Show threadJTI1h ago

@sodiboo @ifin @threatintel @archlinux Hopefully now the worst of that #AURpocalypse campaign is through (🤞) .
Some friendly people even contributed some info on unrelated campaigns that targeted the AUR. The entire thing has racked up 1,8k stars on Github.

I've turned the original shell script bandaid into a small Python CLI that's ready for the next campaign.
I certainly don't look forward to it, but at least there should be something that makes creating a tool a bit easier if the new campaigns are even half-related in their approaches.

#Github #AURpocalypse

Curated Hacker News1h ago

Pull request limits are cutting down the noise

https://github.blog/open-source/maintainers/how-pull-request-limits-are-cutting-down-the-noise/

#github #open-source

How pull request limits are cutting down the noise

Learn how pull request limits can help manage contribution volume in your repositories, and see what’s next on the roadmap.

The GitHub Blog
GripNews1h ago
🌗 OpenClaw 專案合併請求(PR)的統計研究
➤ 當 AI 接管編程,開源社羣將如何應對信譽體系與同質化的挑戰?
https://www.greptile.com/blog/prs-on-openclaw
本文探討了開源專案 OpenClaw 在 AI 自動化編程普及後,所面臨的 PR 數量暴增與品質下降問題。作者 Rahul Bathija 指出,當前開源界正經歷類似早期電子郵件垃圾訊息氾濫的危機,大量由 AI 自動產生的低品質貢獻正淹沒維護者。透過分析 OpenClaw 的數據,作者提出三個核心觀點:首先,開發者信譽機制(如 Vouch)將成為過濾低品質 PR 的關鍵;其次,由於開發者過度依賴相同的 AI 模型與提示詞,開源社羣正面臨「思想同質化」風險,導致「林納斯定律」(Linus's Law)面臨挑戰;最後,數據顯示需要深度理解系統架構的重構型 PR 合併率遠高於單純新增功能,這證明瞭在 AI 時代,「深度思考」的價值遠勝於單純的代碼輸出。
+ 這篇文章非常精準地描繪了當下開源維護者的痛苦,如果不引入類
#人工智慧 #開源軟體 #軟體工程 #GitHub 生態系
A statistical study of PRs opened on openclaw/openclaw | Greptile Blog

OpenClaw became the fastest-growing repo in GitHub history almost overnight. The PR data offers a preview of what the future of open source contribution may look like.

Curated Hacker News2h ago

Show HN: peerd – AI agent harness that runs entirely in your browser

https://github.com/NotASithLord/peerd

#ai #github

GitHub - NotASithLord/peerd: The first AI agent harness native to the browser. A Chrome/Firefox extension that runs the agent loop in your browser — drives your tabs, spins up sandboxed compute (JS notebooks, WASM Linux VMs, client-side apps), and shares what it builds peer-to-peer. BYOK · no backend · no telemetry.

The first AI agent harness native to the browser. A Chrome/Firefox extension that runs the agent loop in your browser — drives your tabs, spins up sandboxed compute (JS notebooks, WASM Linux VMs, c...

GitHub
dirk dierickx2h ago

There is large-scale #malware problem going on at #GitHub

As always, be careful when downloading random code and/or programs from any unverified source.

https://orchidfiles.com/github-repositories-distributing-malware/

#security #cybersecurity

I discovered a large-scale malware distribution on GitHub

This is the story of how I found 10,000 repositories on GitHub that distribute Trojan malware. They are all from different contributors, have different names, and are not forks of other repositories. But they share a common pattern, which is what allowed me to write a script to find

Orchid Files
c't Magazin3h ago

heise+ | GitHub-Alternative Forgejo mit Actions zur automatisierten Codeschmiede machen

Die Open-Source-Codeschmiede Forgejo können Sie selbst hosten. Ein Runner ergänzt die Plattform um CI/CD-Pipelines, die kompatibel zu GitHub-Actions sind.

https://www.heise.de/ratgeber/GitHub-Alternative-Forgejo-mit-Actions-zur-automatisierten-Codeschmiede-machen-11318264.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Docker #GitHub #IT #OpenSource #Softwareentwicklung #Versionskontrolle #news

GitHub-Alternative Forgejo mit Actions zur automatisierten Codeschmiede machen

Die Open-Source-Codeschmiede Forgejo können Sie selbst hosten. Ein Runner ergänzt die Plattform um CI/CD-Pipelines, die kompatibel zu GitHub-Actions sind.

c't Magazin
Curated Hacker News3h ago

Systems optimization should be part of CI/CD

https://ucbskyadrs.github.io/blog/levi/

#github

LEVI: Better ADRS Results at a Fraction of the Cost | ADRS — AI-Driven Research for Systems

Algorithmic discovery frameworks like OpenEvolve and GEPA have shown that AI-Driven Research for Systems (ADRS) can produce strong algorithms. But today's frameworks are too expensive for where ADRS should go next. LEVI is a framework built around lowering the cost of algorithmic discovery, getting stronger ADRS results at roughly 3–7× cheaper than baselines.

ADRS — AI-Driven Research for Systems
Curated Hacker News3h ago

Show HN: Nub – A Bun-like all-in-one toolkit for Node.js

https://github.com/nubjs/nub

#github

GitHub - nubjs/nub: The all-in-one Node.js toolkit

The all-in-one Node.js toolkit. Contribute to nubjs/nub development by creating an account on GitHub.

GitHub
Analyst2074h ago

Cordyceps Flaws Compromise 300+ GitHub Repositories

A newly discovered flaw, dubbed Cordyceps, has left over 300 GitHub repositories vulnerable to exploitation by unauthenticated users, allowing for code execution, credential theft, and supply-chain compromise. This critical weakness can be easily exploited, putting countless open-source projects at risk.

https://osintsights.com/cordyceps-flaws-compromise-300-github-repositories?utm_source=mastodon&utm_medium=social

#Cordyceps #Github #SupplyChain #Cicd #OpensourceSecurity

Cordyceps Flaws Compromise 300+ GitHub Repositories

Discover Cordyceps flaws compromising over 300 GitHub repositories. Learn how to secure your CI/CD pipelines and prevent code execution attacks now.

OSINTSights
Black Lantern Security (BLSOPS)4h ago

Such an interesting read, not only did the author discover this vulnerability across multiple platforms (while still being too young to drive). But he also wrote a bot within one of the platforms to show the vulnerability in action.

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Tags: #redteam #github #vulnerability #discord #signal #cloudflare

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

Gist