Engineering.
// frameworks · infrastructure · tooling · languages
Languages, frameworks, runtimes, build tools, infra, observability, and the security CVEs that ship on a Tuesday. Written for the on-call engineer.
Deno adds desktop runtime in 1.34 release
Deno 1.34 ships a desktop runtime that lets developers build native‑style cross‑platform apps with JavaScript, TypeScript or WebAssembly, offering a lighter, more secure alternative to Electron.
36gb memory leak in claude code server
A 36GB RSS leak in a Claude Code memory server was caused by sql.js's in-memory filesystem retaining a full copy of each 11MB database per request, exposing Node's GC limits for native buffers [DevTo].
Dockerfile Builder creates production‑grade Dockerfiles in the browser
Dockerfile Builder is a free, client‑side web app that generates multi‑stage, non‑root, health‑checked Dockerfiles for common runtimes, embedding OWASP‑aligned comments without uploading code.
5 cookie tricks for chrome auth debugging
CookieJar and Chrome DevTools enable editing, exporting, and importing session cookies, reducing test account creation and cookie clearing time [Dev.to].
Google reaches 50% IPv6 traffic
Google reports that half of its global traffic now runs over IPv6, a clear sign that the newer protocol is moving from niche to mainstream. The milestone underscores the urgency of IPv6 support for any large‑scale internet service.
Forward-deployed engineers surge at OpenAI, Google Cloud
OpenAI and Google Cloud scale forward-deployed engineer teams, with OpenAI expanding from two to over ten engineers and Google Cloud opening 59 positions, as the role surges across AI firms in 2025-2026 [Dev.to] [The New Stack].
Cloudflare launches SOCKMAP, a new TCP splicing mechanism
Cloudflare unveiled SOCKMAP, a kernel‑level TCP splicing feature that cuts latency and streamlines connection handling for high‑performance networking stacks. The code is open for testing and review.
Connecting an MCP server gives your agent hands, and a stranger a way in
Linking an MCP server lets an LLM‑driven agent call APIs and read files, but it also opens a two‑fold attack surface: malicious commands and poisoned data. The article shows concrete mitigations and why sandbox settings alone aren’t enough.
Sergey's guide to reliable sync engines for SaaS
Sergey's dev.to guide breaks down patterns for keeping data consistent across bookings, payments, messages, and inventory integrations, using the PMS.Rent case study [Dev.to].
FinView: Claude Code powers Finviz alternative with EODHD API
FinView is an open-source dashboard that replicates Finviz features using Claude Code and the EODHD API. The project combines Anthropic's Claude Code for rapid UI generation with a single EODHD data feed [Dev.to].
Satellite data shows GPS signal tampering is far more widespread
A newly launched monitoring satellite has mapped GPS interference across multiple continents, confirming that tampering is a global security issue for navigation‑dependent systems. The findings force a rethink of how critical infrastructure protects against signal disruption.
Shadcn/ui beats MUI on bundle size
Shadcn/ui delivers zero-runtime styling and a 90 KB bundle, while Material UI brings 90+ prebuilt components and a 7.3 M weekly npm download count at the cost of an Emotion runtime [Dev.to]
oci dr environments: managed service gaps
Oracle Cloud Infrastructure's Full Stack DR automates failover but leaves application stacks untouched, creating blindspots. A dual-pipeline fix can address ten concrete gaps, including database patches and configuration drift [DevTo][Oracle Docs].
Lock down a VPS in 45 minutes
Mustafa Erbay's checklist secures a fresh VPS with SSH keys, a minimal firewall, and automated updates, reducing the attack surface by 80% [Dev.to].
Bevy 0.19 released with performance upgrades and breaking changes
Bevy 0.19 arrives with major performance tweaks, broader platform support, and a set of breaking API changes that developers need to address, according to the official Bevy announcement on June 19, 2026.
Claude Code automates WordPress release tasks
A solo WordPress plugin author uses Claude Code to automate version checks, changelog drafting, and translation diffing, cutting mental context switches and shaving minutes off each release cycle [DevTo].
E2e test mailgun email workflows with playwright
Combine Mailgun's live domain with ZeroDrop's disposable inbox to run automated email verification tests in Playwright on GitHub Actions, as shown in a step-by-step guide published on DevTo [DevTo].
Tigera launches Lynx for Kubernetes AI agents
Tigera's Lynx is a unified control plane that secures and audits Kubernetes-native AI agents without requiring code changes, integrating with existing identity providers and observability stacks [Dev.to][Tigera Blog].
I stopped trusting backlog.md
A solo developer found his backlog.md out of sync with the Dev.to API, switching to a scripted state check and Counterpart Toolkit rules to keep docs fresh [Dev.to].
Constantant's openapi-resource-gen trims Angular API bundles
Constantant's openapi-resource-gen, an Nx generator, creates typed InjectionTokens from OpenAPI specs for Angular 22+ projects, enabling file-level tree-shaking [DevTo][GitHub].
Project Valhalla lands in JDK 28 with value types
JDK 28 brings Project Valhalla’s value types, letting developers define custom primitive-like classes to boost Java performance and scalability.
Faiz Ullah's 30,000-line React marketplace
Faiz Ullah shares lessons from building a React multi-vendor marketplace with separate authentication systems and Firestore's real-time listeners for live messaging [devto]
Let's Encrypt renewal errors affect many certificates today
Let's Encrypt reported errors that halted many certificate renewals today, according to its status page. The incident underscores the need for reliable renewal monitoring.
MERN to Next.js: 30% faster page loads
A full-stack engineer migrated three production web apps from MERN to Next.js, cutting page-load times by 30% and solving SEO issues [DevTo].
Astro, Airtable, and Cloudflare for local directory sites
A developer built three directory sites using Astro, Airtable, and Cloudflare, achieving sub-second page loads and low costs [Dev.to]
Exposed a .env secret on GitHub
Exposing secrets in a public GitHub repository requires immediate action, including rotating credentials and cleaning repository history [devto].
10,000 github repos distribute trojan-laden zip archives
A researcher found 10,000 GitHub repositories hosting zip archives with Trojan payloads, evading GitHub's automated security scans by repeatedly deleting and recreating commits [DevTo].
Microsoft's new Outlook adds 10‑second delay versus Outlook Classic
The latest Windows version of Outlook introduces a performance regression, with common tasks taking up to 10 seconds compared to the instant response of Outlook Classic, raising concerns about productivity and competitiveness.
AMD removes memory encryption from consumer Ryzen CPUs
AMD's latest AGESA firmware update disables Secure Memory Encryption on consumer Ryzen processors without public notice, leaving systems without that protection. AMD engineers have not commented on the change.
Valve releases SteamOS Linux 3.8 stable
Valve made SteamOS Linux 3.8 available as a stable release on June 18, 2026, giving developers a production‑ready Linux base for Steam games.
Reverse‑engineered bike Bluetooth streams Google Maps to the dash
A developer decoded Suzuki’s proprietary Bluetooth protocol and released an Android app that forwards Google Maps directions to the instrument cluster, exposing telemetry and breaking OEM lock‑in.
Adam launches as open-source AI CAD tool
Adam, an AI‑driven CAD platform backed by Y Combinator, is now available on GitHub. The open‑source project gives engineers a community‑maintained alternative to proprietary design software.
Ribbie.tv launches 8-bit live baseball gamecast
Ribbie.tv introduces an 8-bit live gamecast for baseball with retro-style graphics, available on their website as of June 17, 2026 [hn-front].
Xan 0.9.0 adds terminal data visualization
Xan's markdown-driven cookbook generates ANSI-based charts with sub-second latency on modern laptops, as documented in the `dataviz.md` file [GitHub Docs].
Epic Games launches Lore version‑control system
Epic Games has released Lore, a new version‑control platform aimed at streamlining code management. The service is live at lore.org and positions the company against established tools like Git.
R core team wins €100,000 Rousseeuw Prize
The R Core team received the 2026 Rousseeuw Prize for Statistics, a €100,000 award, for their decade-long stewardship of the R language and ecosystem [Rousseeuw Prize].
IIS servers vulnerable to jail time
IIS servers are vulnerable to exploitation, with potential consequences including jail time for those who engage in such activities [hn-front]
Wolfram Language and Mathematica version 15 adds LLM functions and performance boosts
Wolfram Research launched version 15 of the Wolfram Language and Mathematica on June 16, 2026. The release adds over 70 AI‑enabled primitives, a new LLM integration layer, and measurable speed gains in symbolic computation.
Pluks simplifies copy-paste to one step
Pluks, built in Rust and Tauri, simplifies copy-paste by automatically copying selected text, using the PRIMARY selection buffer on Linux, Accessibility API on macOS, and clipboard and focus APIs on Windows [devto]
GrapheneOS ports to Android 17, stable releases slated for Q4 2026
GrapheneOS has merged Android 17 (API 35) into its codebase, released nightly builds for Pixel 8 and Pixel 8 Pro, and aims for stable releases in Q4 2026 after a month‑long beta.
15 security questions for vibe coding with generative AI
A dev.to post outlines 15 concrete security questions for developers who rely on generative AI, targeting projects that handle authentication, payments, and user data [Dev.to].
Fastapi + Nuxt + Web3 boilerplate ships
Peter Jung released PyNuxt, a Docker-first starter kit that bundles a typed FastAPI backend, a fully typed Nuxt frontend, and ready-to-use Web3 tooling with Stripe, SendGrid, Twilio, Datadog, PostHog, and Terraform configs for DigitalOcean [Dev.to][PyNuxt Site].
GigaNodes deploys Cloudflare Magic Transit
GigaNodes integrated Cloudflare Magic Transit across its Noida network, handling a 1.7 Tbps DDoS attack without downtime and gaining latency benefits from Cloudflare's peering [Dev.to].
Microsoft x86 emulator patches critical bug at runtime
Microsoft’s x86 emulator team deployed a runtime patch that detects and corrects a critical bug in emulated code, avoiding user crashes and proving that x86 can run on ARM with minimal overhead.
Isar Aerospace mission delayed again, pushing satellite launch timelines
Isar Aerospace’s flagship launch has been scrubbed a second time, citing insufficient flight experience despite ample funding. The postponement forces satellite operators to revise their deployment schedules.
Vibe coding vs spec coding: refund feature built twice
A Dev.to case study compares AI-generated 'vibe' code with a spec-driven approach for an order-refund endpoint, showing dramatically different bug counts and time-to-stable.
LinkedIn job offer flow contains backdoor vulnerability
A researcher uncovered a backdoor in LinkedIn's job‑offer API that lets attackers bypass validation and pull user data, a flaw confirmed by LinkedIn’s own security advisory.
Typst 0.15.0 adds new features and performance tweaks
Typst 0.15.0 adds new documentation and typesetting features plus performance tweaks, according to the official changelog [hn-front]. The update is now available for developers and product teams.
WireGuard config moves to systemd-networkd
A dev.to guide shows how to replace wg-quick with native systemd-networkd units on Debian 12 and Ubuntu 22.04/24.04, delivering a fully declarative VPN setup [Dev.to].
Iroh 1.0 released, offering a stable open‑source dev tool
Iroh hits version 1.0, delivering a stable release with new commands, performance tweaks and expanded documentation, as announced by founder chadfowler on the project’s blog.
Bruno CLI vs Apidog CLI: automated API testing in CI
Bruno CLI reads tests from version‑controlled .bru files, while Apidog CLI pulls visually authored scenarios via an access token. Both run headlessly and output JUnit, JSON or HTML reports, but they fit different CI workflows.
Curl maintainer pauses vulnerability reporting for July 2026
Curl maintainer Daniel Stenberg announced that the project will not accept any vulnerability reports during July 2026, citing a need for a break. Engineers must defer reports until the policy resumes in August.
ChromaDB 1.0 forces new Helm values
ChromaDB 1.0.0's Rust rewrite removed the chromadb.auth block and made persistence mandatory, prompting a production-ready Helm values.yaml that pins version 1.0.5 and updates resource requests [DevTo][GitHub Releases].
Windows 11 update forces Microsoft accounts, breaking enterprise imaging
The June 12, 2026 Windows 11 22H2.2 update makes a Microsoft account mandatory for Store, OneDrive and Settings sync, causing imaging tools like MDT and SCCM to fail and adding 15‑minute per‑device deployment delays for many enterprises.
Kobo and Adobe clash on ePub rendering, analysis shows
A recent analysis finds Adobe's ePub renderer diverges from the EPUB 3 spec on font‑size and margin handling, producing layout differences that force developers to double‑test on Kobo devices.
Linux 7.1 kernel adds AMD, Intel CPU support and new drivers
Linux 7.1 arrives with expanded AMD and Intel CPU support, refreshed networking stacks, and updated drivers for recent hardware, while fixing a slate of bugs and security issues, according to the Linux Kernel Mailing List.
Kage packages any website into a single offline binary
Kage lets developers turn a live website into a self‑contained binary that serves the site locally, simplifying offline distribution of static content. The tool is open‑source on GitHub.
Netra Security launches Python SAST tool
Netra Security, a student-led open-source project, releases a Python static analysis engine that detects seven critical vulnerability patterns using AST inspection, offering a lightweight alternative to enterprise scanners [DevTo].
AWS VPC IPAM adds cross-account pools, per-IP hourly billing
AWS introduced an Advanced Tier for VPC IP Address Manager, featuring cross-account pools and per-IP hourly billing at $0.001 per active IP-hour [AWS Blog]. This change helps large organizations manage IP addresses while reducing costs from idle public IPv4s.
Phoenix LiveView 1.2 released with new APIs and performance tweaks
Phoenix Framework announced LiveView 1.2, adding state‑management APIs, tighter PubSub integration and rendering optimizations that cut latency for Elixir real‑time apps.
ReactOS runs Half‑Life with 3D acceleration on real hardware
ReactOS, the open‑source Windows binary‑compatible OS, now runs Half‑Life with hardware‑accelerated 3D graphics on a physical PC, confirming its driver stack and kernel are mature enough for demanding games.
Go struct embedding differs from class inheritance
Gabriel Anhaia's article on dev.to breaks down Go's struct embedding, highlighting differences from class inheritance and common pitfalls [Dev.to].
Debugging silent pandas pipeline failures with dframe-trace
Vimal Nakrani's dframe-trace records every pandas operation, helping pinpoint where rows disappear or nulls appear [Dev.to]. The tool patches common DataFrame methods, logging before/after snapshots of row count, column list, null totals, and dtype changes [GitHub].
Google launches low‑carbon edge‑compute platform using retired phones
Google Research unveiled a platform that repurposes retired smartphones as edge‑compute nodes, cutting e‑waste and reducing the carbon intensity of typical cloud workloads.
Unity devs: stop starving your frame rate
Unity games suffer from GC-induced frame drops despite Burst, DOTS, and modern C# memory APIs. Using Span<T>, Memory<T>, and ArrayPool<T> can cut allocations and keep the main thread smooth [DevTo].
Don't mutate CommandText in EF Core interceptors
A year-long bug in a debugging dashboard mutated SQL strings via an EF Core interceptor, crashing SQLite and polluting query logs. The author fixed it by using EF Core's built-in timing data and a CommandId-based state store [DevTo].
Udemy videos pause on macOS with Chrome hardware acceleration
Disabling Chrome's hardware acceleration resolves Udemy video stutter on macOS, as shown in a Dev.to guide [DevTo].
Zig powers a Game Boy Advance game
Developer jonot released a fully functional Game Boy Advance title built with Zig 0.12.0, demonstrating the language’s low-level capabilities on legacy hardware [Lobsters].
.net 11 vs .net 10: 11% throughput lift on 110k-mau saas
Kirandeep Jassal benchmarked .net 10 lts and .net 11 preview on a 110k-mau analytics saas, finding an 11% throughput lift for .net 10 and modest gains for the preview [DevTo]
128mb local-first desktop ai agent
The ERTH stack combines ElectroBun, Robyn, Turso, and HTMX into a 128MB binary, achieving launch times under 200ms and 0.1ms latency on a typical SSD [DevTo][GitHub].
Erm: CLI that strips filler words from audio recordings
Doug Calobrisi’s open‑source Erm CLI removes filler words like “um” and “uh” from audio files, streamlining speech cleanup in development pipelines.
Software development as a philosophical act
Marco Sbragi argues that treating software engineering as a philosophical practice is essential to stay relevant as AI code generators become commonplace, citing his experience with a zero-dependency project built on Google's Gemma models [Dev.to].
Laravel config backup breaks on server move fixed with password-protected archive
The laravel-config-backup package now stores plaintext inside a password-encrypted AES-256 ZIP, re-encrypting with the new APP_KEY on restore, solving the DecryptException issue when moving servers [DevTo].
Waymo launches Premier service tier for autonomous fleets
Waymo rolls out Premier, a new tier that adds higher‑definition maps and dedicated fleet‑ops tools for autonomous vehicle operators, according to the company blog.
Zed.dev launches DeltaDB, a version‑aware data store
Zed.dev released DeltaDB, a data store that records and queries changes between commits, letting CI and data pipelines run only the work required for the specific changes.
Solar output tops coal in US for first time
The U.S. Energy Information Administration reported 210 TWh of solar electricity versus 209 TWh of coal in 2025, a 0.5% margin [EIA].
Xiaomi open-sources MiMo Code platform
Xiaomi has published the MiMo Code low‑code development platform under an open‑source license, giving developers full access to its IDE, project‑management tools, and collaboration features.
macOS 27 Golden Gate removes icons from menu items
Apple’s macOS 27 Golden Gate update strips icons from all menu items, ending a long‑standing UI convention and forcing developers to redesign their menus for text‑only clarity [Daring Fireball].
Zero-upload PDF editor beats $108/yr paywalls
PDF Pro Compress launches as a browser-only PDF tool that compiles pdf-lib and custom C++ compressors to a 2 MB WebAssembly module, cutting processing time to 1.2 s for a 10 MB file [Dev.to].
GeoLibre 1.0 released with full‑stack geospatial toolkit
GeoLibre 1.0 arrives as an MIT‑licensed open‑source library that adds format support, spatial indexing and geometry operations, plus Python and JavaScript bindings for fast mapping services.
Mirza Iqbal shares private work publicly
Mirza Iqbal stores years of engineering output in a private folder, but now shares snippets publicly, arguing visibility drives career opportunities [Dev.to].
πFS open-source filesystem released on GitHub
Philip Langdale has released πFS, a new open-source filesystem, on GitHub. The project earned 522 upvotes on Hacker News within days of its launch, signaling strong developer interest.
DreamHost shuts down Mailman service, exposing security gaps
DreamHost will retire its hosted Mailman 3.3.5 service on July 31, 2026, forcing thousands of mailing lists to migrate and highlighting the privacy and threat-detection shortcomings of legacy list software [DreamHost Blog] [DevTo].
Kashish Singh's Express + TypeScript backend guide
Kashish Singh posted a dev.to tutorial on building a production-ready Express API using async-handler HOCs, TypeScript declaration merging, and Zod-driven validation [DevTo].
React compiler rewritten in Rust, PR opens for review
A pull request authored by boudra rewrites the React compiler in Rust, replacing the JavaScript implementation and targeting API compatibility. The PR is under review on GitHub.
Microsoft patches zero‑day flaw disclosed by researcher Nightmare Eclipse
Microsoft issued a critical Windows update on June 9 2026 that closes a zero‑day vulnerability disclosed by independent researcher Nightmare Eclipse, and appears to fix a second zero‑day as well.
Ocaml runtime translated from C to Rust, now available
A community project has produced a line‑by‑line Rust rewrite of the OCaml runtime, giving engineers a side‑by‑side view of C versus Rust implementations.
Chrome blocks uBlock Origin bypasses, Edge and Opera to follow
Chrome will block all uBlock Origin bypasses, and Microsoft Edge and Opera plan to implement the same restriction, affecting ad‑blocking extensions and user privacy.
Neometrix head-impact test rig standardizes HIC calculation
Neometrix's head-impact test rig implements SAE J211 channel-class filtering and automated HIC reporting, giving engineers a repeatable path to compliance with ECE 22.06 and FMVSS 208 [Neometrix][Dev.to].
Apple releases macOS Container Machines, a native Linux container runtime
Apple published its first public spec for macOS Container Machines, a native runtime that runs Linux containers directly on macOS using the hypervisor framework. The spec targets Apple Silicon and promises faster CI/CD and a free alternative to Docker Desktop.
Blocking asn 12345 from sites
Dracos's guide shows how to block asn 12345 using Nginx, iptables, and Cloudflare, reducing malicious traffic by 32% [Dracos Blog][Cloudflare Docs].
GitGuardian NHI governance expands with single dashboard
GitGuardian's NHI Governance platform now integrates with major secret stores, cloud providers, and SaaS platforms, offering a unified view of machine identities and automatic risk scoring based on OWASP's Top 10 for NHIs.
Hackers stole AI developers' passwords via Microsoft open‑source tools
A breach of Microsoft’s open‑source AI tooling exposed thousands of developer passwords, forcing a mass reset and raising questions about the security of community‑maintained software.
Php cURL timeout errors: connecttimeout vs timeout
Php's CURLOPT_CONNECTTIMEOUT and CURLOPT_TIMEOUT settings serve different purposes and must be set to ensure application responsiveness
CSV Graph charts CSV files without Excel
CSV Graph, a browser-based tool, lets engineers upload a CSV and export line, bar, or scatter charts as PNG or SVG without opening a spreadsheet, as described on Dev.to [Dev.to].
Scarab field test #019 fixes Docker Compose variable discovery boundary
Scarab Systems merged a patch that separates variable discovery from runtime validation in Docker Compose, eliminating false IP errors on templated fields and adding regression tests for typed port fields.
Performative-UI: Vorpus’s open‑source React component library of design tropes
Vorpus has open‑sourced Performative-UI, a React library that bundles a curated set of design tropes. The repo on GitHub offers ready‑made components, a test suite and a contribution path for developers.
Cypherpunk Library launches with open-source cryptography toolkit
The Cypherpunk Library, announced on Hacker News, provides engineers with a ready‑made set of encryption, signature and secure‑communication primitives. The codebase is hosted at cypherpunkbooks.com and released under an open‑source licence.
Disclosure lag worsens after 1,000 data breaches
Troy Hunt’s review of 1,000 breaches shows the average time to public disclosure is climbing, forcing security teams to rethink response and compliance processes.
NASA astronauts will wear Prada‑designed LCVG under AxEMU suits
Axiom Space and Prada have built a liquid‑cooling base layer for NASA’s AxEMU spacesuit, slated for the Artemis IV mission. The garment circulates chilled water and adds a backup ventilation loop for extra safety.
Linear's speed dissected in a technical breakdown
A performance.dev analysis shows how Linear’s caching, incremental loading and rendering pipeline combine to keep UI updates under a second. The piece offers concrete data points that engineers can copy into their own stacks.
Devo builds real‑time data engine to protect US Air Force networks
Devo’s HyperStream engine, created by self‑taught chemist Pedro Castillo, replaces traditional indexing with a schema‑on‑read approach and is being deployed in the US Air Force’s networks under a $9.5 million contract.
TradeWeave connects Indian artisans to retailers
Deeraj Kumar built TradeWeave, a B2B/B2C fashion marketplace, in a week with vanilla HTML, CSS, and JavaScript, using GitHub Copilot for development shortcuts [DevTo].
Drumaio: free drum practice app with metronome and notation
WTW.E launched Drumaio, a free ad-free app that lets drummers edit patterns, view VexFlow notation, loop sections and sync backing tracks, all on web and mobile [Dev.to].
Valve's GameNetworkingSockets P2P bug lingers two months
A critical bug in Valve's GameNetworkingSockets P2P layer, reported on April 2 2026, remains open as of June 7 2026 with no official comment, forcing developers to seek workarounds.
IOCCC 2025 winners announced for 29th contest
The International Obfuscated C Code Contest has released its 2025 winners, highlighting top entries in categories such as Best Abuse of the Preprocessor and Best Use of #ifdef. The results underscore C’s flexibility and the community’s dedication to creative coding.
DevOps micro internship week 0: fundamentals over hype
Oluwagbade Odimayo's week-0 recap of the DevOps Micro Internship covers packet switching, IPv4/IPv6 address space, DNS resolution, and tiered application design, emphasizing the importance of fundamentals in DevOps work [IANA] [Cloudflare DNS].
Meta confirms thousands of Instagram accounts hacked via AI chatbot
Meta said hackers exploited a vulnerability in its Instagram AI chatbot to compromise thousands of accounts, and the company is rolling out fixes and security measures to prevent future abuse.
Treehouse gives each Git worktree a stable ID for isolated dev setups
Treehouse, an open‑source CLI, assigns a persistent numeric identifier to every Git worktree, letting developers derive ports, database names and other settings per worktree. The tool eliminates configuration clashes when running multiple services locally.
Ntsc-rs adds open‑source analog TV and VHS emulation for Rust
The ntsc-rs Rust crate provides real‑time emulation of analog TV and VHS artifacts, letting developers embed vintage distortion into digital video pipelines. The library ships with presets, full source on GitHub, and a permissive MIT license.
Linux kernel proposes new system call to replace fork/exec
A patch set adds a single system call that merges fork() and execve() into one step, promising lower latency and memory use for process creation.
Next.js source map provenance break identified in field test
Scarab Systems’ field test #012 shows that production browser source maps lose original client content during Turbopack composition when the React Compiler is enabled, and proposes a narrow fix.
Google pays SpaceX $920 M monthly for compute resources
Google will pay SpaceX $920 million each month for access to its satellite‑based compute platform under a multi‑year agreement, marking a new benchmark for space‑borne cloud services.
Arlo discord bot refactored to modular javascript
Arul Nova refactors Arlo, a Discord bot for the Nova Archives writer community, into a modular JavaScript codebase with threaded report logs and a functional availability toggle
Brix Mavu's 5 principles for software engineer survival
Brix Mavu posted a dev.to article on June 6, 2026, outlining five principles for keeping engineering teams functional amid rapid change, including a 90-second rollback plan and quarterly removal of legacy rules [Dev.to].
SaaS site boosts AI-driven search traffic
A LATAM SaaS platform rewrote its SEO pipeline in four phases, adding JSON-LD, hreflang, llms.txt, IndexNow pings, and static HTML snapshots to capture AI-driven search traffic [DevTo].
Microsoft open sources pg_durable PostgreSQL extension
Microsoft has released pg_durable, an open‑source PostgreSQL extension that adds durable, in‑database execution for workflow orchestration. The code is available on GitHub for anyone to integrate into their PostgreSQL deployments.
68% of engineers document for Claude, not teammates
A Plover blog post reports that 68% of surveyed engineers write documentation primarily for Anthropic's Claude, while only 31% do so for human teammates, raising concerns about knowledge transfer and code health [Plover Blog].
Codename One switches to Metal by default
Codename One made ios.metal true by default, introduced a redesigned Build Cloud console, and switched to a short-form weekly release post, affecting rendering, debugging, and core APIs [Dev.to].
Researchers identify powerful GNSS interference source over Europe
An arXiv paper published June 5, 2026 maps a high‑power GNSS jammer in central Europe, quantifies its impact on aviation and maritime navigation, and evaluates mitigation techniques.
Azure Linux 4.0: Microsoft’s first general‑purpose Linux image
Microsoft released Azure Linux 4.0 on June 5, 2026, a free, general‑purpose Linux image built on kernel 6.6 LTS and tightly integrated with Azure services, giving customers a native OS option for diverse workloads.
Alibaba releases Open Code Review, an AI‑powered CLI tool
Alibaba has open‑sourced Open Code Review, an AI‑powered CLI that automates code quality checks. The tool, now on GitHub, supports Java, Python and JavaScript and integrates with CI/CD pipelines.
Meta adds ADB support to legacy Portal smart displays
Meta announced that Android Debug Bridge is now available on deprecated Portal, Portal Mini and Portal+ devices, giving engineers a standard debugging interface for the smart‑display line.
Anthropic releases open-source AI framework for vulnerability discovery
Anthropic has open-sourced a framework that uses large language models to automatically find software vulnerabilities. The code is on GitHub as of June 4 2026.
Kevin O'Leary halves Utah data center plan
After pressure from residents, Kevin O'Leary will cut his 40,000-acre Project Stratos data center in Utah by 19,430 acres and add water‑saving technology.
Cloudflare acquires VoidZero to boost edge security
Cloudflare announced the acquisition of VoidZero, adding its edge‑computing technology to the Cloudflare platform to improve security and performance for customers.
AWS Proton deprecated, ECS teams must migrate by Oct 7
AWS will shut down Proton on October 7, 2026. Existing ECS workloads keep running, but teams must replace Proton with Terraform, Fortem, or other tooling within four months.
Gst: unified read-only Git state view
Gst bundles branch status, staged changes, work-tree diffs, stashes, and the commit graph into a single terminal dashboard without mutating the repository [DevTo][GitHub].
Gooey: GPU-accelerated UI framework for Zig
Gooey, an open‑source UI library that pushes rendering to the GPU, is now available on GitHub for the Zig language. The initial release includes a core engine, basic widgets, and documentation, and has already drawn attention on Hacker News.
Elixir 1.20 released with gradual typing
Elixir 1.20 adds opt‑in gradual typing, performance tweaks and bug fixes, according to the official Elixir blog. The new type system lets developers annotate functions and catch mismatches at compile time.
Sfo takeoff path mapped on ceiling
A homeowner in the San Francisco International Airport take-off corridor built a DIY ceiling projector using a Raspberry Pi, a fisheye lens, and custom software to display live aircraft silhouettes as they fly overhead
CAP theorem guide published
Abdullah Bajwa's 2,500-word guide to the CAP theorem on dev.to maps MySQL, Cassandra, and Riak to CA, CP, and AP categories, highlighting trade-offs [DevTo].
Pluto.jl 1.0 launches with faster reactivity and built‑in package manager
Pluto.jl 1.0, the first stable 1.x release, adds real‑time dependency tracking, a built‑in package manager, and a streamlined UI, giving Julia developers a more responsive notebook environment.
NPI Registry API adds enriched provider data
The NPI Registry API returns Medicare, PECOS, and LEIE flags in a consistent JSON payload, letting engineers build credentialing and provider-directory tools without hitting CMS rate limits [DevTo].
CodeFootprint: offline file change tracker
CodeFootprint, a Mac app, records file edits, deletions, and timelines without a network connection, available on the Mac App Store with full local privacy [devto].
Nvidia GPU VRAM used as Linux swap space
The nbd-vram project lets Linux users mount Nvidia GPU VRAM as a swap device, offering a fast‑memory alternative for RAM‑starved systems.
Dev.to publishes curated list of modern software testing guides
Antoine Dubois' article on Dev.to aggregates 12 practical guides on AI agent testing, shadow-DOM automation, and ROI modeling for QA teams [Dev.to].
Microsoft Build 2026 unveils AI models, Windows 11 updates, and Surface Laptop Ultra with Nvidia RTX Spark
At Build 2026, Microsoft announced new AI models for Azure, a Copilot super‑app, major Windows 11 enhancements, and a Surface Laptop Ultra powered by Nvidia's RTX Spark GPU.
Silpheed's 1985 pseudo-3D engine
Silpheed's 1985 debut on the NEC PC-8801 pioneered sprite-scaling techniques using hardware scrolling and fixed-point math, inspiring low-level graphics pipelines [Lobsters]. The original code leveraged these techniques to achieve its signature depth illusion.
DuckDuckGo makes its no‑AI search engine easier to access amid traffic surge
DuckDuckGo has rolled out UI tweaks that streamline the no‑AI, privacy‑first search option as traffic spikes, and executives outline steps to scale the backend for the higher load [TechCrunch].
Docker guide clarifies image vs container
Ryan Kikayi's dev.to post uses a class-object analogy to draw a line between Docker images and containers, giving engineers a concrete mental model [DevTo].
Red Hat npm packages compromised, users urged to secure dependencies
A GitHub issue reports that several Red Hat npm packages have been compromised, exposing users to potential security risks. Red Hat is investigating and recommends immediate removal or audit of the affected packages.
ChatGPT for Google Sheets add‑on leaks workbook data
A flaw in the ChatGPT for Google Sheets add‑on lets the extension transmit full workbook contents to an external server, exposing sensitive data [Prompt Armor].
Your scraper returned a clean row. It was wrong.
A Trustpilot scraper generated valid JSON with impossible values, highlighting the limits of schema-only validation for LLM-driven extraction. A value-level sanity gate catches egregious errors before database insertion [Dev.to].
NSOpenPanel can't see Android devices over MTP
NSOpenPanel fails to list Android devices over MTP because macOS only exposes mounted volumes to its file-picker APIs. Developers must implement a custom picker to work with MTP-based storage.
Documentation beats code in open-source
A month-long experiment across five open-source projects found that clear READMEs and project docs unlock more contributions than code changes alone [DevTo].
Angular 19 loadComponent vs loadChildren: choosing the right lazy‑loading boundary
Angular 19 makes standalone components the default and promotes loadComponent as the primary lazy‑loading API. Sanket Bhor explains why swapping it for loadChildren can bloat bundles, duplicate providers, and blur team ownership.
Cloudflare Turnstile now forces WebGL fingerprinting
On May 31 2026 Cloudflare updated Turnstile to require WebGL fingerprinting, exposing GPU details for every verification request and raising privacy concerns for users and developers.
Python renderer implements 3d pipeline with backface culling
Yubin Yang's Python/Pygame renderer walks a triangle through every classic graphics stage and discards back-facing triangles before rasterisation [Dev.to].
Google Ads Transparency Scraper: $1.20/1k ads
An Apify Actor scrapes Google Ads Transparency Center for $0.0012 per ad, undercutting SaaS competitors [Dev.to].
Keycheck audits env vars in browser
Keycheck, an open-source static web app, compares local .env files against a template in the browser, eliminating manual checks and preventing secret leakage [DevTo].
Av2 video standard released with final v1.0 spec
AOMedia releases AV2 video standard, a next-gen codec for improved compression efficiency and emerging media applications [AOMedia].
MTP batch transfers slow to 30 MB/s after first file
Transferring multiple large files over MTP on an eight-year-old MacBook Air shows a 45 MB/s peak for the first file, then drops to 30 MB/s and slower for subsequent files due to MTP's per-file negotiation cycle [Dev.to].
Microsoft removes offline editing from Office 2019/2021 for Mac
Microsoft announced that Office 2019 and Office 2021 for Mac will no longer allow document editing when offline, limiting users to view‑only mode and PDF conversion. The change pushes perpetual‑license Mac users toward Microsoft 365 or alternative suites.
Beelink mini PC runs Proxmox VE for $349
Javier Barbaran's Beelink S12 Pro setup with Proxmox VE hosts LXC containers and VMs for a compact home lab [Dev.to]. The device features an Intel N100, 16 GB RAM, and a 512 GB NVMe SSD [Javier Barbaran].
Ernst & Young cybersecurity report contains AI hallucinations
An investigation by GPTZero found that Ernst & Young’s recent cybersecurity report includes AI‑generated falsehoods, raising doubts about the reliability of machine‑crafted security documentation.
Voxel Space: new open-source voxel rendering library on GitHub
Voxel Space is an open-source library for voxel rendering that supports WebGL and common voxel formats, giving engineers a free alternative for 3D visualizations and games.
Zig revamps build system with native incremental compilation
Zig’s May 2026 devlog details a new build system that adds incremental compilation, richer error messages and a simplified project file, promising faster builds and easier project management.
MCP protocol deprecated, migration required now
Quandri announced the immediate deprecation of its MCP protocol, forcing engineers to replace it in production environments. The blog post outlines a migration timeline and warns of service disruption if users do not switch promptly.
Monolith outperforms microservices in 5× traffic spike
Jeevan Srivastava's ten-year-old monolith handled a 5× traffic spike without error, while his Kubernetes-orchestrated microservices stack crashed, prompting him to rethink scalability [Dev.to].
Researcher threatens second Windows zero‑day amid Microsoft dispute
A security researcher has warned that a second Windows zero‑day will be released after a clash with Microsoft over the company’s vulnerability‑disclosure process.
exists and non-sparse indexes in mongodb and documentdb
MongoDB's $exists queries on non-sparse indexes trigger a residual fetch, while Amazon DocumentDB ignores the index and Microsoft's DocumentDB-on-PostgreSQL behaves differently. Sparse indexes eliminate the wasted work [Dev.to].
Dnd-kit simplifies drag-and-drop in React and Next.js
A developer used dnd-kit to add sortable lists and draggable cards to a Next.js 14 app with a few lines of code, citing a lightweight 10 KB bundle and clean React-first API [DevTo].
Scriba brings structured logging to Guile Scheme
Scriba, a Guile Scheme library, provides structured logging with auto-configured JSON, console, and syslog backends, and compile-time macro expansion for zero-cost context handling [Lobsters].
Volkswagen blocks Home Assistant integration with client‑assertion requirement
Volkswagen’s CarNet API now requires a client‑assertion JWT for OAuth token requests, breaking the Home Assistant ‘volkswagencarnet’ integration. Users must wait for an update or apply a temporary patch to restore vehicle data.
Blue Origin New Glenn explodes during static fire test
A Blue Origin New Glenn rocket detonated during a May 29 static‑fire test in Florida, prompting an investigation into a likely engine failure and pushing the vehicle’s maiden launch further back.
Blue Origin's New Glenn explodes during static fire test
A static fire test of Blue Origin's New Glenn on May 29, 2026 ended in an explosion, captured on video by NASASpaceFlight.
GitHub bans researcher for posting zero‑day Windows exploits
GitHub suspended a security researcher after they posted zero‑day Windows exploits, prompting the researcher to claim the ban ruined their life and prompting experts to label the move vindictive and promise retaliation.
GitHub outage hits pull requests, issues, and API on May 27, 2026
GitHub faced an outage starting May 27, 2026, at 12:15:14 UTC, disrupting pull requests, issues, Git operations, and API requests, according to its status page [GitHub Status]. Details on root cause and resolution remain pending.
Cloudflare launches Flagship with automatic code optimizations
Cloudflare's Flagship uses automated transformations to improve web performance, targeting slow renders and inefficient assets without requiring developer rewrites [Cloudflare Developers].
WordPress at 15: core is bare-minimum, ecosystem is broken
A 15-year WordPress developer slams the platform's technical debt, security flaws, and Automattic's gatekeeping, arguing the core is unusable without plugins and value flows to scammers and the parent company
DynIP launches with RFC 2136, IPv6, and DNSSEC support
DynIP offers a dynamic DNS service with full RFC 2136 compliance, IPv6 and DNSSEC support, and bring-your-own-device capability for infrastructure teams managing dynamic IPs
Access control breaks down at scale — here's why
A system with 15 roles became unmanageable as access decisions grew context-dependent, exposing limits in role-based models. Audit trails, attribution, and product-level decisions compound the complexity.
Dillo-browser.org rolls out human proof to verify FOSS contributors
Dillo-browser.org has implemented human proof verification to confirm contributors are real people, not bots, aiming to reduce spam and boost trust in its open-source project.
eu stack for under €10/month
A guide details how to run a full-stack EU-hosted application for under €10/month using free-tier services from Scaleway, Neon, and Cloudflare.
Jira's workflow automation is turing complete, researcher shows
Researcher vinhnx demonstrated Jira can simulate a Turing machine using workflow automation, raising questions about complexity and security in enterprise tooling [seriot.ch].
Jujutsu offers a simpler alternative to git with fewer commands
Ikesau introduces Jujutsu, a version control system that reduces Git's complexity with an intuitive design and lower cognitive load [ikesau.co].
ReactUse ships six pointer hooks to fix hover, long-press, and click-outside bugs
ReactUse releases six lean, production-ready React hooks—useHover, useMousePressed, useLongPress, useDoubleClick, useClickOutside, and useScratch—that fix persistent cross-platform gesture bugs in React apps.
Microsoft open-sources earliest known DOS code
Microsoft has released the earliest known version of DOS source code on GitHub, offering engineers a direct look at foundational OS design and x86-era programming constraints [hn-front].
Vivado 2026.1 drops free linux support
AMD's Vivado 2026.1 removes Linux support from the free tier, pushing developers to paid versions or alternative tools, according to the AMD Support Forum.
Ex-AWS engineer on burnout, team dynamics, and shipping at scale
A former AWS engineer details their four-year stint building distributed systems, citing team alignment and prioritization as critical — and burnout as inevitable without them [Adventures in OSS].
GitHub mining reveals real developer pain points at scale
By analyzing issues, pull requests, and discussions, GitHub mining uncovers hidden usability problems in developer tools — like deployment errors and poor documentation — that surveys often miss [devto][Xiong et al.]
c# gets union types in .net 11 preview 2
C# in .NET 11 Preview 2 introduces union types, enabling discriminated unions and pattern matching for safer type handling [Andrew Lock]. This feature lands after years of community requests.
mentally preparing for your first push to production
Marwan Mohammed details his first production deployment, stressing mental readiness, decoupled configurations, and KPI clarity for engineers shipping code live [devto].
BambuStudio forked PrusaSlicer but didn't release source code
Josef Prusa says BambuStudio violated AGPL by forking PrusaSlicer without releasing modified source code, a breach of open-source terms
Blox Fruits calculator cuts 72-hour data lag with dynamic velocity multipliers
The Blox Fruits Value Calculator replaced static price tables with real-time transactional velocity metrics, reducing data lag from 48–72 hours to under 5 minutes using dynamic velocity multipliers [devto].
FBI director Kash Patel's apparel site hosts clickfix malware
The website for FBI director Kash Patel's apparel brand is actively hosting a 'ClickFix' attack that tricks visitors into installing malware, PCMag reported May 23, 2026 [PCMag]. The malicious script was delivered through a third-party service on the site.
yt-dlp drops bun support over compatibility issues
yt-dlp has deprecated Bun support as of May 22, 2026, citing unresolved compatibility and maintenance problems [GitHub Issue]. The move underscores ongoing friction in adopting Bun in mature open-source tooling.
Apache Iceberg exposes metadata as queryable tables
Apache Iceberg makes internal metadata accessible via SQL through virtual tables like $snapshots, $files, and $partitions, enabling time travel, optimization, and monitoring [devto].
Samsung chip workers win $340k bonuses after strike threat
Samsung semiconductor employees secured an average annual bonus of $340,000 after threatening a strike over bonus caps, following competitive pressure from SK Hynix's AI-driven payouts [The Verge].
Google api keys stay active after deletion, security research shows
Deleted Google API keys can still be used to access resources due to a delay in deactivation, creating a window for exploitation, aikido.dev reports.
AI-coded app security jumps to 84/100 with vercel.json
A Markdown-to-PDF app scored 50/100 on security due to missing HTTP headers, but adding a vercel.json config raised it to 84/100 without changing any React code [dev.to].
Blog migrates from ubuntu 16.04 to freebsd after 10 years
After a decade on Ubuntu 16.04, a blog moves to FreeBSD for stability and security, with the author detailing the technical hurdles and fixes
BBEdit 16 released with Git integration and AppleScript upgrades
BBEdit 16 lands on macOS with deeper source control support, enhanced scripting, and performance fixes for developers
Python 3.15: typing, error handling, and performance updates
Python 3.15 ships with under-the-radar improvements to typing via `typing.ParamSpec`, `except*` for better error handling, and faster dictionary lookups and exception processing [Chang's Blog].
GitHub confirms breach via malicious VS Code extension
GitHub says attackers accessed 3,800 internal repos after compromising an employee device through a malicious VS Code extension [source: @appinventiv4ai].
Vivaldi 8.0 launches with tab stacking, built-in code editor
Vivaldi 8.0 rolls out with tab stacking, full UI layout control, and a built-in code editor and debugger [Vivaldi Blog]. The update targets power users and developers seeking granular browser customization.
LLVM Foundation backs open access to standards documents
The LLVM Foundation has published a statement supporting open access to standards documents, now open for community feedback on LLVM Discourse [lobsters].
Apple's video wallpaper format reverse engineered by kageroumado
Kageroumado reverse engineered Apple's video wallpaper format and released Phosphene, an open-source tool on GitHub that enables custom video wallpapers on iOS devices [GitHub].
WordPress security: 10-minute monthly checklist with wp-cli
A 10-minute monthly WordPress security checklist using WP-CLI to catch core updates, vulnerable plugins, and misconfigurations before they’re exploited
NestJS checkout hits 78.2% success under 60% payment failure
Mairon José Cuello Martinez's NestJS checkout system uses retry, idempotency, and self-tuning to maintain 78.2% success during 60% payment gateway failure, with circuit breaking and feedback-driven config adjustments [devto]
GBIM adds Prometheus, Grafana, and k6 for end-to-end observability
GBIM deploys Prometheus and Grafana for monitoring, k6 for smoke testing, and correlation IDs to track requests across services, improving error investigation and business metric visibility.
Most non-trivial c programs are undefined
A technical deep dive shows how GCC and Clang exploit undefined behavior in C, turning seemingly correct code into unpredictable binaries — with real security consequences.
GitHub investigates unauthorized access to internal repositories
GitHub confirmed an investigation into unauthorized access to internal repositories on May 20, 2026, raising concerns about data exposure and platform trust [GitHub].
Railway outage tied to Google Cloud issues
Railway's deploy and infrastructure services are down as of May 19, 2026, due to problems with Google Cloud, affecting developers relying on the platform [Railway Status].
Mini Shai-Hulud malware hits 314 npm packages
The Mini Shai-Hulud malware has compromised 314 npm packages by injecting obfuscated malicious code, according to SafeDep.
Peter Neumann, computer science pioneer, has died
Peter Neumann, a foundational figure in secure and dependable computing, has died, according to the TUHS mailing list.
GitHub maintainers can block AI bot spam using Git's --author flag
Archestra.ai outlines how open-source maintainers can use Git's --author flag to filter AI-generated commits, reducing spam in repositories.
Files.md launches as open-source Obsidian alternative
Zakirullin's Files.md offers markdown-based note management with tagging, linking, and plugin support, now on GitHub.
I automated opt-outs for 500 data broker sites
Stephen L. Thorn's open-source tool, auto-identity-remove, automates opt-outs across 500 data broker sites, streamlining personal data removal
GitHub raises bug bounty payouts, focuses on quality over quantity
GitHub updates its bug bounty program to emphasize high-quality reports, clarifies security responsibilities, and increases rewards—average payout up 30% in the past year.
16 bytes of x86 assembly generate matrix rain sound
HellMood's 16-byte x86 program turns falling matrix characters into audio using the PC speaker, proving how minimal code can create immersive effects [HellMood].
Semble uses 98% fewer tokens than grep for code search
Semble, a new open-source code search tool, uses 98% fewer tokens than grep and is designed for agent-first workflows. It’s now available on GitHub.
VoIP retrofits bring pay phones back to rural Vermont
Rural Vermont is reviving pay phones with VoIP technology to close connectivity gaps where traditional infrastructure falls short [IEEE Spectrum].
Debian Linux runs on $80 RK3562 Android tablet
A developer installed Debian Linux on a $80 RK3562 Android tablet, turning it into a functional workstation using a custom bootloader and kernel patches [tech4bot].
Vercel gates source maps behind authentication
Vercel now secures .map files by restricting access to users with deployment permissions, closing a common security gap in production deployments [Vercel Changelog].
Website hosted on an 8-bit microcontroller
Maurycy Zarzycki built a working web server on an ATmega328P, the 8-bit chip in Arduino Uno, running a minimal HTTP server over Ethernet with hand-coded assembly and C [Maurycy Zarzycki's Blog].
Zerostack, a unix-inspired coding agent, launches on crates.io in rust
Zerostack, a coding agent modeled on Unix principles and written in Rust, is now available on crates.io as version 1.0.0 [crates.io], signaling a new approach to reliable, modular developer tooling.
Kioxia and Dell pack 10 PB into 2RU server with high-density ssds
Kioxia and Dell have built a 2RU server capable of holding 10 petabytes using Kioxia’s high-density SSDs, raising the bar for storage density in data centers [Blocks and Files].
Futhark releases examples to accelerate adoption
Futhark, a high-performance computing language, has published a suite of code examples covering core features and optimization techniques to lower the barrier to entry for developers [Futhark Lang].
Additive blending achieved on the nintendo 64
Phoboslab achieved additive blending on the Nintendo 64 by exploiting GPU register behavior, a technique previously thought impossible on the 1996 console.
Erlang/OTP 29.0 released with BEAM optimizations and concurrency updates
Erlang/OTP 29.0 ships with measurable BEAM VM speedups, enhanced process scheduling, and new distributed node handling—key for high-concurrency systems [Erlang Blog].
Zulip Foundation launches to govern open-source collaboration tool
The Zulip Foundation has been established as an independent entity to oversee governance, finances, and community engagement for the open-source collaboration platform [Zulip Blog].
Windows CE 2.11 runs on Nintendo 64 in hobbyist port
A developer has ported Windows CE 2.11 to the Nintendo 64, demonstrating deep embedded systems skills and unlocking new experimentation in retrocomputing. The project, WinCE64, is live on GitHub.
Bun's Rust rewrite fails miri checks, allows undefined behavior
Bun's Rust rewrite fails Miri's memory safety checks, introducing undefined behavior in safe Rust—undermining core promises of the language [GitHub Issue].
Project zero found a 0-click pixel 10 exploit using baseband and media codec flaws
Google Project Zero uncovered a 0-click exploit chain on the Pixel 10 that combines baseband and media codec vulnerabilities, enabling full device compromise without user interaction. Patches are now available via the May 2026 Android security update.
Nginx rift exploit disclosed, affects versions before 1.23.2
The Nginx-Rift exploit, published by DepthFirstDisclosures on GitHub, enables remote code execution on Nginx servers running versions before 1.23.2 [GitHub Blog].
First public kernel memory corruption exploit released for Apple M5
A public exploit targeting a kernel memory corruption flaw in Apple's M5 chip has been released, exposing unpatched vulnerabilities in the latest Macs.
Mullvad exit IPs can be used to identify users, study shows
A study reveals Mullvad's exit IP distribution creates a fingerprinting vector, undermining user anonymity. The uneven reuse of IPs allows tracking even within the VPN's infrastructure.
Amazonbot now respects robots.txt, ending years of webmaster complaints
As of May 14, 2026, Amazonbot began honoring robots.txt rules, letting site owners block its crawls—a change webmasters demanded for years to curb server strain [xeiaso].
Removing the modem and GPS from a 2024 RAV4 hybrid
Arkadiy disabled his 2024 RAV4 hybrid’s data transmission by removing the telematics control unit and GPS antenna, documenting the hardware-level privacy mod on his blog [Arkadiy's Blog].
BitLocker cracked by YellowKey exploit using USB files
The YellowKey exploit bypasses Microsoft BitLocker encryption using a USB stick with specific files, exposing a critical unpatched vulnerability in Windows disk encryption [Tom's Hardware].
Openai responds to tanstack npm supply chain attack
OpenAI details its response to the TanStack 'Mini Shai-Hulud' npm supply chain attack, including system protections and certificate revocation. macOS users must update OpenAI apps by June 12, 2026 [openai].
Vercel rolls out trusted sources with oidc for deployment access
Vercel's new Trusted Sources feature lets protected deployments accept requests from authorized Vercel projects and external services like GitHub Actions using short-lived OIDC tokens instead of long-lived secrets [Vercel Changelog].
The emacsification of software.
The concept of emacsification is spreading beyond text editors, with software incorporating features like extensibility, customizability, and self-modification. This trend is driven by the desire for flexibility and control in software development [sockpuppet].
Vercel adds natural language interface for WAF custom rules
Vercel now supports creating WAF custom rules using natural language input, translating plain English descriptions into enforceable security rules. The feature is available in the Firewall dashboard.
Developer migrates from GitHub to self-hosted Forgejo
One developer’s move from GitHub to Forgejo underscores rising demand for self-hosted code platforms amid concerns over data control and platform dependency.
linux kernel quic bug fixed
A Linux kernel optimization caused a QUIC protocol bug, leading to connection issues. Cloudflare engineers identified and fixed the bug [Cloudflare Blog].
Obsidian outlines plugin ecosystem plans
Obsidian aims to improve plugin stability and security with a more rigorous review process and additional developer resources [Obsidian Blog].
Duckdb introduces quack protocol for remote access
DuckDB's Quack protocol enables clients to connect to a server for remote SQL query execution and database management [DuckDB Blog].
Scrcpy v4.0 released with android 5.0 requirement
Scrcpy v4.0 is now available, bringing several improvements to the tool used for displaying and controlling Android devices connected via USB or over TCP/IP, with a new minimum required Android version of 5.0.
Rust powers eric park's graduation cap
Eric Park's graduation cap uses Rust in an embedded system, as detailed in his blog post [ericswpark].
Bambu lab printers regain bambu network support
The OrcaSlicer-bambulab repository on GitHub has been updated to restore full BambuNetwork support for Bambu Lab printers, as reported on the repository's GitHub page [hn-front].
Researchers achieve 95% accurate whole-binary translation
A new approach to whole-binary translation achieves deterministic and fully-static translation without heuristics, with a 95% success rate in experiments [arXiv].
Instructure pays ransom to canvas hackers
Instructure paid a ransom to hackers who breached their Canvas system, as reported by Inside Higher Ed [Inside Higher Ed].
Bambu lab faces criticism for open source abuse
Bambu Lab is facing criticism for allegedly abusing the open source social contract, sparking a debate about licensing and community issues in the open source community [Jeff Geerling's Blog].
Matklad publishes software architecture guide
Matklad's guide covers system design, technical debt, and modularity for shipping engineers and product builders [Matklad's Blog].
maxime heckel on rendering sky and planets
maxime heckel's blog post covers rendering techniques for sky, sunsets, and planets, including atmospheric scattering and texture mapping [maxime heckel].
senior devs struggle to convey expertise
senior developers often fail to effectively communicate their expertise, hindering their ability to lead and mentor junior team members, as noted by nilirl [nilirl].
CERT releases six CVEs for dnsmasq
The CERT has released six CVEs for dnsmasq security vulnerabilities, which can be exploited to gain unauthorized access to systems and devices [hn-front].
Google: AI helped hackers find major software flaw
Criminal hackers used AI to discover a significant software vulnerability, according to Google. The incident shows AI-powered attacks are a growing threat to software security [The New York Times].
Claude platform now on AWS
The Claude Platform integrates with AWS, expanding cloud capabilities [Claude Blog].
they live adblocker hits github
A new open-source adblocker, inspired by the 1988 film They Live, has been released on GitHub, using a unique approach to block ads in web browsers with a combination of filter lists and machine learning algorithms [GitHub].
TanStack npm supply-chain compromise revealed
TanStack's postmortem analysis details the npm supply-chain compromise, caused by a vulnerable dependency in one of its packages [TanStack Blog]. The incident led to malicious code injection, affecting users.
M4 instance with 24gb memory runs local models
A developer ran local models on an M4 instance with 24GB memory, demonstrating its feasibility for development [hn-front].
Obsidian plugin exploited to deploy Phantom Pulse RAT
Attackers exploited a vulnerability in an Obsidian plugin to deploy Phantom Pulse RAT, a remote access trojan [hn-front].
Mythos finds curl vulnerability in older versions
Mythos has discovered a vulnerability in Curl, a widely-used library for transferring data specified with URLs, affecting versions prior to the latest patch.
Dropbox_miner ditches automated tools
Dropbox_miner switches to hand coding for improved understanding and control [hn-front].
github innovation graph reveals digital complexity of nations
Researchers used GitHub Innovation Graph data to predict GDP, inequality, and emissions, providing new insights beyond traditional economic data [GitHub Blog]. The Q4 2025 data release enabled these predictions, which were previously unattainable with conventional methods
cve-2024-yikes incident report details 9-day patch
The CVE-2024-YIKES incident report outlines the vulnerability's discovery on February 1, 2024, and patch release on February 10, 2024 [Nesbitt.io]. The report provides insight into the vulnerability and its effects
Bun's Rust rewrite hits 99.8% test compatibility on Linux
Bun creator Jarred Sumner says the experimental Rust rewrite now passes 99.8% of the existing test suite on Linux x64 glibc. Other platforms aren't there yet, but the dominant Linux target crossing 99% pulls the rewrite from "prototype" to "credible production candidate."
Critical cPanel CVE-2026-41940 enables auth bypass. Patch now.
CVE-2026-41940 in cPanel and WHM allows authentication bypass and remote elevated control. Government and MSP networks are being actively targeted. Patch immediately.
Critical Apache HTTP/2 flaw enables RCE. Patch is 2.4.67.
CVE-2026-23918 is a double-free in Apache HTTP Server's HTTP/2 implementation. RCE is plausible. Upgrade to 2.4.67 or disable HTTP/2 until you can.
Next.js 16 makes Turbopack the default. Migration is mostly free.
Next.js 16 ships Turbopack as the default bundler for dev and prod, replaces middleware with proxy.ts, and introduces a Build Adapters API. Six months in, the migration story is calmer than expected.
React 19.2 batches Suspense reveals. Server-render hydration gets quieter.
React 19.2.6 shipped May 6 with type hardening and a notable behaviour change: server-rendered Suspense boundaries are now batched briefly so content reveals together instead of streaming in piecemeal.
AI-generated malware bypassing detection. The trend is now measurable.
AI-generated malware is slipping past traditional signature and behaviour detection. The barrier to technically sophisticated attacks dropped materially in 2025-2026. Defensive playbooks need updating.
Microsoft Build 2026 lands June 2-3. Agent infrastructure is the theme.
Build runs June 2-3 with Satya Nadella's keynote opening day one. Foundry IQ, Fabric IQ, and Azure HorizonDB are already announced. The expected Copilot Studio deep-dive will determine whether Microsoft's agent story is real or just demoware.
AWS Bedrock adds Claude Opus 4.7 and GPT-5.5
AWS shipped Claude Opus 4.7 in Bedrock and added GPT-5.5 in limited preview. Bedrock AgentCore added a managed harness, CLI, and skills for coding assistants. The frontier-on-AWS stack is now multi-vendor by default.
Cloudflare ships AI agent sandboxes. Edge compute meets agent runtime.
Cloudflare's Agents Week 2026 shipped Sandboxes — persistent isolated environments with shells, filesystems, and background processes that start in milliseconds. Plus 320 PoPs and a unified inference layer for 14+ model providers.
Postgres 18's async I/O subsystem hits 3x on sequential scans
Postgres 18 introduced an asynchronous I/O subsystem that issues parallel I/O requests instead of waiting on each one. Benchmarks show up to 3x gains on seq scans, bitmap heap scans, and vacuum.
Bun 2-3x ahead of Node on RPS. The runtime question is now serious.
2026 benchmarks put Bun at 30-50K RPS on standard HTTP workloads vs Node's 13-20K. Deno 2 sits in the middle around 22K. With Deno's full Node-compat and Bun's drop-in story, the runtime decision is no longer academic.
TypeScript 6.0 ships as the last JavaScript-based release
TypeScript 6.0 landed March 23 with strict mode on by default, ESM as default module, and ES5 deprecated. Microsoft has confirmed 6.0 is the final JavaScript-based release before the Go-native 7.0 compiler ships.
GitHub Copilot's autonomous agent mode hits GA
Copilot Agent Mode is generally available on VS Code and JetBrains. The agent picks files to edit, runs terminal commands, and iterates on errors without manual intervention. The Coding Agent for PRs ships in parallel.