Take a Virtual, Interactive Tour 

Cyber Security, UAT News

  |  
10 Min Read

GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their policies for server configuration and standardizing metrics for use by developers on GH. With everything from indexing methodologies to configuration policies, GH has started a campaign that is aimed at gathering policy proposals from the developer community, in order to get a more diverse view of the situation and a wider range of potential solutions. A couple examples of proposed policies already are from GitHub developers TC39 and WebAssembly, covering a proposed indexing method and content security policies, respectively.

GitHub

TC39’s proposal covers a relative indexing method that is being requested to be added to JavaScript, which would enable the user to access the index of an array using negative indexing syntax. This method does not exist in JavaScript, as it doesn’t allow the user to count from the back of an array. This method does exist in Python, but since Python is not built for the web, the only methods for web-based developing are hacked together and insecure. The policy proposal by WebAssembly is a sandbox-type security model, that enables modules that were developed in GitHub to have limited interaction with the host, compensating for security issues such as the manipulation of return addresses or other stack data from the host.

GitHub’s encouragement of policy creation by its developers isn’t something that resulted directly from this Twitch leak – however, it has most certainly had an influence on their search for, response to, and implementation of developer policies in the future. Had some of these policies and methodologies been implemented before the leak, chances are, the configuration issue that resulted in a third-party gaining access would have been closed off, and millions of lives and livelihoods would not have been destroyed. Despite the basis for this attack, which, according to 4chan, is because Twitch is a ‘toxic cesspool’ (which I will not disagree with), it still disrupted the daily routines and income of many. Building a wider base of policy proposals (which you can contribute to here) and new approaches to online functions, we can only hope that GH and other source-hosting services can prevent such disasters in the future.


References

GitHub. (2021). Setting policies for organizations in your enterprise account. Retrieved from https://docs.github.com/en/github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account 

GitHub. (2021). GitHub policy · GitHub. Retrieved from https://github.com/about/developer-policy/ 

GitHub. (2021, August 9). Defining Standardized GitHub Metrics for International Development, Public Policy and Economics Research and Indexes. Retrieved from https://socialimpact.github.com/assets/img/GitHub_RFP-StandardizedMetrics_FINAL.pdf 

GitHub. (n.d.). ECMA TC39. Retrieved from https://github.com/tc39 

GitHub. (n.d.). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

GitHub. (n.d.). WebAssembly. Retrieved from https://github.com/WebAssembly 

Hamilton, I. A. (2021, October 7). Twitch gave a brief explanation for the giant leak that exposed creator payouts, source code, and more. Retrieved from https://www.businessinsider.com/twitch-leak-hacked-explained-how-hackers-breached-data-2021-10?op=1 

Kumar, M. (2021, September 20). Request for proposals: Defining standardized GitHub metrics. Retrieved from https://github.blog/2021-08-31-request-for-proposals-defining-standardized-github-metrics/ 

Shape_Grifter. (2021, October 6). Twitch hacked, entirety leaked on 4Chan. Retrieved from https://gaming.ebaumsworld.com/articles/twitch-hacked-entirety-leaked-on-4chan/87000534/#:~:text=space%2C%E2%80%9D%20calling%20Twitch%20a-,%E2%80%9Ctoxic%20cesspool.%E2%80%9D,-Which%20is%2C%20admittedly 

TC39. (2021, August 3). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

W3schools. (n.d.). Python string negative indexing. Retrieved from https://www.w3schools.com/python/gloss_python_string_negative_indexing.asp 

Comment

Benchy: The ‘Jolly’ 3D Printer Torture Tester

A Small Boat with a Big Purpose What is a ‘Benchy’? Benchy is a small model of a boat made by Swedish technology reseller, Creative Tools. It is a calibration model designed to be printed quickly, ...
Picture of Max Edward Max Edward 10 Min Read

The Batman NFT: Fabulous or Ridiculous?

It has been announced that DC and Warner Bros will be releasing Batman-themed NFTs later this month. You may be asking what is an NFT? NFT stands for non-fungible token and the people selling them ...
Picture of Tyler Higgins Tyler Higgins 10 Min Read

Descendant

Descendant was created for UAT’s Storyboarding course. It follows the tale of two sides in a multi-generational war. The two sides, which are tense around each-other, end up battling due to a ...
Picture of Emily Szymanski Emily Szymanski 10 Min Read