Tootfinder

Puts a "Deploy" button in Strapi so rather than webhooks triggering builds on every change, you can decide when to publish. Supports self-hosted Gitlab instances and pipeline variables.
Built from a fork-of-a-fork plus some retracted PRs.
All I really did was swear at `npm` until I figured out that I was missing a "prepare" step in package.json

GitHub - jaygooby/strapi-plugin-gitlab-publish: Trigger GitLab pipelines. Supports self-hosted GitLab instances and custom variable passing to the pipeline
Trigger GitLab pipelines. Supports self-hosted GitLab instances and custom variable passing to the pipeline - jaygooby/strapi-plugin-gitlab-publish

Ich habe ein Mega-Update mit einer Tonne neuer @… -Snippets und verbesserten Snippets online gestellt:
https://gitlab.kit.edu/uhrhr/zettlr-ressourcen/

Heute habe ich 24 Fehlversuche gebraucht, eine #GitLab Pipeline zu bauen. Wenn es beim 25. Mal funktioniert, weiß man: das war ein erfolgreicher Tag.
#devops #developer

Noch einige der zuletzt hier besonders häufig geteilten #News:
Attacke auf Red-Hat-GitLab-Instanz, Kundendaten kopiert

I was trying to package #FlexiBLAS for #Gentoo, and to be honest, it doesn't look that good.
The first red flag is lack of an open bug tracker. Apparently, there is the tracker on GitLab that's limited to "members of their group and selected external contributors", but it doesn't seem to be used much. So it's "send us an email", and wonder how many people sent us the same bug report before.
The git repository is currently at something tagged 3.4.80 that seems to be prerelease, and its build system is quite broken. Not exactly the best path to verify that the bugs you are hitting are still there.
Now, upstream seems to insist on either using vendored netlib #LAPACK, or statically linking to the system library (we don't install the static libraries). Apparently I can specify the shared libraries instead, but it doesn't work — and it's unclear to me whether it doesn't work because I'm using the shared libraries, or because it doesn't support my LAPACK version. If I build LAPACK without deprecated symbols, it refuses to load it at runtime because of missing symbols. And if I build it with deprecated symbols, it fails to find some symbols at CMake time.
Honestly, I feel like I've spent too much time on this project already, especially given that its future is entirely unclear to me — the current git is quite broken, I have no clue how many issues were reported already and whether my bug reports will receive any reply. It definitely doesn't fare well for a package that we might start to rely heavily on. We don't want a cathedral there.
https://www.mpi-magdeburg.mpg.de/projects/flexiblas
https://gitlab.mpi-magdeburg.mpg.de/software/flexiblas-release

Installing DarkPAN #Perl modules via the #GitLab generic packages repository #devops

Anyone having issues with Tor for the past few days?
It seems one of the Snowflake bridge is down (but should not impact obfs4):
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40475…

Right, that's my Epson HX-20 cassette decoder working and successfully decoded the file I wanted to capture from the monitor.
I posted the code on Gitlab, but it's only VERY lightly tested, so you're probably best to check more widely known sutff like HXTape first.
https://gitlab.com/penguin42/demod

Dr. David Alan Gilbert / demod · GitLab
GitLab.com

Do you want to use append-only WORM (Write Once Read Many) files for logging?
For ~ $100, you can use a Raspberry Pi as an external USB hard disk with an ext4/exFAT filesystem providing some preconfigured append-only WORM files. Try Socarrat:
https://gitlab.eif.urjc.es/publications/soca

personally i'm not planning to migrate from github any time soon. the people who i'd've lost on ethical grounds have self-selected out long ago, i have basically no lock-in besides very heavy reliance GH Actions (which have no viable replacement besides gitlab maybe) and i'm counting on the process of corporate death to take a few years until it starts to cause actual immediate problems

Finally a good looking android app for Screen time monitoring. I won't use the proprietary #digitalwellbeing one.
https://gitlab.com/Atharok/ScreenTime

The #gnome #bug reporter still wants to push reports onto bugzilla that has been replaced by their #gitlab instance.
Is that a known issue?
Couldn't find any reference online, how that will change in…

Próbowałem dodać #FlexiBLAS do #Gentoo, i szczerze mówiąc, nie wygląda to dobrze.
Na dobry początek niepokoi brak otwartego systemu zgłaszania błędów. Jest GitLab, ale ograniczony do "członków ich grupy i wybranych osób z zewnątrz", ale nie wygląda na to, żeby go za bardzo używano. Jest tylko…

»Red Hat erleidet möglicherweise massiven Breach:
Das Unternehmen untersucht einen Vorfall in seiner Gitlab-Instanz. Cyberkriminelle behaupten, 28'000 Repositories mit Kundendaten gehackt zu haben.«
Nimmt mich wunder wie "unsicher" Rad Hat von IBM nun ist. Ich wünsche keinen deren Kunden, dass dies Auswirkungen hat. Bin aber gespannt ob es indirekt auch @…

I have to use #Gitlab CI at $work, and I'm surprised how clunky it is.
CI Components are not real components, they just dump YAML into a global namespace, needing hacks to customize them.
There's no reusability at the granularity of Github Actions (other than concatenation of bash scripts).
I keep running into dead ends. I check Gitlab's own bug tracker to see if an…

I finally tried out a new cool feature of :gitannex: #gitAnnex: compute special remotes²!
Git annex is a ridiculously powerful git extension to manage large files. It remembers which file is stored on which remote. Compute special remotes now take this to another level by computing files on the fly. It's a bit like a

Yann Büchau / git-annex-compute-test · GitLab
GitLab.com

Frage an alle #GitLab Admins: gibt es eine Möglichkeit, einen User automatisch auf alle Projekte Instanz-weit in GitLab self hosted zuzulassen?
Für eine Überprüfung reicht ein Audit User nicht aus und ich möchte das so weit wir möglich automatisieren, auch für neue Projekte.

Today I fought with Containerfiles, Makefiles and GitLab (mostly GitLab...).

On the Security of SSH Client Signatures
Fabian B\"aumer, Marcus Brinkmann, Maximilian Radoy, J\"org Schwenk, Juraj Somorovsky
https://arxiv.org/abs/2509.09331 https:/…

On the Security of SSH Client Signatures
Administrators and developers use SSH client keys and signatures for authentication, for example, to access internet backbone servers or to commit new code on platforms like GitHub. However, unlike servers, SSH clients cannot be measured through internet scans. We close this gap in two steps. First, we collect SSH client public keys. Such keys are regularly published by their owners on open development platforms like GitHub and GitLab. We systematize previous non-academic work by subjecting the…

A malicious Jira ticket can cause Cursor to exfiltrate secrets from the repository or local file system. But this is not just a problem with Cursor: GitHub MCP connections can also be exploited to expose private repository data, and a vulnerability in GitLab Duo allowed private information to be exposed through automatically rendered HTML code.

AgentFlayer: When a Jira Ticket Can Steal Your Secrets
TL;DR: A 0click attack through a malicious Jira ticket can cause Cursor to exfiltrate secrets from the repository or local file system.

https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/blob/main/plugins/housekeeping/gsd-donation-reminder.c?ref_type=heads#L83
Donation notifications are not worth setting as critical:

I have now also converted my remaining personal open source Git repositories (those which we don't already host at the institute's #Gitlab instance and which are not forked from or contribution to others) from #Github to

René Mayrhofer
Codeberg is a non-profit, community-led organization that aims to help free and open source projects prosper by giving them a safe and friendly home.

I have #HamRadio single-paddle #Morse key.
I added optional stabilizer bars for which I recommend 3mm stainless rod…

Is there sandbox weirdness going on with :nixos: #nix fixed-output-derivations (i.e. when you specify outputHash) that some tcp connections are disallowed? I can git clone in runCommand, but down the line a 'git annex get' (which internally just downloads another file via http) fails with this weird message 'no such protocol name: tcp'. With `--option sanbox false` everything is fine, …

nix derivation to fetch git annex standalone tarball by version ($4893095) · Snippets · Yann Büchau / 📦 Yanns NixOS Config · GitLab
My NixOS Config

At SBB, we habe MOBi.
In New Zealand 🇳🇿, they habe Monty!
New Zealand has developed a national transport model that is very similar in structure to our multimodal model:
👉 synthetic population,
👉 activity-based modelling,
👉 traffic simulation with #MATSim.

Several documents are available online:

RevMine: An LLM-Assisted Tool for Code Review Mining and Analysis Across Git Platforms
Samah Kansab, Francis Bordeleau, Ali Tizghadam
https://arxiv.org/abs/2510.04796 https://…

RevMine: An LLM-Assisted Tool for Code Review Mining and Analysis Across Git Platforms
Empirical research on code review processes is increasingly central to understanding software quality and collaboration. However, collecting and analyzing review data remains a time-consuming and technically intensive task. Most researchers follow similar workflows - writing ad hoc scripts to extract, filter, and analyze review data from platforms like GitHub and GitLab. This paper introduces RevMine, a conceptual tool that streamlines the entire code review mining pipeline using large language…

I finally beefed up my :nix: #nix derivation for the :gitannex: #gitAnnex standalone builds so the download process of the non-predictable version url is automated. It now uses git annex itself to retrieve the tarball from a matching commit in @…

pkgs/git-annex-standalone.nix · eb0b6a9026fbd4f08676280ee9bbb720c3e46bb7 · Yann Büchau / 📦 Yanns NixOS Config · GitLab
My NixOS Config

Users of #GNOME #Evolution mail client: in #Debian13 #Trixie, the Message-ID search (via command line) is broken. 😔

from my link log —
On the security of SSH client signatures.
https://arxiv.org/abs/2509.09331
saved 2025-09-15 https://dotat.at/:/GW6BK.html

On the Security of SSH Client Signatures
Administrators and developers use SSH client keys and signatures for authentication, for example, to access internet backbone servers or to commit new code on platforms like GitHub. However, unlike servers, SSH clients cannot be measured through internet scans. We close this gap in two steps. First, we collect SSH client public keys. Such keys are regularly published by their owners on open development platforms like GitHub and GitLab. We systematize previous non-academic work by subjecting the…

Today we managed to find a nice way to install our darkpan modules from gitlab into our app containers. Detailed blog post upcoming! #Perl

An Empirical Study on the Amount of Changes Required for Merge Request Acceptance
Samah Kansab, Mohammed Sayagh, Francis Bordeleau, Ali Tizghadam
https://arxiv.org/abs/2507.23640

An Empirical Study on the Amount of Changes Required for Merge Request Acceptance
Code review (CR) is essential to software development, helping ensure that new code is properly integrated. However, the CR process often involves significant effort, including code adjustments, responses to reviewers, and continued implementation. While past studies have examined CR delays and iteration counts, few have investigated the effort based on the volume of code changes required, especially in the context of GitLab Merge Requests (MRs), which remains underexplored. In this paper, we d…

Would you be interested on a European #coop alternative to #Github for your private/for-profit projects (paid service)?
I welcome comments elaborating on why you said "yes", "maybe" or "no" .
Note: I'm aware of other alternatives like Gitlab, Bitbucket, Gitea, Codeberg... None of those match what I'm asking about for one or more reasons.
#EU #SovereignTech #SovereignCloud #privacy #GDPR #cooperatives
No
Maybe
Yes