Archive for the ‘GitHub’ Category

Unlimited private repositories now available to free GitHub users

January 8th, 2019
Cartoon mascot of a cat in an octopus costume, maybe.

Octocat, the GitHub mascot. (credit: Github)

The significant change to GitHub announced today by CEO Nat Friedman might be the first major change since Microsoft bought the company last year: free accounts can now create private repositories.

GitHub has become the home for a huge number of open-source projects. Some of these are major, widely used projects such as the Node.js server-side JavaScript platform, but many of them are small, personal projects, half-written programs, and experiments. These projects are typically open-source not because their authors have any particular desire to share them with the world but because GitHub gave them no choice: free GitHub accounts could only create public repositories.

As such, GitHub represented a trade-off: you could use GitHub's services for free, but you had to share. If you didn't want to share, you had to pay.

Read 4 remaining paragraphs | Comments

Posted in git, GitHub, microsoft, Open Source, Tech | Comments (0)

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers

December 5th, 2018
Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations who

Posted in GitHub, GitHub Security, Open Source, Penetration testing tools, vulnerability assessment, vulnerability management, vulnerability testing tool | Comments (0)

GitHub is now officially a part of Microsoft

October 26th, 2018
GitHub is now officially a part of Microsoft

Enlarge

satyan@redmond:~/src$ git checkout -b microsoft-acquisitions
Switched to a new branch 'microsoft-acquisitions'

satyan@redmond:~/src$ scp satyan@github.com:/github .

satyan@redmond:~/src$ git add github

satyan@redmond:~/src$ git commit -m "Microsoft announced in June that it
> was buying the Git repository and collaboration platform GitHub for 
> $7.5 billion in stock. That acquisition has received all the necessary 
> regulatory approvals, and has now completed. Nat Friedman, formerly of
> Xamarin, will take the role as GitHub CEO on Monday.
>
> The news of the acquisition sent ripples around the open source world,
> as GitHub has become the home for a significant number of open source
> projects. We argued at the time that the sale was likely one of
> necessity, and that of all the possible suitors, Microsoft was the best
> one, due to common goals and shared interests. Friedman at the time
> sought to reassure concerned open source developers that the intent was
> to make GitHub even better at being GitHub, and that he would work to
> earn the trust of the GitHub community. Those views were reiterated
> today.
>
> Since then, Microsoft has joined the Open Invention Network, a patent
> cross-licensing group that promises royalty free licenses for any patents
> that apply to the Linux kernel or other essential open source packages.
> This was a bold move that largely precludes Redmond from asserting its
> patents against Android, and should mean that the company will no longer
> receive royalties from smartphone manufacturers.
>
> Sources close to the matter tell us that Microsoft's decision to join
> OIN was driven in no small part by the GitHub acquisition. GitHub is
> already a member of OIN, which left Microsoft with only a few options:
> withdraw GitHub from OIN, a move that would inevitably upset the open
> source world; acquire GitHub as some kind of arm's length subsidiary
> such that GitHub's OIN obligations could not possibly apply to
> Microsoft; or join OIN too, as the most straightforward approach that
> also bolstered the company's open source reputation. Microsoft took
> the third option."
[microsoft-acquisitions baadf00d] Microsoft announced...
1 file changed, billions of insertions(+), 0 deletions(-)

satyan@redmond:~/src$ git checkout microsoft-corp
Switched to branch 'microsoft-corp'

satyan@redmond:~/src$ git merge microsoft-acquisitions
Updating cafef00d..baadf00d
Fast-forward
 billions-of-files | billions ++++++++++++

satyan@redmond:~/src$ git branch -d microsoft-acquisitions

Read on Ars Technica | Comments

Posted in acquisitions, development, git, GitHub, microsoft, Open Source, Programming, Tech | Comments (0)

Energy, Nuclear Targeted with Template Injection Attacks

July 10th, 2017

Adversaries are using the SMB communications channel to launch template injection attacks against the energy sector, including nuclear facilities.

Posted in Cisco Talos, critical infrastructure, Critical infrastructure attacks, docx, GitHub, Phishery, phishing attack, Relationship ID, Server Message Block, SMB server, URL injector, WebDAV, Wolf Creek Nuclear Operating Corporation | Comments (0)

GitHub Code Execution Bug Fetches $18,000 Bounty

March 17th, 2017

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console.

Posted in bug bounties, Bug Bounty Program, Exablue, GitHub, GitHub Enterprise, HackerOne, Markus Fenske, rce, Remote Code Execution Bug, vulnerabilities | Comments (0)

Fireside Fiction Company is science fiction’s best-kept secret

March 8th, 2017

Enlarge / Galen Dara’s illustration for Stephen Blackmoore’s short story, “La Bestia,” published in 2015 by Fireside. (credit: Illustration by Galen Dara)

You may not have heard of Fireside Fiction Company, but it’s time you did. Packed with excellent free science fiction stories, the Patreon-supported publication has been going strong for five years. There are many reasons you need to start reading Fireside, not the least of which is its recent upgrade to GitHub Pages.

You could spend days immersed in Fireside’s back content. Editors Brian White and Elsa Sjunneson-Henry curate quality work from well-known writers and rising stars, including Chuck Wendig, Elizabeth Bear, Tobias Buckell, Daniel Abraham (one half of the Expanse writing team known as James S.E. Corey), Cassandra Khaw (whom you may know from Ars), Ken Liu, Daniel José Older, and more. But it’s not just White and Sjunneson-Henry’s good taste that has earned Fireside a sterling reputation among writers. Unlike many small publications, Fireside pays good rates for fiction. It spends almost all the money it gets from Patreon on its authors and artists.

Fireside Fiction Company also publishes a limited number of books and hosts special projects. One these projects was #BlackSpecFic, a special report on black voices in science fiction. #BlackSpecFic fits into Fireside’s overall commitment to inclusivity, publishing stories by people from a diversity of backgrounds and places.

Read 4 remaining paragraphs | Comments

Posted in GitHub, online publishing, The Multiverse | Comments (0)

Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains

August 29th, 2016

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.

But How? First of all, do you know, the traditional Digital Certificate

Posted in certificate transparency, digital Certificate, free ssl certificate, GitHub, SSL Certificate, ssl security, website security | Comments (0)

Protecting Cloud APIs Critical to Mitigating Total Compromise

May 19th, 2016

When it comes to cloud computing, APIs more or less drive everything, but in the eyes of some researchers, existing security controls haven’t kept pace.

Posted in Amazon Web Services, APIs, Cloud computing, Cloud security, GitHub, Software vulns, Veracode, vulnerabilities, Web Security | Comments (0)

Lyft: It wasn’t our CTO who cracked Uber’s database

October 12th, 2015

Uber’s sleuthing didn’t reveal the hand of Lyft’s CTO in the cookie jar, but an unidentified party at his IP address allegedly eyed the key.

Posted in Chris Lambert, CTO, data loss, database breach, Featured, GitHub, Law & order, lawsuit, lyft, Security threats, subpoena, Uber | Comments (0)