COVID-19 coronavirus captive coders create copious code, claims GitHub: Open-source projects mushroom amid pandemic

Microsoft's cloud repo rental biz finds a silver lining in 2020

It was the best of times for software developers, it was the worst of times for everyone else.

GitHub, in its annual data dump known as the State of the Octoverse, revealed on Wednesday that COVID-19 has been good for quarantine-oriented activities like writing code. Software developers, the biz found, have created 35 per cent more code repositories over the past year, compared to the previous one. They've also created 40 per cent more open-source projects, and increased their contributions to open source projects by 25 per cent.

Also, pull request merge times – the interval between a submitted code improvement and its incorporation into the project – decreased by 7.5 hours.

GitHub suggests this is consistent with prior research that indicates employees with workplace flexibility – variable schedules and the ability to work from home – work longer hours, sometimes as much as one or two days per week.

Productivity gains of that magnitude, in conjunction with potential real estate cost reductions, help explain why companies like HPE have been rethinking office-bound work policies.

"We see increased development work – both time spent and amount of work – across all time zones we investigated," the GitHub report stated. "Developers may be taking advantage of flexible schedules to manage their time and energy, which contributes to this sustained productivity."

The report, however, warns that if work takes the place of personal time and rest breaks, the pace may not be sustainable. GitHub says that it has over 56m developers building projects, and expects to have 100m by 2025.

GitHub's symbol, Octocat, on the side of the building at its San Francisco HQ

GitHub's journey towards microservices and more: 'We actually have our own version of Ruby that we maintain'


JavaScript remains the most popular programming language among GitHub repos, followed by Python, Java, Typescript, C#, PHP, C++, C, Shell, Ruby, and Objective-C.

TypeScript, a superset of JavaScript that adds support for static typing, made the most significant gains over the past year, rising from rank seven to four. A research paper published in 2017, "To Type or Not to Type: Quantifying Detectable Bugs in JavaScript," found that static typing can reduce the number of bugs in a project by 15 per cent.

Looking at 521 security advisories across six different programming and packaging ecosystems – PHP, Java, JavaScript, Python, .NET, and Ruby – GitHub found that 83 per cent followed from programming mistakes, and noted 17 per cent followed from malicious behavior, such as efforts to insert backdoors in code.

"Of those 17 per cent, the vast majority come from the npm ecosystem," the report stated. GitHub, as it happens, now runs npm, having acquired the company that runs the registry back in March.

The report goes on to note that software vulnerabilities typically go undetected for more than four years, which is consistent with a 2017 RAND report [PDF] that found zero-day flaws have a median survival time of five years before public disclosure.

Once word gets out about a security hole, GitHub's data indicates that it takes about 4.4 weeks before a fix appears. The code storage biz reckons this represents an opportunity to improve vulnerability detection and response. ®

Other stories you might like

  • 381,000-plus Kubernetes API servers 'exposed to internet'
    Firewall isn't a made-up word from the Hackers movie, people

    A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

    Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network.

    "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build."

    Continue reading
  • A peek into Gigabyte's GPU Arm for AI, HPC shops
    High-performance platform choices are going beyond the ubiquitous x86 standard

    Arm-based servers continue to gain momentum with Gigabyte Technology introducing a system based on Ampere's Altra processors paired with Nvidia A100 GPUs, aimed at demanding workloads such as AI training and high-performance compute (HPC) applications.

    The G492-PD0 runs either an Ampere Altra or Altra Max processor, the latter delivering 128 64-bit cores that are compatible with the Armv8.2 architecture.

    It supports 16 DDR4 DIMM slots, which would be enough space for up to 4TB of memory if all slots were filled with 256GB memory modules. The chassis also has space for no fewer than eight Nvidia A100 GPUs, which would make for a costly but very powerful system for those workloads that benefit from GPU acceleration.

    Continue reading
  • GitLab version 15 goes big on visibility and observability
    GitOps fans can take a spin on the free tier for pull-based deployment

    One-stop DevOps shop GitLab has announced version 15 of its platform, hot on the heels of pull-based GitOps turning up on the platform's free tier.

    Version 15.0 marks the arrival of GitLab's next major iteration and attention this time around has turned to visibility and observability – hardly surprising considering the acquisition of OpsTrace as 2021 drew to a close, as well as workflow automation, security and compliance.

    GitLab puts out monthly releases –  hitting 15.1 on June 22 –  and we spoke to the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, about what will be added to version 15 as time goes by. During a chat with the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, The Register was told that this was more where dollars were being invested into the product.

    Continue reading

Biting the hand that feeds IT © 1998–2022