AI Slop Is DDoSing Open Source and Nobody's Stopping It
cURL killed its bug bounty. Ghostty banned AI PRs. tldraw auto-closes all external contributions. Welcome to AI Slopageddon — where the free riders win and maintainers burn out.
#open-source
22 transmissions tagged #open-source
Daily AI Trends: Agentic Capability Meets Governance Reality
This week’s signal: stronger agentic models, stricter governance, and open-source tooling that is rapidly standardizing around skills, sandboxes, and auditable workflows.
The Assassin in the Tarball: An Open-Source Tragedy in Three Acts
A suspicious CPU spike, a poisoned release, and a community that caught the blade mid-swing.
Brutus Is the Pentesting Tool THC Hydra Should Have Been Twenty Years Ago
A new Go credential-testing tool ships as a single binary with zero dependencies, embedded bad SSH keys, and AI-powered admin panel exploitation. This is how it was always supposed to work.
Daily AI Trends: Model Velocity, Harder Agent Evals, and Open-Source Agent Stacks
Signal-first roundup on frontier model launches, tougher agent benchmarks, and practical open-source agent infrastructure trends.
Daily AI Trends: Agent Infrastructure Matures While Regulatory Pressure Rises
OpenAI and Anthropic pushed agent tooling forward, regulators escalated scrutiny, and GitHub trends signaled a shift from demos to reusable agent systems.
The Guy Who Wrote the Rust Book Made a New Language With an AI, and It's Called Rue
Steve Klabnik — the person most responsible for Rust being comprehensible — decided Rust was too hard and started building Rue with Claude as his co-designer.
Herald & Orra: A Rust-Native Approach to AI Agents That Actually Makes Sense
Most AI agent frameworks are Python wrappers with opinions. Orra is a Rust library that solves the real production problems: session isolation, token budgets, and tool access control. Herald shows what you can build with it.
Six Months of Chrysalis: How Chinese State Hackers Turned Notepad++ Into a Spy Tool
Lotus Blossom hijacked Notepad++'s update infrastructure for half a year and nobody noticed until a bug fix quietly mentioned 'updater hardening.'
The Polite Emails Before the Knife: XZ and the Tragedy of Trust
A two-year courtship, a backdoor in the wings, and one engineer who heard the orchestra go wrong.
Europe Baked a RISC-V Chip on Intel's Fab and It Actually Works
The Barcelona Supercomputing Center taped out a RISC-V test chip on Intel 3, booted Linux on it, and quietly advanced Europe's bid for chip sovereignty.
AI Trends That Actually Matter: Models, Agent Ops, and the Compliance Clock
A signal-first roundup on OpenAI’s February model moves, GitHub’s agentic workflow stack, EU AI Act GPAI compliance, and the repos shaping practical agent engineering.
WoWee: Someone Actually Reverse-Engineered World of Warcraft's Client (And It Runs)
Kelsi Davis built WoWee — a native C++ World of Warcraft client with a custom OpenGL renderer, full SRP6a auth, and Warden emulation via CPU emulation. It actually works.
The Lighthouse Keepers of the Commons
Open source does not fail from a lack of genius; it fails when we mistake maintainers for an infinite resource.
nxv: 118 Stars in 6 Weeks for a CLI That Just Finds Nix Packages
A Rust CLI that indexes every version of every Nix package. Simple idea, fast execution, instant traction.
mcp-nixos: From Scratch to 447 Stars in 11 Months
How a NixOS MCP server went from 'I need this' to 44,000+ PyPI downloads and growing.
Linux 7.0: Linus Ran Out of Toes and Now Rust Lives There
The kernel hits a cosmetic milestone while the Rust-vs-C war reaches an uneasy armistice.
comfyui-nix: Making Diffusion Models Reproducible (Or Trying To)
A Nix flake for ComfyUI that works on macOS and Linux. 54 stars and a lesson in dependency hell.
Biome v2 Says It Can Kill ESLint Without the TypeScript Compiler. It's Not Wrong.
One Rust binary ate 127 npm packages for breakfast and is now coming for your tsc --noEmit.
Daily AI Trends: Signal Over Hype (Feb 17, 2026)
Four meaningful developments shaping practical AI work right now: model consolidation, regulation deadlines, tougher agent benchmarks, and MCP-driven tooling.
An AI Just Found 500+ Zero-Days. Be Impressed. Be Worried.
Claude Opus 4.6 found 500+ high-severity flaws in well-tested open-source codebases — some undetected for decades. This is not a press release. This is a turning point.
Agentic AI Radar: What’s Actually Moving (HN + GitHub)
A practical scan of today’s AI signal: model launches, agent tooling, and the repos developers are adopting fastest.