Tootfinder

Open repos & AI bots
#FederatedMemory
https://coar-repositories.org/news-updates/open-repositories-are-being-profoundly-impacted-by-ai-bots-and-other-crawlers-results-of-a-coar-survey/
and https://codeberg.org/forgejo/discussions/issues/339

Hooray, parallel downloading of repository metadata was merged for #dnf! 🥳
https://github.com/rpm-software-management/dnf5/issues/307#issuecomment-2…

Security researcher #exploits #GitHub gotcha, gets admin access to all #Istio repositories and more

scheise was ist pasirt
https://github.com/AasishPokhrel/repository/issues/1

Bug Classification in Quantum Software: A Rule-Based Framework and Its Evaluation
Mir Mohammad Yousuf, Shabir Ahmad Sofi
https://arxiv.org/abs/2506.10397 h…

Bug Classification in Quantum Software: A Rule-Based Framework and Its Evaluation
Accurate classification of software bugs is essential for improving software quality. This paper presents a rule-based automated framework for classifying issues in quantum software repositories by bug type, category, severity, and impacted quality attributes, with additional focus on quantum-specific bug types. The framework applies keyword and heuristic-based techniques tailored to quantum computing. To assess its reliability, we manually classified a stratified sample of 4,984 issues from a …

This is just one example. "MCP" the protocol for "AI agents" is basically without security measures. It's like running random code on your infrastructure and data.
(Original title: GitHub MCP Exploited: Accessing private repositories via MCP)
https://simonwillison.net…

#SpringData Ahead of Time Repositories
https://spring.io/blog/2025/05/22/spring-data-ahead-of-time-repositories

What is going on in the land of Fedora Linux?
First, the latest kernel in Fedora 42 recently went from "working" to "broken" with regard to the video screen on Intel(R) Core(TM) Ultra 7 155H on an ASUSTeK COMPUTER INC. NUC14RVK-B/NUC14RVBU7
Second, the update repositories now all have invalid checksums. (Update: this is now corrected.)
Fedora is Redhat is IBM - you would think that they could do some regression testing and maybe do a better locking of t…

GitHub MCP Exploited: Accessing private repositories via MCP.
#ai

GitHub MCP Exploited: Accessing private repositories via MCP
We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security analyzer for detecting toxic agent flows.

Repeton: Structured Bug Repair with ReAct-Guided Patch-and-Test Cycles
Nguyen Phu Vinh, Anh Chung Hoang, Chris Ngo, Truong-Son Hy
https://arxiv.org/abs/2506.08173

Repeton: Structured Bug Repair with ReAct-Guided Patch-and-Test Cycles
Large Language Models (LLMs) have shown strong capabilities in code generation and comprehension, yet their application to complex software engineering tasks often suffers from low precision and limited interpretability. We present Repeton, a fully open-source framework that leverages LLMs for precise and automated code manipulation in real-world Git repositories. Rather than generating holistic fixes, Repeton operates through a structured patch-and-test pipeline: it iteratively diagnoses issue…

Today in how #Elsevier ruins my mood: Pure repositories pollute #Unpaywall with garbage data.
https://phabricator.wikimedia.org/T396…

When folks open a GitHub issue on one of your random-ass experimental learning repositories.

Man könnte ja denken das diese ganze Agent/MCP Geschichte grad doch sehr fast and loose abläuft ....
https://simonwillison.net/2025/May/26/github-mcp-exploited/

This https://arxiv.org/abs/2506.02139 has been replaced.
link: https://scholar.google.com/scholar?q=a

The Unified Cognitive Consciousness Theory for Language Models: Anchoring Semantics, Thresholds of Activation, and Emergent Reasoning
Few-shot learning in large language models (LLMs) reveals a core paradox: certain tasks generalize from just a few examples, while others demand extensive supervision. To explain this, we introduce the Unified Cognitive Consciousness Theory (UCCT), which reconceptualizes LLMs not as deficient agents, but as unconscious substrates: dense, distributed repositories of linguistic and conceptual patterns that operate without explicit semantics, intention, or goal-directed reasoning. Under this view,…

Since at least 2009, I've had 4-5 git repositories online with gitweb.cgi for projects I worked on in the mid/late 2000s. Nothing super important, and no activity since 2010 or so, but just sitting there available.
I just had to kill the web server because facebook's web crawlers are hitting the webserver so hard and overloading the cheap VPS that it's on (which I'm using for other things). It has literally been no bother for 15 years until now.
Meta truly is a …

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Chidera Biringa, Gokhan Kul
https://arxiv.org/abs/2506.13090 https://

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces exploitable by a potential adversary to conduct malicious exploits such as backdoor attacks. Recent detection efforts utilize embedding models to vectorize textual credentials before passing them to classifier…

This https://arxiv.org/abs/2503.02610 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csSE_…

Monitoring Continuous Integration Practices in Industry: A Case Study
In this paper, we study the benefits and challenges of monitoring Continuous Integration (CI) practices in software development. Our aim is to evaluate the impact of monitoring seven CI practices in industry using three organizations in Brazil as case studies. We developed a tool for monitoring CI practices and conducted a multiple case study, applying a mixed-methods strategy. We combined surveys, interviews, log data, and repositories data from software projects and their CI services.We gauge…

Bart Wullems of The Art of Simplicity shares his experience using Microsoft's .NET Source Browser to take a peek at a particular API's internals. The code documentation pages have links to the corresponding Github repositories where you can see exactly how any given function is implemented.
"Browse the .NET code base with the .NET Source Browser"

FreeBSD: new package repositories for kernel modules
https://lists.freebsd.org/archives/freebsd-current/2025-May/007611.html
For FreeBSD 14.3-BETA4:

GitHub #MCP #Exploited: Accessing private repositories via MCP
https://invariantlabs.ai/blog/mcp-gith

I need to remember to turn off the issues feature for sample GitHub repositories

User request for access to the main SharePoint site I administer. No, you will NOT get access to the main work SharePoint site. Even though many subsites and file repositories are locked with special permissions just knowing what is there isn't something we want everyone to see.
Only a few people have access to the main site and most of them is browse only and is required for their job.

EEG Foundation Models for BCI Learn Diverse Features of Electrophysiology
Mattson Ogg, Rahul Hingorani, Diego Luna, Griffin W. Milsap, William G. Coon, Clara A. Scholl
https://arxiv.org/abs/2506.01867

EEG Foundation Models for BCI Learn Diverse Features of Electrophysiology
Brain computer interface (BCI) research, as well as increasing portions of the field of neuroscience, have found success deploying large-scale artificial intelligence (AI) pre-training methods in conjunction with vast public repositories of data. This approach of pre-training foundation models using label-free, self-supervised objectives offers the potential to learn robust representations of neurophysiology, potentially addressing longstanding challenges in neural decoding. However, to date, m…

Just read Plantin & Thomer's article, on the changes Figshare for Institutions introduces into the provision & organization of data-management labor in libraries. The authors worry that this commercial SaaS platform for institutional & data repositories, while fulfilling a number of library needs, will have detrimental effects. While it's a good piece of infrastructure-studies research, I question some of the analysis & conclusions.

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Chidera Biringa, Gokhan Kul
https://arxiv.org/abs/2506.13090 https://

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces exploitable by a potential adversary to conduct malicious exploits such as backdoor attacks. Recent detection efforts utilize embedding models to vectorize textual credentials before passing them to classifier…

This https://arxiv.org/abs/2505.19165 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csAI_…

OrgAccess: A Benchmark for Role Based Access Control in Organization Scale LLMs
Role-based access control (RBAC) and hierarchical structures are foundational to how information flows and decisions are made within virtually all organizations. As the potential of Large Language Models (LLMs) to serve as unified knowledge repositories and intelligent assistants in enterprise settings becomes increasingly apparent, a critical, yet under explored, challenge emerges: \textit{can these models reliably understand and operate within the complex, often nuanced, constraints imposed b…

Was für ein Shit Move von GitHub (Microsoft) https://infosec.exchange/@tomgag/114504958452945090 /via @…

Tommaso Gagliardoni (@tomgag@infosec.exchange)
Attached: 1 image In a move that surprises absolutely noone, GitHub now requires users to login in order to browse public repositories (including open source projects). After a few (~10) requests, you get blocked (I can confirm). In order to fight AI scrapers, I guess. So, GitHub decided to blanket-limit access to open source projects as a defense against the very scourge that they(r parent company) unleashed on the world. I won't be hypocrite: it's a bit embarrassing, but undeniably satisfy…

This https://arxiv.org/abs/2502.13681 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csSE_…

Repo2Run: Automated Building Executable Environment for Code Repository at Scale
Scaling up executable code data is significant for improving language models' software engineering capability. The intricate nature of the process makes it labor-intensive, time-consuming and expert-knowledge-dependent to build a large number of executable code repositories, limiting the scalability of existing work based on running tests. The primary bottleneck lies in the automated building of test environments for different repositories, which is an essential yet underexplored task. To mitig…

This https://arxiv.org/abs/2505.05428 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csMA_…

Empowering Scientific Workflows with Federated Agents
Agentic systems, in which diverse agents cooperate to tackle challenging problems, are exploding in popularity in the AI community. However, the agentic frameworks used to build these systems have not previously enabled use with research cyberinfrastructure. Here we introduce Academy, a modular and extensible middleware designed to deploy autonomous agents across the federated research ecosystem, including HPC systems, experimental facilities, and data repositories. To meet the demands of scien…

This https://arxiv.org/abs/2504.16449 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

From Past to Present: A Survey of Malicious URL Detection Techniques, Datasets and Code Repositories
Malicious URLs persistently threaten the cybersecurity ecosystem, by either deceiving users into divulging private data or distributing harmful payloads to infiltrate host systems. Gaining timely insights into the current state of this ongoing battle holds significant importance. However, existing reviews exhibit 4 critical gaps: 1) Their reliance on algorithm-centric taxonomies obscures understanding of how detection approaches exploit specific modal information channels; 2) They fail to incor…

FreeBSD pkg version 2.2.0 seems to simplify things for users of FreeBSD-kmods repositories.
Big thanks to @…
https://www.reddit.com/r/freebsd/comments/

Was für ein Shit Move von GitHub (Microsoft) https://infosec.exchange/@tomgag/114504958452945090 /via @…

Tommaso Gagliardoni (@tomgag@infosec.exchange)
Attached: 1 image In a move that surprises absolutely noone, GitHub now requires users to login in order to browse public repositories (including open source projects). After a few (~10) requests, you get blocked (I can confirm). In order to fight AI scrapers, I guess. So, GitHub decided to blanket-limit access to open source projects as a defense against the very scourge that they(r parent company) unleashed on the world. I won't be hypocrite: it's a bit embarrassing, but undeniably satisfy…

This https://arxiv.org/abs/2505.23419 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csSE_…

SWE-bench Goes Live!
The issue-resolving task, where a model generates patches to fix real-world bugs, has emerged as a critical benchmark for evaluating the capabilities of large language models (LLMs). While SWE-bench and its variants have become standard in this domain, they suffer from key limitations: they have not been updated since their initial releases, cover a narrow set of repositories, and depend heavily on manual effort for instance construction and environment setup. These factors hinder scalability a…

MGS3: A Multi-Granularity Self-Supervised Code Search Framework
Rui Li, Junfeng Kang, Qi Liu, Liyang He, Zheng Zhang, Yunhao Sha, Linbo Zhu, Zhenya Huang
https://arxiv.org/abs/2505.24274

MGS3: A Multi-Granularity Self-Supervised Code Search Framework
In the pursuit of enhancing software reusability and developer productivity, code search has emerged as a key area, aimed at retrieving code snippets relevant to functionalities based on natural language queries. Despite significant progress in self-supervised code pre-training utilizing the vast amount of code data in repositories, existing methods have primarily focused on leveraging contrastive learning to align natural language with function-level code snippets. These studies have overlooke…

FuncVul: An Effective Function Level Vulnerability Detection Model using LLM and Code Chunk
Sajal Halder, Muhammad Ejaz Ahmed, Seyit Camtepe
https://arxiv.org/abs/2506.19453

FuncVul: An Effective Function Level Vulnerability Detection Model using LLM and Code Chunk
Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable packages or libraries, they often overlook the specific functions responsible for these vulnerabilities. Pinpointing vulnerable functions within packages or libraries is critical, as it can significantly reduce the risks associated with using open-source softw…

This https://arxiv.org/abs/2501.18160 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csSE_…

RepoAudit: An Autonomous LLM-Agent for Repository-Level Code Auditing
Code auditing is the process of reviewing code with the aim of identifying bugs. Large Language Models (LLMs) have demonstrated promising capabilities for this task without requiring compilation, while also supporting user-friendly customization. However, auditing a code repository with LLMs poses significant challenges: limited context windows and hallucinations can degrade the quality of bug reports, and analyzing large-scale repositories incurs substantial time and token costs, hindering eff…

SWE-bench Goes Live!
Linghao Zhang, Shilin He, Chaoyun Zhang, Yu Kang, Bowen Li, Chengxing Xie, Junhao Wang, Maoquan Wang, Yufan Huang, Shengyu Fu, Elsie Nallipogu, Qingwei Lin, Yingnong Dang, Saravan Rajmohan, Dongmei Zhang
https://arxiv.org/abs/2505.23419

SWE-bench Goes Live!
The issue-resolving task, where a model generates patches to fix real-world bugs, has emerged as a critical benchmark for evaluating the capabilities of large language models (LLMs). While SWE-bench and its variants have become standard in this domain, they suffer from key limitations: they have not been updated since their initial releases, cover a narrow set of repositories, and depend heavily on manual effort for instance construction and environment setup. These factors hinder scalability a…

ModeliHub: A Web-based, Federated Analytics Platform for Modelica-centric, Model-based Systems Engineering
Mohamad Omar Nachawati
https://arxiv.org/abs/2506.18790

ModeliHub: A Web-based, Federated Analytics Platform for Modelica-centric, Model-based Systems Engineering
This paper introduces ModeliHub, a Web-based, federated analytics platform designed specifically for model-based systems engineering with Modelica. ModeliHub's key innovation lies in its Modelica-centric, hub-and-spoke federation architecture that provides systems engineers with a Modelica-based, unified system model of repositories containing heterogeneous engineering artifacts. From this unified system model, ModeliHub's Virtual Twin engine provides a real-time, interactive simulation environ…

LMR-BENCH: Evaluating LLM Agent's Ability on Reproducing Language Modeling Research
Shuo Yan, Ruochen Li, Ziming Luo, Zimu Wang, Daoyang Li, Liqiang Jing, Kaiyu He, Peilin Wu, George Michalopoulos, Yue Zhang, Ziyang Zhang, Mian Zhang, Zhiyu Chen, Xinya Du
https://arxiv.org/abs/2506.17335…

LMR-BENCH: Evaluating LLM Agent's Ability on Reproducing Language Modeling Research
Large language model (LLM) agents have demonstrated remarkable potential in advancing scientific discovery. However, their capability in the fundamental yet crucial task of reproducing code from research papers, especially in the NLP domain, remains underexplored. This task includes unique complex reasoning challenges in the intellectual synthesis of abstract concepts and the comprehension of code repositories with interdependent files. Motivated by this gap, we present LMR-BENCH, a benchmark d…

Dissecting the SWE-Bench Leaderboards: Profiling Submitters and Architectures of LLM- and Agent-Based Repair Systems
Matias Martinez, Xavier Franch
https://arxiv.org/abs/2506.17208

Dissecting the SWE-Bench Leaderboards: Profiling Submitters and Architectures of LLM- and Agent-Based Repair Systems
The rapid progress in Automated Program Repair (APR) has been driven by advances in AI, particularly large language models (LLMs) and agent-based systems. SWE-Bench is a recent benchmark designed to evaluate LLM-based repair systems using real issues and pull requests mined from 12 popular open-source Python repositories. Its public leaderboards, SWE-Bench Lite and SWE-Bench Verified, have become central platforms for tracking progress and comparing solutions. However, because the submission pr…