GitHub courts controversy by suspending Tornado Cash developers and reneging on cookie commitments If you're looking for free speech or privacy, move along Software10 Aug 2022 | 58
FauxPilot: It's like GitHub Copilot but doesn't phone home to Microsoft Updated And if you train your own AI model for it, you can worry less about licensing Devops06 Aug 2022 | 20
Miscreants aim to cause Discord discord with malicious npm packages LofyLife campaign comes amid GitHub security lockdown Research02 Aug 2022 | 2
Even robots have the right to learn from open source Opinion Just because it's Microsoft doesn't mean it's wrong Software11 Jul 2022 | 68
Open source body quits GitHub, urges you to do the same Paid-for Copilot trained on FOSS code final straw for Software Freedom Conservancy AI + ML30 Jun 2022 | 93
Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined Analysis Developer interactions sometimes contain their own kind of poison Devops29 Jun 2022 | 116
For a few days earlier this year, rogue GitHub apps could have hijacked countless repos A bit of a near-hit for the software engineering world Devops21 Jun 2022 | 5
GitHub's AI code assistant Copilot takes flight. And that'll be $10 a month, please You wanna bug fix and chill? AI + ML21 Jun 2022 | 19
RubyGems polishes security practices with multi-factor authentication push Faced with rising software supply-chain attacks, package registries are locking things down Devops16 Jun 2022 | 1
GitHub drops Atom bomb: Open-source text editor mothballed by end of year Embrace, extend technology into other products ... and extinguish Devops08 Jun 2022 | 58
GitHub saved plaintext passwords of npm users in log files, post mortem reveals Unrelated to the OAuth token attack, but still troubling as org reveals details of around 100,000 users were grabbed by the baddies Security27 May 2022 | 16
How to find NPM dependencies vulnerable to account hijacking Security engineer outlines self-help strategy for keeping software supply chain safe CSO23 May 2022 | 21
Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point Special report Campaign to coax GitHub-owned outfit to improve security starts showing results CSO10 May 2022 | 47
GitHub to require two-factor authentication for code contributors by late 2023 Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks Security05 May 2022 | 17
Communication around Heroku security incident dubbed 'train wreck' Users claim lack of transparency following compromise of Github tokens Security04 May 2022 | 5
Microsoft reanimates 1995's 3D Movie Maker via GitHub Next Nadella keynote to be delivered by McZee? Software04 May 2022 | 10
Watch out for AI models regurgitating misplaced keys that unlock crypto wallets Effect of GitHub's OpenAI-powered Copilot memorizing sensitive but public data AI + ML03 May 2022 | 4
So, what happened with GitHub, Heroku, and those raided private repos? Analysis Who knew what when and what did they do? Devops21 Apr 2022 | 10
GitHub's Dependabot learns to report bad news you can use Instead of just raising the alarm, automated code-scold will flag where the fire is Devops15 Apr 2022 |
GitHub tackles leaks by scanning for secrets in pushed code Repo updates inspected for security blunders before some git can exploit them Security05 Apr 2022 | 6
Dev rigs up receipt printer to spit out GitHub issues Not the first time the letters POS have been associated with someone's repo Software29 Mar 2022 | 25
GitHub explains outage string in incidents update It was MySQL, with the resource contention, in the database cluster Software24 Mar 2022 | 21
Complaints mount after GitHub launches new algorithmic feed GitHub algorithm seeks to improve discovery. Developers disagree. Software23 Mar 2022 | 40
This JavaScript scanner hunts down malware in libraries Stick a fork in this Socket and zap malicious NPM packages Security01 Mar 2022 | 2
GitHub puts prebuilt Codespaces into public beta Say goodbye to your coffee break Devops25 Feb 2022 | 3
Worried about occasional npm malware scares? It's more common than you may think WhiteSource says it spotted 1,300 malicious JavaScript packages in 2021 alone Security03 Feb 2022 | 15
OpenShell has been working on a classic replacement for Windows 11's Start menu It's still early days, though OSes26 Jan 2022 | 53
JavaScript dev deliberately screws up own popular npm packages to make a point of some sort Updated Faker.js and colors.js sabotaged by maker Software10 Jan 2022 | 90
Four years: That's how long Azure's App Service had a source code leak bug Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited Security24 Dec 2021 | 7
Gnu Nano releases version 6.0 of text editor, can now hide UI frippery First five full releases took 20 years, this one arrived in 18 months Software16 Dec 2021 | 53
LINE Pay leaks around 133,000 users' data to GitHub, of all places Someone just accidentally put it there, says the messaging service company Security07 Dec 2021 | 3
Ubiquiti dev charged with knocking $4bn off firm's value after insider threat spree Prosecutors claim Nickolas Sharp even posed as a whistleblower to press Legal02 Dec 2021 | 8
Thousands of Firefox users accidentally commit login cookies on GitHub GitHub: 'Credentials exposed by our users are not in scope' Security18 Nov 2021 | 27
GitHub's State of the Octoverse survey shows devs are still swerving the office Coding JS in your PJs here to stay Devops17 Nov 2021 | 2
GitHub fixes authorisation vulnerability in the NPM JavaScript package registry Flaw allowed 'an attacker to publish new versions of any npm package' Security16 Nov 2021 | 4
GitHub CEO forks off: Nat Friedman to quit this month, replacement will report to exec behind .NET Hot Reload fiasco Updated Chief product officer takes over world's palatable social network Devops03 Nov 2021 | 8
OpenID-based security features added to GitHub Actions as usage doubles GitHub Universe Single-use tokens and reusable workflows explained at Universe event Devops28 Oct 2021 |
NPM packages disguised as Roblox API code caught carrying ransomware Subverted libraries likely intended as a prank but should be taken seriously, say security researchers Security27 Oct 2021 | 7
It's that time of the year again when GitHub does its show'n'tell of features – some new and others kinda new Universe event reveals iterative improvements but no big bang Devops27 Oct 2021 | 5
.NET Foundation admits it 'violated the trust of project maintainers' Mashes the Sorry button, offers to reverse forced code migration, and promises not to ever mess with projects again Software13 Oct 2021 | 8
GitLab all set to go public as revenues – and losses – rise IPO was expected last year but then we had a pandemic Devops20 Sep 2021 | 10
Open-source software starts with developers, but there are other important contributors, too. Who exactly? Good question Opinion Looking beyond the programmers Software08 Sep 2021 | 40
GitHub merges 'useless garbage' says Linus Torvalds as new NTFS support added to Linux kernel 5.15 Also: Compiler warnings now treated as errors by default in kernel builds Software06 Sep 2021 | 99
Microsoft previews free Visual Studio Code for the Web Browser-based editor will open files on GitHub, Azure repositories or from the local device Software01 Sep 2021 | 20
GitHub's Copilot may steer you into dangerous waters about 40% of the time – study Unless you like shipping buggy or vulnerable code, keep your hands on the wheel AI + ML25 Aug 2021 | 36
GitLab 14.2 brings macOS 'build cloud' closed beta and improved Gitpod support among nearly 50 new features Open-source rival shows it can compete with Microsoft's GitHub Devops24 Aug 2021 |
GitHub picks Friday 13th to kill off password-based Git authentication In brief Plus: eBPF Foundation emerges, Exchange severs probed for ProxyShell holes, and more Security12 Aug 2021 | 7
After 15 months in preview, GitHub releases Codespaces – probably the fanciest new shiny since Actions Teams and Enterprise only for now Software12 Aug 2021 | 12
GitHub's npm gave away a package name while it was in use, causing rethink When it comes to ownership then details count Software10 Aug 2021 | 16
GitHub stuffs $1m in Stanford Law School's pocket to provide free legal advice to DMCA-hit developers Fellowship funding comes in the wake of Youtube-DL fiasco Devops27 Jul 2021 | 3
GitHub Copilot auto-coder snags emerge, from seemingly spilled secrets to bad code, but some love it Analysis Great wow factor but is it legal? Is it ethical? Is code that can't be trusted any use? AI + ML06 Jul 2021 | 35
GitHub Copilot is AI pair programming where you, the human, still have to do most of the work Maybe call it backseat programming for now? Devops30 Jun 2021 | 18
AWS App Runner: Fast path from GitHub to deployed application, but limited features in first release Google Cloud Run envy? Off-Prem19 May 2021 |
Gitpod ditches Eclipse Theia for Visual Studio Code under redesign, sponsors new dev experience event 'Allowing everyone to use their favourite IDE just makes a lot of sense' Applications08 Apr 2021 | 4
Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln Funny how code that targets Redmond vanishes while tons of others menacing other vendors remain Security12 Mar 2021 | 36
GitLab latest to ditch 'master' as default initial branch name: It's now simply called 'main' Only for new projects, but beware the hardcoded references Devops11 Mar 2021 | 120
GitHub bug briefly gave valid authenticated session cookies to wrong users Don’t panic: Fewer than 0.001% of sessions compromised through flaw that couldn’t be maliciously triggered Security09 Mar 2021 | 5
Users wail over neverending queue: Nope, not the supermarket. GitHub Actions is having a workflow wobble Pinch, punch, first day of the month Off-Prem01 Mar 2021 | 6
Popular open-source library SDL moving development to GitHub despite 'calamitous design choices' in git 'I don't have the energy to be a server admin for something that's held together with scotch tape and prayers' Software10 Feb 2021 | 47
Microsoft's Extensible Storage Engine (JET Blue) source code arrives on GitHub – sadly comments not included One-way traffic at the moment... and don't mention Access Software01 Feb 2021 | 19
GitLab removes its 'starter' tier: Users must either pay 5x more or lose features Customer: 'It feels like a bit of a kick in the teeth' Devops27 Jan 2021 | 57
Over long US weekend, GitHub HR boss quit after firing Jewish staffer who warned Nazis were at the Capitol Microsoft-owned code silo admits 'significant errors of judgment and procedure' Devops19 Jan 2021 | 80