#Tag
Container Images For Debian With Guix #guix #debian #gnu #gitlab #docker #podman #containers https://blog.josefsson.org/2025/11/28/container-images-for-debian-with-guix/
Container Images For Debian With Guix #guix #debian #gnu #gitlab #docker #podman #containers https://blog.josefsson.org/2025/11/28/container-images-for-debian-with-guix/
What's the big deal with this worming supply chain attack?
Well it seems that the attackers may have forced GitHub and NPM into inaction.
The worm is designed to take revenge on infected users if too many of the infected packages are taken off NPM or if GitHub takes down the stolen user data.
So in the mean time that means us developers and users will need to stop and remove the infection as quickly as possible ourselves to protect your systems.
https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
So much for the federated merge requests via #ActivityPub.
https://gitlab.com/groups/gitlab-org/-/epics/260#note_2910231358
When I called in https://lwn.net/Articles/963427/ @sir position as the pragmatic one, I was called disingenuous.
(And, BTW, https://codeberg.org/forgejo/forgejo/issues/9225 doesn’t seem to be finished either).
Yet another #security related job opening at my employer, #GitLab. Apply if interested, and if we know each other let me know and I can pass on a recommendation.
So #gitlab won’t get federation any time soon: https://gitlab.com/groups/gitlab-org/-/epics/260#note_2910231358
Woot ok now that I have the dependency graph crawled I can just ship the listing of known bad NPM packages and just compare directly against that.
I updated the scanning script to alert if you have -any- version of an infected package.
You're gonna want to be very careful if you're not infected but have one of these dependencies present.
https://github.com/datapartyjs/walk-without-rhythm/blob/main/data/infected-pkgs-versions.txt
#ShalHulud #WalkWithoutRhythm #npm #github #javascript #cybersecurity #threatresponse
What's the big deal with this worming supply chain attack?
Well it seems that the attackers may have forced GitHub and NPM into inaction.
The worm is designed to take revenge on infected users if too many of the infected packages are taken off NPM or if GitHub takes down the stolen user data.
So in the mean time that means us developers and users will need to stop and remove the infection as quickly as possible ourselves to protect your systems.
https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
So much for the federated merge requests via #ActivityPub.
https://gitlab.com/groups/gitlab-org/-/epics/260#note_2910231358
When I called in https://lwn.net/Articles/963427/ @sir position as the pragmatic one, I was called disingenuous.
(And, BTW, https://codeberg.org/forgejo/forgejo/issues/9225 doesn’t seem to be finished either).
Yet another #security related job opening at my employer, #GitLab. Apply if interested, and if we know each other let me know and I can pass on a recommendation.
TIL: Der RAM-Verbrauch von #GitLab lässt sich prima optimieren, gerade für kleine Instanzen: https://docs.gitlab.com/omnibus/settings/memory_constrained_envs/
Looking for basic #smallweb #static #hosting
- EU based
- on green servers
- preferably offered by a #NonProfit / #Coop
- deployment via git or ssh
Something like #Codeberg / #Gitlab / #Github pages.
I like Codeberg pages but its future is uncertain and its documentation lacking.
Please no Vercel / Netlify / Firebase / ... suggestions please. EU. Non-profit.
Much obliged!
TIL: Der RAM-Verbrauch von #GitLab lässt sich prima optimieren, gerade für kleine Instanzen: https://docs.gitlab.com/omnibus/settings/memory_constrained_envs/
Looking for basic #smallweb #static #hosting
- EU based
- on green servers
- preferably offered by a #NonProfit / #Coop
- deployment via git or ssh
Something like #Codeberg / #Gitlab / #Github pages.
I like Codeberg pages but its future is uncertain and its documentation lacking.
Please no Vercel / Netlify / Firebase / ... suggestions please. EU. Non-profit.
Much obliged!
https://framagit.org is a #Gitlab service offered by the amazing folks at @Framasoft.
Includes Gitlab Pages.
See also: https://framasoft.org/en/
Looking for basic #smallweb #static #hosting
- EU based
- on green servers
- preferably offered by a #NonProfit / #Coop
- deployment via git or ssh
Something like #Codeberg / #Gitlab / #Github pages.
I like Codeberg pages but its future is uncertain and its documentation lacking.
Please no Vercel / Netlify / Firebase / ... suggestions please. EU. Non-profit.
Much obliged!
A space for Bonfire maintainers and contributors to communicate
