Skip to main content
SWEAVER.net

Tech Weekly 2026 04 25

·2586 words·13 mins
Stuart Weaver
Author
Stuart Weaver
USPSA competitive shooter, bitcoin pleb, Linux and technology enthusiast.
Created by potrace 1.15, written by Peter Selinger 2001-2017

Weekly Technology Brief Summary
#

April 19-25, 2026
#

Week at a Glance
#

This week in technology saw significant developments across the open-source ecosystem, AI industry turbulence, major security incidents, and continued evolution of hardware platforms. The Linux 7.1 kernel development cycle dominated open-source news with substantial cleanups and new features, while Anthropic faced scrutiny over Claude AI quality issues and pricing changes. Security remained a pressing concern with multiple high-profile breaches and ongoing nation-state threats.

Key Themes for the Week
#

  1. Linux 7.1 Kernel Development: Major code cleanup removing obsolete drivers and subsystems, preparing for next-generation hardware including AMD Zen 6/EPYC Venice
  2. AI Industry Growing Pains: Anthropic’s Claude facing quality complaints, pricing changes, and controversy; Meta employee surveillance revelations
  3. Supply Chain Security: Multiple npm package compromises, GitHub telemetry changes, and dependency trust debates
  4. Enterprise IT Acceleration: Despite economic headwinds, IT spending continues growing driven by cloud and AI infrastructure
  5. Open Source Community Dynamics: LibreOffice governance disputes, GCC establishing AI policy working groups, SDL banning AI-generated code

Linux & BSD
#

Linux 7.1 Kernel Development Accelerates
#

The Linux 7.1 merge window brought substantial changes this week, headlined by aggressive code cleanup and preparation for next-generation hardware.

Major Code Removal: Linus Torvalds merged a significant cleanup removing 138,000 lines of obsolete code, including:

  • The entire old ISDN (Integrated Services Digital Network) subsystem
  • PCMCIA-era network drivers with no active upstream users
  • Legacy input hardware drivers, including decades-old bus mouse support
  • Baikal CPU support

This cleanup was notably driven by an influx of AI/LLM-generated bug reports targeting dated code that lacks active maintainers or users—a novel dynamic in kernel development.

Hardware Support Expansion:

  • AMD SMCA (Scalable Machine Check Architecture) bank types added for upcoming Zen 6 “Venice” processors and EPYC server chips
  • New HID subsystem updates including Lenovo Legion Go drivers and Sony HID device support
  • Intel QAT (QuickAssist Technology) Zstd offload support for hardware-accelerated compression
  • HDMI 2.1 Fixed Rate Link (FRL) support added to the open-source Nouveau driver for NVIDIA GPUs—a feature notably AMD has struggled to implement due to HDMI Forum restrictions

Performance Improvements:

  • HRTIMER (High-Resolution Timer) subsystem overhaul reducing overhead of frequently-armed timers and improving scheduler responsiveness
  • Scheduler improvements including proportional newidle balance code benefiting workloads like easyWave and FIO benchmarks
  • IO_uring enhancements including custom event loop logic, expanded IOPOLL capabilities, and zero-copy receive updates
  • Memory management updates including RAID fixes and T10 PI data integrity improvements

Desktop Environment Progress:

  • KDE Plasma 6.7 development brings per-screen virtual desktop support after 20+ years of community requests, Wayland session management protocol support, and improved multi-GPU System Monitor display
  • KDE Gear 26.04 released with Merkuro Calendar improvements, NeoChat Matrix threads support, and Dolphin file manager enhancements
  • GNOME fixed a long-standing screencasting issue where H.264 recordings were approximately 18x larger than VP8 due to a VA-API rate control bug

BSD Ecosystem Updates
#

  • GhostBSD 26.1 Released: Based on FreeBSD 15.0-RELEASE, featuring XLibre display server replacing X.Org Server, Zsh as default shell, and Enterprise WPA/WireGuard support
  • FreeBSD 14.4 Released: Latest production release with updated security advisories
  • Oracle Reduces Solaris 11.4 Updates: Announced reduced frequency of software updates for Solaris and ZFS Storage Appliance

Distribution News
#

  • Ubuntu 26.04 LTS Released: Powered by Linux 7.0 kernel, with official ISOs available for desktop, server, and all Ubuntu flavors. Server edition now automatically installs HWE/OEM kernel packages for better hardware support
  • Debian 13.4 Released: Updated “trixie” point release with latest security fixes
  • Sruthi Chandran elected Debian Project Leader: Running unopposed for the 2026 term
  • CachyOS rolled out Linux 7.0 kernel with performance optimizations for Arch Linux users

Open Source
#

Community Governance and Policy
#

LibreOffice Governance Crisis: The Document Foundation revoked membership of approximately 30 Collabora-affiliated individuals, prompting Collabora to announce plans for a new LibreOffice fork. This represents a significant schism in one of the most important open-source productivity suites.

GCC AI Policy Working Group: The GNU Compiler Collection steering committee established a working group to study the use of AI and large language models in GCC compiler development, reflecting broader community grappling with AI contributions.

SDL AI Ban: The Simple DirectMedia Layer project implemented a policy forbidding LLM/AI-generated code contributions, joining other projects taking firm stances on AI-generated contributions.

Major Releases
#

  • Git 2.54: New experimental “git history” command for exploring commit ancestry, plus performance improvements and new merge capabilities
  • GNU Coreutils 9.11: Up to 15x faster cat command through optimized memory handling
  • jemalloc 5.3.1: First major update in nearly four years with significant memory allocation improvements; Meta renewing investment
  • Mold 2.41: Fast linker with new features and bug fixes
  • Rust 1.95: Several language improvements and compiler enhancements
  • WireGuard for Windows v1.0: Major milestone after years of development
  • Forgejo 15.0: Community-driven Git forge (Gitea fork) released as new LTS with repository-specific access tokens and Actions improvements; supported through July 2027
  • Wine 11.7: VBScript fixes and DirectSound 7.1 channel support
  • GIMP 3.2.4: Fixes for XCF code bug that existed since 1999
  • Fwupd 2.1.2: Firmware updating utility adds support for more hardware devices

Infrastructure and Tools
#

  • GitHub Telemetry Change: GitHub opted all CLI users into telemetry collection by default, sparking privacy concerns and opt-out instructions being shared
  • Honker: New open-source project brings Postgres NOTIFY/LISTEN semantics to SQLite, trending on Hacker News
  • Tolaria: Open-source macOS app for managing Markdown knowledge bases gaining popularity
  • Mozilla Thunderbolt: New open-source enterprise AI client for secure AI interactions announced
  • Turbo Vision 2.0: Modern port of the classic Borland Turbo Vision TUI framework released

Development Trends #

LLMs Finding Bugs: Growing trend of using LLMs like Claude Code to discover bugs in Python C-extensions. One researcher found 500+ bugs across 44 Python C extensions and is working responsibly with maintainers on fixes. This is creating an influx of AI-discovered bug reports across open-source projects.

CONFIG_VT=n Progress: Linux kernel VT subsystem deprecation continues; kmscon now active again, Fedora testing VT-less systems, and ReterminateVT project reaches first pre-release.

AI & Machine Learning
#

Anthropic Controversies
#

Claude Quality Issues: Multiple reports this week of declining Claude performance:

  • Anthropic admitted it “dumbed down” Claude when attempting to make it smarter, with system changes and bugs overlapping to create impressions of general decline
  • Claude Opus 4.7 saw rising refusal rates from the Acceptable Use Classifier, with developers complaining it became an overzealous “query cop” leaving customers paying for unusable responses
  • Claude Desktop app changed browser app access settings without user consent, raising potential EU law compliance issues

Pricing and Access Changes:

  • Anthropic removed bundled tokens from seat-based enterprise plans, pushing large organizations toward metered API pricing
  • Unannounced removal of Claude Code functionality for Pro users, apparently targeting 2% of users but affecting documentation for everyone
  • Clarified that OpenClaw-style Claude CLI usage is explicitly permitted again according to updated policies

Major Model Releases
#

  • OpenAI GPT-5.5: Launched with improved reasoning capabilities and a bio bug bounty program for safety research
  • DeepSeek v4: Chinese AI lab releases v4 model, trending at #1 on Hacker News
  • Qwen3.6-Max-Preview: Alibaba’s latest large language model promises smarter, sharper performance

Industry Developments
#

Google-Anthropic Investment: Google plans to invest up to $40 billion in Anthropic, deepening the Big Tech AI competition and raising questions about market concentration.

Meta Employee Surveillance: Reports emerged that Meta is requiring workers to run surveillance software capturing keystrokes to build AI, drawing internal backlash and raising serious privacy concerns.

Snowflake AI Pivot: Snowflake announced a shift from traditional data warehousing to autonomous AI agents that can act on data, moving beyond chatbots toward actual task completion—a significant strategic repositioning.

Cloudflare Agent Memory: New managed service allows AI agents to store and recall conversational data when context windows fill up, supporting persistent memory across long-running sessions.

AMD GAIA Updates: Now allows building custom AI agents via chat and becomes a “true desktop app” for Ryzen AI systems.

Hugging Face Safetensors: Security-focused tensor format donated to PyTorch Foundation to ensure safer AI model execution.

Intel OpenVINO 2026.1: New backend for Llama.cpp and expanded hardware support for AI inference acceleration.

Research and Innovations
#

  • TRELLIS.2: Image-to-3D generation running natively on Apple Silicon
  • 3D Body from 8 Questions: Research demonstrates generating a 3D body model from just eight questionnaire responses using neural networks
  • Smart Contact Lens for Glaucoma: IEEE Spectrum reported on a contact lens using microfluidics to monitor and treat glaucoma
  • Tiny Corp Exabox: $10M Exabox system for AI/ML workloads opened for pre-orders
  • TorchTPU at Google Scale: Google announced native PyTorch support on TPUs for large-scale AI training

Security
#

High-Profile Breaches
#

Vercel Breach: OAuth supply chain attack exposed risks in platform environment variables, detailed by Trend Micro researchers. Hackers claimed to be selling stolen data from the cloud development platform.

ADT Data Breach: Home security giant ADT confirmed a data breach after ShinyHunters extortion group threatened to leak stolen data unless ransom is paid.

UK Biobank Data Breach: Medical data of 500,000 Biobank volunteers listed for sale on Alibaba, revealed by UK minister—compromising the world’s largest biomedical dataset.

Bitwarden CLI Compromised: npm package briefly contained credential-stealing payload; Checkmarx supply chain campaign continues to affect developer tools.

Critical Vulnerabilities
#

  • Microsoft Emergency ASP.NET Patches: Out-of-band security updates for critical ASP.NET Core privilege escalation vulnerability
  • CISA Apache ActiveMQ Order: Federal agencies must patch 13-year-old bug (CVE-2026-34197) allowing RCE via Jolokia API by April 30; over 8,000 exposed instances tracked online
  • CISA BlueHammer Order: Federal agencies must patch Microsoft Defender privilege escalation flaw (CVE-2025-26727) exploited as zero-day
  • Critical Protobuf.js Flaw: Remote code execution vulnerability in widely-used JavaScript Protocol Buffers implementation; proof-of-concept exploit code published
  • Apple Signal Recovery Bug: Out-of-band iOS update fixes vulnerability that allowed FBI recovery of deleted Signal messages
  • X.Org Server: Five new security vulnerabilities disclosed, prompting release of version 21.1.22
  • Flatpak 1.16.4: Security fixes for sandbox escape and arbitrary host file deletion vulnerabilities
  • OpenSSL 4.0: Released with Encrypted Client Hello (ECH) support and RFC 8998 compliance

Nation-State and APT Activity
#

  • Chinese APT Activity: 10-country warning about Chinese hackers compromising infrastructure for use in attacks; GopherWhisper APT using Go-based toolkit with Slack/Discord for C2
  • UK NCSC Warning: China’s “whole-of-state” cyber machine has become Britain’s peer competitor in cyberspace
  • Iran Claims US Network Backdoors: Iran claims the US used backdoors to knock out networking equipment during conflict, with China reportedly capitalizing on the narrative
  • North Korea Targets macOS: Latest cryptocurrency heist using social engineering targeting macOS users
  • ZionSiphon Malware: Targets water treatment and desalination systems for sabotage
  • Operation PowerOFF: Took down 53 domains and identified 75k DDoS users across 21 countries

Emerging Threats
#

Payouts King Ransomware: Novel technique uses QEMU VMs running via reverse SSH backdoor to bypass endpoint security detection.

Firestarter Malware: US and UK cybersecurity agencies warn about custom malware persisting on Cisco Firepower and Secure Firewall devices, surviving updates and security patches.

BlackFile Extortion Group: New financially motivated hacking group linked to vishing attacks against retail and hospitality organizations since February 2026.

Browser-Based Attacks: New research from Push Security documents how AITM phishing, ClickFix, malicious OAuth apps, and session hijacking are bypassing traditional security controls.

Job Scam Targets Developers: Sophisticated scam with legit-looking websites, camera-on interviews, and social engineering to lower guards; victims admit running malicious code.

Security Policy and Governance
#

  • NIST to Stop Rating Non-Priority Flaws: Due to volume increase from rising submission volumes
  • Brussels Age Checking App: Government’s facial biometric capture app hacked in 2 minutes by security researchers at launch event
  • Microsoft Account Change Alerts: Abused for phishing through legitimate Apple notification emails
  • SharePoint Spoofing: Over 1,300 Microsoft SharePoint servers remain unpatched against spoofing vulnerability exploited as zero-day

Hardware/Enterprise
#

Processor and Silicon
#

AMD Ryzen 9 9950X3D2: The new “Dual Edition” flagship processor launched at $899, featuring 16 cores/32 threads and dual CCDs with 3D V-Cache. Reviews describe it as “gratuitous overkill” for desktop computing, showing strong performance for developers and technical computing workloads.

Intel Core Series 3 “Wildcat Lake”: New entry-level processors for budget laptops with integrated AI capabilities announced, easing reliance on TSMC with domestically manufactured chips.

Intel Xe2 Lunar Lake: Linux graphics performance up ~17% over the past year.

RISC-V Progress:

  • BeagleV Ahead SBC getting HDMI support with Linux 7.1
  • SiFive raises $400M for data center RISC-V processors

Arm C1-Ultra: Scheduling model merged for LLVM/Clang 23 to optimize binaries for Arm’s flagship next-gen mobile CPU.

Memory and Storage
#

RAM Shortage Concerns: Industry reports suggest supply constraints affecting memory prices and availability could last years.

DIY RAM Project: Viral video demonstrates making RAM at home, showcasing the complexity of modern memory manufacturing.

Solid-State Battery Research: Researchers identified why ceramic electrolytes crack, bringing solid-state batteries closer to viability. Separate research also diagnosed why solid-state batteries keep cracking despite holding more energy.

Enterprise IT
#

IT Spending Growth: Gartner reports IT spending is accelerating despite wider economic concerns, powered by cloud and AI infrastructure investment—decoupling from oil crisis headwinds.

Meta Workforce Reduction: Company announced cutting 10% of jobs affecting thousands of employees.

Palantir USDA Deal: Won $300M contract beating Salesforce and IBM for farm safety net and disaster program management.

Ruby Central Financial Jeopardy: Organization in “real financial jeopardy” following RubyGems maintainer disputes and staff departures.

Networking and Infrastructure
#

10 GbE USB Adapters: New generation hitting the market that are cooler, smaller, and cheaper than previous offerings.

IPv6 Milestone: According to Google measurements, IPv6 briefly carried half of all internet traffic for one day this week.

UK Azure Capacity Issues: Users report workloads being redirected to Sweden due to capacity problems.

Raspberry Pi OS Security: Password now required by default for sudo commands, improving security posture.

Hardware Security
#

NCSC Hardware Security Gadget: UK cyber agency releases first commercial hardware security gadget for organizations concerned about malware via monitor cables.

Rodecaster SSH Default: Security researcher discovers audio interface has SSH enabled by default, raising IoT device security concerns.

Space and Science
#

NASA Voyager Upgrade: Working on ‘Big Bang’ upgrade to keep Voyager probes alive longer after power glitch shutdown.

Organic Compounds on Mars: First SAM TMAH experiment revealed diverse organic molecules preserved for billions of years on Mars.

Productivity and Enterprise Software
#

Microsoft Word AI Co-author: Microsoft adds AI co-author to Word documents, plus agentic Copilot in Excel and PowerPoint.

Microsoft Entra Passkeys: Passkey support for phishing-resistant passwordless authentication rolling out to Microsoft Entra-protected resources.

Microsoft RDP Security: Beefed up Remote Desktop security with hard-to-read messages.

Windows Update Control: Improvements giving users more control over update installation timing.

Atlassian AI Data Collection: Beginning August 17, Free/Standard/Premium tier customers will have metadata collected by default for AI training; Enterprise customers can opt out.

Notable Trends and Patterns #

AI-Driven Security Research
#

A significant trend emerged this week: AI/LLM tools are being used to discover bugs at scale in open-source projects. While this increases security coverage, it’s also generating noise through reports on obsolete code, prompting the Linux kernel’s major cleanup.

Open Source Community Tensions
#

Multiple projects grappled with AI contributions this week—SDL banned them entirely, GCC formed a working group, and LibreOffice experienced a governance crisis. The intersection of AI tooling and community norms remains unresolved.

Enterprise AI Integration
#

Companies are moving beyond chatbots toward autonomous agents (Snowflake, Cloudflare) while facing growing pains around quality, pricing, and employee surveillance concerns (Anthropic, Meta).

Supply Chain Security Focus
#

npm package compromises, GitHub telemetry changes, and dependency cooldown debates highlight continued focus on software supply chain security.

Hardware Innovation Continues
#

Despite economic concerns, IT spending accelerates driven by AI infrastructure. New processor generations from AMD and Intel, solid-state battery research progress, and networking improvements demonstrate ongoing hardware evolution.

Generated: April 25, 2026 Sources: Daily Technology Briefs from April 19-25, 2026