Redhat employee had leaked credentials, threat actor used those credentials to push some files to GitHub, which executed the code in a GitHub action which had trusted access to publish to NPM.

Essentially, an employee got owned and someone used their access (that they already had) to publish the nefarious code.

You’ll see GitHub Actions in these often, as that’s how a lot of big open source organizations publish their packages and run tests/deployments. It’s less of a “GitHub based problem” and more of a “trust boundary problem”, if they used other services, the same problem could likely have still been successful.

Best Hemisphere.

I mean, if you read the OP, it says at the end. The clients are Apache2 and can just be formed if the API starts drifiting.

duh, you’re right I can’t read 😂

I’m not sure on an answer to your question, but I am interested as to what hardware you run this on?

Or effects its already having…

Unless your using an LLM to make simple one-page HTML pages. In which case it likes to reinvent the wheel every single time. 🤣

Yea and they should. I want Google to completely delete my apps though. 🤨

Maybe you will, I demand a signed decree!

Ahh fuck Google. They will allow you to delist apps, but you can never delete them from the Play Store entirely.

Yeah it’s fucking stupid. Fuck Google and the fuckknuckle changes they are making to restrict our devices, in the name of “security”. Not a happy camper.

And to clarify, these are linux-kernel distros developed for mobile devices. Previous commenter seemed to care that the Android kernel is based on Linux, even though it’s heavily modified. - “Linux phones” would typically use a much more standard, open-source kernel and driver bundle.

Not necessarily - I use Aurora store (without Google login) to install apps, and now apps have a method of validating which store installed them. Which is dogshit since it’s the same APK running on my device. Said apps can now block usage if they detect they have not been installed using “approved methods” which is my take on OP’s post.

For apps I install with F-droid or Obtainium, this is usually not an issue since those apps don’t enforce stupid rules.

Edit: I should point out that this is 100% related to Google’s upcoming (hopefully not…) enforcement of “no third party app installations” - this is the exact method they will use to block access to these applications.

This is unrelated to the post, China is using the same source material, they are just never going to be sued for using it 😁

Yeah, it’s dumb, makes no sense, it’s harder to read, used nowhere else in english anymore, and is just one fella on here using it for, let’s say “reasons”. All your points are correct.

are you saying that we’re not all here commenting, regardless? 😥🥹

My self hosted gitlab instance has better uptime over the last 12 months than a billion-dollar SAAS product 🤣

I use a ton of AI services, and never once needed a Google account. Chatgpt, github copilot, perplexity, all support local/email login. there’s Duck.AI etc etc. You can use gemini via perplexity etc (got the free year with PayPal login) AI is easy but I don’t support anyone paying (real money) for it.

sorry, what? a “problem” with the screenshot"?! it doesn’t cause the fonts to be different 🤣

I mean their TOS literally says “… we can’t promise that any Copilot’s Responses won’t infringe someone else’s rights (like their copyrights, trademarks, or rights of privacy) or defame them. You are solely responsible if you choose to publish or share Copilot’s Responses …”