Navigating the ebb and flow of programming paradigms–from the shifts in the JavaScript ecosystem and TypeScript’s rise, to AI’s role in advancing accessibility, and strategies for encouraging non-code contributions–tune in to the latest episode of The ReadME Podcast for more.
Rebase commits now created using the merge-ort strategy
Explore the impact of non-code contributions—and why they are often undervalued, the challenges of using open source in regulated environments, and the art of managing projects at the scale of Kubernetes, now on The ReadME Podcast.
Maintainer Month is a time for open source maintainers to gather, share, and be celebrated. Over 31 days, 16 organizations came together to offer 42 activities convening and celebrating maintainers.
Open vs. control: the paradox of open source. We take a look at the expectations of open source, how the definition has evolved, and when ‘closed to contributions’ is the right move. Tune in to the latest episode of The ReadME Podcast for more.
Open source’s impact on nuclear fusion research, adapting to technological change, and mastering GitHub essentials.
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.
Welcome to our special edition of the Release Radar 🎄. Between Christmas festivities, end of the year parties, Chinese New Year, or simply enjoying some time off, almost everyone has…
Save the date! Game Off returns on November 1 for its 10th year! 🎉
New to Git v2.38, Scalar is a built-in repository manager for large repos. Here, we’ll tell the story of how Scalar went from a rough VFS for Git successor to a fully-integrated Git tool, with all of the engineering lessons learned in the process.
The eleventh annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries.
Merge commits now created using the merge-ort strategy
It’s been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects…
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors…
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
