Agreguesi i feed

Reuters reports: Several large data centers and crypto facilities planning to connect to the Texas power grid ahead of peak summer demand have failed key reliability tests, raising the risk of power outages just as electricity use hits its seasonal high, according to the state grid operator... Unlike traditional industrial customers, which tend to draw electricity steadily and predictably, data centers are engineered to cut their connection to the grid at the first sign of trouble to protect their equipment and keep services running. That makes them an unpredictable and potentially destabilizing force on grids already under pressure from rising demand. Four groups of unnamed large electricity users, including data centers, abruptly disconnected from the Texas grid during a test of how they would handle routine voltage disturbances, the Electric Reliability Council of Texas (ERCOT) said in a report dated May 21. When large customers abruptly cut their power use, it can knock the grid off balance and trigger wider outages. ERCOT, which manages electricity for most of Texas, said it reviewed about 20 gigawatts of large customers seeking to connect to the system, including eight projects totaling roughly 3.9 gigawatts aiming to start up before July 1. It said it identified four groups of large power users that could each trigger more than 5,000 megawatts of demand tripping under certain fault conditions, based on simulations of transmission system disturbances. Those abrupt drops in demand were equivalent to the electricity consumption of a large city such as Boston.

Read more of this story at Slashdot.

"When Hugo Parra was arrested last year on felony charges, his pleas of innocence fell on deaf ears," reports the Times of San Diego: San Diego police had a description of the Alfa Romeo car he was riding in [but no license plate number] and a witness who identified him during a curbside lineup as the man who brandished a handgun in Golden Hill. They had also checked the city's automatic license plate camera system, run by the private company Flock, and got a "hit," substantiating the claim. The problem, says attorney Alex Coolman, was that Parra was five miles away from Golden Hill at the time of the crime, and the so-called hit from the license plate reader was captured before any police pursuit began. "This Flock hit was obviously the wrong car, as it could not have been in both places simultaneously," said Coolman, who represents Parra and the driver, 23-year-old Ariel Beltran. Despite the signs pointing to it being a different Alfa Romeo, police arrested Beltran and Parra... [An officer had informed dispatch that one of the men "matched the victim's description, other than having a different-colored hooded sweatshirt."] Parra spent nearly one month behind bars, missing Thanksgiving and other special events with his family, before the assault with a firearm and evasion charges were dropped. Parras says he was incarcerated with actual murderers, according to the article, and Parra and Beltran are now preparing to sue the city, seeking $1.5 million each in damages for civil rights violations and negligence. Their claim notes they'd driven past several other Flock cameras which officers could've used to corroborate their story (not to mention location data on their cell phones). Meanwhile, the article also notes that last month the Institute for Justice "identified at least 17 cases in the United States of officers allegedly using Automated License Plate Reader technology to keep tabs on partners, exes, and strangers who had caught their eye..."

Read more of this story at Slashdot.

Italian fashion house Prada "unveiled on Sunday the inner-layer garment set to be worn by NASA astronauts heading to the moon," reports Reuters. "The body-hugging suit, created in collaboration with Houston-based space infrastructure developer Axiom Space, features ventilation tubes knitted into the garment." Expertise for developing space exploration products "can come from lots of seemingly unrelated industries," said Jonathan Cirtain, CEO of Axiom Space... The new product follows Prada's splashy foray into space fashion in 2024 with the unveiling of a spacesuit that is expected to be used for NASA's anticipated Artemis 4 moon landing in 2028... Other fashion and apparel companies have jumped on the space bandwagon. Under Armour has partnered with spaceflight company Virgin Galactic to create space apparel, while Columbia Sportswear has worked with space exploration company Intuitive Machines on space fabric technology. The new "Liquid Cooling and Ventilation Garment" was displayed on a mannequin at an event at Prada's Manhattan store.

Read more of this story at Slashdot.

Version:7.1-rc7 (mainline) Released:2026-06-07 Source:linux-7.1-rc7.tar.gz Patch:full (incremental)

People are disabling the "recording light" on Meta's Ray-Ban smartglasses — "by my count, thousands of people," says tech journalist Joanna Stern in a new video report: STERN: "They're hiring people on Facebook Marketplace to drill out the light for as much as $100. According to our reporting, folks are offering this service in at least 30 states — despite Meta's attempts to stop it... In most states, we found multiple listings. In the New York and New Jersey area alone there were 23 listings." Stern watched a man in New Jersey disable and then conceal the light with a drill and dental probe in a New Jersey garage (a skill he learned watching YouTube and TikTok videos). He said the same day he'd already been contacted by eight more interested customers, and Stern also found at least 10 other people willing to do the same thing, just in New Jersey. "But what we found is they're all over the country." Meta sold 7 million smartglasses in 2025, but a Meta spokesperson insisted to the videomaker that a "majority" of their smartglasses owners aren't blocking the recording light. And furthermore, they added "We aggressively target anyone advertising tampering tools, have removed thousands of violating ads and Marketplace listings for these services, and pursue legal action when appropriate." (The reporter acknowledges "many" of the Marketplace ads disappeared after they brought them to Meta's attention — and Meta also said they were working with other retailers and sellers to take down listings for smartglasses-tampering parts.) The reporter also heard from one journalist who said they'd used it so they could record the activities of federal immigration agents without being targeted. "Others told me they just don't want people asking questions when they're recording." (There's video of one young man saying "It's already difficult enough to film in public. I don't want to have a blinking light on my face.") Tampering with smartglasses isn't illegal — though it is against Meta's Terms of Service, and could void your warranty. But a lawyer in the report says recording others without consent may be illegal, depending on a wide range of "jurisdictional nuances" like whether you live in an all-party consent state or a one-party consent state. "This seems to be our new reality," the report concludes: "more cameras, more microphones everywhere, and less certainty about who and what is recording." (Tech blogger John Gruber offered this assessment. "Using a Meta platform to find people to hack a Meta device so you can surreptitiously record strangers. So perfectly Meta.") Stern's report points out that "People are trying to fight back. Apps have popped up that use Bluetooth to scan for nearby camera glasses." (In the video one app-maker wonders why Meta isn't offering the same service themselves. "There are technical solutions to these problems.") Ironically, when I watched the report on YouTube, it was preceded by... an ad for Meta's Ray-Ban AI smartglasses.

Read more of this story at Slashdot.

"Texas has dethroned California as the state with the most Fortune 500 companies," reports the Los Angeles Times: The Fortune 500 list ranks the largest U.S. companies by revenue. This year, 57 of the top companies are headquartered in Texas, compared with California's 56. It's a reversal from two years ago when the Golden State had the pole position... California's corporate haters say they try to avoid the state's high costs, income taxes and strict regulations, but the western state is still a top money maker. "California dominates on nearly every other measure: its Fortune 500 companies are the most profitable ($647 billion), most valuable ($20 trillion), and employ more people than any other state (2.8 million workers)," Fortune said in a news release. Indeed, despite the naysayers, Californian companies have been leading the world in developing artificial intelligence technology as well as the latest in space and defense tech. The state is home to nearly 400 "unicorns," or billion-dollar startups — more than any other state, according to CB Insights. It also gobbled up nearly two-thirds of U.S. venture capital last year, with San Francisco Bay Area startups such as OpenAI leading the way, according to the business information platform Crunchbase. Texas and California have been in a tug-of-war for the crown. In 2024, after a decade, California bagged the top spot with 57 companies on the list, while Texas and New York tied in second with 52 companies each... The fourth spot was tied between Illinois and Ohio, with 29 companies each. Amazon was the top company on the list, ending Walmart's 13-year reign at the top of the annual Fortune 500 companies list. Amazon's 2025 revenue was $716.9 billion, compared with Walmart's $713.2 billion. Seattle-headquartered Amazon joined Exxon Mobil, General Motors, and Walmart as the only four companies to have ever held the top position since Fortune began publishing the data in 1955.

Read more of this story at Slashdot.

"Can a company take away something you've already paid for?" asks the BBC. "In the world of online video games, some already do." Publishers can decide to switch off a game's servers, often leaving it effectively unplayable. Stop Killing Games, a growing consumer rights campaign started by American YouTuber Ross Scott in 2024, is challenging that practice. In January, the group submitted a petition featuring nearly 1.3 million signatures to the European Commission, triggering a public hearing in the European Parliament in April. What began as an online campaign is now awaiting a decision from one of the EU's most powerful institutions... Scott's campaign began following an announcement from the major studio Ubisoft, saying it would shut down the online-only racing game The Crew in 2024... Ubisoft has already defended its position in court. Responding to a proposed class-action lawsuit brought by two The Crew players in California, the studio argued that customers had purchased a licence to use the game, not unlimited ownership rights, and that players had been warned online services would not be available forever. The lawsuit was dismissed without prejudice in June 2025, after the plaintiffs voluntarily withdrew the case. The wider games industry has also pushed back against the campaign. Video Games Europe, which represents many of the industry's largest publishers, said shutting down online services "must be an option" when games are no longer commercially viable. It also warned that some of the campaign's proposals could make online-only games significantly more expensive to develop. "In no way are we asking companies to keep servers running or services going, they can end it any time they want," said Scott. Instead, he and his fellow campaigners argue that when a game is shut down it should be done "responsibly", with publishers considering "end-of-life plans" such as updating the game to work offline or releasing software that allows players to continue running it. Two key points from the article: "In March, French consumer group UFC-Que Choisir launched legal action against Ubisoft over the shutdown of The Crew, arguing that players were misled about the permanence of their purchase and that some of the company's contract terms were unfair." "The European Commission must respond to the European Citizens' Initiative — the petition brought by the group — by 27 July." Thanks to Alain Williams — Slashdot reader #2,972 — for sharing the article.

Read more of this story at Slashdot.

Yesterday 2026's International Obfuscated C Code Contest concluded, with 22 new winners announced in a special three-hour livestreamed ceremony! Started 42 years ago, it's been described as the internet's longest-running contest, with entrants concocting convoluted programs glorying in the C programming language's subtleties, all while having some fun. And "For IOCCC29, the volume and quality of submissions were at near-historic heights," explains its home page. There's a "Tetris-optimized" GameBoy emulator with source code that looks like a GameBoy, as well as a quasi-Rogue-like game voted "most likely to teleport." Awards were also given for the best imaginary emulator (a virtual machine in 366 bytes of C) and the best fractional emulator (a maze generator for the Commodore 64). But every one of the 22 winning programs seems wildly creative... Quine Pong. "Running the program produces the source code to generate the next frame, formatted to display the current frame. By repeatedly compiling and running each successive frame, you can play the game. To move, pass either "w" (up) or "e" (down) as an argument..." A winning Taiwanese programmer formatted their source code in the shape of a Tardis from Doctor Who — code that displays an intricate ASCII animation of Doctor Who's 1963 opening title sequence. One winning entry emulates an IBM 7040 mainframe, first converting a program (encoded in whitespace) into ASCII-character drawings of punchcards for a FORTRAN program — and then executing that program to calculate the light visible to an observer looking at black hole, ultimately creating an image. It's all recreating what astrophysicist Jean-Pierre Luminet had to do in 1978 to generate the first-ever simulated photograph of a black hole (on an IBM 7040 mainframe). "The entry can also run other FORTRAN programs — but "they must be provided as a deck of punch cards... Tools have been provided to convert to/from decks and to interpret..." "We have added fun challenges to this year's winning entries competition..." the web site notes. "After you figure out what a given winning entry does, we encourage you to attempt the fun challenge!" Thanks to long-time Slashdot reader achowe for bringing the news (who has submitted winning entries in four different decades, starting in 1991 and continuing through 2025) — and who won again this year for a program simulating the Space Invaders-like game from Casio's 1980 MG-880 calculator. Follow the IOCCC on Mastodon.

Read more of this story at Slashdot.

The new James Bond-themed videogame 007 First Light had a budget of 1.3 billion Danish krone — a little more than USD $202 million, reports IGN, citing a report from Denmark's public service broadcaster. "Denmark's TV 2 said that makes 007 First Light the most expensive entertainment product in the country's history" — and the game "still has some way to go before breaking even." 007 First Light is estimated to have sold 2.2 million copies, generating $150 million in revenue... [Saturday IGM reported sales had jumped to 3 million copies.] The only official sales data we have comes from developer IO Interactive, which said that 007 First Light had become the fastest-selling game in the company's history, shifting 1.5 million copies in its first 24 hours... The impressive sales milestone was achieved without the aid of the Nintendo Switch 2 version, which is due out this summer. The James Bond adventure is also the highest rated IOI game ever, with an 87 on Metacritic... The developer has said it wants to make a trilogy of James Bond games. Game-tracking company Alinea Analytics tweeted their estimates that 55.1% of sales were on PS5, 33.1% on Steam, and 11.8% on Xbox (Xbox console, Windows, and cloud combined). And Polygon reports that new downloadable game content was announced Friday.

Read more of this story at Slashdot.

Science magazine reports: For decades, string theory promised a "theory of everything" that described all particles and forces as tiny vibrating strings. Physicists hoped it could also solve one of the field's deepest problems: reconciling quantum mechanics with gravity. But as string theory grew increasingly elaborate — and experimentally unreachable — many physicists lost hope. Now, some researchers are revisiting the theory from first principles. In a paper in press at Physical Review Letters, Clifford Cheung, a physicist at the California Institute of Technology, and colleagues lay out a small set of assumptions about the universe and show that they inevitably give rise to string theory.... Cheung's study, along with another one posted to arXiv in January, starts with two reasonably conservative assumptions: that the probabilities of all possible outcomes of an event add up to 100%, and that the laws of physics are consistent for observers moving at different speeds. Each group then posits additional assumptions that have not been borne out by observations. Cheung's analysis invokes "ultrasoftness," the idea that the probability of certain particle interactions drops off at a particular rate at high energies. The second study, led by University of Michigan physicist Henriette Elvang, instead assumes "supersymmetry," a maximal coupling between matter and forces. Both groups conclude the only theory that can satisfy their assumptions is one that looks like string theory... Cheung and Elvang stress that their aim is not to prove the inevitability of string theory. "I don't have a dog in the fight; I just work here," Cheung says. Rather, the goal is to explore the space of possible theories under rigid constraints — regardless of whether they reflect reality... The one thing the researchers all agree on is that the field would benefit from more alternative models to string theory. Cheung sees the agnostic, bottom-up exploration as a step in that direction. "You can either give up on the problem because it's too culturally toxic, or you can ask: If you want to find an alternative, what do you need?" he says. "Now, we know exactly what to do." Thanks to Slashdot reader sciencehabit for sharing the article.

Read more of this story at Slashdot.

A "growing wave" of Reddit's "promoted posts" are sending U.S. and European audiences to money-stealing scams that impersonate major news organizations including the BBC, the Financial Times, and The Guardian, according to new findings from Bitdefender Labs. "Domains are short-lived and rapidly rotated to evade detection," they write, noting that the impersonating sites apparently even use language "to falsely imply that the investment platform had been reviewed, approved, or vetted" by the legitimate site they're impersonating: The campaign promotes fake AI-powered investment platforms such as Wencoin STX, Warrior Coin AI, and Nevo Coin, using fabricated celebrity endorsements, cloned news websites, fake interviews, and invented financial success stories to lure victims into depositing money. Researchers Andrea Olariu and Emanuel Puscasu have identified multiple promoted Reddit posts masquerading as legitimate financial or breaking news stories. Some ads claimed that: — NVIDIA and OpenAI were "creating the future" — Heathrow police discovered hundreds of thousands of pounds in cash — Governments and banks were allegedly trying to "hide" a revolutionary AI investment platform — European regulators were "silencing" articles about AI trading systems Some Reddit ads delivered in video format, including what appeared to be a deepfake BBC news segment featuring a news anchor presenting fabricated financial headlines... Examples observed by researchers included: — Fake BBC pages discussing "$20 billion conversations" tied to AI investments — Fraudulent Financial Times articles about Heathrow airport cash seizures — Fake Guardian stories claiming governments were trying to suppress coverage of Wencoin STX or Nevo Coin The pages featured fabricated interviews, fake profit screenshots, manipulated banking documents, false testimonials, and even fictional journalists or business editors designed to make the scam look legitimate. In many cases, the content sought to create a sense of exclusivity or conspiracy, suggesting that banks, regulators, or governments were trying to suppress public access to the investment platform... Our researchers found that after users clicked links embedded within the fake Guardian articles, they were redirected to a registration form allegedly used to create a "Nevo Coin" investment account. The form requested personal contact information, including the victim's name, email address, and phone number. To increase pressure and encourage immediate action, the page warned that registration availability was limited, claiming that once all spots were filled, new user registrations would be suspended. And in the final stage, they're asked to deposit money...

Read more of this story at Slashdot.

U.S. Senator Bernie Sanders announced a plan for the public to take a 50% ownership stake in AI companies, remembers the Associated Press. And then OpenAI's Sam Altman "told Sanders that he, too, wants the public to have equity in AI companies." Though the CEO said he couldn't support Sanders' threshold of 50%, he nonetheless wanted to work with him to advocate for the general idea, according to people with knowledge of the conversation. The nearly hourlong meeting in Sanders' Senate office this week, held at Altman's request, highlighted the inherent tension between AI powerhouses and policymakers as Americans are increasingly asked to accept the costs of the AI boom even as they remain unconvinced of its direct benefits. Yet it's also creating odd political bedfellows fueled by populism as politicians from Sanders to President Donald Trump embrace giving the public a stake in AI's growth. Speaking to reporters on Air Force One on Friday, Trump described a potential partnership "where the American people can benefit from the success of AI" and said executives from leading AI companies will visit the White House, "probably next week," to discuss the idea. The article points out that Altman also met with congressional leaders from both of America's political parties.

Read more of this story at Slashdot.

Ars Technica shares some anecdotes from Steve Jobs in Exile, a new book released last month: [Author Geoffrey] Cain reminds us, in stunning detail, that Jobs' "exile" era at NeXT was not only critical to his evolution as a man and an entrepreneur, but that it mattered for the rest of us, too. The technological innovations that came out of NeXT — notably, the NeXTSTEP OS — continue to live on in what we now call both macOS and iOS. As Cain puts it, "NeXTSTEP was Steve's attempt to make Unix taste sweet...." [W]hile many tech nerds know that Tim Berners-Lee created the first World Wide Web server on a NeXT machine while working in Switzerland in 1990, few know that NeXT employees were wary of bringing the news to Jobs. Why? They feared his wrath "and that he would dismiss [the web] as 'shit.'" (In another timeline, NeXT might itself have capitalized on this world-changing innovation....) Perhaps one of the wildest anecdotes that Cain uncovered was how one voicemail changed computer history forever. In 1996, when Apple was solidly in its mediocre Performa era — and considering buying BeOS as the basis for its new operating system — a mid-level NeXT product manager asked aloud, "Why don't we just frickin' call Apple?" (NeXT was also struggling during this period.) And so someone did. As Cain writes: Garrett left the group of managers, walked back to his office, and took a risk. He picked up his designer phone and called the head of software at Apple. He left what he described as "one of my more inspired sales pitches" on the man's voicemail, explaining why Apple should be looking at NeXT instead of Be... In any other universe, Garrett's call might have gotten him fired. But in this timeline, it worked out. And thanks to him, Steve [Jobs] was about to enter Apple's airspace once again. Thanks to long-time Slashdot reader destinyland for sharing the article.

Read more of this story at Slashdot.

"A DNA-editing feat involving editing the genes of early stage embryos was announced this week," reports the Wall Street Journal. They describe the feat as "a far cry from designer babies, but nevertheless a step in that direction." Dieter Egli, an associate professor of developmental cell biology at Columbia University and his co-authors, including Nathan Treff of Nucleus Genomics, a New York-based DNA-testing startup, say the technology could help fix disease-causing mutations in embryos. "We're not throwing the final 'OK, you will have gene-edited babies tomorrow' at the public," said Egli. "That is a process that can occur through discussion matched with scientific progress...." Previous gene-editing efforts have often used Crispr, which can cut out parts of the DNA sequence, but the technology can also cause damage if the wrong DNA is targeted or cut out. In 2018, Chinese scientist He Jianku said he used Crispr to tweak DNA in human embryos and was imprisoned for the work. The technology Egli's group used, called base editing, allows them to target individual DNA letters in sequences more precisely with fewer adverse effects... Egli's group focused on altering two genes, one that can raise the risk of heart disease and one that is tied to blood disorders like sickle cell disease, and the research showed they were sometimes able to do so successfully, in the same embryo, without damage. "I am generally supportive of the concept of embryo editing to prevent genetic disease," said Dr. Paula Amato, a fertility expert at Oregon Health & Science University who wasn't involved in the research... Base editing has been used in human embryos before, according to peer-reviewed studies. The technology was used to correct a disease-causing mutation and an Alzheimer's disease-risk gene variant, said Alexis Komor, associate professor of biochemistry and molecular biophysics at the University of California, San Diego, who wasn't involved in the work. "There really is not any unmet medical or clinical need for this, especially from an in vitro fertilization perspective," Komor said. "Usually what you'll hear is that they're doing it just so that you know we can prevent genetic diseases, but there are so many other better ways to do that." Using embryo editing to create babies is illegal in the U.S. and many other countries. Scientists have long worried that it is a slippery slope and that the technology could ultimately be used to promote eugenics. Her worry is that "they're basically building a blueprint" for more ethically problematic forms of embryo editing. "In my opinion, I think this is a huge no-no," Komor said. "There's just no ethical way to use this...." Nucleus Genomics Chief Executive Kian Sadeghi said his company plans to fund Egli's further research, building on the new findings. His company sells a polygenic embryo-screening product, which screens prospective parents' embryos and produces risk scores for their likelihood of developing disease, as well as factors like height, IQ and eye color. The company has said the IQ predictions are limited in accuracy. The research was published online Monday on a preprint server.

Read more of this story at Slashdot.

The University of California at Berkeley discovered the percentage of failing grades in multiple CS classes this spring "is significantly higher than past semesters," reports the campus's student newspaper. "Instructors point to students' increased reliance on AI, lack of mathematical preparedness and understaffing as potential contributing factors." According to [coursework platform] Berkeleytime, 35.3% of CS 10 students and 10.6% of CS 61A students received F's in spring 2026. In spring 2025 and spring 2024, the percentage of F's did not exceed 10% for either class. The electrical engineering and computer sciences department's grading guidelines state that 7% of students in lower division courses, including CS 10 and CS 61A, should receive D's and F's... [UC Berkeley teaching professor Dan Garcia, who taught both classes] believes the "primary driver" of these abnormally high failing rates is due to a "vast increase in academic dishonesty" due to students' usage of large language models, such as Claude, ChatGPT and Google Gemini. "Some of the numbers that you saw from the number of students who receive failing grades were because we caught them (cheating) and prosecuted them and are sending their cases to the Center for Student Conduct," Garcia said. "But in other cases, it's students who are leaning a little too hard on LLMs to do their work for them, and then at exam time just really aren't ready." According to Garcia, nearly 30 students in CS 10 were "caught cheating on take-home exams" in spring 2026... In addition to overreliance on AI, Garcia also pointed out that many students are underprepared mathematically, a concern echoed by campus associate teaching professor Gireeja Ranade. Ranade noticed a similar lack of prerequisite mathematical skills in her spring 2026 EECS 127 class, "Optimization Models in Engineering," which she described as "differently challenging" to teach this semester. The class saw a 16.8% F rate, far higher than the 5% of D's and F's that the EECS department describes as "typical" for an upper division course... Both Garcia and Ranade have joined more than 1,300 UC faculty in signing a petition calling for the reinstatement of ACT and SAT standardized testing scores for STEM admissions in the UC system. Thanks to long-time Slashdot reader theodp for sharing the article.

Read more of this story at Slashdot.

Sales have increased for Hyundai's under-$35,000 IONIQ 5, totalling 18,395 for the first five months of 2026, reports Electrek, "up 16% from the same period last year." But meanwhile BYD's overseas sales surpassed 160,000 for the first time last month, "up 80% from May 2025 and 19% from the previous record of 135,098 set in April." Through the first five months of 2026, BYD sold 616,263 vehicles overseas. In May, overseas sales accounted for over 41% of BYD's total sales. In several major markets, including the UK, BYD surpassed Tesla and Kia to become the best-selling EV brand through April. "With fuel prices remaining high, more drivers are turning to electric vehicles as a smarter and more economical choice," Bono Ge, BYD UK's Country Manager, said last month. Elsewhere Electrek notes that Toyota's bZ (starting at under $35,000) was the third-best-selling EV in the U.S. in the first three months of 2026, behind only the Tesla Model 3 and Model Y. "Last month, bZ sales doubled from May 2025, with 2,646 units sold." And meanwhile the first Volkswagen ID. Polo and Cupra Raval models "rolled off the production line at the Group's Martorell plant in Spain, the first of several new affordable, mass-market EVs." Starting at €24,995 ($29,000) and €26,000 ($30,100), the ID. Polo and Cupra Raval are the first models from the Group's Electric Urban Car Family... [T]he first customer deliveries are scheduled to begin later this summer and into the fall. Following the ID. Polo and Cupra Raval, Volkswagen will introduce new members to the Electric Urban Car Family, including the ID. Cross, an electric version of the T-Cross, later this year. According to Volkswagen, the ID. Cross will start at around €28,000 ($32,500).

Read more of this story at Slashdot.

Version:next-20260605 (linux-next) Released:2026-06-05

I’ve been using Fedora Silverblue on my desktop and laptop for the past, what, five years? Silverblue is Fedora’s main atomic variant, a spiritual counterpart to Fedora Workstation. I also make niri, a scrollable-tiling Wayland compositor. In other words, a core system component that you cannot properly test from inside a container or VM—you really want it directly on the host. So, why would I choose an… immutable distro? How does that even work?

Fedora Silverblue makes a frequent occurrence in my niri release notes screenshots.

Atomic distributions have been slowly rising in popularity. Their main selling point is reliability: upgrades work by swapping the old system for the new one in one go across a reboot, rather than modifying the files in-place. Package conflicts and other errors are caught at the time of assembling the new version (in a separate folder), and therefore cannot break your running system. And if a successful update turns out buggy, atomic distros let you simply reboot back into the old version and keep using it as if nothing happened.

This “being able to reboot back” thing becomes even cooler once you realize that it works even across major distro upgrades! When the next Fedora Beta rolls around, I can just rebase my system on top of it to kick the tires, and if anything is broken, I can simply reboot back to stable Fedora (and then undo the rebase).

This is like learning about source code version control. A big weight off your mind any time you want to mess around with your OS. You can just go back.

So, by now there are plenty of atomic distributions to choose from. There’s a whole host of Fedora atomic desktops, Endless OS, the gaming-focused Bazzite and other Universal Blue images. GNOME OS Nightly is atomic, as well as SteamOS powering the Steam Deck. Many of these are built with OSTree which is something of a “git for operating system binaries”.

But, you may ask. What if I develop these operating system binaries? Aren’t atomic distros immutable and all, how do I test my work?

Turns out, this is not a problem at all! In fact, the same tech that lets you go back after an update can also let you freely tinker with your host system and safely go back after a reboot. I’d say that thanks to this ability, atomic distributions provide even more benefit for system component developers than for others, given that they’re constantly testing changes that may break their install.

So, let me show you how I do compositor development on Fedora Silverblue. We’ll start with toolbox where most of the work happens, then proceed to the fun stuff.

Toolbox #

On your immutable host system, you need a place where you can install the development environment. Fedora Silverblue comes pre-installed with Toolbox, which provides just that—a terminal in a normal, mutable Fedora where you can sudo dnf install to your heart’s content.

Under the hood, it’s just a podman container with a whole range of things auto-mounted from the host: the Wayland socket, networking, devices, D-Bus, and everything else needed for apps to “just work” as much as possible from inside the container. You can even interact with it through podman commands:

┌ ~ └─ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6ceccce5581e registry.fedoraproject.org/fedora-toolbox:44 toolbox --log-lev... 2 months ago Up 41 minutes fedora-toolbox-44

Most of your development work happens here. Install all the libraries, compilers, editors, LSPs, debuggers, and the rest of the kitchen sink. Since all of this resides inside the same container, it can all talk to each other and work together.

One slightly annoying detail is that since your fully-configured editor is inside the toolbox, you can’t use it to edit files accessible only on the host (e.g. configs in /etc—the system inside the toolbox has its own files there), but that is honestly a fairly minor problem in practice. Fedora Silverblue comes with nano, which works, and if editing host-only files is a frequent occurrence for you, you can always rpm-ostree install a more featureful editor. Another annoying problem is that currently, toolbox prevents SIGHUP from reaching apps, so if you run your favorite editor then close the terminal window, it will happily keep running in the background (along with all its rust-analyzers and such, eating several gigabytes of RAM).

So, running things in a toolbox works perfectly well for most development. CLI tools will run fine, GUI apps will run fine, you can build and install libraries inside the toolbox and test them on apps inside the same toolbox. Even with Wayland compositors, most of them can run as a window (gnome-shell --nested, or simply sway or niri), which is enough to test the majority of the code base.

Moreover, since ~2023, toolbox exposes everything necessary to run compositors on a TTY directly. You can switch to a different VT with CtrlAltF3, toolbox enter, then start a compositor, and it will work as is. This way you can test different input devices directly (trackpad, tablet, touchscreen), test monitor and GPU handling, do proper performance profiling, and so on. Just remember to install a terminal and some GUI apps inside the toolbox because launching the host ones into a toolbox compositor is a bit annoying.

While toolbox is somewhat Fedora-specific, for everything else there’s distrobox. It’s a separate project, but by and large has the same idea—let you easily install different distros as podman containers with automatic host integration. I mainly use it to build or test things on Arch, but I imagine most of what I wrote above works just as well with distrobox.

What if this isn’t enough, though? Say, you’re working on a component like NetworkManager or systemd that must run on the host system. Or, you want to be able to log in to a test build of your compositor along with the rest of the full desktop session. Let’s look at an easy way to do that.

Unlocking the host #

Run sudo ostree admin unlock, also known as rpm-ostree usroverlay.12 This will mount a mutable overlay filesystem over /usr for you to play around in. The overlay will last until the next reboot, at which point you’ll be back to a clean working system.

Now you can simply sudo cp your development build into /usr/bin and restart the service you’re testing.

This also works with libraries. Say, you want to test your changes in GTK against apps installed on the host.3 Build it inside the toolbox, then copy the binaries to the (unlocked) host, and there you have it. Binary compatibility is generally not a concern since Silverblue updates daily and very closely matches the regular Fedora that you build against inside the toolbox.

sudo cp is not a proper substitute for installing though, and you cannot use it as easily for many projects. So let’s get some proper tooling on the host.

Layering development tooling #

Contrary to an apparently widespread belief, you can install packages on the host in Silverblue. This is called layering and is a perfectly normal and supported operation, primarily useful for adding system components such as terminals, window managers, or GPU drivers. Running rpm-ostree install alacritty will cause rpm-ostree to install, or layer, this package on top of the base Silverblue image every time it updates. After a reboot, you’ll have Fedora with Alacritty, as if you installed it on a regular, non-atomic system.

If the change is sufficiently non-invasive, running sudo rpm-ostree apply-live lets you skip the reboot and have a newly installed program available right away.4

When should you layer (as opposed to installing in a toolbox)? Layering is more annoying and slower, and misses the benefit of throwing away a toolbox to start fresh. So, I limit layering to programs that must run on the host, and tools that I frequently need on the host.

Here’s my list of layered packages that’s been more or less unchanged for several Fedora releases:

┌ ~ └─ rpm-ostree status State: idle Deployments: fedora:fedora/42/x86_64/silverblue Version: 42.20250824.0 (2025-08-24T02:55:42Z) BaseCommit: d58dc92e5b05b6a95a0d9352edd864f1292c1883b9b32ac2e6f0af1a2263395a GPGSignature: Valid signature by B0F4950458F69E1150C6C5EDC8AC4916105EF944 Diff: 12 upgraded RemovedBasePackages: firefox firefox-langpacks 142.0-1.fc42 LayeredPackages: alacritty distrobox dnf fastfetch fish foot fuzzel gamescope gdb gnome-console google-roboto-fonts htop hyprlock i3 kanshi labwc langpacks-ru lm_sensors lxqt-policykit mako nautilus-python netconsole-service niri perf quickshell-git rocminfo strace sway syncthing sysprof tmux trash-cli waybar wlsunset LocalPackages: edid-asus-1-1.fc34.noarch Initramfs: --include /etc/initramfs-overlay /

In this output, you can find:

• I removed Firefox with rpm-ostree override remove—I prefer the official build from Flathub.
• Terminals (must run on the host to access the full host filesystem5): alacritty, foot, gnome-console. My preferred shell: fish. Tool I frequently need: tmux.
• Services and tools that I want to run without a toolbox: syncthing, distrobox, netconsole-service, trash-cli, htop, fastfetch, lm_sensors, rocminfo.
• Desktop components: fuzzel, hyprlock, i3, kanshi, labwc, lxqt-policykit, mako, quickshell-git, sway, waybar, wlsunset.
• edid-asus and the initramfs-overlay provide the EDID for one of my monitors after AMDGPU broke it back in kernel 4.19.6

Along with these, I layer several development tools: gdb, strace, perf, sysprof. These frequently come in handy whenever I need to debug or profile programs running on the host (or do full-system profiling in case of Sysprof).

And then there’s dnf. What?

Layering dnf #

What is dnf, a regular Fedora package manager, doing on an immutable Silverblue host system? By itself, it’s not very useful indeed, since it can’t modify /usr. (Though, it can dnf copr enable, which is convenient. rpm-ostree copr when?)

Where dnf on the host shines, however, is when you combine it with sudo ostree admin unlock. After unlocking, you can install whatever you need in the moment with dnf. This is much faster than rpm-ostree, never requires a reboot, and in fact a reboot makes it all clean up and go away, since it was all in a transient /usr overlayfs.

Example workflows:

• dnf debuginfo-install to debug/profile something on the host with symbols, report crashes, etc.
• dnf install some host-only program to test it. Follow up with rpm-ostree install if you decide to keep it.
• dnf builddep gtk4, then build and sudo ninja install GTK 4 right on the host to test it against host apps. If anything breaks, just reboot, and you’re back to a clean working state.

Unlocking + layering dnf is a very powerful development workflow to the point where I’d almost want dnf included in Silverblue by default. Unfortunately, this workflow is also unobvious enough that the dnf maintainers accidentally prevented it from working some time ago (thankfully, quickly corrected). I understand the UX concern about having dnf visibly available when it cannot work outside this specific workflow, but perhaps Silverblue could just hide it somehow unless the host is unlocked, or rename the dnf binary?

Persistent unlocking #

Generally to put something persistently on the host, you’d just layer it with rpm-ostree install. However, sometimes what you want is a temporary change that also happens to persist across reboots.

This sounds weird, but consider testing a kernel build. You want it to be temporary and easy to roll back, but you kinda have to reboot into the new kernel. And you also don’t want to spend extra time building and layering .rpms.

For this situation, ostree admin unlock comes with a --hotfix flag. It’ll persist the temporary overlay across reboots, and will only reset itself once you explicitly make some change with rpm-ostree. Note that you never lose the ability to reboot into the previous, working system.

Summing it all up #

So, this is what my development workflow looks like.

• Most work happens in one kitchen-sink toolbox that I (like to but am not required to) reinstall every Fedora release to keep cruft from building up. This includes building and running niri on a TTY.
• After finishing a change, I unlock the host with sudo ostree admin unlock, copy over the niri binary, and re-log in to test it in my real session. This will automatically reset upon a reboot.
• When working on a long-running branch, I’ll build a work-in-progress niri .rpm and layer it with rpm-ostree install to persist the new version across reboots.
• I use dnf install on the host when I want to throwaway-test something host-specific and have it automatically reset upon a reboot.

Over time I made a few small quality-of-life tweaks to smooth out some rough edges in this workflow.

For example, toolbox enter is a mouthful and always drops me into bash. Enter t, a script in my ~/.local/bin/, always available in $PATH:

#!/bin/bash if [ $# -eq 0 ]; then command=fish else command="$(printf "%q " "$@")" fi exec toolbox run -c fedora-toolbox-44 bash -ic "$command"

Now, typing t puts me in the toolbox directly into my dear fish shell. Typing

t some-program "with complex" arguments | grep "and stuff"

also works as expected, with correct argument passing thanks to printf "%q ".

This works for .desktop files too. Say, you installed VSCode in the toolbox and got a .desktop file. Just change:

Exec=/usr/share/code/code --ozone-platform-hint=auto %F

to:

Exec=t /usr/share/code/code --ozone-platform-hint=auto %F

and it’ll run in the toolbox. (I understand distrobox handles .desktop files automatically.)

Note that I use toolbox run but route the command through bash. This is necessary to get all environment variables like $DEBUGINFOD_URLS that distros keep stubbornly putting in /etc/profile.d/ scripts, which of course don’t get sourced without a bash -i.

Another quality-of-life improvement was binding a separate hotkey to spawning a terminal directly in the toolbox. I actually noticed that most of the time, when I open a terminal, I want to be in the toolbox, so now my SuperT spawns the toolbox Alacritty, while the less convenient SuperShiftT spawns the host Alacritty.

Furthermore, at some point I got tired of waiting for the…

┌ ~ └─ hyperfine -w 3 --shell=none 'true' 't true' Benchmark 1: true Time (mean ± σ): 411.9 µs ± 35.8 µs [User: 248.9 µs, System: 111.3 µs] Range (min … max): 374.1 µs … 1147.6 µs 5794 runs Benchmark 2: t true Time (mean ± σ): 257.8 ms ± 2.0 ms [User: 3.0 ms, System: 6.1 ms] Range (min … max): 255.2 ms … 260.5 ms 11 runs Summary true ran 625.92 ± 54.60 times faster than t true

…extra 250 ms for toolbox run, and wrote a script that keeps Alacritty running as a daemon inside (and outside) the toolbox, making opening a new terminal window always instant. As a bonus, this happens to fix the SIGHUP problem that I mentioned above: since Alacritty runs directly inside the toolbox, closing its window will properly close the terminal app running inside.

(Eventually I went even further and made a tiny service for fun that runs inside the toolbox, listens to a socket, and runs the command it receives. I only use it in .desktop files though instead of t to avoid the 250 ms delay.7)

What about other systems? #

I quite like my Silverblue setup. It very much works, and with the tools that it has, it lets me do anything that I might need.

Silverblue is not without its problems however, so I’ve been thinking about what parts of the experience I find important, and how well other distributions currently satisfy them.

1. The ability to reboot to a previous, working system. Most new atomic/immutable distros can do this since it’s the main value proposition. It’s also possible on NixOS. On traditional distros I think you can get something close with btrfs snapshots, but it requires a complex setup.

A/B updates tie closely into this, where rather than mutating the running system, an update is prepared in a separate folder, then atomically swapped with the previous system version (which remains available to boot into should something go awry).

2. Anti-hysteresis. The host system always stays clean, packages don’t build up over time.

On a normal distro, a few months is enough for you to scarcely have any idea about all the random one-off packages you installed and forgot about, especially various development tooling and build dependencies not to mention the texlive-full installation. They use up disk space and time during system updates, sometimes cause conflicts and other annoying issues. Config migrations build up, and your system gradually drifts away from a clean well-tested upstream state.

Immutable distros solve this by not letting you install stuff on the host, and every updated rebuild of the host system starts from a fresh state, so there’s no accumulation of junk.

NixOS and Silverblue do let you add (layer) packages, so they can build up, but:

• they make it sufficiently annoying, making you prefer non-host environments such as toolbox for one-off packages;
• even with layered packages, the system is rebuilt from a fresh state every update.

Technically, you could use toolbox for everything even on a normal Fedora Workstation, but this requires discipline and doesn’t save you from config migrations, SELinux labeling changes, etc.

3. The ability to easily install things on the host. This is the part where many newer immutable distros fail to provide a good experience. I need to install programs on the host, whether it’s because I want some host desktop components, or to test my own compositor, or whatever.

Often, I want to install something on the host quickly. For distros such as Universal Blue spins and other bootc-based systems, the suggested way to include components on the host is making your own downstream spin. But this works only for long-term packages: I don’t want to spend time editing and kicking off a full system build just to test some new terminal or notification daemon, not to mention the whole question of how to keep such a custom system always up to date with its base distro.

Compare this with rpm-ostree install on Silverblue: one command, slow but tolerable, and the OS remains automatically updated with no extra setup.

Some systems are even more limited, like GNOME OS which is based on the Freedesktop SDK. The selection of tools and libraries available in the Freedesktop SDK is (intentionally) much more limited compared to most distros, so in many cases you’ll find yourself having to go and build whatever you need from source. If that happens to be something big and complex like Qt (to try a hot new Quickshell-based desktop): good luck; I hope you didn’t have plans for the weekend.

A common suggestion for these OSes is systemd-sysext that lets you build an image and overlay it over /usr. Florian Müllner gave a talk at the 2025 GUADEC showing a nice workflow for using sysexts for Mutter and GNOME Shell development and testing on immutable distros.

It’s also possible to enforce system version compatibility checks in sysexts. A system like GNOME OS could build and ship a collection of sysexts version-locked to the runtime they were built against, and automatically updated together with the rest of the system using systemd-sysupdate, resulting in an experience similar to layered packages. (In fact, GNOME OS does have that, just the selection of sysexts is fairly small.)

Some software can be packaged into self-contained sysexts that work on most distros. The Flatcar sysext-bakery is one repository of such sysexts.

What’s wrong then? Well, the main limitation of sysexts is that they are meant for tools without dependencies. They do not do any dependency resolution or support any dependencies other than, optionally, the base OS itself. Back to my example, while it’s possible to build and ship sysexts for Qt apps that bundle Qt itself, all of those sysexts will carry their own copies of Qt. Even worse, since they are mounted into the same filesystem tree, conflicting files (say, different-version Qt binaries) will get mounted only from one of the sysexts, whichever one happens to mount last. So sysexts aren’t a complete replacement for packages (nor are they intended to be).

4. The ability to make transient changes to the host. While I don’t immediately see why you couldn’t put a writable overlay on any regular distro like what ostree admin unlock does, I haven’t seen anyone doing it, or any simple “no thinking necessary” tools for it.1 Perhaps it’s too easy to mess up outside immutable systems?

It’s worth noting that some paths like /etc aren’t usually covered by immutability and overlays, so you still need to be a bit careful.

Conclusion #

All in all, Silverblue appears to be a sweet spot between offering immutable/atomic guarantees with plenty of useful tooling bundled in, while also being a normal Fedora with a wide package selection available for both persistent layering and quick transient installation. I appreciate the QA and other behind-the-scenes work that goes into my ability to install Silverblue and be reasonably sure that it will work, and keep working, with all of my hardware, and that I won’t have to hunt for packages to get a working bluetooth or what have you. My Silverblue installs are the longest I’ve kept any single distro, and I have no urge to reinstall because my host system remains clean and I know exactly what it comprises.

My issues with Silverblue mostly boil down to some rough edges and slowness of rpm-ostree, and some less than ideal Flatpak repository defaults. Having to do most of the work in a container is somewhat annoying at times, especially when dealing with nested containerization or VMs. But I’m not sure there’s a better way fundamentally, without trading host system robustness. For the few things that do require it, I can always unlock the host.

I hope this post sheds some light on immutable system workflows and perhaps inspires you to try one. I’d also love to hear your feedback and suggestions! Did I miss something? Is there a better way of doing things? A new system that solves all problems and makes everything better? Please reach out to me on Mastodon or by email, linked at the bottom of the page!

1. I’m told the modern alternative is systemd-sysext merge --mutable=ephemeral, which works across all distros and not just Silverblue. Haven’t tried it myself yet! ↩︎ ↩︎

2. I didn’t quite realize this before, but rpm-ostree usroverlay seems to literally exec ostree admin unlock:

   ┌ ~ └─ rpm-ostree usroverlay -h Usage: ostree admin unlock [OPTION…] Make the current deployment mutable (as a hotfix or development) (...) ┌ ~ └─ rpm-ostree usroverlay --version libostree: Version: '2025.4' Git: 99a03a7bb8caa774668222a0caace3b7e734042e (...)  ↩︎

3. Which is, uhh, not a lot of apps come to think of it. Nautilus, Ptyxis, Software, System Monitor, Settings, xdg-desktop-portal-gnome dialogs—the rest come as Flatpaks on Silverblue. How to test your GTK changes against those Flatpak apps? Uhhhhhh ↩︎

4. For years, it’s been rpm-ostree ex apply-live, where ex stood for experimental. I guess I’ve been procrastinating on this blogpost long enough that it had time to graduate to non-experimental rpm-ostree apply-live. ↩︎

5. The Ptyxis terminal can work properly on the host even when installed as a Flatpak. It does this by spawning a small binary on the host (through a host-run permission) that does all command spawning and PTY communication, while the Ptyxis GUI remains inside Flatpak. This is a clever workaround, but requires a sandbox hole and very careful engineering, and arguably runs somewhat at odds with the point of Flatpak. ↩︎

6. Since writing that example, I replaced that monitor and finally got rid of the custom initramfs. This is faster because without overrides, Silverblue directly uses an initramfs built on Fedora servers, and I think it also works better with secure boot? Either way, I wanted to leave it in as an example that you can customize the initramfs on Silverblue if needed. ↩︎

7. See for yourself:

   ┌ ~ └─ hyperfine -w 3 --shell=none 't true' 'true' 'tb true' Benchmark 1: t true Time (mean ± σ): 259.5 ms ± 3.6 ms [User: 2.9 ms, System: 6.2 ms] Range (min … max): 255.7 ms … 266.6 ms 11 runs Benchmark 2: true Time (mean ± σ): 408.7 µs ± 34.2 µs [User: 248.6 µs, System: 107.1 µs] Range (min … max): 370.2 µs … 1152.8 µs 6665 runs Benchmark 3: tb true Time (mean ± σ): 462.8 µs ± 41.7 µs [User: 264.2 µs, System: 135.6 µs] Range (min … max): 399.2 µs … 786.4 µs 6688 runs Summary true ran 1.13 ± 0.14 times faster than tb true 635.00 ± 53.80 times faster than t true  ↩︎

• Up too early. Dropped H. into XJTAG before her epic Asian trip. Lovely to meet up with John Hall and catch up after a couple of decades.
• Tried to pack, and gather together things for the Church's Men's walking weekend.
• Published the next strip: Ejecting a do-er, "if in doubt, kick them out!"; cancellation based on un-proven allegation seems to be the spirit of the age:

Do not let the AI to remove the fun part from software development. We shouldn't allow gen AI to write software just because it "can". First, we must ask if it "should" do it, and even then, we should ask if we want to delegate the fun part, the thinking, the writing, the learning.

Remember what's important, journey before destination, we are the Code:

Do not let AI to destroy the community, do not let it destroy the technological knowledge commons.

tl;dr

Open Source maintainers are dealing with a lot of new reports and pressure to "fix" the project due to generative AI.

We need to find a way of stopping this and get back to something maintainable before all maintainers get burned out and look for a job in a farm:

• 100% secure software doesn't exists, so there will be always a possible CVE there. As Spaf said in 1989:

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.

• Fixing bugs, adds new bugs, and if you need to fix something quick, the probability of new bugs will be higher. Do not forget about the First Law of Programming:

If it works, don't touch it

• The amount of CVE reports is lowering the CVE credibility and quality, so if everything is a "high" security issue, we can't prioritize now and these reports are not different from random issues in github. Do not listen to The Boy Who Cried Wolf

• Stable software is sable because it doesn't change too much. It's something that we are willing to loose trying to reach the impossible of 100% secure software?

The actual problem

There's a lot of money in AI tech right now, and everyone is trying to make the best gen AI tool or just pretend that their tool is the best.

In relation with the software analysis and writing, targeting the open source is the obvious strategy.

1. It's interesting to scrap every line of code, patch, pull request, issue and discussion around software to train your model, so AI scrappers are DDoSing open source projects infrastructure.

2. To promote their tools or themselves, Security Researches are using AI to target any project, reporting High security vulnerabilities, with the only goal of getting a CVE number to say how good they are.

This second point is affecting maintainers, because now you are receiving a lot of poor quality security reports, that are generated with AI and that looks plausible and are hard to read. You need to spend a lot of time to check if there's an actual wolf there or if it's again this boy that's tricking me.

This is burning the energy of maintainers, that instead of doing something productive are wasting their limited time talking with a Stocatic Parrot.

Do not let the AI Bros to use classic manipulation techniques on you!

A lot of open source projects are maintained by volunteers that do the work with passion and love. And even if it's the job that paid your bills, the maintainer can feel the pressure. When someone put a lot of love in something and work on it during years, it's part of his identity, so attacking the software is like attacking the person behind it.

This is nothing new, and a lot of people take advantage of this emotional link to manipulate the maintainer to do something that he do not want to do.

AI bros are using these techniques, do not let them to manipulate you and define your project agenda.

Here's a (not complete) list of known manipulation techniques that you can detect (and disarm!) in your daily community work:

• Flooding the queue. Just create so many new issues that the actual maintainers can't deal with it. You feel responsible for the project and feel bad because your TO-DO list is growing.

• This software is not secure (doesn't do what I want), I will use this other one instead that's better. The classic, "GNOME doesn't allow me to change this specific preference, I'll use KDE from now on".

• This software is low quality, it doesn't follow the (my random) quality standards. Direct attack to the maintainer self-esteem.

• Gaslighting software development. LLM are expert at this and people that uses it just copy the tactic. When the maintainer detects something weird and just tries to blame the other person for reporting nonsense and wasting all people time, it starts to invent new arguments and ignore the previous interaction.

So, take it easy, and remember the best clause in almost any software project, THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU:

Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. Is the software more insecure in 2026?

No. Anyone old enough could remember how insecure old software was. Do you remember windows 98? Do you remember the internet when everything was http (without that little s at the end), when people use ftp to logging into their server and modify the php code directly on production?

It's true that today we have more dependency on technology, but it's also true that everything is more secure, we have more and better cryptography, we have different levels of isolation, virtual environments, containers, virtual machines...

But we have the feeling that since AI can analyse all the software and look for vulnerabilities, we are doomed, because any stupid kid can hack my over engineered GNU/Linux machine!

First, that's not true, you need to know about security to get something useful from any AI tool. But even if it was true, what can you do about it? We need to be practical and find a balance between risk and usefulness, so do not overestimate the risk just because everyone is talking about it right now.

But even then, the security paranoia is not good for anyone. Software is inherently buggy, people write software and makes mistakes, so a possible vulnerability appears. In theory, these bugs are fixed when discovered, so it's always recommended to update to the latest version, because almost all known bugs will be fixed.

But it's also known that new versions comes with new functionality and code, and that means new "unknown" bugs or different behavior. That's a headache, so that's why the stable and Long Term Support are popular distributions, because "if it works, don't touch it".

Stable packages just get the fixes, not new features, but fixes are also code changes, so there's always a possibility to break something, even with a patch update.

The stable software has a lot of value, do not let the AI security paranoia destroy that, and convert everything in a rolling release with the latest and greatest (and possibly broken) software. Sometimes it's better to keep using something old, with known vulnerabilities that you can mitigate, than use the latest with unknown new vulnerabilities that you can't do anything about.

I will fight AI with AI

Please, do not do that. What I was trying to argue during this long post is not a technical problem. The current burnout problem in open source is a social problem, you can't fix it with a new layer of probabilistic tokens.

• Community reaction against AI. The current industry push for the usage of AI everywhere is affecting a lot of people, and as a reaction a lot of people are directly fighting back. Using gen AI just sends the message that you do not care enough to do it yourself, and destroy the trust on the project.

• It doesn't worth it. Even if the AI works (that it doesn't) it doesn't worth it. Writing code is easier than reviewing, you learn and grow with every new line of code that you write, delegating the fun part and personal growth part to an AI will make you work more miserable and you will be a junior forever.

• It doesn't create community. Think about it, it's hard to get someone involved in a software project, but who will want to read or improve the code produced by a gen AI? The only future collaborator will be another AI.

Take it easy

Just remember, you can always say no, there's no hurry, and there's no need to work on something that you don't want just because other people consider that important.

Free Source is something done by people, for people. The software is important, but the community around it is sometimes more important. We use Free source not because it's technically better (that it is), but because we trust who, how and why are writing it.

Remember why are you doing this, do not remove the Fun part, continue with the Just for Fun mood.