and change into the strategising process. It’s a powerful, fascinating tool that far more organisations across the world should be implementing today to make key choices for their future growth.
Ahead of my wider Wardley Mapping st … ⌘ Read more
A better Postman alternative: Hoppscotch
I used to use Postman for both personal and work projects. It was great for making HTTP requests without having to create curl commands. But now, Postman requires a login, which I hate. I don’t understand why a login is needed for such a simple tool. ⌘ Read more
Let’s DockerCon!
DockerCon 2023 will be hybrid — both live (in Los Angeles, California) and virtual. Our desire is to once again experience the live magic of the hallway track, the serendipitous developer-to-developer sharing of tips and tricks, and the celebration of our community’s accomplishments … all while looking forward together toward a really exciting future. And for members of our community who can’t attend in person, we hope you’ll join us virtually! ⌘ Read more
“The Frustration Loop”
Spammers and their spam are annoying. ⌘ Read more
How I used GitHub Copilot Chat to build a ReactJS gallery prototype
GitHub Copilot Chat can help developers create prototypes, understand code, make UI changes, troubleshoot errors, make code more accessible, and generate unit tests.
The post How I used GitHub Copilot Chat to build a ReactJS gallery prototype appeared first on The GitHub Blog. ⌘ Read more
Changes to How Docker Handles Personal Authentication Tokens
Docker is improving the visibility of Docker Desktop and Hub users’ personal access tokens. Specifically, we are changing how tokens are handled across sessions between the two tools. Learn more about this security improvement. ⌘ Read more
How GitHub uses GitHub Actions and Actions larger runners to build and test GitHub.com
Recently, we’ve been working to make our CI experience better by leveraging the newly released GitHub feature, Actions larger runners, to run our CI.
The post [How GitHub uses GitHub Actions and Actions larger runners to build and test GitHub.com](https://github.blog/2023-09-26-how-github-uses-github-actions-and-actions-larger-runners-to-build-and-test-github-com/ … ⌘ Read more
Docker’s Journey Toward Enabling Lightning-Fast Developer Innovation: Unveiling Performance Milestones
Learn about Docker’s focus on performance and walk through the milestones of the past 12 months, including 85x improvement in upload speed, 71% reduction in build time, and a 5,800% increase in streaming speed. ⌘ Read more
Your ultimate guide to the GitHub Universe ‘23 agenda
Get a sneak peek into the must-attend sessions, speakers, workshops, and GitHub certifications available at our global developer event.
The post Your ultimate guide to the GitHub Universe ‘23 agenda appeared first on The GitHub Blog. ⌘ Read more
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I’ll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
The post Getting RCE in Chrome with incorrect side effect in the JIT compiler appeared first on [The GitHub Blog](ht … ⌘ Read more
Erlang Solutions: Our experts at Code BEAM Europe 2023
The biggest Erlang and Elixir Conference is coming to Berlin in October!
Are you ready for a deep dive into the world of Erlang and Elixir? Mark your calendars, because Code BEAM Europe 2023 is just around the corner.
With a lineup of industry pioneers and thought leaders, Code BEAM Europe 2023 promises to be a hub of knowledge sharing, innovation, and networking.
Erlang Solutions’ experts are working har … ⌘ Read more
Calling all teachers! Learn how to build new commands on the GitHub Classroom CLI
In this step-by-step tutorial, we’ll dive into how you can become the next open source contributor to the GitHub Classroom CLI, building commands that you can use to improve your workflow as an educator!
The post [Calling all teachers! Learn how to build new commands on the GitHub Classroom CLI](https://github.blog/2023-09-25-calling-all-teachers-learn-how-to-build-new-comma … ⌘ Read more
On my blog: Developer Diary, Unification of Nepal https://john.colagioia.net/blog/2023/09/25/nepal.html #programming #project #devjournal
Catching COVID-19
So far, I had been spared from COVID-19. “Had,” focusing on the past, because now it has affected me, or us, after all. We had to cut short our vacation, which I used to share little glimpses of here on the blog. We quickly went back home, wearing masks the whole time and hoping not to infect more people. ⌘ Read more
On my blog: Free Culture Book Club — C-Man https://john.colagioia.net/blog/2023/09/23/c-man.html #freeculture #bookclub
On my blog: Toots 🐘 from 09/18 to 09/22 https://john.colagioia.net/blog/2023/09/22/week.html #linkdump #mastodon #socialmedia #week
On my blog: Real Life in Star Trek, Hollow Pursuits https://john.colagioia.net/blog/2023/09/21/hollow-pursuits.html #scifi #startrek #closereading
The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
The post [The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects](https://github.blog/2023-09-21-the-github-s … ⌘ Read more
Passkeys are generally available
All GitHub.com users can now register a passkey to sign in without a password.
The post Passkeys are generally available appeared first on The GitHub Blog. ⌘ Read more
Announcing the GitHub Innovation Graph
Explore a universe of data about how the world is building software together on GitHub.
The post Announcing the GitHub Innovation Graph appeared first on The GitHub Blog. ⌘ Read more
GitHub Copilot Chat beta now available for all individuals
All GitHub Copilot for Individuals users now have access to GitHub Copilot Chat beta, bringing natural language-powered coding to every developer in all languages.
The post GitHub Copilot Chat beta now available for all individuals appeared first on The GitHub Blog. ⌘ Read more
Introducing Learning Paths on Global Campus
Guiding student developers through skill building foundations, a building block in their learning journey with GitHub Education.
The post Introducing Learning Paths on Global Campus appeared first on The GitHub Blog. ⌘ Read more
How IKEA Standardizes Docker Images for Efficient Machine Learning Model Deployment
Learn the vital role Docker plays in MLOps (machine learning operations) at IKEA. We explore how Docker and Seldon-Core work together to turn a convoluted task into a streamlined, agile operation, and how you can harness real-time metrics for profound insights. ⌘ Read more
Announcing general availability of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.
The post [Announcing general availability of GitHub Advanced Security for Azure DevOps](https://github.blog/2023-09-20-announcing-general-availability-of-github-advanced-security-for- … ⌘ Read more