The seL4 organisation on GitHub uses git-repo to manage multiple source repositories, and so there are a large number of projects to get your head around when figuring out the ecosystem.

As an experiment, I have taken the various manifest files across the org, and constructed a graph based on how frequently each pair of repositories is mentioned in a manifest together. See below:

[This may render badly when syndicated outside of my blog; and also on small screens. And probably large screens. I’ve attempted to make sure there’s a non-JS fallback – on my site with JS enabled, if you hover over a node, it should highlight connected nodes.]

The colouring of the nodes is mostly manual; I experimented with graph clustering algorithms but have not found a satisfactory result so far. Still, some clusters are obvious:

• Kernel – the seL4 microkernel proper. This often but not always co-exists with the main cluster of core libraries, but it is pulled away slightly by the verification and microkit manifests.

• Verification – the verification repositories (l4v, HOL, graph-refine, polyml, isabelle) form a very distinct group. These are connected only to the seL4 microkernel itself, which is the only component formally verified.

• Microkit – microkit is a newer operating system framework that does not use CAmkES, so stands apart from the rest of the pack. I chose to scope this work to the seL4 org, so the LionsOS ecosystem and sDDF which are maintained by Trustworthy Systems are not shown. Also not linked is rust-sel4, because this modern world isn’t using git-repo in the main to manage its repositories.

• RefOS – I’d not come across refos before, but it appears to be an example OS from 2021 built on the seL4 kernel.

It’s quite hard to pull apart the CAmkES framework and the core libraries; there are definitely some which are more associated with VM management, but the overall shape of this co-occurence data is a messy ball in the middle with some outliers in orbit. One observation is that camkes is correctly identified as more peripheral than camkes-tool, which contains the actual core CAmkES code.

Reflecting on this approach, in hindsight I’m surprised that using co-occurences worked as well as it did – there was no attempt to actually inspect the code and find direct mentions of other code e.g. library header dependencies. As the newer microkit effort largely eschews git-repo, better results might be found by actually taking that more detailed approach, so that graph edges could represent real dependencies between two packages. Additionally, this could allow diving into the various libraries held in the different ’libs’ repos, to get a more granular graph of relationships between them.

However, I think I spent more time on making it possible to render graphviz graphs easily on my blog than actually gaining any insight into the codebase!

iPhones

• iPhone 18 Pro: A20 Pro chip, a smaller Dynamic Island, a simplified Camera Control button, a Dark Cherry color option, variable aperture for at least one rear camera, Apple's C2 modem with support for 5G web browsing via satellite, and more.


• iPhone 18 Pro Max: The same features rumored for the iPhone 18 Pro, but the Pro Max model may or may not be slightly thicker.


• iPhone Ultra: A foldable iPhone Ultra with a 7.7-inch inner display and 5.3-inch outer display, two rear cameras, one front camera, a Touch ID power button instead of Face ID, and more. iOS 27 is expected to be tailored for the foldable iPhone, allowing for side-by-side apps and other iPad-like multitasking functionality.


• iPhone Air 2: The addition of an Ultra Wide camera, an A20 chip, and longer battery life.


• iPhone 20 Pro and iPhone 20 Pro Max: Apple's 20th-anniversary iPhone models are rumored to feature a "nearly edge-to-edge display" with "curved glass that wraps around the sides."

Apple Watches

• Apple Watch Series 12: A faster S11 chip or newer, plus design changes such as Touch ID and/or more health sensors (disputed).


• Apple Watch Ultra 4: A faster S11 chip or newer, plus design changes such as Touch ID and/or more health sensors (disputed). There may also be additional satellite features for the Apple Watch Ultra 3 and newer, such as Apple Maps via satellite and the ability to send and receive photos with Messages via satellite.

iPads

• iPad 12: A16 chip → A18 chip or A19 chip with Apple Intelligence support.


• iPad mini: A17 Pro chip → A19 Pro or A20 Pro chip, an OLED display, a vibration-based speaker system, and a water-resistant design.

Macs

• Mac Studio: M4 Max and M3 Ultra chips → M5 Max and M5 Ultra chips.


• Mac mini: M4 and M4 Pro chips → M5 and M5 Pro chips.


• iMac: M4 chip → M5 chip, plus new color options.


• MacBook Ultra: A major MacBook Pro redesign in late 2026 or early 2027, with M6 Pro and M6 Max chips, an OLED display, a touch screen, a Dynamic Island, and a thinner design. On this laptop, which will reportedly be named MacBook Ultra, macOS 27 is expected to offer a touch-friendly interface.

Home, AirPods, Smart Glasses

• Apple TV: A17 Pro chip with support for the more personalized Siri, and Apple's N1 chip with Wi-Fi 7 support. A built-in FaceTime camera has been rumored for a future Apple TV, but it is unclear if that will arrive with the next model.


• HomePod mini: S9 chip or newer with support for the more personalized Siri, Apple's N1 chip with Wi-Fi 7 support, improved sound quality, a second-generation Ultra Wideband chip, and potentially new color options like red.


• HomePod: A new full-sized HomePod that supports the revamped Siri.


• Home Hub: An all-new smart home hub featuring the more personalized version of Siri, a 6-inch to 7-inch square display, an A18 chip for Apple Intelligence, FaceTime, and more. Place it on a table or mount it on a wall.


• AirPods Ultra: AirPods with cameras for Siri AI/Visual Intelligence.


• Apple Glasses: Apple is rumored to be planning smart glasses with oval-shaped cameras, custom frame designs, and more.

Armadillo is a powerful and expressive C++ template library for linear algebra and scientific computing. It aims towards a good balance between speed and ease of use, has a syntax deliberately close to Matlab, and is useful for algorithm development directly in C++, or quick conversion of research code into production environments. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 1282 other packages on CRAN, downloaded 47.1 million times (per the partial logs from the cloud mirrors of CRAN), and the CSDA paper (preprint / vignette) by Conrad and myself has been cited 697 times according to Google Scholar.

This versions updates to the 15.4.0 upstream Armadillo release made on Thursday. We had run a complete reverse-dependency check leading up to it, asserting there were no issues with packages dependent on it. As it sometimes goes with that many packages involved, one CRAN package reported one test failure. And it turned out to be both unrelated and pre-existing. But sorting this out over one round of email delayed things by a day. And then I went cycling for a good cause so this announcement post comes a little later than usual. The package has also been updated for Debian, built for r2u, and by now also at CRAN for the different binary releases.

All changes since the last CRAN release follow.

Changes in RcppArmadillo version 15.4.0-1 (2026-06-17)

• Upgraded to Armadillo release 15.4.0 (Medium Roast Agave)

  • Added fill::nan, fill::pos_inf, fill::neg_inf as optional fill forms for the Mat class

  • Added .push_back() for appending elements to vectors

  • Faster handling of find() within .elem()

  • Faster element-wise min() and max()

  • Faster conv_to when element types of input and output objects are the same

Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the Rcpp R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub. You can also sponsor my Tour de Shore 2026 ride in support of the Maywood Fine Arts Center.

Following up on my previous post, I have released the debvulns CLI. This utility uses the same parsing logic as the debsecan-mcp server but exposes the functionality directly via the command line.

usage: debvulns [-h] [-s {critical,high,medium,low,negligible}] [-f {json,csv}] [--sort-by {package,cve}] [--vuln-url VULN_URL] [--epss-url EPSS_URL] [--suite SUITE]
                [--cache-dir CACHE_DIR] [--no-cache] [-v]

debvulns - CLI Debian Vulnerabilities Tracker

options:
    -h, --help            show this help message and exit
    -s, --severity {critical,high,medium,low,negligible}
                          Filter vulnerabilities by severity
    -f, --format {json,csv}
                          Output format (default: json)
    -sort-by {package,cve}
                          Sort vulnerabilities by 'package' or 'cve'
    --vuln-url VULN_URL   Custom URL or local path for Debian Security Tracker data
    --epss-url EPSS_URL   Custom URL or local path for EPSS scores data
    --suite SUITE         Debian suite name (e.g. bookworm, sid). Auto-detected by default.
    --cache-dir CACHE_DIR
                          Directory to cache fetched and parsed data (default: /var/cache/debvulns)
    --no-cache            Do not use cached data, force downloading and parsing
    -v, --verbose         Enable verbose debug logging (sent to stderr)