GitHub Actions

GitHub
GitHub

GitHub today released a CI/CD Tool, GitHub Actions. With the tight integration into development workflows and rich, community maintained build-command, actions appears an interesting competitor in the market. As a minimum, the release indicates the importance of CI/CD for the modern software development lifecycle.

Developer productivity and frictionless workflows have been buzzwords for the past half decade and the arrival and rapid growth of Travis-CI, Jenkins or Cirlce-CI have proven the resonance in development organisations. GitHub has outstanding testimonials from day one on the announcement and the ecosystem appears to be ready to go.

It is an offering that comes with appealing integrations and a competitive price, that sure is worth watching.

GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.

GitHub announces Package Registry

Your code. Your packages. One login. Meet GitHub Package Registry.
https://github.co/2vSuFG2

From the announcement on LinkedIn
Octocat Package Registry

The other day wrote this in their post on LinkedIn. Following the link takes one to the newly announced Github Package Registry, that allows developers to host releases for distribution. It’s currently in beta and supports npm, docker images, maven packages, NuGet and Ruby Gems. The corresponding blog article has a few more insights:

With GitHub Package Registry your packages are at home with their code—sign up for the limited beta to try it out.

From the blogpost

While I appreciate the thought and easiness of integration, the announcement doesn’t leave me with a cosy feeling. It’s a bit like GitHub is trying to become the Facebook of code. The Internet is made to work decentralised and the interesting part always has been the freedom of choice. With functionality merging together in one platform, choice gets lost and there is opportunity of misuse.

In particular, it seems almost forgotten that Github, just like Linkedin, have been acquired by Microsoft in 2016 and 2018. This perspective throws another light on the added functionality and developers may want to evaluate remaining alternatives.

Source: Introducing GitHub Package Registry – The GitHub Blog

Infocom text adventure classics

Not actually brand new, but given all of these are 30+ years old, it’s still worth mentioning that all Infocom Text Adventures are on Github now!

Yes, The Hitchhiker’s Guide to the Galaxy and Zork are both included.

Source: You can now download the source code for all Infocom text adventure classics | Ars Technica

Analysis of the GitHub DDoS.

NETRESEC took a closer look at the long lasting DDoS attacks on github.com. One of the few instances of this type of attack that even made it to mainstream media.
The article finds random web browsers from outside China are tricked into reloading two particular pages on github.com. Apparently, this happens by manipulating requests coming from users physically outside China to services in country hosted content at the border infrastructure.

This is another example of why encryption is a good thing. General usage of SSL/TLS will prevent passive filtering infrastructure from manipulating traffic, and prevent such problems.

via NETRESEC Network Security Blog.