Items tagged with GitHub

I have only dabbled in programming, and from my limited experience, I can appreciate that really good coding is an art form that not everyone possesses. Whether I have it or not, I can't say—I've never dived too deeply into programming to find out. If I ever do, Microsoft's new GitHub Copilot might prove to be a boon. What exactly is Copilot? It is an AI pair programmer that helps coders hammer out lines and functions faster and with less work, especially with the more mundane stuff. Developed in collaboration with OpenAI, an AI researcher company co-founded by Elon Musk and backed by Microsoft (by way of a $1 billion investment in 2019), Copilot taps into the power of artificial intelligence... Read more...
A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros. On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago. To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group.... Read more...
AI is spreading, and not in the creepy sci-fi dystopian kind of way, but by way of programs to help manage large tasks in critical business sectors, such as healthcare, finance, and defense. Now, Microsoft is releasing a tool called Counterfit, an “automation tool for security testing AI systems as an open-source project.” This way, companies will be able to “ensure that the algorithms used in their businesses are robust, reliable, and trustworthy.” As mentioned, AI systems are becoming more prevalent in business, powering many different services. Thus, these systems must be secure from adversaries so that important or confidential information is not lost. However, performing... Read more...
One of the features supported by NVIDIA's line of professional graphics cards is GPU virtualization. It is a potentially handy feature in some environments, as it enables more than one person to tap into a single GPU, through virtualization software. The feature is not officially available on NVIDIA's consumer GPUs, but as it turns out, can enabled with a rather simple hack. This is really more of a 'gee-whiz' kind of thing than a game changer in the land of consumer GPUs, as we reckon the vast majority of GeForce graphics card owners will not have a need for this. For those who do, however, there is the potential to save a lot of money by buying a consumer graphics card rather than a professional... Read more...
Late last month, we reported on a trend of rising cybersecurity incidents worldwide that could lead to the end of some businesses. Now, the latest cyberattack victim is Microsoft-owned GitHub, with reports of cybercriminals leveraging GitHub cloud infrastructure to mine cryptocurrency. Since at least the Fall of 2020, attackers have been abusing a feature called GitHub Actions, which lets users automate tasks and workflows once an event happens within a repository. Once triggered, GitHub Actions can spool up a VM or a container to typically test out code in a live environment. In a phone call to The Record, Dutch security engineer Justin Perdok explained that “at least one threat actor... Read more...
Over the last nearly two weeks, we have seen Microsoft deploying emergency patches and telling companies to secure Exchange servers due to Chinese hackers exploiting a 0-day vulnerability. When vulnerabilities such as this are published, security researchers and hackers alike jump on the opportunity to develop proof-of-concept code and working exploits. Microsoft is not a fan of this, though, as it has removed a proof-of-concept from its code-repository site, GitHub. As the situation has developed, security researchers have delved into the Microsoft Exchange problem to replicate other hackers' work and complete research on what happened. One of these researchers, Nguyen Jang, posted their proof-of-concept... Read more...
Are you feeling nostalgic for Grand Theft Auto III and Grand Theft Auto Vice City? There is now a new way to play these classics on more modern consoles. A team of programmers has reversed engineered Grand Theft Auto III and Grand Theft Auto Vice City to expand availability to fans of the franchise. The reverse engineering project was originally started in Spring 2018 by Reddit user “kotzkroete.” It was added to GitHub in May 2019 and others quickly joined the project. The programmers moved onto Vice City once they had finished GTA 3 in Spring 2020 and it was completed this past September. You can find out more about the GTA 3 and Vice City reverse-engineered project... Read more...
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team. The bug report, posted to GitHub by user Robo2Bobo, states that it became possible to crash the screensaver and unlock the desktop via the virtual keyboard. Robo2Bobo then explained that this was found because “A few weeks ago,... Read more...
AMD has confirmed that some of the source code pertaining to its RDNA 2 graphics architecture used in Microsoft's upcoming Xbox Series X console and was posted to GitHub by a hacker who stole the data is legitimate, but downplayed the extent of the theft. According to AMD, the "stolen graphics IP is not core to the competitiveness or security" of RDNA 2. "At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down," AMD said in a statement. "While we are... Read more...
There are many ways for one to monitor their physical surroundings and possessions, but these methods are not always accessible or inconspicuous. Haven: Keep Watch uses an Android device’s sensors to monitor an area and watch out for unwelcome guests; its stable version was released this past December.  Haven was co-developed by Edward Snowden and the Guardian Project with the support of the Freedom of the Press Foundation. It is both an open source project that is available on GitHub and an app that can be downloaded on Google Play. It was originally released in 2017, but has been updated over the past few months. Anyone can download Haven, but it was particularly created with journalists,... Read more...
At the risk of burying the lede (just a tad), does anybody remember those old Power Wheels commercials? They went "Pow-pow Power Wheels, pow-pow Power Wheels, Power Wheels power makes it go!" It's what comes to mind whenever I see an update for Microsoft's PowerToys utility for Windows 10, and I just don't want to be the only one with the Power Wheels jingle stuck in my head. Back to the topic at hand, what were we talking about? Ah yes, PowerToys. After conducting a survey on what third-party tools developers and "some seasoned users" turn to, Microsoft discovered a large number of them turn to outside programs to remap the keys on their keyboard. And so the feature appears to be headed to the... Read more...
A hacker is making the rounds and attacking Git hosting services like GitHub, Bitbucket, and GitLab. The attacks reportedly started on May 3, and as of now, it is unclear how the hacker is gaining access to these repositories. What is known, however, is that the hacker is removing all source code and recent commits from the victim Git repository. In the place of the code that was located in the repositories, the hacker leaves a note that asks for a payment of 0.1 Bitcoin, which is worth about $570 right now. The hacker claims that all of the source code is downloaded and stored on their own personal server. The note gives the victim ten days to pay the ransom and if it isn't paid, the code is... Read more...
Updated: 6/4/2018 @ 9:22am Microsoft has confirmed its acquisition of GitHub in a company blog post, and the deal is valued at $7.5 billion. “Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation,” said Microsoft CEO Satya Nadella. “We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world’s most pressing challenges.” Original Story Over the weekend, rumors turned up that claimed software giant Microsoft was set to purchase source code version control and... Read more...
Is GitHub Microsoft’s next acquisition target? Microsoft officials have allegedly held talks to purchase the largest source code host in the world. The companies have spoken to each other before, but these most recent talks are purportedly more serious than past conversations. Microsoft has toyed with the idea of purchasing GitHub before, but appeared unwilling to agree to the hefty price tag. GitHub reportedly has over 20 million users and 57 million repositories. The company was last valued at $2 billion USD in 2015, but could potentially sell for as much as $5 billion today. Microsoft has also become more committed to open source and AI under the leadership of CEO Satya Nadella and Raghu... Read more...
Code distribution site GitHub was hit with a massive distributed denial-of-service (DDoS) attack yesterday afternoon, but thanks to prior planning and automatic routines to counter such attacks, it was able to come through [relatively] unscathed. At its peak, GitHub was inundated with a record 1.35 Tbps of traffic, and was subsequently hit with another brief 400 Gbps burst of traffic. GitHub experienced sporadic outages over during a 9-minute period. By the 10-minute mark, its systems were fully restored and the attack was successfully mitigated. The DDoS attack was carried out not with an enormous botnet, but with UDP-based memcached traffic. "Memcached is a tool meant to cache data and reduce... Read more...
Say goodbye to CodePlex. Microsoft just recently announced that it will be shutting down CodePlex, the eleven year-old open-source project hosting website. Microsoft has disabled the ability to create new projects and will officially shut the website down on December 15th, 2017. CodePlex was initially launched in 2006 in order to share development of open-source software. The website included a number of projects, but was best known for its activities around the .NET framework. The site had manage to accumulate tens of thousands of projects. Why are we bidding adieu to CodePlex? Microsoft is choosing to hitch its wagon to Github. According to Microsoft Corporation Vice President Brian Harry,... Read more...
Houston, we have some code. The Apollo 11 Guidance Computer source code is now available for free online, thanks to a NASA intern that uploaded it to Github. In the 1960’s, MIT programmers wrote thousands of lines of esoteric code for Apollo 11's flight software. They invented “rope memory,” and created a special version of the assembly programming language. Margaret Hamilton, Director of Software Engineering, standing next to the stack of code The AGC code has since been available to the public for quite a while (it was uploaded by tech researcher Ron Burkey in 2003). He transcribed it from scanned images of the original hard copies MIT had put online. Burkey remarked, “It was scanned... Read more...
If you're not affected by it, and don't know anyone else who's affected by it, it's easy to brush the issue of gender bias under the rug. The reality, however, is that it's an issue that's proven over and over again to be a serious problem. Apparently, it's even a problem in the programming world. Six researchers from Cal Poly and North Carolina State University banded together to see the effects of gender bias on GitHub, the world's leading open source code-hosting website. GitHub's structure allows project members to submit "pull" requests from the project leader to gain permission to overwrite existing code or add some new code. A simple feature, and one that you wouldn't think would be that... Read more...
A mere two weeks after Google decided to pull the plug on Google Code, competitor GitHub is experiencing the "largest DDoS attack" in the site's history. While the company itself isn't coming out with it, Baidu acknowledges that a great deal of traffic is coming from China. On GitHub's site, we're told that the attack began on Thursday, and while a number of common attack vectors are being exploited, some new techniques have been brought in: namely, unsuspecting people are having their traffic rerouted and are in effect contributing to the attack. At this point, the blame points to China. GitHub has said that the goal of the attack is to convince the site to remove certain content, and The Wall... Read more...
Google posted a changelist of new features brought forth by the latest Google Glass APK (XE7), and they include expanded capabilities for the “OK, Glass” functionality, increased web browsing controls, the ability to call or send a message to anyone in your Google contacts, more refined voice search tools, and more. However, GitHub user zhuowei posted some additional “hidden” changes in XE7 that he found by digging through the code. The most interesting bit is called “Boutique”, which appears to be the beginnings of an application market. Google Glass "OK Glass" functions He notes that there’s currently no central repository for Google Glass apps and... Read more...
On Wednesday, GitHub expanded and improved its search feature to make it easier to locate code stashed on the site by live-indexing newly uploaded code. In theory, it sounds like a nice improvement on the site’s ability to deliver results to those looking for certain code or developers, but it appears that the new tool uncovers much more--namely, private SSH keys. The issue appears to be that some GitHub users have been storing private keys in public directories, and the new search tool is returning them in search results. Obviously, having exposed SSH keys is disastrous, and it allows hackers to silently do all sorts of damage, from sophomoric tampering to serious longitudinal cybercrime.... Read more...