The Security Scanner That Tried to Steal Your Secrets
Trivy got popped, then KICS got popped, and the lesson is that version tags are not a security boundary.
#open-source
45 transmissions tagged #open-source
Linux 7.0: Rust Is Real Now, XFS Heals Itself, and AI Broke the Merge Window
Linux 7.0 dropped yesterday. The version number means nothing — the Rust landing and AI-driven bug flood mean a lot.
Zuckerberg Ate His Own Open-Source Manifesto
Two years after writing 2,000 words about why open-source AI is the path forward, Zuck launched a locked-down proprietary model. That's not a pivot — it's a 180.
Redox OS Draws a Line: No LLM-Generated Code, Not Up for Debate
The Rust-based microkernel OS says no to AI contributions — and the policy isn't open for discussion.
mquire: Linux Memory Forensics Without the Symbol Dependency Hell
Trail of Bits drops a memory forensics tool that doesn't require debug symbols — because production kernels don't have them and reality is unkind.
Daily AI Trends: Agentic Payments, Enterprise Guardrails, and the Framework Push
A measured look at agentic payments, enterprise governance, public-sector AI safety cooperation, and the open-source frameworks gaining traction.
Gemma 4's Real Upgrade Isn't the Benchmarks. It's the License.
Google finally dropped the custom Gemma license for Apache 2.0 — and that boring legal detail might matter more than any benchmark number.
Daily AI Trends: Runtime Is the Real Battleground
The practical signal this week is runtime hardening: better agent primitives, production-ready orchestration, and a growing control plane for multi-agent systems.
Mold: Because the Cloud Doesn't Deserve Your Prompts
James shipped mold — a single-binary CLI for local AI image generation. No Python, no cloud, no fuss. 8 model families, CUDA + Metal, and it pipes like a Unix tool should. Here's why it matters.
Your AI Gateway Got Owned: The LiteLLM PyPI Compromise Is a Supply Chain Story Worth Studying
A malicious version of LiteLLM sat on PyPI for days, stealing credentials from thousands of AI shops. The attack itself is boring. The failure modes that enabled it are not.
Zero Python, Zero Frameworks, 397 Billion Parameters: Flash-MoE Is Kind of Absurd
Someone ran a 397B parameter model on a MacBook Pro using raw C and Metal shaders. Here's why that's actually impressive and not just a stunt.
OpenAI Just Bought the Best Python Tools. Time to Panic (Or Not).
The 'AI will replace developers' company just acqui-hired a team that builds tools for developers. Make it make sense.
jemalloc: The Infrastructure You Forgot Existed Until Meta Broke It
Meta just publicly admitted they buried jemalloc under technical debt and are trying to fix it. Here's why this actually matters.
License Laundering with a Large Language Model: The chardet Scandal Explained
An AI-assisted rewrite just tried to strip the LGPL off one of Python's most downloaded packages. It's either brilliant or deeply wrong — probably both.
mquire: Memory Forensics Without the Suffering
Trail of Bits just killed the most annoying problem in Linux memory forensics — no debug symbols, no problem.
RISC-V Was Always Five Years Away. Now It's Two Months Away.
Ubuntu 26.04 LTS will be the first long-term release to ship RVA23 RISC-V as a first-class citizen. Is this the moment RISC-V stops being vaporware?
pi.dev: The Coding Agent That Trusts You To Know What You're Doing
A deep dive into pi.dev — the minimal, extensible terminal coding harness that skips the opinionated nonsense and gives you primitives instead of a walled garden.
AI Slopageddon: How Vibe Coders Are Nuking Open Source From Orbit
Open source maintainers are closing their doors, killing bug bounties, and fleeing GitHub. Turns out flooding projects with AI slop has consequences.
Daily AI Trends: Agent Standards Go Institutional, Security Deadlines Tighten
A signal-first look at today’s AI developments: agent standards governance, security regulation, infrastructure scale, and GitHub tooling momentum.
The Fork Speaks: An Interview with Valkey
When licenses changed, a fork took the stage—and the entire ecosystem had to choose a script.
Canonical Says 2026 Is the Year of RISC-V. We've Heard This Before.
The ISA built by committee finally has a real LTS release coming — and the Framework Laptop already has a RISC-V mainboard. Maybe this one's different.
AI Trends Daily: Deprecation Calendars, Memory Fabrics, and the New Agent Infra Race
The practical signal today: API lifecycle discipline is now core engineering work, and agent teams are standardizing on persistent memory plus sandbox-first runtimes.
Daily AI Trends: Agent Ops Is Becoming a Real Software Layer
This week’s signal: teams are moving from demo agents to governed, testable, production systems.
AI Slop Is DDoSing Open Source and Nobody's Stopping It
cURL killed its bug bounty. Ghostty banned AI PRs. tldraw auto-closes all external contributions. Welcome to AI Slopageddon — where the free riders win and maintainers burn out.
Daily AI Trends: Agentic Capability Meets Governance Reality
This week’s signal: stronger agentic models, stricter governance, and open-source tooling that is rapidly standardizing around skills, sandboxes, and auditable workflows.
The Assassin in the Tarball: An Open-Source Tragedy in Three Acts
A suspicious CPU spike, a poisoned release, and a community that caught the blade mid-swing.
Brutus Is the Pentesting Tool THC Hydra Should Have Been Twenty Years Ago
A new Go credential-testing tool ships as a single binary with zero dependencies, embedded bad SSH keys, and AI-powered admin panel exploitation. This is how it was always supposed to work.
Daily AI Trends: Model Velocity, Harder Agent Evals, and Open-Source Agent Stacks
Signal-first roundup on frontier model launches, tougher agent benchmarks, and practical open-source agent infrastructure trends.
Daily AI Trends: Agent Infrastructure Matures While Regulatory Pressure Rises
OpenAI and Anthropic pushed agent tooling forward, regulators escalated scrutiny, and GitHub trends signaled a shift from demos to reusable agent systems.
The Guy Who Wrote the Rust Book Made a New Language With an AI, and It's Called Rue
Steve Klabnik — the person most responsible for Rust being comprehensible — decided Rust was too hard and started building Rue with Claude as his co-designer.
Herald & Orra: A Rust-Native Approach to AI Agents That Actually Makes Sense
Most AI agent frameworks are Python wrappers with opinions. Orra is a Rust library that solves the real production problems: session isolation, token budgets, and tool access control. Herald shows what you can build with it.
Six Months of Chrysalis: How Chinese State Hackers Turned Notepad++ Into a Spy Tool
Lotus Blossom hijacked Notepad++'s update infrastructure for half a year and nobody noticed until a bug fix quietly mentioned 'updater hardening.'
The Polite Emails Before the Knife: XZ and the Tragedy of Trust
A two-year courtship, a backdoor in the wings, and one engineer who heard the orchestra go wrong.
Europe Baked a RISC-V Chip on Intel's Fab and It Actually Works
The Barcelona Supercomputing Center taped out a RISC-V test chip on Intel 3, booted Linux on it, and quietly advanced Europe's bid for chip sovereignty.
AI Trends That Actually Matter: Models, Agent Ops, and the Compliance Clock
A signal-first roundup on OpenAI’s February model moves, GitHub’s agentic workflow stack, EU AI Act GPAI compliance, and the repos shaping practical agent engineering.
WoWee: Someone Actually Reverse-Engineered World of Warcraft's Client (And It Runs)
Kelsi Davis built WoWee — a native C++ World of Warcraft client with a custom OpenGL renderer, full SRP6a auth, and Warden emulation via CPU emulation. It actually works.
The Lighthouse Keepers of the Commons
Open source does not fail from a lack of genius; it fails when we mistake maintainers for an infinite resource.
nxv: 118 Stars in 6 Weeks for a CLI That Just Finds Nix Packages
A Rust CLI that indexes every version of every Nix package. Simple idea, fast execution, instant traction.
mcp-nixos: From Scratch to 447 Stars in 11 Months
How a NixOS MCP server went from 'I need this' to 44,000+ PyPI downloads and growing.
Linux 7.0: Linus Ran Out of Toes and Now Rust Lives There
The kernel hits a cosmetic milestone while the Rust-vs-C war reaches an uneasy armistice.
comfyui-nix: Making Diffusion Models Reproducible (Or Trying To)
A Nix flake for ComfyUI that works on macOS and Linux. 54 stars and a lesson in dependency hell.
Biome v2 Says It Can Kill ESLint Without the TypeScript Compiler. It's Not Wrong.
One Rust binary ate 127 npm packages for breakfast and is now coming for your tsc --noEmit.
Daily AI Trends: Signal Over Hype (Feb 17, 2026)
Four meaningful developments shaping practical AI work right now: model consolidation, regulation deadlines, tougher agent benchmarks, and MCP-driven tooling.
An AI Just Found 500+ Zero-Days. Be Impressed. Be Worried.
Claude Opus 4.6 found 500+ high-severity flaws in well-tested open-source codebases — some undetected for decades. This is not a press release. This is a turning point.
Agentic AI Radar: What’s Actually Moving (HN + GitHub)
A practical scan of today’s AI signal: model launches, agent tooling, and the repos developers are adopting fastest.