The engineering internet, daily.
A short scroll of what's worth your attention across blogs, github, AI labs, and the wider tech world. New batch every morning.
zed editor hits 1.0 after five years
zed reaches 1.0 after five years of work on a custom rust + gpu editor architecture. ships parallel multi-agent ai workflows, edit predictions, and a zed for business tier for team deployments.
copy fail: 732 bytes to root on every major linux distro (cve-2026-31431)
an unprivileged user can chain a flaw in the kernel's authenc crypto template with af_alg and splice() to write 4 bytes into any file's page cache, then escalate to root via setuid binaries on ubuntu, amazon linux, rhel, and suse. no race needed.
fedora 44 ships with sealed bootable container images
fedora 44 introduces sealed bootable container images built on unified kernel images and systemd-boot, plus stratis 3.9.0 which can add or remove encryption on existing storage pools without recreating them.
hashimoto pulls ghostty off github, citing platform reliability
mitchell hashimoto says github is too unreliable for serious work and is moving ghostty, his terminal emulator project, to a different host. he is evaluating commercial and foss alternatives, with a read-only mirror staying on github.
llm 0.32a0 ships: messages-and-parts model replaces prompts-and-strings
simon willison's llm library ships 0.32a0, a backwards-compatible rewrite that models inputs as a sequence of messages and outputs as a stream of typed parts (text, reasoning, tool calls, images). aligns the api with how modern llms actually work.
stanford team drops recursive multi-agent systems paper
the paper introduces a framework for multi-agent systems where agents can recursively spawn and coordinate sub-agents, posted to hugging face daily papers as one of apr 29's featured releases.
python packaging council formally approved
the python steering council approved a formal governance structure for packaging: a five-member elected council with authority over packaging standards and tools, ending years of ad-hoc decision-making.
anthropic launches claude for creative work
anthropic announces a new product surface for claude focused on creative projects and visual content generation, expanding beyond coding and analysis use cases.
vercel ships native deployment checks: built-in lint and typecheck
vercel introduces native deployment checks that run lint and typecheck in parallel with the deploy, with optional failure investigation by vercel agent. moves quality gates off the dev's local machine into the platform.
cloudflare publishes q1 2026 internet disruption summary
cloudflare radar's q1 2026 review covers the quarter's major internet disruptions: nationwide shutdowns, infrastructure attacks, and routing incidents that took regions offline.
oracle plans 2.45gw fuel cell farm to power new mexico datacenter
oracle is constructing fuel cell power infrastructure to support its proposed new mexico data center, sized at 2.45gw. one of the largest off-grid fuel cell deployments planned for compute.
fedora 44 release writeup lands on lwn
lwn covers fedora 44 with focus on gnome 50 and plasma 6.6 desktop refinements, plus the streamlined installation experience and what changed since fedora 43.
github removes gpt-5.3-codex from copilot student model picker
github copilot student edition no longer shows gpt-5.3-codex as a selectable model. effectively retiring the older codex model as gpt-5.5 rolls out across copilot tiers.
github copilot cloud agent starts 20% faster with custom container images
github ships a perf improvement for copilot cloud agent: launches are 20% faster when using actions custom container images. real wins for teams running automated agent workflows in ci.
vercel hobby plan drops to 30-day deployment retention
hobby plan deployments are now capped at 30 days, with exclusions for the 10 most recent production and aliased deployments. likely a cost-control move as platform usage scales.
simon willison: tracking the now-deceased openai-microsoft agi clause
long-form retrospective on the agi clause that used to give openai an out from its microsoft contracts when it claimed to have built agi. simon traces what the clause said, when it changed, and what its removal means.
zig 0.16 explores structured concurrency
zig 0.16.0 introduces an expanded io interface based on structured concurrency principles. lwn walks through the design and what it means for zig's place vs rust and odin.
pgbackrest is no longer maintained
after thirteen years, the pgbackrest maintainer announced he is stopping work on the project, citing sponsorship challenges. one of postgres's most-used backup tools is now in limbo.
github changes format of app installation tokens
github announces an upcoming new format for the authentication tokens used by github app installations. apps will need to update their token-handling code; old tokens keep working through a transition window.
gpt-5.5 is generally available for github copilot
openai's gpt-5.5 hits ga across github copilot, available to all paid tiers. ships alongside the codex inline agent preview in copilot for jetbrains ides.
simon willison: deepseek v4 lands almost on the frontier, at a fraction of the cost
simon's analysis of deepseek's new v4 preview models. they're competitive with frontier tier on benchmarks while being meaningfully cheaper, with implications for who actually pays for inference.
lwn: pages and folios — what changed and why it matters
lwn reference piece on the linux kernel's transition from pages to folios in memory management. clarifies the distinction, current state of the migration, and what subsystems are still on the old api.
fresh 2.3 ships zero-js by default and view transitions
deno's fresh 2.3 release goes zero-js by default, adds view transitions api support, csp nonce functionality, ip filtering, and temporal api compatibility in islands.
github copilot chat improves pull-request awareness
copilot chat in github gets better context about pull requests: discussions, review comments, and diff state are available to the chat without manually pasting them.
github's global pull-request dashboard moves to public preview
the unified cross-repo pull request dashboard is now an opt-out public preview. one place to see every pr you're an author or reviewer on, across all your orgs.
deepseek v4 lands on vercel ai gateway
deepseek v4 pro and flash variants are live on vercel ai gateway with a 1m token context, positioned for coding and reasoning workflows on top of the cheap chinese open-weights frontier.
simon willison ships liteparse for the web: pdf text in the browser
liteparse for the web extracts pdf text fully in the browser via wasm-shimmed node libraries. no upload, no server roundtrip, works offline.
simon willison gets a pelican from gpt-5.5 via the codex backdoor api
early testing of openai's gpt-5.5 via the semi-official codex backdoor api. the famed pelican-on-a-bicycle test, plus notes on the api shape and what's exposed.
famfs, fuse, and bpf: the post-lsfmm filesystem revisions
the famfs filesystem has undergone significant revisions following discussions at the lsfmm+bpf summit. lwn covers the design changes and where the next round of work is heading.
linear agent gains mcp support
linear agent can now connect to your other tools via mcp: granola, glean, notion, posthog. moves linear closer to being an agentic product hub for engineering teams.
ubuntu 26.04 lts 'resolute raccoon' released
ubuntu 26.04 lts ships with tpm-backed full-disk encryption, livepatch on arm servers, and rust-based reimplementations of sudo and coreutils. first lts to expand memory-safe system components.
cloudflare makes rust workers reliable with panic recovery
rust workers now support resilient error recovery through panic unwinding and webassembly exception handling, so a single panic doesn't take down the whole worker. wasm-bindgen got the upstream changes too.
simon willison: is claude code going to cost $100/month? probably not
anthropic announced and then quickly walked back pricing changes for claude code. simon traces the confusion, what was actually said, and where the real pricing landed for paid plans.
dependency cooldown discussions warm up
a delayed dependency-update mechanism to mitigate supply-chain attacks is gaining traction in the python and node ecosystems. critics argue cooldowns shift risk to the broader community while attackers iterate around the window.
rfc 3729: one sized trait does not fit all
rfc 3729 proposes a hierarchy of traits in rust to describe types whose sizes are determined under different compile-time and runtime conditions. lwn unpacks why sized has been the wrong abstraction for years.
lovable's postmortem on its public-projects data exposure
between feb 3 and apr 20, backend regressions let any authenticated lovable user access chat history and source code from public projects. lovable patched within two hours of public disclosure and posted a postmortem on the regressions.
cloudflare wants to move past bots vs humans
cloudflare proposes new accountability models for bot detection that preserve user privacy while still protecting sites from abuse. the post argues the bot/human binary stops being useful as agentic browsers and verified-agent traffic grow.
simon willison: where's the raccoon with the ham radio? testing chatgpt images 2.0
early hands-on with openai's gpt image 2 model. simon runs the standard creative-prompt battery and shows where the new model is genuinely better and where it still falls flat.
lwn: using llms to find python c-extension bugs
a developer used claude code to systematically discover over 500 bugs in python c extensions while practicing responsible disclosure. lwn covers the methodology and what it implies for similar fuzzing of other ecosystems.
cloudflare agents week 2026: everything they launched
the recap post covers every announcement from agents week, spanning compute, security, and agentic-web infrastructure. the headline pieces are the agent readiness score, shared dictionaries, and ai redirects.
cloudflare's internal ai engineering stack, on the platform they ship
cloudflare details the internal ai infrastructure they built on their own products: 241 billion tokens processed, serving 3,683 internal users. a rare 'we eat our own dog food' writeup at this scale.
bun v1.3.13 ships with --parallel testing and 17x less memory for tarballs
bun v1.3.13 fixes 82 issues, ships new --parallel/--isolate/--shard/--changed test flags, cuts tarball-streaming memory 17x, halves source map size, and speeds gzip 5.5x. plus range request support and sha3.
kimi k2.6 lands on vercel ai gateway
moonshot ai's kimi k2.6 is live on vercel ai gateway, focused on long-horizon coding tasks across multiple languages. another open-weights frontier model going through the gateway plumbing.