The GitHub Blog

Last month, a number of allegations were made against GitHub and some of its employees, including one of its co-founders, Tom Preston-Werner. We took these claims seriously and launched a full, independent, third-party investigation.

The investigation found no evidence to support the claims against Tom and his wife of sexual or gender-based harassment or retaliation, or of a sexist or hostile work environment. However, while there may have been no legal wrongdoing, the investigator did find evidence of mistakes and errors of judgment. In light of these findings, Tom has submitted his resignation, which the company has accepted. Tom has been a huge part of this company from the very beginning and we appreciate all that he has done for GitHub. We wish him the best in his next endeavour.

As to the remaining allegations, the investigation found no evidence of gender-based discrimination, harassment, retaliation, or abuse.

We want to create a great place to work for all our employees and we can’t do that without acknowledging the challenges that exist in providing an inclusive work environment. We are implementing a number of new HR and employee-led initiatives as well as training opportunities to make sure employee concerns and conflicts are taken seriously and dealt with appropriately. We know we still have work to do.

Chris Wanstrath
CEO & Co-Founder

Come join @asenchi, @leongersing, @bkeepers, @spicycode, and me this Saturday, April 26 for a drinkup at Bell's Brewery. We'll be in town for Kalamazoo X but you need not be attending the conference to come hang out with us. We'd love to meet you and chat for a while! If the weather cooperates, we can take time and enjoy our and with the and on the patio.

The Facts:

• Saturday, April 26, 7:00 pm
• Bell's Brewery, 355 E. Kalamazoo Ave., Kalamazoo, MI

@mattgraham and @southgate will be in Recife for the Abril Pro Ruby conference on April 24th. We'll be running a workshop earlier in the day, but if you can't make that then please join us at 7pm at Impact Hub Recife for and general merry-making.

The Facts:

• Thursday, April 24th at 7pm
• Impact HUB Recife, Rua do Bom Jesus 180, Recife, Brazil

We love using GitHub to write notes on specific lines in a diff — now it's super easy to do from any smartphone!

Just bring up your favorite pull request or commit, tap the line you'd like to write a note on, and start the conversation!

On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library is key for maintaining privacy between servers and clients, and confirming that Internet servers are who they say they are.

This vulnerability, known as Heartbleed, would allow an attacker to steal the keys that protect communication, user passwords, even the system memory of a vulnerable server. This represents a major risk to large portions of private traffic on the Internet, including github.com.

Note: GitHub Enterprise servers are not affected by this vulnerability. They run an older OpenSSL version which is not vulnerable to the attack.

As of right now, we have no indication that the attack has been used against github.com. That said, the nature of the attack makes it hard to detect so we're proceeding with a high level of caution.

What is GitHub doing about this?

UPDATE: 2014-04-08 16:00 PST - All browser sessions that were active prior to the vulnerability being addressed have been reset. See below for more info.

We've completed a number of measures already and continue to work the issue.

1. We've patched all our systems using the newer, protected versions of OpenSSL. We started upgrading yesterday after the vulnerability became public and completed the roll out today. We are also working with our providers to make sure they're upgrading their systems to minimize GitHub's exposure.

2. We've recreated and redeployed new SSL keys and reset internal credentials. We have also revoked our older certs just to be safe.

3. We've forcibly reset all browser sessions that were active prior to the vulnerability being addressed on our servers. You may have been logged out and have to log back into GitHub. This was a proactive measure to defend against potential session hijacking attacks that may have taken place while the vulnerability was open.

Prior to this incident, GitHub made a number of enhancement to mitigate attacks like this. We deployed Perfect Forward Secrecy at the end of last year, which makes it impossible to use stolen encryption keys to read old encrypted communication. We are working to find more opportunities like this.

What should you do about Heartbleed right now?

Right now, GitHub has no indication that the vulnerability has been used outside of testing scenarios. However, out of an abundance of caution, you can:

1. Change your GitHub password. Be sure your password is strong; for more information, see What is a strong password?
2. Enable Two-Factor Authentication.
3. Revoke and recreate personal access and application tokens.

Stay tuned

GitHub works hard to keep your code safe. We are continuing to respond to this vulnerability and will post updates as things progress. For more information as it's available, keep an eye on Twitter or the GitHub Blog.

Computer science professor, Armando Fox, is one of the thousands of teachers who use GitHub to give their students hands-on experience writing software in teams.

On a recent trip to UC Berkeley, we spoke with Armando and some of his students about open source, education, and the essential experience gained by building software for a real customer.

Teachers and students are eligible for free private repositories on GitHub. Learn more at education.github.com.

Sometimes when you’re in the zone, you get a ton of work done before you have a chance to pause and commit. You want to break the commit down to describe the logical changes you’ve made, and it doesn’t always break down cleanly file by file. You want to select some parts of your changes to commit at a time. That’s easy in GitHub for Mac.

Select one or more lines to commit by clicking on the line numbers in the gutter. In the latest release, you can select a block of changes at a time. Hover over the right hand side of the line numbers to get a preview of what will be selected, and click to select.

You can select multiple lines or blocks of changes by clicking and dragging. The left of the line numbers will select line by line, and the right will select block by block.

Now you can commit your selected changes, leaving the rest for a later commit.

We've added support for editing labels on existing issues with the l hotkey.

You can also edit milestones and assignees the same way.

At GitHub, we use lists for collaborating on software development, because lists are a simple and powerful tool for collaborating on anything. That's why we're introducing better visualization of list arrangements in our rendered prose diff view.

In Markdown, making a list is incredibly easy. You can make an unordered list by preceding list items with either a * or a -.

* Item
* Item
* Item

Nested lists are very useful for associating supplementary information such as notes to an item. To nest a list, indent the nested items:

* A list item
  * A nested list's first item
  * A nested list's second item
  * A nested list's third item
* Another list item

For example, many teams use issues and pull requests to keep track of what they're working on right now, and use a Backlog to keep track of features that haven't been scheduled yet:

Tracking Changes Over Time

Being able to see changes over time gives teams a perspective on the features and requirements that have been added to projects. We can see at a glance when features are added:

Removed:

Or changed:

Whether numbered or not, the order of items is usually significant. Rendered prose diffs show you when items have been moved up or down:

Work together, better

It's easy to see when list items have been added, removed, changed, or moved, just as it's easy to review changes to all of your documents in GitHub.

And unlike other products that place your documents in their own "silos," you can use as much or as little of the GitHub toolset to manage and track your documents. Pull requests, organizations, commits, repos, issues, comments, source diffs, and rendered prose diffs: Everything is available and everything works together with your development tools.

GitHub makes collaborating with lists 1,337% more awesome by tracking and visualizing the changes over time using the same powerful tools your team already uses to manage your code.

Join us for GitHub's first-ever drinkup in Budapest on Tuesday, April 1!

@jhosman and @emilyistoofunky will be in town for the Write the Docs EU conference. Come join them at Lokál for on GitHub!

The Facts:

• Tuesday, April 1 at 7 pm
• Lokál Kávézó és Bár, Dob u. 18., Budapest

Egészségedre!

We're excited to be in town for the first ever Ruby Conference in the Philippines, and possibly even more excited to be hosting the after party!

On the last night of the conference, we'd like to invite you to come to Bugsy's Bar & Bistro and hang out with @michaeltwofish, @calavera, @rubiojr, and local lad @meatcoder.

This is open to everyone, even if you didn't make it to the conference, so come along. We'll buy you your favorite drink and we can all talk tech. Kita-kita tayo doon.

The Facts:

• Saturday, 29 March at 7 pm
• Bugsy's Bar & Bistro

If you're anything like us, you get involved in lots of conversations on GitHub over the course of your day. Sometimes, a good conversation from earlier in the day is left behind and forgotten about, and you don't know if anyone else has commented after you (to tell you they completely agree with your well-written opinion, of course!).

To make sure you're always up-to-date, the page title now lets you know how many comments have been added since you last peeked at the conversation.

When you come back to the conversation, any unread comments will be highlighted, making it easy to pick up right where you left off:

We're excited to welcome Sahra to the sales team as an Account Manager! Sahra will work to develop, manage and grow relationships with our existing customer base of businesses.

Fun Facts:

• Former jobs as a telephone psychic and doula
• Practices acro yoga
• Amazing poodle/bichon mix named Teddy

Sahra in her spare time also roasts her own coffee beans and cures her own bacon.

You can follow Sahra on GitHub.

Welcome Sahra!

Good news, everyone! Changing your public profile picture just got easier.

1. Click the "Account Settings" icon in the header.
2. Upload a picture of your awesome new haircut.
3. Crop the picture and save it.

You can keep using Gravatar; we just want to make it easier to update when the time comes to rebrand yourself.

GitHub is coming to Oxford!

Come join @arfon at Raoul's on Tuesday, March 25th at 7:30pm and enjoy some of the finest in Oxford (UK).

The Facts:

• Tuesday, March 25th, 7:30pm-10pm
• Raoul's Bar, Walton St, Oxford OX2 6AA, United Kingdom