Searching We.Love.Privacy.Club

Twts matching #github
Sort by: Newest, Oldest, Most Relevant

Tell HN: I’m tired of AI-generated answers
I found GitHub repositories that were spreading malware. I asked AI what I should do about it, but it gave me nothing useful. So I opened a discussion on GitHub. Someone replied. It was literally the exact same text the AI had given me. I called it out and the comment was deleted. Then another person replied. Same exact AI response again.

I worked as a developer in a company. I asked the business owner a question about a business task. He sent me a ChatGPT screenshot with the an … ⌘ Read more

⤋ Read More

GitHub 被黑:员工装了一个 VS Code 插件后,3800 个内部仓库泄漏
昨日 GitHub 在 X 上确认:一名员工安装了被植入恶意代码的 VS Code 扩展,导致 GitHub 内部约 3800 个代码仓库遭泄漏。@Appinn 感谢 vlad 的提醒。 从 GitHub 确认的情况来看,一名员工安装了恶意的 VS Code 扩展程序后,其设备被攻破,约有 3800 ⌘ Read more

⤋ Read More

GitHub’s Internal Repos Breached Via Employee’s Use of Malicious VS Code Extension
Longtime Slashdot reader Himmy32 writes: GitHub has announced on X that their internal repositories have been breached through a compromised VS Code Extension on an employee’s workstation. Bleeping Computer reported that the attack is linked to TeamPCP who have been in the news for a recent campaign affecting Checkm … ⌘ Read more

⤋ Read More

CISA Admin Leaked AWS GovCloud Keys On Github
An anonymous reader quotes a report from KrebsOnSecurity: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how … ⌘ Read more

⤋ Read More

An Entire Wikipedia That’s 100% AI Hallucinations
“Every link leads to an entry that does not exist yet,” explains the GitHub page for a Wikipedia-like site called Halupedia. “Until you click it, at which point an LLM pretends it has always existed and writes it for you, in the deadpan register of a 19th-century scholarly press…”

Every article is invented on demand. The footnotes are also lies… The hardest problem with an infi … ⌘ Read more

⤋ Read More

Yet another Dirty Frag type vulnerability: Fragnesia
Sam James has sent an announcement
to the OSS Security mailing list about another
local-privilege-escalation (LPE) exploit in the same class as Dirty Frag, called
“Fragnesia”. From the disclosure:

This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface … ⌘ Read more

⤋ Read More

npm 历史上首个蠕虫式供应链攻击:会自我传播
npm 出现了新攻击方式:TanStack Router 官方 npm 包被植入恶意代码。攻击者入侵了项目发布流程,上传了带后门的官方版本。这些包会窃取开发者电脑里的各种密钥,并尝试继续感染开发者拥有权限的其他 GitHub 仓库,再借 npm 进一步传播。 令人绝望的是:它绕过了现代 npm 生态 ⌘ Read more

⤋ Read More

PlayStation3 Emulator Devs Politely Ask Contributors to Stop Submitting ‘AI Slop’ Pull Requests
Open-source PS3 emulator RPCS3 “has been around since 2011,” Kotaku notes, and has made 70% of the PlayStation 3’s library fully playable, “bolstered in part by the many users who contribute to its GitHub page.” But their dev team “took to X today to very kindly and civilly request that … ⌘ Read more

⤋ Read More

Dirty Frag: a zero-day universal Linux LPE
Hyunwoo Kim has announced
the Dirty\
Frag security flaw, a
local-privilege-escalation (LPE) vulnerability similar to the
recently disclosed Copy Fail
flaw:

Because the embargo has now been broken, no patches or CVEs exist for
these vulnerabilities. After consultation with the linux-distros@vs.openwall.org
maintainers, and at the maintainers’ re … ⌘ Read more

⤋ Read More

Security updates for Wednesday
Security updates have been issued by AlmaLinux (corosync, dovecot, image-builder, python-tornado, resource-agents, and systemd), Debian (openjdk-11, openjdk-17, and pyjwt), Fedora (pdns, pyOpenSSL, and squid), Slackware (hunspell), SUSE (alloy, avahi, bubblewrap, cmctl, coredns, curl, dpkg, firefox, golang-github-prometheus-prometheus, grafana, libpng12, PackageKit, sed, and xen), and Ubuntu (docker.io-app, nghttp2, python-django, and python-mako). ⌘ Read more

⤋ Read More

White House App Is a Terrifying Security Mess
New submitter spazmonkey writes: From a hidden GPS tracker polling your location every 4.5 minutes to JavaScript loaded from a random GitHub account, no SSL certificate pinning, and an in-app browser that silently strips cookie consent dialogs and paywalls from every page you visit, the new White House app seems to have a little bit of everything. A security researcher pulled the APK a … ⌘ Read more

⤋ Read More

[$] Version-controlled databases using Prolly trees
Modern database and filesystems make pervasive use of
B-trees, which are tree
structures optimized for storing sorted lists of keys and values on block
devices.
Dolt is an Apache 2.0-licensed project that makes clever use of a
variant of a B-tree to support efficient version control for an entire database.
The data structure it uses could well be of interest to other projects. ⌘ Read more

⤋ Read More

[$] Restartable sequences, TCMalloc, and Hyrum’s Law
Hyrum’s Law states that any
observable behavior of a system will eventually be depended upon by
somebody. The kernel community is currently contending with a clear
demonstration of that principle. The recent work to address some restartable-sequences\
performance problems in the 6.19 release maintained the documented API
in all respects, but that was not enough; Google’s [TCMalloc](https://google.github.io/tcmalloc/ … ⌘ Read more

⤋ Read More

GitHub ‘No Longer a Place For Serious Work’, Says Hashicorp Co-Founder
Hashicorp co-founder Mitchell Hashimoto says GitHub’s frequent outages have made it “no longer a place for serious work,” prompting him to move his Ghostty terminal emulator project elsewhere after 18 years on the platform. The Register reports: “I’ve been angry about it. I’ve hurt people’s feelings. I’ve been lashing out. Because GitHub … ⌘ Read more

⤋ Read More

著名终端 Warp 开源,由 OpenAI 赞助
Warp 在官方博客上宣布开源:Warp is now open-source,采用 AGPL 许可。OpenAI 是新的开源 Warp 创始赞助商。目前其 GitHub 仓库已经获得了34.7K 星星。@Appinn Warp 是一款非常著名的跨平台终端工具,它结合了 AI、编辑器,用最不像终端的 ⌘ Read more

⤋ Read More

In Memoriam: Tomáš Kalibera
We have received the sad news that Tomáš Kalibera, a member of the
R Project core team, has
passed away\
after a short illness.

A friend who knew him well wrote to me: he was very happy, and
his work fulfilled him. That is, perhaps, the best thing one can
say about a life in open source — that the work mattered, that it
reached millions, and that the person who did it found meaning in it.

Kalibera was mentioned in … ⌘ Read more

⤋ Read More

GitHub Copilot Is Moving To Usage-Based Billing
GitHub said in a blog post today that it is moving Copilot to usage-based billing starting June 1. Base subscription prices will remain the same but premium requests will be replaced with monthly AI Credits that are consumed based on token usage.

“Instead of counting premium requests, every Copilot plan will include a monthly allotment of GitHub AI Credits, with the option … ⌘ Read more

⤋ Read More

pgBackRest is no longer maintained
David Steele, maintainer of the popular pgBackRest backup and restore project for
PostgreSQL, has archived\
the project and announced that it is no longer being maintained.

After a lot of thought, I have decided to stop working on pgBackRest. I did
not come to this decision lightly. pgBackRest has been my passion project for
the last thirteen years, and I was fortunate to have corporate sponsorship f … ⌘ Read more

⤋ Read More

Intel Ends Open Ecosystem Community/Evangelism, Archives Other Open-Source Projects
Over the past number of months there has been a steady flow of Intel open-source projects archived on GitHub amid the corporate restructuring at the company and realigning of their open-source focus. This week another batch of Intel open-source projects were formally archived… ⌘ Read more

⤋ Read More

[$] One Sized trait does not fit all
In Rust, types either possess a constant size known at compile time, or a
dynamically calculated size known at
run time. That is fine for most purposes, but recent proposals for the language
have shown the need for a more fine-grained hierarchy.
RFC 3729 from David Wood and Rémy Rakic would add a hierarchy of
traits to describe types with sizes known under different circumstances. While
the idea has been subject … ⌘ Read more

⤋ Read More

Arch Linux now has a reproducible container image
Robin Candau has announced
the availability of a bit-for-bit reproducible container image for
Arch Linux:

The bit-for-bit reproducibility of the image is confirmed by digest
equality across builds ( podman inspect --format '{{.Digest}}' <image>) and by running diffoci
to compare builds. We provide d … ⌘ Read more

⤋ Read More

第三方罗技鼠标驱动:Mouser,轻量,开源,离线[跨平台]
1月份时候发了一篇《罗技驱动 Logitech Options+ 精简瘦身小工具》  提供了一个可以按需开启功能的安装脚本「tjsky/logi-options-plus-mini」 。没想到大家苦罗技久矣,这项目发布后不仅大家很是捧场,还被某知名科技自媒体翻牌子引用,成了我 GitHub 上 St ⌘ Read more

⤋ Read More

Just cancelled my sponsorship of two developers on Github, sorry 😞 – I’m not going to sponsor going forward if no-one else can be bothered to. It seems silly to be the sole sponsor of another’s work or project 🤦‍♂️

⤋ Read More

Security updates for Wednesday
Security updates have been issued by AlmaLinux (capstone, cockpit, firefox, git-lfs, golang-github-openprinting-ipp-usb, kea, kernel, nghttp2, nodejs24, openexr, perl-XML-Parser, rsync, squid, and vim), Debian (imagemagick, systemd, and thunderbird), Slackware (libexif and xorg), SUSE (bind, clamav, firefox, freerdp2, giflib, go1.25, go1.26, helm, ignition, libpng16, libssh, oci-cli, rust1.92, strongswan, sudo, xorg-x11-server, and xwayland), and Ubuntu (rust-tar and rustc, rustc-1.7 … ⌘ Read more

⤋ Read More

离谱!西甲一开赛,Cloudflare 就被封,Docker 也跟着崩了
有西班牙当地用户在 hackernews 吐槽:每当进行足球比赛时,网络就会出现故障,包括 Docker 拉取镜像、GitHub 代码库无法访问,甚至防盗警报器、自动门也会停止工作。 当用户直接访问相关IP地址时,会弹出横幅: 根据巴塞罗那第 6 商业法院于 2024 年 12 月 18 日发布的裁 ⌘ Read more

⤋ Read More