- ByteSize
- Posts
- Linux drama, GitHub security, and PyPI gets phished (again)
Linux drama, GitHub security, and PyPI gets phished (again)
PLUS: India's dumping Microsoft for Zoho, OpenAI's burning $500B on data centers, and vibe-coding apps are DOA.
In partnership with
Happy Tuesday! It’s the last day of Q3, and you’re one ping away from screaming into a keyboard. But we’re survivors, you and I, so let’s travel back in time… to 1980.
On this day, Digital, Intel, and Xerox dropped the Ethernet specification like it was a mixtape nobody asked for but everyone eventually needed. Version 1.0 of the Blue Book became the foundation for every LAN you've ever cursed at during a video call. Back then, they probably thought they were just solving a networking problem. Turns out, they were building the infrastructure for an entire generation to yell "CAN YOU HEAR ME NOW?" into their webcams.
Fast-forward 45 years, and Ethernet's still holding down the fort while WiFi pretends it's reliable.
LINUX DROPS TWO CONTROVERSIAL UPDATES (EVERYONE WILL THEN INSTALL THEM ANYWAY)
Two of Linux's most divisive projects just released fresh versions for everyone to argue about on Reddit.
Systemd version 258 finally showed up months late, like that friend who says they're "almost there" but hasn't left their apartment. The delay means it missed Ubuntu 25.10 and Fedora 43 completely. If you're running Arch or openSUSE Tumbleweed, congrats – you're the beta testers now. This massive update might still make Ubuntu 26.04 next April, assuming version 259 doesn't drop first and steal its spot.
Meanwhile, GNOME 49 (nicknamed "Brescia") killed off a bunch of your favorite apps. Goodbye Totem video player, Evince document viewer, and Devhelp manual browser. Say hello to Showtime, Papers, and Manuals – new apps built with Gtk4 that look suspiciously phone-optimized because apparently that's our future now.
The new GNOME Calendar got completely rebuilt for better accessibility, which breaks Joel Spolsky's sacred "never rewrite code" rule from 2000. But sometimes rules need breaking. They also added fancy HDR display support with 48-bit wallpapers, because your eyeballs apparently needed more color depth than the entire 1990s had access to.
Both releases are peak Linux: controversial, ambitious, and guaranteed to spark flame wars. But let's be honest… you're updating anyway.
GITHUB FINALLY CARES ABOUT NPM SECURITY MATTERS
After watching hackers treat npm like an all-you-can-steal buffet, GitHub's actually doing something about it.
The changes: Two-factor authentication is getting real. Those old authenticator app codes you copy-paste? Gone. GitHub wants hardware keys or biometrics — stuff that's way harder to steal. And that option to skip 2FA when publishing locally? Deleted. Vaporized. Thanos-snapped.
Why now? Earlier this year, a self-replicating worm called Shai-Hulud infected npm through a hacked account and stole secrets from developers. GitHub had to nuke 500+ packages. Whoops.
The new security includes Trusted Publishing and tokens that expire in seven days instead of lasting forever like some digital cockroach. Classic tokens are getting booted entirely.
Will this break your workflow? Absolutely. Will you need to read documentation? You bet. But at least your packages won't become crypto-mining zombies.
"We recognize that some of these security changes may require updates to your workflows," GitHub explained, which translates to "sorry not sorry, but this is your fault."
PYPI PHISHING SCAM TRICKS DEVELOPERS (AGAIN)
Python's package index is getting hammered by phishing emails that look legit enough to fool tired developers at 2 AM.
The scam sends emails claiming you need to "verify your email" for "security procedures" — vague corporate nonsense that sounds almost real. Click the link, and you land on “pypi-mirror[.]org,” a fake site stealing credentials faster than you can say "import OS."
If you fell for it (no shame), change your password immediately and check your Security History for anything weird.
The Python team also wiped all tokens stolen during last month's GhostAction attack.
Good news: hackers hadn't used them yet.
Bad news: "yet" is doing a lot of work in that sentence.
⚙️ TOOL TIME
How Canva, Perplexity and Notion turn feedback chaos into actionable customer intelligence
Support tickets, reviews, and survey responses pile up faster than you can read.
Enterpret unifies all feedback, auto-tags themes, and ties insights to revenue, CSAT, and NPS, helping product teams find high-impact opportunities.
→ Canva: created VoC dashboards that aligned all teams on top issues.
→ Perplexity: set up an AI agent that caught revenue‑impacting issues, cutting diagnosis time by hours.
→ Notion: generated monthly user insights reports 70% faster.
Stop manually tagging feedback in spreadsheets. Keep all customer interactions in one hub and turn them into clear priorities that drive roadmap, retention, and revenue.
👨💻 JOB OPPORTUNITIES
Optimum needs someone to babysit firewalls and handle tier-3 escalations at ungodly hours. Needs 3-5 years experience, zero circadian rhythm, and the emotional stability to receive "server down" texts during your nephew's birthday party.
Grammarly wants you to secure their cloud while their AI judges your spelling. Must think like a hacker who watched Mr. Robot twice and embody "EAGER" values with a straight face.
DraftKings needs someone fluent in translating "the ship is actively sinking" into PowerPoint slides that won't make the CEO cancel their golf trip. 10+ years experience turning dumpster fires into "controlled burns” and must pretend AI will save us all while secretly hoarding canned goods.
Motorola wants someone who genuinely enjoys reading compliance documentation for fun. You'll spend your days explaining NIST frameworks to people who think "FedRAMP" sounds like a sick skateboard trick.
🛩 INDUSTRY MOVES
India's IT minister ditched Microsoft Office for Zoho and is urging 1.4 billion people to do the same in a push for "Swadeshi" (self-sufficiency) products. Microsoft's probably fine. Totally fine. Not worried at all.
OpenAI, Oracle, and SoftBank announced plans for five new Stargate AI data centers across the US as part of their $500 billion infrastructure project, because apparently half a trillion dollars is what it costs to make ChatGPT slightly less wrong.
Micron reports they're close to selling out their entire 2026 high-bandwidth memory supply, with gross margins jumping from 49% to 59%, proving that when AI needs memory, everyone pays premium prices.
Mobile apps for "vibe coding" are failing to gain traction despite unicorn valuations — turns out nobody wants to code on a phone screen when you can barely see your own typos before committing them to production.
Hey there, troubleshooters! Check out this week's community questions that prove IT pros are the only thing standing between humanity and a digital apocalypse:
A Win 10 Pro workstation is getting blocked from upgrading because the installer insists VirtualBox is installed (narrator: it's not). Time to exorcise some registry ghosts.
Someone Frankensteined together a script that's spitting out full distinguished names when they just need the OU path. Classic case of "it works, but not how I wanted."
Visual FoxPro strikes again with someone trying to programmatically name reports before printing. If you know VFP, you're either incredibly valuable or incredibly trapped. Possibly both.
And with that, we’re signing off (from Q3)! May your goals be vague and your wins retroactive.
Enjoyed the news? Discuss over on Experts Exchange.
Got news to share or topics you'd like us to cover? Send ‘em our way. We can’t wait to hear from you. Really.