3. 通過 FUSE readdir 緩存中的越界寫入實現無特權 root 權限提升(CVE-2026-31694) Unprivileged root via an out-of-bounds write in the FUSE readdir cache (CVE-2026-31694) (cyberstan.co.uk)
4. GraalVM“Hello World”程序大小“僅”為6.5MB GraalVM Hello World Program Down To "Just" 6.5MB (www.phoronix.com)
5. 開源作為基礎設施:從字面意義上理解“道路與橋樑” Open Source as Infrastructure: Taking Roads and Bridges literally (nesbitt.io)
6. Pidgin 3.0 Alpha 2 (2.96.0) 已發佈 Pidgin 3.0 Alpha 2 (2.96.0) has been released (discourse.imfreedom.org)
11. 所有包管理功能已從編譯器遷移至構建系統 All Package Management Functionality Moved from Compiler to Build System (ziglang.org)
12. 優化一種設計上即為二次複雜度的算法 Optimizing an Algorithm That’s Quadratic by Design (whatchord.earthmanmuons.com)
15. Jujutsu 如何重新構思 Git 的工作副本和衝突模型 How Jujutsu Rethinks Git''s Working Copy and Conflict Model (www.git-tower.com)
18. 低級 Haskell:在 Haskell/GHC 中模擬內聯彙編的“詛咒之路” Low-level Haskell: The cursed way to emulate inline assembly in Haskell/GHC (minoki.github.io)
21. 在遷移之前,代碼託管平臺需要具備哪些 GitHub 功能? Which GitHub features are needed in a code forge before you can migrate? (lobste.rs)
27. 《為什麼雲服務會中斷?:從數百起服務中斷事件中汲取的教訓》(2016) Why Does the Cloud Stop Computing?: Lessons from Hundreds of Service Outages (2016) (dl.acm.org)
28. pkgbump:從一個笨拙的工具到不可或缺的得力助手 pkgbump: from a dumb tool to an irreplaceable helper (blogs.gentoo.org)
29. 特朗普政府解除對Anthropic公司《Fable 5》的限制 Trump administration lifts restrictions on Anthropic''s Fable 5 (www.axios.com)
37. 大多數 MCP 服務器其實沒有必要存在。你的情況可能是個例外。 Most MCP servers don''t need to exist. Your case might be an exception (evilmartians.com)
42. 通過 Durable Streams 在我的 Jetson 上提供本地 AI 服務 Serving Local AI on my Jetson through Durable Streams (s2.dev)
44. 解析,而非驗證——在一種不希望你這樣做的語言中 Parse, Don''t Validate — In a Language That Doesn''t Want You To (cekrem.github.io)
48. Servo 五月更新:用戶腳本、mp4 兼容性、開發工具中的黑盒測試等 May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more (servo.org)
49. “等待 SQL:202y:斯德哥爾摩(BMA)”會議報告 Waiting for SQL:202y: Stockholm (BMA) meeting report (peter.eisentraut.org)
55. jj_tui:一款專注於速度和清晰度的 jujutsu 終端用戶界面 jj_tui: terminal user interface to jujutsu focused on speed and clarity (tangled.org)
56. 對基本正則表達式中 GNU 擴展的平臺支持 Platform Support for GNU Extensions to Basic Regular Expressions (www.wezm.net)
65. DRM GEM 的 change_handle 函數中存在“釋放後使用”漏洞,導致非特權用戶獲得 root 權限(CVE-2026-46215) Unprivileged root via a use-after-free in DRM GEM change_handle (CVE-2026-46215) (cyberstan.co.uk)
66. Solod v0.2:網絡功能、新目標、更友好的互操作性 Solod v0.2: Networking, new targets, friendlier interop (antonz.org)
68. ipv6_frag_escape:Linux LPE——可靠的監獄/容器逃逸 ipv6_frag_escape: Linux LPE - Reliable Jail/Container Escape (github.com)
71. WATaBoy:將Game Boy指令通過JIT編譯為Wasm,性能優於原生解釋器 WATaBoy: JIT-ing Game Boy Instructions to Wasm Beats a Native Interpreter (humphri.es)
72. Pystd 標準庫,功能大致相似,但編譯時間僅為其一小部分 Pystd standard library, similar-ish functionality with a fraction of the compile time (nibblestew.blogspot.com)
73. Longinus:一個漏洞中的兩個邊界,利用單一漏洞突破Chrome的渲染引擎和V8沙箱,CVE-2026-6307 Longinus: 2 Boundaries in One Bug, Piercing Chrome’s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307 (nebusec.ai)
82. 《網絡彈性法》框架下嵌入式Linux設備的完整性 Integrity on Embedded Linux Devices under the Cyber Resilience Act (sigma-star.at)
86. 代碼審查——BJonas 用 J 語言編寫的 Scheme 解釋器 code review - BJonas'' SchemeInterpreter in J (tangentstorm.github.io)
87. Kivo——一款基於 PySide6 開發的輕量級桌面提詞器 Kivo - A lightweight desktop teleprompter built with PySide6 (github.com)
90. Ante:融合借用檢查與引用計數的新方法 Ante: New Way to Blend Borrow Checking and Reference Counting (verdagon.dev)
95. 難以理解的 Bug 第 10 期:故障的 Windows 構建版本 Unfathomable bugs #10: The Broken Windows Build (algassert.com)
100. 對私人通信的“雙重威脅”:不民主的聊天管控幕後交易及迫在眉睫的讓步,促使 fightchatcontrol.eu 網站重新上線 “Double Threat” to Private Communications: Undemocratic Chat Control Backroom Deals and Imminent Concessions Spark Relaunch of fightchatcontrol.eu (www.patrick-breyer.de)
102. 檢查航天飛機輸入/輸出處理器的電路板 Examining circuit boards from the Space Shuttle''s I/O Processor (www.righto.com)
105. huff12——一款適用於 Apple Silicon 的 12 流霍夫曼解碼器 huff12 - a 12-stream Huffman decoder for Apple Silicon (gist.github.com)
106. iOS 平臺上的動態庫延遲加載與插件架構 Lazy Loading Dynamic Libraries and the Plugin-Architecture on iOS (medium.com)
109. 我們進行了“Mythos at Home”測試:在我們的網絡基準測試中,GLM 5.2 擊敗了 Claude We have Mythos at Home: GLM 5.2 beats Claude in our Cyber Benchmarks (semgrep.dev)
112. VictoriaLogs 如何以列式佈局存儲日誌 How VictoriaLogs Stores Your Logs in a Columnar Layout (victoriametrics.com)
115. Nourish——一款支持無限縮放和平移的 Wayland 合成器 Nourish - a wayland compositor with infinite zoom and pan (github.com)
118. 藉助 Lemote Yeeloong 筆記本電腦和 OpenBSD 應對“龍”的挑戰 Working around dragons with the Lemote Yeeloong laptop and OpenBSD (oldvcr.blogspot.com)
119. 具有依賴類型且內核兼容 Lean4 的 Clojure 領域特定語言(DSL) Dependently typed Clojure DSL with a Lean4 compatible kernel (github.com)
122. OxCaml 中值得更多編程語言借鑑的特性——《The Consensus》 The feature in OxCaml that more languages should steal - The Consensus (theconsensus.dev)
123. pomerium:Pomerium 是一個支持身份識別和上下文感知功能的訪問代理 pomerium: Pomerium is an identity and context-aware access proxy (github.com)
124. Prism:一種具有類型化效應的不純粹函數式語言 Prism: An Impure Functional Language With Typed Effects (www.stephendiehl.com)
125. pg_plan_advice — 幫助規劃器制定正確的執行計劃 pg_plan_advice — help the planner get the right plan (www.postgresql.org)
128. exploitarium:一個彙集了公開漏洞利用概念驗證(PoC)的單一存檔庫 exploitarium: A single archive of public exploit PoCs (github.com)
135. Linux 7.2 提升了 shell 管道中匿名/無名管道的性能,並進行了其他改進 Linux 7.2 Improves Anonymous/Unnamed Pipe Performance For Shell Pipelines & More (www.phoronix.com)
140. 《如何看待人工智能》:科裡·多克託羅談科技巨頭、理解人工智能、勞動自動化等話題 "How to Think About AI": Cory Doctorow on Big Tech, Understanding AI, Labor Automation & More (www.youtube.com)
146. 當人工智能來處理數學計算時,作為一名數學家意味著什麼? What does it mean to be a mathematician when AI does the math? (spectrum.ieee.org)
152. 介紹 Flink 的原生 S3 文件系統:專為性能而生,為生產環境而設計 Introducing Flink''s Native S3 FileSystem: Built for Performance, Designed for Production (flink.apache.org)
156. 讓 devenv 快速啟動,並帶動整個 nixpkgs 系統一起啟動 - devenv Making devenv start fast, and the whole nixpkgs with it - devenv (devenv.sh)
158. “新布盧布悖論”,或:為何 TypeScript 並非人工智能時代的理想選擇 The New Blub Paradox, or: Why TypeScript Is a Poor Choice for the AI Era (iankduncan.com)
165. 在此次網絡攻擊發生前數年,警方就已經掌握了那些入侵倫敦交通局(TfL)的青少年相關信息 Teens who hacked TfL were known to police years before cyber-attack (www.bbc.co.uk)
168. mmo-chip:多玩家 CMOS 標準單元芯片逆向工程工具 mmo-chip: Multiplayer CMOS Standard Cell Chips Reverse Engineering Tool (github.com)
169. DSPi:一款面向樹莓派 Pico(RP2040)和 Pico 2(RP2350)的、功能齊全的音頻 DSP 固件 DSPi: A fully featured audio DSP firmware for the Raspberry Pi Pico (RP2040) and Pico 2 (RP2350) (github.com)
173. Dyalog v20.0 的新功能:數組、命名空間、組合、內聯跟蹤——阿舍·哈維-史密斯 Enhancements in Dyalog v20.0: Arrays, Namespaces, Composition, Inline Tracing - Asher Harvey-Smith (www.youtube.com)
175. Akrites:針對開源軟件關鍵基礎設施的協調、保密的漏洞修復工作取決於 Akrites: Coordinated, confidential vulnerability remediation for the open source software critical infrastructure depends on (akrites.org)
176. 我已經全面轉向 Nix:從 Proxmox 遷移到 NixOS Incus I''ve gone full Nix: Proxmox to NixOS Incus (www.nijho.lt)
177. 隆重推出 Silk:一款專為 ClickHouse 設計的絲般順滑的纖維運行時 Announcing Silk: a silky smooth fiber runtime for ClickHouse (clickhouse.com)
180. 通用同步的侷限性:架構、權衡與決策因素的分類學 The Limits of Generalized Sync: ATaxonomy of Architectures, Trade‑offs, and Decision Factors (aaltodoc.aalto.fi)
183. 在Shai-Hulud出手之前,檢測並清除開發工作站上的危險機密 Detecting and removing dangerous secrets on dev workstations before Shai-Hulud does (recyclebin.zip)
184. Clever Cloud 的 Pierre Zemb 談 FoundationDB Pierre Zemb from Clever Cloud on FoundationDB (theconsensus.dev)
195. Go 語言中的零拷貝:sendfile、splice 以及 io.Copy 的開銷 Zero-copy in Go: sendfile, splice, and the cost of io.Copy (segflow.github.io)
201. Sacr3d:一個用於在 Scheme 中實現 3D 圖形渲染的渲染引擎工具箱 Sacr3d: A rendering engine toolbox to do 3D graphics in Scheme (teddd.srht.site)
205. Rails 的擴展:每小時 4100 萬次請求,8 個數據庫,disable_joins: true Scaling Rails: 41M Req/Hour, 8 DBs, disable_joins: true (andyatkinson.com)
206. Microspeak 進一步解釋道:託管不就是“發佈候選版”的另一個說法嗎? Microspeak elaborated: Isn''t escrow just a release candidate by another name? (devblogs.microsoft.com)
210. window.showDirectoryPicker 為您開啟了一個嶄新的世界 window.showDirectoryPicker opens up a whole new world (steveharrison.dev)
217. RubyLLM——一個適用於所有主流AI服務商的、簡潔優雅的Ruby框架 RubyLLM - a single, beautiful Ruby framework for all major AI providers (rubyllm.com)
218. [參與邀請]:2.5小時的Haskell基金會在線研討會 [Call for Participation]: 2.5 hour Haskell Foundation Online Workshop (discourse.haskell.org)
230. 利用 Cackle 增強 Rust 供應鏈攻擊的難度 (2023) Making Rust supply chain attacks harder with Cackle (2023) (davidlattimore.github.io)
234. maestro:一款用Rust語言編寫的、輕量級且與Linux兼容的內核 maestro: Lightweight, Linux-compatible kernel, written in Rust (github.com)
236. Ultra:一個從零開始開發的核心,旨在與 Linux 內核用戶空間實現(幾乎)完全的 ABI 兼容性 Ultra: A from-scratch kernel that aims to be (nearly) fully ABI compatible with the Linux kernel userland (github.com)
241. Cloudflare 與主流瀏覽器合作,為全球互聯網開發一種以隱私為先的協議 Cloudflare Collaborates With Leading Browsers to Develop a Privacy-First Protocol For the Global Internet (cloudflare.net)
247. 使用 Python 和 Apache Spark 實現自定義查詢語言 Implementing a Custom Query Language with Python and Apache Spark (nchammas.com)
258. CMDK 快速切換鍵發明背後的趣聞軼事 The curious history the invention of the CMDK quick switcher (ux.stackexchange.com)
260. 謹以此文紀念那位在單詞下方畫上紅綠波浪線的人 In memory of the man who put red and green squiggles under words (devblogs.microsoft.com)
264. 一步一個腳印,用每一臺Lisp機器開創未來 Inventing the Future, One Lisp Machine at a Time (www.patrickdomanico.com)
266. Hyperblam:Web Audio API 的聲明式實現 Hyperblam: a declarative implementation of the Web Audio API (hyperblam.how)
268. 為什麼繪圖板品牌不願在Linux自由開源軟件(FLOSS)驅動方面開展合作 Why Drawing Tablet Brands Won''t Collaborate on Linux FLOSS Drivers (www.davidrevoy.com)
284. 在 Linux/x86-64 上使用內存間接調用進行系統調用插樁(徒勞無功?),第一部分 System call instrumentation on Linux/x86-64 using memory-indirect calls (in vain?), part one (www.humprog.org)
288. loupe:一款注重隱私保護的 iOS 應用,旨在提高用戶對原生應用能夠獲取哪些信息的認知 loupe: A privacy-focused iOS app that raises awareness about what native apps can see (github.com)
289. 關於當前藝術作品中出現的LLM中毒現象,有什麼建議嗎? What''s the advice for LLM poisoning of artwork these days? (lobste.rs)
293. postmarketOS v26.06(Alpen Avocado)正式發佈 postmarketOS v26.06 (Alpen Avocado) released (postmarketos.org)
296. 人工智能會毀掉我們的技能嗎?初步結果已經出爐,情況並不樂觀 Is AI ruining our skills? Early results are in and they’re not good (www.nature.com)
298. 直通地獄?論濫用透明DNS轉發器進行放大攻擊 Forward to Hell? On Misusing Transparent DNS Forwarders For Amplification Attacks (labs.ripe.net)
299. cl-bbs:用 Common Lisp 重寫的一個類似 schemeBBS 的文本論壇 cl-bbs: the schemeBBS-like textboard rewritten in Common Lisp (github.com)