Weak cryptographic standards removed

Earlier today we permanently removed support for the following weak cryptographic standards on github.com and api.github.com:

  • TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com.
  • diffie-hellman-group1-sha1: This applies to all SSH connections to github.com
  • diffie-hellman-group14-sha1: This applies to all SSH connections to github.com

This change was originally announced last year, with the final timeline for the removal posted three weeks ago. If you run into any issues or have any questions, please don’t hesitate to let us know.

Label improvements: emoji, descriptions, and more

Organizing issues and pull requests with labels can help you manage the chaos and be more productive. To support your labeling efforts and make labels even more useful, we've made a few enhancements.

Using emoji in labels

Emoji

When words are just not enough, include emoji in your labels to express yourself and the needs of your project through tiny images.

Descriptions

Add descriptions to your labels to provide even more context and help your contributors apply the right ones to their issues or pull requests. Descriptions will appear when you hover your mouse over labels around GitHub.

Search

Now that labels include descriptions, we've added search to the "Labels" page of each repository to help you find the one you're looking for. Filtering labels in the sidebar of your issue or pull request also filters by description.

Preview

When editing a label, you'll now see a preview of how it will appear once you save it. Use this preview to choose the perfect color or see how your emoji look.

API and Enterprise support for these features is coming soon!

Learn more about using and editing labels on GitHub

Africa, Nigeria, and their growing tech communities

Growing tech communities across Africa will continue to push the continent’s digital revolution forward while powering societal and cultural changes, and a key part of moving this digital revolution forward is increased internet and mobile access across the continent.

In the last decade, mobile access, favorable tech policies, and improved infrastructure and education earned Kenya and South Africa reputations as startup havens. Now, we can add Nigeria—the continent’s largest economy—to the list as its young, growing population and entrepreneurial spirit attract tech investments.

We recently partnered with Ingressive—a Lagos-based tech integration firm with reach across Nigeria, Kenya, Ghana, and South Africa’s tech ecosystems—to explore Lagos’s growing tech sector.

Here’s what we learned.

Nigeria’s youth will play a key role in its technology revolution.

Similar to the rest of the continent, Nigeria has a young population and growing workforce to fuel its technological revolution. Half of the country’s 182 million people are under 30 years old—and the youth population is growing fast.

Nigeria’s young people are enterprising, with 82 percent of them viewing entrepreneurship as a good career. In cities like Lagos and Ibadan, their excitement for software development and tech is clear from packed meetups on the ground.

Developers and entrepreneurs in Nigeria and across Africa are creating a range of projects and contributing to others on GitHub. Check out Tanzanian developer Geofrey Ernest’s utron, a lightweight framework for building fast, scalable and robust database-driven web applications, and Nigerian user interface designer and front-end developer Ire Aderinokun who builds and contributes to tools that make web applications accessible and compatible across devices and web browsers.

While young people in Nigeria are eager to join the tech sector, they also need training. To build their skills, they’re seeking support from a growing number of developer community meetups, conferences, and tech hubs. As of 2016, Nigeria was home to 23 tech hubs—and we should expect to see even more in response to growing demand.

Startups are leading Nigeria’s tech sector growth.

Nigerian startups have grown across industries—including financial technology (fintech), job training, agriculture, travel, and ecommerce—and entrepreneurs are creating products and services that address the challenges of their country’s developing infrastructure. For example, although Nigeria still relies heavily on cash, fintech companies are streamlining banking, payments, and money transfers to help more Nigerians bank digitally and take advantage of the country’s advancing banking system.

Startups like Flutterwave, Paystack, and Paga are a few examples of companies leading the way. From 2015 to 2017, African fintech startups, with the inclusion of Flutterwave and Paystack, raised more than $100 million combined. Flutterwave, a startup that has raised $10 million in funding, and Paystack, the first Nigerian startup accepted into Y Combinator, are not the only Nigerian-centric startups getting attention from foreign investors. Andela, a developer training school that trains African developers for engineering jobs across the globe, has raised $81 million to date and $24 million in 2016 alone from the Chan Zuckerberg Initiative—the organization’s first-ever investment. This investment interest is spreading across other African tech ecosystems and reached a record high of about $195 million this year.

The growing attention and investment in Nigerian and African startups will continue to support local tech communities, but government policies are needed to continue their growth.

Tech-friendly policies will support growing investments and partnerships.

Through increased investments and partnerships, Nigerian tech communities can transform the country’s economy and impact others far beyond its borders. The Nigerian government’s support and implementation of tech-friendly policies will be critical in making sure the sector keeps growing.

Government officials know they’ll have a key role to play in the success of Nigerian tech. In a recent keynote for Harvard Business School’s “Africa Rising” course (the program’s first of its kind and yet another indicator of growing interest), Nigeria’s Vice President Yemi Osinbajo noted that “Africa Rising” is also about improving standards of governance, among other factors.

The Nigerian government sees technology as crucial to the continent’s future. Pro-innovation lawmakers can help guide key policy issues like broadband access, free expression, privacy, security, and more.

Bringing it all together

While no one country can represent an entire continent, Nigeria indicates that growing tech communities will be supported by continued investment, partnerships, and policies built specifically for tech ecosystems across Africa.

To learn more about how Nigerians and Africans are building tools and using open source technology, check out this Made in Nigeria compilation along with our Made in Africa collection.

Deprecation notice: Removing anonymous gist creation

In 30 days, we'll be deprecating anonymous gist creation—a decision we made after a lot of deliberation. Anonymous gists are a handy tool for quickly putting a code snippet online, but as the only way to create anonymous content on GitHub, they also see a large volume of spam. In addition, many people already have a combination of tools authenticated with GitHub that allow them to create gists they own.

Current anonymous gists will always remain accessible, and it’s easy to create a GitHub account to make the most of a new gist. To learn more about creating gists, check out the documentation.

We'll deprecate anonymous gists using the following timeline:

  • March 19, 2018 19:00 UTC (11:00 am PST): Disable anonymous gist creation via the web and API.

GitHub joins amicus brief to protect sanctuary cities

Yesterday we filed an amicus brief alongside a group of other technology companies supporting San Francisco's and Santa Clara County's efforts to permanently block Executive Order 13768, which seeks to deprive sanctuary cities of federal funding. Sanctuary cities are jurisdictions that restrict local cooperation with federal immigration enforcement.

Why this matters

Nearly all U.S. technology hubs are in sanctuary cities. Sanctuary ordinances help local officials provide a safe environment for all residents, uphold human rights, and are one of a set of inclusive institutions that unlock increased wages across all income levels for both immigrants and non-immigrants in response to increased diversity.

Our amicus brief contributes three basic arguments from a technology and emerging company perspective:

  1. The order will encourage behavior that's antithetical to the values of innovative companies and their communities
  2. The order threatens nearly every major U.S. innovation hub's ability to provide basic services
  3. The order makes U.S. cities less safe

In other words, the order threatens many things that make Silicon Valley and other U.S. technology hubs attractive to the world’s best innovators and entrepreneurs, and undermines our ability to remain globally competitive.

The order is also bad for software developers worldwide, resulting in a net reduction of opportunity to collaborate and create great software—core parts of GitHub's mission. We support inclusive communities on our platform, but developers live in communities on the ground. We think it’s critical to foster collaboration, empathy, and innovation among all people, regardless of where they may be. Technology’s challenges are increasingly global and interconnected, and so our solutions must be as well.

How to get involved

Join us by supporting organizations that are fighting for inclusive communities like the ACLU.

To learn about human rights and their connection to developer opportunities, take a look at our our brief and the studies linked above—and keep building inclusive communities, both online and wherever you live.

Release Radar · January 2018

GitHub Release Radar · January 2018

From tougher security to more beautiful source code images, our first Release Radar of 2018 has something for everyone. Check out the latest tools that have been delighting and delivering since January.

osquery 3.0: SQL-powered operating system instrumentation, monitoring, and analytics

Osquery is a friendly, scalable way to query almost any infrastructure like a database, and monitor low-level operating system analytics, intrusion detection, compliance, and more.

We use osquery at GitHub with our custom macOS intrusion detection system to look for malicious activity on our team's laptops while respecting their privacy. Security firms, small startups, and large enterprises like Palantir also use it to avoid security vulnerabilities.

Let's say an attacker leaves a malicious process on a machine but deletes the binary. Osquery helps you run a query like SELECT name, path, pid FROM processes WHERE on_disk = 0; to catch it.

osquery 3.0 Screenshot

Did you know: The Osquery Team just relaunched their site, and it's all open source!

Godot 3.0: a game engine that's ready for the big leagues

Godot is a free, multi-platform 2D and 3D open source game engine with a huge set of tools, so you can focus on building your game without reinventing the wheel. With a flexible scene system, powerful visual editor, friendly content creation pipeline, and an amazing community, this is a must-try for game developers.

Godot 3.0 is a huge release, so be sure you check out all the new features and changes in the 3.0 announcement.

Godot 3.0 Screenshot

Did you know: The overall winner of this year's Game Off, a game called Daemon vs. Demon, was built with Godot.

Carbon 2.0: share beautiful images of your source code

Whether you're tweeting or presenting snippets, Carbon and the Dawn Labs Team are giving you everything you need to make your code images more beautiful—a la Leo Lamprecht's tweets.

Screenshot generated by Carbon 2.0

Did you know: The output of the Python code above might not be what you expect. The boolean value for the datetime.time object was considered to be False in Python 3.5 and lower if it represented midnight in UTC. The output here is actually ('Time at noon is', datetime.time(12, 0)). See more Python snippets with surprising results

Detectron: a new object detection research tool

Facebook Artificial Intelligence Researchers (FAIR) open sourced Detectron, a system for state-of-the-art object detection research written in Python using Caffe 2.

In addition to enabling research projects, we're sure it has many practical applications—like detecting that your boss is sneaking up on your desk. Learn more about Facebook open sourcing Detectron

Detectron

Face Alignment 1.0: detect facial landmarks

Wouldn't it be neat if you could detect faces in both 2D and 3D? Face Recognition built with Python and PyTorch does just that.

Detect 3D facial landmarks in pictures

Spaceship 3.0: a Zsh prompt for astronauts

Spaceship touts itself as a minimalis, customizable Zsh prompt combining everything you need to be productive, without unnecessary complications just like a real spaceship. Read more about it in the 3.0 announcement post.

Screenshot of Spaceship Prompt

That's just a handful of releases you shipped last month—keep them coming! If you've got a release that should be on our radar, send us a note.

My first semester using GitHub at Rice University

In the third programming course in the computer science major, Dan Wallach wants students to master programming in Java with a high degree of rigor and at a large scale. This past semester in his Comp215 course, he chose to use Java8, IntelliJ, and GitHub to implement a test-driven development workflow.

Teaching concepts with a long shelf life

Wallach sees three supporting “ladders” at work in his curricula: Java programming, software design, and tools like Checkstyle, Error Prone, Gradle, and GitHub.

Wallach encourages his students to focus less on specific tools and more on their fundamentals. “I want to teach ideas and concepts that’ll have a long shelf life. So 10 years from now, is IntelliJ going to be the thing? Is Java even going to be the thing? Probably not,” he said. “But mapping a function over a list to get another list, that will be there 10 years from now.”

Moving from Subversion to GitHub with Travis CI

Dan was looking for a scalable, reliable solution for his course: In 2015 the peak loads from his students’ work crashed their campus Subversion server, forcing them to extend their deadlines and ultimately run a private server, requiring significant assistance from Rice’s IT group.

He decided to move to GitHub and use GitHub Classroom in the fall of 2017.

I had confidence that GitHub would make sure their service would be up and available. Their commercial business depends on high uptime.

Dan used GitHub Classroom, a teacher-facing tool that enables the GitHub workflow for courses, to distribute assignments, and Travis CI to run unit tests.

I was initially worried that the complexity of Git would be a pain point for my students. As an example, I was afraid of having to explain to a student what a "detached HEAD state" might be. In practice, this was never an issue. We steered students to using IntelliJ’s front-end for Git, keeping them from getting into too much trouble. It's a nice bonus that students can visit the web page for their repo and double-check that everything was correctly pushed.

Dan's Comp215 Course
Unit tests in 215
An example of distributing an assignment through GitHub Classroom and tests through Travis CI.

Nurture collaboration through filling in holes

As the semester progresses, his students get better at “filling in holes,” Wallach said. Initially, Wallach provides his students with code that has missing pieces.

After they fill in those holes with their own code, he introduces a more complex activity: Build an application from the library of code they’ve previously helped build.

“Every week builds on the previous week. I give you a bunch of code including a correct implementation of the prior week’s project, you write tests and add missing features, and then you submit it,” he explained.

Laying the groundwork for strong collaboration

Wallach has what he calls a “controversial” position on pair programming: He doesn’t use it in his classroom. He sees pairing as only one path to collaboration.

“Learning to use Git, from scratch, is hard enough without collaboration,” he said. He’d seen his students try to pair while learning Git:

“Hey, you didn’t push your changes.”
“What? Yes, I did.”
“Okay, now I’ve got a merge conflict.”

While that back and forth is a kind of collaboration, Wallach wants to set students up for success.

There's plenty enough to learn about version control systems in a solo environment. Comp215 is many of our students' first experience using development tools on their own computer, as opposed to in a browser. Partner-based collaboration with Git requires a more sophisticated understanding to deal with merge conflicts, pull requests, and so forth.

By having his students work by themselves first, Wallach prepares them with the habits and mental models for subsequent classes in the curriculum where they work in teams.

Contributing back to the GitHub Education community

Wallach built several scripts to help with his class workflow and shared them with the GitHub Education community. For example, Git takes its commit times from the clock on the students’ computers. When Wallach spotted a student attempting to use this to submit after a deadline—using his Travis CI/GitHub workflow which logs the time on Travis and cannot be forged by a student—he made a tool to produce a nice table with a given student’s commit times and GitHub’s push time.

Wallach encourages collaboration through his GitHub contributions and his classroom. And his groundwork has paid off. He often hears from past students that his class prepared them for a workplace environment. By teaching skills that have a long shelf life, Wallach's students feel ready to collaborate in the long term.

Here are some of Wallach’s helpful contributions to the GitHub Classroom community of tools:

Open source project trends for 2018

Project trends

Last year, GitHub brought 24 million people from almost 200 countries together to code better and build bigger. From frameworks to data visualizations across more than 25 million repositories, you were busy in 2017—and the activity is picking up even more this year. With 2018 well underway, we're using contributor, visitor, and star activity to identify some trends in open source projects for the year ahead.

Project trends

ghblog-fastestgrowingcommunities-graphic

Cross-platform development

Some of the projects that experienced the largest growth in activity were focused on cross-platform or web development. For example, Angular/angular-cli had 2.2 times more contributors in 2017 than in 2016. You contributed more, visited more often, and starred projects related to Angular/Angular, Facebook/React, and Electron/Electron. These projects simplify the development process, shortening the time from start to deployment across desktop and mobile platforms.

Deep learning

You've also been rallying around deep learning projects. Across multiple industries, artificial intelligence is solving a host of complex and interesting problems. You've helped drive that interest by upping your contributions to and visits to projects like Keras-team/Keras and Mozilla/DeepSpeech. TensorFlow/TensorFlow had 2.2 times more visits in 2017 than in 2016, and TensowFlow/models had 5.5 times more visits!

New skills

Your commitment to developing coding skills is unparalleled. You starred projects, many created in 2017, related to learning to code, getting coding jobs, and coding best practices. For example, Chalarangelo/30-seconds-of-code and norvig/pytudes provide code examples in javascript and python respectively to help you brush up on your fluency in these languages. jwasham/coding-interview-university and yangshun/tech-interview-handbook provide resources for how to pass the interview process for software engineering roles. i0natan/nodebestpractices, alibaba/p3c, and thedaviddias/Front-End-Checklist provide best practices for writing code and organizing projects.

Methods

How did we discover these trends? We looked at three different types of activity. First, we identified the top 100 projects that had at least 2,000 contributors in 2016 and experienced the largest increase in contributors in 2017. We also identified the top 100 projects that received the largest increase in visits to the project's repo in 2017. Finally, we identified the top 100 projects that received the most new stars in 2017. Combining these lists, we categorized projects into broad communities and looked at the communities that were the most represented at the top of the lists.

We were impressed with the range of creative projects that emerged. You scratched the itch to keep track of your favorite NBA teams from the command line while you code, and you still found time to create an Android app for journalists and activists to securely monitor their homes and offices. Well done!

Learn more

If you'd like to see a lot more data covering what the GitHub community was up to from September 2016 through September 2017 including the most forked projects, the most social projects, and the most reviewed projects, check out the report we released at Universe: The State of the Octoverse.

You can also see who top contributors to open source in 2017 were in Felipe Hoffa's analysis on Medium.

And head over to our redesigned Explore experience to find the latest project collections and trending topics on GitHub.

Explore projects

Weak cryptographic standards removal notice

Last year we announced the deprecation of several weak cryptographic standards. Then we provided a status update toward the end of last year outlining some changes we'd made to make the transition easier for clients. We quickly approached the February 1, 2018 cutoff date we mentioned in previous posts and, as a result, pushed back our schedule by one week. On February 8, 2018 we'll start disabling the following:

  • TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and git connections to https://github.com and https://api.github.com.
  • diffie-hellman-group1-sha1: This applies to all SSH connections to github.com
  • diffie-hellman-group14-sha1: This applies to all SSH connections to github.com

We'll disable the algorithms in two stages:

  • February 8, 2018 19:00 UTC (11:00 am PST): Disable deprecated algorithms for one hour
  • February 22, 2018 19:00 UTC (11:00 am PST): Permanently disable deprecated algorithms

For more details, head to the Engineering Blog.

Contribute to popular topics on GitHub

Topic pages on GitHub help you find repositories that match your interests—from Chrome extensions and cryptocurrency projects to web application frameworks like React. The pages also provide insight into the topic itself with a description of the subject matter, links to helpful articles, and suggestions for related topics. And, most importantly, anyone can contribute to topic pages through our Explore repository.

If you have some expertise to bring to topic pages, we've compiled a list of popular topics that don't have a lot of context, yet. Help us add information to these pages, so others can learn more about what's on GitHub. Whether you're a new contributor or a subject matter expert, your pull requests are welcome! This could be a good fit for your first open source contribution or as a project for Open Source Friday—no code required.

Browse topics that could use your help

GitHub for data scientists: a webcast series

The field of data science has seen enormous growth over the last few years. Organizations increasingly leverage data as a strategic asset that data scientists turn into meaningful insights. These days, data science and machine learning are essential to software products that need to classify information, and deliver personalized experiences and unique interactions with users.

R and Python are popular programming languages in data science because they combine text with code to clean and explore data for reproducible insights. As data science and machine learning are iterative processes for testing new ideas, Git and GitHub are ideal tools for tracking changes and working together.

Git and GitHub help data scientists:

Organize work

  • Store projects in GitHub repositories to organize work, track changes, and provide a clear and well documented path for analysis
  • Integrate with popular editors like RStudio, PyCharm, and Atom. You can also edit files directly on GitHub
  • Identify, assign, and keep track of team tasks with issues and project boards

Maintain quality

  • Talk through ideas, discuss details, and conduct reviews with pull requests
  • Run automated builds and tests for more complex projects to reduce bugs and maintain quality

Collaborate and share

  • Collaborate with product developers and integrate machine learning features into their projects through forks
  • Host your rendered R or Jupyter notebooks directly from your GitHub repositories
  • Allow others to validate and verify your findings or learn from your experiences

Webcast schedule

Our data science webcast series will explore the different ways data scientists use Git and GitHub:

  • GitHub for data scientists: on February 21 we will kick-off this series by sharing best practices on how GitHub can be used in a data science workflow.
  • Conversation with Pirelli: on March 22, our second webinar will feature Carlo Tornai, Global Director of Digital Product Development at Pirelli.
  • How GitHub is using data science: on April 26, the third and final webinar will introduce you to the GitHub data science team to discuss how we are using insights to improve the GitHub experience.

We look forward to seeing you there!

Commit together with co-authors

With faster onboarding for junior developers, increased code quality, and more thorough code review, it's easy to see why more developers than ever are writing code collaboratively. Your team's (and our own) great results from social coding motivated us to popularize the pull request—and more recently—bring real-time collaboration to your text editor with Teletype for Atom. Today, we're building on these tools with support for multiple commit authors.

Commit co-authors makes it easy to see who has contributed to every commit, regardless of how many contributors there are—and every author gets attribution in the pull request and in their contribution graph.

coauthors-new

How it works

To add co-authors to a commit, just add one or more "Co-authored-by" trailers to the end of the commit message:

Commit message

Co-authored-by: Joel Califa <602352+califa@users.noreply.github.com>
Co-authored-by: Matt Clark <44023+mclark@users.noreply.github.com>

Include your trailers at the end of your commit message, and have at least one line of white space before them.

Learn more about using trailers

Try co-authors out today anywhere on the GitHub platform, including GitHub Desktop.

Multiple issue and pull request templates

Issue and pull request templates help teams gather the right information from the beginning of a thread, but sometimes one template just isn't enough. Now project maintainers can have and use multiple templates in their repositories.

feature request template

To add multiple issue templates to a repository create an ISSUE_TEMPLATE/ directory in your project root. Within that ISSUE_TEMPLATE/ directory you can create as many issue templates as you need, for example ISSUE_TEMPLATE/bugs.md. To use those issue templates add ?template= and your template name to the new issue URL. Continuing the example, if you create the template bugs.md you add ?template=bugs.md to the new issue URL, so it becomes /issues/new?template=bugs.md.

bug request template

Your default ISSUE_TEMPLATE.md files will continue to work as the default when a template isn't specified in the new issue URL. Pull request templates follow the same pattern: add a directory called PULL_REQUEST_TEMPLATE to the root directory of your repository, and add the ?template= to your pull request URLs. And if you're worried about extra clutter in the root directory of your project, all of these directories work within the .github folder as well

To read more or learn about additional options, check out the documentation.

Report content directly to GitHub Support

Repository owners, collaborators, and prior contributors to a public repository can now more easily report comments, issues, pull requests, and commit comments to GitHub Support.

Reportable comment

Selecting the icon above will open a new contact form where you can provide more information and additional screenshots. You can also let us know whether it's a spammy, harmful, or off-topic comment.

Contact support form

Comment authors also have the ability to report their own comments if another person has edited their comment in an abusive manner.

Report your own comment if edited by another person

Check out the documentation to learn more about reporting comments.

Webcast recap: Your favorite ways to work with GitHub

webcast banner card

Integrated development environments (IDEs)

2017 was a busy year for IDEs and GitHub. From new additions like Xcode to complete rewrites of some of our favorites like GitHub Desktop, there's been a lot to cover.

The GitHub Professional Services Team (and special guests from each respective organization!) recorded a full webcast series to help you catch up on some of our favorites and kick off 2018 right. If you weren't able to attend live, check out our list of full recordings below to learn more and improve your day-to-day GitHub interactions with the tools you already use.

What's next?

2018 is all about integrated tools to build on and improve your workflow.

To show you how easy it is to get started with our freshly-launched GitHub Marketplace, we'll be diving into a few different types of products that can make your job easier.

We already kicked off the series with Code Quality through Codacy. Black Duck (open source security) and Sentry (error reporting) are coming up!

Register here