1_DevOps'ish

1_DevOps'ish

GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos - Noma Security
GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos - Noma Security
TL;DR: Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belonging to the same organization as the private repositories. Noma Labs named the vulnerability GitLost.    Introduction GitHub recently launched […]
·noma.security·
GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos - Noma Security
kiac: Kubernetes on Apple Containers with VM-Isolated Nodes | Kubesimplify
kiac: Kubernetes on Apple Containers with VM-Isolated Nodes | Kubesimplify
kiac runs local Kubernetes on macOS where every node is its own lightweight VM via apple/container: kubeadm or k3s flavors, Cilium on a custom kernel, built-in LoadBalancer, Grafana, Gateway API, and clusters that survive reboots.
·blog.kubesimplify.com·
kiac: Kubernetes on Apple Containers with VM-Isolated Nodes | Kubesimplify
GitHub Has Restricted Access to Star Data
GitHub Has Restricted Access to Star Data
GitHub is restricting its stargazers API to a repository's admins and collaborators, which breaks star history for repos you don't own. Here's what happened and what we're doing.
·star-history.com·
GitHub Has Restricted Access to Star Data
Tech jobs market in 2026, part 3: hiring managers & job seekers
Tech jobs market in 2026, part 3: hiring managers & job seekers
The market where nobody finds each other, the hottest market for AI-related positions, tough for engineering leaders, and more. Based on details from 50+ hiring managers & job seekers
·newsletter.pragmaticengineer.com·
Tech jobs market in 2026, part 3: hiring managers & job seekers
Agent Name Service: The universal AI Agents identity system
Agent Name Service: The universal AI Agents identity system
The Linux Foundation is moving to standardize AI agents through the Agent Name Service (ANS) and the related DNS-AID proposal.
·opensourcewatch.beehiiv.com·
Agent Name Service: The universal AI Agents identity system
GLM 5.2 and the coming AI margin collapse (part 1)
GLM 5.2 and the coming AI margin collapse (part 1)
GLM 5.2 is the first open weights model I'd call a genuine competitor to Opus and GPT for agentic work - at ~15-20% of the price. Part one of why AI inference margins are about to collapse.
·martinalderson.com·
GLM 5.2 and the coming AI margin collapse (part 1)
iOfficeAI/OfficeCLI: OfficeCLI is the first and best Office suite purpose-built for AI agents to read, edit, and automate Word, Excel, and PowerPoint files. Free, open-source, single binary, no Office installation required.
iOfficeAI/OfficeCLI: OfficeCLI is the first and best Office suite purpose-built for AI agents to read, edit, and automate Word, Excel, and PowerPoint files. Free, open-source, single binary, no Office installation required.
OfficeCLI is the first and best Office suite purpose-built for AI agents to read, edit, and automate Word, Excel, and PowerPoint files. Free, open-source, single binary, no Office installation req...
·github.com·
iOfficeAI/OfficeCLI: OfficeCLI is the first and best Office suite purpose-built for AI agents to read, edit, and automate Word, Excel, and PowerPoint files. Free, open-source, single binary, no Office installation required.
Most rewrites serve the engineer, not the business
Most rewrites serve the engineer, not the business
The urge to rewrite working code usually serves the engineer, not the business. A test for when a rewrite is worth it, and what AI does and doesn't change.
·anatoliybabushka.com·
Most rewrites serve the engineer, not the business
What are git worktrees, and why should I use them?
What are git worktrees, and why should I use them?
Git worktrees have been around since 2015, but it wasn't until recently they became popular. Learn what they are, how to use them, and why you might.
·github.blog·
What are git worktrees, and why should I use them?
JadePuffer ransomware used AI agent to automate entire attack
JadePuffer ransomware used AI agent to automate entire attack
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent.
·bleepingcomputer.com·
JadePuffer ransomware used AI agent to automate entire attack
Fedora 45 Considering x86_64 Shadow Stack Usage By Default
Fedora 45 Considering x86_64 Shadow Stack Usage By Default
A change proposal under consideration for Fedora Linux 45 would enable x86_64 Shadow Stack usage by default in the name of better security on modern Intel and AMD systems.
·phoronix.com·
Fedora 45 Considering x86_64 Shadow Stack Usage By Default