Planescape: Torment, Part 1: From the Tabletop (www.filfre.net)
CVE-2026-46529: 10-year-old RCE in Linux PDF Viewer (XReader/Evince/Atril) (medeiros.zip)
Announcing Isabelle support for SAW (www.galois.com)
The mysterious XF86AudioPlay issue (michael-prokop.at)
account-center: Self-hosted, OIDC-authenticated portal for internal services and knowledge base articles (git.sr.ht)
Noroboto: Lying fonts and mitigation in Rust (tritium.legal)
Only 17% of all 64-bit Integers are products of two 32-bit integers (lemire.me)
A blueprint for formal verification of Apple corecrypto (security.apple.com)
Burnout in Open Source: A Structural Problem We Can Fix Together (opensourcepledge.com)
HTML5 Foster Parenting (www.rushis.com)
End-to-End Procedural Generation in Caves of Qud (2019) (www.youtube.com)
The Maintainer''s Dilemma (spf13.com)
WordPress 7.0 (wordpress.org)
A Forth-inspired language for writing websites (robida.net)
score by collisions, patch by panic (blog.himanshuanand.com)
minc — A minimal language for building native software (minc.dev)
Megalodon: Mass GitHub Repo Backdooring via CI Workflows (safedep.io)
Secure Boot and CA Rollover - a heads-up for distributions (blog.einval.com)
This blog ran on Ubuntu 16.04 for 10 years. I migrated it to FreeBSD (crocidb.com)
Designing Firefox for the future (blog.mozilla.org)
Virtual Time for discrete event simulation and distributed concurrency control (1985) (worrydream.com)
C Programming Language Quiz (stefansf.de)
FTC to Require Cox Media Group to Pay Nearly 1million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service (www.ftc.gov)
.png)
Google API keys keep working after you delete them long enough to be exploited (www.aikido.dev)
Gnutella: A Protocol Outlives the World That Created It (rickcarlino.com)
Introducing the pkg.go.dev API (go.dev)
uv is fantastic, but its package management UX is a mess (www.loopwerk.io)
Stop Using Pull Requests (a4al6a.substack.com)
Reviving old scanners with an in-browser Linux VM bridged to WebUSB over USB/IP (yes-we-scan.app)
CVE-2026-47243: Kata Containers guest-root to host-root escape via virtiofs (www.openwall.com)
What is the ''--'' operator in C/C? (stackoverflow.com)
Announcing Web Serial Support in Firefox (hacks.mozilla.org)
How to open calc.exe from S&Box (slugcat.systems)
Introducing ArkTS, Huawei’s Next-Generation Development Language (dev.to)
Dependency cooldowns are unfair; we should use phased rollouts instead (illegalcode.net)
Speeding Up the Back End with Graph Theory (2019) (sensortower.com)
A Private pkg Repo Behind Mutual TLS (oshogbo.com)
Flipper One — we need your help (blog.flipper.net)
Gobee: write eBPF programs in Go, transpiled via clang (github.com)
Ursula: thread-per-core, multi-Raft Rust runtime for HTTP event streams (github.com)
John Regehr''s Integers in C Quiz (acepace.net)
Internships for early university / no former employment (lobste.rs)
L1 instruction cache set conflicts, associativity, and code alignment in Go (blog.andr2i.com)
Church Encoding, Parametricity, and the Yoneda Lemma (blog.wybxc.cc)
FatGid - FreeBSD 14.x kernel LPE (fatgid.io)
Python 3.15: features that didn''t make the headlines (blog.changs.co.uk)
Kubernetes In Anger (samof76.space)
Tailwind: Suffering From Success (blog.sebin-nyshkim.net)
No query strings here either (furrer.life)
On Google declaring war on the Web (tante.cc)
[RFC] LLVM Foundation statement in favor of open access to standards documents (discourse.llvm.org)
Twelve Ways to Be Wrong About AI-Assisted Coding (third-bit.com)
OpenSMTPD Is The Mail Server For The Future (bsdly.blogspot.com)
Aggressive AI scrapers are making it kinda suck to run wikis (weirdgloop.org)
Waterfox Release 6.6.13 removes Startpage as default search provider (www.waterfox.com)
The Mislabeled Bricks of Utopia (orib.dev)
Staged publishing for npm packages (docs.npmjs.com)
An OpenAI model has disproved a central conjecture in discrete geometry (openai.com)
Who Builds a House Without Drawing Blueprints? (2015) (cacm.acm.org)
Why does the arrow (-) operator in C exist? (stackoverflow.com)
How many sandboxed pods can fit in a Pi? (nubificus.co.uk)
Engineering for Breathing Room (rfc.earendil.com)
Chromium publishes fixed exploit 4 years later, turns out it''s actually unfixed (infosec.exchange)
Yearslong fight over users'' right to tweak smart TV software heads to trial (arstechnica.com)
XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None (scotthelme.co.uk)
Logic bug in the Linux kernel''s __ptrace_may_access() function (CVE-2026-46333) (cdn2.qualys.com)
Notes on I2C (rana-emaan.com)
How cross-thread double free detection could work in glibc malloc (kallus.org)
the may 2026 fedi software vulnerability (w.on-t.work)
Golfing Zig ELF Binaries (2025) (ctf.gg)
C26: More function wrappers (www.sandordargo.com)
modulejail: Proactively shrink a Linux host''s kernel-module attack surface by blacklisting every module not currently in use (github.com)
Grafana Labs GitHub repos breached via TanStack npm supply chain attack (grafana.com)
Saying goodbye to asm.js (spidermonkey.dev)
Erasing Existentials (wolfgirl.dev)
Annotate-in-Place Notes with Emacs and org-remark (www.chiply.dev)
TeamPCP Interview (buymeacoffee.com)
Prompts are technical debt too (www.seangoedecke.com)
haunt.nvim: Ghost text bookmarks for Neovim (github.com)
Ways for an Open Source Project to Die (nesbitt.io)
Github: internal repositories have been accessed (nitter.net)
Everything in C is undefined behavior (blog.habets.se)
GitHub Source Code Breach - TeamPCP Claims Access to Internal Source Code (cybersecuritynews.com)
If you''re just going to sit there doing nothing, at least do nothing correctly (devblogs.microsoft.com)
Why Ruby Still Feels Like Home After All These Years (caio.ca)
I''ve built a virtual museum with nearly every operating system you can think of (www.youtube.com)
Emacs after Magit (sdf.org)
Tonic is joining the gRPC project (luciofranco.com)
Chasing down why installing the kernel segfaulted (sporks.space)
I am not a Software Engineer (huronbikes.mataroa.blog)
pgBackRest with continue (pgbackrest.org)
Pokemon compression myth (www.reddit.com)
Better generated branch names with jj (ddbeck.com)
On the Unreasonable Effectiveness of Property-Based Testing for Validating Formal Specifications (proofsandintuitions.net)
pg_deltax: Apache-licensed time-series extension for PostgreSQL (github.com)
Human Bottlenecks (borretti.me)
PinTheft Linux LPE (www.openwall.com)
What would you want from a forge? (lobste.rs)
How we used Quint to find over 10 bugs in SQLite while hardening Turso (turso.tech)
Under the Hood: Building a Real-Time Chord Recognizer (whatchord.earthmanmuons.com)
It’s all in the name (plasmasturm.org)
Type out the code (haskellforall.com)
The Super Tiny Compiler, but in Ada (github.com)
My domain got abused on Github Pages (meertens.dev)
OpenBSD 7.9 released (www.openbsd.org)
Software''s Centaur Era (twitchard.github.io)
A self-balancing skip-list (aka "splay-list") library in C (codeberg.org)
Lime, a parser generator that can merge grammars at runtime (codeberg.org)
Noxu DB, a Rust port of Berkeley DB Java Edition (codeberg.org)
The Unreasonable Effectiveness of ProseMirror Model in Rich Text Transformation (smoores.dev)
The Windows DLL loader lock: how a Rust thread can hang your JVM (questdb.com)
Holistic Configuration Management at Facebook (research.facebook.com)
Even More Tagged Union Subsets with Comptime (sinclairtarget.com)
SIMD-accelerated integer-to-string conversion (lemire.me)
End of the semester (mtendekuyokwa.github.io)
Using algebra and LLMs to verify a flight-plan bug fix in Lean (jameshaydon.github.io)
Spork: A posix_spawn you can use as a fork (dl.acm.org)
The just-say-no engineer was a ZIRP phenomenon (www.seangoedecke.com)
Bournegol (2014) (oldhome.schmorp.de)
Introducing Casuarina Linux: A glibc-Based Chimera Linux Derivative (casuarina.org)
Comprehensive Response to Bambu''s AGPLv3 Violations (sfconservancy.org)
CISA Admin Leaked AWS GovCloud Keys on Github (krebsonsecurity.com)
Programming as Theory Building (1985) (gwern.net)
The Fil-C Optimized Calling Convention (fil-c.org)
cargo-crap: Finding Untested Complexity in AI-Generated Rust Code (minikin.me)
Running ‘Doom’ on E. coli cells… very, very slowly (www.popsci.com)
Haiku OS runs on M1 Macs now (www.osnews.com)
Misconceptions about the UNIX Philosophy (posixcafe.org)
The Quiet Renovation at Bitwarden (blog.ppb1701.com)
How does Flathub even work? The CDN and caching layer (barthalion.blog)
Git blame for code comprehension (matklad.github.io)
How to select a mobile OS (blog.gridranger.dev)
The implementation of select in Go (internals-for-interns.com)
AI Agent Security - MIT 6.566 guest lecture (github.com)
Cross-Document View Transitions: The Gotchas Nobody Mentions (css-tricks.com)
A Linux-like kernel in a browser tab - deep dive in the BrowserPod architecture (labs.leaningtech.com)
De‐bloating Javascript (github.com)
A 16-byte x86 demo: Matrix rain with sound (hellmood.111mb.de)
Complications of funding an open source operating system (posixcafe.org)
Find bugs in YOUR code using OpenCode, Llama.cpp and Qwen3.6 (wtarreau.blogspot.com)
FediMeteo, HAProxy, and the art of not wasting snac threads (it-notes.dragas.net)
The occasional ECONNRESET (movq.de)
Calvin - Determinism, Distributed ACID transactions (2020) (www.mydistributed.systems)
Review: Sylve on FreeBSD (distrowatch.com)
spr: Stacked Pull Requests on GitHub (github.com)
Researcher says Microsoft secretly built a backdoor into BitLocker (www.techspot.com)
Reverse engineering Android malware with Claude Code (zanestjohn.com)
Reversing ‘Grateful Dead: D2S2’ on Mac (2022) (blog.os9.ca)
Rust async and the ARM generic timer (thejpster.org.uk)
May I recommend eww for Emacs’s innovative UI? (www.matem.unam.mx)
Designing a Scientific Calculator from scratch in FPGA (baltazarstudios.com)
Fits on a Floppy - A Manifesto for Small Software (fitsonafloppy.com)
postmarketOS in 2026-04: new boot splash (postmarketos.org)
New design for the FreeBSD website (www.freebsd.org)
Bitsocial: Open Source P2P Network for Social Apps (bitsocial.net)
DFOS, Dark Forest OS (www.dfos.com)
Bun''s problem may be developing in the open (00f.net)
Don''t answer the first question (lalitm.com)
Reviewing so called Pull Requests at dayjob (rkta.de)
Coding on Paper (wickstrom.tech)
Claude Code managed to get Adobe Lightroom working on Linux (github.com)
Native all the way, until you need text (justsitandgrin.im)
Go European — Discover European products and services (www.goeuropean.org)
Cutting the Gordian Hairball (buttondown.com)
Fast16: Pre-Stuxnet Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations (www.security.com)
PyCon US 2026 Packaging Summit Recap (discuss.python.org)
Savepoint Project (www.namtao.com)
DeepSeek-V4-Flash means LLM steering is interesting again (www.seangoedecke.com)
Thinking in States (www.metalevel.at)
Introducing Incremental (blog.janestreet.com)
Content-defined chunking in Bazel''s remote cache (www.buildbuddy.io)
Hyperpolyglot Lisp: Common Lisp, Racket, Clojure, Emacs Lisp (hyperpolyglot.org)
The Piece Table - the Unsung Hero of Your Text Editor (dev.to)
Rust x GBA: Setup and Pixels (jonahnestrick.com)
Async I/O in Zig 0.16, today (lalinsky.com)
The Tomy Tutor and the state of 1983 home computers (oldvcr.blogspot.com)
Dusklight • Restoring light to a classic adventure (twilitrealm.dev)
A checkbox to enable the Django debug toolbar (mdk.fr)
experimental OpenBSD MAP-E CE support (feedback) (git.sr.ht)
Subscription Bombing: Email under Attack (cacm.acm.org)
The Futility of Lava Lamps: What Random Really Means (loup-vaillant.fr)
Data race freedom in OxCaml (kcsrk.info)
triad: data-oriented window manager for the River Wayland compositor (github.com)
Recent Kernel exploits, attack surface reduction, example IPSEC (www.openwall.com)
Starting Systems Programming, Pt 1: Programmers Write Programs (2025) (eblog.fly.dev)
A 90''s era Keygen-like for X11 for Unix/Linux (github.com)
A few ways of specifying per-theme colours in only CSS (chrismorgan.info)
My Thoughts on Bun''s Rust Rewrite (en.liujiacai.net)
Virtual Bevy Meetup 13 Recordings now on YouTube (rustunit.com)
Ascetic Computing (ratfactor.com)
Cheap smart doorbell allows fleet-wide account takeover and call hijacking (www.abgeo.dev)
The CTF scene is dead (kabir.au)
How to Write to SSDs (arxiv.org)
Explore Wikipedia Like a Windows XP Desktop (explorer.samismith.com)
Using Rust to parse Godot .tres files and walk the resource graph (assethoard.com)
Starting my own Content Delivery Network (www.youtube.com)
Prolog Projects Tips (occasionallycogent.com)
A History of IDEs at Google (laurent.le-brun.eu)
CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuerySystemInformation (github.com)
Announcing the Zulip Foundation (blog.zulip.com)
LLM generated text should be off topic (lobste.rs)
Git Is Not Fine (www.billjings.com)
5 faster fast_blur in image-rs (apas.tel)
What we learned using AI agents to refactor a monolith (1password.com)
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens (projectzero.google)
Moving away from Tailwind, and learning to structure my CSS (jvns.ca)
Bug Archeology: Solving a decade-old Swift/C mystery (with LLMs) (samkhawase.com)
The Emacsification of Software (sockpuppet.org)
Welcome to ORDER BY jungle (boringsql.com)
Open Source Resistance (ossresistance.com)
security mitigations ansible role (git.sig-io.nl)
The old world of tech is dying and the new cannot be born (www.baldurbjarnason.com)
SQL: Incorrect by Construction (chreke.com)
Bidirectional Typechecking That Does Not Stop (semantic-domain.blogspot.com)
why use F# for scripting and automation? (iev.ee)
claude-for-legal: A suite of plugins for legal workflows (github.com)
Volkswagen- detects when your tests are being run in a CI server, and makes them pass (2015) (github.com)
Community building at the edge of the Internet (news.dyne.org)
PyCon US 2026 Typing Summit Recap (bernat.tech)
Mullvad exit IPs as a fingerprinting vector (tmctmt.com)
Prolog Basics Explained with Pokémon (unplannedobsolescence.com)
ssh-keysign-pwn: Read root-owned files as an unprivileged user (github.com)
Shell Tool Testing (zork.net)
In what way if any are you a tech minimalist while maintaining your job/love for tech? (lobste.rs)
Porting 3D Movie Maker to Linux (benstoneonline.com)
Amazonbot is finally respecting robots.txt (xeiaso.net)
int a 5; a a a; a ? (2011) (gynvael.coldwind.pl)
A Simple Runtime Invariant Miner (rahul.gopinath.org)
"This is written by an LLM" comments should be flagged as off-topic (lobste.rs)
Core Team Panel - Gleam Gathering 2026 (youtu.be)
Spam Resistant Forges (blog.feld.me)
PostgreSQL 18.4, 17.10 closing 11 CVEs (www.postgresql.org)
SQL’s ORDER BY Has Come a Long Way (modern-sql.com)
First public macOS kernel memory corruption exploit on Apple M5 (blog.calif.io)
Linux Compromises, Broken Embargoes, and the Shrinking Patch Window (www.askbaize.com)
How I Moved My Digital Stack to Europe (monokai.com)
HDD Firmware Hacking Part 1 (icode4.coffee)
LibreOps (libreops.cc)
C26 Shipped a SIMD Library Nobody Asked For (lucisqr.substack.com)
The element as a trap (hacktivis.me)
Passwords suck. Can passkeys replace them? (kerkour.com)
Mandy: ActivityPub on Goblins (spritely.institute)
How do I write Elixir tests? (hauleth.dev)
Bun''s Rust rewrite has been merged (www.reddit.com)
Coding Is Thinking: Why I Still Write Code by Hand (dev.to)
Notes from Optimizing CPU-Bound Go Hot Paths (blog.andr2i.com)
The Age of the Amplifier (www.construction-physics.com)
Hoot 0.9.0 released (spritely.institute)
Browsers Treat Big Sites Differently (denodell.com)
Classic 7 is a Windows 10 LTSC mod to look 1:1 to Windows 7 (classic7.lol)
httpx2 - Fork by Pydantic (tildeweb.nl)
Sculpt OS release 26.04 (genode.org)
May I recommend… understanding Emacs''s patterns (www.chiply.dev)
So you want to deploy FN-DSA (keymaterial.net)
5 Years and 5M Later: Inventing a New Programming Language for Web Development Was a Mistake Wasp (wasp.sh)
Pyrefly v1.0 is here (pyrefly.org)
Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability (depthfirst.com)
Catching Typos on My Website with Browser Testing (wickstrom.tech)
How (and why) rqlite takes control of the SQLite Write-Ahead Log (philipotoole.com)
Points are a weird and inconsistent unit of measure (buttondown.com)
Fragnesia: New Linux Privilege Escalation Exploit (github.com)
What if there was no BASIC in EndBASIC? (blogsystem5.substack.com)
Setting up a free *.city.state.us locality domain (fredchan.org)
Lua as a practical "soft-bedrock" language (portal.mozz.us)
Reverting the incremental GC in Python 3.14 and 3.15 (discuss.python.org)
C26: Standard library hardening (www.sandordargo.com)
The Most Emacs Bzr Saga (thanosapollo.org)
Designing a Custom Query Language for Non-Technical Analysts (nchammas.com)
Securitybaseline.eu (securitybaseline.eu)
YellowKey Bitlocker Bypass Vulnerability (github.com)
Sovereign Tech Fund invests over 1 million in KDE software development (kde.org)
AI as Social Technology (knightcolumbia.org)
Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection (0day.click)
Erlang/OTP 29.0 Release (www.erlang.org)
An update on East River Source Control availability (ersc.io)
Dart Live, a compiler, VM, analyzer and hot reload on the web via Wasm (modulovalue.github.io)
MacBook Neo Review: The Laptop For The Rest Of Us (fireborn.mataroa.blog)
Tolaria, Rust, and Questions About What Makes a Mac App Feel Good to Me (shapeof.com)
Deterministic Fully-Static Whole-Binary Translation without Heuristics (arxiv.org)
A detailed introduction to Kakoune for the aspiring power user (ficd.sh)
Partial static single information form (bernsteinbear.com)
what 262,715 regex questions on stack overflow haven''t answered (iev.ee)
Solving the Rubik''s Cube (www.youtube.com)
Pycco: 100-line literate-style side-by-side documentation renderer (pycco-docs.github.io)
Shrinking the OxCaml js_of_ocaml bundle: 285 MB to 4 MB (kcsrk.info)
The BeBox: BeOS Hardware, Photos, and the Apple Deal That Wasn''t (www.jdhodges.com)
Soon We Can Finally Banish JavaScript to the ShadowRealm (css-tricks.com)
The hidden cost of mpsc channels (blog.howardjohn.info)
"six CVEs for serious security vulnerabilities in dnsmasq" (lists.thekelleys.org.uk)
Quack: The DuckDB Client-Server Protocol (duckdb.org)
What is BusyBox? (specular.fi)
cost of enum-to-string: C26 reflection vs the old ways (vittorioromeo.com)
Redis and the Cost of Ambition (charlesleifer.com)
Bambu Lab is abusing the open source social contract (www.jeffgeerling.com)
Time travel without borders (guix.gnu.org)
All the ways to mock your Rust code (blog.appliedcomputing.io)
Killing a Cow made my JSON formatter 42% faster (jacobasper.com)
How Rockstar fit an entire city into PlayStation 2 memory (www.youtube.com)
Postmortem: TanStack npm supply-chain compromise (tanstack.com)