Stefano Marinelli
boosted
#Security Alert: Massive #Laravel APP_KEY leak exposing 600+ apps to remote code execution 🚨 #GitGuardian & #Synacktiv research reveals 260,000 exposed keys on #GitHub with potential RCE via deserialization attacks #cybersecurity #php #opensource
https://blog.gitguardian.com/exploiting-public-app_key-leaks/
What if your git repo was also your issue tracker?
The problem with Github is that, while Git itself is decentralized, the social features it provides on top of git are centralized. You can move your git repo to a different location online, but the issues are more difficult. There's no export that I can see on Github. The same is true for Discussions and Actions.
We're missing the ability to manage issues in a decentralized way. The easiest and best way is keep them together.
#git #ux #github
small circle 🕊 in calmness
boosted
Update on my interest in moving away from #GitHub to another code forge. I was excited about #Radicle because it is meant to be #P2P, but I ended up deciding against it. Besides the use of cryptocurrency for fundraising/management being a red flag, I found that I needed a seed node with a dedicated address in order to host a private repo, which doesn't feel truly P2P.
I also want to be able to convince other people to use the code forge with me to write code and papers. The added complexity of Radicle (from a user's perspective) seems like even more of an uphill battle than getting mathematicians to choose git instead of #Overleaf. (By the way, we could use a #FOSS Overleaf alternative.)
Due to these considerations, it looks like self-hosting @forgejo is the way to go! (Even if it's not P2P.)
Anyway, I have gotten set up with a European VPS thanks to https://european-alternatives.eu/ and have a Debian machine running. I now need to get Forgejo set up, and I have three install methods I might use:
1) Follow https://forgejo.org/docs/latest/admin/installation-binary/
2) Follow https://codeberg.org/forgejo-contrib/forgejo-deb which says that (1) is bad
3) Use podman
From (2) I could start Forgejo and from (3) I could start a container, but the instructions on https://forgejo.org/docs/latest/admin/installation-docker/ don't work for me. In all cases I need to use the web UI to finish installation. Am I supposed to have no CLI alternative for this? I feel like installing a desktop environment on my VPS is not the answer, but I'm not sure what else to do here.
Dear #GitHub, when I click on a link to an English language documentation page, I don't want to be automatically redirected to a machine generated German translation.
Yes, I have both enabled in my browser. Multi-lingual people are a thing. If I want a translation, I'll explicitly ask for it.
Every site whose product owner/manager insists on automatic translation should immediately fire them.
We live in a #technosphere and are being force-fed #DigitalTransformation. See how it destroys the fabric of our #society.
#DelightfulCommons curated lists are inspired by #awesome lists on #Github and I realized they still represent a sterile lab with glaring TL lights and metal glinting everywhere.
In a quest to bring more of the missing #social connecting layers to bridge the gap between tech vs. #people and #humanity, I decided to give things a friendlier makeover.
The ongoing enshittification of GritHub is getting so bad that I can't even use web archiving sites to see the comments in an issue discussion;
Most of you are probably too old to remember that GH wasn't always the go-to place for publishing source code. There was a time that almost every open source project was hosted on the MySpace of code forges (and the origin of that term), SourceForge.
We've moved en masse before folks, it's time to do it again.
It's been far too long since I haven't updated this properly, but here's a snapshot of some open source communities that have already moved off GritHub;
https://wiki.p2pfoundation.net/List_of_Community-Hosted_Code_Forge_Instances
It seems like forge federation is a harder problem to crack than we thought when BorgSoft bought GH. But I'm still hopeful that one day, many of these forges will interoperate to create the experience of a unified code forging space.
The ongoing enshittification of GritHub is getting so bad that I can't even use web archiving sites to see the comments in an issue discussion;
Most of you are probably too old to remember that GH wasn't always the go-to place for publishing source code. There was a time that almost every open source project was hosted on the MySpace of code forges (and the origin of that term), SourceForge.
We've moved en masse before folks, it's time to do it again.
「 Perhaps the younger generation don't know anything about the past "evils" of Microsoft and naively believe that Microsoft is now the good friend to open source, but the truth is that all Microsoft acquisitions of open source projects is a business tactic that is put in place to improve Microsoft's loosing position to open source. It is a matter of control. And you should not host your open source project on GitHub 」
https://unixdigest.com/articles/why-is-your-open-source-project-still-hosted-on-github.html
🍿 MS is dogfooding Copilot on Github, what could possibly go wrong.
🔥 Firefox capitulating by moving to GitHub isn't that bad tbh. I mean, they're going full gonzo on AI after all, GH is the perfect place to waste cycles on that brainrot.
I want you to meet Anubis
This is a wonderful tool, a powerful program designed against artificial intelligence large language models theft of resources.
It's not perfect, it's not finished this is an ongoing onslaught by the LLM Bots
#DDoS#LLM #bots #infosec#OpenAI#Linux#KDE#GitHub#GitLab #sh#AI
🖋️ #bash#MX #mxLinux #sh #zsh #ksh #csh #tksh #fish #distro#Linux#POSIX #fresh #programming
I want you to meet Anubis
This is a wonderful tool, a powerful program designed against artificial intelligence large language models theft of resources.
It's not perfect, it's not finished this is an ongoing onslaught by the LLM Bots
#DDoS#LLM #bots #infosec#OpenAI#Linux#KDE#GitHub#GitLab #sh#AI
🖋️ #bash#MX #mxLinux #sh #zsh #ksh #csh #tksh #fish #distro#Linux#POSIX #fresh #programming
I have just taken the time to thoroughly read the following article
This article has led me to the conclusion that an Open{source} War will have to be waged against LLM large language model abusers of data collection.
The work of these bots is pure DDoS denial of service. An interesting set of offensive tools have been programmed and are already implemented. They have proven to be quite effective and are being refined into sophistication to literally work to knock these networks of bots offline, in a DOT MMORPG approach.
It is unthinkable that LLM bots steal our Open Source resources servers bandwidth and financial cashflow without serious repercussions!
WTF are LLM companies thinking? Even Meta has waged war against us!
LLM has waged a brutal war.
The Open Source Community is responding; even those at The Dark Side of the internet are making tools to assist everyone against Artificial Intelligence LLM DDoS attacks, which knock whole Open Source Networks offline, as we speak.
It doesn't matter if in the end it looks like a Terminator landscape globally on the IT scale. Open source will win. LLM will disappear...
#DDoS#LLM #bots #infosec#OpenAI#Linux#KDE#GitHub#GitLab#Bash #sh #programming#AI
