Josse-posten

Trump postpones the Iran strike at the last hour, oil inventories shrink to weeks, and Putin flies to Beijing as China positions itself at the center of everything.

Trump Delays Planned Iran Strike After Gulf States Intervene and Tehran Makes New Proposal

Trump announced he has postponed a military strike on Iran planned for Tuesday, citing ongoing “serious negotiations.” He acted at the request of Gulf state leaders; Iran confirmed it had submitted a new proposal to end the war. Iran’s leaders are publicly “projecting defiance” even as the diplomatic track intensifies, and Trump warned the “clock is ticking.” The last-minute pause raises questions about US leverage and the sustainability of maximum-pressure tactics — particularly as the IEA warns global oil inventories have depleted to just weeks of supply, Kenya is convulsed by deadly fuel protests over a 23.5% price hike, and UK unemployment has jumped to 5% as the war snuffs out economic recovery. (Economic fallout also in World)

Putin Arrives in Beijing as Xi Privately Told Trump He May ‘Regret’ the Invasion

Putin traveling to Beijing for talks with Xi Jinping. Photo: Ukrainska Pravda

Vladimir Putin is visiting China with a delegation of 5 deputy prime ministers, 8 ministers, and Central Bank Governor Nabiullina — arriving four days after Trump left Beijing. The central agenda is pricing for the Power of Siberia 2 gas pipeline, where Russia has made an offer but China has shown limited enthusiasm. The FT separately reported that Xi told Trump during recent talks that Putin may ultimately “regret” his invasion — a notable hedge suggesting Beijing is not fully aligned with Moscow’s war aims. Chinese state media declared Beijing a “focal point of global diplomacy,” while Putin described Russia-China ties as a “stabilising force.” On the same day, Belarus and Russia began joint exercises practicing nuclear weapons delivery and combat use.

WHO Declares International Emergency as Ebola Kills 131 in DR Congo

Hospital staff checking a visitor’s temperature at CBCA Virunga Hospital in Goma, May 17, 2026. Photo: BBC

WHO har erklært ebolautbruddet i Ituri-provinsen i DR Kongo som en internasjonal helsekrise — det høyeste alarmnivået. Minst 131 er døde av en sjelden ebolavariant det ikke finnes vaksine mot. Utbruddet skjer i et konfliktherjet område, noe som vanskeliggjør inneslutning. Det høye dødstallet tyder på at viruset spredte seg uoppdaget i uker. Helsemyndigheter jobber for å hindre spredning til Uganda. Eksperter advarer om at verden er stadig dårligere rustet mot smittsomme sykdommer.

Indicator Value Change
S&P 500 (f) 7,420.5 -0.07%
Dow 30 (f) 49,743 -0.05%
Nasdaq (f) 29,063 -0.11%
Russell 2000 (f) 2,778.2 -0.16%
VIX 18.03 +1.18%
Gold 4,547.5 -0.23%
BTC $77,142 +0.16%
EUR/USD 1.1632 -0.20%
USD/NOK 9.2505 -0.10%
  • VIX edging up, gold softening — markets may be pricing in the Iran strike delay as de-escalation
  • IEA warns oil inventories down to weeks; Kenya paralyzed by fuel protests; UK unemployment jumps to 5%

World

Cuba Warns of ‘Bloodbath’ as US-Cuba Tensions Escalate With Drone Reports and New Sanctions

Cuban President Díaz-Canel warned that any US military action against Cuba would trigger a “bloodbath with incalculable consequences” after reports emerged of more than 300 drones near the country. The US imposed additional sanctions amid the escalating standoff, while a humanitarian aid ship from Mexico and Uruguay docked in Havana as the US-imposed fuel crisis deepens.

Trump’s Taiwan Remarks — Arms as ‘Negotiating Chip’ — Seized on by Beijing, Alarming Taipei

Taiwan’s government has been alarmed by Trump’s suggestion that arms sales to Taiwan are a “negotiating chip” with China — comments quickly amplified by Chinese state media. Trump separately told Taiwan not to “go independent.” Philippine President Marcos responded by warning his country would inevitably be involved in any Taiwan conflict, signaling regional anxiety over the durability of US deterrence.

Israeli Commandos Board Gaza-Bound Flotilla, Detain 319 Activists

Armed Israeli commandos boarding a sailboat from a raiding craft in the Mediterranean, west of Cyprus, 18 May 2026. Photo: BBC

Israeli forces intercepted the Global Sumud Flotilla carrying 319 activists aboard 38 ships approximately 250 nautical miles from Gaza’s coast, boarding vessels and detaining participants. At least 11 Australians were among those detained — described as academics and civil society figures — prompting Australia’s foreign affairs department to urgently seek their status. The Israel-Lebanon conflict death toll has meanwhile passed 3,000 despite the nominal ceasefire.

Iran War’s Economic Shockwaves: Oil Running Out, Kenya Burning, UK Jobs Shrinking

Petrol pump attendant filling a vehicle in New Delhi, May 16, 2026 — oil markets under strain as the Iran war disrupts Gulf supplies. Photo: BBC

The Iran war’s economic fallout is accelerating across three fronts. IEA chief Fatih Birol warned that commercial oil inventories are depleting rapidly with only weeks of supply remaining. In Kenya, at least four people were killed and thousands stranded as strikes and protests paralyzed Nairobi over a 23.5% fuel price hike. In the UK, unemployment jumped back to 5% with pay growth slowing to 3.4% — the first official snapshot of the war’s damage on British households. India, meanwhile, is defying US pressure by continuing to buy Russian crude after the sanctions waiver expired. The EU faces a parallel threat from surging Chinese component imports that trade analysts warn could cause lasting de-industrialisation.

Greenland Reaffirms It Is ‘Not for Sale’ but Talks With US Making Cautious Progress

Greenland’s Prime Minister told a US envoy the island is “not for sale” and that nothing has changed on its status after talks described by both sides as “constructive.” A Greenlandic minister separately objected to an unannounced visit by a US doctor, saying Greenlanders are “not experimental subjects.”

Five Killed in San Diego Mosque Shooting in Suspected Hate Crime

Minst fem personer ble drept i skyting ved San Diegos største moské mandag. To gjerningsmenn — 17 og 18 år gamle — er døde. Den ene etterlot seg et notat med «generalisert hatretorikk.» Politiet etterforsker saken som hatkriminalitet. Angrepet er blant de dødeligste mot muslimer i nyere amerikansk historie.

Also today

Americas
Cuba warns ‘bloodbath’ if US attacks — escalation continues with new sanctions and 300+ drones reported — see above
Bolivia gripped by political crisis as miners clash with police and Morales bloc marches on La Paz — Al Jazeera
Two former Sinaloa state officials from Mexico’s ruling party surrender to US over alleged cartel ties — The Guardian
Trump creates secretive $1.77bn fund for political allies while dropping own $10bn IRS lawsuit — BBC · The Guardian
US suspends WWII-era joint defense board with Canada, eroding continental security ties — Al Jazeera
US drops fraud charges against Adani after $10bn investment pledge — Al Jazeera
Middle East & Africa
Drone strikes kill at least 10 civilians at wedding in Mali — Al Jazeera
Iran running ‘disposable’ hired operatives against Jewish targets in the West, New York case reveals — The Guardian
Indian court declares medieval mosque a Hindu temple in latest Hindu nationalist legal action — Al Jazeera
Afghan humanitarian catastrophe: three in four lack basic needs, families forced to sell children — BBC
Bangladesh measles outbreak kills 459 children as vaccination failure deepens crisis — Reddit / Daijiworld
Libyan militia commander to appear at ICC over murder, rape, and enslavement of refugees — The Guardian
Europe
Belgium’s last living suspect in Patrice Lumumba assassination dies at 93 before trial — The Guardian

Ukraine

Ukraine Retakes Stepnohirsk; Russian Advance Broadly Stalled for Second Consecutive Month

Ukrainian military forces during operations in Zaporizhzhia Oblast. Photo: RBC-Ukraine

Ukraine’s GUR special unit ‘Artan’ retook Stepnohirsk northwest of Orikhiv through systematic clearing operations, confirmed by geolocated footage showing Ukrainian forces holding the M-18 highway junction. Across the front, Russian forces launched 236 combat engagements but made no confirmed territorial gains — ISW notes Russia has failed to recapture positions lost in its Spring 2026 Ukrainian counterattacks. The exception is Pokrovsk, where Ukrainian troops in northern positions are described as “almost cut off” as Russian drones increasingly dominate logistics routes.

Russia’s 546-Drone Barrage Answered by Ukraine’s Third Strike on Yaroslavl Refinery This Month

Aftermath of Ukrainian drone strike on industrial facility in Yaroslavl. Photo: Ukrainska Pravda

Russia launched 546 drones and missiles overnight May 17–18 — primarily Iskander ballistic missiles and Shaheds targeting Dnipropetrovsk Oblast — injuring 28 people in Dnipro and damaging energy and residential infrastructure. Ukraine’s air defenses downed 503 drones and 4 cruise missiles. Overnight May 18–19, Ukraine intercepted 180 of 209 incoming drones while simultaneously striking back: Ukrainian UAVs hit the Slavneft-YANOS refinery in Yaroslavl — Russia’s fourth-largest, ~15 million tonne annual capacity — for the third time this month, forcing temporary closure of the Moscow motorway and flight restrictions at six airports. Ukraine also struck a Grachonok-class boat near Kaspiysk in its continuing Caspian Sea interdiction campaign — the second Russian naval vessel hit there in 48 hours.

Ukraine’s First Domestically Produced Guided Glide Bomb Enters Combat Service

Ukraine’s first domestically produced guided aerial bomb — 250kg KAB-type glide bomb. Photo: Ukrainian MoD

Defense Minister Fedorov confirmed that Ukraine’s first domestically designed guided aerial bomb — a 250kg KAB-type glide bomb developed over 17 months — has completed testing and an initial batch has been procured. The weapon can strike targets tens of kilometers behind the front line after release, mirroring Russia’s own glide bomb tactics. ISW notes this will let Ukraine expand its battlefield air interdiction campaign against Russian logistics and hardened targets — a capability Ukraine has so far prosecuted mainly with lighter FPV drones.

Russian Economy Deteriorating: Oil Output Collapsing, 11 Banks Facing Liquidation, $80B Budget Deficit

Zelensky cited intelligence data showing Russia has shut down at least 400 oil wells from a single company, reduced oil refining by at least 10% in 2026, and struggles to restart wells — the compounding effect of Ukraine’s long-range strike campaign against energy infrastructure. Russia’s budget deficit has reached ~$80 billion in the first five months of 2026; 11 financial institutions are preparing to liquidate. Estonia’s spy chief told Reuters that Putin faces “very difficult choices” as sanctions bite. The US extended its Russian oil sanctions waiver for another 30 days. A Russian Shahed drone meanwhile struck a Chinese-owned commercial vessel in Ukrainian waters — an awkward friendly-fire incident just as Putin heads to Beijing.

Also today

  • Ukraine reportedly deploying AI drones capable of locking onto faces and heat signatures — if confirmed, a significant escalation in autonomous weapons — Reddit / United24 Media

Norge

PST: Kinesisk mann siktet for spionasje mot Bodø flystasjon

En 46 år gammel kinesisk statsborger ble pågrepet 15. mai og siktet for forsøk på ulovlig etterretningsinnhenting mot statshemmeligheter. PST mener han oppholdt seg i en bunker ved Bodø flystasjon — der NATO har sitt regionale luftoperasjonssenter — og forsøkte å kartlegge militær aktivitet. Han er varetektsfengslet i fire uker med brev- og besøksforbud, to uker i isolasjon. Mannen nekter straffskyld; forsvareren sier han var på turistbesøk.

Statkraft dobler investeringsplanen: 80 milliarder i Norge over ti år

Ansatte i Statkraft besøker byggeplassen for nye Svean kraftverk i Trondheim. Foto: E24

Statkraft planlegger å investere 80 milliarder kroner i norsk kraftproduksjon frem mot 2035 — nesten dobbelt så mye som forrige anslag på 44–67 milliarder. Over 70 milliarder går til vannkraft: halvparten til vedlikehold av eldre anlegg (Nore fra 1928, Mår fra 1948, Aura fra 1953) og resten til oppgraderinger og ny produksjon. Selskapet vil også mer enn doble vindkraftkapasiteten. Konserndirektør Pål Eitrheim kaller det «ett av de største industriløftene i Norge på mange tiår». Parallelt viser tall fra Digi.no at norsk kryptovalutautvinning bruker 183 MW — tilsvarende hele Stavanger kommunes husstandsforbruk — en kontrast til den massive satsingen.

Norske 17-åringer livestreamet skyteoppdrag for Foxtrot-nettverket

To norske 17-åringer og en svensk mann i 20-årene er tiltalt for grov kidnapping på Rælingen og skyting mot en boligblokk i Oslo i november 2025. Det svenske Foxtrot-nettverket — ledet av Rawa Majid — rekrutterte ungdommene til å filme og sende liveopptak via Signal mens bakmennene ga instruksjoner i sanntid: «Stå der! Skyt! Skyt! Skyt!» En av 17-åringene filmet mens den andre skjøt med en Sten-maskinpistol fra andre verdenskrig. Gruppen kommuniserte via en Signal-gruppe kalt «Operation Oslo». En av de tiltalte har allerede erkjent skyld.

NRK

Rødgrønt klimabråk: Sp sier nei til nullutslippskrav i bygg

Et alvorlig brudd i den rødgrønne koalisjonen over klimakuttene i revidert nasjonalbudsjett. Regjeringen foreslo krav om nullutslippsløsninger på offentlige bygge- og anleggsplasser for å veie opp for et utslippsøk på 400 000 tonn — forårsaket av Sps vellykkede kutt i drivstoffavgiftene. Sp-leder Vedum kaller kravet «virkelighetsfjernt» og advarer om at det vil rasere byggebransjen. MDG og SV støtter tiltaket. Reddit-kommentatorer peker på at Sp ikke bare er passive, men aktivt ruller tilbake eksisterende klimatiltak i en tid med stadig nye varmerekorder.

NRK · Reddit

EU øker presset på Norge for treg EØS-implementering

EU har gitt Norge og de andre EØS-landene klar beskjed om at treg innføring av EU-regelverk ikke lenger vil bli tolerert. Etterslepet av uimplementerte EU-direktiver er voksende, og «det kan bli stygt,» ifølge Finansavisen. Oslo kommune varsler samtidig at den vil utrede alternativer til amerikanske teknologiselskaper, særlig Microsoft — et initiativ som kommer midt i den bredere europeiske debatten om tech-avhengighet av USA.

Musk tapte søksmål mot OpenAI — anker

En jury i Oakland avviste Elon Musks søksmål mot OpenAI med den begrunnelse at det ble levert for sent. Musk mente han ble forrådt da OpenAI gikk i en mer kommersiell retning etter stiftelsen. Han varsler anke.

NRK · E24 · TechCrunch · HN

Alver kommune brukte oppdiktede AI-kilder i rapport om skolenedleggelser

Kommunen Alver i Vestland brukte minst tre ikke-eksisterende forskningsartikler som kilder i en rapport som tilrår å legge ned flere skoler. Avisn Nordhordland avdekket at omtrent halvparten av 30 kilder ikke kunne spores til faktiske forfattere. Kommunedirektøren erkjenner feilen: «Vi brukte rett og slett KI feil, og vi var ikke grundige nok i kvalitetssjekken.» En nær identisk feil har dukket opp i Tromsø, der en skolestrukturrapport også inneholdt oppdiktede kilder og høringsprosessen ble stanset. Norges nye KI-sjef Hans Christian Holte advarer om at slike hendelser svekker tilliten til det offentlige. (Se også Norge — Bakkenivå)

Også i dag

Forsvar & næring
Nammo økte omsetningen med 3,5 milliarder — til 14,4 milliarder — drevet av europeisk forsvarsetterspørsel — TU.no
Sverige kjøper fire fregatter fra franske Naval Group — Aftenposten
Jordbruksavtalen i havn: 3,66 milliarder til bøndene — E24
Internasjonalt
Norge og India underskriver grønt strategisk partnerskap — Modi møter samtlige nordiske statsministre — NRK · TU.no
Krim & rettsvesen
Mann siktet for 13 overgrep mot kvinner i Oslo-området varetektsfengsles — Aftenposten
To svenske kriminelle varig utvist etter under 24 timer i Norge — NRK
Gucci-butikk i Oslo sentrum ranet for store verdier — NRK · Aftenposten
Diverse
Annenhver nordmann frykter sabotasje mot mobilnettet — investeringene i mobilnett falt 36,5% siden 2022 — Digi.no
Norges første 3D-printede bru bygges på NTNU-campus i Trondheim — kan redusere materialbruk med 75% — NRK
Ny teori om Norges største vikingmyntfunn fra Østerdalen — NRK
Norsk mann druknet i Irland — jobbet i Sjøforsvaret — NRK
Dronning Sonja avlyste program på grunn av hjerteflimmer — NRK
Hotell- og restaurantstreiken rammer nå flyplassene — 4416 medlemmer i 331 bedrifter — NRK · Aftenposten
Sommertemperaturer på vei i hele landet — NRK
Arsenal én seier unna Premier League-tittelen — Ødegaard tilbake — NRK Sport
BitLocker-krypteringen i Windows brutt med minnepenn på sekunder — Digi.no

Norge — Bakkenivå

Største endring for norsk arbeidsliv siden åttetimersdagen

Domstolsavgjørelser har slått fast at deltidsarbeidere i Norge har rett til overtidsbetaling fra første time de jobber utover kontrakten — en rett LO sier arbeidsgivere må handle på umiddelbart. Fafo estimerer 30 000–37 000 årsverk i slikt ubetalt merarbeid årlig, med en teoretisk kostnad på opptil 10 milliarder kroner. Arbeidsgiverorganisasjonen Spekter advarer om at det vil skade arbeidet for heltidskultur. En tilsvarende dansk voldgiftsavgjørelse har allerede ført til at 40 000 arbeidstakere har meldt inn overtidskrav.

Russ delvis blind etter laser på russetreff

En russ fra Sørlandet ble delvis blind etter å ha blitt lyst i øyet med en uidentifisert høyeffekts laser under russetreff. Sørlandet Sykehus gikk ut med offentlig advarsel — øyelegen som behandler pasienten sier lasere brukt på slike arrangementer kan gi permanente synskader, og at flere kan bli rammet. Politiet etterforsker saken. En russ ble også angrepet av en ungdomsgjeng i Bergen klokken halv fire på ettermiddagen 17. mai — begge hendelsene utløste bred debatt om trygghet under nasjonaldagen.

Grassroots

  • ChatGPT-bruker sier opp abonnement etter at modellen fabrikkerte Google Books-lenker og holdt fast ved dem — tråden slo an hos folk med lignende erfaringer — Reddit
  • Gårdsbutikker i Rogaland trues av tyveri — ærlighetssystemet svikter — NRK Rogaland · Reddit
  • Privatisert sykehjem Abildsøhjemmet i kaos etter overtagelse av Norlandia — ansatte klare til å slutte — FriFagbevegelse · Reddit

Tech

317 npm Packages Compromised in Sophisticated Supply Chain Attack Using GitHub as C2

In a 22-minute window on May 19, a compromised npm account pushed 637 malicious versions across 317 packages — including size-sensor (4.2M monthly downloads) and echarts-for-react (3.8M). The 498KB obfuscated Bun payload harvested 80+ credential types (AWS, Kubernetes, Vault, SSH keys, database URLs) and used GitHub itself as the exfiltration channel, creating Dune-themed public repositories under stolen accounts and accepting RSA-signed remote commands via GitHub commit search. The malware hijacks Claude Code and VS Code via SessionStart hooks, injects CI/CD workflow secrets, and propagates laterally to other Node.js projects on the same machine.

Cursor Composer 2.5: Targeted RL with Textual Feedback, 25× Synthetic Training Data

Targeted RL with textual feedback — contextual hints inserted at specific error points in a long rollout. Image: Cursor

Cursor’s new coding agent model introduces three technical advances: targeted RL that inserts contextual hints at the specific points in a rollout where the model erred (addressing the credit-assignment problem); 25× more synthetic training tasks grounded in real codebases with test-based verification; and Sharded Muon + dual mesh HSDP for training efficiency. The team explicitly tuned for behavioral dimensions not captured by benchmarks — effort calibration, communication style, following intricate instructions over sustained sessions.

Simon Willison’s Six-Month LLM Recap: Coding Agents Reached Daily-Driver Maturity

Simon Willison’s five-minute recap covers November 2025–May 2026: the “best model” title changed hands five times between Anthropic, OpenAI, and Google (Claude Opus 4.5 currently leading); coding agents crossed from “often-work” to “mostly-work” thanks to RL on verifiable rewards; a “personal AI assistant” phenomenon (OpenClaw/Claws) drove Mac Mini shortages; and open-weight models caught up significantly — Qwen’s 20.9GB model running on a laptop now outperforms some frontier models on creative tasks.

Formal Verification via Algebra: Using LLMs to Prove a UK Air Traffic Control Bug Fix in Lean

The 2023 UK ATC meltdown stemmed from two identically named waypoints 4000nm apart confusing reconciliation of ICAO and ADEXP flight plan formats. This post documents verifying the fix in Lean by reformulating the problem algebraically — flight plans as a category of paths with composition — turning imperative index-juggling into clean category-theoretic projections. The key insight: LLMs are bad at specification drift (they silently change specs when implementations disagree) but excel at grinding through mundane proofs once the mathematical structure is clean enough to constrain them.

Bitwarden’s Quiet Renovation: PE-Focused Leadership Silently Removes ‘Always Free’ Pledge

Since new CEO Michael Sullivan (a private equity acquisition specialist) took over in February 2024, Bitwarden quietly removed “Always free” from its personal plan page and rewrote its company values — replacing “Inclusion” and “Transparency” with “Innovation” and “Trust” — without any announcement. The concern for self-hosters: Vaultwarden works because Bitwarden publishes clients under Apache 2.0; PE-driven leadership has both motive and opportunity to restrict API compatibility or close-source the clients.

Bambu Lab’s AGPLv3 Violations Prompt SFC to Launch Community Defense Campaign

The Software Freedom Conservancy has published a comprehensive response to Bambu Lab’s persistent AGPL violations: Bambu ships proprietary networking libraries inside their fork of the AGPLv3-licensed Orca Slicer without releasing source. Rather than sue, SFC is launching a reverse-engineering project to recreate the proprietary libraries, maintaining a freedom-respecting Orca Slicer fork, and forming a 3D printer software freedom committee — backed by a $250K fundraiser.

CISA Contractor Exposed AWS GovCloud Admin Keys in Public GitHub Repo for Six Months

A Nightwing contractor working for CISA created a public GitHub repository named “Private-CISA” in November 2025 as a sync tool between work and personal computers, exposing AWS GovCloud administrative keys, plaintext passwords, cloud tokens, and CISA’s internal deployment documentation. Security researchers discovered it around May 15 — six months later. The AWS keys remained valid for another 48 hours after notification. CISA says there is no evidence of actual compromise.

Anthropic Acquires Stainless, the SDK Generator Behind All Official Claude Libraries

Anthropic has acquired Stainless, the company that has powered every official Anthropic SDK — generating TypeScript, Python, Go, Java, and Kotlin libraries from API specs. The rationale is agent connectivity: as Claude agents need to reach more external systems, having SDK infrastructure in-house becomes strategic. Stainless also generates SDKs for hundreds of other companies.

BrowserPod: A Full Linux-like Kernel Running in a Browser Tab

BrowserPod architecture: processes, workers, filesystem, and networking. Image: LeaningTech Labs

LeaningTech’s BrowserPod is a WebAssembly-native kernel that runs unmodified Linux applications client-side in the browser — each process becomes a Wasm module with real syscall semantics, an ext2-compatible filesystem streaming blocks on-demand via HTTP byte-ranges, and networking via “Portals” (random domains exposed through Cloudflare Workers proxies). It’s capable enough to run Blender and Claude Code in-browser. The deep dive explains the multi-worker concurrency model, memory isolation, and the Cheerp compiler targeting wasm32-browserpod-linux.

Peter Salus and Peter Neumann Have Died

Two pillars of computing history died this week. Peter H. Salus, author of A Quarter Century of UNIX and Casting the Net, documented the social and technical history of UNIX and the early internet — his books remain primary sources for that era. Peter G. Neumann, moderator of the RISKS Digest for over four decades and a principal figure in secure systems at SRI International, helped shape how the field thinks about system trustworthiness. An era’s voices going quiet.

Also today

AI & code agents
cargo-crap: finding untested complexity in AI-generated Rust code — Minikin.me · Lobsters
Finding bugs with OpenCode, Llama.cpp and Qwen3 running locally — end-to-end local AI tooling workflow from Linux kernel contributor Willy Tarreau — Blog · Lobsters
PL theory & systems
Programming as Theory Building (Naur, 1985) — perennially relevant, especially now that AI agents modify codebases without access to the original theory — PDF · Lobsters
Hsrs: type-safe Haskell bindings generator for Rust — GitHub · HN
Spork: posix_spawn semantics with fork usability (USENIX ATC 2025) — PDF · Lobsters
Fil-C: memory-safe C with near-native performance via signature-encoded calling convention — fil-c.org · Lobsters
Culture & craft
Git Blame as a First-Class Code Comprehension Tool — matklad argues for always-on blame as a reading layer — matklad.github.io · Lobsters
Misconceptions About the UNIX Philosophy — correcting common misreadings of ‘do one thing well’ — posixcafe.org · Lobsters
Hyperpolyglot Lisp: Common Lisp, Racket, Clojure, and Emacs Lisp side by side — Hyperpolyglot · HN
De-Bloating JavaScript: a LispE perspective on JS complexity — GitHub wiki · Lobsters
Misc
Haiku OS now boots on M1 Macs — OSNews · Lobsters
16 Bytes of x86 Code: Sierpinski Fractal with PC Speaker Audio — XOR on VGA text buffer implements Rule 60 cellular automaton, toggling port 61h drives the speaker cone directly — Hellmood · Lobsters

Linux & Infrastructure

Hyprland 0.55 Moves to Lua: Home Manager Migration Guide

Velvet Noir — dynamic dark-glass Hyprland rice with Matugen-driven theme switching. Screenshot: programmersd21

Hyprland 0.55 introduced Lua as the primary config format, requiring a non-trivial migration for Home Manager users. The new approach uses lib.generators.mkLuaInline to build a typed Lua DSL: keybinds move from flat "$mod, 1, workspace, 1" strings to structured hl.bind(key, hl.dsp.workspace(1)) calls, with bind flags becoming explicit Lua options. An alternative pattern (nixCats-style) passes Nix package store paths as Lua globals into a separately-sourced .lua file. A community Python script hyprConfToLua automates the basic conversion but doesn’t yet handle key binds, animations, or layouts. The 5th ricing competition is now open with a MOON/Lua theme — deadline June 5, prizes $100/$50/$25.

Nix Ecosystem: nix-effects, Monadic Pipes, Eval-Time Secrets, and a Million Commits

A rich week for Nix tooling. nix-effects brings typed validation and verified effect boundaries to Nix — effectful programs described as pure data structures with typed interfaces, making side effects explicit and verifiable at evaluation time (Full Time Nix episode). denful/pipe replaces lib.pipe with a version supporting proper functional composition via monadic-do. A Reddit thread explores eval-time secrets using nix-plugins to decrypt age-encrypted files transparently during nixos-rebuild. limime wraps the Limine bootloader for NixOS with trivially easy Secure Boot (secureBoot.enable = true) and a tree-style boot menu showing generations as a proper hierarchy. And nixpkgs master crossed 1 million commits.

Nylon: Self-Hosted WireGuard + Babel Mesh VPN Replacing Tailscale

Nylon combines WireGuard with the Babel distance-vector routing protocol into a fully self-hosted mesh VPN with no external coordination servers. Unlike Tailscale, it works on restrictive networks where NAT traversal fails by routing through intermediate nodes. Mobile clients use a “passive hold” mechanism to maintain routing tables without draining battery. Throughput is ~12 Gbps via batch packet processing.

CLI Tools: lsmon, jf, cottage, Epiq, bigfiles

Daily homelab health receipt on thermal paper: ZFS, Docker, Jellyfin, Immich, backup age. Photo: r/selfhosted

lsmon monitors multiple Linux hosts side-by-side without agents — reads /proc remotely via SFTP, so targets only need SSH access (GitHub). jf is a printf-style JSON template tool for safe CLI JSON construction — simpler than nested jo for complex structures (GitHub). cottage manages secrets in git repos using age encryption with SSH keys — offline-first, no vendor lock-in (GitHub). Epiq is a distributed git-based issue tracker TUI — issues stored as git objects, offline-first, multi-user via standard git sync (site). bigfiles walks directories in parallel with categorization and duplicate detection (GitHub). And a creative homelab setup uses a 30EUR thermal receipt printer to produce a physical daily health report at 6AM — ZFS pool health, Docker status, disk usage, backup age.

Also today

Hyprland
Modus workspace navigation: cross-shaped 5-workspace layout, every workspace 1–2 directional moves from home — GitHub
HyprRun: minimal fzf-based terminal app launcher with NixOS Home Manager module — GitHub
Quickshell NixOS config: preview of advanced shell capabilities — GitHub
Hyprland 0.55 HDR brightness regression: override sdr_max_luminance and sdr_min_luminance with actual EDID values — r/hyprland
Selfhosted
Profilarr v2: multi-database arr quality profile sync, now public — GitHub · r/selfhosted
Mend v0.8.3: zsh typo-correction and history assistant adds Git TUI wizard — GitHub
SSL for internal services: community patterns — Let’s Encrypt DNS-01 challenge via Traefik/Caddy is the most popular path — r/selfhosted
Determinate Nix evaluation speed without the proprietary daemon — r/NixOS
Steam Controller 2026 on NixOS: disable firmware update checks to stop constant failures — r/NixOS
cd ~/repos/ratatosk && claude --resume 5b8baecd-01db-43da-a5df-59f69842d3f2