Explore the impact of non-code contributions—and why they are often undervalued, the challenges of using open source in regulated environments, and the art of managing projects at the scale of Kubernetes, now on The ReadME Podcast.
Maintainer Month is a time for open source maintainers to gather, share, and be celebrated. Over 31 days, 16 organizations came together to offer 42 activities convening and celebrating maintainers.
Many accessibility improvements have been deployed to npmjs.com. Highlights include: Site-wide improvements to color contrast, text resize, and support for users with low vision. Improvements that enable keyboard-only access including…
Open vs. control: the paradox of open source. We take a look at the expectations of open source, how the definition has evolved, and when ‘closed to contributions’ is the right move. Tune in to the latest episode of The ReadME Podcast for more.
Open source’s impact on nuclear fusion research, adapting to technological change, and mastering GitHub essentials.
When we introduced GitHub Discussions in 2020, we allowed users to mark an answer to a question in the “Q&A” Discussions category. As the feature began getting more usage, we…
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.
Welcome to our special edition of the Release Radar 🎄. Between Christmas festivities, end of the year parties, Chinese New Year, or simply enjoying some time off, almost everyone has…
Save the date! Game Off returns on November 1 for its 10th year! 🎉
New to Git v2.38, Scalar is a built-in repository manager for large repos. Here, we’ll tell the story of how Scalar went from a rough VFS for Git successor to a fully-integrated Git tool, with all of the engineering lessons learned in the process.
The eleventh annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries.
Private profiles (now generally available) enables users to turn their GitHub profile “private”, which gives users control over features that share user data across the GitHub platform. When a profile…
When GitHub creates merge commits, like to test whether a pull request can be merged cleanly or to actually merge a pull request, it now uses the merge-ort strategy. merge-ort…
It’s been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects…
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors…
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.
The State of the Octoverse analyzes data from millions of developers & repos to share trends across working habits, productivity, and career satisfaction.
A warning is now displayed when a file’s contents include bidirectional Unicode text. Such text can be interpreted or compiled differently than it appears in a user interface. For example,…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
