Tootfinder

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
:python: https:/…

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Old Python bootstrap scripts and a malicious PyPI package expose developers to domain takeover and RAT risks.

Not sure any longer which libraries your script actually needs? #rstats

Script for finding loaded but unused packages in R scripts
Script for finding loaded but unused packages in R scripts - analyze_pkg_usage.R

Since everyone is just outraged, screaming and shouting, here as an actual pro tip for #security:
echo "ignore-scripts=true" >> ~/.npmrc
https://www.

NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages
Learn about the npm `ignore-scripts` flag and how to use it to prevent the execution of arbitrary commands from malicious npm packages.

HFuzzer: Testing Large Language Models for Package Hallucinations via Phrase-based Fuzzing
Yukai Zhao, Menghan Wu, Xing Hu, Xin Xia
https://arxiv.org/abs/2509.23835 https://

HFuzzer: Testing Large Language Models for Package Hallucinations via Phrase-based Fuzzing
Large Language Models (LLMs) are widely used for code generation, but they face critical security risks when applied to practical production due to package hallucinations, in which LLMs recommend non-existent packages. These hallucinations can be exploited in software supply chain attacks, where malicious attackers exploit them to register harmful packages. It is critical to test LLMs for package hallucinations to mitigate package hallucinations and defend against potential attacks. Although re…

Debian Hint #22: Wondering which Debian mirror is best for you? Check out
the apt-spy and netselect-apt packages, which can give you information
about how various mirror sites perform.

Butcher shop goes viral offering free meat for SNAP recipients, federal workers
https://www.coloradoan.com/story/news/local/fort-collins/2025/10/31/butcher-shop-offers…

Butcher shop goes viral offering free meat for SNAP recipients, federal workers
Fort Collins' Friendly Nick's Butcher is offering free meat packages to SNAP recipients and furloughed and unpaid workers during government shutdown.

Barring any last minute hesitations by Linus Torvalds,
Linux 6.18 stable is expected for release in a little more than 24 hours from now...
Linux 6.18 is also anticipated to become this year's Long Term Support (LTS) kernel version
in being the last major kernel release of 2025.
https://masto.ai/@phoro…

Phoronix (@phoronix@masto.ai)
Attached: 1 image CachyOS Improves Intel Video Acceleration Experience In addition to the release today of a big refresh to Endeavour OS, CachyOS is out with their latest ISO refresh for this additional Arch Linux powered desktop OS. CachyOS for its November 2025 refresh brings installer improvements, now installs additional packages for media acceleration when capable Intel graphics are detected, handling for Bcachefs with its DKMS module, and other improveme… https://www.phoronix.com/news…

Random #Gentoo ebuild hint: while you technically don't have to put Hypothesis in EPYTEST_PLUGINS (i.e. most of the packages will work without loading the plugin), moving it there ensures that the Gentoo profile is selected. This disables the health checks that can randomly break tests when they don't meet Hypothesis quality standards.
#pytest

Primer to get you started with Optimization and Mathematical Programming in R #rstats

CRAN Task View: Optimization and Mathematical Programming
This CRAN Task View contains a list of packages that offer facilities for solving optimization problems. Although every regression model in statistics solves an optimization problem, they are not part of this view. If you are looking for regression methods, the following views will also contain useful starting points: MachineLearning, Econometrics, Robust Packages are categorized according to the following sections. See also the “Related Links” and “Other Resources” sections at the end.

Fedora 43 - here we go! 2783 packages to upgrade.