GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  hacker.house (@hackerfantastic) reported 7 minutes ago

  @TheBlindHacker This requires funding and there is legal liability issues, the best solution is to self-host. We did that initially, but then EDR / PSP / AVP cabal started blocking our DNS - disrupting business - so we were forced onto Github. I believe this orchestration is intentional.

• 
  Mike Gannotti (@MichaelGannotti) reported 10 minutes ago

  @joshtisdale @Microsoft When it first came up were you presented with two buttons? one to login with Microsoft 365 and One for GitHub?

• 
  Wes Winder (@weswinder) reported 11 minutes ago

  @Shpigford just use google/github oauth and this problem disappears

• 
  - ben - (@Benny_Jiang_) reported 12 minutes ago

  @rauchg I was seriously thinking of building this and i had a quick prototype. I didn't further spending energy on this cuz of 3 issues 1. most skills are reused: at beginning i install a lot of skills at user level, and then just keep using what's working for me. searching from public space is less of a strong need. 2. skill ranking is hard. think of google works because of page rank. i figure semantic search + github star is much more noisy. you probly need to do really expension batch eval to verify what works or have enough traffic to do ranking. therefore, vercel has a much higher chance to make it work 3. internal skill >> public skills. skill is much more value if people within the same company use it to share the tribal knowledge. still very happy Vercel did it otherwise i would always be curious how good it could be

• 
  David Flagg (@DavidFlagg20) reported 14 minutes ago

  @PeterDiamandis There's a special mix of shenanigans in what Anthropic is doing. Basically, they announced the new "world class" model, Mythos. The Godzilla of LLMs. Can break digital infrastructure without a sweat, etc. Reaching for IPO now - about a trillion dollars, having already signed deals worth tens and hundreds of billions with the big corporations. Claude code as the sort of universal coding platform that truly, absurd, massive amounts of code are written with. Who knows how many github repos and even internal security networks are run with it. And, look at that, now they're calling for a big slowdown in development. Why wouldn't they? They're leading the market, they have, as far as I can tell, the current most capable model in terms of function, of task. Of doing things. They want everyone locked into using their models, their... "products". When you're well ahead, is a great time to demand everyone slow down. The safety lab, the alignment lab. Blah. It is always a bunch of crap when it comes to market dominance and profit. And they can tweak the prices however they like. People will reach for the best. Most just won't be able to afford it. An increasingly top-heavy system... more wealth and power for the wealthy and powerful. For the rest of us? Not seeing so much to be optimistic about right now. Great, Anthropic can take their trillion. Musk will soon be a trillionaire. Meanwhile, inflation is absurd, employment is crumbling, 1/5th of the world's oil supply is cutoff, and we're looking at a very hard planting and harvest season up ahead, with a super el nino to boot. Anthropic is full of crap.

• 
  Trish T. (@Trish_DIntel) reported 15 minutes ago

  CSO Online just published the Claude Code MCP attack chain. Worth reading if you run agents or have devs using Claude Code. Here's the short version. A malicious npm package runs a post-install hook silently. It rewrites ~/.claude.json, the single file that controls how Claude Code routes all MCP traffic. From that point, every OAuth token for every connected service gets intercepted in transit. Jira. GitHub. Confluence. Whatever your devs had integrated. The logs on the provider side look completely clean. The requests come from Anthropic's own egress IPs. The user is real. The session is valid. Nothing in that log row is wrong, but nothing in it is right either. The developer didn't run those queries. An attacker did. Anthropic called it out of scope. The reasoning: the user consented to installing the package. That logic places the entire burden of supply chain security on a developer making a split-second judgment about a dependency name. Most security practitioners will reject that framing. The attack is live today. No patch. There's a deeper pattern here. This keeps happening because developer tooling has the same gap every AI agent has. There's no layer that knows where an instruction came from or whether it should be trusted. The config gets rewritten, the routing gets poisoned, the tokens walk out the door. The model never knew anything was wrong. Token rotation doesn't fix it either. If the hook is still sitting there, it reseeds the config and captures the new tokens on the next refresh. If you have devs running Claude Code: monitor ~/.claude.json for unexpected changes. That file is the entire pivot point and most orgs have zero visibility on it. Audit post-install hooks in your npm dependencies. Rotate any OAuth tokens that were active while a package install happened. Security teams: are you monitoring developer tooling config files at all? Genuinely curious what orgs are doing to catch this.

• 
  AIStockEdge (@AnkComandante) reported 16 minutes ago

  $TEAM Few people love Jira. But even fewer leave it. This paradox summarizes Atlassian's entire business model. Jira, Confluence, Bitbucket, Loom — embedded in software teams' daily lives. Switching is technically expensive and culturally nearly impossible. Rovo AI: searches across Jira, Confluence and all company data, summarizes, creates tasks. Extra fee, customers pay. Server to Cloud migration complete. New growth: AI and large enterprise deals. 300,000+ customers, revenue growth 20%+. Risks: modern competitors like Microsoft, GitHub, Linear. Jira is genuinely complex. I have a let-winners-run philosophy. A company using Jira doesn't leave. A company that doesn't leave pays extra for AI features. Not investment advice.

• 
  • (@Weichaus) reported 18 minutes ago

  @argofowl Can they also ban playwright. It’s terrible and so slow in codex. In GitHub copilot with Opus it works amazingly well but for some reason in codex with GPT-5.5 it’s so bad and useless. Wish I could force the model to just to browser verification but that is also slow

• 
  Dan "18pF flip-flop" (@dcominottim) reported 20 minutes ago

  @SyntaxError2505 Yeah, but it isn’t that simple. For instance, compression is the Fedora default for both Workstation and Atomic Desktops, but it’s currently broken in both in different ways — if you use manual partioning in the former, the installer doesn’t apply it to fstab, and in the latter it’s a missing kernel argument. (I reported the Anaconda bug for the Workstation case and it was fixed in upstream a couple days ago.) The kernel had a bug that only got fixed in 7.1 (yet to be released) in which small files that are stored inline in inodes and have been marked as incompressible will forever be marked like that and never be candidates for reevaluation. Cool bit: that incompressible flag won’t be fixed by upgrading the kernel; you’d have to mess with low level stuff to manually fix it for existing files/inodes. A feature/part of systemd (don’t recall which now, but I bookmarked the GitHub issue) automatically enables full quotas if the detected filesystem is btrfs, which destroys performance and cause severe stalls if you have lots of snapshots. One of use SUSE btrfs developers commented in the thread, and the fix is not to use quotas at all and use squotas if feasible (the same dev says in the same comment that squotas have its own quirks and that full quotas aren’t fixable because he tried it already and it’s fundamentally incompatible with btrfs’ design that allows fast snapshots). And there are countless things like that 20 years later, and you have to trust that all or most userspace components will be aware of most of those things if btrfs is detected… so…

• 
  Pee Pee (blue tick) (@prasheus) reported 23 minutes ago

  never thought gitlab pages would be down, i am not going harsh on github now.

• 
  OpenClaw (@openclaw_lab) reported 26 minutes ago

  A couple of interesting repositories ⭐ agentcookie is built for a setup with two OpenClaw agents: one agent lives on the machine where you are already logged into your services, while the second runs on a separate Mac and receives up-to-date Chrome cookies and secrets via Tailscale. The second OpenClaw agent wakes up already authenticated and can work with GitHub, Linear, Stripe, Chrome cookies, and the CLI without manual auth login. And there is also sag, a repository by Peter Steinberger, the creator of OpenClaw. It is a modern replacement for macOS say, powered by ElevenLabs: sag "Done, the task is complete" sag -o result.mp3 "A short voice report" For agents, this is a convenient way to voice statuses, errors, and work results.

• 
  The_Daniel (@dan_mwita8) reported 27 minutes ago

  OAuth 2.0 doesn't share your password with the third-party app. It hands the app a scoped, revocable token after you authenticate directly with the identity provider. The four-step dance ; redirect, consent, code, token exchange , is the protocol that makes this safe. Almost every step has a security-critical detail devs get wrong. The flow begins when the app redirects you to the provider's login page (Google, GitHub, etc.) with a handful of query parameters: client_id (which app), redirect_uri (where to send you back), scope (what permissions), state (a CSRF token), and code_challenge (PKCE , proves the redirect wasn't intercepted). You then authenticate with the provider directly and approve the requested scopes. The app never sees your password. This is the central security property of the whole protocol, credentials stay between you and the identity provider. The provider redirects you back to the app's redirect_uri with a short-lived authorization code in the URL. The code is single-use, expires in ~60 seconds, and the state parameter gets checked here to defeat CSRF. Then the app exchanges the code for an access token by calling the provider's token endpoint server-side , with its client_secret, never exposed to the browser. The token is what the app uses to call APIs on your behalf, scoped to what you approved. PKCE was added because in the early days, an attacker who intercepted the authorization code could exchange it themselves. PKCE adds a per-request secret that proves the redirect went to the legitimate app. Mobile and desktop apps must use PKCE, web apps with a real backend can skip it but shouldn't. The mistakes that bite teams are predictable actions such as storing tokens in localStorage (XSS-vulnerable), skipping the state parameter (CSRF), not using PKCE on mobile (interception), and treating refresh tokens like access tokens. Refresh tokens are long-lived and should never leave the backend. Get any of these wrong and the protocol's identity-isolation guarantee silently breaks.

• 
  RyanX 🦞 (@ryanx_ai) reported 28 minutes ago

  Hiten Shah just put his finger on something most AI strategy memos miss. His argument: every company's first AI strategy should be a skill library. Not a tool rollout. Not a connector pile. A library of reusable ways of working that agents can load. The insight that hit me: "the pattern is older than AI." Unix commands made operations reusable. Libraries made code reusable. APIs made services reusable. Workflows made processes reusable. What changed isn't the desire to package expertise. Software has always moved in this direction. What changed is the executor. For decades, a human had to read the playbook and apply it. Now agents load the playbook, call tools, inspect files, run scripts, and keep going. The playbook becomes active. Documentation becomes infrastructure. That changes the value of writing things down. A skill that used to be "this is how the senior PM thinks about launches" was nice-to-have documentation. Now it's an executable asset. The mistake most companies are about to make: they start with access. Link the agent to the CRM. Set up Slack. Wire up GitHub. Connect the data warehouse. That all matters. An agent without access is guessing. But access alone doesn't create useful work. An agent can read every sales note and still miss the shape of a deal. It can search every support ticket and still miss the customer who needs immediate attention. The real work: teach the agent how your company approaches the work. That's what a skill is. Not a prompt for this conversation. A reusable way of working, packaged with instructions, examples, templates, edge cases, quality bar. Which is why the most valuable skills won't live on public marketplaces. They'll live inside your company, encoding things like: - what counts as escalation in your support org - how renewal calls are actually run (not what the playbook says) - which metrics matter for your board and which are noise - the legal fallback positions you actually rely on - the voice that defines your brand A generic agent has broad knowledge of sales, support, finance, product. What makes it useful inside your company is learning your specific processes. That's the moat. Not the model you pick. The work you teach the model to do well. Three things to do this quarter, before you buy another AI tool: 1. Map the repeated work. The workflows where experienced people consistently outperform everyone else. Sales calls, escalations, PRDs, postmortems, contracts, forecasts. None of these are the job. They're everything wrapped around it. 2. For each one, ask: what does the best person on the team do differently? What catches their attention first? What do they overlook? Which errors are they trying to avoid? That is the raw material for a skill. 3. Package the first three. Run them. Improve them. Make the owner stay close to the work — the skill decays the moment it stops being maintained by the person who actually does the job. The companies that win won't be the ones with the most internal AI demos. They'll be the ones that turned their judgment into reusable systems faster than their competitors. Your company already has skills. They're sitting in old docs, Slack threads, customer calls, and the heads of the people who know how the work really gets done. Make them visible. Make them reusable. Let the agents use them.

• 
  romeoraven (@romeoraven) reported 28 minutes ago

  @Kappaemme1926 That OpenAI employees keep asking on here what's wrong with it instead of fixing the already opened issues on GitHub for it.

• 
  KTMudak (@KTMudak) reported 29 minutes ago

  Collection for people who want to build their own AI tools without starting from scratch There’s a GitHub collection of 100 free open-source projects you can use as a base for AI tools, automations, internal dashboards, parsers, knowledge bases and local replacements for paid services. Inside are: >tools for AI agents > local alternatives to paid SaaS > LLM interfaces > automation tools > data/parsing projects > design/site/component templates > security/privacy stuff > content tools Give the repo to Claude Code, Codex, Cursor, Cowork or another agent and ask: “Explain how this project works, what I can reuse for my task, what I should delete, what needs adapting and how to build a simple version.” That’s the whole edge. You don’t start from a blank screen. You already have structure, logic, code examples and a map of how someone else solved a similar problem. Just check licenses and restrictions. Some need API keys, some have commercial use terms, some are only good as references rather than things you can ship directly Link below