being able to pop 5600 repos in one go seems to me like theres an 'insecure defaults' issue on top of everything else

Potentially of interest to the #SCA crowd and anybody else who does research online: #Kagi recently published a useful page of Tips about how to more effectively leverage it for academic research -- https://blog.kagi.com/tips/academia

I'm always a Kagi enthusiast; this pulls together several of the reasons why, with a particular focus on one fairly hardcore use case.

"Another year and another trip to Wales to try and use some Welsh for real - this time, for the first time for me, in the North. Thought I would share some of the places that I visited here, in case it helps anyone else."
https://en.forum.saysomethingin.com/t/using-welsh-in-the-wild-north-west/42574 #dysguCymraeg #Caernarfon #Cricieth #Nefyn #Cymraeg #Llandwrog #Pwllheli #Gwynedd

As I've explained here at length, firing public servants while unemployment is rising is an illusory saving. Because for each one you fire, a big chunk of their salary is still paid as an unemployment benefit.

Then there's the fact that the cost of hiring "consultants" when the fired public servants' work can't be left undone wipes out any savings that are left. It can even cost the public more than having this expertise on retainer.

But I don't want to harp on about this today.

(2/?)

@igd_news

(Email) Paywall-Free Link:

https://archive.ph/aMNX4

Website with more details and all the documentation: https://smithereen.software

Demo server to try it out: https://try.smithereen.software

@leeloo @HarperQ@lgbtqia.space @dp Oh yeah, that would be easier to read!

@ramsey @mwop @ee I wish there was an easy way to read up on the pros/cons/opinions of the voters on the web discoverable from the voting page, while reading over this on my phone 🙈

@mpc3032at so many people I looked up to have been so bitterly disappointing in the last few years

an interactive visualization of the fediverse from 2024 by @comeetie
https://www.comeetie.fr/galerie/mapstodon2024/

Big "Refugees welcome" demonstration in Utrecht, just now. A counterweight to the 'spontaneous local' violent protests against asylum seekers organised by the extreme right, and used by their politicians to claim that 'the people' are against taking up refugees.

https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/

Anyone searching GitHub yet for these commits? It would be nice to see a full list of impacted projects.

5,700+ commits in six hours, 5,561 repositories, one payload: replace a GitHub Actions workflow with a dormant secret exfiltration backdoor. The workflow_dispatch trigger design means these backdoors sit silent until activated, creating no visible CI runs.

Tiledesk shows how repository compromise cascades to package registries. Seven npm versions carried the backdoor because the maintainer published from a poisoned repo. Application code: untouched. Only the workflow file changed. Code review would catch this, but nobody reviews workflow files in npm packages.

If your repository received a commit from build-system@noreply.dev or ci-bot@automated.dev on May 18, 2026: revert it, audit your workflow files, and rotate any secrets available to GitHub Actions runners. Check your Actions tab for unexpected workflow_dispatch runs. If you use OIDC federation for cloud deployments, review cloud audit logs for token requests from unknown workflow runs.

If you depend on @tiledesk/tiledesk-server: pin to version 2.18.5 or earlier until the repository is remediated. The malicious commit remains on the master branch as of this writing.

i wrote a post: "Weeds tend not to grow where they can't take root"

i've been thinking about the work we're doing at varying levels to organize against AI, and maybe i've also been in the headspace of gardening and getting rid of weeds. i can't shake the feeling that AI takes up space opportunistically where people's needs are not being met. a little like weeds.

https://ali-alkhatib.com/blog/weeding-out-ai

Started working on bringing ActivityPub Polls to NodeBB

First step is adding in separate handling of the Question object. Right now NodeBB treats it as a "Note-like" and renders it like a post 😄 50% of the way there... will need to link it to nodebb-plugin-poll...

One complication... the plugin ties votes to users. This data isn't reflected over-the-wire in AP, only the aggregate voter counts are shared [...]

https://github.com/NodeBB/nodebb-plugin-poll/pull/157

@5t3ph They landed? Great!

In fact, you freakishly mirror the two problems I'm having right now.

Did I hear that better weather is on its way? Then it's time I got back in shape. Walkies! Over 16 miles across hilltops, 1000m in total of hill climbing and of course hundreds of snaps, but it turned out that the real show stoppers today were the sheep. They were being particularly friendly and all seemed to want their portraits taken

Nite nite lovers 🥰💕 #Defaidodon #photography

@sergioedup Kitty!!!

@smallcircles I don't particularly think that this is a very accurate representation, as its only a random sample of posts from 6k servers