Digest · 17 stories · 30 sources
2026-07-11
Updated
Top stories
- Apple sues OpenAI and two former employees over trade-secret theft Apple filed suit in the Northern District of California on 2026-07-10 (Apple Inc. v. Liu, 5:26-cv-07078) for trade-secret misappropriation and breach of contract against OpenAI Foundation, OpenAI Group PBC, io Products LLC, and two former Apple employees now at OpenAI: Chang Liu, a former senior systems electrical engineer, and Tang Yew Tan, OpenAI's hardware chief and former Apple VP of product design for iPhone and Apple Watch. The complaint alleges Liu skipped his exit interview, kept an Apple laptop, and used a bug to reach Apple internal cloud storage after leaving to download confidential files including over a thousand pages of technical documents, and that Tan directed Apple job candidates to bring "actual parts" to OpenAI interviews for show-and-tell.
- GPT-5.6 Sol Ultra claims a proof of the Cycle Double Cover Conjecture OpenAI published on 2026-07-10 a PDF proof of the Cycle Double Cover Conjecture (posed by Szekeres in 1973 and Seymour in 1979) attributed to GPT-5.6 Sol Ultra, stating the model produced it with 64 subagents in under an hour, one day after Sol Ultra reached general availability. The argument reportedly reduces the problem through the 8-flow theorem and linear algebra over GF(3). The proof is not peer reviewed.
- JetBrains TeamCity arbitrary file access via Perforce integration (CVE-2026-59793) JetBrains disclosed CVE-2026-59793 on 2026-07-10, arbitrary file access through the Perforce VCS integration in TeamCity before 2026.1.2. CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), CWE-73, fixed in 2026.1.2. A companion issue CVE-2026-59794 is a stored XSS on the cloud profile page. No active exploitation is reported.
Conferences and events
Agentic coding
Security
Outages
- LaunchDarkly web app and flag delivery degraded LaunchDarkly reported an incident on 2026-07-10 in which the web application was unavailable and flag-delivery evaluations had an elevated failure rate, with event ingestion also affected. The incident was resolved the same day. Recovery required customers on server-side SDKs to restart applications to restore connections, and affected SDKs logged messages such as "giving up permanently", "Invalid SDK key", or "unauthorized".
- crates.io API servers hit by a coordinated DoS attack crates.io reported what it described as a coordinated denial-of-service attack against its API servers on 2026-07-11, opened at 14:22 UTC and resolved at 15:42 UTC. It stated crate downloads and dependency resolution through the sparse and git index should not be affected, placing the impact on the API and web surface rather than cargo build fetches. Countermeasures deployed around 15:06 UTC brought servers largely back to normal, and the team credited Fastly's CDN for the response.
Infrastructure
Engineering posts
- Scarf moves its production stack off Haskell after seven years Avi Press wrote on 2026-07-10 that Scarf, which provides package-download analytics for open source, is moving its production systems off Haskell to Python after seven years. He cites Haskell build and compile times as the main friction, worsened by parallel AI-assisted development where a model can produce an implementation faster than the build completes, plus toolchain complexity around Nix and CI caching. Rewritten components include authentication, database access, shared models, deployment images, and tests.
- LWN details AI scrapers overwhelming infrastructure through residential proxies Jonathan Corbet wrote on 2026-07-10 that AI training-data scrapers increasingly route requests through residential-proxy networks, software installed on ordinary users' devices that fetches pages on command, spreading load across millions of IPs and defeating IP-based blocking. He reports git forges and mailing-list archives among the hardest hit, and that LWN saw its heaviest scraper attack on 2026-07-02, correlated with the takedown of a residential-proxy network. Cited mitigations include proof-of-work challenges such as Anubis, rate limiting, and caching.
- ClickHouse runs a PgBouncer fleet for 4x connection-pooling throughput Kaushik Iska wrote on 2026-07-01 that ClickHouse Managed Postgres works around PgBouncer being single-threaded, which caps one process at a single CPU core. They run one PgBouncer process per core bound to the same port with SOREUSEPORT so the kernel load-balances connections while clients see one endpoint, and forward query-cancel requests that arrive at the wrong process to the correct one (peering). On a 16-vCPU c7i.4xlarge instance a single process peaked near 87,000 transactions per second while a fleet of 16 sustained about 336,000, roughly 4x, and held that rate at 256 clients where the single process degraded to 77,000.
- A cosmetic C rewrite makes a quicksort 6x faster by triggering branchless codegen Christof Kaser shows a branchless-quicksort partition loop where rewriting an if/else that stores to and advances two pointers into a more compact idiom leads Clang to emit a conditional-select (csel) instead of a branch, cutting the time to sort 50 million doubles from 4.39 seconds to 0.70 seconds (about 6.3x) and running faster than C++ std::sort at 1.33 seconds. GCC still generated branch-based code for the same source. The author frames the outcome as depending on whether the source happens to hit a compiler's optimization heuristics.