Kat Marchán 🐈<p>GitHub’s relevance as a development platform is rapidly devolving: I have gotten more spam on there and through there in the past couple of weeks than I will get in an entire year or two, and Copilot means they just don’t care.</p><p>Open Source deserves new homes. I’ll continue moving my projects away.</p><p><a href="https://toot.cat/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://toot.cat/tags/GiveUpGitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GiveUpGitHub</span></a> <a href="https://toot.cat/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://toot.cat/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a></p>
Administered by:
#github
17 posts15 participants0 posts today
Latest issue of my curated #cybersecurity and #infosec list of resources for week #37/2025 is out!
→ It includes the following and much more:
Salesloft #GitHub Account Compromised Months Before #Salesforce Attack;
20 Popular #npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack;
Another breach at #Plex;
Former #Meta security chief sues company;
#Signal now offers secure chat backups;
#Anthropic will stop selling its #AI services to companies with majority Chinese ownership;
Jaguar Land Rover Admits #DataBreach Caused by Recent Cyberattack;
Senator Ron Wyden asked the FTC to investigate #Microsoft for gross cybersecurity negligence;
A House committee warns China-linked hackers (APT41) are targeting U.S. trade officials;
The U.S. Treasury sanctioned 19 people and groups tied to big online #scam hubs in Burma and Cambodia;
NEVER MISS my curations and updates on information security and cybersecurity news and challenges 
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end 
https://infosec-mashup.santolaria.net/p/infosec-mashup-37-2025
X’s InfoSec Newsletter🕵🏻♂️ [InfoSec MASHUP] 37/2025Salesloft GitHub Account Compromised Months Before Salesforce Attack; 20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack; Another breach at Plex; Signal now offers secure chat backups; Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack; Senator Ron Wyden asked the FTC to investigate Microsoft for gross cybersecurity negligence;
There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.
I found an ad of the same kind on Duck Duck Go, so it's not just Google.
The details of the attack are described in the article.
Arctic Wolf · GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe - Arctic WolfArctic Wolf has uncovered a sophisticated delivery chain: a threat actor abused GitHub’s repository structure and Google Ads to redirect users to a malicious download, while a GPU-gated decryption routine keeps the payload encrypted on systems without a GPU. We have named this new attack technique “GPUGate”.
Replied to Kevin Karhan 
@kkarhan @OS1337 and I am sure you can move away from #github quite easily as well.
Personally, I think I will move away from github. I am not sure where to yet, but increasingly I feel the need to not feed the LLM torment nexus.
OS1337 looks quite interesting - I have plans to do something similar using fil-c [1] as the compiler.
fil-c.orgFil-C
Replied to spinglass
@spinglass nodds in agreement
Whilst I use #GitHub for @OS1337, I don't use #GithubActions and it can be all done completely airgapped (merely depending on your ability to get sources & toolchain on your device and follow documentation.
- And I think #ReproduceableBuilds and a truly "#SelfHosting"-capable system is necessary of you want it to be real #FLOSS that is actually working!
But then again I'm not deploying some 3rd tier esolang.
Replied in thread
@0xabad1dea Put that as a feature request change for #forgejo. I like Forgejo, I run it on my own server -- but it is a fairly slavish copy of #GitHub, and there are some things, such as your suggestion, that could be done better.
#StaleBot, except instead of threatening the contributor to close the PR, it threatens the maintainers that it will merge it. Obviously, since there are no remarks, it must be good!
#Catima 2.38.0 is out!
https://github.com/CatimaLoyalty/Android/releases/tag/v2.38.0
This release adds support for .pkpasses, removes the Stocard importer (as Stocard no longer exists) and removes images from the widget below Android 12L.
Do note that the widget change is not what we want. If anyone understands this crash and has a fix, I'd love to hear it, so we can support images on all Android versions: https://github.com/CatimaLoyalty/Android/issues/2653
Coming soon to an app store near you.
GitHubRelease 2.38.0 · CatimaLoyalty/AndroidAdd support for .pkpasses files
Remove Stocard importer (Stocard no longer exists)
Temporarily disable widget images below Android 12L (workaround for a crash issue)
I'd like a #GitHub feature that extracts/offers the text from images/screenshots (so that we can replace the images) to improve issues and bug reports where people ANNOYINGLY insist on using images for text.
Some thoughts on personal Git hosting
https://shkspr.mobi/blog/2025/09/some-thoughts-on-personal-git-hosting/
Terence Eden’s Blog · Some thoughts on personal git hosting
More from 
Terence Eden
3 emails a week (to all of the addresses GH has for me) from GitHub trying to get me to have members of my organisation use Copilot.
This just smacks of desperation