The diffoscope maintainers are pleased to announce the release of diffoscope
version 321. This version includes the following changes:
Log in[ Chris Lamb ]
* Fix compatibility with Ocaml 5.4.1.
You find out more by visiting the project homepage.
The diffoscope maintainers are pleased to announce the release of diffoscope
version 320. This version includes the following changes:
[ Chris Lamb ]
* Support androguard 4 and previous versions. Thanks, linsui!
(Closes: #1140016)
* Use --long-form arguments when calling apktool in order to support apktool
version 3. Thanks again to linsui. (Closes: #1140015)
* Update copyright years.
You find out more by visiting the project homepage.
Creating Euro Truck Simulator 2 and American Truck Simulator is a collaborative effort involving many talented teams across SCS Software. While map designers, artists, programmers and more build the driving experience, another team works alongside them to ensure everything functions exactly as intended before players hit the road.
Through work, I have paid license to windsurf (recently renamed to "devin"), an application for LLM-based (aka, "Agentic") development.
I hadn't been using it that much, but in an effort to more clearly understand how this whole AI development thing works, I decided to give it a closer look recently.
My conclusions:
In its current form, this whole LLM wave is problematic for multiple reasons. But ignoring that, and looking at the technology only, I can say that:
Lest someone (incorrectly) assume that I am arguing in favour of the current state of affairs with regards to LLMs, let me state this first.
The way LLMs are built today is highly parasitic. Websites are downloaded in whole, at unsustainable rates, regardless of the consent of the people who made the original content. The result is predictable: servers get overloaded, server administrators attempt to implement various mitigations. Some of these mitigations work; some do, for a while; some are entirely useless. In actual fact, the mitigations are an arms race -- if too many people implement the same mitigation, then the people who try to build yet another LLM so they can extract rent will just try to work around the mitigation, eventually they will succeed, and you'll just have to come up with another mitigation. It's a bit like spam; you introduce regex-based spam filters, they introduce spelling mistakes, you introduce bayesian filters, they add a large batch of markov chain-generated semi-nonsense words made invisible by markup, you add filters to block emails with such markup, they move the text into an image. We have working mitigations today, but eventually we'll run out of ideas.
LLMs glob up everything they can while ignoring the license of the source material. The people who push those LLMs claim that pushing the source material through the machine learning algorithms makes the output of the algorithm distinct enough from the source material that the license no longer applies; I'm not so sure that this is true. I guess the New York Times v OpenAI lawsuit will teach us some of the answer to that question here, but even so the ethical questions about "is it OK to bring down another server just so we can download the internet for another for-pay LLM" are still open. And regardless of what the law states, my opinion on "you're using my copyleft code to generate code under a different license" is not something you might like if you agree with the rent seekers' opinion on the subject.
That all being said and true, the technology works. You can have a "conversation" with an LLM that resembles a human one. If you pass it some data, you can use plain english to ask it questions about that data, which is a lot easier than to ask it about that in a formal way. You can request it to generate some code, and it will generate something that looks like what you need and that will be mostly correct for like 95% of the time.
Now, yes, 95% of the time is not 100% of the time, and no, you can't ask it to "write me a piece of software that implements this 300-page requirements document and get back to me when you're done", because it will fail, and you won't know where it has failed, and you'll take it into production and expect everything to be fine because it won't and this one minor logic bug will cause half your servers to spin and consume credits with your infrastructure provider with nothing to show for it.
But that doesn't mean you can't use an LLM to build a large piece of software. It just means you have to understand the LLMs limitations and strenghts, and use them correctly.
Here's what an LLM is good at:
It turns out that that's enough to use the LLM to build a reliable piece of software, provided you do it right.
An LLM can generate text by the truckful. The generated text could be code. Given a good enough LLM, the generated text might even run and do something useful.
You can try to blindly run the code, and if it doesn't run correctly, you can paste the error message to the LLM, and it can tell you what went wrong and how you could possibly fix it. This creates a feedback loop: you ask it for an amount of code, you run the code, you receive an error, you tell it that the code is problematic and give it the error message, it makes changes to the code, now you have something that at least no longer fails at startup.
If you ask it to add tests to make sure that your code acts as per your specification, now you get an error if and when the code doesn't act as per your specification. Or, well, at least not as per the part of the specification that was correctly turned into a unit test by the LLM.
LLMs have a context window, so if the error message is pasted in the same conversation as where the code was generated, it is able to reuse the earlier prompts to refine how it should interpret the error message that you received.
You can't really paste the source code of an entire application into the prompt of your LLM, that would quickly overrun its context window. But LLMs also allow you to provide some form of background information -- a document, say -- on which you ask it to reason. It will interpret that document, but doing so uses less of the LLMs context window. So providing the LLM with your application's source code as background information can help it understand better how your code interacts. This is especially helpful if you only provide the LLM the background information relevant to the actual question.
So now if you are able to:
Then the combination of "getting it 95% right off the bat" and the above feedback loop means you can generate syntactically correct code, that probably does what you need, in minutes.
I say "probably" for a reason. There are going to be cases where you specify a request without a number of details (because they are implied), and the LLM will get most of those details right but just not implement the one bit because it's an automaton and it doesn't think. Or you will ask it to make sure that two bits of the application look exactly the same, without specifying that they must act the same, now and in the future, and it will just generate the same block of code twice and then in a future change it will change one but not the other.
But if you review the changes, and you have experience as a programmer, you will be able to spot most cases where the LLM got it wrong. And so it's possible, if not necessarily easy at first, to use an LLM to generate mostly correct code.
There are certain places where "mostly correct" code is not desireable. But equally, there are also cases where, "mostly correct" is good enough.
After all, most of the software you run today -- the bits of it that weren't, yet, generated by an LLM -- is only "mostly correct", too, because to err is human and we all make mistakes. If not, there wouldn't be any CVEs and your software would never do anything wrong.
Now, doing the feedback loop described above is certainly something you could do manually. You could open an account on one of the LLM websites, upload the source code of your application, ask it to generate some new feature, download the newly generated feature, run it, and then copy/paste any error messages back into the LLM.
But that's a lot of manual work of the type that computers are pretty good at. So that's what the "windsurf" tool helps you with: you run it inside your IDE -- either a VSCode-based tool that you download from their website which comes with their product preinstalled, or a separate JetBrains plugin that you can install. You can then open your entire relevant codebase in a workspace in your IDE. You then ask the LLM, through the IDE, to generate a new feature in your codebase, and to also generate the test while it's at it. It will use a mixture of LLM interpretation and non-LLM functionality to scoop out the relevant bits of your codebase to send to the LLM as background information, will send it your prompt, will download the generated code and patch or create files, will compile (if required) and run the newly generated code and tests, and will refine the generated code if the tests produce any errors. All mostly automatic; by default, running anything requires explicit confirmation. You can turn that off completely (probably not a good idea), or you can give it a whitelist of things that you don't want to confirm (perhaps OK), and the tool also passes standing instructions to the LLM to never generate any command that deletes a file (which, like with any LLM, can be overridden, but it requires you to be very stubborn and to use more credits than you'd probably like).
All this put together means you can build something without writing any piece of code, provided you do it right.
Don't go and say, "here's a 300-page document, read it and write whatever the document says". It will get it wrong, it will write a massive test suite that it will only run at the end, it will choke itself up trying to interpret the massive amount of failures it encounters, it will fill up its context window and it will start to forget some of the requirements. That won't work.
But what you can do -- what I did, in fact -- is this.
First, create an empty workspace. Don't put any code in it.
Then, tell the LLM to generate a backend framework using technology X and a frontend framework using technology Y that initially only says "hello, world". Also add tests to it, and run the tests.
It will do that. You'll not get much, but it will work.
Then, ask it to add some UI elements. A login page, perhaps. A navigation bar. Small things. Most of it doesn't have to be functional -- but tests must be there for the bits that are, and have it run the tests and evaluate the results.
Rinse, repeat, until you have a working application.
Importantly, in between the steps, you should also run the application
yourself and see if the change was implemented correctly. Sometimes it
won't be. Sometimes there will be a subtle bug -- I at one point had a
the application hang after a few minutes. Sometimes you tell it that
there's a subtle bug, and it will discover it more quickly than you
could, and it will fix it, and in implementing the fix it will uncover
another bug, and then you have to fix that one -- the fix it came up
with for the hang was to move something to an async process on the
server, which caused the application to start spinning while trying to
create hundreds of async jobs (this is when I realized that the hang was
a deadlock due to some part of the codebase doing something that
indirectly triggered itself). Sometimes it will try to fix the bug you
tell it about, and you'll see that it's going off on a tangent that has
nothing to do with what you're seeing. It's important to keep an eye on
what it's doing, so you can guide it back on track when that happens --
when I told it about the hang, it started investigating the part of the
code which sends out emails, thinking that it could hang while waiting
for sendmail to finish, but the hang was happening when the
application was idle, not when it was sending out emails, and only
when I told it about it happening when it was idle did it find the
deadlock.
So it's not a fully automatic process, and it needs to be guided by someone who knows what they're doing. But if that is the case, you can come up with something that works. I spent evenings and breaks for about a week, and I managed to create a working application which, had I written it by hand, would have taken me a few months of full-time work to come up with. And I now have a side project, fully complete and working, that I had been thinking about doing for more than a decade, but never got around to actually doing, because of all the work that would be involved and I just didn't see myself having the time for.
It's not perfect code. But it's mostly good enough, and it will perform the job it needs to. And it looks far slicker than most of the side projects I've done in the past, because in the past I would prioritize between implementing new features or making something look slick, and I would decide that the new feature was more important because it's only for me and there's only me and nobody cares if it looks good or not and I don't have three weeks to come up with something that looks better. But here, I found myself sometimes spending 10 minutes writing a prompt with instructions on making things look better. Because what's 10 minutes when you just spent an hour writing down and refining specifications for functionality and tests?
There are a number of other things in which an LLM can help a programmer.
For instance.
I received a bug report recently in a project I'm paid to maintain that I couldn't make heads or tails of. I opened the source code in my windsurf IDE, pasted the bug report in the prompt, and then requested the tool to analyze the source code and the associated logs and tell me how the described behavior could be happening. It turned out that I had overlooked something, but with the help of the tool, I found the bug in minutes.
I was trying to understand a particular part of a large codebase that I didn't really grasp very well. I loaded the codebase in the tool, and asked it to explain to me how a particular action is performed by the code. I requested specific functions and line numbers. I now have a far better understanding of how the code works, and will be able to write that patch that I've been wanting to write for years -- without using the LLM.
I have been struggling for, literally, years with understanding why another tool that I maintain was misbehaving in a particular way but only in Firefox. I opened the codebase in Firefox, explained the buggy behavior in plain English, and asked it to explain how this could be happening. It picked up some obscure corner case behavior of ffmpeg and mp4 containers that I was not aware of and that perfectly explained why things were misbehaving in the way that they were.
At the same time, there are limitations. Giving an LLM a codebase that was originally generated by an LLM (either the same one or another one) seems to work well. Giving it a codebase that was written by a human and expecting it to correctly update it seems to be more error-prone. I did one or two of those as a trial, and it is more problematic than anything.
An LLM is also not intelligent, notwithstanding the popular term of "Artificial Intelligence". On multiple occasions, I've asked it to write a test case for some code that was not set up to do so; and rather than suggesting a refactor is required, it would instead copy the code that needed to be tested and then test the copy, rather than the original. The tool has made multiple similar errors. I have sometimes people describe agentic coding as "similar to interacting with junior programmers", but that is not the case. A junior programmer will either fill in the gaps in your specifications, or ask for clarification when something seems off. The LLM will not do that; it will do what you ask, exactly that and nothing more. If you missed a corner case in your specification, then all bets are off.
I remember learning about programming language generations in college. A first-generation language is "machine code", a second-generation language is "assembler", a third-generation language is any high-level language such as C, Perl, or Pascal. I've forgotten what set a 3rd-generation language apart from a 4th-generation language. But I remember the definition they gave me for a 5th-generation language: "you tell the computer what to do, and it will do it". At the time, I thought it was ridiculous. Nobody could ever write something like that.
But it's here.
And it's a threat to free software.
Yes.
There is the obvious part where most of the well-known LLMs are non-free software. I mean, there are some "open source" LLM models. The windsurf tool that I used doesn't allow you to use them (directly), but they're there. There are also open source applications that implement what the windsurf editor does. So it's definitely possible to work like this without resorting to non-free software and non-free services, even though the non-free LLMs might be a bit ahead of the curve of the free ones. But that's not what I mean.
And there is also the obvious thing which I mentioned earlier in this post, which is that the people who try to build LLMs are doing it in unethical, disgusting ways, causing downtimes and disregarding licenses for whatever they can get their grubby hands on. Ideally we wouldn't be in that situation, and ideally this wouldn't be a problem, but we are where we are.
And there's the obvious thing where the OSI sold itself out and declared that a machine learning program can be open source even when the very things it was built from -- the training data -- is not available. That's a major issue that the free software community needs to fight against, but there's not really anything that that is a threat to free software. You just build your own, free software, LLM, and you're done.
The actual threat is in funding and developer support.
Most large businesses do not care about free-as-in-freedom software. They like the free-as-in-beer part, and they appreciate that the free-as-in-freedom bits can make the software more customizable. They are (mostly) happy to do sponsorships of the free-as-in-freedom projects that they use if that means their free-as-in-beer usage of the software gets improved.
But why would you care about all that when you can just generate the code you need, rather than interacting with an open source community that may or may not care about your business's interests?
Although I think the moral and environmental issues with LLMs are real and problematic, given the experiments I did I am not convinced that the concept of interacting with a computer system in natural language and to use it to generate code is necessarily deficient. There are pitfalls, but they can be managed. It is possible to use such a system to create throwaway, proof-of-concept type "good enough" code bases. It can be used to interpret code bases and to understand bug reports.
I believe that the major issue with LLMs has to do with that saying about hammers and nails:
If all you have is a hammer, then everything looks like a nail.
LLMs are an outgrowth of machine learning, pushed by large corporations. These large corporations have a lot of money. If all you have is money, then every problem can be fixed by throwing more money at it. The initial language models were promising but not (yet) good enough, and it seemed that one way in which they could be improved was to increase the scale of the statistics: throw more hardware (and thus money) at it, and rather than improving the efficiency of the models, just scale up.
Scaling up is something that megacorporations are very good at. It's only a money problem, after all. Does that mean that "scaling up" is the only way to improve the models, though? I'm not convinced.
Some hardware, such as most modern Apple and Samsung devices, ship with accelerator hardware for machine learning algorithms. There are some models that are small enough to be able to run on these devices. I don't see why it should not be possible to create a small(er) language model that can do some useful part of the above-described use cases; if not locally, then at least on a server that one can run on-prem rather than requiring that you pay rent to one of the LLM companies.
The Software Freedom Conservancy has published an aspirational statement on machine learning-assisted programming that, I think, gets a lot right. It's not quite a definition, but it's something to keep in mind.
Perhaps that's the way forward?
More questions than answers at this point, anyway.
looking for last. I realized it's gone. what's my replacement?
Windows Installer
Windows No Installer (zip)
macOS - Universal
Linux - deb, AppImage or rpm
Windows intel x32 releases are marked -ia32-
ChangeLog:
Every smart home has them: the older devices that still work perfectly well but no longer fit neatly into a modern setup. Instead of letting them gather dust in a drawer, the Open Home Foundationβs projects can help you bring them back into the fold. Hereβs how a little proxying can give your beloved old gear a new lease of life, and keep your smart home that bit more sustainable.
Fixed frequent crashes affecting users with Intel Raptor Lake processors. (Bug 2039575)
Fixed an issue on macOS where choosing a PDF option, such as "Save as PDF", from the system print dialog would send the job to your printer instead of saving a file. (Bug 2047850)
Reference link to 152.0 release notes.
There has been a video blog post recently published with a review of Ubuntu Touch as an option to opt out of the Android world: https://www.youtube.com/watch?v=wTK6TS3pXgc
Thanks to @SwitchandClick for spending time on this and publishing that video. Much appreciated.
When I watched that video referenced above, I continuously thought: ah... this is fixed in the next major release of Ubuntu Touch, or: ah... this is a known issue that we have on the roadmap..., or: ah... this is done in this ways by design (so it's a feature or basic functionality)...
Let me just state, that most of the criticized aspects will be resolved in upcoming Ubuntu Touch release 24.04-2.0 (the tests in that video blog post have been run on Ubuntu Touch 24.04-1.x):
The full feature preview of the 24.04-2.0 release can be found here: https://ubports.com/blog/ubports-news-1/ubuntu-touch-24-04-2-0-beta-is-n...
The app ecosystem of Ubuntu Touch is quite specific, because many apps in Ubuntu Touch have been explicitly developed for Ubuntu Touch using a widget toolkit called Lomiri.Components. However, in Ubuntu Touch we also encourage developers to provide apps written with other convergent-capable toolkits, such as QQC2-based apps or Kirigami-based apps.
One reason for the very different app ecosystem in Ubuntu Touch is that many service providers don't have Ubuntu Touch on their radar when investing in app development for their services. Some Ubuntu Touch App Developers work around this by either implementing unofficial client apps for web services (e.g. the Flow app for Deezer by Sander Klootwijk), others provide the web service via implementing a web app (will not work when offline, but at least will show up as an app in the launcher).
The overall solution for making Open-Store.io more familiar to users who migrate from Android is that commercial service providers start honouring digital sovereignty and start providing apps for Linux. Not just for the Linux desktop, but also for mobile Linux platforms. This dual use case can easily achieved with an app development that bears convergence in mind.
And one more minor note: whenever I open an Android appstore or can peak over someone's shoulder using an iOS device: I always wonder: what are all these apps about??? Never heard about them.
So, familiarity really depends on perspective. And perspective depends on what you are used to. Change what you do and your perspective will follow.
Only thing from that video blog post that we haven't fixed and won't do so in the midterm future is apt-get not working on the command line.
The reason for this is: the Ubuntu Touch root file system is an immutable file system and thus shall not be changed via apt-get & friends by ordinary users.
There are various discussions ongoing such as dpkg-divert'ing apt-get to a wrapper shell script that spits out an error message if rootfs is mounted read-only and someone tries to install packages the Debian/Ubuntu way. Other approaches are to mount some RAM disk over the rootfs, so apt-get can be used at runtime but changes to the system get reset at reboot.
However, it is possible to mount the root filesystem read-write and test newer package versions (as UT core developers do regularly, in fact). If you tinker with this, it is recommended to reflash your device (don't wipe user data, when you reflash!) from time to time, because adding packages or package upgrades to your rootfs may over time corrupt the integrity of the rootfs.
One reason for apt-get breaking the rootfs and thus your Ubuntu Touch development device is that the upgrade process of the rootfs image is incremental, so update tarballs sometimes contain only those parts that got changed between this and your previous upgrade (sometimes, upgrades contain a complete rootf image, depending on the interval between upgrades). If files from an incremental update tarball mix into a rootfs that got tinkered with via apt-get, you really end up on your own. Re-flashing will grab the complete rootfs tarball and wipe the whole rootfs and reinstall a fresh version of the newest rootfs image. Developers also do this in regular intervals to ensure their test device is clean again before running more/other tests.
We are excited to announce that the 1.60 update for Euro Truck Simulator 2 is now officially released! Let's dive in and take a look at what's in store.
As always, we would first like to thank everyone who participated in the open beta phase and helped us fine-tune all the new content by reporting issues to the dedicated section on our forum. Now let's see what's new in the 1.60 update!
With the 1.60 update, we are introducing Game Radio, a brand-new in-game radio system designed to make every drive feel more immersive and authentic. Rather than just playing music, Game Radio gives you five stations with their own distinct sounds, identities, and moods, each one built to shape the atmosphere of your journey in a different way.
Players can tune into Rust FM, Escape, PUMP IT!, Pop Gear, and Roadio, spanning guitar-driven rock and American roots music to electronic, pop, and lo-fi. Each station features carefully curated tracks, handpicked to hold up across many hours on the road. Escape is also a radio station designed to help content creators, and we are committed to do our best to keep it stream-safe.
Game Radio also introduces a new in-game widget displaying station info, track titles, and artist names while driving. Players can customize widget behavior through the Widget Options menu (F6). This update also brings a range of improvements to the existing radio and music player systems.
Game Radio arrives with its musical foundation in place, with more planned for future updates. You can find out more information about Game Radio in our dedicated blog post.
The Improved Material System significantly improves the lighting and visual quality of vehicle interiors in selected trucks. Its main focus is to enhance how interior materials react to light, which results in a more readable, detailed, and visually pleasing cabin environment.
During the development of Project Road Trip, we implemented a wide range of visual and technical improvements. One of the most significant changes was a redesign of the materials used in vehicle interiors. As a result, it makes differences between materials such as leather, fabric, plastic, and metal far more apparent, even in low-light conditions. The new solution uses multiple variants of dynamic cubemaps, allowing all materials to reflect their surroundings more naturally and respond to ambient light in a more realistic way.
The entire system was designed from the start with the interiors of trucks in both games in mind, so the base games and their existing fleets will gradually benefit from these improvements as well. The first trucks to benefit from the Improved Material System in ETS2 are the DAF NGD and MAN TG3 TGX models. With future updates, we will gradually add this technology for other trucks across both games. You can read more about this feature here.
We have carried out minor adjustments to the global lighting, primarily focused on exposure and contrast balancing, along with subtle visual refinements for bad weather conditions. The work mainly consisted of smoothing out and polishing the overall visuals to achieve a more consistent and refined look.
With this update, truckers can customize their Volvo FH Series 6 with a selection of several new aerodynamic parts, including the newly designed aerodynamic roof deflectors available for the Sleeper Cab, Globetrotter, and Globetrotter XL cab variants. These updated components help create a smoother and more refined roof profile, blending seamlessly into the truck's overall design.
Alongside these additions, all Aero cabin variants also have the option to add new distinctive black aerodynamic A-Pillar trim, as featured on the newest generation of Volvo FH truck. These new additions reflect Volvo Trucks' ongoing efforts to improve aerodynamic efficiency and optimise airflow around the cab to help enhance energy efficiency and overall vehicle performance.
Based on feedback from our #BestCommunityEver and upcoming widget designs, the Job Details Widget is introduced with the 1.60 update. Its primary purpose is to enable a new, more immediate, and concise way of displaying relevant job info. Also, in response to community feedback, the GPS now displays the estimated arrival day and time, along with the remaining travel time and distance.
You can enable the Job Details Widget through the Widget Options menu (F6). The widget displays key job information, including cargo type and weight, delivery location, job income (colour-highlighted), and the remaining time to complete the job, so players will have this info available immediately without the necessity to pause the game. You can read more about the feature here.
This new feature gives players greater control over their rest periods by allowing them to choose how long they want to sleep and exactly when they want to wake up, instead of being limited to a predefined rest duration.
Alongside this change, the Fatigue system is now split into two separate values: Rest State and Mandatory Break, each represented by its own icon in the UI.
The Rest State, symbolised by a bed icon, now gradually depletes rather than recovers over time. Extended periods of driving will steadily reduce the Rest State, while resting will restore it at a faster rate.
The Mandatory Break system, indicated by a "P" icon along with the remaining hours before a required stop, functions more strictly. In Euro Truck Simulator 2, drivers may drive for up to 10 hours before taking a mandatory break, which requires 9 consecutive hours of rest. You can read more about this feature here.
Vehicles
Visual
Sound
UI/UX
Don't forget to also give our X/Twitter, Instagram, Facebook, Bluesky, TikTok, and YouTube a follow, as you'll receive updates about our games straight to your feed! Or subscribe to our newsletter to stay informed. Happy haulin'!
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.06.18GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.06.18
[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.11.4.html]
This release addresses five low-impact problems that need to be addressed as they can reduce safety margins.
In addition to updated releases for the supported Postfix versions 3.8-3.11, patches will also be available at the Postfix source mirror sites for the out-of-support Postfix versions 2.9-3.7:
These patches come with the same PGP, GPG1 and GPG2 signatures as Postfix release tarballs and patches.
Fixed in Postfix 3.8-3.11:
Bug 1 (defect introduced: Postfix 3.1, date 20150607): null pointer read and heap data overread in the Postfix SMTP client's smtp_dns_reply_filter. Problem reported by TristanInSec, found with ASAN. Also reported by other people. Reproduction and real-world impact researched by Wietse.
Root cause for bug 1:
A missing 'break' statement after the code that converts a TLSA record to string.
Reproduction for bug 1:
The problem happens when smtp_dns_reply_filter is configured (this is disabled by default); the Postfix SMTP client is configured to use opportunistic or mandatory DANE authentication (this is disabled by default); the destination domain publishes a TLSA record that is empty or shorter than 20 bytes; and the OS is configured to use a resolver that passes such a TLSA record. For example, a zero-length TLSA record is blocked by BIND, Google DNS, OpenDNS, and by configurations that use systemd-resolved (the default on many LINUX systems); it is passed by Cloudflare, Quad9 DNS, and unbound, as long as these resolvers are used without systemd-resolved.
Impact statement for bug 1:
SMTP client termination with a null pointer read crash when the TLSA record length is zero; or an SMTP client data overread (or rarely, SMTP client termination with a read segfault crash) when 0 < record length < 20 bytes. The overread content is not disclosed.
Performance impact of bugs 1 and 2:
The impact of SMTP client crashes (voluntary or not) is easily overstated. That said, crashes must be eliminated regardless of their impact.
On systems that deliver fewer than one message per minute, an SMTP client crash can result in a delay of up to one minute for email delivery to other destination domains.
On systems with a larger traffic volume, the impact of an SMTP client crash on deliveries to other destination domains is minor because Postfix reuses SMTP client processes and replaces a failed process within seconds (self-healing); the practical impact is believed to be no worse than that of an uncooperative receiver that tarpits SMTP connections from Postfix to one or more destination domains under their control (by replying within Postfix SMTP client read time limits which are several minutes by default).
Bug 2 (defect introduced: Postfix 3.6, date: 20200710): panic (assertion failure and voluntary crash) while parsing a TLSA reply with length 3. Found during code maintenance. See below for root cause, reproduction, and impact.
Root cause for bug 2:
An incorrect test 'length < 3' instead of 'length <= 3' causes a safety check to fail when a TLSA parser attempts to create zero-length storage for a non-existent TLSA certificate association data field.
Reproduction for bug 2:
The problem happens when the Postfix SMTP client is configured to use opportunistic or mandatory DANE authentication (this is disabled by default); a destination domain publishes a TLSA record with a length of three bytes; and the OS is configured to use a resolver that passes such a TLSA record. For example, a length-three TLSA record is blocked by BIND, and by configurations that use systemd-resolved (the default on many LINUX systems). It is passed by many other resolvers.
Bug 2 enables an attack that is more potent than bug 1.
An attack with a length-three TLSA reply does not depend on smtp_dns_reply_filter configuration.
An attack with a length-three TLSA reply propagates through more resolvers than an attack with a length-zero TLSA reply.
Impact statement for bug 2:
SMTP client voluntary termination (crash) after an assertion failure. This is a fail-safe mechanism.
See also above for "Performance impact of bugs 1 and 2".
Bug 3 (Problem introduced: Postfix 2.9, date: 20110205) Robustness: the Postfix SMTP server will no longer receive (and discard) an unlimited amount of text while receiving a long SMTP command line. Problem reported by Michael Wollner (Ibonok). Under high load conditions, the amount of text was already limited by a 10-second deadline to receive an SMTP command.
Bug 4 Robustness: with the above change the Postfix SMTP client will no longer receive (and discard) an unlimited amount of text while receiving a long SMTP response line.
Bug 5 (Problem introduced: Postfix 3.4, date: 20180825) Robustness: do not receive (and discard) unlimited amounts of data with BDAT commands. Problem found during code maintenance. File: smtpd/smtpd.c.
Impact statement for bugs 3, 4, 5:
Postfix should not receive and discard unlimited amounts of input in SMTP command lines or BDAT chunks, but fixing that will not fundamentally change the situation.
By design, any SMTP client can force a server to receive (and discard) an unlimited amount of text.
For example, an attacker can repeatedly send messages that are a little under the server's message size limit and abort each transaction a before reaching the message end. When sending a message with the "DATA" command, an attacker would disconnect instead of sending <CR><LF>.<CR><LF>; and when sending a message with the "BDAT" command, an attacker would send "RSET" instead of "BDAT LAST".
To mitigate such abuse, Postfix can rate-limit the number of message transactions from the same IP address or address range (see smtpd_client_message_rate_limit and *prefix_length parameters). Such a defense is ineffective when faced with a distributed attack (botnet); for that, postscreen combined with an IP reputation service (DNSBL) may be more effective.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.
The Stable channel has been updated to 150.0.7871.24/.25 for Windows and Mac as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log.
You can find more details about early Stable releases here.
Interested in switching release channels? Β Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Daniel Yip
Google Chrome
nginx-1.30.3 stable and nginx-1.31.2 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055), and buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-48142). Additionally, nginx-1.31.2 includes a fix for use-after-free vulnerability in the ngx_http_v3_module (CVE-2026-42530).
This is somehow the featured website on https://earlyweblinks.com/ this week.
Read all about my web site here! https://earlyweblinks.com/site-of-the-week/joey-hess
Kind of reminds me of back in 1995 or so when my website would randomly end up picked by some best of the web list that I never heard of. The web is still a small place I guess.
Maybe I should join a web ring or something?
In today's blog, we take you along on a trip to the town ofΒ Akureyri, which you will be able to visit yourself when the upcoming Iceland DLC for Euro Truck Simulator 2 releases. So let's take a look!
Akureyri is the fourth-largest city in Iceland and is often referred to as the Capital of the North due to its location and importance to the region. Nestled on the shores of EyjafjΓΆrΓ°ur, Iceland's longest fjord, the town enjoys a spectacular setting beneath snow-capped mountain peaks, with the GlerΓ‘ River flowing through its heart.
The earliest records of settlement in the area date back to the 9th century. However, it was not until the 18th century that Akureyri began to develop into an important commercial center, thanks to its harbor and proximity to rich fishing grounds. Today, it is Iceland's second-largest port and serves as a major hub for the country's fishing industry, as well as for cruise ships and cargo transport.
Drivers traveling along Route 1, also known as the Ring Road, will pass directly through the center of Akureyri. From there, several side roads branch off toward the harbor, industrial areas, and local food-processing facilities. In the port district, truckers can deliver cargo to a marine logistics center, a shipyard, and an electronics manufacturing depot.
One of Akureyri's most recognizable landmarks is Akureyrarkirkja, a striking church designed in 1940 by GuΓ°jΓ³n SamΓΊelsson, the architect behind HallgrΓmskirkja in ReykjavΓk, Iceland's most famous church.
Players will also recognize a number of other landmarks inspired by their real-world counterparts, including the Hof Cultural and Conference Centre on the waterfront and the Akureyri Art Museum, with its famous colorful pavement leading to its entrance. The town is also a great spot for whale watching tours, which is why we've also included the local whale watching center.
We hope you'll fall in love with Akureyri, with its colourful houses and stunning natural surroundings. If you do, you might even buy a garage in town and transform it into your company's northern Iceland branch.
If you are eager to be trucking in this upcoming map expansion, don't forget to support us by adding the Iceland DLC to your Steam wishlist.
Also, remember to give our X/Twitter, Instagram, Facebook, Bluesky, and TikTok a follow as you'll receive updates not only about Iceland, but also other news from our games straight to your feed. Or subscribe to our newsletter to stay informed.Β Until next time, safe travels!
Jack van Gelder wordt elke maand gemonitord via zijn X-account, waar hij tussen tirades over D66-rechters en 21 miljard aan wegenbelasting de NBA-finale recenseert in proza dat bijna poëzie wordt. Het WK levert vooral fascinerende televisie op die nergens over gaat: Curaçao wordt via Corendon en het complete SBS-universum omgetoverd tot een Nederlandse eilandmarketingcampagne, inclusief politieke druk op de bondscoach van een soevereine staat om Dick Advocaat terug te halen. De NOS hangt een bordje met 'good vibes' op en probeert tevergeefs Amerikaanse bombast te vermengen met Hilversumse knulligheid, terwijl SBS zijn vergrijzingsprobleem oplost door het Oranje Café vol te zetten met nepo-babies. Medium Liesbeth van Dijk voorspelt bij Harry Mens met volle overtuiging dat Brazilië wereldkampioen wordt en de woningmarkt heel emotioneel is. Ticket to the Tribes stuurt influencers naar een Afrikaanse stam onder het mom van 'leren van elkaar', maar vergeet voor het gemak een tolk te regelen. Datzelfde 'begrijpen' zit in Mischa en de mannen die het beter weten, waarin de NPO eerst zelf zijn clowns creëert en vervolgens verbaasd vraagt wat hen drijft, terwijl het enige echte inzicht uit een pak lactosevrije melk en een schoonmaakstok komt. En dan is er Bureau Onrecht, waar oud-judoka Dennis van der Geest oplichters intimideert met niets meer dan een duim in zijn broekzak en een postuur als kernwapen, juridisch dichtgetimmerd door ARAG.
Live vragen stellen aan Seth Godin? Join de speciale breakout-room voor POM-luisteraars en ga naar denkproducties.nl/pom en meld je aan voor ABF2026.
Meer te weten te komen over Carbon Equity? Lees verder over Carbon Equity op carbonequity.com.
Very happy to share that a new package rspdlite arrived on CRAN today in its inaugural version 0.1.0-1. It wraps and provides the (header-only) C++20 library spdlite which its author describes (aptly) as tiny, fast, capable. Just like its bigger sibbling spdlog (which we wrapped as rcppspdlog), it is written by Gabi Melman. However, with a focus on C++20 and compile-time configuration, it is lighter, nimbler and faster. It is also still a fairly young project so changes may occur.
I have been working on this for about a month, and it is ready for use by R and C++. It contains the initial upstream release 0.1.0, and I plan to follow the upstream versioning making this first release as 0.1.0-1.
The package itself provides the headers for use from other C++ projects (i.e.Β mostly other packages), as well as a simple R wrapper so that logging can occur from either C++ or R. It will generally access the single logger instance in a compilation unit. So for a package built against these header it would be shared library of that package. At present we provide the basic logging level setters and getters, formatting accessors, and two (compile-time) options of a βnull loggerβ and a file-based logger. More options are availble from the C++ level, multiple logging sinks are but one example. Some examples are provided in the package as an R example and a C++ example; these are probably best examined from the sources.
The NEWS entry for this release is simply and just announces that we have a release. More details are in the ChangeLog and the GitHub repo.
Changes in version 0.1.0-1 (2025-06-08)
- Initial complete version and CRAN upload
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub. You can also sponsor my Tour de Shore 2026 ride in support of the Maywood Fine Arts Center.
The Stable channel has been updated to 149.0.7827.155/.156 for Windows and Mac and 149.0.7827.155 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but havenβt yet fixed.
This update includes 33 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[N/A][516496659] Critical CVE-2026-12437: Use after free in WebShare. Reported by Google on 2026-05-25
[N/A][516947912] Critical CVE-2026-12438: Inappropriate implementation in WebView. Reported by Google on 2026-05-27
[N/A][519728275] Critical CVE-2026-12439: Use after free in Digital Credentials. Reported by Google on 2026-06-03
[N/A][519731619] Critical CVE-2026-12440: Use after free in DigitalCredentials. Reported by Google on 2026-06-03
[N/A][520157118] Critical CVE-2026-12441: Use after free in File Input. Reported by Google on 2026-06-05
[N/A][521950423] Critical CVE-2026-12442: Use after free in Passwords. Reported by Google on 2026-06-09
[N/A][522566295] Critical CVE-2026-12443: Use after free in Web Authentication. Reported by Google on 2026-06-11
[N/A][513160088] High CVE-2026-12444: Out of bounds read in Chromoting. Reported by Google on 2026-05-14
[N/A][513199795] High CVE-2026-12445: Use after free in Extensions. Reported by Google on 2026-05-14
[N/A][513313107] High CVE-2026-12446: Insufficient data validation in Passwords. Reported by Google on 2026-05-14
[N/A][513405023] High CVE-2026-12447: Heap buffer overflow in WebRTC. Reported by Google on 2026-05-15
[N/A][513458233] High CVE-2026-12448: Inappropriate implementation in WebView. Reported by Google on 2026-05-15
[N/A][513480539] High CVE-2026-12449: Use after free in Chromoting. Reported by Google on 2026-05-15
[N/A][514531776] High CVE-2026-12450: Inappropriate implementation in Media. Reported by Zhixin Tu on 2026-05-19
[N/A][514741076] High CVE-2026-12451: Use after free in DigitalCredentials. Reported by Google on 2026-05-19
[N/A][515462244] High CVE-2026-12452: Use after free in Downloads. Reported by Google on 2026-05-21
[N/A][516448843] High CVE-2026-12453: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-25
[N/A][516926968] High CVE-2026-12454: Race in Safe Browsing. Reported by Google on 2026-05-27
[N/A][517069848] High CVE-2026-12455: Use after free in Tab Strip. Reported by Google on 2026-05-27
[N/A][517124587] High CVE-2026-12456: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-27
[N/A][517153117] High CVE-2026-12457: Insufficient data validation in Extensions. Reported by Google on 2026-05-27
[N/A][517258337] High CVE-2026-12458: Incorrect security UI in Passwords. Reported by Google on 2026-05-27
[N/A][517406035] High CVE-2026-12459: Inappropriate implementation in Serial. Reported by Google on 2026-05-28
[N/A][517484284] High CVE-2026-12460: Insufficient policy enforcement in File System Access. Reported by Google on 2026-05-28
[N/A][517727318] High CVE-2026-12461: Out of bounds read in WebRTC. Reported by Google on 2026-05-29
[N/A][517916024] High CVE-2026-12462: Use after free in Media. Reported by Google on 2026-05-29
[N/A][518042749] High CVE-2026-12463: Inappropriate implementation in Views. Reported by Google on 2026-05-30
[N/A][519358344] High CVE-2026-12464: Use after free in Browser. Reported by Google on 2026-06-03
[N/A][520189702] High CVE-2026-12465: Insufficient validation of untrusted input in Metrics. Reported by Google on 2026-06-05
[N/A][520199394] High CVE-2026-12466: Heap buffer overflow in WebRTC. Reported by Google on 2026-06-05
[N/A][520202726] High CVE-2026-12467: Use after free in Extensions. Reported by Google on 2026-06-05
[N/A][521485244] High CVE-2026-12468: Inappropriate implementation in Updater. Reported by Google on 2026-06-08
[N/A][521618871] High CVE-2026-12469: Uninitialized Use in GPU. Reported by Google on 2026-06-09
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Daniel Yip
Google Chrome
The Extended Stable channel has been updated to 148.0.7778.271 for Windows and Mac which will roll out over the coming days/weeks.
Donations are appreciated. There is now a PayPal option.
Updates:
Fixes:
Subtitle downloads from OpenSubtitles may fail depending on time of day. This is due to our daily download quota being exceeded. Current amount of donations is barely enough to pay for the existing quota. So it is unlikely that quota can be increased and situation will get worse over time.
If you create an OpenSubtitles account and configure it in MPC-HC settings then you may be able to bypass the quota.
Options > Subtitles > Misc > Right-click on OpenSubtitles.com > Setup > Fill in username/password
A lot of people seem to be unaware of some of the awesome features that have been added to MPC-HC in the past years. Here is a list of useful options and features that everyone should know about:
1 (restore normal view with 3).
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.06.16GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.06.16
