Many people use #github for visibility and discovery of their projects. Alternative patterns that make network effects of "winner-takes-all" centralization less oppressive are great.
Another win is simply more eyeballs and brains to push the federation vision technically.
Maybe most importantly, this trend will help expand the #fediverse beyond meme sharing echo-chambers into meaningful, long-term valuable content.
Just announced: #GitLab now integrates with the @chaoss project's DEI Badging Program (https://go.gitlab.com/odEVaU). What a great day for open source on GitLab and the global open source ecosystem. GitLab is the first project using GitLab to be badged, but the honor of being No. 2 goes to the inimitable @kalilinux! Congratulations to our partner!
J'ai été victime d'un piratage de mon instance GItlab. J'ai l'impression que la personne a utilisé la vulnérabilité CVE-2023-7028 pour changer le mot de passe du compte admin de l'instance (j'étais en version 16.3.6). D'après les logs, il s'est pas connecté ensuite. L'attaque provient de 3.142.114.26 et whois me dit que c'est Amazonaws. Mais je vois pas d'email d'abuse? Est-ce qu'il y a une procédure de signalement? #sysadmin#gitlab
Hm. It seems I cannot create a hierarchy of teams and projects in #forgejo the way I can in #gitlab. In the forgejo/gitea world you have organisations and teams. But you cannot have teams under teams. Which is a bit limiting, IMHO. Or am I missing something?
VulnCheck wrote about 7777-Botnet with the following information:
7777-Botnet remains active, and VulnCheck used co-located services to theorize the botnet is infecting TP-Link, Xiongmai, and Hikvision devices using CVE-2017-7577, CVE-2018-10088, CVE-2022-45460, CVE-2021-36260, and/or CVE-2022-24355.
The botnet also appears to infect other systems like MVPower, Zyxel NAS, and GitLab, although at a very low volume.
The botnet doesn’t just start a service on port 7777. It also spins up a SOCKS5 server on port 11228.
Sounds like it can replace/augment those with experience levels #lmgt4y#StackOverflow#StackExchange
But actual specialists? Have -1 incentive now to write down their experience. 📉trends ensue.
I'm moving away from #gitlab on my #homelab. It's not that I don't like it, I do. A lot. But it's way too much for my humble needs, so I moved all my local repos to #forgejo with #woodpecker for CI/CD.
I just finished the pipeline that builds and publishes my blog and it's working nicely.
So, in case anyone still thinks that patching and security in general is not so important nowadays: Found already several tries of exploiting the recent critical CVE-2023-7028 vulnerability in the logs of my GitLab instance although it was only published a few days ago.
Conclusion:
✅ Install security updates literally ASAP.
✅ Turn on mandatory 2FA for all users.
Melissa Van Bussel: “📹 My latest video is all about how to use R to interact with APIs, using the httr2 package. No background knowledge about APIs is necessary ☺️ 🔗Check it out here: https://youtu.be/8tilyqp4bZY?si=9DqhrOfSCbrqUfIt “
Uses #OpenAI and #GitLab APIs
Very simple to exploit, attacker can receive the password reset email for any known user with any email address.
PoC is public and available. Please patch ASAP. You are not affected if you've enforced MFA for all users (as they will be able to reset password but can't login).
The #GitLab#vulnerability allowing trivial account hijacking (CVE-2023-7028) will lead to ton of problems: It will allow malicious actors to perform #supplychain#attacks - something that will allow attacker to gain access to 3rd party who don't themselves run GitLab but just include from projects that do. I would suggest great caution regardless if you run GitLab yourself or not.
Naturally anyone using GitLab themselves must update as soon as possible. I would also suggest performing forensic investigation to find out if you have already been compromised, and take further action in case compromise has already occurred. Check "Were any accounts actually compromised due to this vulnerability?" section in this post for details: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/