⚯ Michel de Cryptadamus ⚯
@cryptadamist@universeodon.com  ·  activity timestamp 2 days ago

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
⚯ Michel de Cryptadamus ⚯
@cryptadamist@universeodon.com  ·  activity timestamp 2 days ago

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
just small circles 🕊
@smallcircles@social.coop  ·  activity timestamp 3 days ago

With my squishy ☕-adled brain I forgot which large #FOSS project(s) recently chose for #Forgejo adoption to migrate away from either #Gitlab, #Github, or #Atlassian code forges. Can anyone enlighten me?

@forgejo this may be a good one for delightful forgejo curated list. Add an "Major adopters" section..

https://delightful.coding.social/delightful-forgejo

#AskFedi

alcinnz
alcinnz boosted
Robert W. Gehl
@rwg@aoir.social  ·  activity timestamp 4 days ago

Latest FOSS Academic is I DID IT! I DID IT! I re-implemented my static blog generator in Python and moved it off #Github onto my own hosting!

https://fossacademic.tech/2025/08/25/reimplemented.html

What's that? You want an archive and previews of posts? Done. Tags? Handled! Atom feed? Generated. (https://fossacademic.tech/feed.xml)

What about comments, you say?

Respond to this post and they shall appear on my blog, I say unto you.

I did it! Yay!

#FOSSAcademic#Python
Robert W. Gehl
@rwg@aoir.social  ·  activity timestamp 4 days ago

Latest FOSS Academic is I DID IT! I DID IT! I re-implemented my static blog generator in Python and moved it off #Github onto my own hosting!

https://fossacademic.tech/2025/08/25/reimplemented.html

What's that? You want an archive and previews of posts? Done. Tags? Handled! Atom feed? Generated. (https://fossacademic.tech/feed.xml)

What about comments, you say?

Respond to this post and they shall appear on my blog, I say unto you.

I did it! Yay!

#FOSSAcademic#Python

phildini
Roland
.rwxr--r-- - algernon 2025-08-29 algernon.org
phildini and 4 others boosted
Stefan Bohacek
@stefan@stefanbohacek.online  ·  activity timestamp 3 weeks ago

Just a periodic reminder that Forgejo, the software that powers the open-source GitHub alternative Codeberg, has been working towards implementing federation.

https://codeberg.org/forgejo-contrib/federation/

Might be worth contributing, if you have the time and skills!

#forgejo #codeberg #opensource #github
Fabio Manganiello
@fabio@manganiello.social  ·  activity timestamp 3 weeks ago

My mistrust towards #Github just passed a tipping point, as its CEO resigned (yes, it had been acquired by #Microsoft a while ago, but it was still allowed to operate as its own company) and Nadella announced that he won't be replaced.

Instead, Github will be swallowed by the CoreAI department at Microsoft.

Which means that the largest (by far) storage of open source code is officially going to become just another piece towards Microsoft's plans for AI supremacy.

If you want to host your source code please just run your own Forgejo or Sourcehut server and implement anti-bot measures.

Every single other thing, no exceptions, just exposes you to enshittification.

https://www.theverge.com/news/757461/microsoft-github-thomas-dohmke-resignation-coreai-team-transition
Neil Craig
@tdp_org@mastodon.social  ·  activity timestamp 2 weeks ago

I tried a GitHub Copilot PR review as it's been ages since I last did.

It was wrong on 3 out of 3 suggestions it made:

1. It suggested inverting the IP ACL and API key check such that it'd have allowed anyone to purge anything from our CDN cache
2. It said I'd got some basic logic wrong (I hadn't) on 1 of ~20 changes of the same type (var not set or var == "" -> strlen(var) == 0)
3. It made up a service name and wanted me to use that

What a pile of shit.

#Copilot#AI#Github#WebDev
Neil Craig
@tdp_org@mastodon.social  ·  activity timestamp 2 weeks ago

I tried a GitHub Copilot PR review as it's been ages since I last did.

It was wrong on 3 out of 3 suggestions it made:

1. It suggested inverting the IP ACL and API key check such that it'd have allowed anyone to purge anything from our CDN cache
2. It said I'd got some basic logic wrong (I hadn't) on 1 of ~20 changes of the same type (var not set or var == "" -> strlen(var) == 0)
3. It made up a service name and wanted me to use that

What a pile of shit.

#Copilot#AI#Github#WebDev