TechXplore: Study finds toxicity in the open-source community varies from other internet forums. “A team of researchers from the Institute for Software Research (ISR) in Carnegie Mellon University’s School of Computer Science recently collaborated with colleagues at Wesleyan University to take a first pass at understanding toxicity on open-source platforms like GitHub.”
The Register: GitHub’s AI code assistant Copilot takes flight. And that’ll be $10 a month, please. “Microsoft’s GitHub on Tuesday released its Copilot AI programming assistance tool into the wild after a year-long free technical trial. And now that GitHub Copilot is generally available, developers will have to start paying for it. Or most of them will. Verified students and maintainers of popular open-source projects may continue using Copilot at no charge.”
MakeUseOf: The 8 Best Chrome Extensions to Improve Your GitHub Experience. “GitHub is the most-used platform for hosting and editing code. It’s easy to see why, given the features and ease of use it offers. However, despite a clean interface and a boatload of handy features, there’s room for improvement. Therefore, here, we’ll take a look at the eight best Chrome extensions that add new features to GitHub and improve the interface.”
MIT Technology Review: How censoring China’s open-source coders might backfire. “Many suspect the Chinese state has forced Gitee, the Chinese competitor to GitHub, to censor open-source code in a move developers worry could obstruct innovation.”
SecurityWeek: GitHub Announces Mandatory 2FA for Code Contributors. “Code hosting platform GitHub on Wednesday said it would make it mandatory for software developers to use at least one form of two-factor authentication (2FA) by the end of 2023.”
Bleeping Computer: GitHub: Attacker breached dozens of orgs using stolen OAuth tokens. “GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including npm.”
CSO: GitHub makes Advisory Database public to improve software supply chain security. “Software development platform GitHub has made its Advisory Database open to community contributions allowing anyone to contribute insight and intelligence on security vulnerabilities to help improve software supply chain security. The full contents of the database will also now be published to a new, freely accessible public repository under Creative Commons license. Experts say data sharing of this kind is key to improving the security of software supply chains and addressing software-related risks.”
PR Newswire: WhiteSource Launches Free Tool to Detect and Remediate Log4j Vulnerabilities (PRESS RELEASE). “This free developer tool, which is hosted on GitHub and is now available for use, quickly scans projects to find vulnerable Log4j versions and provides the exact path — both to direct or indirect dependencies — along with the fixed version for speedy remediation. As a standalone tool, developers can download the utility that matches their platform, run it within the terminal, and run the scan command on the root folder of the project.” WhiteSource will be having a Webinar about Log4j on December 20.
MakeUseOf: GitHub vs. GitLab: Which Is Better for You?. “If you find it hard to pick between GitLab and GitHub, your indecisiveness is valid. Both of these platforms are renowned for their outstanding results in version control for private software and open source projects. Although both are competent enough, this very competence makes it hard to choose which of the two will work for you and your team. That is why this article will break down characteristics like price, features, CI and CD, amongst others, to help you arrive at the best choice.”
InfoWorld: GitHub previews enhanced code search. “Among the enhancements is a new code search engine built in Rust, oriented toward searching code and speed. In the technology preview, the search index covers more than five million of the most popular public repositories. Searches also can be made on private repositories if a user has access.”
The Register: GitHub’s Copilot may steer you into dangerous waters about 40% of the time – study. “Copilot arrived with several caveats, such as its tendency to generate incorrect code, its proclivity for exposing secrets, and its problems judging software licenses. But the AI programming helper, based on OpenAI’s Codex neural network, also has another shortcoming: just like humans, it may produce flimsy code.”
Radio Free Asia: Researchers Jailed Over Github Stash of Pandemic Content Banned in China. “Two Chinese researchers who kept an online repository of banned articles on the coronavirus pandemic have been sentenced, then released, by a court in Beijing. Chen Mei, 28, and Cai Wei, 27, were found guilty on by the Chaoyang District People’s Court on Aug. 13 of ‘picking quarrels and stirring up trouble,’ a charge frequently used to target peaceful critics of the ruling Chinese Communist Party (CCP).”
Security Boulevard: Hunting for secrets on GitHub. “We need to educate developers about just how bad of an idea it is to store credentials in their code and how much worse of an idea it is to commit secrets to code repositories (whether they are public or private). When secrets get committed to public repos, attackers can use tools like git-wild-hunt to quickly identify and exploit them.”
Protocol: Want to succeed on GitHub? Your odds are better if you’re white. . “Software developers with white-sounding names may have more success on GitHub than developers whose names are perceived as Black, Hispanic or Asian-Pacific Islander, according to a recently published study.”
The Register: GitHub Copilot auto-coder snags emerge, from seemingly spilled secrets to bad code, but some love it. “Early testers of GitHub’s Copilot, which uses AI to assist programmers to write code, have found problems including alleged spilled secrets, bad code, and copyright concerns, though some see huge potential in the tool.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.
Catch me on GitHub: https://github.com/ResearchBuzz
RB Search Gizmos: https://researchbuzz.github.io/