Tech & AI Daily
Jeff Geerling lays out how Bambu Lab built their 3D printer firmware on GPL-licensed open source but is stonewalling compliance requests. Same old story of a company extracting from open source while giving nothing back, and the community is rightfully furious.
CERT just released six CVEs covering serious vulnerabilities in dnsmasq, the DNS and DHCP server quietly running on millions of routers, home labs, and embedded Linux devices. If you are self-hosting anything behind a dnsmasq setup, patch now and do not wait.
Canvas LMS parent company Instructure confirmed it paid a ransom following a breach of its platform. Paying ransoms is a terrible precedent that guarantees more attacks, and the fact that a major edtech provider folded this fast should concern anyone whose data lives in Canvas.
XBOW's AI-powered vulnerability scanner found CVE-2026-45185, an unauthenticated remote code execution bug in Exim. If you are running Exim for mail (and a lot of self-hosters are), this is a drop-everything patch situation.
TanStack published a detailed postmortem on a supply chain attack that hit their NPM packages, used by millions of React and TypeScript developers. This is required reading if you publish to NPM or depend on any popular JS library, because the attack vector is subtle and the blast radius was enormous.
A genuinely interesting essay questioning whether language choice still matters when AI is generating most of your codebase. The argument is more nuanced than the clickbait title suggests, touching on runtime, ecosystem, and human readability trade-offs that AI does not solve.
Obsidian's blog post outlines where the plugin ecosystem is heading, including API stability commitments and sandboxing changes. Worth a read if you rely on Obsidian plugins heavily, because some existing plugins will need updates.
The EFF breaks down how Canada's new Bill C-22 is largely a renamed version of last year's defeated surveillance legislation, with the same mass interception provisions intact. Privacy-relevant for anyone operating infrastructure with Canadian users.
Statewright is a new open source tool for building visual state machines specifically designed to make AI agents more predictable and debuggable. This is directly relevant to OpenClaw and any agentic orchestration work as a potential pattern for controlling agent flow.
Cactus Compute released Needle, a 26 million parameter model distilled from Gemini's tool calling capabilities. Tiny purpose-built models for agentic tasks are a real trend worth watching for edge inference and low-latency agent orchestration.
Subscribe and get Tech & AI Daily delivered to your inbox every morning.