▲ 13 r/github+1 crossposts

widespread compromise across multiple repos

There is a widespread attack currently affecting GitHub repositories, and the original source/vector is still unclear.

What this attack is doing:
It modifies your GitHub Actions workflows — replacing legitimate build/test/deploy steps with a malicious base64-encoded payload.

That payload gets decoded at runtime and immediately executed as shell code inside the CI runner.

The script is designed to harvest:

GitHub tokens
AWS credentials
GCP credentials
SSH keys
npm tokens
Docker credentials
Kubernetes secrets
.env files
and other sensitive credentials/tokens

It then exfiltrates them to a remote attacker-controlled server.

What you should do immediately:

Revoke ALL GitHub PATs (classic + fine-grained)
Remove/revoke OAuth apps
Remove all SSH keys and rotate them
Rotate cloud/API credentials
Rotate npm/Docker/CI secrets
Audit all GitHub Actions workflows

Important:
Do NOT immediately re-add everything after revoking.

First:

monitor activity,
audit systems,
then re-add access gradually with cooldown periods between integrations/apps.

Also assume local compromise is possible.

Check:

globally installed npm packages
local project dependencies
VS Code/JetBrains extensions
browser extensions
shell startup scripts
GitHub Actions dependencies
any recently installed tooling

This attack appears heavily focused on supply-chain and CI/CD credential theft.

u/0xdps — 16 hours ago

▲ 29 r/developersIndia

My Interview Experience — One of the Few Interviews After My Layoff

Had an interview yesterday that honestly left me thinking about how a lot of engineers evaluate systems purely with hindsight.

Almost every discussion became:
- Why did you use this?
- You should have done it differently.
- This architecture choice was wrong.

Not because the interviewer wanted to understand the reasoning behind the decisions, the age of the systems, the business constraints, the timelines, or the tradeoffs involved.

Instead, the conversation mostly revolved around how he would have designed everything differently.

What made it harder personally is that I’ve been laid off for months now, and every interview matters a lot.

You prepare, revise old projects, rethink decisions you made years ago, show up hoping for a meaningful technical discussion - and then sometimes you walk into conversations where the goal feels less like understanding engineering and more like proving past decisions wrong with hindsight.

And the funny thing is, a few hours later Railway had a major outage, and the internet instantly became full of distributed systems experts:
- Why didn’t they replicate better?
- Why wasn’t the architecture designed differently?
- How could they allow this to happen?

Honestly, I feel like if that same interviewer were reviewing Railway’s systems yesterday, the conclusion would probably still be :- The architecture was wrong.

That’s the easiest thing in the world to say after something breaks.

Real-world engineering is messy.
Systems are built over years.
Decisions are made with incomplete information, limited people, limited time, limited budgets, existing infrastructure, and business pressure.

No experienced engineer should evaluate old technical decisions without first understanding the context in which those decisions were made.

It’s easy to design perfect systems on paper.
It’s much harder to build practical systems that survive in the real world.

reddit.com

u/0xdps — 3 days ago

▲ 0 r/sqlite

Been building something called MesaHub for some time now.

The idea started from a simple thought:
why does backend infra for small/medium apps feel so heavy now?

For a lot of projects, setting up Postgres, pooling, separate storage, serverless compatibility etc feels like too much work.

So MesaHub is my attempt at making it simpler.

Basically:

SQLite database over REST/HTTP
works with edge/serverless runtimes
usable from Cloudflare Workers, Vercel, Lambda, normal backends etc
open source
file storage + DB backups coming soon

Main focus is keeping things simple and fast without needing too much infra setup.

Still very early and in public beta, but finally got the landing page and core architecture into a state I feel good about

GitHub: https://github.com/mesahub-db/mesahub-core
Home: https://www.mesahub.app

Would genuinely love feedback from people building backend/devtools stuff.

u/0xdps — 14 days ago

▲ 872 r/developersIndia

Hey everyone,

I’m Devendra Pratap Singh (DPS). I’ve been a developer for over 11 years and worked at companies like BookMyShow, Zynga Gaming, FanCraze, and Spinny. Usually, calls always come, but I was laid off 2 months ago and it’s been total silence. I’m applying every day, but I’m hardly getting any response from HRs. It’s something I've never seen before and it’s a bit scary to see the market like this after so many years.

I don’t want to just sit around, so I’m offering Mock Interviews for System Design and Coding. I know a lot of people are out of work and money is tight, so I’m not asking for a lot of money here. I’ve made two coupons: 100% off if you can't afford it right now, and 50% off if you can help me out a bit. If you can afford it, please consider a full booking.

I know that doing a mock interview helps a lot with confidence, and I want to provide that to you for your real interviews.

If a mock interview is something you are not looking for, you can help by following me here:

GitHub: I’ve been working on some dev tools like Folioport and the 'pingpong' ecosystem. If you can star my work, it might help me get some freelance jobs.
Referrals: If your company is hiring for a Senior or Principal Engineer, please let me know.
LinkedIn: Let's just connect. It helps to have a bigger network right now.

Please DM - Reddit won't let me add any links here

reddit.com

u/0xdps — 17 days ago