1. 我喜歡的一個軟件工程面試題:計算中位數 a software engineering interview question I like: computing the median (krisshamloo.com)
2. OpenBSD 7.9 及更早版本存在一個“釋放後使用”漏洞,可能導致本地權限提升至 root 級別(CVE-2026-57589) OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root (CVE-2026-57589) (nvd.nist.gov)
4. OpenBSD 反返回導向編程緩解措施的最終版本 A Final Return for OpenBSD Anti-Return-Oriented Programming Mitigations (papers.ssrn.com)
5. 關於 OpenBSD 操作系統中採用 Pledges 和 Unveils 的測量研究 A Measurement Study on the Adoption of Pledges and Unveils in the OpenBSD Operating System (arxiv.org)
6. 最新研究:GitHub上的“已驗證”提交併非唯一 New Research: A "Verified" GitHub Commit Is NOT Unique (www.internationalcyberdigest.com)
8. 您的 Rust 服務並沒有內存洩漏——問題可能出在內存分配器上 Your Rust Service Isn''t Leaking — It Could Be the Allocator (pranitha.dev)
11. 在4 GB的“草堆”裡找一根針:Go語言中從0.75 GB/s到49 GB/s的飛躍 Finding a needle in a 4 GB haystack: from 0.75 GB/s to 49 GB/s in Go (segflow.github.io)
18. 我把《NetHack》加到了我的社區應用裡,這款已有38年曆史的遊戲卻總能讓我招架不住 Put NetHack on my community app and this 38-year-old game keeps outsmarting me (lobste.rs)
20. 向 Google kernelCTF 報告一個隱藏了 19 多年的 Linux 內核零日漏洞:CVE-2026-43456 Reporting a 19 Years Hidden Linux Kernel Zero-Day for Google kernelCTF: CVE-2026-43456 (gmo-cybersecurity.com)
22. Waterfall CAD Playground——一個基於 Haskell 的可編程 CAD 環境,通過 WASM 在瀏覽器中運行 Waterfall CAD Playground - A Haskell powered programmable-CAD environment, in the browser with WASM (doscienceto.it)
24. 谷歌通向破壞氣候的數字膨脹之路呈指數級增長 Google’s exponential path to climate-wrecking digital bloat (ketanjoshi.co)
25. 為什麼在 x64 架構下,虛假共享的對齊應為 128 字節 Why false sharing alignment should be 128 bytes on x64 (monoid.github.io)
29. 將 Go 程序編譯為 Nintendo Switch 的原生二進制文件 Compiling a Go program into a native binary for Nintendo Switch (ebitengine.org)
30. 基於AI驗證器的Rust到Lean驗證管道:經驗報告 A Rust-to-Lean verification pipeline with AI provers: An experience report (arxiv.org)
31. Radicle:支持 Git 原生問題和補丁的點對點 Git 複製 Radicle: P2P Git Replication with Git Native Issues and Patches (radicle.dev)
37. ReactOS“開源Windows”項目現已能夠運行《半條命2》 ReactOS "Open-Source Windows" Project Now Capable Of Running Half-Life 2 (www.phoronix.com)
41. 後臺訪問:Front Gate Tickets 中存在未經身份驗證的 SQL 注入漏洞 Backstage access: an unauthenticated SQL injection in Front Gate Tickets (ian.sh)
47. PREEMPT_NONE 已不復存在;你的 Postgres 可能並不在意 PREEMPT_NONE Is Dead; Your Postgres Probably Doesn’t Care (thebuild.com)
50. fin:一款適用於終端的 Jellyfin 和 Subsonic 客戶端 fin: a Jellyfin & Subsonic client for the terminal (tangled.org)
53. 一個 Pull Request 如何讓 App::HTTPThis 升級至 1.0 版 How One Pull Request Took App::HTTPThis to Version 1.0 (perlhacks.com)
55. “Baby Paint”先生與偶然發現的一種新型細胞自動機 Mr. Baby Paint & accidentally discovering a new cellular automata (tekstien-marginaalien-keskus.aalto.fi)
57. 一場滑雪事故如何考驗了我們的開發實踐 How a Skiing Accident Put Our Development Practices to the test (blog.enioka.com)
58. 火龍果:一款適用於 ESP32 設備的 68k/Dragonball Palm 設備模擬器 Dragonfruit: A 68k/Dragonball Palm device emulator for ESP32 devices (github.com)
67. 利用 Temporal 和 CSS color-mix 實現基於時間的背景顏色過渡 Time-based background colour transitions with Temporal and CSS color-mix (localghost.dev)
74. 在 DEC Alpha 上運行 Windows 2000,使用新的 es40 分支 Run Windows 2000 on a DEC Alpha with a new es40 fork (raymii.org)
76. 經過3年和10萬行遊戲代碼的開發,Zig的表現如何? How is Zig working out after 3 years and 100k lines of game code? (www.youtube.com)
81. 我希望更多人能注意到我這款Mastodon客戶端中的這些小細節 small details in my mastodon client that i wanted more people to notice (w.on-t.work)
83. ps5-linux-loader:一種利用HV漏洞運行自定義引導加載程序的Linux有效載荷 ps5-linux-loader: Linux payload implementing HV exploits to run a custom bootloader (github.com)
90. 非混合型、僅基於PQ的TLS及MIKEY-IBAKE干預措施 Non-hybrid PQ-only TLS and the MIKEY-IBAKE intervention (libroot.org)
98. 關於軸平行矩形時韋格納猜想的一個反例 A Counterexample to Wegner''s Conjecture for Axis-Parallel Rectangles (arxiv.org)
100. SecretSpec 0.13:適用於 Python、Node.js、Go、Ruby 和 Haskell 的 SDK SecretSpec 0.13: SDKs for Python, Node.js, Go, Ruby, and Haskell (secretspec.dev)
102. 波浪形牆體真的能節省磚塊嗎?我在Blender中進行了測試 Do Wavy Walls Really Use Fewer Bricks? I Tested It in Blender (blog.tymscar.com)
116. Lemmy 開發動態:2026年6月及 1.0.0-beta.1 版本 Lemmy Development Update June 2026 and 1.0.0-beta.1 (lemmy.ml)
117. 後綴 BWT 與循環移位 BWT 的比較,以及快速計算 Suffix BWT vs cyclic shift BWT, and fast computation (purplesyringa.moe)
121. 針對歐洲議會的間諜活動:調查間諜軟件的委員會成員遭“佩加索斯”黑客攻擊 Espionage Against the European Parliament: Member of Committee Investigating Spyware Hacked with Pegasus (citizenlab.ca)
122. 瀏覽器標籤頁中的 Windows 內核(上):冷啟動、快速啟動與 4 兆字節 A Windows Kernel in a Browser Tab, Part I: Cold Boot, Fast Boot, and Four Megabytes (www.msuiche.com)
123. sem:一種基於語義粒度的全新代碼理解基礎工具 sem: A new code understanding primitive tool at a semantic granularity (ataraxy-labs.github.io)
125. PieFed v1.7 正式發佈:關注用戶、瀏覽更快捷、管理更智能 PieFed v1.7 is released: Following Users, Faster Browsing & Smarter Moderation (join.piefed.social)
131. 基於 Cloudflare Workers、Vectorize 和 Nostr 的自託管 AI 新聞聚合器 Self-Hosted AI news aggregator using Cloudflare Workers, Vectorize, and Nostr (github.com)
133. 一個名為[非混合型 tls-mlkem]的標準:IETF 如何為其行為推卸責任 A [non-hybrid tls-mlkem] standard by any other name: How IETF evades responsibility for its actions (blog.cr.yp.to)
134. Dogesh 是一種基於 Python 的解釋型編程語言,其中每個關鍵字都用狗語表達 Dogesh is a Python-based interpreted programming language where every keyword speaks dog (github.com)
136. 為什麼實現 ActivityPub 很難,以及為什麼其實不必如此 Why implementing ActivityPub is hard, and why it doesn''t have to be (hackers.pub)
137. 自動化“橡皮圖章”:如果由代理來管理您的部署門禁會怎樣? Automating the Rubber Stamp: What If an Agent Ran Your Deployment Gate? (mattvanbird.co.uk)
138. 編譯後不產生任何代碼的掩碼:HotSpot 的 JIT 是如何學會對位進行推理的 The mask that compiles to nothing: how HotSpot''s JIT learned to reason about bits (questdb.com)
142. 呼籲採取行動,反對 draft-ietf-tls-mlkem-08 草案(截止日期:2026-07-08) Call to act to reject draft-ietf-tls-mlkem-08 (Ends 2026-07-08) (nsa.2026.action.cr.yp.to)
143. “guix substitute”和“guix pull”漏洞 ‘guix substitute‘ and ‘guix pull‘ vulnerabilities (guix.gnu.org)
144. Until_Heat_Death_Do_Us_Part:倒計時至宇宙熱寂,每秒通過100Mbps以太網廣播計數器讀數 Until_Heat_Death_Do_Us_Part: Counting until the heat death of the universe, broadcasting counter every second over 100Mbps ethernet (github.com)
146. KDE Plasma 中存在可突破沙箱的任意代碼執行漏洞 Arbitrary code execution breaking sandboxes in KDE Plasma (blog.kimiblock.top)
148. proposal-async-context:JavaScript 的異步上下文 proposal-async-context: Async Context for JavaScript (github.com)
150. ds.css:一個重現DS/DS Lite用戶界面的CSS框架 ds.css: A css framework recreating the DS / DS Lite''s UI (github.com)
156. 新發現的PamStealer並非典型的macOS惡意軟件 Newly discovered PamStealer isn''t your typical macOS malware (arstechnica.com)
158. ScyllaDB 基於 Trie 的索引如何實現高達 3 倍的吞吐量提升 How ScyllaDB''s Trie-Based Index Delivers Up to 3X More Throughput (www.scylladb.com)
160. 自 Linux 6.9(2024 年 5 月)起,LUKS 加密密鑰在系統進入待機狀態後仍會保留在內存中 Since Linux 6.9 (May 2024), the LUKS encryption key remained resident in memory across suspend (mathstodon.xyz)
161. .gitignore 並不是在 Git 中忽略文件的唯一方法 .gitignore Isn’t the Only Way To Ignore Files in Git (nelson.cloud)
164. 推廣“零知識證明”技術,以加強年齡驗證中的隱私保護 Opening up ‘Zero-Knowledge Proof’ technology to promote privacy in age assurance (blog.google)
171. 用於從 localStorage 中檢索對象的類型定義 Type definitions to retrieve objects from localStorage (taxorubio.com)
173. 控制平面才是關鍵:在大型語言模型時代重新審視 autofz The Control Plane Was the Point: Revisiting autofz in the LLM Era (yfu.tw)
174. 《記憶的物理學》(又名“JavaScript 能實現 ECS 嗎?”) The Physics of Memory (aka can Javascript ECS?) (www.dmurph.com)
175. 提高 VS Code 中 GitHub Copilot 的令牌效率 Improving token efficiency for GitHub Copilot in VS Code (code.visualstudio.com)
176. OpenFeature——為所有人標準化功能開關機制 OpenFeature - Standardizing Feature Flagging for Everyone (openfeature.dev)
179. 通過 FUSE readdir 緩存中的越界寫入實現無特權 root 權限提升(CVE-2026-31694) Unprivileged root via an out-of-bounds write in the FUSE readdir cache (CVE-2026-31694) (cyberstan.co.uk)
180. GraalVM“Hello World”程序大小“僅”為6.5MB GraalVM Hello World Program Down To "Just" 6.5MB (www.phoronix.com)
181. 開源作為基礎設施:從字面意義上理解“道路與橋樑” Open Source as Infrastructure: Taking Roads and Bridges literally (nesbitt.io)
182. Pidgin 3.0 Alpha 2 (2.96.0) 已發佈 Pidgin 3.0 Alpha 2 (2.96.0) has been released (discourse.imfreedom.org)
187. 所有包管理功能已從編譯器遷移至構建系統 All Package Management Functionality Moved from Compiler to Build System (ziglang.org)
188. 優化一種設計上即為二次複雜度的算法 Optimizing an Algorithm That’s Quadratic by Design (whatchord.earthmanmuons.com)
189. 矩陣正交化可提升遞歸模型的記憶能力 Matrix Orthogonalization Improves Memory in Recurrent Models (ayushtambde.com)
191. Jujutsu 如何重新構思 Git 的工作副本和衝突模型 How Jujutsu Rethinks Git''s Working Copy and Conflict Model (www.git-tower.com)
194. 低級 Haskell:在 Haskell/GHC 中模擬內聯彙編的“詛咒之路” Low-level Haskell: The cursed way to emulate inline assembly in Haskell/GHC (minoki.github.io)
197. 在遷移之前,代碼託管平臺需要具備哪些 GitHub 功能? Which GitHub features are needed in a code forge before you can migrate? (lobste.rs)
203. 《為什麼雲服務會中斷?:從數百起服務中斷事件中汲取的教訓》(2016) Why Does the Cloud Stop Computing?: Lessons from Hundreds of Service Outages (2016) (dl.acm.org)
204. pkgbump:從一個笨拙的工具到不可或缺的得力助手 pkgbump: from a dumb tool to an irreplaceable helper (blogs.gentoo.org)
205. 特朗普政府解除對Anthropic公司《Fable 5》的限制 Trump administration lifts restrictions on Anthropic''s Fable 5 (www.axios.com)
210. ZLUDA 6 版本發佈(在非英偉達 GPU 上運行 CUDA) ZLUDA 6 release (run CUDA on non-Nvidia GPUs) (vosen.github.io)
213. 大多數 MCP 服務器其實沒有必要存在。你的情況可能是個例外。 Most MCP servers don''t need to exist. Your case might be an exception (evilmartians.com)
218. 通過 Durable Streams 在我的 Jetson 上提供本地 AI 服務 Serving Local AI on my Jetson through Durable Streams (s2.dev)
220. 解析,而非驗證——在一種不希望你這樣做的語言中 Parse, Don''t Validate — In a Language That Doesn''t Want You To (cekrem.github.io)
224. Servo 五月更新:用戶腳本、mp4 兼容性、開發工具中的黑盒測試等 May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more (servo.org)
225. “等待 SQL:202y:斯德哥爾摩(BMA)”會議報告 Waiting for SQL:202y: Stockholm (BMA) meeting report (peter.eisentraut.org)
231. jj_tui:一款專注於速度和清晰度的 jujutsu 終端用戶界面 jj_tui: terminal user interface to jujutsu focused on speed and clarity (tangled.org)
232. 對基本正則表達式中 GNU 擴展的平臺支持 Platform Support for GNU Extensions to Basic Regular Expressions (www.wezm.net)
241. DRM GEM 的 change_handle 函數中存在“釋放後使用”漏洞,導致非特權用戶獲得 root 權限(CVE-2026-46215) Unprivileged root via a use-after-free in DRM GEM change_handle (CVE-2026-46215) (cyberstan.co.uk)
242. Solod v0.2:網絡功能、新目標、更友好的互操作性 Solod v0.2: Networking, new targets, friendlier interop (antonz.org)
244. ipv6_frag_escape:Linux LPE——可靠的監獄/容器逃逸 ipv6_frag_escape: Linux LPE - Reliable Jail/Container Escape (github.com)
247. WATaBoy:將Game Boy指令通過JIT編譯為Wasm,性能優於原生解釋器 WATaBoy: JIT-ing Game Boy Instructions to Wasm Beats a Native Interpreter (humphri.es)
248. Pystd 標準庫,功能大致相似,但編譯時間僅為其一小部分 Pystd standard library, similar-ish functionality with a fraction of the compile time (nibblestew.blogspot.com)
249. Longinus:一個漏洞中的兩個邊界,利用單一漏洞突破Chrome的渲染引擎和V8沙箱,CVE-2026-6307 Longinus: 2 Boundaries in One Bug, Piercing Chrome’s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307 (nebusec.ai)
258. 《網絡彈性法》框架下嵌入式Linux設備的完整性 Integrity on Embedded Linux Devices under the Cyber Resilience Act (sigma-star.at)
262. 代碼審查——BJonas 用 J 語言編寫的 Scheme 解釋器 code review - BJonas'' SchemeInterpreter in J (tangentstorm.github.io)
263. Kivo——一款基於 PySide6 開發的輕量級桌面提詞器 Kivo - A lightweight desktop teleprompter built with PySide6 (github.com)
266. Ante:融合借用檢查與引用計數的新方法 Ante: New Way to Blend Borrow Checking and Reference Counting (verdagon.dev)
271. 難以理解的 Bug 第 10 期:故障的 Windows 構建版本 Unfathomable bugs #10: The Broken Windows Build (algassert.com)
276. 對私人通信的“雙重威脅”:不民主的聊天管控幕後交易及迫在眉睫的讓步,促使 fightchatcontrol.eu 網站重新上線 “Double Threat” to Private Communications: Undemocratic Chat Control Backroom Deals and Imminent Concessions Spark Relaunch of fightchatcontrol.eu (www.patrick-breyer.de)
278. 檢查航天飛機輸入/輸出處理器的電路板 Examining circuit boards from the Space Shuttle''s I/O Processor (www.righto.com)
281. huff12——一款適用於 Apple Silicon 的 12 流霍夫曼解碼器 huff12 - a 12-stream Huffman decoder for Apple Silicon (gist.github.com)
282. iOS 平臺上的動態庫延遲加載與插件架構 Lazy Loading Dynamic Libraries and the Plugin-Architecture on iOS (medium.com)
285. 我們進行了“Mythos at Home”測試:在我們的網絡基準測試中,GLM 5.2 擊敗了 Claude We have Mythos at Home: GLM 5.2 beats Claude in our Cyber Benchmarks (semgrep.dev)
288. VictoriaLogs 如何以列式佈局存儲日誌 How VictoriaLogs Stores Your Logs in a Columnar Layout (victoriametrics.com)
291. Nourish——一款支持無限縮放和平移的 Wayland 合成器 Nourish - a wayland compositor with infinite zoom and pan (github.com)
294. 藉助 Lemote Yeeloong 筆記本電腦和 OpenBSD 應對“龍”的挑戰 Working around dragons with the Lemote Yeeloong laptop and OpenBSD (oldvcr.blogspot.com)
295. 具有依賴類型且內核兼容 Lean4 的 Clojure 領域特定語言(DSL) Dependently typed Clojure DSL with a Lean4 compatible kernel (github.com)
298. OxCaml 中值得更多編程語言借鑑的特性——《The Consensus》 The feature in OxCaml that more languages should steal - The Consensus (theconsensus.dev)
299. pomerium:Pomerium 是一個支持身份識別和上下文感知功能的訪問代理 pomerium: Pomerium is an identity and context-aware access proxy (github.com)
300. Prism:一種具有類型化效應的不純粹函數式語言 Prism: An Impure Functional Language With Typed Effects (www.stephendiehl.com)