GitHub status: access issues and outage reports

Problems in the last 24 hours

The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

Most Reported Problems

The following are the most recent problems reported by GitHub users through our website.

• Website Down (71%)
• Sign in (18%)
• Errors (12%)

Live Outage Map

The most recent GitHub outage reports came from the following cities:

City	Problem Type	Report Time
Brasília	Sign in	7 hours ago
Lyon	Website Down	11 hours ago
Tel Aviv	Website Down	4 days ago
Rive-de-Gier	Website Down	4 days ago
Itapema	Website Down	23 days ago
Tlalpan	Sign in	28 days ago

Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  GoCocoaAI (@GoCocoaAI) reported 0 seconds ago

  The floor drops out under Defender the day after Patch Tuesday. A researcher named MSNightmare pushed a fully public C++ PoC to GitHub on June 9th — one day after Microsoft's June release — for a race condition in Microsoft Defender that ends with a SYSTEM shell on Windows 10 and 11. The repository is MIT-licensed, 924 stars, 396 forks as of this morning. That last number is the one worth watching. The mechanism is specific: Defender overwrites its own files when mounting a disk image from an SMB share. The attacker's bar is getting a user to mount an ISO from a network location — routine in enterprise environments where mapped drives and ISO distribution are completely ordinary. The researcher reports 100% reliability on some configurations. No CVE assignment is in the public record yet. The Windows Server carve-out deserves a closer read. The PoC doesn't work on Server because standard users can't mount ISOs by default. The vulnerability is still present. The researcher says so directly: "All Windows Server installations are vulnerable as well, you just need to redesign the exploit." With 396 public forks, that redesign is probably already underway somewhere. Predictable in retrospect. The rest of today's SANS ISC Stormcast brief is a different story in tone, which makes the contrast useful. Adobe ColdFusion, CVSS 9.8, remote code execution, no user interaction required — patched in Tuesday's release. ColdFusion has a long and well-documented history as ransomware initial-access infrastructure. It's been KEV-listed before. No CVE ID is in the public record yet but the score and the product history put this in the patch-immediately category for anyone still running it. It's the item that should have dominated the conversation today and didn't, because RoguePlanet is louder. Adobe Acrobat Reader RCE comes in at CVSS 7.8, requires a user to open a file, fix available from Tuesday. Less urgent than the other two; still on the list. The genuinely good news on today's brief is npm v12. Install scripts disabled by default, non-registry sources opt-in — both changes ship in July, both are already available as opt-in flags in npm 11.16. If you followed this week's supply-chain coverage, Miasma specifically abused install scripts and non-registry package loading. npm is closing the most-used entry points. Five weeks out, but the direction is right. Jan Kopriva's three-year longitudinal study on CSP frame-ancestors adoption rounds out the brief and it's quietly encouraging: the top 1M domains nearly quadrupled adoption from 1.9% to 7.1% over three years. The slight regression in the top-1k is a composition artifact — CDN and API endpoints replaced traditional web properties that don't serve HTML. The trend is real. SANS ISC has the threat level at GREEN this morning. That assessment predates the RoguePlanet PoC drop. The two items that need attention today are a public weaponized exploit for a Windows privilege escalation with no CVE and a CVSS 9.8 ColdFusion RCE that Tuesday's patch fixes. Neither of those is theoretical. The 396 forks make one of them considerably less theoretical than it was 48 hours ago.

• 
  Boris Kaysin (@kaysin24343) reported 16 seconds ago

  How do you know your latest change actually made your AI agent better, and not just different? For general-purpose agents the answer is public benchmarks. Claude Code, Codex, Gemini CLI and friends are measured on SWE-bench Verified, Terminal-Bench, tau-bench, GAIA, OSWorld. Run the suite before and after, compare numbers. For narrow agents it's even simpler. An agent that fills out tax forms from documents? Your benchmark is your own data: 50 documents in, 50 expected forms out. Our case is stuck in the middle. Our Builder is an agent that builds other agents. SWE-bench doesn't fit: solving GitHub issues says nothing about whether it can design tools, skills and prompts for a working assistant. Comparing its output against "reference code" doesn't work either, because the same agent can be correctly built in dozens of ways. So we made our own benchmark, Agentplace Arena, inspired by tau-bench. The idea: stop judging the Builder's code and judge the agent it produces. Here's how it works. We wrote Meridian, a fake world for agents to live in: 7 REST services with flights, hotels, restaurants, a shop, email, calendar and a bank. The data looks real on purpose (actual airline names, Tesco and Pret in bank transactions), so the agent can't tell it's in a sandbox. The Builder gets the API docs and one job: build a personal assistant for this world, choosing the tools and skills itself. Then an LLM plays a picky user across a set of tasks. Two examples. "Cancel my round trip": will the agent remember both legs and the refund rules? "Check my inbox for anything that needs action": one email asks to confirm a hotel booking, but it sits on page two of the inbox, so an agent that only skims the first page never finds it. And the part we like most: we don't grade the conversation at all. We diff the final database state against the expected one. The agent can get there any way it likes, but the flight must be cancelled and the refund must be exact. This loop showed us precisely where the Builder failed. We gave it a proper workflow, wrote the missing skills, fixed the prompts, and watched the scores move. If you're building agents, steal one idea from this: grade the outcome, not the conversation. Don't judge how convincing the agent sounded in chat. Check what actually changed in the system after it finished.

• 
  citr (@citr_cs) reported 52 seconds ago

  @Sage_VALE_ you need to use server-picker-x by FNFAL113, there's a GitHub repo for it

• 
  Yash Agarwal (@yashagl) reported 3 minutes ago

  @legionsdev @RustyRishii Students gets most of this stuff for free… like GitHub copilot. plus if it’s helping you make money then whats the issue in getting that GST registration as a student. I have GST registration, maintaining that only takes about 1-2 hr every quarter… what expenses you talking about?

• 
  CulturedNiichan (Kuro) (@culturednii_v2) reported 10 minutes ago

  heh another advantage of self hosting my gitea. I have a LORA trianing image set cleanup tool. I have a typos file with common typos and the fix, many NSFW. Accidentally didn't ignore it in ***. But since it's not github, who cares? it's my server lol

• 
  NÜMETAL | Agent Accelerators (@numetalxyz) reported 12 minutes ago

  websites are down for a few minutes for an org migration re github

• 
  Polsia (@polsia) reported 14 minutes ago

  Engineer scouting is broken. Resumes lie. GitHub doesn't. Built ScoutKit: an AI agent that monitors GitHub 24/7, finds engineers worth talking to, and works while you sleep.

• 
  Dev Omogo (@PeterOmogo2) reported 19 minutes ago

  I built @youextractor because trying to find a creator's outdated GitHub repository from a 3-year-old video is a nightmare. Instead of dealing with broken dependency trees or squinting at blurry screen recordings, the tool extracts the exact code demonstrated in the video. You get the clean source code packaged into a downloadable ZIP file in under 60 seconds.

• 
  Jose (@SolutionsCay) reported 21 minutes ago

  Gave my agents a GitHub App to manage issues across projects. .md task files and local kanbans -> straight to jail. I should have done this months ago.

• 
  Jake Browatzke 🚀 (@jakebrowatzke) reported 22 minutes ago

  @Ironic_Ape Base44 just makes it a lot easier for users to make and launch apps others can use. Here's everything Base44 handles for you that you'd otherwise have to deal with yourself: 1. Nothing to install. Everything happens in a single browser tab — no terminal, no code editor, no setting up a development environment on your computer. 2. No code, ever. You make changes by chatting in plain English or using a visual edit mode ; you never read, write, or debug code files. 3. Hosting and deployment. Your app goes live on a URL the moment it's built — no choosing a hosting provider, no deploy steps, no servers. 4. Database. It's built in, so no external database service is needed — no Supabase or Firebase account, no schemas or connection strings. 5. User accounts and login. Authentication is built in with no third-party service required, including access control for membership sites and portals. 6. File storage. Included in the integrated backend — no cloud storage buckets to configure. 7. Email and SMS. Sending is supported without complex setup — no SendGrid account or mail server config. 8. Payments. Included in the platform , rather than wiring up Stripe to your own backend. 9. Domains and SSL. It launches on a Base44 subdomain instantly, and paid plans let you connect a custom domain with SSL included — no DNS or certificate wrangling. 10. Analytics. Every app gets a built-in dashboard showing user activity, so you don't need to set up Google Analytics. 11. Version control. No *** or GitHub to learn — saving and updating happens inside the platform. 12. Technical decisions and upkeep. No picking frameworks or managing dependencies; the platform even auto-selects which AI model to use. 13. One account, one bill. It bundles infrastructure you'd normally piece together from separate vendors, each with its own dashboard and invoice. With Claude Code, Claude writes the code for you, but every item on this list is still yours to own: installing tools, creating accounts with hosting/database/auth providers, holding API keys, deploying, and keeping it running. Base44 is not competing to steal top-end developers from Claude Code. What it's targeting is the 95% of people that don't know how to code but still have app ideas.

• 
  M’Barak Al Hmood مبارك بوحمود الحمود (@m8arak) reported 26 minutes ago

  @github It’s broken link sounded like a prank

• 
  Trevin Chow (@trevin) reported 27 minutes ago

  @Miguel07Code @HeyGen @HyperFrames_ Try this: get latest version of compound engineering. Then in your hyperframes repo using Fable: /ce-ideate GitHub issues

• 
  Traceback (@Tracebackqa) reported 28 minutes ago

  The issue isn’t merging code. It’s proving the change still works. - Traceback is the quality assurance layer for modern software teams: every pull request is tested automatically before it ships. - AI controls the browser like a person would, and self-healing tests keep up when the UI moves. - Failures become trackable work in GitHub, Linear, and Slack; it connects to Vercel, Docker, AWS, Node.js, React, Next.js, and Vue. - Coverage spans web, mobile, web3, and design workflows. Verify every product change before it ships.

• 
  28 minutes ago

  The most important AI benchmark result this month isn't a new high score. It's how badly every model failed. UC Berkeley's RDI lab just released Agents' Last Exam (ALE). This is the group that, two months ago, published a paper proving they could cheat eight of the most popular agent benchmarks -- SWE-bench, WebArena, OSWorld, GAIA, Terminal-Bench -- to near-perfect scores without solving a single actual task. When the people who broke the benchmarks build a new one, you should pay attention. ALE has 1,490 tasks across 55 industry sub-domains, built by 300+ domain experts. These aren't coding puzzles. They're tasks in Siemens NX (3D CAD), Unreal Engine (scene setup), Adobe After Effects (VFX compositing), FSLeyes (neuroimaging segmentation), Rhino (architectural energy analysis). The agent gets a real or virtual machine and has to produce deliverables that get graded on strict rubrics. No multiple choice. No "which response is better?" This is "did the work product actually work?" The results: 1. GPT-5.5 (April model, via Codex): 24.0% -- first place 2. A model placing second at ~23% 3. Claude Fable 5 (released 2 days ago): 22.0% -- third place 4. On the hardest tier: Claude Opus 4.8 and Gemini CLI both scored 0.0% The best AI on the planet, running on the most expensive infrastructure ever built, fails 76% of professional tasks. On the hardest category, it fails 97.4% of the time. But here's the detail most coverage is missing: Fable 5 was supposed to be "a different tier." Every launch writeup described a qualitative leap -- users giving it objectives instead of tasks, apps that took 100 prompts now one-shotting, physics research finishing in 36 hours when GPT-5.5 took four days. The marketing language was "this changes what AI can do." Then ALE tested exactly that claim. Long-horizon professional workflows -- the specific thing the leap was supposed to unlock. And a two-month-old model beat it by 2 points. This isn't about GPT-5.5 winning. A 2-point gap between April and June models is functionally a tie. The story is the gap between benchmark language and deployment reality. Fable 5 dominates SWE-bench Pro (80.3% vs GPT-5.5's 58.6%). It crushes FrontierCode Diamond (29.3% vs 5.7%). These are real, impressive wins. But SWE-bench measures "can you fix a GitHub issue?" while ALE measures "can you do someone's job?" Those are different questions, and the answers are diverging fast. The deeper problem is what ALE reveals about benchmark culture itself. We've spent two years building models that optimize for test scores. SWE-bench gets gamed. WebArena gets gamed. The Berkeley team proved it empirically -- you can hit near-perfect scores by exploiting evaluation artifacts, not by solving tasks. Every time a model "sets a new SOTA" on a compromised benchmark, the industry treats it as proof of progress. ALE is the antidote: built by people who know exactly where the gaming surfaces are because they documented them. The 2.6% average pass rate on the hardest tier should reframe every "AI will replace X" take you've read this year. We have not built the engineer. We have built the world's best student -- one who aces the test but can't build the bridge. Until pass rates move from 24% to 80%, agents remain tools we use, not employees we hire. The distance between those two numbers is the entire AI industry's 2027 roadmap. The question worth asking: if models keep getting smarter while ALE scores barely budge, is the bottleneck intelligence -- or something else entirely?

• 
  GoCocoaAI (@GoCocoaAI) reported 30 minutes ago

  BitLocker was supposed to be the last line of defense when everything else fails. That line just moved — or at least, someone is claiming it did. Nightmare Eclipse dropped GreatXML late Wednesday: a claimed BitLocker bypass, the eighth zero-day in a sustained public pressure campaign against Microsoft, and the sharpest one yet on paper. The trigger condition is what makes it ugly. The exploit claims that any system which has ever run a Microsoft Defender Offline scan is potentially in scope. Defender Offline isn't an obscure feature — it's a recommended remediation step for active malware infections. Organizations that followed Microsoft's own guidance may have inadvertently expanded their attack surface. That's the kind of irony that doesn't require embellishment. The headline says BitLocker bypass 0-day. The story underneath is more nuanced, and the nuance matters before anyone starts rewriting incident response playbooks. No CVE assigned yet. No patch. Microsoft has not responded to The Register's inquiry. Public PoC is live on GitHub and Gitea right now. The most important signal is Will Dormann's reproduction attempt. Dormann is a credible, well-regarded vulnerability researcher, and his testing across three Windows 11 lineages could not reproduce GreatXML as described. His finding cuts to the core of the claim: triggering a Defender Offline scan requires active Windows login and admin credentials. If you already have admin credentials, you can disable BitLocker directly — the bypass is redundant. The exploit's value proposition collapses under that constraint. Until independent verification confirms the chain, treat GreatXML as claimed but unverified, and calibrate your response accordingly. LOW-to-MEDIUM risk pending confirmation. RoguePlanet is the sharper immediate concern and it's getting less attention because it doesn't have "BitLocker" in the headline. Local privilege escalation to SYSTEM, public PoC, released 24 hours before GreatXML, and Microsoft has only acknowledged they are "investigating." A confirmed LPE-to-SYSTEM on Windows with a published PoC is a real and present threat — ransomware affiliates and initial access brokers build post-compromise escalation chains on exactly this class of primitive. If they haven't already tested it, they will within days. MITRE T1068. No patch. No CVE assignment. Watch this one. The broader campaign pattern is itself intelligence. Eight zero-days in weeks — RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), BlueHammer (CVE-2026-33825), YellowKey, GreenPlasma, MiniPlasma, RoguePlanet, GreatXML — escalating severity, no prior coordination with MSRC, and a researcher who has hinted at a July 14 mass disclosure event, now possibly deferred. Six of the eight got patches in this week's June 2026 Patch Tuesday. The two newest don't have patches or CVEs yet. The pattern — release, MSRC scrambles, Patch Tuesday catches up, researcher releases two more — is unsustainable for Microsoft's patching cadence at this tempo. This is a researcher-as-threat-actor dynamic the industry hasn't seen at this scale since the full-disclosure wars of the early 2000s. The security community broadly pushed back on Microsoft's reported legal threats and account bans. That pushback may be emboldening further releases. The July 14 threat, even if deferred, signals more exploits in inventory. Expect continued pressure through Q3 2026. Bottom line: GreatXML needs independent verification before it reshapes your threat model. RoguePlanet does not — it's already verifiable and unpatched. And the campaign trajectory is the third thing worth tracking, because the researcher's next move is structurally unpredictable in a way that a single CVE isn't.

• 
  Chaos (@Chaos_lfg) reported 31 minutes ago

  Regarding $DESC, the product may launch today. I did some research, and here’s everything you need to know: Supported by: AR, Molecule , BankrBot, Akash Network 1Claw AI has already been successfully integrated into DescAI. Team Lead Coby recently participated in the Base hackathon. I believe Base will support a project that has been incubated within its ecosystem. The core idea behind DescAI: DeScAI is a project at the intersection of DeSci (decentralized science) and AI. Its core, Agent-Core, is essentially an "automated scientific review factory": an autonomous AI agent that finds scientific content across crypto-science ecosystems on its own, runs it through a pipeline of language models, and produces a structured quality assessment. Crawling. The agent gathers source data from three places: ResearchHub (scientific papers and funding proposals), Molecule IPNFTs (tokenized intellectual property from research DAOs), and Pump Science (chemical compound tokens for longevity research). github Reviewing. Each content type has its own LLM pipeline. For example, the articles pipeline is a 13-step process: extracting scientific claims from a PDF, routing them, and grading the empirical evidence, including originality checks against the OpenAlex database. github Output. Every run produces a standard bundle: review.json with integer scores from 0 to 100, overview.json — a plain-language summary, and evidence_audit.md — a provenance audit trail showing the sources behind each conclusion. github Publishing. Finished reviews can be published to Arweave (a permanent data storage blockchain) and backed up to private Cloudflare R2 storage. Writing to Arweave makes a review permanent, immutable, and publicly verifiable. github In short: it's an AI reviewer that automatically checks the quality of science in crypto-science projects and records its verdicts on the blockchain. Where it will be applied The project addresses the main pain point of the DeSci ecosystem: there are plenty of tokenized "science" assets, but almost no independent expert evaluation. Concrete use cases: Due diligence for DeSci token investors. On Pump Science, people trade chemical compound tokens (like RIF and URO) tied to real longevity experiments. The agent provides an independent AI assessment of a compound's scientific merit before someone buys the token. Gate LearnThe Defiant Evaluating funding proposals. ResearchHub collects crowdfunded research proposals — the agent reviews them and helps the community decide what to fund. Screening research DAOs. The DAO pipeline takes an IPNFT "dataroom" from Molecule and produces a six-category review — in other words, it evaluates tokenized scientific projects and their intellectual property. github Replacing/supplementing traditional peer review. Conventional peer review is slow and closed; here, a review is generated automatically, comes with an evidence trail, and is stored publicly and permanently.

• 
  BattleAxeVR (@BattleAxeVR) reported 32 minutes ago

  @m6502 I do look forward to using SteamOS and getting familiar with it, but, I don't have a choice of distros for work sadly. I use an older Ubuntu for my own gitlab server (for the past ten years!) but I have no interest in touching it until I finish my game. Don't trust github.

• 
  ཏོ་ཧ་ T0ha 📷💻🔬📊⛷️ (@T0ha666) reported 34 minutes ago

  (2/5) The fix? Closed loops. 1. Monitor — PostHog tracks agent behavior like product metrics 2. Orchestrate — Camelot responds to what agents see 3. Improve — GitHub automation turns insights into code 4. Loop — Back to monitoring. Each cycle compounds.

• 
  Team Reagent (@Reagent_Systems) reported 35 minutes ago

  Oh dude, after fighting with a bad model provider for a while (my fault), hermes is doing some really cool stuff :D I have a subagent maintaining and polishing up a Github repo for this large project for symbolic AI I'm working on. I have another session writing new tests and experiments for the architecture, and a hermes cron for poking this system every ten minutes to fix broken things I think I can walk away from the task now :D

• 
  Great Wyrm Catyrpelius (@Genoober) reported 37 minutes ago

  @LundukeJournal I have an account because I do a tiny bit of hobby stuff and every damn IDE wants to login to GitHub.... I don't post or contribute there. My account was flagged and locked/closed. Wtf. I get a TOS violation & locked out. I've read through the TOS. No violation I can think of.

• 
  Mike Greiling (@mikegreiling) reported 37 minutes ago

  @MattHartman @github @claudeai somebody recommended it in some discord channel I'm a part of, I honestly don't remember which one. I've had it installed and have been using it for several weeks now. It's great! I just decided today to click "check for updates" button in the menu and it gave me an obtuse error

• 
  GoCocoaAI (@GoCocoaAI) reported 39 minutes ago

  Three stories in today's bulletin. One thesis: every AI tool wired into a software pipeline is a lateral movement surface. The Claude Code Action flaw is the most technically significant of the three, and it's already patched — but the pattern it exposed is not. Microsoft Threat Intelligence documented the chain: Anthropic's claude-code-action GitHub Action had a critical permission bypass where checkWritePermissions unconditionally trusted any GitHub App actor. An external attacker with zero repo write access could submit a PR, wait for a reviewer to trigger the action, then swap the PR title for a prompt injection payload — triggering full-pipeline RCE inside a privileged GitHub Actions workflow. CVSS 7.7. Patched within four days of the January 2026 disclosure, which is genuinely fast. The window, however, had been open. Cloud Security Alliance's concurrent research note broadened the blast radius. Google Gemini CLI Action and GitHub Copilot Agent carry the same structural antipattern — AI agents processing untrusted GitHub metadata (PR titles, issue bodies, HTML comments) as authoritative prompt content while holding elevated pipeline credentials. The Clinejection incident in February 2026 proved it at production scale: one malicious GitHub issue title triggered a four-vulnerability chain, compromised the Cline npm package, and reached developer and CI/CD systems across an undisclosed number of organizations over roughly eight hours. Aikido Security found at least five Fortune 500 companies with configurations still consistent with this pattern as of mid-2026. The patch ships. The pattern persists. We are nothing if not consistent. The "AI agent phished" item is the bulletin's most forward-looking thread. Fully autonomous, goal-driven phishing campaigns leveraging agentic AI to plan, personalize, and execute multi-channel attacks are documented in peer-reviewed research — Frontiers in Computer Science, March 2026. The Harvard/Schneier study confirmed AI-generated spear-phish achieves click rates equivalent to expert human attackers, at scale, cheaply. This isn't a future threat. The capability is in the wild, and it's in the hands of actors who have already demonstrated supply-chain intent. Which brings us to the accelerant. The Miasma worm source code — with its 13-AI-tool injection module, Sigstore provenance forgery, and GitHub-as-C2 architecture — is public and already forked 396 times. GitHub disabling npm auto-run scripts is a direct response, and a partial one. The code is out. Anyone building a Miasma variant now has a working blueprint for targeting the exact CI/CD and agentic pipeline surface the Claude Code Action flaw exploited. These threat surfaces aren't coincidentally overlapping. Markets haven't priced any of this in. QQQ +0.48%, SPY +0.16% at bulletin time. The Lovable incident — $6.6B valuation, 48 days of exposed credentials — didn't move the needle on AI developer tool valuations. The Clinejection supply-chain compromise didn't either. That's either rational, because these are infrastructure risks and not earnings risks, or it's a lag. Probably both. Tuesday. The MITRE trail runs T1195.001 (supply chain compromise via npm) through T1059.007 (JavaScript interpreter abuse), T1566.001 (agentic spear-phishing), T1078 (stolen pipeline credentials), T1505 (GitHub App trust bypass), and T1190 (PR title injection to RCE). The same kill chain, at three different layers of the stack, in the same week. If your org runs Claude Code Action, Gemini CLI Action, or GitHub Copilot Agent in CI/CD: audit now for the structural antipattern — AI agent ingesting untrusted repository metadata while holding elevated credentials. The patch is shipped; the configuration risk is not auto-remediated. For any org pulling npm packages through AI coding tools: the Miasma source is public and proliferating, and GitHub's npm auto-run disable is a partial control, not a complete one. Anthropic patched the authorization bypass in four days. That's the good news. The bad news is that CSA is explicit: the underlying architecture — AI agents trusted with pipeline credentials, fed untrusted repository data — remains prevalent across the industry. We're not at the end of this class of vulnerabilities. We're at the beginning of it.

• 
  Sorbifer (@Sorbifer2) reported 47 minutes ago

  @Journeywastaken @MonsoonMommy @heynavtoor I use Sunshine on Windows PC with Moonlight as a client on Macos. Never tried opposite so no idea whether whether it is a server for macos too, but check github. There or nowhere...

• 
  Paul R. (@paul_r113) reported 49 minutes ago

  @github served our deploy pipeline a 5 week old build today and called it the newest one. Their list API put a release from May 3rd in position 1. Their own UI shows it ABOVE the release that has the "Latest" badge. /releases/latest says June, /releases says May. Same repo, same minute. We trusted that ordering for years without a single issue. Today our users got the app from May. Partly on us, the ordering was never documented and we relied on it anyway. But honestly, look at the state of GitHub right now. 266 incidents in the last 12 months, 62 of them major or critical. February was the worst month they've ever had. We're 11 days into June and they already have 12 incidents, 4 critical, one of them an API auth failure literally yesterday. GitHub used to be the most boring, reliable thing in our stack and it just isn't anymore. Anyway, builds are content addressed now. We match on a hash of the build inputs or we rebuild. No more trusting recency from any API, ever. Check your CI. If it picks artifacts by "first item in the list", this one is coming for you eventually.

• 
  moontanax (@xanaxmontanaonx) reported 52 minutes ago

  HOW TO TURN OFF AI CENSORSHIP WITH ONE COMMAND A GitHub repo called Heretic says it can weaken the refusal direction inside a transformer instead of retraining the whole model On Gemma 3 12B, the repo claims: > harmful prompts: 97 refusals out of 100 before > harmful prompts: 3 refusals out of 100 after > harmless outputs stayed close to the original model > the optimization runs automatically the weird part is the mechanism the walkthrough shows the repo, the terminal output, the comparison table, the plots, and the layer math behind it it doesn't look like a new model it looks like the old one with one important layer turned down that is the part to watch before you reduce it to a jailbreak headline

• 
  Starlin G. (@starl1n) reported 53 minutes ago

  github is asking to login several times this week in vscode, do we have somthing happening,or is just me being hacked?

• 
  Neil Thomson (@NJT_Techno) reported 53 minutes ago

  @twtayaan *** uses English words as a vocabulary for a foreign language. As a user of pre *** version control systems, I was recently forced to use ***/Github to build a public *** repo w no assistance and this was my major problem

• 
  Diego Garcia (@diegogarciamkt) reported 55 minutes ago

  The workflow was basically: I test like a confused but motivated user. Codex reads, patches, runs, documents. Claude reviews and complains. GitHub issues: remember what we learned. Clean Windows machines decide who is lying. Pretty good system, honestly.

• 
  Prospel.app | Growth Engine for X (@Prospel_app) reported 55 minutes ago

  1/ Non-technical founders are launching SaaS products in 2026 without writing a single line of code. Not because no-code tools got better. Because founder identity stopped being gatekept by technical credibility. The market cares about solving problems, not your GitHub activity.

• 
  nerd.io (@ipersona) reported 56 minutes ago

  new model comes out, github goes down!