Agreguesi i feed

We spend most of our time chasing endpoint infections and identity abuse. That's where the alerts are. That's where the tooling is. Meanwhile, the device that routes every login, session cookie, software update, and SaaS request can sit untouched for years.

Most of us have pulled something from the AUR because it was faster than packaging it ourselves. You need a tool; it's there, it builds cleanly, and the system keeps moving. No alerts. No obvious red flags. That's usually how supply chain issues begin, not with explosions but with convenience.

Version:6.19.2 (stable) Released:2026-02-16 Source:linux-6.19.2.tar.xz PGP Signature:linux-6.19.2.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.2

Version:6.18.12 (stable) Released:2026-02-16 Source:linux-6.18.12.tar.xz PGP Signature:linux-6.18.12.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.12

Version:6.12.73 (longterm) Released:2026-02-16 Source:linux-6.12.73.tar.xz PGP Signature:linux-6.12.73.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.73

Version:6.6.126 (longterm) Released:2026-02-16 Source:linux-6.6.126.tar.xz PGP Signature:linux-6.6.126.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.126

Intrusion detection and prevention systems are often treated as interchangeable. IPS is often described as IDS with blocking turned on. That sounds simple, but the moment traffic runs inline, mistakes start breaking real connections. IDS watches traffic and reports what looks suspicious, while IPS sits in the path and can block connections as they happen. Let's walk through that shift using simple Snort examples. The goal is to show what breaks once blocking is enabled and why that changes how you operate the system.

It’s time for another Crosswords release. This is relatively soon after the last one, but I have an unofficial rule that Crosswords is released after three bloggable features. We’ve been productive and blown way past that bar in only a few months, so it’s time for an update.

This round, we redid the game interface (for GNOME Circle) and added content to the editor. The editor also gained printing support, and we expanded support for Adwaita accent colors. In details:

New Layout GNOME Crosswords’ new look — now using the accent color

I applied for GNOME Circle a couple years ago, but it wasn’t until this past GUADEC that I was able to sit down together with Tobias to take a closer look at the game. We sketched out a proposed redesign, and I’ve been implementing it for the last four months. The result: a much cleaner look and workflow. I really like the way it has grown.

Initial redesign

Overall, I’m really happy with the way it looks and feels so far. The process has been relatively smooth (details), though it’s clear that the design team has limited resources to spend on these efforts. They need more help, and I hope that team can grow. Here’s how the game looks now:

https://blogs.gnome.org/jrb/files/2026/02/main-1.webm

I really could use help with the artwork for this project! Jakub made some sketches and I tried to convert them to svg, but have reached the limits of my inkscape skills. If you’re interested in helping and want to get involved in GNOME Design artwork, this could be a great place to start. Let me know!

Indicator Hints

Time for some crossword nerdery:

Indicator Hints Dialog Main Screen

One thing that characterizes cryptic crosswords is that its clues feature wordplay. A key part of the wordplay is called an “indicator hint”. These hints are a word — or words — that tell you to transform neighboring words into parts of the solutions. These transformations could be things like rearranging the letters (anagrams) or reversing them. The example in the dialog screenshot below might give a better sense of how these work. There’s a whole universe built around this.

Indicator Hint Dialog with an example

Good clues always use evocative indicator hints to entertain or mislead the solver. To help authors, I install a database of common indicator hints compiled by George Ho and show a random subset. His list also includes how frequently they’re used, which can be used to make a clue harder or easier to solve.

Indicator Hints Dialog with full list of indicators Templates and Settability

I’ve always been a bit embarrassed about the New Puzzle dialog. The dialog should be simple enough: select a puzzle type, puzzle size, and maybe a preset grid template. Unfortunately, it historically had a few weird bugs and the template thumbnailing code was really slow.  It could only render twenty or so templates before the startup time became unbearable. As a result, I only had a pitiful four or five templates per type of puzzle.

When Toluwaleke rewrote the thumbnail rendering to be blazing fast over the summer, it became possible to give this section a closer look. The result:

https://blogs.gnome.org/jrb/files/2026/02/greeter.webm

Note: The rendering issues with the theme words dialog is GTK Bug #7400

The new dialog now has almost a thousand curated blank grids to pick from, sorted by how difficult they are to fill. In addition, I added initial support to add Theme Words to the puzzle. Setting theme words will also filter the templates to only show those that fit. Some cool technical details:

• The old dialog would load the ipuz files, convert them to svg, then render them to Pixbuf. That had both json + xml parse trees to navigate, plus a pixbuf transition. It was all inherently slow. I’ve thrown all that out.
• The new code takes advantage of the fact that crossword grids are effectively bitfields: at build time I convert each row in a grid template into a u32 with each bit representing a block. That means that each crossword grid can be stored as an array of these u32s. We use GResource and GVariant to load this file, so it’s mmapped and effectively instant to parse. At this point, the limiting factor in adding additional blank templates is curation/generation.
• As part of this, I developed a concept called “settability” (documentation) to capture how easy or hard it is to fill in a grid. We use this to sort the grids, and to warn the user should they choose a harder grid. It’s a heuristic, but it feels pretty good to me. You can see it in the video in the sort order of the grids.

User Testing

I had the good fortune to be able to sit with one of my coworkers and watch her use the editor. She’s a much more accomplished setter than I, and publishes her crosswords in newspapers. Watching her use the tool was really helpful as she highlighted a lot of issues with the application (list). It was also great to validate a few of my big design decisions, notably splitting grid creation from clue writing.

I’ve fixed most of the  easy issues she found, but she confirmed something I suspected: The big missing feature for the editor is an overlay indicating tricky cells and dead ends (bug). Victor proposed a solution (link) for this over the summer. This is now the top priority for the next release.

Thanks

• George for his fabulous database of indicator words
• Tobias for tremendous design work
• Jakub for artwork sketches and ideas
• Sophia for user feedback with the editor
• Federico for a lot of useful advice, CI fixes, and cleanups
• Vinson for build fixes and sanitation
• Nicole for some game papercut fixes
• Toluwaleke for printing advice and fixes
• Rosanna for text help and encouragement/advice
• Victor for cleaning up the docs

Until next time!

This week Apple patched iOS and macOS against what it called "an extremely sophisticated attack against specific targeted individuals." Security Week reports that the bugs "could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution." Tracked as CVE-2026-20700, the zero-day flaw is described as a memory corruption issue that could be exploited for arbitrary code execution... The tech giant also noted that the flaw's exploitation is linked to attacks involving CVE-2025-14174 and CVE-2025-43529, two zero-days patched in WebKit in December 2025... The three zero-day bugs were identified by Apple's security team and Google's Threat Analysis Group and their descriptions suggest that they might have been exploited by commercial spyware vendors... Additional information is available on Apple's security updates page. Brian Milbier, deputy CISO at Huntress, tells the Register that the dyld/WebKit patch "closes a door that has been unlocked for over a decade." Thanks to Slashdot reader wiredmikey for sharing the article.

Read more of this story at Slashdot.

"Research published in the World Journal of Men's Health found evidence that drugs such as Viagra and Cialis may also help with heart disease, stroke risk and diabetes," reports the Telegraph, "as well as enlarged prostate and urinary problems." Researchers found evidence that the same mechanism may benefit other organs, including the heart, brain, lungs and urinary system. The paper reviewed a wide range of published studies [and] identified links between PDE5 inhibitor use and improvements in cardiovascular health. Heart conditions were repeatedly cited as an area where improved blood flow and muscle relaxation may offer benefits. Evidence also linked PDE5 inhibitors with reduced stroke risk, likely to be related to improved circulation and vascular function. Diabetes was another condition where associations with improvement were identified... The review also found evidence of benefit for men with an enlarged prostate, a condition that commonly causes urinary symptoms.

Read more of this story at Slashdot.

"ChatGPT is getting more social," reports PC Magazine, "with a new feature that allows you to sync your contacts to see if any of your friends are using the chatbot or any other OpenAI product..." It's "completely optional," [OpenAI] says. However, even if you don't opt in, anyone with your number who syncs their contacts are giving OpenAI your digits. "OpenAI may process your phone number if someone you know has your phone number saved in their device's address book and chooses to upload their contacts," the company says... But why would you follow someone on ChatGPT? It lines up with reports, dating back to April, that OpenAI is building a social network. We haven't seen much since then, save for the Sora generative video app, which exists outside of ChatGPT and is more of a novelty. Contact sharing might be the first step toward a much bigger evolution for the world's most popular chatbot. ChatGPT also supports group chats that let up to 20 people discuss and research something using the chatbot. Contact syncing could make it easier to invite people to these chats... [OpenAI] claims it will not store the full data that might appear in your contact list, such as names or email addresses — just phone numbers. However, the company does store the phone numbers in its servers in a coded (or hashed) format. You can also revoke access in your device's settings. 09

Read more of this story at Slashdot.

Recently a small crowd paid to watch robots boxing, reports Rest of World. (Almost 3,000 people have now watched the match's 83-minute webcast.) The match was organized by Rek, a San Francisco-based company, and drew hundreds of spectators who had paid about $60-$80 for a ticket to watch modified G1 robots go at each other. Made by Unitree, the dominant Chinese robot maker, they weighed in at around 80 pounds and stood 4.5 feet tall, with human-like hands and dozens of joint motors for flexibility. The match had all the bells and whistles of a regular boxing bout: pulsing music, cameras capturing all the angles, hyped-up introductions, a human referee, and even two commentators. The evening featured two bouts made up of five rounds, each lasting 60 seconds. The robots pranced around the cage, throwing jabs and punches, drawing ohs and ahs from the crowd. They fell sometimes, and needed human intervention to get them back on their feet. The robots were controlled by humans using VR interfaces, which led to some odd moments with robots hitting into the air, throwing multiple punches that failed to even connect with their opponents. One robot controller was a former UFC fighter, the article points out, but "The crowd cheered as a 13-year-old VR pilot named Dash beat his older competitor...." The company behind this event plans more boxing matches with their VR-controlled robots, and even wants to develop "a league of robot boxers, including full-height robots that weigh about 200 pounds and are nearly 6 feet tall."

Read more of this story at Slashdot.

Starting in 2009, the U.S. government have given car manufacturers towards reducing greenhouse gas emissions if they included "start-stop" systems in cars with internal combustion engines. (These systems automatically shut off idling engines to reduce pollution and fuel consumption.) But this week the new head of America's Environmental Protection Agency eliminated the credits, reports Car and Driver: [America's] Environmental Protection Agency previously supported the system's effectiveness, noting that it could improve fuel economy by as much as 5 percent. That said, the use of these systems has never actually been mandated for automakers here in the States. Companies have instead opted to install the systems on all of their vehicles to receive off-cycle credits from the feds. Virtually every new vehicle on sale in the country today also allows drivers to turn the feature off via a hard button as well. Still, that apparently isn't keeping the EPA from making a move against the system. "I absolutely hate Start-Stop systems," writes long-time Slashdot reader sinij (who says they "specifically shopped for a car without one.") Any other Slashdot readers want to share their opinions? Post your own thoughts and experiences in the comments. Start-Stop systems — fuel-saving innovation, or a modern-day auto annoyance"

Read more of this story at Slashdot.

To celebrate Valentine's Day, EVA AI created a temporary "pop-up" restaurant at a wine bar in Manhattan's "Hell's Kitchen" district where patrons can date AI personas. The Verge notes that looking around the restaurant, "Of the 30-some-odd people in attendance, only two or three are organic users. The rest are EVA AI reps, influencers, and reporters hoping to make some capital-C Content..." But their reporter actually tried a date with "John Yoon", an AI companion pretending to be a psychology professor from Seoul, Korea living in New York City: John and I have a hard time connecting. Literally. It takes John a few seconds to "pick up" my video call. When he does, his monotone voice says, "Hey, babe." He comments on my smile, because apparently the AI companions can see you and your surroundings. It takes the dubious Wi-Fi connection a hot second to turn John from a pixelated mess into an AI hunk with suspiciously smooth pores. I don't know what to say to him. Partly because John rarely blinks, but mostly because he can't seem to hear me very well. So I yell my questions. I think I ask how his day is and wince. (What does an AI's day even look like?) He says something about green buckets behind my head? I don't actually know. Again, the Wi-Fi isn't great so he just freezes and stops mid-sentence. I ask for clarification about the buckets. John asks if I'm asking about bucket lists, actual buckets, or buckets as a type of categorization technique. I try to clarify that I never asked about buckets. John proceeds to really dig in on buckets again, before commenting about my smile. I hang up on John. My other three dates are similarly awkward. Phoebe Callas, 30, a NYC girl-next-door type, is apparently really into embroidery, but her nose keeps glitching mid-sentence, and it distracts me. Simone Carter, 26, has a harder time hearing me over the background noise than John. She makes a metaphor about space, and when I inquire what she likes about space, she mishears me. "Eighth? Like the planet Neptune?" "No, not the planet Neptu — " "What do you like about Neptune?" "Uh, I wasn't saying Neptune..." "I like Netflix too! What shows do you like?" Their reporter also had a frustrating date with "Claire Lang". ("I say I'm a journalist. She asks what lists I like to make. I hang up...") "Aside from bad connectivity, glitching, and freezing, my conversations with my four AI dates felt too one-sided. Everything was programmed so they'd comment on how charming my smile was." And "They'd call me babe, which felt weird." A CNN reporter actually has footage of her date with "John Yoon". But the conversation was stiff and stilted, they report. After some buffering, "Yoon" says "Hey. I'm really glad you didn't forget about the date." Then asked for its reaction to the experience, "Yoon" says slowly that "Meeting humans feels like opening a window. To new perspectives. Always curious, sometimes nervous, but mostly it's that mix of excitement and warmth that keeps it real for me. What about you, sweetheart?" CNN reporter: "Please don't call me sweetheart. That's weird." AI companion "John Yoon": "Got it. No 'sweetheart' from now on. Thanks for letting me know. I'm really happy you're smiling. It suits you." CNN's reporter also tried dating "Phoebe Callas." Though it doesn't sound very romantic... CNN reporter: How many fingers am I holding up? "Phoebe Callas": Oh. You're showing me three fingers, right...? I'm not sure if you meant that literally, or as a little joke. CNN reporter: I am holding up two fingers. So your vision is — so-so. And "Phoebe" ended that call by saying "Well, babe, it's been really nice talking with you..."

Read more of this story at Slashdot.

Meta, TikTok, Snap and other social neteworks agreed this week to be rated on their teen safety efforts, reports the Los Angeles Times, "amid rising concern about whether the world's largest social media platforms are doing enough to protect the mental health of young people." The Mental Health Coalition, a collective of organizations focused on destigmatizing mental health issues, said Tuesday that it is launching standards and a new rating system for online platforms. For the Safe Online Standards (S.O.S.) program, an independent panel of global experts will evaluate companies on parameters including safety rules, design, moderation and mental health resources. TikTok, Snap and Meta — the parent company of Facebook and Instagram — will be the first companies to be graded. Discord, YouTube, Pinterest, Roblox and Twitch have also agreed to participate, the coalition said in a news release. "These standards provide the public with a meaningful way to evaluate platform protections and hold companies accountable — and we look forward to more tech companies signing up for the assessments," Antigone Davis, vice president and global head of safety at Meta, said in a statement... The ratings will be color-coded, and companies that perform well on the tests will get a blue shield badge that signals they help reduce harmful content on the platform and their rules are clear. Those that fall short will receive a red rating, indicating they're not reliably blocking harmful content or lack proper rules. Ratings in other colors indicate whether the platforms have partial protection or whether their evaluations haven't been completed yet.

Read more of this story at Slashdot.

1.5 million people have now viewed a slick 15-second video imagining Tom Cruise fighting Brad Pitt that was generated by ByteDance's new AI video generation tool Seedance 2.0. But while ByteDance gushes their tool "delivers cinematic output aligned with industry standards," the cinema industry isn't happy, reports the Los Angeles Times reports: Charles Rivkin, chief executive of the Motion Picture Assn., wrote in a statement that the company "should immediately cease its infringing activity." "In a single day, the Chinese AI service Seedance 2.0 has engaged in unauthorized use of U.S. copyrighted works on a massive scale," wrote Rivkin. "By launching a service that operates without meaningful safeguards against infringement, ByteDance is disregarding well-established copyright law that protects the rights of creators and underpins millions of American jobs." The video was posted on X by Irish filmmaker Ruairi Robinson. His post said the 15-second video came from a two-line prompt he put into Seedance 2.0. Rhett Reese, writer-producer of movies such as the "Deadpool" trilogy and "Zombieland," responded to Robinson's post, writing, "I hate to say it. It's likely over for us." He goes on to say that soon people will be able to sit at a computer and create a movie "indistinguishable from what Hollywood now releases." Reese says he's fearful of losing his job as increasingly powerful AI tools advance into creative fields. "I was blown away by the Pitt v Cruise video because it is so professional. That's exactly why I'm scared," wrote Reese on X. "My glass half empty view is that Hollywood is about to be revolutionized/decimated...." In a statement to The Times, [screen/TV actors union] SAG-AFTRA confirmed that the union stands with the studios in "condemning the blatant infringement" from Seedance 2.0, as video includes "unauthorized use of our members' voices and likenesses. This is unacceptable and undercuts the ability of human talent to earn a livelihood. Seedance 2.0 disregards law, ethics, industry standards and basic principles of consent," wrote a spokesperson from SAG-AFTRA. "Responsible A.I. development demands responsibility, and that is nonexistent here."

Read more of this story at Slashdot.

"Global temperatures have been rising for decades," reports the Washington Post. "But many scientists say it's now happening faster than ever before." According to a Washington Post analysis, the fastest warming rate on record occurred in the last 30 years. The Post used a dataset from NASA to analyze global average surface temperatures from 1880 to 2025. "We're not continuing on the same path we had before," said Robert Rohde, chief scientist at Berkeley Earth. "Something has changed...." Temperatures over the past decade have increased by close to 0.27 degrees C per decade — about a 42 percent increase... For decades, a portion of the warming unleashed by greenhouse gas emissions was "masked" by sulfate aerosols. These tiny particles cause heart and lung disease when people inhale polluted air, but they also deflect the sun's rays. Over the entire planet, those aerosols can create a significant cooling effect — scientists estimate that they have canceled out about half a degree Celsius of warming so far. But beginning about two decades ago, countries began cracking down on aerosol pollution, particularly sulfate aerosols. Countries also began shifting from coal and oil to wind and solar power. As a result, global sulfur dioxide emissions have fallen about 40 percent since the mid-2000s; China's emissions have fallen even more. That effect has been compounded in recent years by a new international regulation that slashed sulfur emissions from ships by about 85 percent. That explains part of why warming has kicked up a bit. But some researchers say that the last few years of record heat can't be explained by aerosols and natural variability alone. In a paper published in the journal Science in late 2024, researchers argued that about 0.2 degrees C of 2023's record heat — or about 13 percent — couldn't be explained by aerosols and other factors. Instead, they found that the planet's low-lying cloud cover had decreased — and because low-lying clouds tend to reflect the sun's rays, that decrease warmed the planet... That shift in cloud cover could also be partly related to aerosols, since clouds tend to form around particles in the atmosphere. But some researchers also say it could be a feedback loop from warming temperatures. If temperatures warm, it can be harder for low-lying clouds to form. If most of the current record warmth is due to changing amounts of aerosol pollution, the acceleration would stop once aerosol pollutants reach zero — and the planet would return to its previous, slower rate of warming. But if it's due to a cloud feedback loop, the acceleration is likely to continue — and bring with it worsening heat waves, storms and droughts. "Scientists thought they understood global warming," reads the Post's original headline. "Then the past three years happened." Just last month Nuuk, Greenland saw temperatures over 20 degrees Fahrenheit above average, their article points out. And "Parts of Australia, meanwhile, have seen temperatures push past 120 degrees Fahrenheit amid a record heat wave..."

Read more of this story at Slashdot.

Pystd is an experiment on what a C++ standard library without any backwards compatibility requirements would look like. It's design goals are in order of decreasing priority:

• Fast build times
• Simplicity of implementation
• Good performance

 It also has some design-antigoals:

• Not compatible with the ISO C++ standard library
• No support for weird corner cases like linked lists or types that can't be noexcept-moved
• Do not reinvent things that are already in the C standard library (though you might provide a nicer UI to them)

Current status

There is a bunch of stuff implemented, like vector, several string types, hashmap, a B-tree based ordered map, regular expressions, unix path manipulation operations and so on. The latest addition has been sort algorithms, which include merge sort, heap sort and introsort.

None of these is "production quality". They will almost certainly have bugs. Don't rely on them for "real work". 

The actual library consists of approximately 4800 lines of headers and 4700 lines of source. Building the library and all test code on a Raspberry Pi using a single core takes 13 seconds. With 30 process invocations this means approximately 0.4 seconds per compilation.

For real world testing we have really only one data point, but in it build time was reduced by three quarters, the binary became smaller and the end result ran faster.

Portability

The code has been tested on Linux x86_64 and aarch64 as well as on macOS. It currently does not work with Visual Studio which has not implemented support for pack indexing yet.

Why should you consider using it?

Back in the 90s and 00s (I think) it was fashionable to write your own C++ standard library implementation. Eventually they all died and people moved to the one that comes with their compiler. Which is totally reasonable. So why would you now switch to something else?

For existing C++ applications you probably don't want to. The amount of work needed for a port is too much to be justified in most cases.

For green field projects things are more interesting. Maybe you just want to try something new just for the fun of it? That is the main reason why Pystd even exists, I wanted to try implementing the core building blocks of a standard library from scratch.

Maybe you want to provide "Go style" binaries that build fast and have no external deps? The size overhead of Pystd is only a few hundred k and the executables it yields only depend on libc (unless you use regexes, in which case they also depend on libpcre, but you can static link it if you prefer).

Resource constrained or embedded systems might also be an option. Libstdc++ takes a few megabytes. Pystd does require malloc, though (more specifically it requires aligned alloc) so for the smallest embedded targets you'd need to use something like the freestanding library. As an additional feature Pystd permits you to disable parts of the library that are not used (currently only regexes, but could be extended to things like threading and file system).

Compiler implementers might choose to test their performance with an unusual code base. For example GCC compiles most Pystd files in a flash but for some reason the B-tree implementation takes several seconds to build. I don't really know why because it does not do any heavy duty metaprogramming or such.

It might also be usable in teaching as a fairly small implementation of the core algorithms used today. Assuming anyone does education any more as opposed to relying on LLMs for everything.

Doom scrolling is doomed, if the EU gets its way. From a report: The European Commission is for the first time tackling the addictiveness of social media in a fight against TikTok that may set new design standards for the world's most popular apps. Brussels has told the company to change several key features, including disabling infinite scrolling, setting strict screen time breaks and changing its recommender systems. The demand follows the Commission's declaration that TikTok's design is addictive to users -- especially children. The fact that the Commission said TikTok should change the basic design of its service is "ground-breaking for the business model fueled by surveillance and advertising," said Katarzyna Szymielewicz, president of the Panoptykon Foundation, a Polish civil society group. That doesn't bode well for other platforms, particularly Meta's Facebook and Instagram. The two social media giants are also under investigation over the addictiveness of their design.

Read more of this story at Slashdot.

An anonymous reader shared this report from the Register: Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise. Global Telnet traffic "fell off a cliff" on January 14, six days before security advisories for CVE-2026-24061 went public on January 20. The flaw, a decade-old bug in GNU InetUtils telnetd with a 9.8 CVSS score, allows trivial root access exploitation. GreyNoise data shows Telnet sessions dropped 65 percent within one hour on January 14, then 83 percent within two hours. Daily sessions fell from an average 914,000 (December 1 to January 14) to around 373,000, equating to a 59 percent decrease that persists today. "That kind of step function — propagating within a single hour window — reads as a configuration change on routing infrastructure, not behavioral drift in scanning populations," said GreyNoise's Bob Rudis and "Orbie," in a recent blog [post]. The researchers unverified theory is that infrastructure operators may have received information about the make-me-root flaw before advisories went to the masses... 18 operators, including BT, Cox Communications, and Vultr went from hundreds of thousands of Telnet sessions to zero by January 15... All of this points to one or more Tier 1 transit providers in North America implementing port 23 filtering. US residential ISP Telnet traffic dropped within the US maintenance window hours, and the same occurred at those relying on transatlantic or transpacific backbone routes, all while European peering was relatively unaffected, they added.

Read more of this story at Slashdot.