soc.octade.net is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
New.
"The emails contained links to GitHub repositories masquerading as technical assignments or cryptocurrency-related projects. The instructions encouraged the target to clone the repository and open it in an editor such as VS Code or Cursor. A pre-configured task executes silently when the user opens the repository folder in the IDE, triggering platform-specific loaders that decode embedded payloads on Linux, macOS, and Windows."
Proofpoint: Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal #threatresearch #infosec #phhishing #GitHub #Linux #MacOS #Windows11
Another thing I love about #GitHub is how applying review comments adds random CRs to a LF-only file. Thank you, #Microsoft, that definitely makes sense.
https://github.com/conda-forge/conda-smithy/pull/2568/changes/d4ac9d147ffd3e8fee38c448afba89faf1e919ff
https://github.com/conda-forge/conda-smithy/pull/2568/changes/7a31c84099422b9d4bbaee9686025df00c4bac94
(Yes, of course they don't show on UI.)
This is intended to introduce a unique approach in client-side managed secure cryptography. We can avoid registration of any sort.
Features:
PWA
P2P
End to end encryption
Signal protocol
Post-Quantum cryptography
Multimedia
File transfer
Video calls
Local-first
No registration
No installation
No database
TURN server
https://www.reddit.com/r/positive_intentions
#Privacy #OpenSource #P2P #WebRTC #Decentralization #DigitalSovereignty #CyberSecurity #FOSS #SelfHosted #NoCloud #AntiCorp #Encryption #WebDev #TechLiberty #PrivateMessaging #Networking #DataPrivacy #InternetFreedom #LocalFirst #SoftwareEngineering #WebApps #ZeroKnowledge #PrivacyTech #IndieDev #NoSignup #NoInstall #DecentralizedWeb #SecureMessaging #BrowserApp #TechEthics #P2P #WebRTC #PeerJS #ZeroData #EphemeralData #Encryption #E2EE #BrowserToBrowser #NoInstall #Privacy #Security #Decentralized #Messaging #VideoCall #NoTracking #PrivateMessaging #Prototype #Demo #WorkInProgress #CloseSource #OpenSource #WebDev #GitHub #TechDevelopment #WhatsApp #ChatApp #InstantMessaging #PWA
Lawmakers Demand Answers as #CISA Tries to Contain Data Leak
https://krebsonsecurity.com/2026/05/lawmakers-demand-answers-as-cisa-tries-to-contain-data-leak/
Discord now enables default end-to-end encryption for voice and video across DMs, group calls, channels and Go Live streams using the open-source DAVE protocol. 🔐
Externally audited encryption keeps keys on user devices, while unsupported clients are blocked and text messages remain server-accessible. 🛡️
🔗 https://cybersecuritynews.com/discord-end-to-end-encryption-default/
#TechNews #Discord #E2EE #Encryption #DAVE #OpenSource #Privacy #Cybersecurity #WebRTC #FOSS #Security #Linux #Gaming #Mozilla #GitHub #Audit #Games #Game
Мой сонный разум породил подходящий рекламный слоган для #GitHub в последнее время:
«Я часть той силы, что вечно обещает SLA, но вечно производит баги».
#GitHub is going great.
Remember the issue where PRs wouldn't show up on repositories? Well, it turns out it wasn't fixed at all. #Microsoft just "resolved" the incident and is rejecting all reports about it now.
https://github.com/conda-forge/amplitude-analytics-feedstock/pulls is one example when you can't see the PRs.
#Grafana says stolen #GitHub token let hackers steal codebase
#privacy #cybersecurity #DataBreach #analytics #TeamPCP #npm #ShaiHulud
The GitHub breach last night was worse than reported. 4000 or so private repos for sale on Tor. LAPSUS$ is claiming it's for sale already but it isn't on their release site.
https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html?m=1
Well, that isn't great.
"GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension.
The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device."
RE: https://techhub.social/@Techmeme/116606089296164399
Remember this whenever you hear claims that your data is secure on some system or other that you do not own and control.
Like all that additional data governments want to gather via the slippery slope of “age verification” in the EU.
The only data that is actually secure on a third party is data you haven’t shared with the third party.
Hence: data minimisation.
Had I mentioned GDMR yet today? Because I feel I might have. But hey, here it is again:
Forgejo: https://forgejo.org ...
"Forgejo is a Free Software platform for collaboration and productivity in software development. It offers a familiar environment to GitHub users, easy installation and maintenance, and a focus on security, scaling, federation and privacy."... or cgit, which is very fast and slick for the barebones portal ...
... codeberg has a nice setup (via forgejo) if you don't want to self-host.
#git #forgejo #scm #vcs #sources #source #code #vps #gitlab #github #codeberg #hosting
Everyone loves jeering at vibecoded #GitHub being down all the time. Yet for some reason people still neglect to question making #Microsoft the primary guarantor of their software's supply chain #security. And the whole attestation nonsense that doesn't really protect against the most likely attack vectors.
Netherlands is quietly moving away from GitHub. 🇳🇱👩💻
How to setup a self-hosted #git server at home using just #cli and #ssh, without using #gitea or #gogs , so you can migrate your personal projects away from #Bitbucket or #github or #gitlab https://vikaskumar.org/2026/05/01/setup-self-hosted-git-server.html
I have been using GitHub (https://github.com/steinbring) for a long time, and I have been seeing a lot of people dunking on it lately (e.g., https://mitchellh.com/writing/ghostty-leaving-github) because of its many failings. I don't think that something like Codeberg (https://codeberg.org) or Bitbucket (https://bitbucket.org) is the answer because there is still a central point of failure and hosting bills to pay. I like the fact that things like ForgeFed (https://forgefed.org) and tangled (https://tangled.org) exist to at least federate comms.
I really don't know what the answer is.
Seriously considering a switch from #GitHub to #Codeberg after reading the post below, but I'm not sure I have the energy for it.
If anybody here happens to have a GitHub account, it would help a great deal to drop Pearl a star. Right now, the project is buried in search despite having a (small but present) user base and being actively maintained.
No pressure of course, but it would help a lot!
https://github.com/pdschneider/Pearl
#github #pearl #software #ai
System76 founder Carl Richell says Colorado’s SB26-051 may be amended to exempt open source software, including OSs, repos, and containers. 🏛️
The change follows advocacy, but wider state and federal proposals still risk verification rules that could limit open access and user control. 🔐
🔗 https://itsfoss.com/news/colorado-age-attestation-bill-open-source-exemption/
#TechNews #Linux #OpenSource #System76 #Colorado #Privacy #FOSS #GitHub #GitLab #Docker #Podman #Security #Policy #Freedom #Regulation
⭐ Inside GitHub's Fake Star Economy
「 Stars sell for $0.03 to $0.85 each on at least a dozen websites, Fiverr gigs, and Telegram channels - no dark web required
VCs explicitly use stars as sourcing signals: Redpoint found the median star count at seed is 2,850, and firms run automated scrapers to find fast-growing repos 」
https://awesomeagents.ai/news/github-fake-stars-investigation/
@jonn_blanchard pretty sure you’re more likely to get hacked or scammed by visiting #github these days. The way the world is going, Github will be marked NSFW in most European workplaces.
IT'S HAPPENING
GITHUB, THE FIRST ENTERPRISE CLOUD SOLUTION TO REACH ZERO NINES RELIABILITY
🚨 OPT OUT & say NO to #GitHub using your interaction data to train & improve its AI models. 🚨
GitHub is the next company to choose to opt you into having your data used - by default. 🚩
Opt out in Settings --> Copilot --> Features.
Under "Allow GitHub to use my data for AI model training" -→ Disabled.
It recently announced that if you do not opt out before April 24th, it will use your interaction data when using Copilot.