01 Jul 2026
Planet Grep
Mattias Geniar: What 1.8 million real website outages look like
We watch websites for a living at Oh Dear , which puts us in a unique position: we have data on a lot of different outages.
01 Jul 2026 12:54pm GMT
Frederic Descamps: MariaDB Server Plugins: disabled functions
During the last MariaDB Foundation Board Meeting (24 June 2026), Barry shared how it can be difficult to deploy an upgrade immediately and that they sometimes have to wait for one that fixes security bugs. Wait for the validation, wait for the fix, and the release. Even if the MariaDB engineers are doing incredible work, […]
01 Jul 2026 12:54pm GMT
Dries Buytaert: The privilege of AI in Open Source
Back in 2019, I wrote that Open Source is not a meritocracy. Meritocracy says talent is the only thing that counts, but that is not true. To contribute, you also need time, a steady income, and a flexible schedule. Plenty of people lack one or more of these.
Some people can give their nights and weekends to learning a codebase, clearing the issue queue, or reviewing patches. Some are paid to do it on the clock. A lot of people can't do either. Their hours go to a second job, caring for family, or simply making it through the week.
That doesn't make these people less talented. It means they have less opportunity.
AI changes the math. It can compress the time it takes to understand enough to act. A contributor might have the skill to fix a bug, but not the time to learn an unfamiliar codebase. AI can help them understand the codebase faster.
On paper, that should be great news for Open Source. In practice, AI will only help if access and skill become shared, not private advantages.
AI access is not equal. The most capable models and coding agents cost real money, and using them well takes real skill. I pay hundreds of dollars a month for these tools and have spent countless hours learning when to trust them, when to doubt them, and how to turn their output into useful work. Many contributors do not have that money or that time.
We learned once that "anyone can contribute" is not the same as "everyone has the same opportunity to contribute". AI can repeat that mistake in a new form.
Powerful technologies rarely share their benefits evenly at first. Electricity did not create equal opportunity the moment it was invented. It only changed lives broadly when people built the infrastructure to make it widely available. The internet followed a similar path: it started with privileged access, then became useful to millions more people as access became cheaper and easier.
AI is no different. If we want AI to reduce privilege in Open Source instead of reinforcing it, Open Source projects can do their part by helping close two gaps.
The first is cost. Contributors should be able to do meaningful work without paying for the most expensive AI tools. As lower-cost models, including open-weight models, improve, Open Source projects should make them practical for contribution work.
The second is skill. Knowing how to use AI well should become shared knowledge within Open Source projects so more people can learn faster and make better contributions.
Contributing with AI should come down to talent, not to who can afford the best tools or who has the time to learn them.
Open Source already moves many things from private advantage to shared infrastructure: code, documentation, best practices, and more. We make all of these public so more people can participate and build on each other's work. The ability to use AI well for contribution should move in the same direction.
Publicly sharing AI best practices is an important start, but not enough. If we want AI to reduce the privilege of free time, those practices need to be embedded in the project and the contributor experience, not live on the side. If potential contributors have to hunt down the tools, prompts, skill files, and know-how themselves, the people short on time are the first to give up, even though they stand to benefit the most.
But more contribution is not automatically progress. As I wrote in AI creates asymmetric pressure on Open Source, AI can make it cheaper to contribute without making it cheaper to review.
The test is whether AI helps more people move from issue to tested patch while making the result easier for maintainers to trust and merge.
If we do this well, AI can make contribution less dependent on free time. If we do it poorly, it will widen the gap for contributors and increase the burden on maintainers. If we ignore AI or discourage its use, it will still show up in contributions, just without shared norms or shared accountability.
In 2019, I argued that Open Source communities should create opportunity by paying contributors. I still believe that. Paying contributors gives people time. But AI gives us another way to reduce the privilege of free time: it helps people do more with the time they have.
I want Drupal to help explore this in practice: not because we have all the answers, but because this is the kind of problem Open Source should help solve.
01 Jul 2026 12:54pm GMT
Planet Debian
Ben Hutchings: FOSS activity in June 2026

This month's work was dominated by the transition of Debian 12 "bookworm" to support by the LTS team, and by review of some large updates to Linux stable branches.
Linux 6.12 is currently available in bookworm-backports, but that suite will stop accepting uploads after the last bookworm point release. I updated some supporting packages in bookworm in preparation for adding Linux 6.12 there. I also prepared for the possibility that bookworm-backports would close earlier.
Since the LTS team is still also maintaining Debian 11 "bullseye" until August, I reviewed upstream changes for both Linux 5.10 and 6.1 stable branches and reported a number of regressions and other issues.
- Debian packages:
- firmware-free:
- Merge requests:
- firmware-nonfree:
- Bugs:
- closed #1135723: firmware-nonfree: gencontrol conflates initramfs-tools with update-initramfs
- closed #1135736: firmware-nonfree: suggests initramfs-tools, which is being phased out
- closed #1137651: firmware-misc-nonfree: Please move firmware-intel-graphics and firmware-nvidia-graphics out of Recommends
- replied to #1139740: firmware-misc-nonfree should recommend firmware-nvidia-graphics to avoid kernel Oops + black screen
- replied to #1139746: firmware-realtek: W: Possible missing firmware rtlwifi/rtl8723bu_bt.bin for module rtl8xxxu
- Merge requests:
- Uploads:
- uploaded version 20260519-1 to unstable
- uploaded version 20260519-1~bpo13+1 to trixie-backports
- Bugs:
- kernel-wedge:
- Uploads:
- uploaded version 2.106~deb12u1 to bookworm-security
- Uploads:
- linux:
- Bugs:
- Merge requests:
- reviewed !1936: [sparc64] Add nvme module to scsi-modules udeb
- reviewed !1948: [amd64] Enable Intel Platform Hardware Support Drivers
- merged !1977: Fix build failure over missing vdso debug files
- merged !1981: 6.1 backport "bpf: Free reuseport cBPF prog after RCU grace period."
- opened !1984: udeb: Ensure that aead and macsec modules are in the right packages
- opened !1985: Add d/.flake8 config file to support pylsp
- merged !1992: 6.1 backport: ip6_vti: set netns_immutable on the fallback device. (CVE-2026-52909)
- merged !1993: 5.10 backport: ip6_vti: set netns_immutable on the fallback device. (CVE-2026-52909)
- merged !1999: 6.1 backport: Fix CVE-2026-46331
- opened !2004: [sparc64] udeb: scsi-modules: Use the default module list
- Uploads:
- (LTS) uploaded version 6.12.94-1~bpo12+1 to bookworm-backports
- uploaded version 7.0.12-2~bpo13+1 to trixie-backports
- uploaded version 7.1~rc7-1~exp1 to experimental
- (LTS) updated the bullseye-security branch to 5.10.259, but did not upload this version
- (LTS) updated the bookworm-security branch to 6.1.176, but did not upload this version
- (LTS) linux-6.12:
- prepared this backport package for bookworm-security, but did not upload it yet
- linux-base:
- Uploads:
- uploaded version 4.12.1~deb12u1 to bookworm-security
- Uploads:
- wireless-regdb:
- Merge requests:
- opened and merged !8: Update to 2026.05.30
- Uploads:
- uploaded version 2026.05.30-1 to unstable
- uploaded version 2026.05.30-1~deb12u1 to bookworm
- uploaded version 2026.05.30-1~deb13u1 to trixie
- Merge requests:
- firmware-free:
- Debian non-package bugs:
- Mailing lists:
- debian-backports:
- (LTS) posted EOL for bookworm-backports
- debian-boot:
- (LTS) posted and replied to Adding Linux 6.12 udebs for bookworm LTS
- debian-devel:
- debian-kernel:
- debian-lts:
- posted and replied to Preparation for Linux 6.12 in bookworm
- debian-lts-announce:
- (LTS) stable:
- reviewed >1000 patches included in 5.10.258-rc1, 5.10.259-rc1, and 6.1.176-rc1
- replied to [PATCH 5.10 210/589] spi: rockchip: fix controller deregistration
- replied to [PATCH 5.10 211/589] net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked
- replied to [PATCH 5.10 238/342] net: bridge: use a stable FDB dst snapshot in RCU readers
- replied to [PATCH 5.10 244/589] spi: topcliff-pch: fix use-after-free on unbind
- replied to [PATCH 5.10 245/589] cpuidle: powerpc: avoid double clear when breaking snooze
- replied to [PATCH 5.10 257/589] PCI/AER: Stop ruling out unbound devices as error source
- replied to [PATCH 5.10 263/589] media: uvcvideo: Enable VB2_DMABUF for metadata stream
- replied to [PATCH 5.10 267/589] media: rc: streamzap: Error handling in probe
- replied to [PATCH 5.10 274/589] drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
- replied to [PATCH 5.10 503/589] crypto: af_alg - Cap AEAD AD length to 0x80000000
- replied to [PATCH 5.10 035/342] batman-adv: tp_meter: fix race condition in send error reporting
- replied to [PATCH 5.10 036/342] batman-adv: tp_meter: avoid role confusion in tp_list
- replied to [PATCH 5.10 310/342] usb: typec: ucsi: Dont update power_supply on power role change if not connected
- replied to [PATCH 5.15 002/570] ip6_tunnel: Fix usage of skb_vlan_inet_prepare()
- replied to [PATCH 5.15 299/411] ALSA: aloop: Fix peer runtime UAF during format-change stop
- replied to [PATCH 5.15 323/411] spi: topcliff-pch: fix controller deregistration
- replied to [PATCH 6.1 011/522] tools/bootconfig: Cleanup bootconfig footer size calculations
- replied to [PATCH 6.1 033/522] net/sched: Revert "net/sched: Restrict conditions for adding duplicating netems to qdisc tree"
- replied to [PATCH 6.1 054/522] selftests/bpf: add generic BPF program tester-loader
- replied to [PATCH 6.1 064/522] selftests/bpf: S/iptables/iptables-legacy/ in the bpf_nf and xdp_synproxy test
- replied to [PATCH 6.1 208/522] net: Annotate sk->sk_write_space() for UDP SOCKMAP.
- replied to [PATCH 6.1 249/522] r8152: Block future register access if register access fails
- replied to [PATCH 6.1 337/522] arm64/mm: Enable batched TLB flush in unmap_hotplug_range()
- replied to [PATCH 6.1 342/522] thermal: core: Fix thermal zone governor cleanup issues
- replied to [PATCH 6.1 375/522] net: ipv4: stop checking crypto_ahash_alignmask
- replied to [PATCH 6.1 431/522] cgroup/cpuset: Reset DL migration state on can_attach() failure
- replied to [PATCH 6.1 470/522] usb: musb: omap2430: Fix use-after-free in omap2430_probe()
- debian-backports:
01 Jul 2026 10:39am GMT
30 Jun 2026
Planet Debian
Dirk Eddelbuettel: tl 0.0.2 on CRAN: First Update

The still-very-new logging package tl was just updated for the first time at CRAN. The tl package wraps the (also very new) rspdlite package to offer a lightweight and consistent logging interface from both R and C++ that enjoys being 'tiny, fast, capable' thanks to spdlite. With tl we follow the same idea that our spdl package introduced: a simple consistent interface via just the tl:: prefix and the appropropriate logging level. In other words tl::debug("Alert: foo now '{}'", foo) will work from both R and C++ (given a variable foo, and, in the case of C++, an extra semicolon) and log if the current level is 'debug' or higher, and skip logging if not.
This release adds a fallback when compilation does not use the (required) C++20 standard, expands the README and adds a initialization helper function reflecting a preferred default logging level from either an environment variable or a global option. We are also working on adding tl to an example package as a simple illustration, more on that hopefully soon.
The NEWS entry for this release follows.
Changes in version 0.0.2 (2025-06-30)
Added badges to README now that package is on CRAN, add NEWS file
Condition the provided header on C++20 use, offer fallback
Add an exported initialization function picking up a logging level from either an environment variable or a global option, see '?init'
Courtesy of my CRANberries, there is also a diffstat report for the this release.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.
30 Jun 2026 5:02pm GMT
Joey Hess: big loads offgrid with a small battery (sidelined)

No matter that the hype cycle wants you to think, the renewable energy transition is the biggest thing happening in tech and it's happening faster and faster. Despite being neck deep in it personally with offgrid solar projects, most recently solar hot water, increasingly it becomes clear I'm watching from the sidelines.
In Australia, everyone gets 24 kwh of free daytime electric power now. That's without installing any solar panels of their own, the grid just has that much excess capacity. All it takes to save $thousands per year (and avoid emissions) is to schedule some big loads like the hot water heater and EV to charge during the day. To save more, drop in a home battery that charges for free and powers the home through the evening.
In Germany, a 2 kwh plug-in home battery costs $350 and the electric company will pay you $130 per year to plug it into your wall. There are similar offers throughout Europe.
In Cuba something something geopolitics, oil blockade, belt and road => suddenly 1GW of solar farms with another gigawatt on the way.
I'll soon visit South Carolina where with no subsidies whatsoever from a decidedly renewable-unfriendly government, it made sense for my dad's house to get a whole home battery and double the solar array. The resulting system will be able to power the well pump and probably also the whole geothermal HVAC system through the kind of month-long grid down events that happened in Hurricane Helene.
Myself, well, I've got a by modern standards small 4 kwh home battery that powers my house offgrid, and I've recently installed a heat pump hot water heater. That's after about a decade pondering what solution to use for solar hot water, to replace an aging and horrible propane instant water heater. I've in the past considered everything from evacuated tubes to special direct drive inverters to DC resistive MPTT dump loads. The solution turned out to be just a big enough solar array, and plugging in a 120v hot water heater that needs only 500 watts in heat pump mode. Plus a small amount of code to manage when it runs.
In the time I was thinking about that, economies of scale and tech improvements just wiped all those other possibilities off the map, it's not economical to install and maintain a separate evactuated tube heat collector when a pile of solar panels costs so little and when electric hot water has gotten more than 200% efficient.
I also recently completed my permanant EV charger installation, with a new inverter and conduit and proper wiring, and increased the car's charge rate to 2 kw. Eliminating the need to charge anywhere except at home except on road trips.
Coordinating when these two big loads run, to maximize solar production and ensure that the house battery is full at the end of the day was ... not hard at all actually? The car charger amps can be dialed up and down to match incoming solar power fairly well, and leave some room for the hot water heater. They both operate as more or less dump loads. More or less because neither one can be cycled on or off very fast (to avoid wear and tear on the car's contactor and the heat pump's compressor), so it makes sense to leave them on and skate through short cloudy sections of the day, as long as the house battery doesn't get too low.
How low is too low for the house battery? Depends on the time of day. The code it's currently using, which may get tweaked over winter:
-- When the battery is charged enough to run major loads that may prevent
-- charging it further.
--
-- This varies with the hour of day. Early in the day, the battery does not
-- need to be as full to be considered well charged, since there is
-- still plenty of time for it to charge up. Later in the day, with less
-- time to charge, it needs to be more full.
wellCharged :: Hour -> Percentage
wellCharged (Hour hour)
| hour < 9 = Percentage 90 -- night
| pmhour <= 0 = Percentage 50
| pmhour <= 1 = Percentage 60
| pmhour <= 2 = Percentage 70
| pmhour <= 3 = Percentage 80
| pmhour <= 4 = Percentage 90
| otherwise = Percentage 95
where
pmhour = hour - 12
More complicated is, what to do it there's solar power to run one or the other, but not both? This is starting to get into the territory of microgrids now, or of demand response programs, so there's a whole industry or three out there doing industry things geared at the kind of no-brainer solutions I mentioned earlier. From what I've gathered, all of them involve proprietary protocols and gear.
What I've done is to read the state of the hot water heater and car, and prioritize hot water over the car. Except, if the car is below 10% it urgently needs to charge.
And I found a really simple way to decide when to run the low-priority load: Just check if the house battery's current charge will be considered wellCharged in an hour. So if it's 2 pm, the battery needs to be 80% charged to run the lower-priority load, and if it dips below that, that load will turn off but the high-priority load will keep running down to 70% battery.
Unfortunately, getting any information out of my hot water heater relies on a vendor API server that is often down on weekends, and reverse engineered the web page of my EVSE[1] to control it, to say nothing of the nightmare of getting the car's state of charge from The Cloud.
Anyway, I'm pleased with having easily tweakable code and how far I've taken this offgrid, and everything I've learned doing so, but like I said, I'm clearly observing from the sidelines over here while the most significant thing for all of us is going on over there. You might appreciate my code or method, but you'll eventually be plugging in a home battery or signing up for a free daytime power tarrif from your electric company, or having professionals install a whole home system for climate resiliance.
So my question is, where does free software fit into all this? There are things like Home Assistant that do productize the kind of thing I'm doing enough to be useful more widely. But still niche. Meanwhile there are inverters and batteries that phone home to China, and every consumer facing install is either "use this device" or "integrate these 3 proprietary devices".
I don't think focusing on these negatives is really useful though, I'm more trying to understand where all this is going and then maybe get out ahead of it in some useful way with free software. Your thoughts welcome.
[1] Obviously OpenEVSE exists, but it didn't meet my needs hardware wise. And I could set my EVSE to use an OCPP server but it was easier to do the screen scraping than find an appropriate one, and I have the feeling I would not appreciate learning any more about OCPP, in the same way I really don't want to know a lot about web browsers' tag soup mode.
30 Jun 2026 4:10pm GMT
28 Jun 2026
Planet Lisp
Joe Marshall: New chatbot
Lately I've been playing with writing a chatbot library in Common Lisp.
My previous gemini bindings were getting unweildy. I wanted to add the ability to run LLMs on my local machine but it turned out to be really kind of kludgy, so I decided to start from scratch with multiple back ends in mind.
I've got it to the point where in supports multiple back ends, so now I can prompt local LLMs from Lisp.
Recently I added the ability to recursively launch chatbots that can call each other. Since the chatbots do not share their contexts, this greatly reduces the context bloat of thet main chat because it can spawn off subtasks to a minion and not pollute the main context. This also allows you to create a federation of chatbots, each of which specializes in some topic and is overseen by a controlling chatbot that talks to the user.
Chatbots can be serialized and checkpointed, so if one is carrying out an agentic task and Lisp crashes, when we restart the agentic tasks are restarted as well and pick up where they left off.
IT turns out that recursive chats are a useful abstraction once you figure out how to use them. Basically any prompt you may issue may also want to be issued by an llm and this enables that to happen. It allows you to run subprocesses that would otherwise put junk in your context, for example reading the contents of a lange number of files. If you put that into a rocursive chatbot, it could slurp up the files into its context without adding tokens to the parent chat.
You can use a recursive chat as a `smart component'. The recursive chat can have a specialized system instruction and can preload its context with relevant information specific to it. It's context doesn't get diluted by the caller's context
28 Jun 2026 10:52pm GMT
25 Jun 2026
Planet Lisp
Joe Marshall: Anecdote or data point
I saw that there was some argument over how much slower slot access is than struct access, so I just decided to measure it naively. I made a two slot sruct and a CLOS version of a CONS cell with car and cdr slots and I ran LTAK using regular lists, `lists' made from CLOS conses, and `lists' made from structs. Here are the results:
D:\repositories\clos-benchmark>sbcl --script run-benchmarks.lisp Benchmark: ltak over native cons cells, CLOS my-cons nodes, and my-cons-struct nodes Inputs: x=15 y=9 z=4 repeats=35 Scenario min-ms mean-ms max-ms ratio -------------------------------------------------------------------- native standard 0.129 0.146 0.186 clos standard 1.346 1.365 1.475 9.37x struct standard 0.172 0.175 0.179 1.20x native optimized 0.068 0.069 0.073 clos optimized 0.411 0.414 0.419 6.04x struct optimized 0.068 0.069 0.073 1.01x
In this naive use case, structs are same as native cons cells, but CLOS objects are one ninth the speed of a struct or cons cell if you just use it unoptimized, and one sixth the speed if optimizations are turned on.
But the CLOS instance is more functional than the cons cell in mimics. For instance, I could add a slot to the class and all the instances would be lazily updated with the new slot. I can also subclass the CLOS class and the selector functions will continue to work. Finally, I can redefine the CLOS closs while I'm developing it and all the instances will be uppdated. THe machinery to keep all this running is costing us our factor of 9.
But this might be worth the cost if we are running on a network where the bulk of the time will be transmitting the answer down the pipe once it is computed. Taking a few extra milliseconds to compute the answer might be worth the convenience features of CLOS.
25 Jun 2026 4:11pm GMT
18 Jun 2026
Planet Lisp
Joe Marshall: Controlled Unclassified Information
Back in the day, the US government had a program called SBIR (Small Business Innovation Research) that funded small businesses to do research and development. I recall sitting in our dorm in college, reading through a giant printed catalog of SBIR grants just to amuse ourselves by brainstorming solutions over bad pizza.
.
So, I got curious the other day: what does the SBIR landscape look like now?
I can tell you right now: do not even try to read an SBIR solicitation on your local machine. You are opening yourself up to a world of absolute, unmitigated pain.
You might think, what harm could there be in simply opening a file?
Well, in the modern compliance panopticon, any manipulation of digital information that comes from the govenment has the potential to spawn CUI (Controlled Unclassified Information). CUI is basically a digital pathogen; once you download that file, *anything whatsover* derived from it, including notes and metadata, instantly becomes CUI by association. The moment you read an SBIR on your computer, you've infected your system, rendering you subject to a nightmare of Byzantine federal regulations.
These days, the amount of beurocratic red tape surrounding CUI is insane. To even look at the file legally, you need a dedicated, air-gapped machine completely disconnected from the internet, conforming to a massive, expensive slew of NIST standards covering everything from hardware-level encryption to strict access controls. Alternatively you could contract with a cloud company that offers a pre-certified "CUI-compliant" environment.
And assuming you actually shell out the cash and jump through the hoops to set up this digital containment zone just to read a PDF, you must meticulously audit and account for every single action you take in its presence. Under current federal auditing logic, you are explicitly assumed to be attempting to defraud the government unless you can produce a mountain of paper proving otherwise. Want to bring in a partner to bounce ideas around? You can't just "know a guy." You have to navigate a labyrinth of federal subcontracting regulations.
I had intended on amusing myself by reading some SBIRs and daydreaming about solutions that might involve Lisp (an impossibility in the modern enterprise stack for entirely separate, depressing reasons). Instead, I quickly discovered I did not even own the physical hardware required to even read an SBIR without running afoul of federal regulations.
I wanted to read some clever and inspiring engineering proposals. I ended up reading a lot of very dry and boring compliance regulations.
18 Jun 2026 11:48am GMT
25 Apr 2026
FOSDEM 2026
All FOSDEM 2026 videos are online
All video recordings from FOSDEM 2026 that are worth publishing have been processed and released. Videos are linked from the individual schedule pages for the talks and the full schedule page. They are also available, organised by room, at video.fosdem.org/2026. While all released videos have been reviewed by a human, it remains possible that one or more issues fell through the cracks. If you notice any problem with a video you care about, please let us know as soon as possible so we can look into it before the video-processing infrastructure is shut down for this edition. To report any舰
25 Apr 2026 10:00pm GMT
29 Jan 2026
FOSDEM 2026
Join the FOSDEM Treasure Hunt!
Are you ready for another challenge? We're excited to host the second yearly edition of our treasure hunt at FOSDEM! Participants must solve five sequential challenges to uncover the final answer. Update: the treasure hunt has been successfully solved by multiple participants, and the main prizes have now been claimed. But the fun doesn't stop here. If you still manage to find the correct final answer and go to Infodesk K, you will receive a small consolation prize as a reward for your effort. If you're still looking for a challenge, the 2025 treasure hunt is still unsolved, so舰
29 Jan 2026 11:00pm GMT
26 Jan 2026
FOSDEM 2026
Call for volunteers
With FOSDEM just a few days away, it is time for us to enlist your help. Every year, an enthusiastic band of volunteers make FOSDEM happen and make it a fun and safe place for all our attendees. We could not do this without you. This year we again need as many hands as possible, especially for heralding during the conference, during the buildup (starting Friday at noon) and teardown (Sunday evening). No need to worry about missing lunch at the weekend, food will be provided. Would you like to be part of the team that makes FOSDEM tick?舰
26 Jan 2026 11:00pm GMT