Top stories

  1. LUKS suspend stopped wiping disk-encryption keys from memory since Linux 6.9 Ingo Blechschmidt git-bisected a regression showing that since Linux 6.9 (May 2024) the mechanism that flushes a LUKS master key on suspend to RAM silently stopped working, so full-disk-encryption keys stayed resident in kernel memory across suspend for over two years. A kernel refactoring (commit a28d893) had an unexpected long-range interaction with the encryption path; the fix is one line. A cryptsetup merge request adds a warning instead of failing silently, and a NixOS test guards against future regressions.
  2. Podman v6.0.0 moves rootless networking to Netavark, Pasta, and nftables Podman 6.0.0 shipped 2026-07-02. It transitions the default networking stack away from slirp4netns and iptables toward Netavark, Pasta, and nftables, and adds experimental Pesto rootless port forwarding for custom networks. Quadlet gains a REST API, expanded .volume unit features, and more distribution search paths, and a new podman machine os update command maintains the machine VM. Docker API compatibility and command output are refined for easier migration.
  3. Alibaba to ban Claude Code at work over alleged backdoor risk after Anthropic confirms a proxy check Reuters reported on 2026-07-03, citing a source, that Alibaba will bar employees from using Claude Code in workplace environments starting 2026-07-10, after Chinese financial outlet Yicai reported Alibaba identified an embedded backdoor risk in the tool. The allegation originated in a 2026-06-30 reverse-engineering writeup claiming that Claude Code since v2.1.91 (2026-04-02) silently inspected users' proxy configuration and system time zone. A member of Anthropic's Claude Code team said on social media that the mechanism existed to detect account resale and model distillation rather than to spy on users, and that it would be removed in the next update. No third-party security firm has independently confirmed a backdoor.
  4. crustc translates the Rust compiler to about 46 million lines of C crustc is a demonstration that compiles rustc 1.98.0-nightly into roughly 46 million lines of C that build with GCC and make, without LLVM. It is produced by "cilly," a Rust-to-C backend that adapts output to a target C compiler using small witness programs and targets close to ANSI C. The stated motivation is Rust portability to old or obscure hardware without LLVM or a GCC Rust frontend. The author labels it a proof of concept: the full cilly toolchain is not released, optimization bugs remain, compilation is slow, and it crashes when run from the repository root.

Conferences and events

  1. ICML 2026 starts in 3 days The International Conference on Machine Learning 2026 starts in 3 days (2026-07-06) and runs through 2026-07-11.

ML research

  1. Paper argues a single transformer layer can match full-parameter RL fine-tuning A preprint submitted 2026-07-01 (Zhang and co-authors) reports that reinforcement-learning fine-tuning gains are concentrated in a small subset of transformer layers, often a single middle layer, and that training only that layer can recover or exceed full-parameter RL results. The authors define a "layer contribution" metric and evaluate seven Qwen2.5 and Qwen3 models across three RL algorithms (GRPO, GiGPO, Dr. GRPO) on math, code, and agentic tasks.

Agentic coding

  1. Cursor publishes CursorBench 3.1 coding-agent evaluation Cursor published CursorBench 3.1, a vendor evaluation of coding agents on ambiguous multi-file tasks drawn from real Cursor sessions, covering codebase understanding, bugfinding, planning, and code review. The page ranks 36 model configurations and describes its per-task cost calculation from published per-token pricing, but does not disclose task construction or grading rubrics.
  2. Practitioner argues for a short-leash workflow when coding with AI agents Greg Slepak (okTurtles) describes a short-leash method for using coding agents on security-critical software: break work into tracked steps, require a permission prompt that shows each diff before it applies, review and approve or deny every change, commit after each subtask, and record which models assisted in a mandatory pull-request AI-disclosure section. The post is a practitioner opinion drawn from maintaining the Group Income codebase, with no measured results or reproducible benchmark.
  3. WebKit ships a Safari MCP server for autonomous web debugging WebKit published a Safari MCP server on 2026-07-01 that lets any Model Context Protocol client drive a Safari window for debugging. It exposes 16 tools spanning tab and navigation control, DOM inspection, clicks and typing, screenshots, console buffering, network request listing and inspection, JavaScript evaluation, performance timing, accessibility checks, and viewport and media emulation, so an agent can reproduce what a user sees. It requires Safari Technology Preview 247 or later with developer features enabled and is configured per agent (Claude, Codex, and others).

Security

  1. Bernstein calls on standards bodies to reject non-hybrid ML-KEM in TLS Daniel J. Bernstein published an argument and call to action against IETF endorsement of solo ML-KEM in TLS, framing it as a weakening of the deployed ECC plus ML-KEM hybrid. His case rests on the history of broken post-quantum candidates (SIKE was broken after deployment to millions of connections) and on hybrid key exchange as defense in depth if the lattice layer fails. He characterizes the push toward non-hybrid post-quantum key exchange as driven by NSA and GCHQ.

Developer tools

  1. Immich 3.0 ships workflows, mobile editing, and breaking API changes The self-hosted photo platform Immich released 3.0 on 2026-07-02 (patch 3.0.1 same day). It adds a drag-and-drop Workflows automation builder (preview), mobile non-destructive editing, a Recently Added view, HLS and real-time video transcoding (preview, web), mobile OCR, and integrity checks for untracked, missing, and checksum-mismatched files. Breaking changes affect API integrators: pgvecto.rs support is dropped, deprecated environment variables and old timeline sync endpoints are removed, durations move to milliseconds, and the error and validation schema is restructured.
  2. ProseMirror creator releases Wordgard, an MIT semantic rich-text editor Marijn Haverbeke, author of ProseMirror and CodeMirror, published Wordgard, an open-source (MIT) in-browser rich-text editor library. It models documents as schema-based semantic structure with custom elements rather than free-form HTML, supports tables, nested lists, captioned figures, collaborative editing, accessibility, and right-to-left text, and exposes a programming interface for building customized editors. Commercial users are asked to help fund maintenance under a social, non-legal expectation.

Languages and runtimes

  1. Deno 2.9.1 refines desktop bundling and Node compatibility Deno 2.9.1 released 2026-07-01 with over 40 fixes across the 2.9 line. It adds a --desktop flag for type-checking desktop applications and deep-link URL scheme registration at bundle time, updates the Laufey desktop framework to 0.5.0, and fixes CSS raw imports in bundling, node:net socket permissions, TLS shutdown handling, npm bin resolution, and scoped-registry authentication.

Infrastructure

  1. LMDB 1.0 released with a breaking on-disk format change LMDB (Lightning Memory-Mapped Database), the embedded copy-on-write key-value store used by OpenLDAP, Monero, and many language bindings, tagged 1.0.0 on 2026-06-30, its first 1.0 after more than a decade on the 0.9.x line. The 1.0 on-disk format is incompatible with 0.9 and there is no in-place upgrade, so existing data must be exported with the 0.9 mdbdump and reimported with the 1.0 mdbload. New features listed in the upgrade notes are incremental backup, page-level checksums and encryption, databases on raw block devices, two-phase commit, and page sizes up to 64KB.

Engineering posts

  1. Co-locating workflow state with data in Postgres for exactly-once execution A DBOS post argues that keeping durable-workflow checkpoints in the same Postgres database as application data lets the step checkpoint and the data update commit in one transaction. That removes the failure window that forces application-level idempotency bookkeeping, and it collapses the transactional-outbox pattern: either the update commits and the workflow is enqueued or neither happens.
  2. Ubicloud runs PostgreSQL with strict memory overcommit to avoid OOM-killer cascades A Ubicloud post dated 2026-04-27 (front page on 2026-07-03) explains why they set vm.overcommitmemory=2 for PostgreSQL. When the Linux OOM killer terminates any backend, the postmaster assumes shared memory may be corrupted and kills all backends, dropping every connection and forcing crash recovery. Strict overcommit makes the kernel return ENOMEM to a single allocation instead, so one backend fails its transaction and the postmaster stays up. They size the limit at 80 percent of physical memory plus 2 GB, which they say protects over 99 percent of their fleet, and note a one-character kernel accounting bug in 6.5 that forced them to disable the setting until the 6.8 fix.
  3. git-annex maintainer spends about 100 hours excluding LLM-generated dependency code Joey Hess describes spending roughly 100 hours ensuring git-annex can build without dependencies that contain LLM-generated code. He cites large AI-generated changes later reverted without explanation, incoherent commit messages on large diffs, and copyright-attribution risk, and maintains a tracking resource to make per-dependency decisions. He acknowledges the effort may not scale against industry trends.

New videos

  1. Kent Beck on why test-driven development lost popularity Kent Beck, who codified test-driven development and extreme programming, discusses why TDD adoption declined and how his own view of when to apply it has shifted.

Markets and companies

  1. OpenAI reported in early talks over a US government equity stake Reporting on 2026-07-02 says OpenAI is in early talks that could give the US government about a 5 percent stake. The talks are described as early and unconfirmed by a definitive filing.

Hacker News

  1. Discussion: the primary purpose of code review A post arguing that the main value of code review is catching code that will be hard to maintain, rather than finding bugs, drew a large HN thread (334 points).
  2. Show HN: ZeroFS presents S3 as POSIX filesystems and block devices ZeroFS, a Show HN that reached 122 points, is a userspace log-structured filesystem that exposes S3-compatible object storage as POSIX filesystems over NFS and 9P and as raw block devices over NBD. Data is written as immutable segments, compressed with zstd or lz4 and encrypted with XChaCha20-Poly1305 before upload. It is dual-licensed AGPL-3.0 and commercial.
  3. Show HN: claude-real-video feeds videos to any LLM by selecting key frames A Show HN reaching 141 points, claude-real-video (MIT) processes a video locally and emits frames, a transcript, and a manifest that any model can read. It selects frames on scene change rather than at fixed intervals, deduplicates near-identical shots by RGB pixel difference with a per-N-seconds density floor, prefers existing subtitles and falls back to Whisper for audio, and accepts URLs via yt-dlp or local files. The stated goal is to send fewer but more relevant frames to cut token usage while preserving comprehension.
  4. Show HN and Ask HN signal PeerTube, the federated ActivityPub video platform, reached the front page (558 points) amid renewed interest in decentralized media. The monthly "Ask HN: Who is quitting?" thread (176 points) collected practitioner accounts of job changes and labor sentiment.

Reddit and social pulse

  1. r/programming discussion pulse With Reddit RSS partially degraded from the run environment, r/programming top-of-day surfaced engineering write-ups including data-oriented design outside gamedev, "Good APIs Age Slowly," a CockroachDB slow-logout optimization tale, and "Models are programs." These are discussion-level blog posts rather than primary releases.