Reqflow : pick an architecture (WhatsApp,
Uber, Netflix…), hit play, watch a request flow through it step by step. Click any component for purpose + tradeoffs. Kill the cache and watch the path change.
15 systems, 18 concept guides, a drag-and-drop Builder with AI review, and a timed Interview mode.
Feedback welcome — especially what's missing from the 15.
After temporarily banning LLM-related content over April, and asking you for feedback on that ban, we've decided to bring about an end of the temporary, I-can't-believe-it's-still-April ban on AI-related posts.
Replacing the trial rule is a new shiny rule that refers to our new shiny AI policy. In short:
> Content about AI and LLMs are considered off-topic with the sole exclusion of deeply technical content about implementation.
And if you want more detail than that, go read the policy, that's what it's there for.
In addition, when writing that rule, I realized the rules weren't listed on the old.reddit.com sidebar, so that's been updated. For those of you who are seeing those rules for the first time, everything there is not new. We've been enforcing those rules as best we can for ages. You can click the link above those to get to the old.reddit rules page, with plenty of info that doesn't exactly read well when crammed into a sidebar.
The proof the folklore was missing.
As initially discovered by OX Security and further analyzed by SafeDep, the Megalodon campaign targeted GitHub Actions. By exploiting weak branch protections and utilizing throwaway or compromised accounts, the attackers deployed workflows designed to drain every secret a runner could reach – including AWS keys, GCP OAuth tokens, SSH private keys, and GitHub OIDC tokens – as well as to deploy additional infostealers to further compromise the targeted environments.
While the mechanics of the CI/CD injection are well-documented, the origin of the compromised GitHub accounts used to push the malware has remained a question mark. To solve this, Hudson Rock analyzed the list of usernames associated with the affected repositories that were observed pushing the infostealer.
By cross-referencing these GitHub usernames against our vast cybercrime intelligence database, we made a startling discovery: 331 out of 978 unique usernames (over 33%) were direct matches to computers infected by infostealers.
Upon deeper manual investigation, we realized that number is actually near 100%.
Hi all,
I executed the entire Amazon Last-Mile Routing Challenge dataset (~1M stops, 2.5M packages) natively on a physical Raspberry Pi 400 (4GB RAM).
After the GitHub breach this week, I've been thinking about VS Code extension isolation. Why are all extensions active globally by default? Shouldn't each workspace load only what it needs?
I am wondering if anyone was on the receiving end of this Github outage (or many subsequent incidents after this one). Is anyone else thinking about getting off Github?