$10,000 worth GitHub Access Tokens | Secret Search Operators

Image

Secret but basic GitHub dorks & search operators that can lead to $10k bounty worth Acess Tokens.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/10- … ⌘ Read more

Then I cleaned up my shell history of all of the invocations I ever made of dkv rm ... to make sure I never ever have this so easily accessible in my shell history (^R):

$ awk '
  /^#/ { ts = $0; next }
  /^dkv rm/ { next }
  { if (ts) print ts; ts=""; print }
' ~/.bash_history > ~/.bash_history.tmp && mv ~/.bash_history.tmp ~/.bash_history && history -r

GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today’s launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.

The post [GitHub found 39M secret leaks in 2024. H … ⌘ Read more

Microsoft makes it even harder to use a local account on Windows 11
Do you want to install Windows 11 without internet access or without an online Microsoft Account? It seems Microsoft really doesn’t want you to, as it has removed a very common and popular way of bypassing this requirement. In the release notes for the latest builds from the Dev and Beta channels, the company notes: We’re removing the bypassnro.cmd script from the build to enhance security and use … ⌘ Read more

Cedar: A New Approach to Policy Management for Kubernetes
The challenges organizations face when managing access control and authorization in cloud-native environments continue to grow in complexity. Organizations scaling their Kubernetes deployments, for example, work to balance their security requirements, operational flexibility, and policy manageability…. ⌘ Read more

Raspberry Pi PoE+ Injector Leverages Power-Over-Ethernet for Remote Deployments
This month, Raspberry Pi launched a device capable of powering its single-board computers over Power-over-Ethernet. The Raspberry Pi PoE+ Injector enables both power and data to be transmitted through a single Ethernet cable, simplifying network infrastructure for projects deployed in remote or difficult-to-access locations. Compatible with devices conforming to IEEE 802.3af and 802.3at … ⌘ Read more

How NixOS and reproducible builds could have detected the xz backdoor for the benefit of all
Some more light reading: While it was already established that the open source supply chain was often the target of malicious actors, what is stunning is the amount of energy invested by Jia Tan to gain the trust of the maintainer of the xz project, acquire push access to the repository and then among other perfectly legitimate contributions insert … ⌘ Read more

FOSS infrastructure is under attack by AI companies
What do SourceHut, GNOME’s GitLab, and KDE’s GitLab have in common, other than all three of them being forges? Well, it turns out all three of them have been dealing with immense amounts of traffic from “AI” scrapers, who are effectively performing DDoS attacks with such ferocity it’s bringing down the infrastructures of these major open source projects. Being open source, and thus publicly accessible, means these scrapers have … ⌘ Read more

@kat@yarn.girlonthemoon.xyz Using full-blown Cloud services is good for old people like me who don’t want to do on-call duty when a disk fails. 😂 I like sleep! 😂

Jokes aside, I like IaaS as a middle ground. There are IaaS hosters who allow you to spin up VMs as you wish and connect them in a network as you wish. You get direct access to all those Linux boxes and to a layer 2 network, so you can do all the fun networking stuff like BGP, VRRP, IPSec/Wireguard, whatever. And you never have to worry about failing disks, server racks getting full, cable management, all that. 😅

I’m confident that we will always need people who do bare-bones or “low-level” stuff instead of just click some Cloud service. I guess that smaller companies don’t use Cloud services very often (because it’s way too expensive for them).

@prologic@twtxt.net oh yeah it’s absolutely epic i love how fast it is. it would be extra peak if it sent a message to every bot that it denies access to that just says “get fucked” or something idk

How to Show QR Code for Wi-Fi on iPhone, Mac, iPad
One very easy and convenient way to share access to a wi-fi router is by generating a QR code for joining that wi-fi router, which can be useful for house guests, offices, waiting rooms, rentals, restaurants, shops, and just about anywhere else with wi-fi that people might want to join. It can also make it … Read More ⌘ Read more

Comet GL-RM1 Enables Remote Control with 2K Video Resolution
Comet (GL-RM1) is a hardware-based remote KVM solution for remote computer access and control. Its open-source design enables hardware-level interaction, making it useful for remote work, IT maintenance, and server management. It allows full control over offline computers, including BIOS access, troubleshooting, and boot failure recovery. The device features a quad-core 1.5GHz processor, 1GB DDR3 […] ⌘ Read more

wahhh i wanna work towards my dream of offering pay as you can web hosting (static & dynamic) but i don’t know how!!!!! i keep drifting towards hosting panels but i don’t exactly have fresh linux servers for those nor do i like the level of access they require. so i’m like ok i can do the static site part with SFTP chroot jails and a front-end like filebrowser or something…. but then what about the dynamic sites!!!!!!! UGH

granted i doubt i’d get much interest in dynamic sites but i’d like to do this old school where i can offer people isolated mySQL databases or something for some project (i’m thinking PHP based fanlistings), which means i could do it the old school way of… people ask me to run it and i do it for them. but i kind of want to let people have access to be able to do it themselves just short of giving them SSH access which isn’t happening

Expose the Kubernetes API and access it anywhere
Accessing the Kubernetes API for your clusters from anywhere or across any network is a powerful lever. It’s even better if you can do so without shipping or extending more messy networks, like VPCs or VPNs…. ⌘ Read more

Emoji Picker Shortcut Not Working in MacOS Sequoia? Let’s Fix It
Some MacOS Sequoia users have discovered the familiar handy Emoji keyboard shortcut to access the Emoji & Symbols panel is no longer working as expected. This can be immensely frustrating, especially if you rely on it for quick access to emojis in messages, emails, documents, and in general. While it might seem like a minor … [Read More](https://osxdaily.com/2025/03/07/emoji-picker-shortcut-not-workin … ⌘ Read more

Announcing the Beta Release of OpenTelemetry Go Auto-Instrumentation using eBPF
The OpenTelemetry community is excited to announce the beta release of the OpenTelemetry Go Auto-Instrumentation project! This milestone brings us closer to our mission of making observability simple, accessible, and effective for Go applications. What is… ⌘ Read more

New Phippy Book Guidelines: Enhancing Community Access & Engagement
Phippy and Friends have long been a beloved part of the cloud native ecosystem, making complex technologies more approachable through storytelling. As interest in these books grows, CNCF is introducing new guidelines to better support, distribute,… ⌘ Read more

Walletverse submits CCS proposal to integrate Monero into their ‘community-driven crypto wallet’
The Walletverse 1 team has submitted a CCS proposal2 looking to integrate Monero into their community-driven crypto wallet 3:

This integration will enhance the privacy and functionality of the Walletverse wallet and contribute to the wider adoption of Monero by making it more accessible.

Total funding: 135 XMR.

ETA: 3+ months.

• M1: Core Moner … ⌘ Read more

ameriDroid Opens Preorders for VPN Server with WireGuard and DietPi
The VPN Server by ameriDroid is a pre-configured device for secure remote access to home and small office networks. Built on the ODROID-C4, it runs a lightweight Linux-based system with WireGuard for encrypted VPN connections and minimal setup. The device is based on the ODROID-C4, a single-board computer released in early 2020 by Hardkernel, featuring […] ⌘ Read more

Show HN: I built an app to stop me doomscrolling by touching grass
i wanted to change the habit of reaching for my phone in the morning and doomscrolling away an hour so i built an app to help me. now i have to literally touch grass before accessing my most distracting apps

the app is built in swiftui, uses the screen time apis provided by apple and google vision to recognise grass or not

i’d love to get your thoughts on the concept.

Comments URL: [https://news.ycombinator.com/item?id=43158660](https://news.ycombinator.com/item?id=43 … ⌘ Read more

(Updated) Spitz Plus GL-X2000 is an Upcoming Wi-Fi 6 and 4G LTE CAT 12 Router
The Spitz Plus GL-X2000 is a 4G LTE Wi-Fi 6 router designed to deliver reliable connectivity for remote work, travel, and rural internet access. It supports advanced network features like Multi-WAN, Failover, and Load Balancing, enhancing connection stability and ensuring dependable performance. The router is powered by a Qualcomm dual-core processor running at 1 GHz, […] ⌘ Read more

DOGE has ‘god mode’ access to government data
Article URL: https://www.theatlantic.com/technology/archive/2025/02/doge-god-mode-access/681719/

Comments URL: https://news.ycombinator.com/item?id=43112084

Points: 533

# Comments: 1021 ⌘ Read more

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.

ArcaOS 5.1.1 released
It’s been two years since the release of ArcaOS 5.1, which was a hugely important release because it brought UEFI support to this continuation of IBM’s OS/2, ensuring longevity for the project for years to come. Since I don’t think much is known about what, exactly, Arca Noae, and eComStation before it, has access to within the licensing agreement with IBM, it’s difficult to ascertain just how much room they actually have to make changes to the code at the core of the old OS/2. Regardles … ⌘ Read more

How to Improve Photos Layout on iPhone with iOS 18
The Photos app on iPhone received a significant layout redesign in iOS 18 that has left many iPhone users annoyed or frustrated as the new Photos design is not necessarily intuitive or easy to use for everyone. Things have been moved around, albums or features they were using might be missing or harder to access, … Read More ⌘ Read more

The Lunduke Journal Forum (How to Gain Access)
Accounts on the official Lunduke Journal forum are only available for full subscribers to The Lunduke Journal (that’s you). ⌘ Read more

[LTH] [Bounty] Haveno: Add support for DAI

DAI is useful asset to trade with XMR for access to many liquid and lending markets. CakeWallet supports DAI. This bounty would be complete upon the merge of a pull request, closing these issues.

Links:

• https://bounties.monero.social/posts/175/haveno-add-support-for-dai
  
• https://github.com/haveno-dex/listing/issues/21
  

bvcxza (Github) ⌘ Read more

ProcessOne: Join our community: Free Memberships now available
We’re excited to announce a new way to connect with our community at Process-One. As of today, we’ve enabled free memberships on our site, giving you even more ways to stay updated, interact, and engage with our content.

By becoming a member, you get access to specific benefits, including:

• The ability to engage with our content in new ways, such as commenting on posts, participating in discussions like … ⌘ Read more

How to Find Screenshots in Photos App for iOS 18
Ongoing complaints about the Photos app redesign in iOS 18 persist, with users who are frustrated with how difficult it can be to locate certain images or photos that once were easy for them to find. For example, if you take a lot of screenshots on your iPhone you might want quick and easy access … Read More ⌘ Read more

CAN FD Adapter for High-Speed Industrial and Embedded Communication in M.2 and Mini-PCIe Form Factors
The CAN FD Adapter enables high-speed CAN FD connectivity for embedded and industrial applications. Available in M.2 B-key and mini-PCIe form factors, it supports data rates from 12.5 kbit/s to 8 Mbit/s. It integrates with systems used in industrial monitoring, robotics, automation, hardware-in-the-loop testing, remote access, and data loggin … ⌘ Read more

It’s really cool how my local public library’s membership includes digital access to thousands of magazines and newspapers.

** In reply to: The politics of accessibility – Brian DeConinck **
In reply to: The politics of accessibility – Brian DeConinck

A devastating perfect blog post.

The core concept of digital accessibility is that everyone, including people with disabilities, should be able to access information and accomplish tasks via computer independently.

Continuing later,

This is an intensely political statement, backed by decades of protests and lobbying and litigation. … ⌘ Read more

[ANN] Tor project twitter is compromised

Our X (Twitter) account has been compromised. We are working to regain access. Please do not trust or interact with any posts, DMs, or links from our account until further notice.

Link: https://mastodon.social/@torproject/113918614226738202

@monerobull:matrix.org ⌘ Read more

@lyse@lyse.isobeef.org The one in question is more like the javascript version for unwrapping errors when accessing methods.

 const value = some?.deeply?.nested?.object?.value

but for handling errors returned by methods. So if you wanted to chain a bunch of function calls together and if any error return immediately. It would be something like this:

b:= SomeAPIWithErrorsInAllCalls()
b.DoThing1() ?
b.DoThing2() ?

// Though its not in the threads I assume one could do like this to chain.
b.Chain1()?.Chain2()?.End()?

I am however infavor of having a sort of ternary ? in go.

PS. @prologic@twtxt.net for some reason this is eating my response without throwing an error :( I assume it has something to do with the CSRF. Can i not have multiple tabs open with yarn?

Considerations for making a tree view component accessible
A deep dive on the work that went into making the component that powers repository and pull request file trees.

The post Considerations for making a tree view component accessible appeared first on The GitHub Blog. ⌘ Read more

AI-powered image descriptions on my blog
My blog still has a long way to go when it comes to accessibility, but I’m excited about two new plugins I’ve just added to make things better. ⌘ Read more

Bananas the best fuel for Australian Open players chewing through 200kg a day
Professional tennis players have access to the world’s most advanced sports drinks and gels to boost their performance, but dietitians say you can’t beat the humble banana. ⌘ Read more

How to Use “Type to Siri” with Apple Intelligence on iPhone & iPad
Using “Type to Siri” on iPhone and iPad is better than ever thanks to Apple Intelligence, and if you have a new enough iPhone or iPad. Type to Siri with Apple Intelligence includes ChatGPT integration, making it a notably more capable AI assistant, and it’s also much easier to access with the latest devices and … [Read More](https://osxdaily.com/2025/01/23/how-to-use-type-to-siri-with-app … ⌘ Read more

SDL 3.2.0 released
SDL, the Simple DirectMedia Layer, has released version 3.2.0 of its development library. In case you don’t know what SDL is: Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valve‘s award winning catalog and many Humble Bundle games. ↫ SDL website This new release has a lot of impr … ⌘ Read more

@movq, @prologic@twtxt.net when navigating to a Yarn. If the head twt is missing then the whole thread is not accessible. It only returns an error. so i have no way to view any of the replies within the thread other than the end twt.

Right to root access
I believe consumers, as a right, should be able to install software of their choosing to any computing device that is owned outright. This should apply regardless of the computer’s form factor. In addition to traditional computing devices like PCs and laptops, this right should apply to devices like mobile phones, “smart home” appliances, and even industrial equipment like tractors. In 2025, we’re ultra-connected via a network of devices we do not have full control over. Much of this has t … ⌘ Read more

10 Mysterious Military Sites in America
Military sites are located all around America, and even the world. Many of these are easily accessible and can be found with a simple online search. However, some military sites remain very secretive to this day. Many of these secret sites are located well behind barbed-wire fencing or deep underground. It’s tough to locate these […]

The post [10 Mysterious Military Sites in America](https://listverse.com/2025/01/17/10-mysterious-military-sites-in-amer … ⌘ Read more

Securing public AWS Application Load Balancer (ALB) with OpenID Connect (OIDC)
Member post originally published on the Devtron blog by Badal Kumar and Siddhant Khisty TL;DR: Learn how to secure your AWS Application Load Balancer (ALB) with OpenID Connect (OIDC) to enhance authentication, prevent unauthorized access and ensure… ⌘ Read more

Use “Type to Siri” on Mac Easier Than Ever in Sequoia
Siri has been considerably improved in recent MacOS versions, mostly because it’s now linked to ChatGPT. One of the other recent changes to Siri in modern MacOS versions is that it’s now easier to access the “Type to Siri” feature, no longer being relegated to an Accessibility setting that has to be enabled separately like … Read More ⌘ Read more

I mean bug where jenny don’t know about these id’s and tried to request from twtxt.net (prologic sent access logs)

Project DIGITS Brings Grace Blackwell AI Capabilities to the Desktop
NVIDIA recently announced Project DIGITS, a personal AI supercomputer designed to make advanced AI capabilities accessible to researchers, developers, and students. This system features the new NVIDIA GB10 Superchip, built on the Grace Blackwell architecture, which provides high-performance computing for tasks such as prototyping, fine-tuning, and running large AI models directly from a desktop environment. … ⌘ Read more

Spitz Plus GL-X2000 is an Upcoming Wi-Fi 6 and 4G LTE CAT 12 Router
The Spitz Plus GL-X2000 is a 4G LTE Wi-Fi 6 router designed to deliver reliable connectivity for remote work, travel, and rural internet access. It supports advanced network features like Multi-WAN, Failover, and Load Balancing, enhancing connection stability and ensuring dependable performance. The router is powered by a Qualcomm dual-core processor running at 1 GHz, […] ⌘ Read more

@kat@yarn.girlonthemoon.xyz i also like the separation inherent with using dedicated devices. like i have a DAP, a fiio X1 ii from 2019, and it’s still going strong. it’s perfect for on the go music listening and i never have to worry about like going somewhere with no reception and the music drops out. it’s all local AND the battery lasts longer because i’m not using wi-fi or bluetooth or data. also i can directly access the file system and just add files anytime. this goes for my point & shoot and other devices too. i love this shit i’m such a nerd

Binge Watch Apple TV+ This Weekend for Free
If you’d like to start the new year with some binge watching, you can enjoy a free weekend of all-access to Apple TV+ films and shows starting on January 3 and continuing through January 5. The free weekend is available on any device where you can stream Apple TV+, all you will need is an … Read More ⌘ Read more

** The social is predicated on its exclusions **
I’ve been sitting on this post for like 8 months. I’ve written it and rewritten it at least a dozen times. I hsve two or three notes documents worth of research. It has never felt right, though. It still doesn’t. I figured an rss-only debut for it would be fine, and maybe one day I’ll bring it to a normy kinda post.

At my job I try to make big public digital services accessible. Because of this I think a lot about disability, and how some portion of disability is socially c … ⌘ Read more