Author: Chris Punches (@cmpunches, Silo group). License: "Please feel free to share unmodified".

The following text is an unmodified copy of now removed issue #2250 on rms-open-letter.github.io repository. The text claims multiple violations of different policies, codes of conduct and other documents in creation, content and support of the "Open letter to remove Richard M. Stallman from all leadership positions". The issue has not been addressed.

Let's say you use GitHub, write code, and do other fun stuff. You also use a static analyzer to enhance your work quality and optimize the timing. Once you come up with an idea - why not view the errors that the analyzer gave right in GitHub? Yeah, and also it would be great if it looked nice. So, what should you do? The answer is very simple. SARIF is right for you. This article will cover what SARIF is and how to set it up. Enjoy the reading!

This article is about security. I’ll focus on this in the context of web applications, but I’ll also touch on other types of applications. Before I describe approaches and frameworks, I want to tell you a story.

Background

Throughout my years working in the IT sphere, I’ve had the opportunity to work on projects in a variety of fields. Even though the process of authenticating requirements remained relatively consistent, methods of implementing the authorization mechanism tended to be quite different from project to project. Authorization had to be written practically from scratch for the specific goals of each project; we had to develop an architectural solution, then modify it with changing requirements, test it, etc. All this was considered a common process that developers could not avoid. Every time someone implemented a new architectural approach, we felt more and more that we should come up with a general approach that would cover the main authorization tasks and (most importantly) could be reused on other applications. This article takes a look at a generalized architectural approach to authorization based on an example of a developed framework.

Approaches to Creating a Framework

As usual, before developing something new, we need to decide what problems we’re trying to solve, how the framework will help us solve them, and whether or not there is already a solution to these issues. I’ll walk you through each step, starting with identifying issues and describing our desired solution.

We’re focusing on two styles of coding: imperative and declarative. Imperative style is about how to get a result; declarative is about what you want to get as a result.

From speaking to desktop developers, we’ve heard that you want to learn how to quickly set up continuous integration and continuous deployment (CI/CD) workflows for your WPF and Windows Forms applications in order to take advantage of the many benefits CI/CD pipelines have to offer, such as:

• Catch bugs early in the development cycle
• Improve software quality and reliability
• Ensure consistent quality of builds
• Deploy new features quickly and safely, improving release cadence
• Fix issues quickly in production by rolling forward new deployments

That’s why we created a sample application in GitHub to showcase DevOps for your applications using the recently released GitHub Actions.

Work in several GitHub repositories (repos) brings inconveniences. Repos are separated from each other, open and closed issues live in different lists, linked pull requests (PRs) can't be seen until opening an issue — our team works in more than 70 repos, so I learned that hard. And started to write repos tracker on Python. It's close to the final, I'd like to share it (it's completely free), and few tricks I used in progress.

What is that

Scraper tracks several GitHub repos in a single Google Sheet (GS) table. You can see all of the opened and done issues, related PRs, priorities, your teammates comments, use coloring, filtering, sorting and other GS functions. That's a good integration, here is how it looks:

How does it work, shortly

There is Spreadsheet() class which contain several Sheet() objects, each of which have it's own configurations, described in config.py. When Scraper updates a sheet, it loads configurations, sees list of repos to track, requests info from GitHub, builds a table and sends it to GS service. Sounds easy, but there were several tough to deal with things, which I've solved mostly with support of my work experience in Google projects, and which I consider as good patterns. Take a pen.

Another release is out for the Windows Terminal preview! This release is labeled as v0.7 in the About section of the Terminal. As always, you can download the Terminal from the Microsoft Store and from the GitHub releases page. Here’s what’s new in this release:

Windows Terminal Updates

Panes

You are now able to split your Terminal window into multiple panes! This allows you to have multiple command prompts open at the same time within the same tab.

Note: At the moment, you’re only able to open your default profile within a new pane. Opening a profile of your choice is an option we’re planning to include in a future release!



Read more below.

Hello everyone!

Today I'm going to tell about how is test task to job interview became the library Image Comparison. It's an open-source library, which is hosting on GitHub.



Before I start, let me introduce myself. My name is Roman. I'm a husband and father. I'm a software engineer in Epam Systems with 4 years of experience in IT.

The main idea of this topic is to tell, that creating an open-source product it's not wasting time, no! It's an amazing experience, which is going from all the open-source community. It's a time when you're a developer, project manager, product manager in one head.

While this library is growing I have been working with people from more than 10(!!) countries, such as the USA, Germany, Chine, India, Russia, Ukraine, etc.

Let's move on from the start of this story…

Anyone who uses Git knows that it has a steep learning curve. We’ve learned from developers that most people tend to learn from a buddy, whether that’s a coworker, a professor, a friend, or even a YouTube video. In GitHub Desktop 2.2, we’re releasing the first version of an interactive Git and GitHub tutorial that can be your buddy and help you get started. If you’re new to Desktop, you can download and try out the tutorial at desktop.github.com.

Starting from the version 7.04, the PVS-Studio analyzer for C and C++ languages on Linux and macOS provides the test feature of checking the list of specified files. Using the new mode, you can configure the analyzer to check commits and pull requests. This article covers setting up the check of certain modified files from a GitHub project in such popular CI (Continuous Integration) systems, as Travis CI, Buddy and AppVeyor.

We are committed to building Visual Studio App Center for you. Thanks to you taking the time to request features via our Github repo, we are excited to announce that dark theme is available in App Center.

In the next few screens, you can get an idea of how App Center’s dark theme looks:


App Center Distribute in Dark theme


App Center Test in Dark theme

Happy programmer's day! I wish you more bright commits, merged pull requests, less merge conflicts, and that your life branches remain relevant as long as possible. As a conceptual gift, I propose the implementation of a family tree by means of the Git version control system. Well… sounds like a plan!

For those who have immediately understood everything, I give links to the source code: GenealogyTreeInGit and family trees: mine and US presidents.

In addition, I implemented a simple social graph. It displays not only the degree of kinship, but also the status of relations between descendants, events such as wedding, divorce, childbirth, as well as contributions to the relations.

Great Visual Studio extensions share a few key features that sets them apart from the rest. They look and feel well crafted, are performant and reliable, do what they advertise to perfection, and blend in naturally among Visual Studio’s own features.

To make it easier to write great extensions, we’ve worked with the extensibility community to come up with a simple checklist to follow. There’s even a GitHub issue template you can use so you remember to go through the checklist.

Readers of our articles occasionally note that the PVS-Studio static code analyzer detects a large number of errors that are insignificant and don't affect the application. It is really so. For the most part, important bugs have already been fixed due to manual testing, user feedback, and other expensive methods. At the same time, many of these errors could have been found at the code writing stage and corrected with minimal loss of time, reputation and money. This article will provide several examples of real errors, which could have been immediately fixed, if project authors had used static code analysis.

On May 10, we announced the limited beta of GitHub Package Registry, a package management service that makes it easy to publish public or private packages next to your source code. It currently supports familiar package management tools: JavaScript (npm), Java (Maven), Ruby (RubyGems), .NET (NuGet), and Docker images, with more to come.

Today we’re excited to announce that we’ll be adding support for Swift packages to GitHub Package Registry. Swift packages make it easy to share your libraries and source code across your projects and with the Swift community.

GitHub hosts over 300 programming languages—from commonly used languages such as Python, Java, and Javascript to esoteric languages such as Befunge, only known to very small communities.


Figure 1: Top 10 programming languages hosted by GitHub by repository count 

One of the necessary challenges that GitHub faces is to be able to recognize these different languages. When some code is pushed to a repository, it’s important to recognize the type of code that was added for the purposes of search, security vulnerability alerting, and syntax highlighting—and to show the repository’s content distribution to users.

Linguist is the tool we currently use to detect coding languages at GitHub. Linguist a Ruby-based application that uses various strategies for language detection, leveraging naming conventions and file extensions and also taking into account Vim or Emacs modelines, as well as the content at the top of the file (shebang). Linguist handles language disambiguation via heuristics and, failing that, via a Naive Bayes classifier trained on a small sample of data. 

Although Linguist does a good job making file-level language predictions (84% accuracy), its performance declines considerably when files use unexpected naming conventions and, crucially, when a file extension is not provided. This renders Linguist unsuitable for content such as GitHub Gists or code snippets within README’s, issues, and pull requests.

In order to make language detection more robust and maintainable in the long run, we developed a machine learning classifier named OctoLingua based on an Artificial Neural Network (ANN) architecture which can handle language predictions in tricky scenarios. The current version of the model is able to make predictions for the top 50 languages hosted by GitHub and surpasses Linguist in accuracy and performance.

If you were asked to draw a picture of several people in ski gear, standing in the snow, chances are you’d start with an outline of three or four people reasonably positioned in the center of the canvas, then sketch in the skis under their feet. Though it was not specified, you might decide to add a backpack to each of the skiers to jibe with expectations of what skiers would be sporting. Finally, you’d carefully fill in the details, perhaps painting their clothes blue, scarves pink, all against a white background, rendering these people more realistic and ensuring that their surroundings match the description. Finally, to make the scene more vivid, you might even sketch in some brown stones protruding through the snow to suggest that these skiers are in the mountains.

Now there’s a bot that can do all that.

Today, we’re excited to introduce GitHub Package Registry, a package management service that makes it easy to publish public or private packages next to your source code.

GitHub Package Registry is fully integrated with GitHub, so you can use the same search, browsing, and management tools to find and publish packages as you do for your repositories. You can also use the same user and team permissions to manage code and packages together. GitHub Package Registry provides fast, reliable downloads backed by GitHub’s global CDN. And it supports familiar package management tools: JavaScript (npm), Java (Maven), Ruby (RubyGems), .NET (NuGet), and Docker images, with more to come.

You can try GitHub Package Registry today in limited beta. It will always be free to use for open source—more pricing details will be announced soon.

Sign up for the beta

Today, we’re excited to announce that we are open sourcing Windows Calculator on GitHub under the MIT License. This includes the source code, build system, unit tests, and product roadmap. Our goal is to build an even better user experience in partnership with the community. We are encouraging your fresh perspectives and increased participation to help define the future of Calculator.

Hey Habr! Today I would like to talk about ethics, namely ethics in the professional field. It will be a question of services that perform 'fake' (automated human-like) activity and of those doubts in which they can result both the ordinary ordinary user, and the professional of development sphere.



So, let's start. What I mean by the phrase «fake activity» is not difficult to guess: it is the manipulation and compromising of the data that are responsible for the indicator of your activity, or more simply, of actions on the Internet. With this, of course, every one of you who used social networks at least once came across: Facebook, Instagram, and so on.

I will describe this scheme on the example of Instagram: each person has his own account, and for developers API access is provided. And what did we do? We started to launch bots that can perform all sorts of activity through a person’s account (such as like, subscribe, comment on other people's posts, or even independently manage their (or owners) page, for example @neuralcat ). And soon this opportunity began to be actively used in the business sphere. Attracting a new audience by targeting according to certain criteria and carrying out activity on their page. Everything would be fine, but over time it went beyond all limits. Every day dozens of incomprehensible accounts like your photos, leave spam comments, tag you on advertising posts and so on.

Bot activity has gone beyond all limits of prudence that today Instagram closes its API, and here is one of the reasons: “Most of the services that work with auto-posting, likes and OML-like likes — do it through private api — login / password, but not through the official API.”

Configure the development environment for learning HTML, CSS, PHP in Windows.

(article is published on linkedin.com (Alexander Panov) )

Beginning programmers always ask the question, where to start learning about creating websites? Search on the Internet gives a lot of various information, but unfortunately only more confuses novice developers. Having more than 5 years of teaching experience, I have seen many times how students, making breaks in computer games and deciding to become web developers, tried to customize development environments. They began to sort out the programs for layout. They grabbed Sublime Text, Notepad ++, Visual Studio Code, NetBeans or PHPStorm. We tried to install on our local computer WAMP (stands for Windows, Apache, MySQL and PHP) platforms, such as Denver, Xampp, Open Server and many others. But since there is no systematic knowledge in the head of a novice developer, there is no experience of customization, it was rare for some of them to set up a convenient development environment, and whoever got it, understood that it became more difficult to play, since many additional programs, smoothness in the game.

This article was born because of explaining for many years to each student how to do everything correctly and conveniently.

Once again I want to say that we will set up a working environment in the Windows system to study the creation of sites in HTML, CSS and their links to PHP. We will call this computer working, so that beginning web developers get used to the idea that their computer is their source of income.

Begin