Tuesday, September 9, 2025

Platform

Linus Torvalds has expressed frustration with excessive use of "Link:" tags in Git commits for the Linux kernel, saying they often add no value and waste time. He plans to be stricter in accepting pull requests with these tags, reserving them for context beyond what's available, and discouraging unnecessary uses through automation.

MeetC2 is a proof-of-concept C2 framework that uses Google Calendar as a covert communication channel, allowing cloud services to be abused for adversarial operations. It creates a polling loop that sends GET requests every 30 seconds to check for new calendar events containing commands, which are then extracted and executed locally by the "guest" agent.

A security post from Trail of Bits analyzes the vulnerabilities of using Ruby's `Marshal` module for serialization, highlighting its dynamic typing system and resulting exploitation risks. The author recommends replacing `Marshal` with safer alternatives, auditing codebases, and properly typed database columns to mitigate these risks in Ruby applications.

A space flight simulator has been developed in Clojure, leveraging immutable values and safe parallelism for advanced graphics capabilities. The game features 3D rendering of planets and atmospheres, as well as ray tracing and templated OpenGL shaders, while also incorporating astronomy code and performance optimization techniques like LRU caching.

Thomas Gleixner's code overhaul has improved the restartable sequences feature in Linux kernel development, addressing scalability issues and performance concerns. The changes aim to prevent spurious restarts and reduce overhead, making the feature more practical for developers. This update also prepares the ground for integration with time-slice extension features.

Hong Minhee shares his frustration with writing repetitive CLI validation code, citing its ubiquity in CLI tools. He introduces Optique, a library that parses CLI arguments into types that can only be valid, eliminating lengthy if-statements and making it easier to write maintainable and efficient CLI logic for improved development workflows.

Microsoft's first-ever programming language BASIC was a pivotal innovation that built modern software development. The company released version 1.1 source code on GitHub, allowing users to view and download assembly code. This historic release represents a foundational moment in computer history, influencing MS-DOS, programming standards, licensing, and democratizing computer programming.

Minarrow is a modern Rust implementation of Apache Arrow's zero-copy memory layout, designed for high-performance computing and embedded systems. It offers a cohesive API with extensive coverage, fast compile times, and 64-byte SIMD alignment for optimal CPU utilization, making it suitable for applications requiring speed and simplicity in runtime performance.

Google's AI Mode is poised to become the default interface for Google Search "soon" according to Logan Kilpatrick, lead product manager at Google DeepMind. A new shortcut URL has been added to google.com/ai, allowing users to access AI Mode directly, but not necessarily making it the default for all users initially.

A research paper examines the limitations of retrieval augmentation (RAG) with large language models (LLMs), highlighting challenges such as inefficient retrievals, overconfidence, and diminishing returns. The authors propose strategies to address these issues, including selective retrieval, confidence-based triggers, fine-tuned LLMs, and external gatekeepers, for improved efficiency and effectiveness.

A recently discovered Windows driver vulnerability allows attackers to access sensitive files directly from the disk without filesystem intervention or EDR solutions. This is achieved by exploiting a bypass of ACLs and file locks through raw disk reads, highlighting the need for secure coding practices and careful testing of drivers.