🦥 GitHub had a really bad week.

Hello friends!

Welcome to this week’s Sloth Bytes. I hope you had a great week.

Agents are desperate for ephemeral databases.

They spin up projects, fork environments, test ideas, and tear them down. Over and over. But every database on the market was designed for humans who provision once and stick around. Agents don't work that way.

Ghost is a database built for agents. Unlimited databases, unlimited forks, 1 TB of storage, and 100 compute hours per month. All free. Try it here.

Install the ghost MCP

hCaptcha is the leading privacy-first, bot management platform.

Define rules and monitor behavior to stop fraud and abuse with privacy-first, frictionless bot protection. 

From startups to the top online services and Fortune 100 enterprises, our systems stop bots and fraud without slowing down real users. 

Want to learn more? Book a demo today.

Like, historically bad.

1. A merge queue regression corrupted thousands of repos

On April 23, GitHub's merge queue caused squash merges to silently revert previously merged code. 658 repos and 2,092 pull requests were affected during a roughly 4-hour window.

There was no data loss: All commits remained stored in Git. However, the state of affected default branches was incorrect, and could not safely repair every repo affected.

The reason for this critical bug was they pushed a changed to an unreleased feature that was supposed to be gated behind a feature flag, so the broken code shipped to everyone. (We covered feature flags a while back if you’re curious.)

GitHub's automated monitoring didn't catch it at all. They found out about the bug through customer support tickets 3 and a half hours later, because the bug affected merge correctness, not availability.

2. A botnet attack took down search

On April 27, GitHub's Elasticsearch cluster got overloaded, most likely from a botnet attack. The result: PR lists, issue lists, and project views all went blank across the UI for hours. The underlying data was fine, but you couldn't see any of it. Down for over 4 hours.

3. Uptime has been overall bad…

A developer named Marek Šuppa built an unofficial status tracker that pulls directly from GitHub's own public status feed and uh… as of right now GitHub’s uptime is 85.51%.

For context, the industry standard for software infrastructure is 99.9% (yeah…)

Developers use this over the official page because GitHub's version plays tricks with the numbers. Things like search being broken, PRs not loading, or the platform running slow get classified as "Degraded Performance" and count as zero downtime.

So it’s technically up, but practically unusable. The unofficial tracker just counts it all, which is what actually matters when you're trying to ship code.

It’s gotten so bad, GitHub's CTO published a public apology for these incidents and uptime issues. They say the reason behind the uptime issues is because agentic AI workflows has pushed GitHub well past its designed limits. They originally planned for 10x capacity growth. By February they realized they need 30x.

In response, GitHub updated how they report incidents.

There's now a three-tier system: Degraded Performance, Partial Outage, and Major Outage. They're also publishing per-service uptime percentages on the status page.

Warp, the Rust-built terminal with built-in AI, autocomplete, and support for running Claude Code, Codex, and Gemini CLI directly inside it, is now open source under AGPL v3.

The source code is live at github.com/warpdotdev/warp and hit around 26,000 stars within hours of going public.

For years the biggest community complaint was that it was closed source and required a login. Not a great look for something as fundamental as your terminal.

That complain is now gone.

There is some interesting things about it though:

Warp's cloud agent orchestration platform Oz, stays closed. They need a way to make money after all!

AI agents will handle the implementation, and humans verify the outcomes.

You can even view the status of every bot working on an issue right now.

Who knows if handling contributions this way will work. If it does, this might be the new way of doing open source.

If you avoided Warp before, now's a reasonable time to give it another look.

Quick one but worth mentioning before it catches you off guard.

Node.js 24.15.0 LTS dropped last week with some genuinely useful updates:

More urgently: Node.js 20 LTS reaches end of life on April 30, 2026. After that, Node 20 gets no more security patches. If you're running 20 in production, upgrading to 22 (supported until April 2027) or 24 (supported until April 2028) should be on your radar this week.

Rust 1.95.0 released - ships the new cfg_select! macro (replaces the cfg-if crate for platform-specific code), if let guards in match, and a batch of stabilized APIs. Embedded devs should note: custom JSON target specs are now behind -Z unstable-options on stable. Run rustup update stable.

Building a $1 handheld game console in Rust - Chris Dell built a working side-scrolling game on a CH32V003 microcontroller: a 32-bit RISC-V chip that costs $0.09 in bulk, with 2KB of RAM and 16KB of flash. Great read if you're curious about embedded Rust or just want to feel humbled by how much you can do with basically nothing.

How I made my vector search engine 16x faster without changing the algorithm - Kartikay Dubey took his C++ vector search engine from 25ms to 1.5ms query latency without touching the underlying Vamana algorithm at all. A really clean illustration of why Big-O is only part of the performance story.

Claude Desktop and the browser bridge controversy - Worth reading if you use Claude Desktop on macOS. A researcher found that installing it drops a Native Messaging manifest into multiple Chromium browsers, including ones you haven't installed yet, without asking.

GitHub App installation token format change - if you maintain GitHub Apps or auth middleware that validates installation tokens, the format is changing and your length-based checks will break. Heads-up for anyone doing token validation.

Supabase pg-delta + declarative schema workflow - Supabase CLI now ships pg-delta for generating schema diffs between local and remote Postgres databases, plus a declarative workflow where you define what your schema should look like and the CLI handles the migration.

VoxCPM - free, open source TTS with voice cloning - a 2B parameter text-to-speech model from OpenBMB that skips tokenization entirely and generates speech directly through a diffusion architecture. Apache 2.0 licensed, weights on HuggingFace. Genuinely impressive for a free self-hosted option.

TinyFish Cookbook - a collection of open-source sample apps built with the TinyFish web agent API. Think of it as "recipes for making AI agents do stuff on the web", there are examples for parallel web scraping, project idea validation, inventory search across 15+ retailers. Good starting point if you're learning how to build agentic workflows that interact with real websites.

Omnilingual ASR - speech recognition for 1600+ languages - Meta's open source speech recognition system covering over 1,600 languages, including 500+ that no ASR system has ever supported before. New languages can be added with just a few example recordings. The scale of this is kind of remarkable when you think about it.

SQL Squid Game learn SQL by playing a game instead of reading docs. You run queries to complete missions, unlock new levels, and actually understand what you're doing because there's a reason to do it. Great for beginners picking up SQL or experienced devs who want to get sharper at it without it feeling like homework.

That’s all from me!

Have a great week, be safe, make good choices, and have fun coding.

If I made a mistake or you have any questions, feel free to comment below or reply to the email!

See you all next week.

If your company is interested in reaching an audience of developers and programming enthusiasts, you may want to advertise with us here.