Tootfinder

This is just one example. "MCP" the protocol for "AI agents" is basically without security measures. It's like running random code on your infrastructure and data.
(Original title: GitHub MCP Exploited: Accessing private repositories via MCP)
https://simonwillison.net…

I have taken to looking for Copilot AI in GitHub responses before filing issues. If it’s there, I don’t file. Feeling a bit validated here:
https://hails.org/@hailey/114752144098708214
(limited alt to come, but if you want more ask OP…)

Hailey (@hailey@hails.org)
Attached: 2 images Sent a pull request to Audacity fixing a crash bug I'd been running into frequently. The cause was an out-of-bounds memmove. Classic C++ areas. Anyway I got a fucking copilot review on my PR which left two comments, both completely wrong, one of which suggesting I reintroduce the out of bounds memory access. I'm furious!

Random PR of the day https://github.com/pbzweihander/fediday.org/pull/16

Fix carousel scroll on small screens by cheeaun · Pull Request #16 · pbzweihander/fediday.org
Before: The first post is cropped and can't be scrolled to After: The first post appears and scrollable Solution is using safe https://developer.mozilla.org/en-US/docs/Web/CSS/justify-content...

Man könnte ja denken das diese ganze Agent/MCP Geschichte grad doch sehr fast and loose abläuft ....
https://simonwillison.net/2025/May/26/github-mcp-exploited/

I must be using Microsoft #Copilot wrong. Most of the things I ask it to do end up screwed up. Example: I asked it to tell me all of the URL shorteners that use the .li TLD. It gave me a few and then pointed me to a list someone maintains on GitHub of URL shortener domains. Ok, good start. I ask it to pull all the .li domains from the list for me. It does that. But I spot checked the list and f…

Random PR of the day https://github.com/pbzweihander/fediday.org/pull/16

Fix carousel scroll on small screens by cheeaun · Pull Request #16 · pbzweihander/fediday.org
Before: The first post is cropped and can't be scrolled to After: The first post appears and scrollable Solution is using safe https://developer.mozilla.org/en-US/docs/Web/CSS/justify-content...

Projekt #PyYAML odrzucił wsparcie dla Pythona bez GIL (#freethreading). Skutkiem tego, powstał fork skupiony na dodaniu tego wsparcia. Ze względu na ograniczone potrzeby forka, wspiera on tylko Pythona 3.13 . A że nie da się jeszcze wyrażać zależności warunkowo od wersji freethreading, inne paczki wymaga…

When you are a Godot developer, every day is Xmas!
Support for Apple's VisionPro has now been merged into Godot:
https://github.com/godotengine/godot/pull/105628

Native visionOS platform support by rsanchezsaez · Pull Request #105628 · godotengine/godot
Dear Godot community, I'm on Apple's visionOS engineering team, and we would like to contribute Vision Pro support to the Godot engine. This is the first PR that lays the foundation for tha...

I'm not surprised that Gitlab decided to run off a cliff to follow GitHub:
«AI coding bot allows prompt injection with a pull request»
Everyday I'm more grateful for @… and @…!
https://pivot-to-ai.com/2025/05/24/ai-coding-bot-allows-prompt-injection-with-a-pull-request/

Saw this "Followed hashtags" collapsible list on mastodon.social (v4.4.0 nightly), wondering how long the list of hashtags will be.
Turns out it's hard-coded to 4 🤷‍♂️
- Initial PR: https://github.com/mastodon/mastodon/p