GitHub offers its basic services free of charge. Its more advanced professional and enterprise services are commercial. Free GitHub accounts are commonly used to host open-source projects. As of January 2019, GitHub offers unlimited private repositories to all plans, including free accounts, but allowed only up to three collaborators per repository for free. Starting from April 15, 2020, the free plan allows unlimited collaborators, but restricts private repositories to 2,000 minutes of GitHub Actions per month. As of January 2020, GitHub reports having over 40 million users and more than 190 million repositories (including at least 28 million public repositories), making it the largest host of source code in the world.
GitHub at AWS Summit
The GitHub service was developed by Chris Wanstrath, P. J. Hyett, Tom Preston-Werner and Scott Chacon using Ruby on Rails, and started in February 2008. The company, GitHub, Inc., has existed since 2007 and is located in San Francisco.The shading of the map illustrates the number of users as a proportion of each country’s Internet population. The circular charts surrounding the two hemispheres depict the total number of GitHub users (left) and commits (right) per country.
On February 24, 2009, GitHub announced that within the first year of being online, GitHub had accumulated over 46,000 public repositories, 17,000 of which were formed in the previous month. At that time, about 6,200 repositories had been forked at least once and 4,600 had been merged.
That same year, the site was harnessed by over 100,000 users, according to Github, and had grown to host 90,000 unique public repositories, 12,000 having been forked at least once, for a total of 135,000 repositories.
In 2010, GitHub was hosting 1 million repositories. A year later, this number doubled.ReadWriteWeb reported that GitHub had surpassed SourceForge and Google Code in total number of commits for the period of January to May 2011. On January 16, 2013, GitHub passed the 3 million users mark and was then hosting more than 5 million repositories. By the end of the year, the number of repositories were twice as much, reaching 10 million repositories.
In 2012, GitHub raised $100 million in funding from Andreessen Horowitz with $750 million valuation.Peter Levine, general partner at Andreessen Horowitz, stated that GitHub had been growing revenue at 300% annually since 2008 “profitably nearly the entire way”. On July 29, 2015, GitHub stated it had raised $250 million in funding in a round led by Sequoia Capital. Other investors of that round included Andreessen Horowitz, Thrive Capital, and IVP (Institutional Venture Partners). The round valued the company at approximately $2 billion.
In 2015, GitHub opened an office in Japan that is its first office outside of the U.S. In 2016, GitHub was ranked No. 14 on the Forbes Cloud 100 list. It has not been featured on the 2018, 2019 and 2020 lists.
On February 28, 2018, GitHub fell victim to the third largest distributed denial-of-service (DDoS) attack in history, with incoming traffic reaching a peak of about 1.35 terabits per second.
On June 19, 2018, GitHub expanded its GitHub Education by offering free education bundles to all schools.
On June 4, 2018, Microsoft announced its intent to acquire GitHub for US$7.5 billion. The deal closed on October 26, 2018. GitHub continued to operate independently as a community, platform and business. Under Microsoft, the service was led by Xamarin‘s Nat Friedman, reporting to Scott Guthrie, executive vice president of Microsoft Cloud and AI. GitHub’s CEO, Chris Wanstrath, was retained as a “technical fellow”, also reporting to Guthrie.
This acquisition was in line with Microsoft’s business strategy under CEO Satya Nadella, which has seen a larger focus on the cloud computing services, alongside development of and contributions to open-source software.Harvard Business Review argued that Microsoft was intending to acquire GitHub to get access to its user base, so it can be used as a loss leader to encourage use of its other development products and services.
In early July 2020, the GitHub Archive Program was established, to archive its open source code in perpetuity.
Development of the GitHub.com platform began on October 19, 2007. The site was launched in April 2008 by Tom Preston-Werner, Chris Wanstrath, P. J. Hyett and Scott Chacon after it had been made available for a few months prior as a beta release.
Projects on GitHub.com can be accessed and managed using the standard Git command-line interface; all standard Git commands work with it. GitHub.com also allows users to browse public repositories on the site. Multiple desktop clients and Git plugins are also available. The site provides social networking-like functions such as feeds, followers, wikis (using wiki software called Gollum) and a social network graph to display how developers work on their versions (“forks“) of a repository and what fork (and branch within that fork) is newest.
Anyone can browse and download public repositories but only registered users can contribute content to repositories. With a registered user account, users are able to have discussions, manage repositories, submit contributions to others’ repositories, and review changes to code. GitHub.com began offering unlimited private repositories at no cost in January 2019 (limited to three contributors per project). Previously, only public repositories were free. On April 14, 2020, GitHub made “all of the core GitHub features” free for everyone, including “private repositories with unlimited collaborators”.
The fundamental software that underpins GitHub is Git itself, written by Linus Torvalds, creator of Linux. The additional software that provides the GitHub user interface was written using Ruby on Rails and Erlang by GitHub, Inc. developers Wanstrath, Hyett, and Preston-Werner.
The main purpose of GitHub.com is to facilitate the version control and issue tracking aspects of software development. Labels, milestones, responsibility assignment, and a search engine are available for issue tracking. For version control, Git (and by extension GitHub.com) allows pull requests to propose changes to the source code. Users with the ability to review the proposed changes can see a diff of the requested changes and approve them. In Git terminology, this action is called “committing” and one instance of it is a “commit”. A history of all commits are kept and can be viewed at a later time.
In addition, GitHub supports the following formats and features:
GitHub’s Terms of Service do not require public software projects hosted on GitHub to meet the Open Source Definition. The terms of service state, “By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.”
GitHub Enterprise is a self-managed version of GitHub.com with similar functionality. It can be run on an organization’s own hardware or on a cloud provider, and it has been available since November 2011. In November 2020, source code for GitHub Enterprise Server was leaked online in apparent protest against DMCA takedown of YouTube-dl. According to GitHub, the source code came from GitHub accidentally sharing the code with Enterprise customers themselves, not from an attack on GitHub servers.
All GitHub Pages content is stored in a Git repository, either as files served to visitors verbatim or in Markdown format. GitHub is seamlessly integrated with Jekyll static web site and blog generator and GitHub continuous integration pipelines. Each time the content source is updated, Jekyll regenerates the website and automatically serves it via GitHub Pages infrastructure.
As with the rest of GitHub, it includes both free and paid tiers of service, instead of being supported by web advertising. Web sites generated through this service are hosted either as subdomains of the github.io domain, or as custom domains bought through a third-party domain name registrar. When custom domain is set on a GitHub Pages repo a Let’s Encrypt certificate for it is generated automatically. Once the certificate has been generated Enforce HTTPS can be set for the repository’s website to transparently redirect all HTTP requests to HTTPS.
GitHub also operates other services: a pastebin-style site called Gist that is for hosting code snippets (GitHub proper is for hosting larger projects).
Tom Preston-Werner presented the then-new Gist feature at a punk rock Ruby conference in 2008. Gist builds on the traditional simple concept of a pastebin by adding version control for code snippets, easy forking, and TLS encryption for private pastes. Because each “gist” has its own Git repository, multiple code snippets can be contained in a single paste and they can be pushed and pulled using Git. Further, forked code can be pushed back to the original author in the form of a patch, so gists (pastes) can become more like mini-projects.
Before February 18, 2018, unregistered users were able to upload text to the site. Since then, uploading gists has been deactivated for unregistered users with the aim to mitigate spamming.
In 2016 GitHub announced the launch of the GitHub Campus Experts program to train and encourage students to grow technology communities at their universities. The Campus Experts program is open to university students of 18 years and older across the world. GitHub Campus Experts are one of the primary ways that GitHub funds student oriented events and communities, Campus Experts are given access to training, funding, and additional resources to run events and grow their communities. To become a Campus Expert applicants must complete an online training course consisting of multiple modules designed to grow community leadership skills.
GitHub Marketplace service
GitHub also provides some software as a service integrations for adding extra features to projects. Those services include:
Waffle.io: Project management for software teams. Automatically see pull requests, automated builds, reviews, and deployments across all of your repositories in GitHub.
GitLocalize: Developed for teams that are translating their content from one point to another. GitLocalize automatically syncs with your repository so you can keep your workflow on GitHub. It also keeps you updated on what needs to be translated.
GitHub Sponsors allows users to make monthly money donations to projects hosted on GitHub. The public beta was announced on May 23, 2019 and currently the project accepts wait list registrations. The Verge said that GitHub Sponsors “works exactly like Patreon” because “developers can offer various funding tiers that come with different perks, and they’ll receive recurring payments from supporters who want to access them and encourage their work” except with “zero fees to use the program”. Furthermore, GitHub offer incentives for early adopters during the first year: it pledges to cover payment processing costs, and match sponsorship payments up to $5,000 per developer. Furthermore, users still can use other similar services like Patreon and Open Collective and link to their own websites.
GitHub Archive Program
In July 2020, GitHub stored a February archive of the site in an abandoned mountain mine in Svalbard, Norway, part of the Arctic World Archive and not far from the Svalbard Global Seed Vault. The archive contained the code of all active public repositories, as well as that of dormant, but significant public repositories. The 21TB of data was stored on piqlFilm archival film reels as QR codes, and is expected to last 500–1,000 years.
The GitHub Archive Program is also working with partners on Project Silica, in an attempt to store all public repositories for 10,000 years. It aims to write archives into the molecular structure of quartz glass platters, using a high-precision laser that pulses a quadrillion (1,000,000,000,000,000) times per second.
Atom, a free and open-source text and source code editor
Some prominent open source organizations and projects use GitHub as a primary place for collaboration, including:
“Bitcoin was the first digital currency to gain mainstream use and demonstrate a practical application for blockchain, the powerful concept on which Bitcoin is based. Invented in 2008 by “Satoshi Nakamoto,” a pseudonym, Bitcoin immediately caught the interest of cypherpunks and cryptographers but was slow to gain broader adoption.
In the world economic system, most transactions don’t involve the exchange of cash but rather the movement of bits in banks’ computers. Bitcoin works much the same way, except that cooperating computers, rather than countries, mint the money. Every customer’s balance is public; the Bitcoin system is based upon an open, common ledger that records every single Bitcoin transaction that has ever occurred. Collections of transactions—called blocks—make up the links in this ledger, which is called the blockchain.
If Jean wants to send Pat five bitcoins, Jean sends a message to the Bitcoin network, which is made up of computers called miners. The miners verify the proposed transaction is legitimate, using the parties’ digital signatures and reading the entire blockchain to make sure that Jean has at least five bitcoins in the ledger. Next, the miners race to be the first to solve a complex math puzzle that includes Jean’s transaction and every other transaction in the network’s pool. The first miner that solves the puzzle sends the solution to the other miners, in the process confirming the pending transaction, minting 50 bitcoins for the miner, adding the completed puzzle to the Bitcoin blockchain, and starting all of the miners on the next puzzle.
On May 22, 2010, Laszlo Hanyecz paid 10,000 bitcoins to have someone deliver him two pizzas. It was the first Bitcoin transaction for a physical object. At the time, those bitcoins were worth about $40; by 2017, they were worth more than $20 million. May 22 is now known as Bitcoin Pizza Day.
Bitcoin is an open source project, and numerous digital currencies over the years have mimicked or improved upon the original concept. Recently there have been efforts to separate the blockchain concept from the financial system and use it as a public record to memorialize contracts, healthcare records, and other kinds of information.”
“Rarely do consumers line up two days before the release of a product—armed with sleeping bags and changes of clothes—to make sure they can buy it. But that is exactly what preceded the launch of the Apple iPhone on June 29, 2007.
The iPhone’s design and functionality changed the entire smartphone concept by bundling together capabilities that had never been married before: telephony, messaging, internet access, music, a vibrant color screen, and an intuitive, touch-based interface. Without the physical buttons that were common on other smartphones at the time, the entire surface was available for presenting information. The keyboard appeared only when needed—and it was much easier to type accurately, thanks to behind-the-scenes AI that invisibly adjusted the sensitive area around each key in response to what letters the user was forecast to press next.
The following year, Apple introduced its next big thing: specialized programs called apps, downloadable over the air. The original iPhone shipped with a few built-in apps and a web browser. Apple CEO Steve Jobs had envisioned that only third-party developers would be able to write web apps. Early adopters, however, started overcoming Apple’s security mechanisms by “jailbreaking” their phones and installing their own native apps. Jobs realized that if users were that determined to run native apps, Apple might as well supply the content and make a profit.
The Apple iTunes App Store opened in 2008 with 500 apps. Suddenly that piece of electronics in your pocket was more than a phone to make calls or check email—it became a super gadget, able to play games, manipulate photographs, track your workout, and much more. In October 2013, Apple announced that there were a million apps available for the iPhone, many of them realizing new location-based services, such as ride-sharing, dating, and localized restaurant reviews, to name a few.
While the iPhone has largely been celebrated, it has also been accused of ushering in the era of “smartphone addiction,” with the average person, according to a 2016 study, now checking his or her smartphone 2,617 times a day. Since the original release in 2007, more than 1 billion iPhones have been sold worldwide, and it still holds the record for taking only three months to get to 1 million units sold.”
9to5 Staff. “Jobs’ Original Vision for the iPhone: No Third-Party Native Apps.” 9To5 Mac (website), October 21, 2011. https://9to5mac.com/2011/10/21/jobs-original-vision-for-the-iphone-no-third-party-native-apps/.
LastPass is a freemiumpassword manager that stores encrypted passwords online. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.LogMeIn, Inc. acquired LastPass in October 2015.
A user’s content in LastPass, including passwords and secure notes, is protected by one master password. The content is synchronized to any device the user uses the LastPass software or app extensions on. Information is encrypted with AES-256 encryption with PBKDF2SHA-256, saltedhashes, and the ability to increase password iterations value. Encryption and decryption takes place at the device level.
LastPass has a form filler that automates password entering and form filling, and it supports password generation, site sharing and site logging, and two-factor authentication. LastPass supports two-factor authentication via various methods including the LastPass Authenticator app for mobile phones as well as others including YubiKey. LastPass is available as an extension to many web browsers, including Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, Vivaldi, and Opera. It also has apps available for smartphones running the Android, iOS, or Windows Phone operating systems. The apps have offline functionality.
Unlike some other major password managers, LastPass offers a user-set password hint, allowing access when the master password is missing.
2011 security incident
On Tuesday, May 3, 2011, LastPass discovered an anomaly in their incoming network traffic, then a similar anomaly in their outgoing traffic. Administrators found none of the hallmarks of a classic security breach (for example, a non-administrator user being elevated to administrator privileges), but neither could they determine the anomalies’ cause. Furthermore, given the size of the anomalies, it was theoretically possible that data such as email addresses, the server salt, and the salted password hashes were copied from the LastPass database. To address the situation, LastPass took the “breached” servers offline so they could be rebuilt and, on May 4, 2011, requested all users change their master passwords. They said that while there was no direct evidence that any customer information was compromised, they preferred to err on the side of caution. However, the resulting user traffic overwhelmed the login servers, and company administrators—considering the possibility that existing passwords had been compromised was trivially small—asked users to delay changing their passwords until further notice.
2015 security breach
On Monday, June 15, 2015, LastPass posted a blog post indicating that the LastPass team had discovered and halted suspicious activity on their network the previous Friday. Their investigation revealed that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised; however, encrypted user vault data had not been affected. The company blog said, “We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”
2016 security incidents
In July 2016, a blog post published by independent online security firm Detectify detailed a method for reading plaintext passwords for arbitrary domains from a LastPass user’s vault when that user visited a malicious web site. This vulnerability was made possible by poorly written URL parsing code in the LastPass extension. The flaw was not disclosed publicly by Detectify until LastPass was notified privately and able to fix their browser extension. LastPass responded to the public disclosure by Detectify in a post on their own blog, in which they revealed knowledge of an additional vulnerability, discovered by a member of the Google Security Team, and already fixed by LastPass.
2017 security incidents
On March 20, Tavis Ormandy discovered a vulnerability in the LastPass Chrome extension. The exploit applied to all LastPass clients, including Chrome, Firefox and Edge. These vulnerabilities were disabled on March 21, and patched on March 22.
On March 25, Ormandy discovered an additional security flaw allowing remote code execution based on the user navigating to a malicious website. This vulnerability was also patched.
2019 security incidents