#dev 2025-03-16

2025-03-16 UTC
sebbu2, grufwub and nah joined the channel
#
[artlung] latest page on my site is a mixtapes page. combines basically everything I know how to do. used a spotify client to parse my playlists. built a renderer for the data. added my animated illustration of a mixtape to it. added some microformats
#
[artlung] and it was a good bit of fun. https://artlung.com/mixtapes/
#
zachary.kai [artlung]++
#
Loqi [artlung] has 5 karma in this channel over the last year (22 in all channels)
#
zachary.kai It looks great! I love the animations artlung[d].
ttybitnik, MyNetAz, [jamietanna] and [schmarty] joined the channel
#
[schmarty] Oh wow, someone just opened a GH issue on aaronpk's Aperture repo that is a phishing trap. I think this may be my first time seeing one of these as a GitHub issue.
#
[schmarty] My guess is they're hoping the email that GitHub sends out with the issue contents will look enough like a "suspicious login" alert email that he clicks through the links there to sign in.
#
[schmarty] All the links go to the same phishing form at a subdomain of http://onrender.com. Kind of funny to see them keyword stuffing that domain to try and make it look legit. 😅
#
[jamietanna] Oh dear schmarty, I think that may be after my message in #indieweb with a link to the issue tracker - if you've not already, please report the user, I've just done that too (as it seems they're doing it across many repos)
#
[schmarty] I reported the PR but had not yet reported the user. I'm on my phone and the reporting tools are frustrating, haha. Thanks for chasing them down! jamietanna++
#
Loqi jamietanna has 1 karma in this channel over the last year (2 in all channels)
MyNetAz and [Sophie_Young] joined the channel
#
[schmarty] oof, now one has shown up on eddiehinkle's abode repo.
ttybitnik and shoesNsocks joined the channel
#
[artlung] (belated) thanks zachary.kai!
#
[Sophie_Young] the source code of the app that generates the phishing form is hosted on Github under fulcrum-cli. If you look at the issues there's a cheesy extortion message: "My name is Nikita, and I’m exposing a massive security flaw in Fulcrum’s systems. This isn’t some minor glitch—it’s a full-blown Information Disclosure vulnerability that could torch your entire operation. I was hired by a rival company to steal your projects and so
#
[Sophie_Young] and I’ve already crushed it"
#
[tantek] Yikes
GuestZero, ttybitnik, bbbhltz, nemonical and btrem joined the channel
#
btrem Easy to report the phishing issue in Aaron PK's repo. Just go to the account of the person who created the issue (his name and picture both link to it). Then, on the left side of the page, below his profile info, is a link "block or report". Follow that link, and there's a form you can fill out.
#
btrem I just did, providing some info, and linking to the bogus issue and the user profile page.
#
btrem For good measure, I also reported the attempted extortion issue in fulcrum-cli.
#
btrem GitHub already reported back on the extortion scam issue! Took only 4 minutes. They are apparently going to take action against the account.
#
btrem Yep, they took action. All four extortion issues have been removed, 404 Not Found.
#
btrem Same for the user account, 404 Not Found.
Pixi joined the channel
#
btrem GitHub have now taken action for the phishing issued filed in Aperture. The issue and user have both been removed. The urls return 404 Not Found.
#
btrem 56 minutes from the time I got a confirmation email to the reply that they took action.
#
[tantek] btrem++ thanks for reporting this and letting us all know how it went!
#
Loqi btrem has 4 karma in this channel over the last year (6 in all channels)
#
btrem Thanks, but I think the credit probably belongs to GH. They have a straightforward reporting process, and they act on complaints in a timely manner. Good on them.
#
btrem (Can't bring myself to award karma to a corporation. It feels like it should only go to actual human beings.)
gRegor and MyNetAz joined the channel