GitHub is a web service for a hosting of IT projects and their joint development. GitHub is positioned by his creators as social network for developers. For September 30, 2015 the number of users of service made 11 million people, and staff of the company — 350 people.
Users of GitHub are attacked by phishers
On April 18, 2020 it became known that the command of response to incidents (SIRT) of the GitHub platform warned users about a phishing campaign during which malefactors abduct credentials through the lendingovy pages issued by them for pages of authorization of GitHub.
During the campaign which received the name Sawfish cybercriminals not only crack others accounts, but at once unload all contents of their repositories.
|If attacking successfully was succeeded to steal credentials of the user of GitHub, it can quickly create tokens of access or authorize the OAuth applications to save access to an account in case the user will change the password, - SIRT reports.|
The attack begins with obtaining the phishing letter by the victim which authors try to force it to click by different methods on the malicious URL. In some letters it is reported as if unauthorized access was got to the user account, and in others it is notified on repositories and changes in settings of an account.
If the victim clicks on the link presented in the letter, it will get on the fake page of authorization of GitHub sending the entered credentials to servers under control of malefactors. In case of use by the victim of mobile application of TOTP the fake lendingovy page in real time also collects codes for two-factor authentication. So the accounts protected using two-factor authentication based on TOTP technology can even become the victims of the attack. Nevertheless, the accounts protected using hardware keys are not vulnerable to this attack.
According to SIRT, a campaign still proceeds. Cybercriminals are aimed only at the active accounts belonging to the staff of the technology companies in the different countries of the world. Malefactors receive the e-mail addresses for mailing of harmful letters from open kommit of GitHub.
Phishing letters are sent from legitimate domains – or from the cracked in advance mail servers, or using the stolen credentials API of providers of services of e-mail. With the purpose to hide the URL address of a fake page malefactors use services for reduction of links.
The Ministry of Economics decided to select 2.1 billion rubles for creation of an analog of GitHub
On January 20, 2020 it became known of the offer of the Ministry of Economic Development to create in Russia an analog of the world's largest platform for joint software development of GitHub. Department is going to spend 2.1 billion rubles for these purposes.
It is told about creation of the Russian alternative of GitHub in the latest version of the federal project "Artificial intelligence" developed by the Ministry of Economic Development and Sberbank Kommersant writes. According to the newspaper, the authorities want to create an analog of service because of risk of disconnection of Russia from foreign storages of the code "because of reputational and sanctions risks".
The Ministry of Economic Development confirmed to the edition that the idea of the Russian analog of GitHub is relevant. According to department, the platform is going to be used during creation of the AI open libraries within implementation of the national strategy of development for artificial intelligence till 2030.
In the Russian storage it is offered to copy the most demanded programs from foreign open sources. Follows from the project that the Russian analog of GitHub can appear by 2021, and to 2024 such repositories should become five.
According to the CEO of BaseALT Alexey Smirnov, the analog of GitHub can be useful only in case of the obligatory publication of results of development of software in it for budget money, and under the open license. The chief executive of Domestic Software association Renat Lashin agrees with this opinion and adds that such platform would allow to cut down considerably expenses on support and development of software and also development of new programs at the expense of a possibility of reuse of the code.
The associate director on the special ICL Services programs Andrey Krekhov doubts success the project. The Russian analog of GitHub "will remind a situation when laid and decorated a table, and guests did not come", he considers.
Data of users of Github appeared in open access
On November 24, 2019 it became known that American the security researcher Vinny Troia detected the available database, containing more than 4 TB information - in total 1.2 billion records including data from profiles of hundreds of millions of users social networks Facebook Twitter, LinkedIn and Github. In more detail here.
Microsoft printed all source codes of projects with GitHub and hid in the Arctic
In the middle of November, 2019 it became known that Microsoft printed all source codes of projects with GitHub and hid in the Arctic on a doomsday case.
The project includes monumental storage Arctic Code Vault. It was placed in the former coal mine on the archipelago of Spitsbergen in permafrost zone beyond Arctic Circle. The storage is located at a depth of 250 meters. Data remain on film Piql coils which service life exceeds 1000.
It will be possible to read data using normal magnifying glass, or, for example, a magnifying glass. Now, even if all writing and reader devices on the planet will be gone, the archive will help to recover loss of valuable information.
Active public repositories and something from archives entered the saved asset. The collection contains fragments of source codes for Linux and Android, the Python programming languages, Ruby and Rust, the Node, V8, React and Angular web platforms, cryptocurrency SOFTWARE for Bitcoin and Ethereum, AI- tools TensorFlow and FastAI and also many other things.
Source codes are loaded into the data center of Piql known as Arctic World Archive. Historical data of the European Space Agency, the manuscript of Vatican, documents of Siemens, the copy of the act of independence of Mexico and many other things are also stored in it. Also there is a Global storage of seeds.
Meanwhile, Microsoft presented Project Silica — the device for superlong-lasting data storage in cold conditions which looks as a transparent square piece of glass. In normal optical disks information registers as etched and not etched region of a track that designates unit or zero. In the new device information is coded by the whole or deformed nanogrid in quartz glass.
80% of developers for GitHub live not in the USA
In November, 2019 GitHub published the annual report on results of work of service. It became clear that only 20% of developers who use GitHub live in the USA.
In a year by November, 2019 in service 44 million new repositories were created, and the number of the developers who created the first repository increased by 44%. Nearly 1.4 million ovy users took part in development and transferred the changes to open projects.
The number of the companies provided on GitHub increased from 2.1 to 2.9 million. And accounts of GitHub Enterprise Cloud belong to development teams from 70 different countries.
More than 3.6 million repositories are connected by dependences with 50 top open projects. For example, millions of dependences have such projects as rails, jest and axios. The median number of dependences for one repository makes 203. The greatest number of dependences is mentioned for NPM packets (3.5 million), RubyGems (737 thousand), Maven (167 thousand), NuGet (94 thousand) and pip (78 thousand).
The rating of the most quickly developing repositories is headed: AspNetCore, flutter, vsts-docs, istio, amplify-js, charts and Proton.
GitHub began to block developers from the countries which fell under sanctions of the USA
At the end of July, 2019 it became known that the GitHub service began to block developers from the countries which fell under sanctions of the USA.
About what in GitHub disconnects accounts from regions on which the American sanctions extend wrote to some of the first the ZDNet edition. Journalists gave the 21-year-old Russian Anatoly Kashkin living in the Crimea as an example. This developer places GitHub the website and a launcher for Linux which integrates the games Steam, GOG and Humble Bundle in one user interface.
Kashkin most of all worries about the GameHub project on which there is certain demand. The developer does not see the best place for placement and support of GameHub as thanks to GitHub users easily find a launcher and also easily announce bugs if detect them.
According to GitHub, service limits services to users in the Crimea, Iran, North Korea, Syria, in Cuba and other regions which fell under sanctions. Such developers can use service of joint development of IT projects for personal communications.
GitHub refers to the document where measures for control of trade are described. The administration of service noted that it submits to the American laws and regulates information placed by users according to Rules of export control of the USA (U.S. Export Administration Regulations).
GitHub Enterprise Server is a commercial product for mass market to which classification number of export control is assigned. And though it can be exported to the majority of destination points without license, there are also exceptions.
Developers from the Crimea and Iran in large quantities report that their access to GitHub was limited. So, the Iranian user reported in the post on Medium that its Git-repository is disconnected, and it cannot download the data. The developer hopes that the situation will be resolved, he liked service.
- IT blockade of the Crimea
- Foreign sanctions against the Russian citizens and companies
- Sanctions of Ukraine against Russia
- Sanctions of the USA and the EU concerning the Russian oil and gas sector
- Sanctions against Huawei
We were considered Antichrists. Why Microsoft wanted, but did not purchase GitHub in 2014
At the beginning of June, 2019 the head of cloud division of Microsoft Scott Guthrie told why Microsoft wanted, but did not purchase GitHub in 2014.
Guthrie understood that at that time Microsoft was simply not ready to purchase popular web service for a hosting of IT projects and their joint development. According to Guthrie, GitHub developers just would rebel – many of them considered Microsoft as enemy No. 1 because of attacks of the company on freely distributed open source software.
|The world of projects open source fairly considered us Antichrist, - Guthrie says. — Developers of such projects absolutely did not trust us. At that time Microsoft was still generally focused on the software which is completely created by own forces and belonging to the company.|
Since then Microsoft turned into one of the largest software developers open source and convinced clients to trust the applications created using the competing tools and programs and also service of cloud computing Microsoft Azure. More than 60% of a command of Microsoft which develops cloud applicaions got a position thanks to rich work experiences with instruments of programming or cloud services of third-party developers.
In June, 2018 Guthrie and the CEO of Microsoft Satya Nadella at last submitted the agreement on GitHub acquisition. Despite some perturbation in community of developers, the transaction did not become a reason for war. Most of users of GitHub just continued to place the code on the portal. Microsoft spent many years to improve the benevolent relations with community of the open code, and these efforts were not gone in vain.
The translation of all projects of Apache fund on GitHub
On April 29, 2019 the Apache Software Foundation non-profit organization which is considered the world's largest community on software development open source, announced transfer of all the projects on GitHub. Read more here.
Private repositories became available to free users
In January, 2019 private repositories on GitHub became available to users who work only with free functions. Earlier non-public or not subject to disclosure projects could be developed only for money.
However the innovation was accepted with restriction. Free private repositories can include no more than three participants. Thus, the innovation is expected generally maintaining small personal projects, but not group development of serious software products. For example, private repositories will be able to be applied to carrying out non-public experiments before release, to individual maintaining the closed projects of the employer or to work with the code which is not subject to disclosure.
The participants of GitHub using a free tariff plan can create private repositories in an unlimited number. The limit is set only on the number of the users involved in the project.
If it is necessary to connect more than three users to a repository, then it is necessary to pass to a paid rate. At the same time there is no such restriction in the competing service — GitLab. On it thousands of developers after sale of GitHub of Microsoft corporation migrated.
Microsoft explained implementation of an opportunity for work with private repositories for free subscribers desire of many developers to work over third-party projects without excess problems. At the same time the company also added new features for a corporate subscription.
The universal GitHub Enterprise rate within which the options GitHub Enterprise Cloud were integrated (earlier known as GitHub Business Cloud) and Enterprise Server became one more innovation on GitHub (GitHub Enterprise was called earlier). Now to commands which need flexibility in use of GitHub in a cloud or autonomous configuration can get access to both at one price.
By the end of 2018 in GitHub there were more than 100 million repositories. How many from them private, it was not specified.
Thousands of developers passed to GitLab after GitHub sale
At the beginning of June, 2018 thousands of developers began to transfer the projects to the GitLab platform from GitHub after purchase by the last company Microsoft.
Mass migration on GitLab is caused by concerns of developers on the fact that Microsoft can close a part of third-party projects open source and develop own developments.
However the CEO of Microsoft Satya Nadella promised that the company will not introduce restriction on programming languages, technologies and cloud services which will be used by developers on GitHub. According to Nadella, Microsoft will continue development of GitHub and will leave the platform open.
According to own data of GitLab, the number of new users of service for June 4, 2018 when Microsoft announced merger of GitHub, increased five times. On the platform more than 41 thousand projects were imported, and the number of new projects exceeded 75 thousand.
By the beginning of June, 2018 on GitHub there were about 80 million projects and over 28 million developers. The audience of GitLab does not reveal, in the company only speak about "millions" of users.
|Within 24 hours true madness was observed. We saw how thousands of developers translate the projects and report about it on Twitter — the CEO of GitLab Sytse Sijbrandij told Reuters agency.|
According to him, from the moment of the declaration of sale of GitHub by June 5 more than 100 thousand projects were transferred to GitHub, and the number of orders grew seven times.
In network more than 1000 tweets with a hashtag#movingtogitlab quickly appeared, and GitLab offered a discount in the amount of 75% for the tariff plans that "sweeten" the transaction and accelerate transition from GitHub.
The vice president of consulting company SPR Mark Sami believes that the user base GitHub will not be reduced considerably, and cited as an example Yammer service which audience significantly grew after sale of Microsoft.
Microsoft buys GitHub for $7.5 billion
On June 4, 2018 the Microsoft corporation announced reaching an agreement on acquisition of GitHub web service which audience for May, 2018 totals more than 28 million developers. Thanks to the transaction the corporation expects to expand number of users of the tools and services for developers.
Under the terms of the agreement, acquisition value will be $7.5 billion. It is expected that the transaction will be closed by the end of 2018 after accomplishment of all necessary conditions and receiving approval from regulators.
According to the statement of Microsoft, upon completion of the transaction of GitHub to continue to work independently, providing the open platform for developers from the most different industries. Besides, developers, as before, will be able to give preference to any programming languages, tools and operating systems when developing the projects.
The post of CEO GitHub will be held by Nat Friedman, the vice president of Microsoft, the founder of Xamarin company and the expert in the field of open source-solutions. In turn, the current head of GitHub Chris Wanstrath will become the technical specialist of Microsoft accountable to the executive vice president Scott Guthrie, and will be responsible for development of strategic initiatives in software development area.
According to estimates of Microsoft, acquisition of GitHub will render accretive effect on an operational не-GAAP the profit of corporation for 2020 financial year.
The largest DDoS attack in the history
In March, 2018 it became known of the strongest hacker attack in the history which collapsed GitHub. In the evening on February 28 and at night for March 1 the known service for a hosting of IT projects and their joint development coped with DDoS-traffic which at peak reached 1.35 Tbit / page.
The attack was performed from more than one thousand different autonomous systems through tens of thousands of unique endpoints. The so-called Memcached servers were used. According to researchers, protocol implementation of UDP in such servers is wrong, and any can make the large attack of DDoS with hardly any trouble at all.
According to Wired, DDoS attack lasted more than eight minutes, but its power, most likely, was the biggest during all the time — at least, among all incidents which it was announced publicly. For comparison, that which in 2016 was endured by the supplier of DNS services of Dyn was considered as the former largest attack. Then a large number of the large websites suffered, and the power of the attack reached 1.2 Tbit / page.
Thus, GitHub got off light, service was unavailable only about 10 minutes. The company explained that its IT infrastructure was created with such accounting that it could sustain five times more traffic, than in the DDoS attack largest before.
Besides, for mitigation of the consequences of cyberattack the administration of GitHub addressed a startup of Akmai Prolexic which specializes in cleaning of traffic of "garbage" packets, redirecting them bypassing the attacked service.
According to Hardik Modi (Hardik Modi), the senior director of department of cybersecurity development and response to threats of division of Arbor Networks of NetScout company, use of Memcached does not require the appeal to huge botnets. GitHub became the largest purpose for such attacks, however it can be only the beginning before attacks on other large companies, the expert warns.
2016: Leadership of Microsoft in popularity of Open Source-проектов among developers
In September, 2016 service for developers SOFTWARE GitHub published statistics, work-related the portal in a year. In the report leadership Microsoft in the number of participants in open projects is noted.
In 2016 Microsoft won first place by the number of the users of GitHub participating in Open Source-проектах of the companies. The software giant has 16,419 developer users of service. Facebook with 15,682 users was at the second place on this indicator.
According to the head and the founder of GitHub Chris Wanstrath, Microsoft it is really interested in participation in community Open Source. In an interview of Fortune Wanstrath noted the following:
|More people from outside, than people who work in Microsoft participate in the big .NET-project.|
By September, 2016 5.8 million active users, 331 thousand organizations and 19.4 million repositories are provided to GitHub. Microsoft vscode (a repository of the Visual Studio Code project) took the sixth place in the list of repositories with the greatest number of participants (5855). On the first position Font-Awesome was located ( 10,654 developers; the Font Awesome project is an ikonochny font and CSS tools).
The commitment of Microsoft to the Open Source projects is performed within strategy which the company calls Microsoft loves Linux. The IT giant tries to adhere to this principle in everything: in 2016 nearly a third of virtual machines in a cloud of Azure work under Linux, SQL Server for Linux was released and also the source code.NET is open. Microsoft actively participates in different Open Source-проектах, including OpenSSH, FreeBSD, Mesos, Docker, Linux, etc.
In statistics of GitHub it is also said that for the 12-month period which end fell on September, 2016 Russia took the fourth place on growth of number of users of service — them increased for 74%. The greatest rise happened in China (+97%).
2015: GitHub officially comes to Russia
On November 12, 2015 it was announced official entry of GitHub into the Russian market. The partner of this service for a hosting of IT projects and their joint development from Russia selects distribution company VDEL.
Within the signed partnership agreement also implementation of methodologies of fast programming will be engaged in VDEL in technology and commercial business development of GitHub in such directions as localization, cooperation with technical institutes and universities, technology development for use in public institutions.
Besides, VDEL will advance the paid corporate product GitHub Enterprise in Russia and the CIS. Thanks to it clients of service will not need "worry concerning the last legislative modifications concerning a personal data storage in Russia", the chief executive of VDEL Milan Prohaska noted to Kommersant.
"We received the strong ally — the area manager of GitHub Marko Berkovich says. — Russia – one of the most active countries in Europe on use of GitHub for work on projects with the open code".
The independent developer of mobile applications Oleg Ovechkin using GitHub generally for storage of the code of mobile applications announced the newspaper that he does not represent why the Russian localization as many developers got used to read and write in English was necessary for service.
The head of Postgres Professional Oleg Bartunov explains appearance of the representative of GitHub in Russia with "a political situation". He reminded that the competitor of GitHub — the American SourceForge resource — since February 1, 2015 because of sanctions of the USA blocked access to users from the Crimea.
"It is possible therefore GitHub wants to be localized. Or believe that sanctions will cancel" — Bartunov considers.
- ↑ of Users of GitHub phishers attack
- ↑ For the Russian code will open storage
- ↑ GitHub to store software repositories at Piql's long-term storage data center in Svalbard
- ↑ GitHub says 80 percent of repository contributions come from outside the U.S.
- ↑ GitHub starts blocking developers in countries facing US trade sanctions
- ↑ Open-Source ‘Great Satan’ No More, Microsoft Wins Over Skeptics
- ↑ Microsoft-Owned GitHub Just Made It Free for Coders to Keep Projects Private in Small Teams
- ↑ GitLab gains developers after Microsoft buys rival GitHub
- ↑ Microsoft to acquire GitHub for of $7.5 billion
- ↑ GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED
- ↑ Microsoft has more open source contributors on GitHub than Facebook and Google
- ↑ GitHub was coded