Here's How The GitHub Mobile Team Ships Releases With Automation

The GitHub Mobile team published a report on Wednesday sharing how they ship releases using automation.

Shipping a mobile app is not an easy task. Before a build goes out to our users’ hands, we must make sure the end result is properly built, all written tests are passed, and any critical issues are captured by testing. Also, we compose release notes with changes since our last update. All of these tasks can be quite time-consuming.

GitHub Fixes NPM Bugs That Leaked Private Package Names

GitHub has fixed several flaws with npm packages that leaked private names and let attackers publish new versions of a package they didn’t have rights to.

The data leak was identified by GitHub on October 26th and by the 29th, all records containing private package names were deleted from the npm’s replication database. Although, GitHub does warn that despite this, the service is consumed by third parties who may, therefore, continue to retain a copy or “may have replicated the data elsewhere.”

GitHub No Longer Accepts Passwords, Use Security Keys Instead

GitHub will no longer accept passwords when authenticating Git operations and will require the use of strong authentication factors. Yubico also posted about the announcement here, and its 2FA hardware keys are an acceptable solution for GitHub users.

In December, we announced that beginning August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations and will require the use of strong authentication factors, such as a personal access token, SSH keys (for developers), or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on With the August 13 sunset date behind us, we no longer accept password authentication for Git operations.

New Features in GitHub Issues for Planning and Tracking

New beta features within GitHub Issues help development teams improve their planning and tracking.

Today, we are announcing new beta features within GitHub Issues to connect your planning directly to the work your teams are doing, and flexibly to adapt to their needs: project tables that are built like spreadsheets, custom fields, a keyboard driven command palette, improved task lists, and issue forms.

GitHub Desktop 2.9 Update Adds M1 Mac Support

GitHub Desktop was recently updated to version 2.9, and the team shared some of the new features included, such as squash and reorder commits. Users can now download a native build for their M1 Mac.

If a group of commits represents a single unit of work, or if a project requires that each pull request only has one commit, simply drag them on top of one another to squash them together and add a new commit message that captures the whole picture.

GitHub Adds Support for Security Keys Over SSH

GitHub announced on Monday that it enabled support for two-factor authentication security keys when members use them over SSH.

When used for SSH operations, security keys move the sensitive part of your SSH key from your computer to a secure external security key. SSH keys that are bound to security keys protect you from accidental private key exposure and malware. You perform a gesture, such as a tap on the security key, to indicate when you intend to use the security key to authenticate. This action provides the notion of “user presence.”

GitHub Codespaces Lets You Code Visual Studio on an iPad

GitHub has a new tool it’s working on called Codespaces. It gives you a full Visual Studio coding experience in a browser. This means it can work on an iPad, Mac, and PC.

Codespaces sets up a cloud-hosted, containerized, and customizable VS Code environment. After set up, you can connect to a codespace through the browser or through VS Code.

I think this is exciting news. I don’t having programming experience but one argument in the “iPad computer replacement” debate is that developers can’t code on it.

GitHub Preserves its Code in the Arctic World Archive

GitHub plans to store all of its open source code in the Arctic World Archive to prepare for possible doomsday scenarios.

The data is stored on reels of film coated with iron oxide powder. It can be read by a computer or — in the event of a global power outage — a human with a magnifying glass. Crucially, this film will last for 1,000 years. Among the first data deposit at the vault is the source code for Android and Linux operations systems, as well as a range of programming languages, web platforms, cryptocurrencies and AI tools. GitHub is planning on having all active public repositories stored by February 2020.

This sounds like a neat project. It also sounds like the Arctic World Archive is “around the corner” from the Doomsday seed vault, another preservation project. Note: The photo I chose for the featured image is of that seed vault.

GitHub Sponsors Lets You Pay Your Favorite Open Source Contributors

GitHub Sponsors is a way to support the developers who build open source software. It’s currently in beta.

As a thank you for these valuable contributions, GitHub Sponsors charges zero platform fees when you support the work of other developers. We’ll also cover payment processing fees for the first 12 months of the program to celebrate the launch. 100% percent of your sponsorship goes to the developer.

I love this idea. GitHub is one of the only open source “app stores” we have that isn’t tied to Android or Linux.


Check Out the Apple Watch Faces Steve Troughton-Smith Designed

Steve Troughton-Smith does more than post Apple product leaks. He’s also a professional coder, and his latest pet project shows why it would be cool to get third-party faces for Apple Watch. He’s come up with some pretty interesting watch faces, plus he posted the example code on Github so you can experiment with your own—assuming you’re a developer. I get Apple not wanting horribly garish watch faces, but maybe they could partner with some developers or make a watch face screening process. I know I’m ready for some options outside of Apple’s limited pool.

Use MAC Addresses to Figure Out How Old Network Devices Are

If you can get a device’s MAC address, you can figure out how old it is. MAC addresses are unique identifier numbers for the devices on a network, and it turns out you can use them to get an idea of the age of devices. That’s handy if you’re trying to gather more data about what’s on your network, and like every other tool, can be used for good or bad. The data is all in a freely accessible CSV file on Github.

You Can Finally Jailbreak Your Apple Watch

iPhone jailbreaks are almost as old as, well, the iPhone. Apple Watch jailbreaks, however, haven’t been a thing until now. A developer going by the name Tihmstar on GitHub is sharing an Apple Watch jailbreak dubbed jelbrekTime for Apple Watch Series 3 running watchOS 4.1. The hack isn’t really useful for average users, but it does give developers a deeper look under the hood, so to speak, which could be helpful for the apps they’re developing. OK developers, start making us some crazy-cool watch faces.

Cybersecurity Tech Accord, Cyberwar Is Now, Social Network Inertia - ACM 458

In this episode, Bryan Chaffin and Jeff Gamet dissect the Cybersecurity Tech Accord, a pledge by 34 tech companies to do something vague and unlikely. The timing for the announcement is somewhat interesting because we are in the middle of an undeclared shadow cyberwar. They cap the show analyzing what it might take for any new social network to supplant Facebook.

Record and Live Stream Animoji with AnimojiStudio

If you have an iPhone X and want to record Animoji longer than 10 seconds, and don’t want to have to send your creations to someone just so you can save them, AnimojiStudio has you covered. The Maccast’s Adam Christianson turned me on to the app, and it’s pretty awesome. You can record and save Animoji videos without Apple’s built-in 10 second cap, and you can live stream your Animoji-fied self on services like Periscope. AnimojiStudio is free, but comes with a catch: it uses Apple’s private APIs so it isn’t on the App Store. You’ll need a paid or free developer account and Xcode to compile and install the app, or sideload the precompiled IPA file.