r/foss

Turns out: very visible. Yesterday's scan found 185 out of 185 engagers on a single repo were bots. Not 90%. Not "mostly suspicious". Every single one. The repo had zero legitimate stars.

What I built

phantomstars is a Python tool that runs daily via GitHub Actions (free, no servers):

1. Scrapes GitHub Trending and searches for repos created in the last 7 days with sudden star spikes
2. Pulls star and fork events from the last 24 hours per repo
3. Bulk-fetches every engager's profile via the GraphQL API (account creation date, follower counts, repo history)
4. Scores each account on a weighted model: account age (35%), profile completeness (30%), repo patterns (25%), activity history (10%)
5. Detects coordinated campaigns using timestamp clustering and union-find: groups of 4+ suspicious accounts that engaged within a 3-hour window
6. Files an issue directly on the targeted repo so the maintainer knows what's happening

Campaign IDs are deterministic SHA-256 fingerprints of the sorted member set, so the same group of bots gets the same ID across runs. You can track a farm across multiple days even as individual accounts get suspended.

What the pattern actually looks like

It's remarkably consistent. A fake engagement campaign in the raw data:

• 40-200 accounts, all created within the same 1-2 week window
• Zero original repositories, or only forks they never touched
• No bio, no location, no followers, no following
• All of them starring the same repo within a 90-minute window
• The target repo usually has a name implying it's a tool, hack, executor, or generator

Today's scan: 53 active campaigns across 3,560 accounts profiled. 798 classified as likely_fake. The repos being targeted are mostly low-quality AI tools and "executor" software that needs manufactured credibility fast.

Notifying the affected repo

When a repo hits a 40%+ fake engagement ratio or a campaign is detected, phantomstars opens an issue on that repo with the full suspect table: account logins, creation dates, composite scores, campaign membership. The maintainer sees it in their own issue tracker without having to find this project first.

Worth noting: a lot of these repos have issues disabled, which is a red flag on its own. Those get skipped silently.

Why I built this

Stars are how developers decide what to evaluate, what to depend on, what to recommend. When that signal is bought, it affects real decisions downstream. This started as curiosity about how measurable the problem was. The answer was more measurable than I expected.

It's part of broader research into AI slop distribution at JS Labs: https://labs.jamessawyer.co.uk/ai-slop-intelligence-dashboards/

The fake engagement problem and the AI content quality problem are really the same problem. Fake stars are the distribution layer that gets garbage in front of real users.

All open source. The data is append-only JSONL committed back to the repo after every run, queryable with jq.

Repo: https://github.com/tg12/phantomstars

Findings are probabilistic, false positives exist, the README explains the full scoring model. If your account shows up and you're a real person, there's a false positive process.

Questions welcome on the detection approach, GraphQL batching, or campaign ID stability.

There are honestly so many Git tools out there rn that it’s hard to keep track. Curious what people here actually use and like. Doesn’t have to just be command simplification stuff either. Could be diff tools, TUIs/GUIs, automation tools, repo analysis, experimental projects, anything Git-related really.

For me, they are gitagent and delta

Nice find that allows you to generate noise for Data Brokers ! (not sponsored, not affiliated with the developer, just randomly saw it on F-droid's home page and wanted to share :))

Basically Google is trying to make android like iOS, giving more difficulties to our beloved FOSS developers. I think that Google is trying to isolate that percentual of users that use third-parties app on official OS versions forcing them to switch to custom rom, preferring to lose the customers​, kicking us out because they want the normal users. ​Google hate the fact that that operating systems like GrapheneOS exist​ because He lose his monopoly power when we buy a phone and we can do whatever we want with it. I made a conclusion that Google will never shut down AOSP because if ​he do that, people like us will start using alternative OSes like FuriOS or Ubuntu touch and having someone that dosen't use an iOS devics and not even Android and Google hate the fact that he can't made competition against Apple.

I know that what I wrote may seem conspiratorial, but thinking this made me comfort about that i can still use GOS and i hope that can help you in the same way, let me know what you think about it.

Hi everyone! For the past 5 months, I’ve been spending my free time building LibrePDF, a fast PDF manipulator with minimal dependencies. To clear the air right away and explain the philosophy behind it: LibrePDF is focused on 100% privacy. It makes zero HTTP calls, everything stays locally on your machine, no telemetry, no analytics, not even local usage logs. I was sick and tired of uploading my personal data to cloud giants (like iLovePDF, Smallpdf, etc.) or relying on sketchy closed-source freeware.

Example of merge

Right now, it supports 8 operations. You have the usual suspects:

• Merge & Split
• Protect & Unlock
• PDF to JPG conversion
• Flatten

But also a couple of features I haven't really seen in similar projects:

• Metadata Cleaner: strips away hidden metadata from the file.
• PDF Info: lets you see crucial file details (if unencrypted) like author, page count, and whether it contains JavaScript or not.

Currently, I support Windows and Linux, excluding macOS (though nothing stops you from building it yourself <3). You can grab the portable binaries from the GitHub release tab—the zipped files are around 55/60MB and ready to run. I’d love it if some of you could test it out and give me some feedback, good or bad. If this tool stops even just one person from uploading sensitive documents to sketchy servers, it’ll be the best reward for these 5 months of work. You can find the code, binaries, and more info here: GitHub Repo

PS: As stated in the README, AI usage was kept to an absolute minimum. When used, it was never blind copy-pasting—I spent hours manually reviewing and testing every single line. I won't stress this point further.
PS 2: I don't have any tech-savvy friends interested in trying this out 🙃, so I have absolutely no idea about the UX. It's likely very unpolished.
PS 3: Initially, the window sizes were hardcoded. I switched to relative proportions, but I have no clue how it renders on 2K or 4K monitors. Let me know if everything blows up!

Currently using apostrophe but it's slow, bloated, and full of bugs. Any recommendations please? Requirements are side-by-side preview, "source-code" mode, so typing doesn't attempt to make a stylised version of what you type but leaves that to the preview.

I strongly support the goals of FOSS, and over time I’ve been trying to reduce my dependence on proprietary apps and services wherever possible. But honestly, correct me if I am wrong, sometimes that’s not so easy.

Sometimes you can’t find a FOSS alternative that fits all your needs. And sometimes, even if you do find one, the proprietary software still has too much leverage over you to leave.

For example, take WhatsApp. I know there are better alternatives like Signal, etc. But where I live, almost everyone uses WhatsApp — friends, family, work, local groups, etc. So even if I personally want to switch, it becomes difficult when the people I need to communicate with aren’t there.

That made me curious about other people’s experiences here. So for what use case, you can't find a better FOSS alternative that fit all your requirements? And, if you can't make the switch even after finding one, what's your reason for that?

We already know which phone features to replace, but what solutions are currently available for external devices such as TV dongles, fitness trackers/smartwatches, routers, wireless audio systems like Chromecast with Nest, IoT management, etc.?

I’m talking about things that complement the ecosystem and work without relying on Google or those malicious third parties—and that, clearly, don’t sell your data.

Any tools, products, etc., that you know of?

Hello all, I love the open source community and want to contribute. Thing is that coding isn’t my strong suit as much as I’d like it to be. I’m stronger in IT related disciplines such as cloud,sys admin, Linux, etc than computer science (intermediate python and C#). How can I contribute in others ways than coding? Thanks in advance and all ya’ll do!

Just wanted to share something i've been working on for a long time now. If you guys watch a lot of high-quality stuff on Android, you probably know that most players are either full of ads or they just feel... heavy? Like, too many dead taps and weird lag.

​So i forked mpvExtended and made mpvRx. I really wanted to focus on the "feel" of the player. It’s based on libmpv so it plays literally everything you throw at it, but i pushed it way harder on the details.

​Some cool stuff i added:

​HDR Mode : I integrated the hdr-toys shader suite. So if you have a nice screen, you get proper BT.2100 PQ/HLG and BT.2020 support. It looks sharp for real.

​JavaScript Support: Added a script editor and JS support so you can actually customize how it behaves.

​Faster browsing: Fixed a lot of the friction in the UI, better thumbnail extraction, and it handles resuming files much better now.

AI Integartion : With addition of Realtime Ai based Subtitle Generation from Audio, Subtitle Translation to any Language , Ai Renaming of Files , also supports bulk Rename , Ai based Subtitle Finder and auto loader.

And Many more Additions i cant list all u can see CHANGELOG.md

​It’s totally open source. I just released v1.3.6 and honestly, i just want people who care about playback quality to try it out. If it breaks or feels off, please tell me.

​Check it out here: https://github.com/Riteshp2001/mpvRx

​Let me know what u think! If u like it, maybe drop a star or something, it helps a lot. Cheers!

Hey everyone! I wanted to share a small tool I’ve been building called Writher.

The idea is simple: it lives in your system tray and gives you two things.

Hold AltGr anywhere (any app, any text field) and just speak. It transcribes your voice with Whisper and pastes the text right where your cursor is. No clicking, no switching apps.

Hold Ctrl+R and you get a voice assistant that understands natural language. You can say things like “remind me to call Marco in one hour” or “appointment with the dentist tomorrow at 3pm” and it handles the rest. Notes, to-do lists, shopping lists, reminders with toast notifications, all stored locally in SQLite.

The part I’m most proud of: everything runs 100% offline. Speech recognition via faster-whisper, intent parsing via Ollama, no cloud, no API keys, no telemetry. Once you download the models it works with no internet at all.

There’s also a little animated floating widget with eyes that react to what it’s doing (listening, thinking, error…) which is silly but I kind of love it.

It’s Python, MIT license, Windows 10/11 only for now.

GitHub: https://github.com/benmaster82/writher

Would love feedback, especially from anyone who uses voice input regularly. Still early days but it works well for my daily workflow!