Language Selection

English French German Italian Portuguese Spanish

Trapping Code Inside Microsoft GitHub

Filed under
Development
Microsoft
  • Reinout van Rees: Github basic auth deprecation and jenkins

    Hm, that @nenskins user, that is our old jenkins instance talking to github somehow. Apparently through basic auth. Only... where? Most of the github traffic seemed to use just an access token. Jenkins calls that the secret text type. Basic auth is type username with password in jenkins.

    What it turned out to be was the github branch source plugin. This periodically looks at our github organisation to see if there are new projects or new branches that it missed. Normally github tells our jenkins when there's a new project or pull request or so.

    Ok, on to the jenkins settings for my organisation. The confusing thing here is that the "credentials" setting says this:

    Note that only "username with password" credentials are
    supported. Existing credentials of other kinds will be filtered out. This
    is because jenkins exercises GitHub API, and this last one does not
    support other ways of authentication.
    Huh? Github is refusing user/password basic auth, which is what this plugin only supports? I updated every plugin, but the problem still persisted.

  • VVVVVV from Terry Cavanagh has the source code opened up to celebrate the 10 year anniversary

    VVVVVV, the clever platformer from Terry Cavanagh where you reverse gravity instead of jumping has now be made open source.

    The open license doesn't cover the assets (icons, art, graphics or music) which are still under a proprietary license. So you will need some to play with it, which Cavanagh said you can get from the Make and Play Edition for personal use and that edition also has the tools to make levels.

More in Tux Machines

Security Leftovers

  • Oh, the Irony! Chrome is Blocking Security Tool Nmap Downloads Considering it a Security Threat

    Nmap is a popular open-source tool created by Gordon Lyon used by security experts and network admins to analyze the network, find exploits, and keep it secure. However, it seems that for a day at least, Google Chrome blocked all Nmap downloads using its Safe Browsing service by labelling it as a threat. Even though this has been fixed quickly. For many visitors trying to download the tool, this must have been confusing. A software that’s more than a decade old is now suddenly considered as a threat?

  • Logging as a service isn't SIEM -- so what is it?

    Log management software is often confused or conflated with security information event management (SIEM) software. Both monitor and analyze system and application data, so vendors often blur the lines between the two categories, with many SIEM products including a log management module. Conversely, some log management vendors also have SIEM offerings that work with or supplement their logging products. The primary distinction between log management and SIEM is focus. SIEM tools prioritize data and metrics relevant to security, not the totality of an environment's system, user and application log output. Log management software and services provide a scalable, holistic platform to collect, manage, archive and analyze all of an IT environment's log output -- on premises and in the cloud.

  • Laptops given to British schools came preloaded with malware and talked to Russia when booted [iophk: Windows TCO]

    These devices have shipped over the past three to four weeks, though it is unclear how many of them are infected. One source at a school told The Register that the machines in question seemed to have been manufactured in late 2019 and appeared to have had their DfE-specified software installed last year.

  • Democrats seek answers on impact of Russian cyberattack on Justice Department, Courts [iophk: Windows TCO]

    The senators’ concerns come weeks after both the Justice Department and the U.S. Courts reported that they had been among the federal agencies compromised by the Russian attack on SolarWinds, which was uncovered in December but had been ongoing for more than a year.

    In a statement earlier this month, a DOJ spokesperson said around 3 percent of the agency’s employee email accounts had been “potentially accessed” as part of the breach, but that there was “no indication that any classified systems were accessed.” DOJ has more than 100,000 employees.

    The federal judiciary confirmed it was breached the same week as DOJ, noting in a statement that the AO’s Case Management/Electronic Files system had suffered an “apparent compromise,” with new procedures immediately put in place to file sensitive court documents.

  • Biden inherited one of the worst [cracks] in history. How will his administration respond?

    But that's the easy part. The SolarWinds [attack] — named for the Texas software company that Russia [cracked] in order to gain access to tens of thousands of its customers, many of them American businesses and federal agencies — ran undetected for at least nine months, siphoning off private information before it was discovered in December.

    At least five federal agencies have admitted they were affected. Several others have so far refused to comment. Few private companies have admitted to being victims, but experts say the working assumption is the number is in the hundreds.

    That's left cybersecurity experts with the labor-intensive task of combing through sensitive networks.

Android Leftovers

Schedule appointments with an open source alternative to Doodle

In previous years, this annual series covered individual apps. This year, we are looking at all-in-one solutions in addition to strategies to help in 2021. Welcome to day 13 of 21 Days of Productivity in 2021. Setting appointments with other people is difficult. Most of the time, we guess at a date and time and then start the "is this time bad for you? No, that time is bad for me, how about..." dance. It is easier with co-workers since you can see each others' calendars. You just have to find that magic spot that is good for almost everyone who needs to be on the call. However, for freelancers managing personal calendars, the dance is a routine part of setting up calls and meetings. Read more

This week in KDE: the Plasma 5.20 beta is here!

Well folks, you finally have a chance to test out Plasma 5.21, in beta form! Please do install it and find all the bugs we missed. Bug reports have already started pouring in, and we’ll fix them as fast as we can in the next month. [...] Kate now has a searchable HUD-style command palette that lets you trigger menu items with super speed! It’s activated using the Ctrl+Alt+I shortcut, and we’re investigating adding it to other KDE apps as well in the form of a re-usable framework component. Read more