Очередной взлом GitHub action с подменой старый версий для заражения CI.

Очередной пример, что в workflow надо фиксировать action по sha-коммита, а не по версии.

В JS-проектах используйте actions-up
https://github.com/azat-io/actions-up

В остальных — pinact.

https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise

I would like to give away my Novation LaunchKey 37 MK3.

Does anyone know any charity (working with kids, for example), group or individual that this could help to? Personal recommendations are much appreciated.

Fully functional, few minor scratches that do not affect the functionality.

Within EU due to fees and easier shipping in general (I’ll take care of that).

Thank you for sharing ❤️

#musicProduction #midiController #midi #novation #ableton #bitwig

soooo... my employer has gone "all-in" on "AI" development and has a mandate that all work be done "AI-first"

needless to say, I am ... not buying this

I've been at this job for nine years and seen a lot of really stupid shit (including being forced to do all my work on a windows laptop ~6mo ago) but this is the thing has pushed me over the line; I've stayed at this job because I was able (within limits) to do my best work, and now I'm being told I need to do work that is worse than that

no

My friend Kevin made a super-straightforward way to run agents in VMs (so you can --yolo and live more than once)

https://kevinlynagh.com/newsletter/2026_02_01_vibe/#llm-agent-virtual-machine-sandbox