July 3, 2026
Report summary
12 stories cleared the bar, led by Your site, your rules: new AI traffic options for all customers, Unprivileged root via an out-of-bounds write in the FUSE readdir cache (CVE-2026-31694), and Making AI search smarter.
Worth attention
Cloudflare rolled out finer-grained AI traffic controls to every customer, not just enterprise: distinct handling for Search, Agent, and Training crawlers, plus a new option to shield ad-monetized pages from bots. If you run a site that depends on ad revenue or wants to block AI training scrapes without blocking useful agents, this is a config change worth making tomorrow.
A real, CVE-tracked local privilege-escalation bug in FUSE's readdir cache -- anyone running Linux servers or VPS instances with FUSE mounts (sshfs, rclone, etc.) should check for patched kernel/FUSE versions. Directly actionable: check your kernel version and patch.
Cloudflare announced two new tools aimed at helping site owners stay visible to AI-driven search/agents while getting compensated for their content. For anyone worried about AI crawlers cannibalizing referral traffic, this is a direct lever to evaluate alongside existing bot-management settings.
Moonshot AI's Kimi K2.7 Code model reached GA status in GitHub Copilot, giving Copilot users another frontier coding model to switch to. Worth a quick benchmark against whatever model you currently default to -- model choice inside Copilot is now a lever, not a given.
Cerebras' fast-inference hardware now serves Google's Gemma 4 through Hugging Face, aimed at real-time voice agents where latency is the main bottleneck. If you're building or evaluating voice-agent infrastructure, this is a new low-latency stack option worth benchmarking against your current provider.
Microsoft/VS Code details concrete changes that cut token consumption for Copilot's agent mode -- directly relevant if you're running agentic coding workflows and watching your API/subscription costs. Worth reading for both the cost savings and the underlying technique, which may be portable to your own agent harnesses.
As age-verification laws spread across US states, the UK, and EU, Google is publishing ZK-proof tooling that lets sites confirm a user is old enough without harvesting ID data. If you ship anything that will eventually need age gating, this is a credible privacy-preserving approach to watch instead of rolling your own ID-collection flow.
If accurate, this would be a major compliance event for any solo business handling EU user data on US infrastructure -- echoing the Schrems I/II precedent. No article content was scraped (only a link to noyb.eu, Max Schrems' privacy-advocacy org), so the specifics of the ruling and its practical effect are unverified here.
A new analytics dashboard surfaces which AI crawlers are hitting your site and how much that traffic might be worth, meant to support negotiating crawl compensation. Useful if you're weighing whether to block or monetize AI bot traffic, but an add-on dashboard rather than something you must react to immediately.
The creator of the widely-used Box2D physics engine has released a 3D successor. Notable for anyone building games or simulations who currently reaches for Bullet, PhysX, or Jolt -- worth a look given Box2D's reputation for clean API design.
A significant architectural decision in the Zig toolchain, separating package management from the compiler proper. Relevant if you're using or evaluating Zig; illustrates a broader trend of build systems absorbing package-management responsibility.
A hands-on benchmark exploring whether ECS-style data layout actually helps performance in JS, with reproducible numbers. Good read if you're optimizing hot-path JS/game code; a solid example of evidence-based performance writing.
Full digest
Cloudflare's one-year retrospective on its 'Content Independence Day' campaign, framing a shift toward a paid market for AI crawler access. It's a narrative/business overview rather than a new capability -- the substantive changes are covered in Cloudflare's companion announcements from the same day.
Cloudflare announced two new tools aimed at helping site owners stay visible to AI-driven search/agents while getting compensated for their content. For anyone worried about AI crawlers cannibalizing referral traffic, this is a direct lever to evaluate alongside existing bot-management settings.
Cloudflare rolled out finer-grained AI traffic controls to every customer, not just enterprise: distinct handling for Search, Agent, and Training crawlers, plus a new option to shield ad-monetized pages from bots. If you run a site that depends on ad revenue or wants to block AI training scrapes without blocking useful agents, this is a config change worth making tomorrow.
A new analytics dashboard surfaces which AI crawlers are hitting your site and how much that traffic might be worth, meant to support negotiating crawl compensation. Useful if you're weighing whether to block or monetize AI bot traffic, but an add-on dashboard rather than something you must react to immediately.
Cerebras' fast-inference hardware now serves Google's Gemma 4 through Hugging Face, aimed at real-time voice agents where latency is the main bottleneck. If you're building or evaluating voice-agent infrastructure, this is a new low-latency stack option worth benchmarking against your current provider.
Single bug fix release (Date value preservation in expressions). No new features or breaking changes.
Minor release: a few bug fixes (Salesforce auth, node creator badge, Date handling) plus a UI default change. No major new capability.
R
beta
Duplicate of the 2.29.2 changelog under n8n's beta tag -- no distinct content.
R
v16.2.10
Packaging-only fix; no functional or API changes for Next.js users.
R
v15.5.20
Packaging-only republish, no functional changes.
If accurate, this would be a major compliance event for any solo business handling EU user data on US infrastructure -- echoing the Schrems I/II precedent. No article content was scraped (only a link to noyb.eu, Max Schrems' privacy-advocacy org), so the specifics of the ruling and its practical effect are unverified here.
Personal reflective essay; no concrete claim or actionable content.
The creator of the widely-used Box2D physics engine has released a 3D successor. Notable for anyone building games or simulations who currently reaches for Bullet, PhysX, or Jolt -- worth a look given Box2D's reputation for clean API design.
Alpha-stage release of a legacy IM client; low relevance to current solo-dev priorities.
A significant architectural decision in the Zig toolchain, separating package management from the compiler proper. Relevant if you're using or evaluating Zig; illustrates a broader trend of build systems absorbing package-management responsibility.
A hands-on benchmark exploring whether ECS-style data layout actually helps performance in JS, with reproducible numbers. Good read if you're optimizing hot-path JS/game code; a solid example of evidence-based performance writing.
Governance/process change for Godot contributors. Relevant if you contribute to or depend heavily on Godot's roadmap, otherwise a background item.
Routine progress update on Apple Silicon Linux support. Worth tracking if you run Linux on Apple hardware; not an immediate action item.
Nostalgia essay, not actionable or decision-relevant.
A real, CVE-tracked local privilege-escalation bug in FUSE's readdir cache -- anyone running Linux servers or VPS instances with FUSE mounts (sshfs, rclone, etc.) should check for patched kernel/FUSE versions. Directly actionable: check your kernel version and patch.
A practical guide to using crosvm (the VMM behind ChromeOS/Android's Linux VM) to build an isolated dev sandbox -- directly relevant if you're isolating agent or build execution environments rather than relying on Docker alone.
First-hand account of migrating away from Vagrant -- useful context if you still maintain Vagrant-based dev environments and are weighing alternatives (Docker, Nix, etc.).
Thoughtful essay on OSS sustainability framing; interesting background reading on the open-source funding debate, not a near-term decision item.
Fun hobby hardware project video; not relevant to business/software decisions.
Incremental native-image size reduction in GraalVM. Relevant if you ship GraalVM native binaries and care about image size/cold-start; otherwise a minor footnote.
Microsoft/VS Code details concrete changes that cut token consumption for Copilot's agent mode -- directly relevant if you're running agentic coding workflows and watching your API/subscription costs. Worth reading for both the cost savings and the underlying technique, which may be portable to your own agent harnesses.
A technical essay connecting older fuzzing-infrastructure design (autofz's control plane) to how LLM-driven agent systems should be architected. Thoughtful for anyone designing agent orchestration or tool-calling control planes, though it's an opinionated analysis rather than a released tool.
Moonshot AI's Kimi K2.7 Code model reached GA status in GitHub Copilot, giving Copilot users another frontier coding model to switch to. Worth a quick benchmark against whatever model you currently default to -- model choice inside Copilot is now a lever, not a given.
A community-built harness for Zhipu's GLM-5.2 model, in the same space as Claude Code/Cursor-style coding agents. No usage data or reviews visible yet -- worth a look if you're already experimenting with GLM models, otherwise not urgent.
A fun hardware hobby project, but unrelated to software business decisions.
F-Droid, an advocacy-leaning source, flags an Android malware concern tied to Google's ecosystem. The headline is provocative and no article content was scraped, so treat as unverified until corroborated by a neutral source.
Nostalgia/culture essay about web forum culture; no actionable claim for a solo builder.
Evergreen career-advice post; useful as a personal resource but not time-sensitive news.
A concrete quality/compression improvement to FFmpeg's AAC encoder -- relevant if you touch audio/video encoding pipelines, otherwise low priority.
As age-verification laws spread across US states, the UK, and EU, Google is publishing ZK-proof tooling that lets sites confirm a user is old enough without harvesting ID data. If you ship anything that will eventually need age gating, this is a credible privacy-preserving approach to watch instead of rolling your own ID-collection flow.
Recurring monthly thread, not news.
Science curiosity piece, unrelated to software or business.
A fun Vim-learning game; charming but not news or decision-relevant.
Evergreen recurring contest page, not a new event.
A major version bump to Qualcomm's own Linux distribution for its chipsets, relevant to embedded and edge-AI developers targeting Snapdragon hardware. Niche audience but a real, dated platform release.
Original markdown
# Nightly Librarian — Newsletter draft Run: 85881447-4ec5-4b5a-b82c-45e06d3809b0 Started: 2026-07-03T06:09:56.379Z Completed: 2026-07-03T06:19:59.935Z ## Worth attention - **Your site, your rules: new AI traffic options for all customers** https://blog.cloudflare.com/content-independence-day-ai-options/ Cloudflare rolled out finer-grained AI traffic controls to every customer, not just enterprise: distinct handling for Search, Agent, and Training crawlers, plus a new option to shield ad-monetized pages from bots. If you run a site that depends on ad revenue or wants to block AI training scrapes without blocking useful agents, this is a config change worth making tomorrow. - **Unprivileged root via an out-of-bounds write in the FUSE readdir cache (CVE-2026-31694)** https://cyberstan.co.uk/fuse-readdir-oob/ A real, CVE-tracked local privilege-escalation bug in FUSE's readdir cache -- anyone running Linux servers or VPS instances with FUSE mounts (sshfs, rclone, etc.) should check for patched kernel/FUSE versions. Directly actionable: check your kernel version and patch. - **Making AI search smarter** https://blog.cloudflare.com/making-ai-search-smarter/ Cloudflare announced two new tools aimed at helping site owners stay visible to AI-driven search/agents while getting compensated for their content. For anyone worried about AI crawlers cannibalizing referral traffic, this is a direct lever to evaluate alongside existing bot-management settings. - **Kimi K2.7 Code is generally available in GitHub Copilot** https://github.blog/changelog/2026-07-01-kimi-k2-7-is-now-available-in-github-copilot/ Moonshot AI's Kimi K2.7 Code model reached GA status in GitHub Copilot, giving Copilot users another frontier coding model to switch to. Worth a quick benchmark against whatever model you currently default to -- model choice inside Copilot is now a lever, not a given. - **Hugging Face and Cerebras bring Gemma 4 to real-time voice AI** https://huggingface.co/blog/cerebras-gemma4-voice-ai Cerebras' fast-inference hardware now serves Google's Gemma 4 through Hugging Face, aimed at real-time voice agents where latency is the main bottleneck. If you're building or evaluating voice-agent infrastructure, this is a new low-latency stack option worth benchmarking against your current provider. - **Improving token efficiency for GitHub Copilot in VS Code** https://code.visualstudio.com/blogs/2026/06/17/improving-token-efficiency-in-github-copilot Microsoft/VS Code details concrete changes that cut token consumption for Copilot's agent mode -- directly relevant if you're running agentic coding workflows and watching your API/subscription costs. Worth reading for both the cost savings and the underlying technique, which may be portable to your own agent harnesses. - **Opening up 'Zero-Knowledge Proof' technology to promote privacy in age assurance** https://blog.google/innovation-and-ai/technology/safety-security/opening-up-zero-knowledge-proof-technology-to-promote-privacy-in-age-assurance/ As age-verification laws spread across US states, the UK, and EU, Google is publishing ZK-proof tooling that lets sites confirm a user is old enough without harvesting ID data. If you ship anything that will eventually need age gating, this is a credible privacy-preserving approach to watch instead of rolling your own ID-collection flow. - **US Supreme Court just blew up EU-US Data Transfers** https://noyb.eu/en/us-supreme-court-just-blew-eu-us-data-transfers If accurate, this would be a major compliance event for any solo business handling EU user data on US infrastructure -- echoing the Schrems I/II precedent. No article content was scraped (only a link to noyb.eu, Max Schrems' privacy-advocacy org), so the specifics of the ruling and its practical effect are unverified here. - **Unmasking the crawls with Attribution Business Insights** https://blog.cloudflare.com/attribution-business-insights/ A new analytics dashboard surfaces which AI crawlers are hitting your site and how much that traffic might be worth, meant to support negotiating crawl compensation. Useful if you're weighing whether to block or monetize AI bot traffic, but an add-on dashboard rather than something you must react to immediately. - **Announcing Box3D** https://box2d.org/posts/2026/06/announcing-box3d/ The creator of the widely-used Box2D physics engine has released a 3D successor. Notable for anyone building games or simulations who currently reaches for Bullet, PhysX, or Jolt -- worth a look given Box2D's reputation for clean API design. - **All Package Management Functionality Moved from Compiler to Build System** https://ziglang.org/devlog/2026/?2026-06-30#2026-06-30 A significant architectural decision in the Zig toolchain, separating package management from the compiler proper. Relevant if you're using or evaluating Zig; illustrates a broader trend of build systems absorbing package-management responsibility. - **The Physics of Memory (aka can Javascript ECS?)** https://www.dmurph.com/posts/2026/06/ecs_vs_oop_benchmark/ecs_vs_oop_benchmark.html A hands-on benchmark exploring whether ECS-style data layout actually helps performance in JS, with reproducible numbers. Good read if you're optimizing hot-path JS/game code; a solid example of evidence-based performance writing. ## Full digest - [R] [cloudflare-blog] Content Independence Day, one year on: building the business model for the agentic Internet — https://blog.cloudflare.com/agentic-internet-bot-report/ — Cloudflare's one-year retrospective on its 'Content Independence Day' campaign, framing a shift toward a paid market for AI crawler access. It's a narrative/business overview rather than a new capability -- the substantive changes are covered in Cloudflare's companion announcements from the same day. - [P] [cloudflare-blog] Making AI search smarter — https://blog.cloudflare.com/making-ai-search-smarter/ — Cloudflare announced two new tools aimed at helping site owners stay visible to AI-driven search/agents while getting compensated for their content. For anyone worried about AI crawlers cannibalizing referral traffic, this is a direct lever to evaluate alongside existing bot-management settings. - [P] [cloudflare-blog] Your site, your rules: new AI traffic options for all customers — https://blog.cloudflare.com/content-independence-day-ai-options/ — Cloudflare rolled out finer-grained AI traffic controls to every customer, not just enterprise: distinct handling for Search, Agent, and Training crawlers, plus a new option to shield ad-monetized pages from bots. If you run a site that depends on ad revenue or wants to block AI training scrapes without blocking useful agents, this is a config change worth making tomorrow. - [P] [cloudflare-blog] Unmasking the crawls with Attribution Business Insights — https://blog.cloudflare.com/attribution-business-insights/ — A new analytics dashboard surfaces which AI crawlers are hitting your site and how much that traffic might be worth, meant to support negotiating crawl compensation. Useful if you're weighing whether to block or monetize AI bot traffic, but an add-on dashboard rather than something you must react to immediately. - [P] [huggingface-blog] Hugging Face and Cerebras bring Gemma 4 to real-time voice AI — https://huggingface.co/blog/cerebras-gemma4-voice-ai — Cerebras' fast-inference hardware now serves Google's Gemma 4 through Hugging Face, aimed at real-time voice agents where latency is the main bottleneck. If you're building or evaluating voice-agent infrastructure, this is a new low-latency stack option worth benchmarking against your current provider. - [R] [gh-n8n] [email protected] — https://github.com/n8n-io/n8n/releases/tag/n8n%401.123.63 — Single bug fix release (Date value preservation in expressions). No new features or breaking changes. - [R] [gh-n8n] [email protected] — https://github.com/n8n-io/n8n/releases/tag/n8n%402.29.2 — Minor release: a few bug fixes (Salesforce auth, node creator badge, Date handling) plus a UI default change. No major new capability. - [R] [gh-n8n] beta — https://github.com/n8n-io/n8n/releases/tag/beta — Duplicate of the 2.29.2 changelog under n8n's beta tag -- no distinct content. - [R] [gh-nextjs] v16.2.10 — https://github.com/vercel/next.js/releases/tag/v16.2.10 — Packaging-only fix; no functional or API changes for Next.js users. - [R] [gh-nextjs] v15.5.20 — https://github.com/vercel/next.js/releases/tag/v15.5.20 — Packaging-only republish, no functional changes. - [M] [lobsters] US Supreme Court just blew up EU-US Data Transfers — https://noyb.eu/en/us-supreme-court-just-blew-eu-us-data-transfers — If accurate, this would be a major compliance event for any solo business handling EU user data on US infrastructure -- echoing the Schrems I/II precedent. No article content was scraped (only a link to noyb.eu, Max Schrems' privacy-advocacy org), so the specifics of the ruling and its practical effect are unverified here. - [R] [lobsters] Artificial adventures — https://www.scattered-thoughts.net/writing/artificial-adventures/ — Personal reflective essay; no concrete claim or actionable content. - [P] [lobsters] Announcing Box3D — https://box2d.org/posts/2026/06/announcing-box3d/ — The creator of the widely-used Box2D physics engine has released a 3D successor. Notable for anyone building games or simulations who currently reaches for Bullet, PhysX, or Jolt -- worth a look given Box2D's reputation for clean API design. - [R] [lobsters] Pidgin 3.0 Alpha 2 (2.96.0) has been released — https://discourse.imfreedom.org/t/pidgin-3-0-alpha-2-2-96-0-has-been-released/398 — Alpha-stage release of a legacy IM client; low relevance to current solo-dev priorities. - [P] [lobsters] All Package Management Functionality Moved from Compiler to Build System — https://ziglang.org/devlog/2026/?2026-06-30#2026-06-30 — A significant architectural decision in the Zig toolchain, separating package management from the compiler proper. Relevant if you're using or evaluating Zig; illustrates a broader trend of build systems absorbing package-management responsibility. - [P] [lobsters] The Physics of Memory (aka can Javascript ECS?) — https://www.dmurph.com/posts/2026/06/ecs_vs_oop_benchmark/ecs_vs_oop_benchmark.html — A hands-on benchmark exploring whether ECS-style data layout actually helps performance in JS, with reproducible numbers. Good read if you're optimizing hot-path JS/game code; a solid example of evidence-based performance writing. - [M] [lobsters] Changes to Godot Engine Contribution Policies — https://godotengine.org/article/contribution-policy-2026/ — Governance/process change for Godot contributors. Relevant if you contribute to or depend heavily on Godot's roadmap, otherwise a background item. - [M] [lobsters] Progress Report: Linux 7.1 - Asahi Linux — https://asahilinux.org/2026/06/progress-report-7-1/ — Routine progress update on Apple Silicon Linux support. Worth tracking if you run Linux on Apple hardware; not an immediate action item. - [R] [lobsters] The Internet I Grew Up With Doesn't Exist Anymore — https://cleberg.net/blog/internet.html — Nostalgia essay, not actionable or decision-relevant. - [P] [lobsters] Unprivileged root via an out-of-bounds write in the FUSE readdir cache (CVE-2026-31694) — https://cyberstan.co.uk/fuse-readdir-oob/ — A real, CVE-tracked local privilege-escalation bug in FUSE's readdir cache -- anyone running Linux servers or VPS instances with FUSE mounts (sshfs, rclone, etc.) should check for patched kernel/FUSE versions. Directly actionable: check your kernel version and patch. - [P] [lobsters] Creating a development sandbox with crosvm — https://www.erat.org/crosvm.html — A practical guide to using crosvm (the VMM behind ChromeOS/Android's Linux VM) to build an isolated dev sandbox -- directly relevant if you're isolating agent or build execution environments rather than relying on Docker alone. - [P] [lobsters] On Ditching Vagrant — https://benjamintoll.com/2026/06/29/on-ditching-vagrant/ — First-hand account of migrating away from Vagrant -- useful context if you still maintain Vagrant-based dev environments and are weighing alternatives (Docker, Nix, etc.). - [M] [lobsters] Open Source as Infrastructure: Taking Roads and Bridges literally — https://nesbitt.io/2026/06/30/taking-roads-and-bridges-literally.html — Thoughtful essay on OSS sustainability framing; interesting background reading on the open-source funding debate, not a near-term decision item. - [R] [lobsters] GameBoy Emulator on ESP32 + Eink — https://www.youtube.com/watch?v=oPbOK90aJEo — Fun hobby hardware project video; not relevant to business/software decisions. - [M] [lobsters] GraalVM Hello World Program Down To "Just" 6.5MB — https://www.phoronix.com/news/GraalVM-Community-25.1.3 — Incremental native-image size reduction in GraalVM. Relevant if you ship GraalVM native binaries and care about image size/cold-start; otherwise a minor footnote. - [P] [lobsters] Improving token efficiency for GitHub Copilot in VS Code — https://code.visualstudio.com/blogs/2026/06/17/improving-token-efficiency-in-github-copilot — Microsoft/VS Code details concrete changes that cut token consumption for Copilot's agent mode -- directly relevant if you're running agentic coding workflows and watching your API/subscription costs. Worth reading for both the cost savings and the underlying technique, which may be portable to your own agent harnesses. - [P] [lobsters] The Control Plane Was the Point: Revisiting autofz in the LLM Era — https://yfu.tw/blog/en/autofz-revisited/ — A technical essay connecting older fuzzing-infrastructure design (autofz's control plane) to how LLM-driven agent systems should be architected. Thoughtful for anyone designing agent orchestration or tool-calling control planes, though it's an opinionated analysis rather than a released tool. - [P] [hn-top] Kimi K2.7 Code is generally available in GitHub Copilot — https://github.blog/changelog/2026-07-01-kimi-k2-7-is-now-available-in-github-copilot/ — Moonshot AI's Kimi K2.7 Code model reached GA status in GitHub Copilot, giving Copilot users another frontier coding model to switch to. Worth a quick benchmark against whatever model you currently default to -- model choice inside Copilot is now a lever, not a given. - [M] [hn-top] ZCode – Harness for GLM-5.2 — https://zcode.z.ai/en — A community-built harness for Zhipu's GLM-5.2 model, in the same space as Claude Code/Cursor-style coding agents. No usage data or reviews visible yet -- worth a look if you're already experimenting with GLM models, otherwise not urgent. - [R] [hn-top] Oomwoo, an open-source robot vacuum you build yourself — https://makerspet.com/blog/building-an-open-source-robot-vacuum-meet-oomwoo/ — A fun hardware hobby project, but unrelated to software business decisions. - [M] [hn-top] A new Android malware from Google — https://f-droid.org/2026/07/01/adv-malware.html — F-Droid, an advocacy-leaning source, flags an Android malware concern tied to Google's ecosystem. The headline is provocative and no article content was scraped, so treat as unverified until corroborated by a neutral source. - [R] [hn-top] Bring back crappy forums — https://tedium.co/2026/07/01/online-web-forums-retrospective/ — Nostalgia/culture essay about web forum culture; no actionable claim for a solo builder. - [R] [hn-top] What to learn to be a graphics programmer — https://blog.demofox.org/2026/07/01/what-to-learn-to-be-a-graphics-programmer/ — Evergreen career-advice post; useful as a personal resource but not time-sensitive news. - [M] [hn-top] FFmpeg 9.1's new AAC encoder — https://hydrogenaudio.org/index.php/topic,129691.0.html — A concrete quality/compression improvement to FFmpeg's AAC encoder -- relevant if you touch audio/video encoding pipelines, otherwise low priority. - [P] [hn-top] Opening up 'Zero-Knowledge Proof' technology to promote privacy in age assurance — https://blog.google/innovation-and-ai/technology/safety-security/opening-up-zero-knowledge-proof-technology-to-promote-privacy-in-age-assurance/ — As age-verification laws spread across US states, the UK, and EU, Google is publishing ZK-proof tooling that lets sites confirm a user is old enough without harvesting ID data. If you ship anything that will eventually need age gating, this is a credible privacy-preserving approach to watch instead of rolling your own ID-collection flow. - [R] [hn-top] Ask HN: Who is hiring? (July 2026) — https://news.ycombinator.com/item?id=48747976 — Recurring monthly thread, not news. - [R] [hn-top] How do wombats poop cubes? — https://www.science.org/content/article/how-do-wombats-poop-cubes-scientists-get-bottom-mystery — Science curiosity piece, unrelated to software or business. - [R] [hn-top] Learn Vim motions with an ice-cream van — https://thisismodest.com/vimscoops/ — A fun Vim-learning game; charming but not news or decision-relevant. - [R] [hn-top] The Underhanded C Contest — https://underhanded-c.org/ — Evergreen recurring contest page, not a new event. - [P] [hn-top] Qualcomm Linux 2.0 — https://www.qualcomm.com/developer/blog/2026/06/qualcomm-linux-2-now-available — A major version bump to Qualcomm's own Linux distribution for its chipsets, relevant to embedded and edge-AI developers targeting Snapdragon hardware. Niche audience but a real, dated platform release.