devtake.dev
AI Security Hardware Open Source Policy Apple

#dev-tools

RSS
Related: #ai-agents · 14 #open-source · 14 #github · 8 #anthropic · 7 #security · 7 #agentic-coding · 6 #javascript · 6 #supply-chain · 6 #claude-code · 5 #microsoft · 5
Cloudflare blog graphic announcing that VoidZero is joining Cloudflare
Open Source·

Cloudflare bought VoidZero, the team behind Vite. The tools stay MIT and vendor-neutral.

Cloudflare acquired VoidZero, Evan You's company behind Vite, Vitest, Rolldown and Oxc. The tools stay MIT-licensed, and there's a $1M ecosystem fund.

Linear's product homepage showing its issue-tracking interface
Web·

Linear keeps its database in the browser. That's why the app feels instant

A widely shared breakdown explains why Linear feels instant: a local-first sync engine, optimistic UI, and an in-browser object cache. Here's the architecture, in plain terms.

Illustration of open-source game development tools beyond the engine
Gaming·

Beyond the engine: six open-source tools that shape how games get made

Godot, Unity and Unreal get the headlines, but six open-source tools quietly do the art, levels, and dialogue work that real games ship on.

A stack of euro banknotes, illustrating European tech compensation data.
Startup·

Gergely Orosz hands TechPays to Levels.fyi, and the European salary data stays free

Levels.fyi has acquired TechPays, Gergely Orosz's European tech-salary project. Here's what's changing, what isn't, and what it means for engineers.

Visual Studio Code logo on a dark background
Security·

VS Code's webview sandbox leaks GitHub tokens that read and write every private repo

A disclosed VS Code zero-day lets one click on a malicious github.dev notebook steal a GitHub OAuth token with full read-write access to every private repo.

The microsoft/coreutils GitHub repository page
Open Source·

Microsoft is shipping Linux's core commands on Windows, built in Rust

Microsoft's Coreutils for Windows brings native ls, cp, and grep to Windows, built on the Rust uutils project. Here's what it is and why the Rust rewrite matters.

A developer's Emacs session in a Linux terminal, editing C source alongside a shell
AI·

Hacker News is obsessed with durable Postgres workflows and a game about clicking yes

Six dev-tooling and AI posts that climbed Hacker News in late May 2026: durable execution on plain Postgres, LLM code smells, a permission-fatigue game, Rust 1.96, and more.

A software engineer at a laptop, the kind of AI-assisted coding workflow whose token costs blew through Uber's annual budget.
AI·

Uber blew its entire 2026 AI coding budget in four months. Its COO can't prove it paid off.

Uber exhausted its full-year Claude Code budget by April. Adoption hit 84%, heavy users burn $2,000 a month, and COO Andrew Macdonald can't connect the spend to shipped features.

An open-source graphic, representing the long-lived MySQL codebase where bug #11472 sat for two decades.
Open Source·

MySQL just fixed a 20-year-old bug where cascade deletes silently skipped triggers

MySQL bug #11472 was filed in 2005: triggers never fired on foreign key cascade actions, silently breaking audit logs. MySQL 9.7 finally closes it via WL#17024.

An Adapteva Parallella development board with an AMD/Xilinx Zynq FPGA SoC, representative of the hobbyist hardware the Vivado free tier targets.
Hardware·

AMD walled off Linux Vivado behind a paid tier. The free FPGA tier is now Windows only.

Vivado 2026.1 introduces a five-tier licensing model. The free BASIC tier supports Windows only; Linux requires the paid CORE tier. FPGA hobbyists are pushing back.

Google Chrome logo on a dark background
Security·

Google's bug tracker auto-published exploit code for an unpatched Chromium flaw. The bug is still live.

Chromium Issue 1396278 went public on May 20 because Google's tracker auto-clears restrictions on stale closed bugs. The flaw, reported in 2022, was never fixed.

Aisle of dense server racks inside the CERN Computer Center
Web·

Cloudflare rebuilt Browser Run on its own Containers. Concurrency went from 30 to 120.

Cloudflare moved Browser Run off shared isolation infrastructure on May 13. The agentic-coding crowd gets four times the headless-Chrome ceiling and half the latency.

C# 15 union types announcement graphic from the Microsoft .NET Blog
Open Source·

C# is getting union types in version 15. The preview shipped in .NET 11 Preview 2.

Mads Torgersen's union proposal landed in .NET 11 Preview 2 on April 2. C# 15 targets November 2026 and replaces the OneOf library hack the .NET community has been living with.

Figure from a forensic document-examination study used here as visual shorthand for verifying authorship of code.
Open Source·

yt-dlp's maintainer says Bun is now 'fully vibe-coded'. Support is officially deprecated.

yt-dlp's maintainer bashonly says Bun's Rust rewrite 'has taken a turn towards being fully vibe-coded.' The supported window narrowed to four versions.

Portrait of Andrej Karpathy, whose January 26 X thread on agentic coding was distilled into the viral CLAUDE.md file.
AI·

Karpathy posted four notes about Claude Code. The CLAUDE.md they spawned has 110K GitHub stars.

Forrest Chang turned Andrej Karpathy's January coding thread into a 70-line CLAUDE.md. It now has 110,000+ stars and has trended on GitHub for 28 weeks.

GitHub security blog header showing the GitHub Octocat logo on a backdrop of black security blocks.
Security·

GitHub's internal repos were breached. The attacker came in through a poisoned VS Code extension.

GitHub detected the intrusion on May 18 after a malicious VS Code extension compromised an employee's device. The attacker claims to have exfiltrated 3,800 internal repositories.

An illustration of the Claude Code deeplink vulnerability, showing a malicious URL handler triggering a shell prompt.
Security·

A bad command-line parser turned every claude-cli:// link into a remote shell

Joernchen of 0day.click found a deeplink RCE in Claude Code. Anthropic shipped the fix in 2.1.118 the same week.

A diagram from Cloudflare's blog post illustrating how a Wasm instance recovers state after a Rust panic.
Open Source·

Cloudflare taught wasm-bindgen to catch a Rust panic. Workers no longer poison the sandbox.

Three Cloudflare engineers shipped panic and abort recovery into wasm-bindgen on April 22. A Rust Worker that panics now reinitialises on the next request.