GitHub starts blocking developers in countries facing US trade sanctions
https://www.zdnet.com/article/github-starts-blocking-developers-in-countries-facing-us-trade-sanctions
There's a debate over free speech taking place after Microsoft-owned GitHub "restricted" the account of a developer based in the Crimea region of Ukraine, who used the service to host his website and gaming software.
GitHub this week told Anatoliy Kashkin, a 21-year-old Russian citizen who lives in Crimea, that it had "restricted" his GitHub account "due to US trade controls".
Kashkin uses GitHub to host his website and GameHub, a launcher for Linux systems that combines games from Steam, GOG, and Humble Bundle in a single user interface.
#github #microsoft #deletewindows #why
https://www.zdnet.com/article/github-starts-blocking-developers-in-countries-facing-us-trade-sanctions
There's a debate over free speech taking place after Microsoft-owned GitHub "restricted" the account of a developer based in the Crimea region of Ukraine, who used the service to host his website and gaming software.
GitHub this week told Anatoliy Kashkin, a 21-year-old Russian citizen who lives in Crimea, that it had "restricted" his GitHub account "due to US trade controls".
Kashkin uses GitHub to host his website and GameHub, a launcher for Linux systems that combines games from Steam, GOG, and Humble Bundle in a single user interface.
#github #microsoft #deletewindows #why
ZDNET
GitHub starts blocking developers in countries facing US trade sanctions
If you use GitHub's online services in a country facing US sanctions, you could be about to be kicked off all but the most basic offerings.
Forwarded from BlackBox (Security) Archiv
GitHub Archive Program
Preserving open source software for future generations
It is a hidden cornerstone of modern civilization, and the shared heritage of all humanity. The mission of the GitHub Archive Program is to preserve open source software for future generations.
GitHub is partnering with the Long Now Foundation, the Internet Archive, the Software Heritage Foundation, Arctic World Archive, Microsoft Research, the Bodleian Library, and Stanford Libraries to ensure the long-term preservation of the world's open source software. We will protect this priceless knowledge by storing multiple copies, on an ongoing basis, across various data formats and locations, including a very-long-term archive designed to last at least 1,000 years.
👉🏼 Read more:
https://archiveprogram.github.com/
#GitHub #archiveprogram #repo #arctic #norway
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Preserving open source software for future generations
It is a hidden cornerstone of modern civilization, and the shared heritage of all humanity. The mission of the GitHub Archive Program is to preserve open source software for future generations.
GitHub is partnering with the Long Now Foundation, the Internet Archive, the Software Heritage Foundation, Arctic World Archive, Microsoft Research, the Bodleian Library, and Stanford Libraries to ensure the long-term preservation of the world's open source software. We will protect this priceless knowledge by storing multiple copies, on an ongoing basis, across various data formats and locations, including a very-long-term archive designed to last at least 1,000 years.
👉🏼 Read more:
https://archiveprogram.github.com/
#GitHub #archiveprogram #repo #arctic #norway
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Chinese internet users who uploaded coronavirus memories to GitHub have been arrested
This story has been updated with comment from volunteers behind a GitHub page.
A group of volunteers in China who worked to prevent digital records of the coronavirus outbreak from being scrubbed by censors are now targets of a crackdown.
Cai Wei, a Beijing-based man who participated in one such project on GitHub, the software development website, was arrested together with his girlfriend by Beijing police on April 19. The couple were accused of “picking quarrels and provoking trouble,” a commonly used charge against dissidents in China, according to Chen Kun, the brother of Chen Mei, another volunteer involved with the project. Chen Mei has been missing since that same day. On April 24, the couple’s families received a police notice that informed them of the charge, and said the two have been put under “residential surveillance at a designated place.” There is still no information about Chen Mei, said his brother.
It is unclear whether the arrest of the couple and the disappearance of Chen are directly linked to their GitHub project, named “Terminus2049.” The Beijing police could not be reached for comment.
👉🏼 Read more:
https://qz.com/1846277/china-arrests-users-behind-github-coronavirus-memories-page/
#China #coronavirus #GitHub #arrested
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
This story has been updated with comment from volunteers behind a GitHub page.
A group of volunteers in China who worked to prevent digital records of the coronavirus outbreak from being scrubbed by censors are now targets of a crackdown.
Cai Wei, a Beijing-based man who participated in one such project on GitHub, the software development website, was arrested together with his girlfriend by Beijing police on April 19. The couple were accused of “picking quarrels and provoking trouble,” a commonly used charge against dissidents in China, according to Chen Kun, the brother of Chen Mei, another volunteer involved with the project. Chen Mei has been missing since that same day. On April 24, the couple’s families received a police notice that informed them of the charge, and said the two have been put under “residential surveillance at a designated place.” There is still no information about Chen Mei, said his brother.
It is unclear whether the arrest of the couple and the disappearance of Chen are directly linked to their GitHub project, named “Terminus2049.” The Beijing police could not be reached for comment.
👉🏼 Read more:
https://qz.com/1846277/china-arrests-users-behind-github-coronavirus-memories-page/
#China #coronavirus #GitHub #arrested
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Telegram’s TON OS to Go Open Source on GitHub Tomorrow
Telegram’s blockchain operating system, TON OS, which is planned for launch on Google Play market and Apple's AppStore, will be open sourced tomorrow.
Telegram recently delayed their open network, TON, and their cryptocurrency, GRAM, once again. There is one related project that has not experienced these setbacks, however. TON OS, an operating system for the TON blockchain, will soon get an open source release.
The project’s core infrastructure developers, TON Labs, are planning to open source the main components of the TON OS on GitHub tomorrow. Mitja Goroshevsky, CTO at TON Labs, confirmed the news to Cointelegraph on May 6.
TON Labs to issue a token known as TON Cash within a month
As reported by industry publication, ForkLog, the release includes TON Node in the Rust programming language, command line interface, TON Multisignature Wallet smart contract, as well as tools for launching TON validators. The report notes that within a month, TON Labs also plans to issue its decentralized browser, Surf, its staking pool, DePool, and the token known as TON Cash.
In conjunction with the TON OS open source release, TON Labs is joining the Free Software Foundation (FSF), a major free software movement. As such, all the components of the TON OS are being launched as a free software. According to the developers, the idea of a permissionless blockchain in a closed source is absurd. TON Labs reportedly felt that joining the FSF will help them maintain free use of the application as well as the TON blockchain.
👉🏼 Read more:
https://cointelegraph.com/news/telegrams-ton-os-to-go-open-source-on-github-tomorrow
https://www.bitcoinisle.com/2020/05/06/telegrams-ton-os-to-go-open-source-on-github-tomorrow/
https://criptotendencia.com/2020/05/07/solo-horas-para-el-lanzamiento-de-ton-os-el-sistema-operativo-de-telegram/
#tg #telegram #TON #OS #OpenSource #GitHub
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Telegram’s blockchain operating system, TON OS, which is planned for launch on Google Play market and Apple's AppStore, will be open sourced tomorrow.
Telegram recently delayed their open network, TON, and their cryptocurrency, GRAM, once again. There is one related project that has not experienced these setbacks, however. TON OS, an operating system for the TON blockchain, will soon get an open source release.
The project’s core infrastructure developers, TON Labs, are planning to open source the main components of the TON OS on GitHub tomorrow. Mitja Goroshevsky, CTO at TON Labs, confirmed the news to Cointelegraph on May 6.
TON Labs to issue a token known as TON Cash within a month
As reported by industry publication, ForkLog, the release includes TON Node in the Rust programming language, command line interface, TON Multisignature Wallet smart contract, as well as tools for launching TON validators. The report notes that within a month, TON Labs also plans to issue its decentralized browser, Surf, its staking pool, DePool, and the token known as TON Cash.
In conjunction with the TON OS open source release, TON Labs is joining the Free Software Foundation (FSF), a major free software movement. As such, all the components of the TON OS are being launched as a free software. According to the developers, the idea of a permissionless blockchain in a closed source is absurd. TON Labs reportedly felt that joining the FSF will help them maintain free use of the application as well as the TON blockchain.
👉🏼 Read more:
https://cointelegraph.com/news/telegrams-ton-os-to-go-open-source-on-github-tomorrow
https://www.bitcoinisle.com/2020/05/06/telegrams-ton-os-to-go-open-source-on-github-tomorrow/
https://criptotendencia.com/2020/05/07/solo-horas-para-el-lanzamiento-de-ton-os-el-sistema-operativo-de-telegram/
#tg #telegram #TON #OS #OpenSource #GitHub
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Youtube-dl is back again - repository has been restored on GitHub
👀 👉🏼 https://github.com/ytdl-org/youtube-dl
#youtubedl #copyright #RIAA #takedown #github
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
👀 👉🏼 https://github.com/ytdl-org/youtube-dl
#youtubedl #copyright #RIAA #takedown #github
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
GitHub blocks Google FLoC tracking
Yesterday, GitHub announced rolling out a mysterious HTTP header on all GitHub Pages sites.
GitHub Pages enables users to create websites right from within their GitHub repository.
And it turns out, this header, now being returned by GitHub sites, is actually meant for website owners to opt-out of Google FLoC tracking.
BleepingComputer also noticed the entire github.com domain had this header set, indicating GitHub did not want its visitors to be included in Google FLoC's "cohorts" when visiting any GitHub page.
https://www.bleepingcomputer.com/news/security/github-blocks-google-floc-tracking/
#github #goolag #FLoC #tracking
Yesterday, GitHub announced rolling out a mysterious HTTP header on all GitHub Pages sites.
GitHub Pages enables users to create websites right from within their GitHub repository.
And it turns out, this header, now being returned by GitHub sites, is actually meant for website owners to opt-out of Google FLoC tracking.
BleepingComputer also noticed the entire github.com domain had this header set, indicating GitHub did not want its visitors to be included in Google FLoC's "cohorts" when visiting any GitHub page.
https://www.bleepingcomputer.com/news/security/github-blocks-google-floc-tracking/
#github #goolag #FLoC #tracking
BleepingComputer
GitHub disables Google FloC user tracking on its website
GitHub has announced rolling out a mysterious HTTP header on all GitHub Pages sites to block Google FLoC tracking.
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking – June 2023
#Github #RepoJacking
Millions of GitHub repositories are potentially vulnerable to RepoJacking. New research by Aqua Nautilus sheds light on the extent of RepoJacking, which if exploited may lead to code execution on organizations’ internal environments or on their customers’ environments. As part of our research, we found an enormous source of data that allowed us to sample a dataset and find some highly popular targets.
Among the repositories found vulnerable to this attack we discovered organizations such as Google, Lyft and some that requested to remain anonymous. All were notified of this vulnerability and promptly mitigated the risks. In this blog we will show how an attacker can exploit this at scale and share the PoC we ran on popular repositories. #Github #RepoJacking
New Python tool checks NPM packages for manifest confusion issues –
The problem is with the inconsistent information between a package's manifest data as displayed in the NPM registry and the data present in the 'package.json' file of the published package.
A malicious actor could manipulate the manifest data of a new package, eliminating certain scripts or dependencies so that they do not appear in the NPM registry.
However, these scripts or dependencies would still be present in the package.json file and would be executed when the package is installed, without the user being aware
#Github #cybersec #vulnerability
The problem is with the inconsistent information between a package's manifest data as displayed in the NPM registry and the data present in the 'package.json' file of the published package.
A malicious actor could manipulate the manifest data of a new package, eliminating certain scripts or dependencies so that they do not appear in the NPM registry.
However, these scripts or dependencies would still be present in the package.json file and would be executed when the package is installed, without the user being aware
#Github #cybersec #vulnerability
BleepingComputer
New Python tool checks NPM packages for manifest confusion issues
A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.