logo
logo
logo
logo
Bob Sun 2016-06-15
img

BetaList features the newest startups.

Today, we take a closer look at GitMarket, a marketplace for code.

You simply import your existing code, choose your price and we help you sell it with very reasonable fees.

What are the benefits of being git-powered over existing marketplaces?

Initially we will focus on developers, because there is virtually no git-based marketplace around yet.

We plan to make a few videos and tutorials to help users that never used Git or any SCM source control management yet.

collect
0
Brett Ames 2017-01-09
img

A researcher has published a tool to help administrators delve into GitHub commits to find high-entropy secret keys.

The tool, dubbed TruffleHog, is able to locate high-entropy keys with Github potentially saving admins from exposing their networks and sensitive data.

TruffleHog developer Dylan Ayrey, who warned of the Pastejack attack last year, says the tool will locate any high entropy string longer than 20 characters.

TruffleHog searches through git repositories for high entropy strings, digging deep into commit history and branches," Ayrey says.

"This is effective at finding secrets accidentally committed that contain high entropy.

"If at any point a high entropy string 20 characters is detected, it will print to the screen."

collect
0
William Franklin 2016-09-13
img

AND build more features, of course

GitLab has pledged to Git-ify the world – or at least make the term an acknowledged verb – after pulling in $20m to fund its plans for building an end-to-end dev collaboration suite.

The latest chunk'o change brings its total funding to $25.6m, and founder and CEO Sid Sijbrandij said the cash would be used to accelerate development and adoption of its products: We want to be the first company to integrate and git-ify all the tools developers need.

GitLab sees the software development process into a 10-step cycle, from initial idea, through development, testing, etc to production.

A 12-step programme would be more catchy, but we suppose they don t actually want to cure anyone of developing software.

CEO Sid Sijbrandij said each step or two steps constituted a potential discrete product, and the firm wanted to span collaboration across the entire cycle.

collect
0
John Henderson 2016-11-03
img

ClusterHQ debuts information time machine for better production testing

It's an open-source container data volume orchestrator, which means it helps migrate data when containers shift hosts.

Two years into its life, it's spawned a hosted service called FlockerHub.

A developer survey conducted by the company suggests that code quality can be improved, a finding that could more or less be assumed.

The firm polled 386 people, from companies large and small, 41 per cent of whom described themselves as DevOps team members, 37 percent as developers, and the remainder cited association with operations, QA, and security.

Among the respondents, 43 per cent said they spend between 10 and 25 per cent of their time debugging application errors discovered in production, a chore that cuts into time that might otherwise be used developing new features.

collect
0
Jeff Smith 2017-05-25
img

p Microsoft has adopted Git to manage the vast collection of code that is Windows' source, and has shared performance issues it's had to fix along the way.

The state-of-the-nation report for what Microsoft calls the “largest Git repo on the planet” follows on from its launch of the “fat Git repo” handler, the Git Virtual File System, as the foundation of its planned shift.

Redmond's certainly feeling pleased with itself about the move, in particular stroking itself about being able to move the whole 2,000-strong Windows OneCore team from the Source Depot internal tool to Git over a weekend.

Redmondista Brian Harry blogs that the 300 GB Windows repository now catches 8,421 pull requests and 1,760 official builds a day.

Even so, he notes, more than 28 percent of the 251 staff that responded to an internal survey aren't happy, and understanding why is as important to keeping the move smooth as waving around scalability numbers.

Reasons reported by Harris include tools that don't support Git, having to learn the new process and performance falling short of demand.

collect
0
Frank Wilkerson 2017-03-20
img

Following the February controversy over whether or not Google's SHA-1 collision broke Git, its community has taken the first small steps towards replacing the ancient hash function.

For context: the Chocolate Factory last month produced the first reproduceable SHA-1 collision needing relatively* low computing power – something that renders a hash function obsolete since it's no longer possible to prove that (for example) a hashed document is unique.

For some years, the crypto community's standard advice has been “get rid of SHA-1”, and that led to criticism of Linus Torvalds' famous Git version control system for holding onto it.

Torvalds' response was that SHA-1 is used for version control, not security, so while replacing it is a good idea, it's not sky-falling urgent.

However, he kicked off discussion among the Git developer community early this month by asking how SHA-1 can best be replaced.

It's not a trivial “out with the old, in with the new” exercise, as Torvalds' request for comment states: it has to happen with minimal disruption to developers who depend on Git, Git itself has to stay maintainable throughout the transition, and in the end, the community will need “a generalised repository conversion tool”.

collect
0
James Finch 2016-09-14
img

GitHub is hosting its Universe developer conference in San Francisco today.

Unsurprisingly, the company used this event to announce a number of new features for its Git-based code hosting service.

The company calls it its biggest update to the platform yet, though how important these changes really are probably depends on how you use GitHub.

If you re working on a team, then GitHub s support for reviews will probably be the biggest news of the day for you.

In addition, they can leave review summaries and moderate comments.

This also means you can have multiple conversations per line of code—creating more explicit feedback loops, smarter conversations, and better code review, GitHub CEO and co-founder Chris Wanstrath writes in today s announcement.

collect
0
Jim Evans 2018-07-24
img

GitLab, a devops platform based on the Git software version control system, gains increased visibility into security with its Version 11.1 release, as well as other enhancements.

Security teams can determine if something is wrong and take actions if needed.

The dashboard can be used to dismiss false positives or create issues to solve vulnerabilities.

The security dashboard resides in the Project menu of a project’s side navigation.

[ Git essentials: Get started with Git version control.

| Keep up with hot topics in programming with InfoWorld’s App Dev Report newsletter. ]

collect
0
Henry Booker 2017-02-01
img

GitLab faces backup failure after accidentally deleting data.

GitLab has currently been taken offline after suffering a major backup restoration failure following an incident of accidental data deletion.

The source-code hub released a series of tweets following the incident, one of which confirms the failure: We accidentally deleted production data and might have to restore from backup.

This included a link to a Google Doc file with live notes.

The data loss took place when a system administrator accidentally deleted a directory on the wrong server during a database replication process.

A folder containing 300GB of live production data was completely wiped.

collect
0
Gary Tokarski 2016-11-14
img

Git repository manager and developer playground GitLab has decided it is time to quit the cloud, joining Dropbox in concluding that at a certain scale the cloud just can't do the job.

GitLab came to the decision after moving to the Ceph Filesystem, the new-ish filesystem that uses a cluster running the Ceph objects-and-blocks-and-files storage platform.

As GitLab's infrastructure lead Pablo Carranza explains, Ceph FS needs to have a really performant underlaying infrastructure because it needs to read and write a lot of things really fast.

If one of the hosts delays writing to the journal, then the rest of the fleet is waiting for that operation alone, and the whole file system is blocked.

Ceph FS was part of the problem, as Carranza said What we learned is that when you get into the consistency, accessibility, and partition tolerance CAP of CephFS, it will just give away availability in exchange for consistency.

Those issues meant that GitLab became its own worst enemy, as its Ceph FS became the noisy neighbours that hog a cloud server's resources for all of its users, degrading performance for all.

collect
0
Troy Jones 2017-02-26
img

Attack is hard, discovery is easy, so fix it right

About that SHA-1 collision: Linus Torvalds has taken to Google to emphasise that in Git, its main role is error detection, so “the sky isn't falling”.

The old algorithm is used, among other things, to provide a digital signature for software, documents like PDFs, and digital certificates.

The mathematical operation should produce a unique result for any given input, but Google's work showed it could be tricked in producing “collisions” – two different PDFs gave the same SHA-1 hash.

In the Git software repository system – authored by Torvalds – SHA-1 proves you are fetching the repo you think you're fetching: a collision means an attacker could insert a backdoor in a program and the victim would think they are fetching a “safe” repo.

Not so fast, Torvalds writes.

collect
0
Eric Billiter 2017-01-06
img

Two years ago, after nineteen years at Autodesk, Chase joined Splunk to manage release engineering and became involved in the analytics firm's effort to migrate development from Perforce to a Git-based source control system.

Perforce and Git are both tools for managing source code, particularly projects with multiple developers.

The most salient differences between the two are that Perforce is centralized and proprietary and Git is distributed and open source.

For Chase, disillusionment with Perforce came mainly from a desire for greater development agility.

"Perforce had really become an impediment to speed at scale," said Chase in a phone interview with The Register.

"It was not allowing us to move quickly."

collect
0
Bryan White 2019-08-15
img

Jenkins X, a cloud-native version of the Jenkins CI/CD system for cloud applications on Kubernetes, will be offered via SaaS by CloudBees by 2020.

Using the Tekton framework as a pipeline-execution engine, Jenkins X provides pipeline automation, gitops (which combines the Git software version control system with Kubernetes), and preview environments for team collaboration.

The SaaS service follows CloudBees’s own commercial distribution of the open source Jenkins X; the CloudBees distribution includes commercial technical support and monthly updates, supports Google Kubernetes Engine and preview environments, and is planned to support Amazon Elastic Kubernetes Service and DevPods.

Separately, the base Jenkins platform, now 15 years old and orginally called Hudson when created by Sun Microsystems, may gain improvements around scalability, administration, and ease of use, said Kohsuke Kawaguchi, the founder of Jenkins and chief scientist at CloudBees.

collect
0
Marie Haines 2019-10-16
img

Code-hosting biz also bans staff from talking politics at work

GitLab, a San Francisco-based provider of hosted git software, recently changed its company handbook to declare it won't ban potential customers on "moral/value grounds," and that employees should not discuss politics at work.

The policy addition, created by co-founder and CEO Sid Sijbrandij and implemented as a git pull request, was merged (with no approval required) about two weeks ago.

It was proposed to clarify that GitLab is committed to doing business with "customers with values that are incompatible with our own values."

Such a declaration could run afoul of legal boundaries in some circumstances.

While workers have no constitutional speech protection in the context of their employment, federal labor law requires that employees be allowed to discuss the terms and conditions of their employment and possible unlawful conduct like harassment, discrimination, and safety violations.

collect
0
Dennis Masters 2017-05-24
img

p Microsoft today announced that virtually all of its engineers now use the Git version control system to develop its Windows operating system.

The Windows Git repository includes about 3.5 million files that weigh in at about 300GB when you check them into Git.

Git, however, wasn’t built for a project of this size, so Microsoft developed the Git Virtual File System to be able to get the benefits of using Git without having to wait hours for even the simplest of Git commands to run.

The code for the Git Virtual File system is now available under the MIT license on GitHub and open for community contributions.

The move to Git took about three months.

Before this, Microsoft used Source Depot to manage the Windows code, though other groups with smaller code bases also still use Team Foundation Server.

collect
0
John Murphy 2016-11-14

New web tech springs up on a regular basis.

But whether you re using old warhorses like HTML, CSS and Javascript or new kids on the block like Ruby on Rails or GIT, the trick is figuring out how they all work together.

With the Complete 2016 Learn to Code Bonus Bundle from TNW Deals, you ll not only be on your way to solving that problem, but thanks to a limited time discount from $65 to $35, you ll be doing it with a few more dollars in your pocket.

Consisting of 12 courses and over 120 hours of content, this bundle has everything you need in order to master some of the most popular coding languages and applications.

The Complete Ruby on Rails Developer Course

Learn Web Development by Creating a Social Network

collect
0
Bob Sun 2016-06-15
img

BetaList features the newest startups.

Today, we take a closer look at GitMarket, a marketplace for code.

You simply import your existing code, choose your price and we help you sell it with very reasonable fees.

What are the benefits of being git-powered over existing marketplaces?

Initially we will focus on developers, because there is virtually no git-based marketplace around yet.

We plan to make a few videos and tutorials to help users that never used Git or any SCM source control management yet.

William Franklin 2016-09-13
img

AND build more features, of course

GitLab has pledged to Git-ify the world – or at least make the term an acknowledged verb – after pulling in $20m to fund its plans for building an end-to-end dev collaboration suite.

The latest chunk'o change brings its total funding to $25.6m, and founder and CEO Sid Sijbrandij said the cash would be used to accelerate development and adoption of its products: We want to be the first company to integrate and git-ify all the tools developers need.

GitLab sees the software development process into a 10-step cycle, from initial idea, through development, testing, etc to production.

A 12-step programme would be more catchy, but we suppose they don t actually want to cure anyone of developing software.

CEO Sid Sijbrandij said each step or two steps constituted a potential discrete product, and the firm wanted to span collaboration across the entire cycle.

Jeff Smith 2017-05-25
img

p Microsoft has adopted Git to manage the vast collection of code that is Windows' source, and has shared performance issues it's had to fix along the way.

The state-of-the-nation report for what Microsoft calls the “largest Git repo on the planet” follows on from its launch of the “fat Git repo” handler, the Git Virtual File System, as the foundation of its planned shift.

Redmond's certainly feeling pleased with itself about the move, in particular stroking itself about being able to move the whole 2,000-strong Windows OneCore team from the Source Depot internal tool to Git over a weekend.

Redmondista Brian Harry blogs that the 300 GB Windows repository now catches 8,421 pull requests and 1,760 official builds a day.

Even so, he notes, more than 28 percent of the 251 staff that responded to an internal survey aren't happy, and understanding why is as important to keeping the move smooth as waving around scalability numbers.

Reasons reported by Harris include tools that don't support Git, having to learn the new process and performance falling short of demand.

James Finch 2016-09-14
img

GitHub is hosting its Universe developer conference in San Francisco today.

Unsurprisingly, the company used this event to announce a number of new features for its Git-based code hosting service.

The company calls it its biggest update to the platform yet, though how important these changes really are probably depends on how you use GitHub.

If you re working on a team, then GitHub s support for reviews will probably be the biggest news of the day for you.

In addition, they can leave review summaries and moderate comments.

This also means you can have multiple conversations per line of code—creating more explicit feedback loops, smarter conversations, and better code review, GitHub CEO and co-founder Chris Wanstrath writes in today s announcement.

Henry Booker 2017-02-01
img

GitLab faces backup failure after accidentally deleting data.

GitLab has currently been taken offline after suffering a major backup restoration failure following an incident of accidental data deletion.

The source-code hub released a series of tweets following the incident, one of which confirms the failure: We accidentally deleted production data and might have to restore from backup.

This included a link to a Google Doc file with live notes.

The data loss took place when a system administrator accidentally deleted a directory on the wrong server during a database replication process.

A folder containing 300GB of live production data was completely wiped.

Troy Jones 2017-02-26
img

Attack is hard, discovery is easy, so fix it right

About that SHA-1 collision: Linus Torvalds has taken to Google to emphasise that in Git, its main role is error detection, so “the sky isn't falling”.

The old algorithm is used, among other things, to provide a digital signature for software, documents like PDFs, and digital certificates.

The mathematical operation should produce a unique result for any given input, but Google's work showed it could be tricked in producing “collisions” – two different PDFs gave the same SHA-1 hash.

In the Git software repository system – authored by Torvalds – SHA-1 proves you are fetching the repo you think you're fetching: a collision means an attacker could insert a backdoor in a program and the victim would think they are fetching a “safe” repo.

Not so fast, Torvalds writes.

Bryan White 2019-08-15
img

Jenkins X, a cloud-native version of the Jenkins CI/CD system for cloud applications on Kubernetes, will be offered via SaaS by CloudBees by 2020.

Using the Tekton framework as a pipeline-execution engine, Jenkins X provides pipeline automation, gitops (which combines the Git software version control system with Kubernetes), and preview environments for team collaboration.

The SaaS service follows CloudBees’s own commercial distribution of the open source Jenkins X; the CloudBees distribution includes commercial technical support and monthly updates, supports Google Kubernetes Engine and preview environments, and is planned to support Amazon Elastic Kubernetes Service and DevPods.

Separately, the base Jenkins platform, now 15 years old and orginally called Hudson when created by Sun Microsystems, may gain improvements around scalability, administration, and ease of use, said Kohsuke Kawaguchi, the founder of Jenkins and chief scientist at CloudBees.

Dennis Masters 2017-05-24
img

p Microsoft today announced that virtually all of its engineers now use the Git version control system to develop its Windows operating system.

The Windows Git repository includes about 3.5 million files that weigh in at about 300GB when you check them into Git.

Git, however, wasn’t built for a project of this size, so Microsoft developed the Git Virtual File System to be able to get the benefits of using Git without having to wait hours for even the simplest of Git commands to run.

The code for the Git Virtual File system is now available under the MIT license on GitHub and open for community contributions.

The move to Git took about three months.

Before this, Microsoft used Source Depot to manage the Windows code, though other groups with smaller code bases also still use Team Foundation Server.

Brett Ames 2017-01-09
img

A researcher has published a tool to help administrators delve into GitHub commits to find high-entropy secret keys.

The tool, dubbed TruffleHog, is able to locate high-entropy keys with Github potentially saving admins from exposing their networks and sensitive data.

TruffleHog developer Dylan Ayrey, who warned of the Pastejack attack last year, says the tool will locate any high entropy string longer than 20 characters.

TruffleHog searches through git repositories for high entropy strings, digging deep into commit history and branches," Ayrey says.

"This is effective at finding secrets accidentally committed that contain high entropy.

"If at any point a high entropy string 20 characters is detected, it will print to the screen."

John Henderson 2016-11-03
img

ClusterHQ debuts information time machine for better production testing

It's an open-source container data volume orchestrator, which means it helps migrate data when containers shift hosts.

Two years into its life, it's spawned a hosted service called FlockerHub.

A developer survey conducted by the company suggests that code quality can be improved, a finding that could more or less be assumed.

The firm polled 386 people, from companies large and small, 41 per cent of whom described themselves as DevOps team members, 37 percent as developers, and the remainder cited association with operations, QA, and security.

Among the respondents, 43 per cent said they spend between 10 and 25 per cent of their time debugging application errors discovered in production, a chore that cuts into time that might otherwise be used developing new features.

Frank Wilkerson 2017-03-20
img

Following the February controversy over whether or not Google's SHA-1 collision broke Git, its community has taken the first small steps towards replacing the ancient hash function.

For context: the Chocolate Factory last month produced the first reproduceable SHA-1 collision needing relatively* low computing power – something that renders a hash function obsolete since it's no longer possible to prove that (for example) a hashed document is unique.

For some years, the crypto community's standard advice has been “get rid of SHA-1”, and that led to criticism of Linus Torvalds' famous Git version control system for holding onto it.

Torvalds' response was that SHA-1 is used for version control, not security, so while replacing it is a good idea, it's not sky-falling urgent.

However, he kicked off discussion among the Git developer community early this month by asking how SHA-1 can best be replaced.

It's not a trivial “out with the old, in with the new” exercise, as Torvalds' request for comment states: it has to happen with minimal disruption to developers who depend on Git, Git itself has to stay maintainable throughout the transition, and in the end, the community will need “a generalised repository conversion tool”.

Jim Evans 2018-07-24
img

GitLab, a devops platform based on the Git software version control system, gains increased visibility into security with its Version 11.1 release, as well as other enhancements.

Security teams can determine if something is wrong and take actions if needed.

The dashboard can be used to dismiss false positives or create issues to solve vulnerabilities.

The security dashboard resides in the Project menu of a project’s side navigation.

[ Git essentials: Get started with Git version control.

| Keep up with hot topics in programming with InfoWorld’s App Dev Report newsletter. ]

Gary Tokarski 2016-11-14
img

Git repository manager and developer playground GitLab has decided it is time to quit the cloud, joining Dropbox in concluding that at a certain scale the cloud just can't do the job.

GitLab came to the decision after moving to the Ceph Filesystem, the new-ish filesystem that uses a cluster running the Ceph objects-and-blocks-and-files storage platform.

As GitLab's infrastructure lead Pablo Carranza explains, Ceph FS needs to have a really performant underlaying infrastructure because it needs to read and write a lot of things really fast.

If one of the hosts delays writing to the journal, then the rest of the fleet is waiting for that operation alone, and the whole file system is blocked.

Ceph FS was part of the problem, as Carranza said What we learned is that when you get into the consistency, accessibility, and partition tolerance CAP of CephFS, it will just give away availability in exchange for consistency.

Those issues meant that GitLab became its own worst enemy, as its Ceph FS became the noisy neighbours that hog a cloud server's resources for all of its users, degrading performance for all.

Eric Billiter 2017-01-06
img

Two years ago, after nineteen years at Autodesk, Chase joined Splunk to manage release engineering and became involved in the analytics firm's effort to migrate development from Perforce to a Git-based source control system.

Perforce and Git are both tools for managing source code, particularly projects with multiple developers.

The most salient differences between the two are that Perforce is centralized and proprietary and Git is distributed and open source.

For Chase, disillusionment with Perforce came mainly from a desire for greater development agility.

"Perforce had really become an impediment to speed at scale," said Chase in a phone interview with The Register.

"It was not allowing us to move quickly."

Marie Haines 2019-10-16
img

Code-hosting biz also bans staff from talking politics at work

GitLab, a San Francisco-based provider of hosted git software, recently changed its company handbook to declare it won't ban potential customers on "moral/value grounds," and that employees should not discuss politics at work.

The policy addition, created by co-founder and CEO Sid Sijbrandij and implemented as a git pull request, was merged (with no approval required) about two weeks ago.

It was proposed to clarify that GitLab is committed to doing business with "customers with values that are incompatible with our own values."

Such a declaration could run afoul of legal boundaries in some circumstances.

While workers have no constitutional speech protection in the context of their employment, federal labor law requires that employees be allowed to discuss the terms and conditions of their employment and possible unlawful conduct like harassment, discrimination, and safety violations.

John Murphy 2016-11-14

New web tech springs up on a regular basis.

But whether you re using old warhorses like HTML, CSS and Javascript or new kids on the block like Ruby on Rails or GIT, the trick is figuring out how they all work together.

With the Complete 2016 Learn to Code Bonus Bundle from TNW Deals, you ll not only be on your way to solving that problem, but thanks to a limited time discount from $65 to $35, you ll be doing it with a few more dollars in your pocket.

Consisting of 12 courses and over 120 hours of content, this bundle has everything you need in order to master some of the most popular coding languages and applications.

The Complete Ruby on Rails Developer Course

Learn Web Development by Creating a Social Network