GitHub isn’t the only hosted enhanced Git service, and GitHub Enterprise isn’t the only on-premises product for companies. Atlassian Bitbucket competes with both of them, with slightly lower pricing and with a free five-member team level that includes unlimited private repos and the use of Bitbucket Pipelines for continuous integration. GitHub is a more popular site for open source projects and it has a much larger pool of open source developers. Bitbucket’s pricing used to be more favorable for small startups. Now that GitHub allows unlimited private repos on free and team accounts, that’s no longer the case.
GitHub vs. GitLab
GitLab competes with both GitHub and Bitbucket, both hosted and on-premises. On the surface, GitLab appears to have more lifecycle functionality than the others, but the difference from Bitbucket mostly disappears if you include Jira when you evaluate Bitbucket. GitLab offers Gold-plan cloud features to open-source projects for free, but that additional functionality doesn’t really compensate for the larger open-source developer community on GitHub.
GitHub Desktop
GitHub Desktop, shown below, makes it easy to manage your GitHub.com and GitHub Enterprise repositories. While it doesn’t implement all the features of the Git command line and the GitHub web GUI, it does implement all the operations you’ll do on a daily basis from your desktop while contributing to projects. Typically, you will clone repos from GitHub to GitHub Desktop, sync them as needed, create branches for your work, commit your work, and occasionally revert one or more commits.
To work with repos for which you lack commit and collaborate privileges, you typically start by forking the repo on GitHub and cloning the fork to your desktop. Then you add any branches you need in GitHub Desktop, commit any changes you wish, test your work, push the commits back to your remote forked repo, and finally generate a pull request to the parent project.
You can see the Pull Request button at the upper right of the GitHub Desktop interface. You can also see many commits in the Neo4j project that were merges of branches or pull requests. That’s typical of open-source projects with few committers and many contributors.
GitHub for open-source projects
Open-source software projects often need ways to enforce quality control while still accepting contributions from outside the core team of committers. The need for contributors is huge, but bringing new contributors into the project while maintaining the integrity of the codebase is a difficult and potentially dangerous undertaking. At the same time, the need for feedback from users of the project is also huge.
GitHub has a number of mechanisms that can help grease the wheels of open source projects. For example, users can add issues to the project on GitHub to report bugs or request features. Some other systems call these tickets. Project managers working with issues can generate task lists, assign issues to specific contributors, mention other interested contributors so that they are notified of changes, add labels, and add milestones.
To contribute to a project, you basically start from a topic head branch that contains the committed changes that you want added to the project base branch and initialize a pull request from the head branch, as shown below. Then you push your commits and add them to the project branch. Other contributors can review your proposed changes, add review comments, contribute to the pull request discussion, and add their own commits to the pull request.
Once everyone involved is happy with the proposed changes, a committer can merge the pull request. The merge can preserve all the commits, squash all changes into a single commit, or rebase the commits from the head branch into the base branch. If the merge generates conflicts, you can resolve them on GitHub or using the command line.
Code reviews on GitHub allow a distributed team to collaborate asynchronously. Useful GitHub tools for reviewers include diffs (the lower half of the screenshot below), history (the upper half), and blame view (a way to view the evolution of a file commit by commit). Code discussions on GitHub go into comments that are presented in line with your code changes. If the built-in tools don’t suffice for your project, you can add code review and continuous integration tools from the GitHub marketplace. Marketplace add-ons are often free for open source projects.
GitHub gists
Gists are special GitHub repositories for sharing your work (public) or for saving work for later reuse (secret). They can contain single files, parts of files, or full applications. You can download gists, clone them, fork them, and embed them.
Public gists can be discovered and found in searches. You can use keywords to narrow down what you find, including prefixes to restrict the results to gists from specific users, gists with at least N stars, gists with specific filenames, and so on.
Secret gists are not searchable, but anyone with the URL can see them. If you really want your code to be protected, use a private repository.
As we’ve seen, GitHub provides Git repositories as a service, along with features for code review, project management, integrations with other developer tools, team management, social coding, and documentation. While GitHub is not the only product in its category, it is the dominant repository for open-source software development.
Node.js v20.18.0, a just-introduced update to the Long-Term Support (LTS) version of the popular asynchronous, event-driven JavaScript runtime, features experimental network inspection support.
Introduced October 3, Node.js 20.18.0 enables users to inspect network activities occurring within a JavaScript application. Still in active development, this capability is initially limited to HTTP and HTTPS modules only. To use this feature, Node.js must be started with the command $ node --inspect-wait --experimental-network-inspection index.js.
Other highlights of Node.js 20.18.0 include a new option for the tls.createSecureContext API. Developers can use tls.create.SecureContext({allowPartialTrustChain:true}) to treat non-self-signed certificates in the trust CA certificate list as trusted.
Google’s Gemini 1.5 Flash-8B AI model is now production-ready. The company said the stable release of Gemini 1.5 Flash-8B has the lowest cost per intelligence of any Gemini model.
Availability was announced October 3. Developers can access gemini-1.5-flash-8B for free via Google AI Studio and the Gemini API. Gemini 1.5 Flash-8B offers a 50% lower price compared to 1.5 Flash and twice the rate limits. Lower latency on small prompts also is featured.
An experimental version of Gemini 1.5 Flash-8B had been released in September as a smaller, faster variant of 1.5 Flash. Flash-8B nearly matches the performance of the 1.5 Flash model launched in May across multiple benchmarks and performs well on tasks such as chat, transcription, and long context language translation, Google said.
For Python, developers now can run Python tests with coverage and get rich results in the editor, Microsoft said. To run tests with coverage, users must select the coverage run icon in Test Explorer or “Run with coverage” from any menu that triggers test runs. The Python extension will run coverage by using the pytest-cov plugin if developers are using pytest, or by using coverage.py if using unittest. Once the coverage is complete, lines are highlighted in the editor for line-level coverage. The Python extension also has added a default problem matcher, simplifying issue tracking in Python code and providing more contextual feedback.
The Source Control Graph in Visual Studio Code 1.94 features a new history item reference picker in the view title, allowing developers to use the reference picker to filter the history items shown in the graph to a different branch or to view multiple branches. The Source Control Graph also expands the list of actions available in the context menu for source control history items. Actions have been added to create a new branch/tag from a history item, cherry-pick a history item, and check out an item.
Business reputation and trust are always vulnerable; companies recognize that a security breach can instantly damage both. Indeed, you’ll get yourself on the morning news and watch your stock drop by 50%. By prioritizing security, businesses aim to safeguard their reputation and customer relationships.
Long-term cost implications mean that focusing initially on cost and scalability might seem feasible, but the long-term financial impact of security incidents can be severe. Most people in the cybersecurity space understand that risk equals money. The more risk, the less your systems are worth, considering the potential for a breach. Prioritizing security can prevent costly breaches and downtime.
Innovation and agility mean that to remain competitive, businesses need to innovate rapidly. A secure cloud infrastructure enables this by providing a reliable foundation for building and deploying new services without compromising data integrity or security.
For Python, developers now can run Python tests with coverage and get rich results in the editor, Microsoft said. To run tests with coverage, users must select the coverage run icon in Test Explorer or “Run with coverage” from any menu that triggers test runs. The Python extension will run coverage by using the pytest-cov plugin if developers are using pytest, or by using coverage.py if using unittest. Once the coverage is complete, lines are highlighted in the editor for line-level coverage. The Python extension also has added a default problem matcher, simplifying issue tracking in Python code and providing more contextual feedback.
The Source Control Graph in Visual Studio Code 1.94 features a new history item reference picker in the view title, allowing developers to use the reference picker to filter the history items shown in the graph to a different branch or to view multiple branches. The Source Control Graph also expands the list of actions available in the context menu for source control history items. Actions have been added to create a new branch/tag from a history item, cherry-pick a history item, and check out an item.
Additionally, it also has a separate tool, SAP Data Lake Builder, that can be used to ingest data from SAP. Other specific data ingesting tools on offer include BryteFlow for Oracle, BryteFlow for SQL, BryteFLow for SQL Server, BryteFlow for PostgreSQL, and integrations with Databricks, Teradata, Google BigQuery, and Apache Kafka.
What effect will the acquisition have?
BryteFLow’s existing customers may have to look elsewhere for help with data integration if they use databases other than SingleStoreDB: “Our number one priority is to integrate BryteFlow into SingleStore and bring value to our customers through SingleConnect. We have no plan to sell BryteFlow independently at this time, apart from some special cases,” SingleStore CEO Raj Verma said via email.
But there will be opportunities for SingleStore customers, said Duncan Van Kouteren, research analyst at Nucleus Research. “The acquisition will enable customers to integrate data from various sources while maintaining real-time data analytics functionalities by utilizing BryteFlow’s capabilities such as change data capture (CDC),” he said.
“Many developers use the same context repeatedly across multiple API calls when building AI applications, like when making edits to a codebase or having long, multi-turn conversations with a chatbot,” OpenAI explained, adding that the rationale is to reduce token consumption when sending a request to the LLM.
What that means is that when a new request comes in, the LLM checks if some parts of the request are cached. In case it is cached, it uses the cached version, otherwise it runs the full request.
OpenAI’s new prompt caching capability works on the same fundamental principle, which could help developers save on cost and time.
Putting a trusted execution environment on a PC is useful for more than securing AI. It protects sensitive data, adding a new level of protection beyond at rest and in motion: in use. While it does require more work to define and use a VBS Enclave, it’s worth it to have more security with only limited performance impact.
With Windows 11’s memory integrity tools, a VBS Enclave uses Windows’ integral hypervisor to create a new, isolated, high-privilege area of system memory: Virtual Trust Level 1. Most of your code, and Windows itself, continues to run at Virtual Trust Level 0. VTL 1 is used by a secure version of the Windows kernel, with its own isolated user mode. This is where your VBS Enclave runs, as part of an application that appears to cross the boundary between the two zones. In reality, you’re separating off the VTL 1 enclave and using secure channels to communicate with it from the rest of your application in VTL 0.
Using VBS Enclaves in your applications
So how do you build and use VBS Enclaves? First, you’ll need Windows 11 or Windows Server 2019 or later, with VBS enabled. You can do this from the Windows security tool, via a Group Policy, or with Intune to control it via MDM. It’s part of the Memory Integrity service, so you should really be enabling it on all supported devices to help reduce security risks, even if you don’t plan to use VBS Enclaves in your code.
public static class MyListExtensions
{
public static T GetLastElement(this List list)
{
if(list.Count > 0)
return list[list.Count - 1];
return default(T);
}
}
The GetLastElement is an extension method that returns the last element of a list. You can invoke this extension method using the following code snippet.
List integers = new List { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
int element = integers.GetLastElement();
Console.WriteLine(element);
Overloading an extension method in C#
Similar to other methods, you can also overload an extension method. The following code snippet shows how you can overload the Substring method of the string class to return a substring of a string. This overloaded Substring method takes the starting and ending index and a Boolean as parameters. The Boolean denotes if the returned string should be converted to upper case. If you pass true in this parameter when calling the extension method, the returned string will be converted to upper case.
OpenAI has introduced a public beta of the Realtime API, an API that allows paid developers to build low-latency, multi-modal experiences including text and speech in apps.
Introduced October 1, the Realtime API, similar to the OpenAI ChatGPT Advanced Voice Mode, supports natural speech-to-speech conversations using preset voices that the API already supports. OpenAI also is introducing audio input and output in the Chat Completions API to support use cases that do not need the low-latency benefits of the Realtime API. Developers can pass text or audio inputs into GPT-4o and have the model respond with text, audio, or both.
With the Realtime API and the audio support in the Chat Completions API, developers do not have to link together multiple models to power voice experiences. They can build natural conversational experiences with just one API call, OpenAI said. Previously, creating a similar voice experience had developers transcribing an automatic speech recognition model such as Whisper, passing text to a text model for inference or reasoning, and playing the model’s output using a text-to-speech model. This approach often resulted in loss of emotion, emphasis, and accents, plus latency.