So #Github released their accessibility documentation and, this will be a helpful resource to so many! https://accessibility.github.com/documentation/guide/repos/ #Git #A11y #Accessibility
#Catima 2.34.5 is out!
This is a maintenance release that targets Android 15 and fixes a crash.
The app will look slightly uglier on some devices, due to Google's changes in how drawing over the system and navigation bar works. Sadly, supporting proper edge-to-edge requires extensive rewrites (help very welcome!), so I opted to at least ensure we target Android 15 before any deadlines.
Coming soon to an app store near you.
https://github.com/CatimaLoyalty/Android/releases/tag/v2.34.5
I've written a wee blog post about installing #forgejo
"This is a really unusually well polished and well documented open source project, and seems to be an effective replacement for #GitHub..."
https://www.journeyman.cc/blog/posts-output/2025-03-08-installing-forgejo/
As well as creating new features, we are constantly improving existing ones.
One of the most recently developed components is the one for animating objects on the map: we have an example on https://mapcomponents.org for the real position and movement of ships in the Baltic Sea.
Now you can select the live data for the actual speed (whether moving or at anchor). Try it here: https://catalogue.mapcomponents.org/en/component-detail/MlIconLayer
Available on GitHub: https://github.com/mapcomponents/react-map-components-maplibre-lab/tree/main/src/components/MlIconLayer
"#GitHub Action Compromise Puts #CICD Secrets at #Risk in Over 23,000 Repositories"
#DevOps #automation is always high risk: root access, connected, fast, scaled. So 
like this is 
unacceptable.
Major $fail by $MSFT leadership. I bet all the #layoffs didn't help.
https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html
I just blogged: Automating Apple Builds: A Practical Guide to GitHub Secrets
https://msicc.net/automating-apple-builds-a-practical-guide-to-github-secrets/
I just blogged: Automating Apple Builds: A Practical Guide to GitHub Secrets
https://msicc.net/automating-apple-builds-a-practical-guide-to-github-secrets/
#ios #iosdev #githubactions #github #secrets #certificates #security #cicd #automation #build #deployment https://msicc.net/automating-apple-builds-a-practical-guide-to-github-secrets/
A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.
https://www.computing.co.uk/news/2025/security/github-attack-threatens-23-000-organisations
GitHub uncovers new Ruby-SAML Vulnerabilities allowing Account Takeover Attacks.
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.
![[ImageSource: GitHub]
"Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user," GitHub Security Lab researcher Peter Stöckli said in a post.
The Microsoft-owned subsidiary also noted that the issue boils down to a "disconnect" between verification of the hash and verification of the signature, opening the door to exploitation via a parser differential.
Versions 1.12.4 and 1.18.0 also plug a remote denial-of-service (DoS) flaw when handling compressed SAML responses (CVE-2025-25293, CVSS score: 7.7).
⚠️Users are recommended to update to the latest version to safeguard against potential threats.⚠️
The findings come nearly six months after GitLab and ruby-saml moved to address another critical vulnerability (CVE-2024-45409, CVSS score: 10.0) that could also result in an authentication bypass.](https://nerdculture.de/system/media_attachments/files/114/177/947/075/555/612/original/721ecee68734690f.jpeg "[ImageSource: GitHub]
\"Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user,\" GitHub Security Lab researcher Peter Stöckli said in a post.
The Microsoft-owned subsidiary also noted that the issue boils down to a \"disconnect\" between verification of the hash and verification of the signature, opening the door to exploitation via a parser differential.
Versions 1.12.4 and 1.18.0 also plug a remote denial-of-service (DoS) flaw when handling compressed SAML responses (CVE-2025-25293, CVSS score: 7.7).
⚠️Users are recommended to update to the latest version to safeguard against potential threats.⚠️
The findings come nearly six months after GitLab and ruby-saml moved to address another critical vulnerability (CVE-2024-45409, CVSS score: 10.0) that could also result in an authentication bypass.")
This has sadly become part of my @thecarpentries 's lesson on #git .
I'm in the process of planning how to use #codeberg instead of #github for the next iteration of the workshop (likely next fall). Are there any coordinate efforts, so I don't reinvent the wheel?
A widespread #phishing campaign has targeted nearly 12,000 #GitHub repositories with 
fake "Security Alert" issues,
tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.
"Security Alert: Unusual Access Attempt We have detected a login attempt on your GitHub account that appears to be from a new location or device," -- reads the GitHub phishing issue.
All of the GitHub phishing issues contain the same text, warning users that there was unusual activity on their account from Reykjavik, Iceland, and the 53.253.117.8 IP address.
A new blog post about the forthcoming experimental #GitHub peer review project for my #ExperimentalPublishing #DeepMapping and #BlueHumanities book: https://doi.org/10.21428/785a6451.46761718 @copim @kbnationalebibliotheek #Writing #Review #Design
AI coding assistant refuses to write code, tells user to learn programming instead - On Saturday, a developer using Cursor AI for a racing game project hit an ... - https://arstechnica.com/ai/2025/03/ai-coding-assistant-refuses-to-write-code-tells-user-to-learn-programming-instead/ #largelanguagemodels #machinelearning #aipaternalism #stackoverflow #programming #airefusals #aicoding #chatgpt #chatgtp #biz #cursor #github #tech #ai
Due to some kind of depressive state resulting from a mix of many things, and also due to a lack of time now I'm a full time dad with a huge lack of sleep, I didn't coded anything for #krita since a long time (my plugins or Krita itself).
I even didn't draw anything from a long time 
I'm not sure when I'll be able to find time and energy to update and continue to improve the plugins but at least, I've migrated all my #github repositories to #codeberg
Repo on GitHub are still available in archive mode, with a link to their active Codeberg repo.
Hey peeps, if you're still using #GitLab and #GitHub and you're twitching a bit because they're fellating fascists, I want to point to the sign that says you can self-host @forgejo - a project which is also working on decentralisation and federation.
Failing that, @Codeberg also exists, are a European non-profit that also supports the development of Forgejo.
Hope that helps 
I just lost access to a substantial amount of issues on one of my #GitHub projects.
I would appreciate if people could help upvote https://github.com/orgs/community/discussions/153161 to get more attention.
GitHub staff won't even tell me how much data they've hidden from me, which is quite discouraging :(
Oh no, Google Chrome has discovered time! Now #extensions "may soon no longer be supported" — but don't worry, you can still automate your existential crises directly on GitHub! 
https://github.com/gorhill/uBlock/wiki/About-Google-Chrome%27s-%22This-extension-may-soon-no-longer-be-supported%22 #GoogleChrome #Automation #ExistentialCrisis #GitHub #TechNews #HackerNews #ngated
