Today, GitHub announced that as part of the current GitHub Copilot subscription, GitHub Copilot Chat will be fully launched in December and can be used by any enterprise and individual users. Related services will also be provided free of charge to educational users and maintainers of popular open source projects. Used and integrated into the GitHub website and mobile App by default.

It is reported that GitHub Copilot Chat is mainly used to help developers write code and can be directly integrated into the developer’s desktop IDE environment. It is said to be not only limited to “code default supplement” and “code error correction”, but can also be directly based on the above Automatically associate the following text.

GitHub claims that regardless of developer experience level, they can leverage Copilot Chat to build a complete application or debug a code base in minutes to increase developer productivity and code accuracy.

GitHub also said that in addition to assisting developers with code, Copilot Chat can also start conversations with developers, making the interaction process with AI more detailed.

It is found that GitHub claims that using GitHub Copilot can significantly improve developer productivity. In controlled studies, developers using GitHub Copilot were 55% faster. Early research from GitHub also shows that across all programming languages, an average of 46% of code is generated using GitHub Copilot, and among Java developers, this figure is as high as 61%.

THIS IS A SPONSOR PROMOTION: >>>>>>>>>>>>>

Geekwills is an online shop that connects consumers with millions of products and brands around the world with the mission to empower them to live their best lives. Geekwills is committed to offering the most affordable quality products to enable consumers and sellers to fulfill their dreams in an inclusive environment.

The post GitHub Copilot Chat will be fully launched in December, available for free to educational users appeared first on TechGoing.

TrollStore is a permanently signed non-jailbroken App that allows users to install unsigned IPA files on iPhones without jailbreaking.

Trolls claim that Apple rarely released three systems in the early morning of September 22 this year, namely iOS 16.7 official version, iOS 17.0.1 official version and iOS 17.0.2 official version exclusive to iPhone 15. This update is for Fix the CVE-2023-41991 vulnerability, which is the same vulnerability as TrollStore.

The vulnerability that is expected to achieve a permanent TrollStore signature has been fixed in iOS 16.7 and iOS 17.0.1 systems, so subsequent versions cannot use the relevant vulnerability to deploy related applications.

▲ Picture source Troll GitHub yem

The troll has updated the relevant GitHub interface and said: If users want to get TrollStore, please continue to use the relevant iOS version, and iOS16.7 and 17.0.1 or above “will never be supported (unless Apple messes up for the third time” CoreTrust)”.

 The A11 model can be completed using the checkm8 vulnerability. iOS 15.5-iOS 16.5 may be adapted fastest because of the kfd vulnerability.

 The three system versions of iOS 16.6, iOS 16.6.1 and iOS 17.0 require new methods or kernel vulnerabilities to complete, which is more difficult. (Currently, if we want to turn vulnerabilities into tools, we must first publish the vulnerabilities and then obtain the POC. Currently, the vulnerabilities are not public, so it is slightly more difficult)

The post Apple iOS 15-17, Trollstore updates official GitHub page appeared first on TechGoing.

It is reported that the attack occurred from July 8 to July 11 this year, hackers invaded hundreds of GitHub repositories, and used GitHub’s open-source automation tool Dependabot to forge the commit information, in an attempt to cover up the malicious activities, so that developers think that the commit information is Dependabot, and thus ignore the relevant information.

After inquiries learned that the attack can be divided into a total of three stages, the first is to determine the developer’s “personal token”, security company researchers explained that the developer to Git operations, you must use a personal token to set up the development environment, and this token will be stored in the developer’s local area, it is easy to be obtained, due to these tokens do not require double authentication, so hackers can easily determine these tokens.

▲ image source Checkmarx

The second stage is to steal credentials. The researchers are not sure how the hackers obtained the developer credentials, but they speculate that the most likely scenario is that the victim’s computer was infected by a malicious Trojan horse, which then uploaded the first stage of the “personal tokens” to the attacker’s servers.

▲ Image courtesy of Checkmarx

The final stage is for the hackers to use the stolen tokens to inject malicious code into the repositories via GitHub authentication, and given the scale of the attack, the researchers hypothesize that the hackers used an automated process to deploy it.

Security firm Checkmarx reminds developers to be careful about where their code comes from, even on trusted platforms like GitHub. The hackers were able to pull off the attack because many developers don’t double-check the actual changes when they see a Dependabot message.

And because token access logs are only available to corporate accounts, non-corporate users have no way of knowing if their GitHub token was obtained by hackers.

The researchers suggest that users consider adopting new versions of GitHub tokens (fine-grained personal access tokens) and configuring token permissions to minimize the damage hackers can do if a token is compromised.

▲ image source Checkmarx

▲ image source GitHub

GitHub

• Surprise: When Dependabot Contributes Malicious Code.
• Introducing fine-grained personal access tokens for GitHub.

The post Hundreds of GitHub repositories hacked, security firm urges users to use new token appeared first on TechGoing.

Thomas Dohmke believes that artificial intelligence and software development are now inseparable, driven by auxiliary tools such as Copilot and its related Copilot Chat, and with these software, Microsoft has extended AI technology to individual consumers.

However, it is found that Thomas Dohmke insisted that the snowballing artificial intelligence revolution would not sound the death knell for the software development industry.

Dohmke claimed that industry demand for software developers will continue to exceed supply. Thomas Dohmke himself, like many other technology leaders, has long insisted that AI tools such as Copilot are only used to improve developer productivity, not replace it.

 The amount of software is only going to grow exponentially in ten years, we have more and more lines of code to manage, we have more and more ideas, and frankly, every company is a software company now.

Thomas Dohmke mentioned that the reason why the industry still has a large demand for software developers is mainly because there is a lot of “old” code. For example, banks and financial institutions are still running COBOL code from the 1960s, and the code was not written based on unit testing and CI/CD, so someone has to maintain it and want to convert the relevant COBOL code to Java or Python.

The post GitHub CEO Thomas Dohmke: AI cannot replace programmers appeared first on TechGoing.

It is reported that Copilot Chat is not only limited to “code default supplement” and “code error correction”, but also directly based on the above, automatically associated with the latter.

GitHub claims that developers, regardless of their level of experience, can use Copilot Chat to build complete applications or debug code bases in minutes, increasing developer productivity and code accuracy.

GitHub also says that in addition to helping developers with code, Copilot Chat is an AI tool that can also engage in dialogue with developers, making interactions with AI more nuanced.

According to GitHub’s research, using GitHub Copilot can significantly improve developer productivity. In a controlled study, developers were 55% faster with GitHub Copilot. And early research from GitHub also showed that an average of 46% of code across all programming languages was generated using GitHub Copilot, and among Java developers, that number was even higher at 61%.

Currently, GitHub says that the Copilot Chat public beta is available to all enterprise users, and all that is required is to confirm the user agreement in the Copilot tab, and after accepting the terms, the AI tool can be enabled.

The post GitHub launched enterprise available Copilot Chat public beta appeared first on TechGoing.

The survey results show that 92% of programmers are using a variety of AI tools, and 70% of programmers believe the introduction of AI tools has significantly improved productivity.

Programmers surveyed said AI tools improve code quality, speed output, and reduce production-level incidents. This indicates that AI programming tools are an important part of modern business IT.

GitHub Chief Product Officer Inbal Shani added that “the way to innovate at scale is by increasing developer productivity, improving their satisfaction, and enabling them to do their best every day.”

The post GitHub reports that 92% of US programmers are using AI tools appeared first on TechGoing.

In a blog post, Microsoft stated:

"GitHub Advanced Security for Azure DevOps brings the same developer security features to Azure DevOps as GitHub Advanced Security, integrated directly into Azure Repos and Azure Pipelines This includes the same secret scanning, dependency scanning, and CodeQL code scanning capabilities available in GitHub Enterprise."

Confidential scanning is helpful for developers who are afraid of exposing confidential credentials – “50% of all security breaches are due to credential exposure.

Using the features in GitHub Advanced Security for Azure DevOps can find any previously released secrets and also stop them before they are compromised.

"Depending on how widely the secrets are used, this can take days of effort and stress - if you miss rotating secrets in only one of the places where they are used, it can lead to a live site outage. On the other hand, if you stop the confidential from being exposed when you push, it's easier to clean up your commit and re-push it before it persists in Azure Repos."

The new GitHub service can also discover any open-source package vulnerabilities with the Dependency Scan feature. In addition, it uses the CodeQL static analysis engine to let developers find hundreds of security issues from a variety of code languages.

GitHub Advanced Security for Azure DevOps billing is handled through Azure and costs $49 per month per active committer (currently about RMB 346), see more at this link.

The post Microsoft Releases Public Preview of GitHub Advanced Security for Azure DevOps appeared first on TechGoing.

Lockpick is a tool that lets users export keys from their Switch consoles, which can be used to decrypt important information from game data and system files. Nintendo believes that such a tool would violate its copyright and intellectual property rights, so it has asked GitHub to remove the related code base.

However, this move has caused a lot of discontent and opposition from Switch users and developers. They believe that Nintendo is too harsh and overbearing, and does not respect the legal rights of users, nor does it understand the spirit of the open source community. They point out that tools such as Lockpick are not for pirating or cracking games, but rather allow users to freely backup and manage their game data and system files. Moreover, these tools can only export keys from the user’s own Switch and not from elsewhere, so they do not cause substantial damage to Nintendo.

Currently, GitHub has removed the codebase for tools like Lockpick at Nintendo’s request, but there are a number of other similar tools and projects that have not yet been affected. It is claimed that Nintendo has some other downgrade requests in progress, but the specific details have not yet been made public.

The post Nintendo launched large-scale DMCA action against GitHub, allowing users to export keys from Switch appeared first on TechGoing.

Developers who use JavaScript can call thousands of packages through the npm package manager to add all sorts of new features and functionality to their projects.

But while developers can find the right npm package as they move forward, they don’t know if it’s built from source code. By introducing provenance, npm packages can be verified for traceability.

As for GitHub’s motivation for this tweak, the official press release that attackers have been attacking popular npm packages such as UAParser.js, Command-Option-Argument, and RC for the past few years.

These attacks do not directly corrupt the source code, but developers who use modified packages that contain malicious intent may affect projects and consumers.

The post GitHub improves security, npm packages can be verified and traced appeared first on TechGoing.

According to new reports, a California federal court has granted GitHub a subpoena in connection with the leak of Twitter source code on Microsoft’s code hosting platform GitHub, which has until April 3 to provide personally identifiable information related to the FreeSpeechEnthusiast account. The “FreeSpeechEnthusiast” previously posted “various excerpts” of Twitter’s source code on GitHub, without Twitter’s authorization.

Elon Musk promised to make the source code of the tweet public last month, but it hasn’t really been made public yet.

The post U.S. Court asks Microsoft’s GitHub to provide publisher information appeared first on TechGoing.