Many orgs move forward because of a very small set of people. Many orgs stay afloat because of a very small set of people.

Just encountered one of the most convincing Google account takeover scams I’ve seen. Perfect American accent. Calm. Professional. They start the call by saying someone tried to hack your Google account using a fake death certificate, then ask if you recognize a recovery email or phone number. They ask if you’ve received any recent Google emails about an account you don’t recognize trying to recover access. And sure enough, there’s a legit Google security email. Here’s the trick. The attacker isn’t trying to hack your account. They create a throwaway Google account, set your email as the recovery email, then try to recover that account. Google sends you a real security email. The scammer calls you live, references the email, and even tells you to verify the headers since it comes directly from Google. The headers are real. That’s the point. Then they tell you they’re locking down your account and that you’ll get a recovery prompt on your phone. You just need to approve it to stay safe. The giveaway was the device and location in the prompt didn’t match me. When I pushed back, they claimed it was from their servers, which obviously makes no sense. At that point I hung up. I have a personal rule to never approve anything I didn’t initiate, especially while on the phone. Extremely well executed social engineering. I’m sure this works on a lot of people. And if someone calls you about account security, assume it’s a scam

⚔️introducing TypeSlayer⚔️ A #typescript type performance benchmarking and analysis tool. A summation of everything learned from the benchmarking required to make the Doom project happen. It's got MCP support, Perfetto, Speedscope, Treemap, duplicate package detection, and more.

We know we have work to do in maintaining our own open source surfaces for GitHub Actions (actions, runner-images, starter workflows, toolkits, etc.). That being said, I wanted to address what was discussed and also share what’s next for GitHub Actions: With respect to `safe_sleep` in self-hosted runners (note: this never impacted GitHub-hosted runners)... • We fixed the implementation causing an infinite loop on August 14th and cut a new runner release in October. So this bug has been fixed[^1] and released for a month or so. We missed closing the related issue[^2] as part of that release and then closed it on December 1st. • As for burning CPU while sleeping, this is obviously not great from just a quality of engineering perspective, but this was an intentional change away from relying on the OS sleep to address a customer case where it didn't work when sleep was not available. We are fixing this now to use sleep if it's present and fall back to this implementation only if it's not available. This script is only used in 2 scenarios: updating the self-hosted runner when a new version is available and recovering from an unhealthy termination. With the infinite loop issue fixed, the CPU inefficiency, while still not great, should have very little real impact to self-hosted runners CPU utilization and zero GitHub Actions billing impact to customers. The biggest impact is customer configs using multiple self-hosted runners on the same machine. In that case, during the seconds that this sleep is running during an infrequent update or after an unhealthy runner termination, the other runners would suffer from CPU consumption. • All of this is completely unrelated to any sleeps within workflows and jobs themselves. As for file hash issue[^3], a hosted runner image update that started rolling out on November 22 caused failures related to an unintended breaking change in the runner agent cached in the image. This was rolled back on November 23, which mitigated all customer impact. Hosted runner agent updates have been paused until improvements identified from this are completed, but image updates were unblocked on the 25th to ensure we continue to provide security updates for our hosted runners. GitHub Actions is a core primitive of GitHub and important to its future. Last year, GitHub gave away 11.5 billion build minutes for free to open source projects[^4] (which I think is about ~$184 million dollars). The Actions team’s priority for the last 18 months has been on scaling and reliability. In the last few months, the team has also focused on community asks and shipped support private/internal .github repos[^5], increased the actions cache size >10GB[^6], shipped Action workflow YAML anchors[^7], increased workflow dispatch limits[^8], and increased reusable workflow limits[^9]. As for what’s next, the Actions team is now going to be focused on: • Support for timezones[^10] in scheduled jobs and updates to schedule reliability • Return the run ID from workflow dispatch[^11] • Adding a switch function for expressions so they have a conditional operator or function[^12] • UX improvements, including faster page load times, better rendering for workflows with over 300 jobs, and a filter for the jobs list. • Parallel steps[^13] (one of the most requested features from GitHub Actions community I think this covers most of it, but we’ll follow up soon with more details in a proper blog post [1] github.com/actions/runner/pu… [2] github.com/actions/runner/is… [3] github.com/actions/runner-im… [4]github.blog/news-insights/oc… [5] github.blog/changelog/2025-0… [6]github.blog/changelog/2025-1… [7] github.blog/changelog/2025-0… [8] github.blog/changelog/2025-1… [9] github.blog/changelog/2025-1… [10] github.com/orgs/community/di… [11] github.com/orgs/community/di… [12] github.com/orgs/community/di… [13] github.com/orgs/community/di…

did they train this in the balkan area

Guess those lost royalties are why they took away the 3.5mm headphone jack 😆

Good morning, happy Monday. Here is an uplifting inspirational quote to start your workweek with. 🙏#gratitude

The stuff of dreams 🥰