SoylentNews

The NetHack DevTeam is announcing the release of NetHack 5.0.0 on May 2, 2026

An Anonymous Coward writes:

https://nethack.org/v500/release.html

NetHack 5.0 is an enhancement to the dungeon exploration game NetHack, which is a distant descendent of Rogue and Hack, and a direct descendent of NetHack 3.6.

NetHack 5.0.0 is a release of NetHack. As a .0 version, there may be some bugs encountered. Constructive suggestions, GitHub pull requests, and bug reports are all welcome and encouraged.

Along with the game improvements and bug fixes, NetHack 5.0 strives to make some general architectural improvements to the game or to its building process. Among them, 5.0:

- Has its source code compliant with the C99 standard.
- Removes barriers to building NetHack on one platform and operating system, for later execution on another (possibly quite different) platform and/or operating system. That capability is generally known as "cross-compiling." See the file "Cross-compiling" in the top-level folder for more information on that.
- The build-time "yacc and lex"-based level compiler, the "yacc and lex"-based dungeon compiler, and the quest text file processing previously done by NetHack's "makedefs" utility, have been replaced with Lua text alternatives that are loaded and processed by the game during play.

A list of over 3100 fixes and changes can be found in the game's sources in the file doc/fixes5-0-0.txt. The text in there was written for the development team's own use and is provided "as is". Some entries might be considered "spoilers", particularly in the "new features" section.

VideoLAN Releases dav2d 0.0.1 as Early Preview AV2 Decoder

An Anonymous Coward writes:

VideoLAN releases dav2d 0.0.1 "Merbanan," an early preview AV2 decoder and successor to its widely used dav1d AV1 project.

VideoLAN, the organization behind VLC media player, has released dav2d 0.0.1 "Merbanan," the first public preview of its AV2 decoder and successor to the widely used dav1d AV1 decoder.

VideoLAN president and lead VLC developer Jean-Baptiste Kempf prepared the release, describing it as "a very early preview release of an AV2 decoder."

AV2 is the planned successor to AV1, the royalty-free video codec developed by the Alliance for Open Media. Earlier this year, AOMedia released a draft AV2 specification for public review after several years of development. The codec remains in the standardization process, so dav2d is an early implementation rather than production-ready software.

The new decoder builds on the approach established by dav1d, VideoLAN's AV1 decoder developed with the FFmpeg community, which played a key role in AV1 adoption by offering a fast, cross-platform software decoder while hardware support was still expanding.

dav2d is intended to serve a similar role for AV2, though it remains in the early stages of development. The decoder is CPU-based, cross-platform, and built on dav1d, with ongoing work on the C implementation, API, platform support, and architecture-specific optimizations.

Last but not least, VideoLAN has not announced when dav2d will be integrated into a stable VLC release, but that certainly won't happen anytime soon. At the moment, it only lays the groundwork for future playback support in open-source multimedia software as the codec and ecosystem mature.

dav2d 0.0.1 is available through VideoLAN's official GitLab repository.

FreeBSD 15.1 Beta Released For Early Testing

An Anonymous Coward writes:

https://www.phoronix.com/news/FreeBSD-15.1-Beta-1

Following last year's release of FreeBSD 15.0, FreeBSD 15.1 is working its way toward release release in June. For kicking off the release dance, FreeBSD 15.1 Beta 1 is available today for testing.

FreeBSD 15.1 pulls in a number of driver updates, including for better hardware support and the various WiFi driver enhancements that have been pursued as of late along with working toward better power management. As of writing, the 15.1 release notes have yet to begin to be filled out for fully documenting the many changes being made for FreeBSD 15.1.

One of the changes I was excited to see with FreeBSD 15.1 was the new KDE Plasma desktop install option from within their existing CLI installer. This has been part of the effort to enhance the laptop/desktop experience for FreeBSD. Surprisingly though when firing up the FreeBSD 15.1 Beta 1 AMD64 install media this morning, the KDE Plasma desktop option was not presented in any of the installer interfaces.

So unfortunately that KDE Plasma desktop option seems to have not made it unless it's otherwise being restricted to certain detected hardware/software state or other limitations. In any event those wanting to try out the FreeBSD 15.1 Beta 1 release can find the download information via the mailing list announcement.

From here there are weekly betas expected until the end of May when the release candidate happens and then if all goes well FreeBSD 15.1-RELEASE will be out on 2 June.

Original Submission #1  Original Submission #2  Original Submission #3 

hubie writes:

Researchers emphasize fructose's unique role in obesity, metabolic syndrome and other chronic diseases:

A new report, published today in Nature Metabolism, is shedding light on the distinct and underappreciated role of fructose in driving disease, separate from its role as a simple source of calories.

Researchers examine how common dietary sweeteners, including table sugar (sucrose) and high-fructose corn syrup, impact human health. While both contain glucose and fructose, fructose has unique metabolic effects that may more directly contribute to obesity and related conditions.

"Fructose is not just another calorie," said Richard Johnson, MD, professor at the University of Colorado Anschutz and study lead author. "It acts as a metabolic signal that promotes fat production and storage in ways that differ fundamentally from glucose."

The report outlines how fructose metabolism bypasses key regulatory steps in the body's energy-processing pathways. This can lead to increased fat synthesis, depletion of cellular energy (ATP) and the production of compounds linked to metabolic dysfunction. Over time, these effects may contribute to metabolic syndrome, a cluster of conditions that includes obesity, insulin resistance and cardiovascular risk.

Importantly, the authors emphasize that fructose's impact extends beyond dietary intake alone. The body can also produce fructose internally from glucose, suggesting that its role in disease may be broader than previously recognized.

The findings come amid ongoing concern about rising rates of obesity and diabetes worldwide. Although some countries have seen declines in sugary beverage consumption, overall intake of "free sugars" remains above recommended levels in many regions and continues to increase in others.

While fructose may have once served an evolutionary purpose, helping the body store energy that can aid survival during times of food scarcity, the researchers argue that in today's environment of constant food availability, these same mechanisms now contribute to chronic disease.

"This review highlights fructose as a central player in metabolic health," said Johnson. "Understanding its unique biological effects is critical for developing more effective strategies to prevent and treat metabolic disease."

Journal Reference: Johnson, R.J., Lanaspa, M.A., Tolan, D.R. et al. Fructose: metabolic signal and modern hazard. Nat Metab (2026). https://doi.org/10.1038/s42255-026-01506-y

Original Submission

An Anonymous Coward writes:

Since 1 PM EST on April 30, 2026, Ubuntu's infrastructure started falling over. Users trying to reach ubuntu.com were getting 503 errors. By the time the picture came into focus, it wasn't an outage in the ordinary sense, but it was a deliberate, large-scale attack, and the group behind it wasn't done talking. Till now, even after 12+ hours, its down. Country archive mirrors and archive.ubuntu.com seems to be working as of now along with documentation.ubuntu.com. The default repo URLs are not working.

        The attackers identified themselves as the Islamic Cyber Resistance in Iraq – 313 Team. They claimed responsibility for the assault and then, in a move that escalated things considerably, sent a direct message to Canonical: open a negotiation channel or the attack continues. They provided a Session contact ID and made clear they wanted a response. What they were after beyond that hasn't been publicly specified, but the implication was plain enough, this was extortion.

        That's the part that security researchers found notable, not just the volume of traffic being thrown at Canonical's servers, but the shift from disruption to demand. A DDoS that hits a website homepage is annoying and embarrassing. A DDoS that specifically targets your security update infrastructure, and then comes with conditions attached, is a different kind of problem.

What's Actually Offline

The main ubuntu.com domain is affected, which is the visible, obvious part. But the more serious damage is to the security API and the CVE repositories, the systems that Ubuntu-based machines use to check what vulnerabilities need to be patched and to pull those patches down.

For most individual users running Ubuntu on a personal machine, this is mildly concerning but manageable. You sit on your current patch level, you wait, you avoid pulling in new software from dubious sources in the meantime. Not ideal, but survivable.

For enterprises running large fleets of Ubuntu servers (and there are a lot of them), the picture is more complicated. Automated patch management pipelines are broken. Scripts that should be checking for CVE updates are returning errors or nothing at all. Security teams that operate on the assumption that their systems are continuously pulling current vulnerability data are now operating on stale information, and they may not immediately know how stale.

The concern raised by threat intelligence analysts is that other actors – ones with no connection to the 313 Team might look at this window and try to exploit it. Known vulnerabilities that would normally get patched within hours of disclosure are sitting unpatched on machines that simply cannot reach the relevant repositories. It's a gap, and gaps don't stay unnoticed for long.

Who Is the 313 Team

The 313 Team has shown up in hacktivist contexts before, usually associated with pro-resistance political positions and targeted disruptions rather than financially motivated attacks. But what's described here, with the Beamed Network providing backend infrastructure, isn't the profile of a small group running off commodity tools. The scale and the apparent technical organization behind it suggest either that the group has grown its capabilities considerably, that it has backing it didn't previously have, or both.

That said, there's still a lot that isn't known. The exact volume of traffic, how Canonical's mitigation efforts are going, whether any communication has actually taken place between Canonical and the attackers, none of that has been confirmed. Canonical has not issued a detailed public statement. An Estimated Time of Recovery hasn't been given. The status page is the most current source most users have, and it's been grim reading.

The Extortion Angle

This is the piece worth sitting with. DDoS attacks against major infrastructure targets aren't new. What's less common is the explicit demand attached – the attackers effectively saying: find us, talk to us, or this keeps going. That's a negotiating posture, not just a protest.

Whether Canonical engages with that posture, and what either outcome looks like, is genuinely unclear. Negotiating with groups like this sets a precedent security professionals universally hate. Not negotiating means the attack continues, with real consequences for the millions of users who depend on Ubuntu's update infrastructure. There's no clean path here.

Security researchers tracking this have noted that the specific targeting of patch mechanisms rather than just public-facing websites shows a degree of strategic thinking. You go after the homepage, you get headlines for a day. You go after the security update pipeline, you create compounding problems – every hour that passes is another hour that newly disclosed vulnerabilities can't be addressed by automated systems. The damage stretches forward in time even after the attack ends, because systems that should have been patched during the outage window remain unpatched until someone manually intervenes.

hubie writes:

Anthropic silently installed a spyware bridge on my machine:

I was working on a personal project, debugging a Native Messaging helper I had written for it. In the process I needed to check what Brave Browser had registered on my laptop. What I found was a file I had never put there. It was not mine. I had not installed it. I had not authorised it. I had not even been told about it.

It was from Anthropic.

The file sits at this path on my MacBook:

~/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.anthropic.claude_browser_extension.json

And its contents are this:

{
  "name": "com.anthropic.claude_browser_extension",
  "description": "Claude Browser Extension Native Host",
  "path": "/Applications/Claude.app/Contents/Helpers/chrome-native-host",
  "type": "stdio",
  "allowed_origins": [
  "chrome-extension://dihbgbndebgnbjfmelmegjepbnkhlgni/",
  "chrome-extension://fcoeoabgfenejglbffodgkkbkcdhcgfn/",
  "chrome-extension://dngcpimnedloihjnnfngkgjoidhnaolf/"
  ]
}

For the non-technical reader, this is a Native Messaging manifest. It is the document a Chromium-based browser consults when a browser extension wants to call an executable on the local machine. Native Messaging hosts run outside the browser sandbox, at the same privilege level as the user. If a browser extension with one of the three IDs listed above reaches my Brave install, Brave is pre-authorised to spawn the binary at /Applications/Claude.app/Contents/Helpers/chrome-native-host on my laptop with my access permissions.

I did not install any Anthropic browser extension. I have never installed a Claude browser extension due to privacy and security concerns. I did install Claude Desktop, the Mac app, a while back. That is the only thing on this machine which could have written the file. Claude Desktop reached into Brave, a browser from a completely separate vendor, and registered a back door for a browser extension I do not have.

One clarification before I continue, because the Anthropic ecosystem has two products whose names blur together. This article is about Claude Desktop, the Electron-based macOS application with bundle identifier com.anthropic.claudefordesktop, distributed as Claude.app. It is not about Claude Code, Anthropic's command line developer tool. Claude Code has its own, separately documented, Native Messaging bridge with the filename com.anthropic.claude_code_browser_extension.json. The bridge this article is about is installed under a different filename, com.anthropic.claude_browser_extension.json, by a different product, under a different internal subsystem, and is entirely undocumented by Anthropic. The two bridges coexist. This article concerns the undocumented one.

At rest, the bridge does nothing. The binary does not run until a browser extension with one of the three listed IDs calls it. So on my machine, right now, nothing is happening. That is the one argument Anthropic will try to hide behind. Let me cut through it in advance.

When the paired extension is present and the bridge is activated, it exposes browser automation capabilities to whatever agentic process Claude is running. Anthropic describe those capabilities in their own public documentation. [...]

That is explicit authenticated session access, DOM state read, form filling, and screen capture, described by Anthropic on their own documentation site. If I have my bank open in a tab, the bridge's documented capabilities include reading it as me. If I have Tax, or my Health portal, or a client's Slack, or an admin console to production infrastructure, the documented capabilities include acting as me there.

The bridge runs outside the browser's sandbox at user privilege level, and Native Messaging hosts do not surface in any standard macOS process or permission UI, they are invoked by the browser and communicate over stdio.

This is the capability that Anthropic pre-stages on my laptop the moment I install their desktop application. Without telling me. Without asking me. Without offering me the chance to say no.

TFA says folders were also created for other browsers that weren't installed, so if any of those browsers were later installed, this would be active from the start. Apart from whether Anthropic needs this to function, looking at it from a higher level, the fact that you can do this sounds to be like a horrible security loophole that can be easily exploited.

Original Submission

An Anonymous Coward writes:

https://lwn.net/Articles/1070864/

Terence Eden reports that the UK's National Health Service (NHS) is preparing to close almost all of its open-source repositories as a response to LLM tools, such as Anthropic's Mythos, becoming more sophisticated at finding security vulnerabilities. He does not, to put it mildly, agree with the decision:

The majority of code repos published by the NHS are not meaningfully affected by any advance in security scanning. They're mostly data sets, internal tools, guidance, research tools, front-end design and the like. There is nothing in them which could realistically lead to a security incident.

When I was working at NHSX during the pandemic, we were so confident of the safety and necessity of open source, we made sure the Covid Contact Tracing app was open sourced the minute it was available to the public. That was a nationally mandated app, installed on millions of phones, subject to intense scrutiny from hostile powers - and yet, despite publishing the code, architecture and documentation, the open source code caused zero security incidents.

Furthermore, this new guidance is in direct contradiction to the UK's Tech Code of Practice point 3 "Be open and use open source" which insists on code being open.

Original Submission

canopic jug writes:

Rightscon, a world summit on human rights in the digital age, has been canceled at the last minute through actions by its host nation's government:

It is with heavy hearts that we share: RightsCon will not proceed in Zambia or online.
We understand this news is deeply upsetting for our community and while we know everyone has questions, our goal right now is to notify you of the event's status because many of you have imminent travel plans.
We do not recommend registered participants travel to Lusaka for RightsCon.

Over the last 48 hours we have experienced an overwhelming surge of support from civil society, government representatives, sponsors, and our community as a whole. For this, we wholeheartedly thank you. We'll communicate more information soon.

And there is secondhand coverage:

The Tor Project is deeply saddened by the last-minute cancellation of RightsCon 2026 in Lusaka, Zambia, and online. The right to assemble, associate, and speak freely must not be conditioned on political approval. Convenings like RightsCon are essential precisely because they create space for difficult, urgent, and necessary conversation about power, technology, rights, and accountability.

Tor's work is rooted in the belief that everyone should be able to speak freely, safely, and privately. We build tools that help people connect, communicate, organize, and seek information; especially those facing censorship, surveillance, repression, discrimination, and other forms of vulnerability. The disruption of a space dedicated to advancing these shared goals represents a serious gutpunch to the global human rights community.

— Tor Project Statement on the Abrupt Cancellation of RightsCon 2026 , The Tor Project.

"Fnord666" writes:

A ChatGPT AI has proved a conjecture with a method no human had thought of. Experts believe it may have further uses:

Liam Price just cracked a 60-year-old problem that world-class mathematicians have tried and failed to solve. He's 23 years old and has no advanced mathematics training. What he does have is a ChatGPT Pro subscription, which gives him access to the latest large language models from OpenAI.

Artificial intelligence has recently made headlines for solving a number of "Erdős problems," conjectures left behind by the prolific mathematician Paul Erdős. But experts have warned that these problems are an imperfect benchmark of artificial intelligence's mathematical prowess. They range dramatically in both significance and difficulty, and many AI solutions have turned out to be less original than they appeared.

The new solution —which Price got in response to a single prompt to GPT-5.4 Pro and posted on www.erdosproblems.com , a website devoted to the Erdős problems, just over a week ago—is different. The problem it solves has eluded some prominent minds, bestowing it some esteem. And more importantly, the AI seems to have used a totally new method for problems of this kind. It's too soon to say with certainty, but this LLM-conceived connection may be useful for broader applications—something hard to find among recently touted AI triumphs in math.

"This one is a bit different because people did look at it, and the humans that looked at it just collectively made a slight wrong turn at move one," says Terence Tao, a mathematician at the University of California, Los Angeles, who has become a prominent scorekeeper for AI's push into his field. "What's beginning to emerge is that the problem was maybe easier than expected, and it was like there was some kind of mental block."

An Anonymous Coward writes:

Meet The Mushroom That Makes People Have The Exact Same Hallucination

Scientists call them "lilliputian hallucinations," a rare phenomenon involving miniature human or fantasy figures

Biologist Colin Domnauer is reopening an old case that Chinese health officials seem to have stopped caring about. Every summer, residents of the Yunnan province check into hospitals with complaints that they're hallucinating tiny elflike people. They would see the little dudes marching under their doors, scaling their walls, and clinging to their furniture.

Health officials used to care about it. They looked into it some years back and found that the cause was Lanmaoa asiatica, a mushroom that's been eaten in Yunnan for years. It's supposedly got a rich, umami flavor, and locals know that you have to cook it thoroughly, not to bring out that flavor, but to kill off the mushroom's hallucinogenic properties.

Scientists call these "lilliputian hallucinations," a rare phenomenon involving miniature human or fantasy figures. If you've seen the Adult Swim show Common Side Effects, you may be familiar with the surreal trippiness of this apparently very real form of mushroom-based hallucination. What makes this particular hallucinatory mushroom so unusual is that it causes the same kind of hallucinations in different people, across cultures.

It's always the little elf dudes.

[...] What's fascinating is the active compound isn't psilocybin, the hallucinatory chemical found in shrooms people take recreationally or therapeutically. The hallucinations take 12 to 24 hours. to begin and can last for a long time, sometimes long enough to require hospitalization and careful observation. The trip can last so long that it's impractical as a recreational drug, which is why no culture seems to use the mushroom intentionally as a psychedelic. Not yet, at least.

BBC Article:

'They saw them on their dishes when eating': The mushroom making people hallucinate dozens of tiny humans

Only recently described by science, the mysterious mushrooms are found in different parts of the world, but they give people the same exact visions.

Every year, doctors at a hospital in the Yunnan Province of China brace themselves for an influx of people with an unusual complaint. The patients come with a strikingly odd symptom: visions of pint-sized, elf-like figures – marching under doors, crawling up walls and clinging to furniture.

The hospital treats hundreds of these cases every year. All share a common culprit: Lanmaoa asiatica, a type of mushroom that forms symbiotic relationships with pine trees in nearby forests and is a locally popular food, known for its savory, umami-packed flavor. In Yunnan, L. asiatica is sold in markets, it appears on restaurant menus and is served at home during peak mushroom season between June and August.

One must be careful to cook it thoroughly, though, otherwise the hallucinations will set in.

An Anonymous Coward writes:

Ask.com (known originally as Ask Jeeves) was an answer engine, e-magazine, and former web search engine, operated by Ask Media Group. It was conceptualized and developed in 1996 by Garrett Gruener and David Warthen, based in Berkeley, California.

- https://en.wikipedia.org/wiki/Ask.com

Ask.com reads:

Every great search
must come to an end.

As IAC continues to sharpen its focus, we have made the decision to discontinue our search business, which includes Ask.com. After 25 years of answering the world's questions, Ask.com officially closed on May 1, 2026.

"To the millions who asked..."

We are deeply grateful to the brilliant engineers, designers, and teams who built and supported Ask over the decades. And to you—the millions of users who turned to us for answers in a rapidly changing world—thank you for your endless curiosity, your loyalty, and your trust.

Original Submission

An Anonymous Coward writes:

https://www.phoronix.com/news/Linux-Kernel-Nearly-40M

Ahead of the Linux 7.1-rc1 kernel release due out later today for closing the Linux 7.1 merge window, I was curious if all the code removals would lead to a negative change in line count over Linux 7.0. The removals were not enough and Linux 7.1 Git is fast approaching 40 million lines.

With Linux 7.1 removing ISDN, ham radio, and other old network driver code that yielded a 138k lines of code reduction, I was curious how that would impact the line count for Linux Git. Plus removing some obsolete PCMCIA drivers also happened for Linux 7.1 as did removing some PCI drivers and beginning to remove support for Russia's Baikal CPUs. Linux 7.1 also began decommissioning of the Intel 486 CPU support but that doesn't have much impact on the line count yet, more removals around now useless i486 bits will come in future kernel cycles.

The Git repository for Linux v7.0 came in at 39,621,378 lines between 4,991,874 blank lines, 4,737,829 lines of code comments, and then 29,891,675 lines of detected code as measured by the cloc program.

Even with the removals, Linux 7.1 is still growing larger. Linux Git as of this morning measured by cloc came in at 39,880,636 lines -- or roughly 259k lines of code added this merge window even with all the removals that took place. That 39.8M lines is between 5,015,790 blank lines, 4,775,889 code comments, and 30,088,957 lines as measured by cloc. So Linux 7.1 crossed the threshold of 30 million lines of detected code while with the blank lines and code comments is fast approaching 40 million lines. For the Linux 7.2 cycle is presumably when it will breach 40 million lines in total.

While at it, I also took a read of the current size of the drivers/gpu/drm/amd area with AMDGPU and AMDKFD along with associated code like the display core (DC) and all the auto-generated header files for each GPU. In Linux 7.0 the modern AMD kernel graphics driver stack was at 6,049,235 lines and now rose to 6,162,946 in the current Linux 7.1 Git state.

Original Submission

"Fnord666" writes:

There's A Good Reason Semi Trucks Don't Use V8s:

V8 engines are among our favorites . They make big power and sound that is, in the vernacular of Boston, wicked awesome. It's only natural to think that such big engines would power the big semi trucks that transport most cargo in the U.S., but that isn't true. Instead, you're more likely to find an inline-6 under the hood of most modern semis.

There are some important reasons why V8s have fallen out of favor in trucking. A V8 makes great horsepower, but towing heavy loads is all about torque. The inline-6 engines powering most modern semis make between 400 and 600 horsepower. That's not much more power than a well-equipped pickup truck these days, and is likely all the horsepower you really need anyway . However, most pickups don't make anywhere near the 1,000 to 2,000 pound-feet of torque that semi engines do. Big displacement in the 13 to 16-liter range, turbocharging, and diesel power maximize torque, and it shows in those four-digit figures.

Another factor is that in the U.S., semis are typically limited to a maximum weight of 80,000 lbs. Scania makes a 16.4-liter V8 producing 2,350 lb-ft used in Europe, but many of those countries allow heavier loads than we do. A smaller inline-6 can handle lighter American loads just fine.

The fundamental nature of an inline-6 is simpler than a V8. There's only one cylinder head, not two, so it has fewer parts. It's also easier to access and work on, reducing both maintenance costs and the time the truck is off the road. All this, plus its low-revving nature, makes the engine slightly more fuel efficient than a higher-revving V8. It's not much more efficient, but when you're talking six to eight MPG, every little bit helps and makes a big difference over thousands of miles.

The final nail in the V8's coffin was increasingly strict emission regulations for semis. It's easier to get a smaller displacement inline-6 to comply than a bigger V8, so that's what most manufacturers chose to do. In contrast, some companies like Caterpillar simply quit producing semi-trucks, focusing instead on off-highway applications. While electric options like the Tesla Semi may play a role in the future, the inline-6 remains the workhorse of American trucking for now.

Read More: https://www.jalopnik.com/1906098/why-semi-trucks-use-inline-6-not-v8-explained/

Original Submission

An Anonymous Coward writes:

Mitchell Hashimoto says GitHub's outages and workflow failures have made the platform unsuitable for Ghostty's active development.

Ghostty, a modern GPU-accelerated terminal emulator developed by Mitchell Hashimoto, is transitioning its active development away from GitHub due to ongoing reliability issues that have disrupted daily workflows.

Hashimoto announced the decision in an emotional post titled "Ghostty Is Leaving GitHub," stating that the project will gradually eliminate its dependency on GitHub while maintaining the current repository as a read-only mirror. Further details about the new hosting platform will be provided in the coming months, as discussions continue with both commercial and open-source providers.

This decision is significant given Hashimoto's background. He is best known as the co-founder of HashiCorp (departed in 2023), the infrastructure automation company behind widely used tools such as Terraform, Vault, Consul, Nomad, Packer, and Vagrant, which are the de facto standard in DevOps circles today.

In his post, Hashimoto describes the decision as personally difficult rather than a result of casual dissatisfaction. He notes that he used the platform daily for over 18 years, which makes the current decision even harder.

"I'm GitHub user 1299, joined Feb 2008. Since then, I've opened GitHub every single day. Every day, multiple times per day, for over 18 years. Over half my life. A handful of exceptions in there (I'd love to see the data), but I can't imagine more than a week per year."

Hashimoto states he has recently been publicly critical of GitHub due to daily service failures. He kept a journal over the past month, marking each day when a GitHub outage negatively impacted his work, and notes that almost every day was affected.

"For the past month I've kept a journal where I put an "X" next to every date where a GitHub outage has negatively impacted my ability to work. Almost every day has an X. On the day I am writing this post, I've been unable to do any PR review for ~2 hours because there is a GitHub Actions outage".

According to Hashimoto, however, the issue is not with Git itself. He clarifies that the problem lies in the surrounding GitHub infrastructure, including issues, pull requests, GitHub Actions, and related collaboration workflows. For Ghostty, these failures have impacted both maintainers and the broader open-source community, prompting the decision to move away.

However, it is hard not to notice the strong disappointment in his words regarding the popular developer platform.

"It's not a fun place for me to be anymore. I want to be there but it doesn't want me to be there. I want to get work done and it doesn't want me to get work done. I want to ship software and it doesn't want me to ship software. I want it to be better, but I also want to code. And I can't code with GitHub anymore. I'm sorry. After 18 years, I've got to go."

Importantly, Ghostty will not be removed from GitHub immediately. The migration will occur incrementally, and the current GitHub repository will remain available as a read-only mirror. Hashimoto notes that his personal projects and other work will stay on GitHub for now, with Ghostty prioritized due to the significant impact of reliability issues.

What have been your experiences with GitHub - both positive and negative? Do you recommend any alternatives?

Original Submission

Devuan developer creates GTK2 fork

An Anonymous Coward writes:

https://distrowatch.com/dwres.php?resource=showheadline&story=20175

A developer with the Devuan project has created a fork of the GTK2 toolkit with an aim to maintain it, provide fixes, and make it possible for older applications to remain compatible with the GTK toolkit. While GTK2 has not been maintained upstream for years, and it has been dropped from the latest versions of some distributions, it was the basis for many applications, not all of which have migrated to GTK3. The announcement thread has more information and the code has been published in Devuan's git repository.

Trinity Desktop Environment R14.1.6 Adds Support for Fedora 44, Ubuntu 26.04 LTS

An Anonymous Coward writes:

https://9to5linux.com/trinity-desktop-environment-r14-1-6-adds-support-for-fedora-44-ubuntu-26-04-lts

This release also adds support for the LoongArch64 architecture on Debian 14 Forky/Sid and support for the Mageia 10 distribution.

Trinity Desktop Environment (TDE) R14.1.6 desktop environment has been released today for nostalgic KDE 3.5 users as the sixth maintenance release of the R14.1.x series, adding new features and enhancements.

Coming about five and a half months after Trinity Desktop Environment R14.1.5, the Trinity Desktop Environment R14.1.6 release introduces support for recent GNU/Linux distributions, including Ubuntu 26.04 LTS (Resolute Raccoon), Fedora Linux 44, and Mageia 10, as well as support for the LoongArch64 architecture on Debian 14 Forky/Sid.

Trinity Desktop Environment R14.1.6 also updates the available search engines and graphical UI, adds a "Go to Desktop" action to the Konqueror browser, adds an option for a 3D border to the Kicker application menu, and adds drag and drop support of snapshots into other apps from the KSnapshot screenshot utility.

In addition, this release adds "Compatibility options" and "Currency signs" options under Kxkb's "Miscellaneous options", improves the handling of special unicode characters in TQt (Trinity Qt), and improves arrow key and Page Up/Page Down navigation and scrollbar in the KCharSelect characters tool.

An Anonymous Coward writes:

The C64C Ultimate will be manufactured using the same tools as the original was back in 1986.

The creators of the C64 Ultimate, a recreation of the iconic '80s personal computer that uses an FPGA chip to accurately replicate the original, have announced a follow-up version that continues in its predecessor's footsteps. The original Commodore 64 first debuted in 1982 and was followed by the Commodore 64C in 1986, which was functionally nearly identical but introduced a slimmer case and a more modern color scheme. It's the same story for the new Commodore 64C Ultimate. It gives the C64 Ultimate a welcome facelift, but there's no new functionality.

To make the C64C an authentic recreation of the original – at least on the outside – the reborn Commodore reacquired the exact same injection tooling molds that were used to manufacture the original's plastic housing 40 years ago. The new C64C Ultimate even features faint semi-circular marks on its housing resulting from melted plastic cooling unevenly inside the molds; a sign of authenticity that would be overly-complicated to fake.

As with the C64 Ultimate, the new C64C Ultimate features upgrades like Wi-Fi, USB, and an HDMI port for connecting it to modern displays. But it also carries forward the same ports from the 1986 version of the computer and is compatible with its '80s-era peripherals like floppy disk and cassette drives. It's available for preorder now starting at $299.99 with shipping expected as early as September, while more premium versions that add upgrades like LED lighting, translucent case, and gold keycaps go up to $499.99.

Original Submission

"Fnord666" writes:

Civil liberty concerns spur FAA to revise drone no-fly zones near ICE vehicles:

In January 2026, during the height of protests against immigration raids in Minneapolis, federal agents shot and killed 37-year-old Renee Good . Before even gathering all the facts , the Department of Homeland Security labeled the mother of three an "anti-ICE rioter" who "weaponized her vehicle against law enforcement" in an "act of domestic terrorism."

Days later, the feds announced a major expansion of "no-fly zones" in the name of national security. While such no-fly zones used to be about controlling aircraft, they now often focus on small drones. The expanded no-fly zones announced on January 16 prohibited such drones from flying within 3,000 lateral feet and 1,000 vertical feet of federal facilities.

But for the first time, the order extended no-fly zones to ground vehicles belonging to the Department of Homeland Security. Even while the vehicles were in motion. Even if they were unmarked. And even if their routes had not been announced.

This exceptionally ambiguous policy posed real danger to people like Rob Levine , a freelance photojournalist and commercial photographer in Minneapolis for nearly four decades. Since Levine got his remote-pilot certification and bought his first drone in 2016, he has flown a small fleet of DJI quadcopter drones to take aerial photographs and videos of Minnesota's rivers, bridges, and cities, along with crowds gathered for outdoor concerts and parades. More recently, he has documented Twin City residents protesting the increased presence of federal agents in their community.

Levine immediately stopped flying when he saw the no-fly notice. The notice said government agencies could shoot down or seize drones "deemed to pose a credible safety or security threat," and it warned of civil and even criminal penalties for drone operators.

"I saw what these federal agents were willing to do, the violence they were willing to visit upon even constitutional observers here in the Twin Cities who were just photographing what they were doing," Levine told Ars.

Good's killing had occurred just six blocks from his home. "It didn't take much imagination to think what they would do to somebody with a drone, and so for weeks I didn't go fly," he said.

A week after the no-fly zone warning, the situation in Minneapolis escalated further when Customs and Border Protection officers killed Alex Pretti , a 37-year-old intensive care nurse, after wrestling him to the ground and shooting him multiple times.

Levine wanted his drones back in the air. But when he sought guidance from the Federal Aviation Administration, the agency candidly acknowledged that the no-fly zone warning was "ambiguous" and "therefore, any flight carries the risk of inadvertent violation."

Could such a policy possibly be legal?