GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Alex (@0xAlex_300) reported 48 seconds ago

  I’ve been watching this new launch $ZERO @c0mputeAI today. A few things stood out: • Real codebase (Rust + TS) • Active GitHub with recent commits • Multiple releases already shipped • MIT licensed • Founder appears publicly tied to Profullstack, not an anonymous burner account • Clear focus on decentralized AI inference, not just generic “AI + crypto” buzzwords What I find interesting isn’t the token. It’s that they’re trying to solve an actual problem: How do you turn idle compute into a permissionless AI network where users pay for inference and workers earn for providing resources? Still very early. Community is tiny. Product looks alpha. A lot of infrastructure is still being wired together. But compared to many microcap AI projects, there seems to be genuine engineering happening under the hood. Definitely one I’m keeping on my watchlist. $ZERO 👀👀👀

• 
  Thomas Bradley (@TBradley27) reported 2 minutes ago

  Bioinformatics pet peeve: When a software repository contains a major omission in the documentation, a user flags the problem with the repo owner, and then the repo owner responds to the user with the answer without correcting the documentation and closes the issue on GitHub

• 
  Rossst.03 (@Rossst_03) reported 3 minutes ago

  Why the Polymarket vs Kalshi 15-minute "arbitrage" doesn't work It looks like the easiest money in crypto. Bitcoin "Up or Down" markets run on both Polymarket and Kalshi over the same short windows. Every so often you can buy Up on one side and Down on the other, and the two legs cost less than $1.00 combined. One of them has to win, so you pocket the difference. Free money. People have built bots that do nothing but scan for this. Open-source ones sit on GitHub: pull the Polymarket price, pull the Kalshi price, flag every time Up plus Down costs under a dollar. On paper it's a risk-free spread. It isn't. And the reason is the one thing almost nobody reads: the resolution spec. Here's the trap in a single line. You are not buying two sides of the same coin. You are buying two different bets that happen to look identical. Same window, different rulers Polymarket resolves its 15-minute BTC markets off the Chainlink BTC/USD data stream. It takes the price at the start of the window (the "Price to Beat"), the price at the end, and resolves Up if the end is greater than or equal to the start. A clean point-to-point reading from one oracle. Kalshi resolves its crypto markets off the CF Benchmarks index, and it does not take a single instant. It averages the last 60 seconds of that index at expiration. Different feed, and a 60-second average instead of an end-of-window print. So you already have two problems stacked on top of each other. First, different price source. Chainlink's stream and CF Benchmarks' index are not the same number at any given second. They drift apart constantly, by a few dollars, by a few basis points. In a 15-minute window the entire move is often only a few dollars. When the gap between the feeds is the same size as the move itself, they routinely disagree on direction. Second, a print versus an average. Polymarket asks "where did the last tick land." Kalshi asks "what was the average of the last minute." Near a flat close those are different questions. The instant can tick down while the minute averages up. There's even a third crack: the reference prices don't match. Polymarket's Price to Beat is captured from Chainlink at the window open. Kalshi sets its own strike off its own index. The arb bots literally have to compare "Poly strike" against "Kalshi strike" because they aren't the same number. You're not even measuring from the same starting line. What actually happens to your "free" spread The window closes nearly flat. Kalshi's 60-second average ends a hair above its strike and settles Up. Polymarket's Chainlink end-print lands a hair below its Price to Beat and settles Down. Your Up leg loses. Your Down leg loses. Both legs lose. The "risk-free" spread paid out zero. That's the exact failure mode: Kalshi closes Up, Polymarket closes Down, on what looked like the same event. It wasn't the same event. Why the spread existed at all The market wasn't being dumb. The sub-$1.00 total wasn't a mispricing you were sharp enough to spot. It was the market pricing the basis risk between two different oracles. Those few cents of "edge" were your compensation for the risk that the feeds disagree, which is precisely what happens. You weren't collecting free money. You were paid a tiny premium to take a real risk, and the risk showed up. Then stack the costs. Two legs means two sets of fees and two sets of slippage. Even when the directions agree, the round-trip cost often eats the spread you thought you locked. The actual lesson A cross-venue arbitrage is only risk-free when both sides resolve off the identical source, at the identical timestamp, under the identical rule. Change any one of those and you no longer hold a hedge. You hold a bet on the tracking error between two settlement methods. On a 15-minute crypto window, that tracking error is the same order of magnitude as the move you're betting on. Which makes the "arb" a coinflip with fees stapled to it. The edge was never the spread. The edge is knowing why the spread is there. Read the resolution rules before you read the prices.

• 
  Orlixx.ai (@orlixx003) reported 5 minutes ago

  HERMES AGENT CROSSED 140,000 GITHUB STARS IN 3 MONTHS AND JUST BECAME THE MOST USED AGENT IN THE WORLD. Most AI agents forget everything between sessions. Hermes writes its own skills from experience. Next time it runs the skill, improves it, and gets faster. Independent benchmarks show agents with 20+ self-created skills complete similar tasks 40% faster than fresh instances. Qwen 3.6 where the 35B version outperforms last year's 120B models at one third the memory footprint. DGX Spark with 128GB unified memory running everything locally at $0 per month after hardware. The setup takes 30 minutes. LM Studio plus Qwen 3.6 27B for the model server. One install script for Hermes. One config connecting them. Set context window to 65,536 tokens or nothing works. After one month of daily use your skills directory has 20 to 50 learned workflows. Your Hermes is genuinely different from anyone else's.

• 
  Swayam (@DevSwayam) reported 5 minutes ago

  @MicahZoltu @ChanniGreenwall i am not saying its same but an AI could easily use this github issue to find this vulnerability

• 
  ghost of ai future (@GenAIDL) reported 7 minutes ago

  @emollick the irony of AI labs using AI to write documentation for AI tools and still ending up with gaps is a very specific kind of recursive failure, the features that matter most in production are almost always the ones that only exist in someone's github issue comment from six months ago

• 
  RyanX 🦞 (@ryanx_ai) reported 7 minutes ago

  Hiten Shah just put his finger on something most AI strategy memos miss. His argument: every company's first AI strategy should be a skill library. Not a tool rollout. Not a connector pile. A library of reusable ways of working that agents can load. The insight that hit me: "the pattern is older than AI." Unix commands made operations reusable. Libraries made code reusable. APIs made services reusable. Workflows made processes reusable. What changed isn't the desire to package expertise. Software has always moved in this direction. What changed is the executor. For decades, a human had to read the playbook and apply it. Now agents load the playbook, call tools, inspect files, run scripts, and keep going. The playbook becomes active. Documentation becomes infrastructure. That changes the value of writing things down. A skill that used to be "this is how the senior PM thinks about launches" was nice-to-have documentation. Now it's an executable asset. The mistake most companies are about to make: they start with access. Link the agent to the CRM. Set up Slack. Wire up GitHub. Connect the data warehouse. That all matters. An agent without access is guessing. But access alone doesn't create useful work. An agent can read every sales note and still miss the shape of a deal. It can search every support ticket and still miss the customer who needs immediate attention. The real work: teach the agent how your company approaches the work. That's what a skill is. Not a prompt for this conversation. A reusable way of working, packaged with instructions, examples, templates, edge cases, quality bar. Which is why the most valuable skills won't live on public marketplaces. They'll live inside your company, encoding things like: - what counts as escalation in your support org - how renewal calls are actually run (not what the playbook says) - which metrics matter for your board and which are noise - the legal fallback positions you actually rely on - the voice that defines your brand A generic agent has broad knowledge of sales, support, finance, product. What makes it useful inside your company is learning your specific processes. That's the moat. Not the model you pick. The work you teach the model to do well. Three things to do this quarter, before you buy another AI tool: 1. Map the repeated work. The workflows where experienced people consistently outperform everyone else. Sales calls, escalations, PRDs, postmortems, contracts, forecasts. None of these are the job. They're everything wrapped around it. 2. For each one, ask: what does the best person on the team do differently? What catches their attention first? What do they overlook? Which errors are they trying to avoid? That is the raw material for a skill. 3. Package the first three. Run them. Improve them. Make the owner stay close to the work — the skill decays the moment it stops being maintained by the person who actually does the job. The companies that win won't be the ones with the most internal AI demos. They'll be the ones that turned their judgment into reusable systems faster than their competitors. Your company already has skills. They're sitting in old docs, Slack threads, customer calls, and the heads of the people who know how the work really gets done. Make them visible. Make them reusable. Let the agents use them.

• 
  Manu.ts (@Neolectron) reported 10 minutes ago

  @schanuelmiller @southpolesteve This is exactly the issues with any npm stats website btw. They all lie exactly like npm because they have infinite depth :). GitHub has an ui to show which opensource repo/packages depends on yours. This should be used to allow filtering first party downloads.

• 
  Paul Dao Nhan Nguyen (@daonhan) reported 10 minutes ago

  3/ grill-me interrogates intent and refuses hand-waving. to-prd turns that into a PRD. prd-to-plan decomposes it into tracer-bullet phases. to-issues files those as dependency-ordered GitHub issues. That chain runs before any code.

• 
  Asym (@Asym_Alwali) reported 13 minutes ago

  2/ Starting point ❌ No working *** workflow on Android ❌ GitHub authentication issues ❌ Repository confusion ❌ Vercel deployment failures Goal: Fix everything without touching a desktop computer.

• 
  Ivan Fioravanti ᯅ (@ivanfioravanti) reported 14 minutes ago

  I want to publicly ask to anyone involved in Apple MLX world, being it building block or inference engine to slow down development and add more testing and QA. Every single time we test something new on MLX world we get tons of issues and we spend more time debugging, contacting builders and opening Github issues than enjoying the new releases. Please please please 🙏 Add more tests, it's quite simple for me crashing things, I just do long context benchmarks or batch inference and... BOOM! Imagine using this in a real production environment. I don't want this to be an accuse, just a request for more care to QA. llama.cpp and DS4 docet.

• 
  k4yaba (@k4yaba) reported 15 minutes ago

  One thing I think people are still missing about @cyberia_temple: The move from 40k to 80k isn't the story. The story is that almost nothing has fundamentally changed between 40k and 80k. The chain was live at 40k. The bridge was live at 40k. The DAO was live at 40k. The explorer was live at 40k. The launchpad was live at 40k. The lending platform was live at 40k. The Github was public at 40k. The market simply started noticing what was already there and that's a huge difference. Most projects pump because of promises. Cyberia is slowly repricing because of delivered software. When I first looked into it, I expected to find another AI narrative wrapped around a token. Instead I found a strange combination of cult, blockchain infrastructure, open-source philosophy and a Dutch developer who seems completely detached from market psychology. And honestly that's probably why it's still early. The market understands memes. The market understands AI. The market understands launches. What the market doesn't know how to price is a guy trying to build an entire ecosystem publicly while the token sits at micro-cap valuations. That's exactly why opportunities like this exist. People are trying to value Cyberia as a Pump fun token while the dev is behaving like he's building a startup. Those two things simply don't belong in the same valuation range. The part that interests me most isn't even the current products. It's the philosophy underneath them. Most crypto projects are designed to extract value from their communities. Cyberia appears to be attempting the opposite. The idea that open-source developers should be rewarded directly is actually much bigger than most people realize. Almost every piece of modern technology is built on top of open-source software yet the people creating that software are often the least rewarded participants in the entire stack. @cyberia_temple seems to be built around that contradiction. And if they manage to solve even a small part of that problem, the upside becomes extremely difficult to model. Another thing worth mentioning is that most founders talk about decentralization, community and transparency. Very few founders are willing to build in public. That's a level of accountability most teams wouldn't survive for a week. Every bug, every failure, every update and every win is visible. There are no polished announcements, fake screenshots or mystery boxes. Just shipping. And shipping is ultimately what wins. Not narratives. Not Spaces. Not influencer marketing. Not engagement farming. Shipping. At 40k market cap, this looked interesting. At 80k market cap, it still looks interesting because if you're focused on the fact that it already did a 2x, you're probably looking at the wrong metric. The real question is: What is the market cap of a project that successfully transforms itself from a token into an actual digital economy? Because that's the bet being made here. Not on a chart. Not on a meme. Not on a trend. On a builder. And historically, betting on builders has been one of the few edges that never seems to disappear. Still early. CA: solana:E67WWiQY4s9SZbCyFVTh2CEjorEYbhuVJQUZb3Mbpump

• 
  Alexander Zbiciak (@IBreakData) reported 15 minutes ago

  @luce_libera @wodarg One issue with the data is the data entry permutations are these the same lots? EW172 EW0172 PFIZER EW0172 #EW0172 Some entries just say pfizer or worse. The data needs guided cleaning to really show hot vs not lots @grok please review the github data and find the potential permutations for the pfizer lot ewo172 as shown above. Are there othe potential entries and what are the totals for that lot.

• 
  Saylor (@seylorra) reported 19 minutes ago

  @TheAhmadOsman honestly i just want sm120 to work with vllm without a 4 hour github issue hunt. a rocm sanity check or json config isnt too much to ask.

• 
  🛡️Shir Khorshid Noor Cyber Unit🛡️ (@FriendOfTheInst) reported 20 minutes ago

  Sponsored search results are not a trust boundary. A fake ChatGPT download campaign used brand impersonation, malvertising, shared-link abuse, cloaking, platform-specific payloads, CAPTCHA gating, Electron packaging, JavaScript obfuscation, and staged execution to deliver malware to Windows and macOS users. This is not merely another fake download page. It is a clear demonstration of how attackers exploit trust across multiple layers: • Trusted brand • Trusted search flow • Trusted-looking ad placement • Trusted-looking domain patterns • Trusted UI/branding • Trusted installer frameworks • Trusted code-signing assumptions • Trusted AI platform sharing features What happened: Attackers promoted a fake OpenAI/ChatGPT download experience using the domain: openew[.]app The site copied OpenAI-style branding and offered download paths for: • Windows • macOS • Chrome extension The Chrome extension path linked to a legitimate ChatGPT-related extension, further increasing perceived legitimacy. The Windows and macOS download paths delivered malware. Attackers also abused legitimate ChatGPT shared conversation links, including chatgpt[.]com/s/ pages, to host fake outage or download pages. A link hosted on a trusted domain can still deliver attacker-controlled content to users. The campaign employed cloaking and conditional rendering: automated scanners and analysis tools were shown benign content, reportedly an unrelated AR/VR company site, while real browsers received the malicious ChatGPT-themed download experience. That is the key lesson: A trusted domain, HTTPS padlock, sponsored ad, or polished UI does not equal a safe download. Why this campaign matters: Victims were not browsing dark web forums or downloading cracks. They were searching for a legitimate AI tool. That is why malvertising is effective: it targets high-intent users at the exact moment they are ready to install software. The campaign turned normal user behavior into an initial access path. Windows chain: The Windows payload was distributed as: Chat_GPT.exe Reported SHA-256: 56CC26E88C064B0C423AA8AD6530E58F91D1E4D28FAB1A8BCEDEF16A6582B4D2 Additional reported Windows hash: c9e0e6985dca3a179c9bdea4e7b38f7dc57fe00ecedc2fd634256fc53bf2de2d Important: hashes are useful for triage, not sufficient for defense. Campaigns rotate samples. Hunt behaviorally. Windows technical observations: • Installer built with Inno Setup • Electron-based application • Chromium runtime components • resources\app.asar archive • Large obfuscated JavaScript payload identified as winter.js • Hex-encoded strings • Dynamically resolved functions • Control-flow obfuscation • Event-driven execution • CAPTCHA gating before core behavior • Inner Electron payload (App.exe) launched after installation • PowerShell spawned after CAPTCHA completion Observed PowerShell pattern: -ExecutionPolicy Unrestricted -Command - That trailing dash matters. It suggests commands may be supplied through standard input rather than appearing directly in the process command line. This reduces the value of command-line-only detection and makes process-tree and behavioral monitoring much more important. Static red flags: The filename suggested ChatGPT, but embedded metadata reportedly identified the installer as: PovariEGLESVapp Setup The executable was signed by: F.F.A.P. Hurkmans Beheer B.V. That publisher does not align with OpenAI or ChatGPT. Important reminder: a valid code signature does not mean software is safe. It only confirms that the file was signed by a certificate and has not been modified since signing. It does not establish that the software is legitimate or authorized by the brand it imitates. Additional Windows indicators: • App.exe SHA-256: D9AD44D43E57B870793FA5CF7FB3A813990D0CBD0C7087BDE70A5E61FB1F1FE6 • Unexpected Chromium/Electron profile: %APPDATA%\Satoshi • Additional reported path: %APPDATA%\LeronApplication • Reported Electron/Node capabilities: systeminformation, child_process, os, fs, zip-lib, Those modules indicate a capable execution environment: system discovery, file access, archive handling, process execution, and network communication. macOS chain: The macOS payload was delivered as: ChatGpt.dmg Reported SHA-256: 7E5B708F6659B1FAD3AAE7B589A706434FBF21708AEEC5AF5910189B96E25FEF Additional reported macOS hash: c0919e1999eaee67e67aeda0287722775afb04e9a9a0f727928b4d11265fb70b The macOS malware is reported as Odyssey Stealer, a fork of AMOS / Atomic Stealer. Reported macOS targeting includes: • Browser passwords • Browser cookies • Saved logins • macOS keychain data • Telegram sessions • Cryptocurrency wallet directories • Desktop/Documents files with sensitive wallet/key extensions • Ledger Live • Trezor Suite • Exodus • Electrum • Sparrow The most dangerous macOS behavior: Wallet replacement. The malware reportedly attempts to replace legitimate wallet-related applications with trojanized versions. That means a victim may later open what appears to be their normal wallet app, but actually launch an attacker-controlled version. That is not only credential theft. That is long-tail financial compromise. Infrastructure: Reported malicious domain: openew[.]app Reported infrastructure includes: 144[.]172[.]104[.]205 188[.]137[.]246[.]189 192[.]253[.]248[.]181 172[.]94[.]9[.]250 Infrastructure notes: • Recently registered domain • Namecheap / registrar-servers infrastructure reported • RouterHosting infrastructure reported • Passive DNS linked infrastructure to other suspicious or malicious domains • .app domains require HTTPS, so browsers show a padlock The padlock only means the connection is encrypted. It does not mean the site is legitimate. Detection opportunities for defenders: 1. Newly created executables launched from Downloads, Temp, or other user-writable paths 2. Trusted-brand filenames that do not match embedded metadata 3. Installer publisher mismatch: filename says ChatGPT, signer is unrelated 4. Electron apps spawning scripting engines: powershell.exe cmd.exe osascript bash sh zsh 5. PowerShell with: -ExecutionPolicy Unrestricted -Command - 6. Unexpected Chromium/Electron profile directories, such as: %APPDATA%\Satoshi %APPDATA%\LeronApplication or other anomalous Electron profile paths 7. app.asar archives containing large obfuscated JavaScript bundles 8. CAPTCHA or user-interaction gating before malicious behavior 9. Newly registered domains impersonating major software or AI vendors 10. Users installing software from ads instead of official vendor channels 11. Suspicious wallet-app replacement attempts on macOS 12. Post-install network traffic to low-cost VPS infrastructure 13. Legitimate AI sharing URLs that render fake support, outage, update, or installation pages 14. Download pages that show different content to scanners than to real browsers The key defensive point: Do not build detections only around hashes or static strings. This campaign reduces the value of static analysis through: • Obfuscation • Runtime string construction • CAPTCHA gating • Electron packaging • Conditional execution • Cloaking • Staged payload behavior • Shared-link abuse on trusted domains The better approach: • Behavioral detection • Process-tree monitoring • Parent-child process analysis • Script-engine execution monitoring • Browser/download source telemetry • Application control • Newly registered domain monitoring • Publisher and metadata validation • EDR detections for Electron-to-shell execution • Monitoring for AI-platform shared links used as delivery pages • User training focused on sponsored-result and fake-download risk For users: Only download ChatGPT from official OpenAI channels or the Microsoft Store. Do not install software from ads, mirror sites, download portals, unfamiliar domains, or fake support/outage pages. If you installed a “ChatGPT” app from an ad or unfamiliar page: Use a clean device and: • Sign out everywhere from important accounts • Change passwords, starting with primary email • Rotate API keys, SSH keys, cloud credentials, and tokens • Revoke active sessions for email, GitHub, cloud, Discord, Telegram, crypto exchanges, banking, and password managers • Move crypto funds from a clean device • Do not open Ledger/Trezor apps on a potentially infected Mac • Monitor financial accounts • Reinstall the OS • Notify IT/security immediately if it was a work device For AI vendors and platform owners: This is now part of the product security perimeter. Brand impersonation, malicious search ads, fake download pages, clone domains, and abuse of shared AI content are active distribution channels. Practical controls: • Make official download links easy to find • Monitor sponsored ads for brand abuse • Monitor newly registered lookalike domains • Detect abuse of shared-content features • Run takedowns quickly • Publish clear download guidance • Provide signed-installer verification guidance • Coordinate with search/ad platforms • Alert users when major impersonation campaigns are active Bottom line: Attackers are not just exploiting ChatGPT. They are exploiting the trust, urgency, and confusion around fast-moving AI adoption. Today it is ChatGPT. Yesterday it was another AI tool. Tomorrow it will be the next trending product. The malware can rotate. The domain can rotate. The payload can rotate. The brand can rotate. The infrastructure can rotate. The defensive mindset must rotate too: From: “Is this file known bad?” To: “Is this behavior legitimate for this software, this publisher, this user, this source, and this execution context?” That is the difference between signature-based reaction and modern detection engineering. Analysis draws on reporting from Malwarebytes Labs, Evalian SOC, Push Security, BleepingComputer, CybersecurityNews, and OpenAI documentation. #CyberSecurity #Malvertising #ThreatIntelligence