devtake.dev
AI Security Hardware Open Source Policy Apple

#open-source

RSS
Related: #dev-tools · 14 #github · 6 #llm · 5 #rust · 5 #agpl · 4 #javascript · 4 #3d-printing · 3 #cloudflare · 3 #linux · 3 #security · 3
DepthFirst research card titled 'Twenty One Zero-Days in FFmpeg' over a dark code-styled background
Security·

An AI agent found 21 ways to attack FFmpeg, the codec library inside almost everything

DepthFirst's agent surfaced 21 FFmpeg zero-days for about $1,000. One 183-byte packet hits RCE. The deeper story is who pays the volunteers who fix them.

Cargo loader moving freight onto an aircraft, a stand-in for the software supply chain
Security·

Red Hat's npm namespace and Arch's AUR were both backdoored within two weeks of each other

A worm hijacked Red Hat's npm namespace, a rootkit spread through 1,500 Arch AUR packages, and a SOC 2-certified AI gateway shipped malware. Registries are under fire.

Cloudflare blog graphic announcing that VoidZero is joining Cloudflare
Open Source·

Cloudflare bought VoidZero, the team behind Vite. The tools stay MIT and vendor-neutral.

Cloudflare acquired VoidZero, Evan You's company behind Vite, Vitest, Rolldown and Oxc. The tools stay MIT-licensed, and there's a $1M ecosystem fund.

Illustration of open-source game development tools beyond the engine
Gaming·

Beyond the engine: six open-source tools that shape how games get made

Godot, Unity and Unreal get the headlines, but six open-source tools quietly do the art, levels, and dialogue work that real games ship on.

The microsoft/coreutils GitHub repository page
Open Source·

Microsoft is shipping Linux's core commands on Windows, built in Rust

Microsoft's Coreutils for Windows brings native ls, cp, and grep to Windows, built on the Rust uutils project. Here's what it is and why the Rust rewrite matters.

A source-code editor open to C++ code, evoking the debate over AI-written contributions to open source
Open Source·

SQLite won't accept AI-written code, but QEMU just opened the door to it

Two of the most cautious C projects split on AI contributions in the same week. The real fight is over copyright provenance and who cleans up the slop.

A developer's Emacs session in a Linux terminal, editing C source alongside a shell
AI·

Hacker News is obsessed with durable Postgres workflows and a game about clicking yes

Six dev-tooling and AI posts that climbed Hacker News in late May 2026: durable execution on plain Postgres, LLM code smells, a permission-fatigue game, Rust 1.96, and more.

An open-source graphic, representing the long-lived MySQL codebase where bug #11472 sat for two decades.
Open Source·

MySQL just fixed a 20-year-old bug where cascade deletes silently skipped triggers

MySQL bug #11472 was filed in 2005: triggers never fired on foreign key cascade actions, silently breaking audit logs. MySQL 9.7 finally closes it via WL#17024.

A scan of the 86-DOS changelist from Tim Paterson's 1981 assembler printout, the kind of artifact Microsoft released under MIT on April 28.
Open Source·

Microsoft just open-sourced 86-DOS. Tim Paterson's 45-year-old listings are now on GitHub under MIT.

Yufeng Gao and Rich Cini scanned Tim Paterson's 1981 assembler printouts. Microsoft pushed them to DOS-History/Paterson-Listings on April 28, the 45th anniversary.

A Linux boot screen with kernel messages scrolling, used here as visual shorthand for the init-system layer where the Flatpak/systemd argument is happening.
Open Source·

Flatpak's next sandboxing milestone bolts it to systemd. Alpine and Void users get the bill.

Sebastian Wick and Adrian Vovk pitched systemd-appd at Linux App Summit on May 17. The cost of nested sandboxing is a hard systemd dependency in mainline Flatpak.

Figure from a forensic document-examination study used here as visual shorthand for verifying authorship of code.
Open Source·

yt-dlp's maintainer says Bun is now 'fully vibe-coded'. Support is officially deprecated.

yt-dlp's maintainer bashonly says Bun's Rust rewrite 'has taken a turn towards being fully vibe-coded.' The supported window narrowed to four versions.

A diagram from Cloudflare's blog post illustrating how a Wasm instance recovers state after a Rust panic.
Open Source·

Cloudflare taught wasm-bindgen to catch a Rust panic. Workers no longer poison the sandbox.

Three Cloudflare engineers shipped panic and abort recovery into wasm-bindgen on April 22. A Rust Worker that panics now reinitialises on the next request.

Vasilios Syrakis at his desk next to a whiteboard diagram of an Open Service Broker: Client → FastAPI → SQS → Worker → DynamoDB, with provisioning tasks to Route53, CloudFront, and API calls.
Web·

Atlassian laid off the engineer who built its edge. He published the blueprints.

Vasilios Syrakis spent eight years building Atlassian's Envoy control plane. After the March cuts, he posted a 40-minute walkthrough that hit 1.1M views.

Jeff Geerling at his workbench with a 3D printer, from his Raspberry Pi magazine profile
Hardware·

The OrcaSlicer fork Bambu Lab killed has six mirrors. Jeff Geerling joined the boycott.

FULU-Foundation/OrcaSlicer-bambulab hit 1,700 stars on May 12. Geerling won't recommend a Bambu printer again, and Louis Rossmann pledged $10,000 toward Jarczak's defense.

Obsidian application banner showing the note-taking app branding
Open Source·

120 million plugin downloads later, Obsidian moved off GitHub. Paid plugins are now allowed.

Obsidian launched Obsidian Community on May 12. The new directory replaces the GitHub plugin queue with automated reviews, and paid plugins are in for the first time.

RPCS3 project logo on a solid black background, from the official rpcs3.net press graphic
Open Source·

RPCS3's maintainers will ban contributors who submit undisclosed AI pull requests

The PS3 emulator project posted on X on May 10, citing 'AI slop' that has been clogging review. The hard line: ban-on-sight if you don't disclose.

The Register's coverage of Bun's experimental Zig-to-Rust port
Open Source·

Jarred Sumner rewrote 960,000 lines of Bun from Zig to Rust in six days. He might throw it all away.

Bun's creator used Claude to port the JavaScript runtime from Zig to Rust, hitting 99.8% test compatibility. He says there's a 'very high chance' it gets scrapped.

Steam Controller hardware shown from above
Gaming·

Valve open-sourced the Steam Controller's shell. Dbrand had a skin ready in 48 hours.

Valve published STP and STL CAD files for the Steam Controller and Puck under CC BY-NC-SA 4.0 on GitLab. Anyone with a 3D printer can now mod it.