TNS
VOXPOP
Will JavaScript type annotations kill TypeScript?
The creators of Svelte and Turbo 8 both dropped TS recently saying that "it's not worth it".
Yes: If JavaScript gets type annotations then there's no reason for TypeScript to exist.
0%
No: TypeScript remains the best language for structuring large enterprise applications.
0%
TBD: The existing user base and its corpensource owner means that TypeScript isn’t likely to reach EOL without a putting up a fight.
0%
I hope they both die. I mean, if you really need strong types in the browser then you could leverage WASM and use a real programming language.
0%
I don’t know and I don’t care.
0%
 
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Oracle Touts New AppDev Tools, Distributed Cloud Support
Sep 20th 2023 9:18am, by Chris J. Preimesberger
Next-Gen Observability: Monitoring and Analytics in Platform Engineering
Sep 12th 2023 4:00am, by Robert Kimani
Is Policy as Code the Cure for Multicloud Config Chaos?
Sep 11th 2023 12:13pm, by Tzvika Shahaf
Unlock Data’s Full Potential with a Mature Analytics Strategy
Sep 8th 2023 10:16am, by Venkat Ramakrishnan
Achieve Cloud Native without Kubernetes
Sep 7th 2023 8:57am, by Rak Siva
Harden Ubuntu Server to Secure Your Container and Other Deployments
Sep 16th 2023 6:00am, by Jack Wallen
Run GUI Applications as Containers with x11docker
Sep 9th 2023 6:00am, by Jack Wallen
Dive: A Simple App for Viewing the Contents of a Docker Image
Sep 2nd 2023 3:00am, by Jack Wallen
Kubernetes Isn't Always the Right Choice
Aug 21st 2023 7:02am, by Rak Siva
Monitor, Control and Debug Docker Containers with WhaleDeck
Aug 19th 2023 7:00am, by Jack Wallen
Edge AI: How to Make the Magic Happen with Kubernetes
Sep 14th 2023 4:00am, by Saad Malik
Cloud to Edge AI with a Mobile Database Platform
Aug 28th 2023 8:42am, by Mark Gamble
Dev News: React Still King, Vercel AI Tools, Netlify Connect
Jun 17th 2023 4:00am, by Loraine Lawson
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by Jason Myers
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
The Basics of Event-Driven Architectures
Sep 22nd 2023 7:45am, by Jim Moffitt
A Microservices Outcome: Testing Boomed
Sep 15th 2023 11:15am, by Alex Williams
Event-Driven Microservices Offer Flexibility and Real-Time Responsiveness
Sep 13th 2023 10:00am, by Hugh McKee
Britive: Just-in-Time Access across Multiple Clouds
Sep 7th 2023 3:00am, by Susan Hall
7 Steps to Highly Effective Kubernetes Policies
Sep 6th 2023 7:37am, by Wito Delnat
Performant and Programmable Telco Networking with eBPF
Aug 11th 2023 10:00am, by Bill Mulligan
Create a Samba Share and Use from in a Docker Container
Jul 29th 2023 6:00am, by Jack Wallen
CIOs, Heed On-Premises App and Infrastructure Performance
Jul 5th 2023 1:21pm, by Gregg Ostrowski
Hasura Launches New Data Network for APIs Only
Jun 29th 2023 9:36am, by Chris J. Preimesberger
Unveiling the Future of Application Networking: Trends and Impacts
Jun 28th 2023 11:06am, by Bilgin Ibryam
The Security-First Mindset to Unlocking the AWS Opportunity 
Aug 9th 2023 8:14am, by David Melamed
3 Reasons Why Teams Move Away from AWS Lambda
Jul 18th 2023 10:00am, by Jonathan Michaux
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
Battling the Steep Price of Storage for Real-Time Analytics
Sep 22nd 2023 6:00am, by B. Cameron Gain
Unlock Data’s Full Potential with a Mature Analytics Strategy
Sep 8th 2023 10:16am, by Venkat Ramakrishnan
Ditching Databases for Apache Kafka as System of Record
Aug 25th 2023 7:53am, by Andreas Evers
A Brief DevOps History: Databases to Infinity and Beyond, Part 2
Aug 16th 2023 7:15am, by Kat Cosgrove and Matty Stratton
How Quantic Improved Developer Experience, Scalability
Aug 14th 2023 6:24am, by Vigyan Kaushik
AI Frontend Development Software Development TypeScript WebAssembly Cloud Services Data Security
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by
Open Source Can Deflate the 'Threat' of AI 
Sep 22nd 2023 6:44am, by
Tech Works: When Should Engineers Use Generative AI?
Sep 22nd 2023 5:00am, by
Don't Listen to a Vendor about AI, Do the DevOps Redo
Sep 21st 2023 8:42am, by
Oracle Introduces New App Analytics Platform, Enhances Analytics Cloud
Sep 21st 2023 6:47am, by
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by
Developers: Is Your API Designed for Attackers?
Sep 20th 2023 11:24am, by
How Frontend Devs Can Take Technical Debt out of Code
Sep 19th 2023 8:06am, by
Dev News: A 'Nue' Frontend Dev Tool; Panda and Bun Updates
Sep 16th 2023 4:00am, by
Self-Hosted CDEs Preferred to SaaS in Large Orgs, Says Coder
Sep 14th 2023 11:45am, by
The Unity Lesson: How Developers Can Avoid Technology Lock-In
Sep 23rd 2023 5:00am, by
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by
3 Tips to Secure Your Cloud Infrastructure and Workloads
Sep 22nd 2023 12:05pm, by
Tech Works: When Should Engineers Use Generative AI?
Sep 22nd 2023 5:00am, by
Developers: Is Your API Designed for Attackers?
Sep 20th 2023 11:24am, by
Dev News: A 'Nue' Frontend Dev Tool; Panda and Bun Updates
Sep 16th 2023 4:00am, by
Dev News: Svelte 5 vs. VanillaJS and Google’s Project IDX
Aug 12th 2023 8:00am, by
Dev News: Dart Frog Now Stable, Redwood Updates Bundler
Aug 4th 2023 7:00am, by
Dev News: Spotify's TypeScript SDK, Retool Tools, Deno 1.35
Jul 15th 2023 7:00am, by
Quick Tips to Make Your SDK More Maintainable in TypeScript
Jul 5th 2023 10:21am, by
Can WebAssembly Get Its Act Together for a Component Model?
Sep 14th 2023 9:33am, by
WebAssembly Reaches a Cloud Native Milestone
Sep 11th 2023 7:50am, by
Is It too Early to Leverage AI for WebAssembly?
Sep 6th 2023 10:28am, by
Rust and C++ Work Better for WebAssembly
Aug 9th 2023 6:50am, by
Where Does WebAssembly Fit in the Cloud Native World?
Aug 3rd 2023 9:50am, by
Install Cloud Foundry on Azure Kubernetes Clusters
Sep 22nd 2023 1:13pm, by
MySQL HeatWave Gets Generative AI and JavaScript, Slew of New Features
Sep 21st 2023 10:18am, by
Oracle Introduces New App Analytics Platform, Enhances Analytics Cloud
Sep 21st 2023 6:47am, by
OpenAI Chats about Scaling LLMs at Anyscale's Ray Summit
Sep 19th 2023 8:58am, by
Google Continues Expansion of AI in Workspace, Dev Tools
Aug 30th 2023 8:47am, by
5 Hard Problems in Vector Search, and How Cassandra Solves Them
Sep 22nd 2023 9:48am, by
PostgreSQL 16 Expands Analytics Capabilities
Sep 22nd 2023 8:00am, by
Battling the Steep Price of Storage for Real-Time Analytics
Sep 22nd 2023 6:00am, by
MySQL HeatWave Gets Generative AI and JavaScript, Slew of New Features
Sep 21st 2023 10:18am, by
Oracle Introduces New App Analytics Platform, Enhances Analytics Cloud
Sep 21st 2023 6:47am, by
3 Tips to Secure Your Cloud Infrastructure and Workloads
Sep 22nd 2023 12:05pm, by
OAuth.Tools: The Online Tool That Goes beyond JWTs
Sep 22nd 2023 8:35am, by
What Is Infrastructure as Code Scanning?
Sep 21st 2023 6:10am, by
The 6 Pillars of Platform Engineering: Part 1 — Security
Sep 20th 2023 11:00am, by
What to Know about Container Security and Digital Payments
Sep 20th 2023 6:19am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
The Pillars of Platform Engineering: Part 3 — Provisioning
Sep 22nd 2023 6:22am, by Michael Fonseca
A Practical Step-by-Step Approach to Building a Platform
Sep 21st 2023 10:41am, by Hemanth Kavuluru
The 6 Pillars of Platform Engineering: Part 2 — CI/CD & VCS Pipeline
Sep 21st 2023 8:07am, by Michael Fonseca
CloudBees Scales Jenkins, Redefines DevSecOps
Sep 21st 2023 5:00am, by Darryl K. Taft
The 6 Pillars of Platform Engineering: Part 1 — Security
Sep 20th 2023 11:00am, by Michael Fonseca
How to Use the Docker exec Command
Sep 23rd 2023 6:00am, by Jack Wallen
3 Tips to Secure Your Cloud Infrastructure and Workloads
Sep 22nd 2023 12:05pm, by David Puzas
The Pillars of Platform Engineering: Part 3 — Provisioning
Sep 22nd 2023 6:22am, by Michael Fonseca
A Practical Step-by-Step Approach to Building a Platform
Sep 21st 2023 10:41am, by Hemanth Kavuluru
The 6 Pillars of Platform Engineering: Part 2 — CI/CD & VCS Pipeline
Sep 21st 2023 8:07am, by Michael Fonseca
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by Loraine Lawson
The 6 Pillars of Platform Engineering: Part 2 — CI/CD & VCS Pipeline
Sep 21st 2023 8:07am, by Michael Fonseca
CloudBees Scales Jenkins, Redefines DevSecOps
Sep 21st 2023 5:00am, by Darryl K. Taft
Lessons IT Can Steal from Hackers
Aug 31st 2023 3:00am, by Loraine Lawson
3 GitOps Myths Busted 
Aug 2nd 2023 3:00am, by B. Cameron Gain
Open Source Can Deflate the 'Threat' of AI 
Sep 22nd 2023 6:44am, by B. Cameron Gain
Tech Works: When Should Engineers Use Generative AI?
Sep 22nd 2023 5:00am, by Jennifer Riggins
Graydon Hoare Remembers the Early Days of Rust
Sep 10th 2023 6:00am, by David Cassel
Entrepreneurship for Engineers: a Post-Layoff Startup?
Sep 8th 2023 5:00am, by Emily Omier
Open Source Needs Maintainers. But How Can They Get Paid?
Sep 6th 2023 3:00am, by Heather Joslyn
Don't Listen to a Vendor about AI, Do the DevOps Redo
Sep 21st 2023 8:42am, by Alex Williams
CloudBees Scales Jenkins, Redefines DevSecOps
Sep 21st 2023 5:00am, by Darryl K. Taft
DevOps, DevSecOps, and SecDevOps Offer Different Advantages
Sep 15th 2023 5:00am, by John Ross
How to Create an Internal Developer Portal MVP
Sep 12th 2023 7:22am, by Mor Paz
Is Policy as Code the Cure for Multicloud Config Chaos?
Sep 11th 2023 12:13pm, by Tzvika Shahaf
A Microservices Outcome: Testing Boomed
Sep 15th 2023 11:15am, by Alex Williams
Edge AI: How to Make the Magic Happen with Kubernetes
Sep 14th 2023 4:00am, by Saad Malik
WebAssembly Reaches a Cloud Native Milestone
Sep 11th 2023 7:50am, by B. Cameron Gain
Kubernetes Building Blocks: Nodes, Pods, Clusters
Sep 11th 2023 6:00am, by Robert Kimani
Can ChatGPT Save Collective Kubernetes Troubleshooting?
Sep 8th 2023 7:54am, by Blair Rampling
Build a Home Internet Speed Test with Grafana and InfluxDB
Sep 19th 2023 9:24am, by Jessica Wachtel
Top Ways to Reduce Your Observability Costs: Part 2
Sep 12th 2023 9:38am, by Amanda Mitchell
Next-Gen Observability: Monitoring and Analytics in Platform Engineering
Sep 12th 2023 4:00am, by Robert Kimani
Top Ways to Reduce Your Observability Costs: Part 1
Sep 5th 2023 6:44am, by Amanda Mitchell
4 Key Observability Best Practices
Sep 1st 2023 9:11am, by Sophie Kohler
Kubernetes 1.28 Accommodates the Service Mesh, Sudden Outages
Aug 18th 2023 10:08am, by Joab Jackson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Security

Major Git Security Vulnerability Discovered Causing GitHub to Encourage Update to Git Clients

Dec 18th, 2014 2:11pm by
Featued image for: Major Git Security Vulnerability Discovered Causing GitHub to Encourage Update to Git Clients

A major Git security vulnerability has been discovered and has forced GitHub to issue a warning and request for users to update their Git clients.

According to a GitHub blog post, the vulnerability affects “all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. ”

Due to the vulnerability, GitHub is encouraging all of its users of GitHub and GitHub Enterprise to update their Git clients and be “particularly careful when cloning or accessing Git repositories hosted on unsafe or untrusted hosts.”

Here’s how the vulnerability works:

Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

Bryan Helmkamp, CEO and Founder of CodeClimate said the attacks are significant for a number of reasons:

The blog post explains that Github verifies and blocks malicious trees that trigger the vulnerability. They say that means repositories on github.com are protected. To further address the issue, GitHub has done a scan of existing content on github.com  in search of “malicious content that might have been pushed to our site before this vulnerability was discovered.”

Updated versions of GitHub for Windows and GitHub for Mac are available for download.

According to GitHub, more details on the vulnerability can be found in the official Git mailing list announcement and on the git-blame blog.

Group Created with Sketch.
Alex Williams is founder and publisher of The New Stack. He's a longtime technology journalist who did stints at TechCrunch, SiliconAngle and what is now known as ReadWrite. Alex has been a journalist since the late 1980s, starting at the...
Read more from Alex Williams
SHARE THIS STORY
RELATED STORIES
Demo: Reversing a Spring4Shell Attack with Prisma Cloud What to Know about Container Security and Digital Payments The Security Tooling Faceoff — Open Source Security vs. Commercial Harden Ubuntu Server to Secure Your Container and Other Deployments Common Cloud Misconfigurations That Lead to Data Breaches
RELATED STORIES
Demo: Reversing a Spring4Shell Attack with Prisma Cloud 3 Tips to Secure Your Cloud Infrastructure and Workloads Harden Ubuntu Server to Secure Your Container and Other Deployments How Attackers Bypass Commonly Used Web Application Firewalls SBOMs, SBOMs Everywhere
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.