From 45 items, 19 important content pieces were selected

  1. LiteLLM PyPI versions 1.82.7 and 1.82.8 compromised with malicious code ⭐️ 9.0/10
  2. Malicious litellm_init.pth in LiteLLM 1.82.8 steals credentials upon installation ⭐️ 9.0/10
  3. LiteLLM versions 1.82.7 and 1.82.8 compromised via malicious .pth file exploit ⭐️ 9.0/10
  4. Wine 11 introduces kernel-level rewrites delivering massive speed gains for Windows games on Linux ⭐️ 8.0/10
  5. Streaming expert weights enables trillion-parameter MoE models on consumer hardware ⭐️ 8.0/10
  6. FCC bans all foreign-made consumer routers citing security risks ⭐️ 8.0/10
  7. Nvidia uses cash reserves to invest in AI startups, raising antitrust concerns ⭐️ 8.0/10
  8. Alibaba DAMO launches Xuantie C950 RISC-V CPU, setting new global performance record ⭐️ 8.0/10
  9. China’s daily token calls surge over 1000x in two years, exceeding 140 trillion in March 2026 ⭐️ 8.0/10
  10. DarkSword iOS exploit chain disclosed: Safari malicious webpage infections used across multiple countries ⭐️ 8.0/10
  11. Google launches Gemini-based dark web intelligence AI agent in preview ⭐️ 8.0/10
  12. Apple launches Apple Business, an all-in-one platform for businesses of all sizes. ⭐️ 7.0/10
  13. OpenAI shuts down its Sora AI video generation app. ⭐️ 7.0/10
  14. Package Managers Implement Dependency Cooldowns to Combat Supply Chain Attacks ⭐️ 7.0/10
  15. PHP proposes replacing dual licenses with BSD three-clause license, community vote open until April 4, 2026. ⭐️ 7.0/10
  16. Chris Down debunks myths about Linux kernel’s zswap and zram subsystems ⭐️ 7.0/10
  17. LM Studio malware scare resolved as Windows Defender false positive ⭐️ 7.0/10
  18. SillyTavern extension brings NPCs to life in any game using local AI models ⭐️ 7.0/10
  19. OpenCode source code audit reveals 7 external domain contacts and privacy concerns ⭐️ 7.0/10

LiteLLM PyPI versions 1.82.7 and 1.82.8 compromised with malicious code ⭐️ 9.0/10

Versions 1.82.7 and 1.82.8 of the LiteLLM Python package on PyPI were discovered to contain malicious code that executed a forkbomb attack, causing systems to run out of RAM. The maintainer identified the compromise originated from a vulnerability in their CI/CD pipeline using the trivy tool, and PyPI has quarantined the affected packages. This incident highlights critical supply chain vulnerabilities in widely-used AI/ML libraries, affecting potentially millions of downloads and exposing users to credential theft and denial-of-service attacks. It underscores the urgent need for improved security practices in open-source ecosystems, particularly for dependencies that power modern AI applications. The malicious code was base64-encoded and added to proxy_server.py, which decoded and executed another file, leading to a forkbomb that rapidly consumed system resources. The attack is linked to the TeamPCP hacking group’s ongoing supply chain campaign, and while the proxy Docker version was unaffected due to pinned dependencies, the PyPI package had over 95 million downloads.

hackernews · dot_treo · Mar 24, 12:06

Background: LiteLLM is a popular Python library that provides a unified interface for calling various large language models (LLMs) from providers like OpenAI and Anthropic. PyPI (Python Package Index) is the official repository for Python packages, where developers publish and install software dependencies. Supply chain attacks involve compromising trusted software sources to distribute malware, often targeting widely-used packages to maximize impact.

References

Discussion: The community discussion includes the maintainer detailing the CI/CD vulnerability, calls for better sandboxing and isolation in development environments, and tools like canary for detecting unauthorized package access. Overall sentiment reflects concern over dependency trust and the need for more robust security measures in software supply chains.

Tags: #security, #ai-ml, #python, #supply-chain, #devops

Malicious litellm_init.pth in LiteLLM 1.82.8 steals credentials upon installation ⭐️ 9.0/10

The LiteLLM v1.82.8 package on PyPI was compromised with a credential stealer hidden in a litellm_init.pth file, which automatically executes upon installation without requiring the package to be imported. PyPI has quarantined the package, limiting the exposure window to a few hours. This incident represents a severe supply chain attack that directly impacts the AI/ML community, as LiteLLM is widely used for managing large language model APIs. It highlights critical vulnerabilities in software distribution platforms and underscores the need for enhanced security measures in open-source ecosystems. The malicious file targets a wide range of sensitive data, including SSH keys, AWS credentials, and cryptocurrency wallets, by scanning user directories. The attack is linked to a prior compromise of the Trivy security scanner, which likely led to stolen PyPI credentials used to upload the malicious package.

rss · Simon Willison · Mar 24, 15:07

Background: LiteLLM is an open-source Python library that simplifies interactions with various large language models by providing a unified API. PyPI (Python Package Index) is the official repository for Python packages, where developers publish and distribute software. Supply chain attacks involve compromising software at its source or distribution point to infect downstream users, often through malicious updates or dependencies.

References

Tags: #security, #supply-chain-attack, #ai-ml, #python, #pypi

LiteLLM versions 1.82.7 and 1.82.8 compromised via malicious .pth file exploit ⭐️ 9.0/10

The LiteLLM Python library versions 1.82.7 and 1.82.8 have been compromised through a malicious .pth file exploit that automatically executes credential-stealing code when the Python interpreter starts. This security breach was reported in a GitHub issue and affects users who installed these specific versions from PyPI. This incident poses a critical security risk because LiteLLM is widely used to access over 100 LLM APIs in production AI/ML systems, potentially exposing sensitive credentials and enabling supply chain attacks. The stealthy nature of the .pth file exploit bypasses standard security checks, making immediate credential rotation and version downgrades essential for affected users. The malicious file ‘litellm_init.pth’ (34,628 bytes) in the compromised packages executes automatically on Python interpreter startup without requiring any import of LiteLLM, making it invisible to standard code review. Only versions 1.82.7 and 1.82.8 are confirmed affected, with earlier versions like 1.82.6 and 1.82.3 remaining safe according to community verification.

reddit · r/LocalLLaMA · OrganizationWinter99 · Mar 24, 14:28

Background: LiteLLM is an open-source Python library that provides a unified interface to call over 100 large language models (LLMs) from providers like OpenAI, Anthropic, and Azure using the OpenAI API format. .pth files are Python path configuration files that can execute arbitrary code automatically when the Python interpreter starts, a known security risk documented in Python’s issue tracker. The library is developed by BerriAI and available on PyPI, with versions 1.82.7 and 1.82.8 being the compromised releases.

References

Discussion: Community comments highlight the stealthy nature of the .pth file exploit, noting that it bypasses import-based detection and makes credential rotation mandatory for affected systems. Users discuss practical mitigation steps like using Docker for isolation, checking their LiteLLM versions, and expressing concerns about potential supply chain attacks on other tools that depend on LiteLLM. The sentiment is urgent and educational, with many sharing technical insights and verification of safe versions.

Tags: #security, #AI/ML, #software-engineering, #open-source, #incident-response

Wine 11 introduces kernel-level rewrites delivering massive speed gains for Windows games on Linux ⭐️ 8.0/10

Wine 11 has been released with kernel-level rewrites that dramatically improve performance when running Windows games on Linux, with benchmarks showing FPS increases from 110.6 to 860.7 in Dirt 3 and similar massive gains in other titles like Resident Evil 2 and Tiny Tina’s Wonderlands. This represents a major advancement in compatibility layer technology that could significantly improve the Linux gaming experience, potentially making Linux a more viable platform for gamers who rely on Windows-only titles and strengthening the open-source gaming ecosystem. The extreme performance gains shown in benchmarks compare Wine 11 against vanilla Wine without fsync, while users already using fsync will see more modest improvements; the ntsync implementation provides the most significant speed increases but may not apply equally to all games.

hackernews · felineflock · Mar 24, 18:34

Background: Wine is a compatibility layer that allows Windows applications and games to run on Unix-like operating systems like Linux without emulation or virtualization, instead translating Windows API calls into POSIX calls. The project has been developed for decades through reverse engineering of both documented and undocumented Windows behavior. Valve’s Proton, built on Wine, has been instrumental in bringing Windows games to Linux through the Steam platform.

References

Discussion: Community members expressed admiration for Wine’s technical achievements while noting that benchmark comparisons may exaggerate real-world gains for users already using performance optimizations like fsync. Some highlighted Valve’s financial contributions to the project, and others discussed the technical complexity involved in low-level Windows compatibility work.

Tags: #Wine, #Linux Gaming, #Compatibility Layer, #Performance Optimization, #Open Source

Streaming expert weights enables trillion-parameter MoE models on consumer hardware ⭐️ 8.0/10

Developers have demonstrated that streaming expert weights from storage allows massive Mixture-of-Experts models to run on consumer hardware with limited RAM, including a 1 trillion parameter Kimi K2.5 model on a MacBook Pro and a 397B parameter Qwen3.5 model on an iPhone. These experiments show rapid progress, with performance improving from initial tests to newer implementations achieving around 1.7 tokens per second. This breakthrough significantly lowers the barrier to running state-of-the-art large language models locally, enabling edge AI applications and democratizing access to advanced AI without expensive cloud infrastructure. It could accelerate the development of on-device AI assistants, privacy-preserving tools, and more efficient model deployment across industries. The Kimi K2.5 model has 1 trillion total parameters but only activates 32B weights at a time, running in 96GB RAM on an M2 Max MacBook Pro, while the Qwen3.5-397B-A17B model achieved 0.6 tokens/second on an iPhone. These implementations rely on streaming necessary expert weights from SSD per token, bypassing RAM limitations through conditional computation.

rss · Simon Willison · Mar 24, 05:09

Background: Mixture-of-Experts models are a type of large language model that uses conditional computation to activate only a subset of ‘expert’ neural networks for each input, making them more efficient than dense models. Streaming expert weights refers to loading these activated weights from storage like SSDs during inference, rather than keeping the entire model in RAM, which reduces memory requirements. This technique builds on sparse model architectures like those used in Mistral AI’s Mixtral 8x7B and Alibaba’s Qwen3.5 series.

References

Tags: #Mixture-of-Experts, #LLM Optimization, #Hardware Efficiency, #Streaming Inference, #Edge AI

FCC bans all foreign-made consumer routers citing security risks ⭐️ 8.0/10

The U.S. Federal Communications Commission (FCC) has officially announced a comprehensive ban on all foreign-made new consumer-grade routers from entering the U.S. market, citing concerns about cybersecurity and supply chain vulnerabilities. The ban applies only to new models that have not yet received certification, while existing devices already in use or previously approved remain unaffected. This policy significantly impacts global hardware supply chains and telecommunications equipment markets, potentially reshaping manufacturing and trade patterns for network devices. It reflects growing U.S. government concerns about foreign-made technology posing cybersecurity threats, which could lead to similar regulatory actions in other countries. Foreign-produced home networking devices have been placed on the FCC’s ‘Covered List,’ requiring manufacturers to obtain device authorization for U.S. sales. Exemptions are possible but must be approved through applications to agencies like the U.S. Department of Defense, indicating stringent security review processes.

telegram · zaihuapd · Mar 24, 01:17

Background: The Federal Communications Commission (FCC) is an independent U.S. government agency responsible for regulating interstate and international communications. The FCC’s ‘Covered List’ identifies communications equipment and services deemed to pose unacceptable risks to national security. Consumer routers are essential networking devices that direct internet traffic between networks and devices in homes and small businesses.

References

Tags: #Cybersecurity, #Regulation, #Hardware, #Supply Chain, #Telecommunications

Nvidia uses cash reserves to invest in AI startups, raising antitrust concerns ⭐️ 8.0/10

Nvidia has invested billions of dollars in AI startups like OpenAI, CoreWeave, and Reflection since 2022, acting as both supplier, investor, and creditor to lock customers into its ecosystem. The company also made a $20 billion licensing deal with chip startup Groq while hiring away its core team, prompting U.S. senators to question whether such transactions evade antitrust scrutiny. This strategy could solidify Nvidia’s dominance in the AI hardware market by making it harder for customers to switch to competitors like AMD, potentially stifling innovation and competition. The growing regulatory scrutiny reflects broader concerns about tech giants using financial power to control emerging industries. The investments target companies across the AI stack, from cloud infrastructure (CoreWeave) to frontier AI research (Reflection). The Groq deal is structured as a non-exclusive licensing agreement rather than an outright acquisition, which may help avoid regulatory hurdles while still securing key technology and talent.

telegram · zaihuapd · Mar 24, 03:02

Background: Nvidia has become the dominant provider of AI chips (GPUs) due to the AI boom, generating massive cash reserves from sales of its H100 and newer Blackwell architecture chips. CoreWeave is a specialized cloud provider focused on AI workloads that originally started as a cryptocurrency mining company. Groq is a chip startup known for its inference acceleration technology, competing in the same space as Nvidia’s TensorRT and Triton inference platforms.

References

Tags: #AI, #Nvidia, #Antitrust, #Investment, #Tech Industry

Alibaba DAMO launches Xuantie C950 RISC-V CPU, setting new global performance record ⭐️ 8.0/10

On March 24, 2026, at the Xuantie RISC-V Ecosystem Conference in Shanghai, Alibaba DAMO Academy unveiled its new flagship Xuantie C950 CPU based on the open-source RISC-V architecture. The chip achieved a Specint2006 single-core score exceeding 70 points, setting a new performance record for publicly available RISC-V processors, and features integrated AI acceleration engines capable of natively running large models like Qwen3 and DeepSeek V3. This breakthrough demonstrates that RISC-V architecture can now compete with proprietary ISAs like ARM and x86 in high-performance computing domains, potentially reducing dependency on Western chip technologies. The integrated AI acceleration specifically targeting large language models positions this chip for next-generation cloud computing, generative AI, robotics, and edge computing applications where efficient AI inference is critical. The Xuantie C950 targets cloud computing, generative AI, high-end robotics, and edge computing markets, with DAMO indicating it will be used in next-generation high-end computing scenarios. While the Specint2006 score of over 70 points represents a significant achievement, actual performance in real-world applications and comparison with competing architectures in full system implementations remain to be fully evaluated.

telegram · zaihuapd · Mar 24, 06:01

Background: RISC-V is a free and open standard instruction set architecture (ISA) based on reduced instruction set computer principles, developed initially at UC Berkeley in 2010 and now maintained by RISC-V International. Unlike proprietary ISAs like x86 and ARM, RISC-V specifications are released under permissive open-source licenses and can be implemented without paying royalties. SPECint2006 (CPU2006) is a standardized benchmark suite designed to test CPU performance in modern server systems, with CINT2006 measuring integer computation performance. Qwen3 is the latest large language model in the Qwen family developed by Alibaba Cloud, distributed as open-weight models under Apache-2.0 license.

References

Tags: #RISC-V, #CPU, #AI Acceleration, #Cloud Computing, #Edge Computing

China’s daily token calls surge over 1000x in two years, exceeding 140 trillion in March 2026 ⭐️ 8.0/10

China’s National Data Administration disclosed that daily token calls exceeded 140 trillion in March 2026, representing a growth of over 1000 times from 100 billion in early 2024 to 100 trillion by the end of 2025. This explosive growth indicates that China’s AI development has entered a period of rapid commercialization, with token-based value systems accelerating the formation of high-quality data supply chains and driving data market reforms. The growth trajectory shows exponential acceleration, with daily token calls increasing from 100 billion to 100 trillion in less than two years, then adding another 40 trillion in just three months from December 2025 to March 2026.

telegram · zaihuapd · Mar 24, 07:22

Background: Tokens are the smallest information units processed by large language models, serving as measurable, pricable, and tradable elements in AI systems. China has been actively promoting data element marketization since 2014, establishing data-trading platforms to create standardized markets for data resources. The rapid growth in token usage reflects the commercialization of AI technologies through token-based calling, distribution, and settlement systems.

References

Tags: #AI, #Tokenization, #Data Market, #China Tech, #Large Language Models

DarkSword iOS exploit chain disclosed: Safari malicious webpage infections used across multiple countries ⭐️ 8.0/10

Security researchers have disclosed the DarkSword exploit chain that targets Safari on iOS 18.4-18.7 through malicious webpages, using six vulnerabilities including CVE-2025-43529 to deploy payloads like GHOSTBLADE. The exploit has been actively used by multiple threat actors since November 2025 in attacks across Saudi Arabia, Turkey, Malaysia, and Ukraine, with all vulnerabilities patched in iOS 26.3. This disclosure reveals a sophisticated, real-world exploit chain that bypassed iOS security protections to achieve full device compromise through simple web browsing, affecting users across multiple countries. The widespread adoption by different threat actors demonstrates how such exploit kits can proliferate rapidly in the cybercrime ecosystem, posing significant risks to mobile device security. The exploit chain leverages six vulnerabilities across the iOS software stack, with three being zero-days at the time of discovery, and is written almost entirely in JavaScript for simplified deployment. Notably, while all vulnerabilities were patched in iOS 26.3, many were actually fixed earlier in incremental updates like iOS 18.7.3 and 26.2, highlighting the importance of timely security updates.

telegram · zaihuapd · Mar 24, 11:45

Background: DarkSword is a full-chain iOS exploit kit that targets devices through Safari vulnerabilities to achieve remote code execution. The GHOSTBLADE payload is a data-stealing component that extracts sensitive information including cryptocurrency wallet data, Wi-Fi passwords, SMS messages, and chat histories from compromised devices. CVE-2025-43529 is a use-after-free vulnerability in WebKit, the browser engine powering Safari, which was one of the six vulnerabilities chained together in this exploit.

References

Tags: #cybersecurity, #vulnerability-disclosure, #iOS-security, #Safari, #exploit-chain

Google launches Gemini-based dark web intelligence AI agent in preview ⭐️ 8.0/10

Google has launched a preview of a Gemini-based AI agent for dark web intelligence and security operations, integrated into Google Threat Intelligence. The service analyzes 8-10 million daily dark web posts to identify organizational risks such as initial access broker activities, data breaches, and internal threats, with internal tests showing 98% accuracy. This launch is significant because it leverages Google’s advanced AI to automate and scale dark web monitoring, potentially enhancing cybersecurity for organizations by providing near real-time threat intelligence. It reflects a trend towards AI-driven security solutions that can process vast amounts of data to preemptively identify emerging threats. The AI agent first builds an organizational profile for clients and then screens dark web posts for relevant risks, focusing on high-volume analysis with reported high accuracy. It is currently in public preview, indicating it may still be under development or subject to changes based on user feedback.

telegram · zaihuapd · Mar 24, 13:15

Background: Gemini is a family of multimodal large language models developed by Google DeepMind, serving as the successor to models like LaMDA and PaLM 2, and powers various AI applications including chatbots. Dark web monitoring involves continuous scanning of hidden internet parts, such as TOR and encrypted channels, to gather intelligence on cyber threats like data breaches and initial access brokers, who sell unauthorized network access to other threat actors.

References

Tags: #AI, #Cybersecurity, #Dark Web, #Google, #Threat Intelligence

Apple launches Apple Business, an all-in-one platform for businesses of all sizes. ⭐️ 7.0/10

Apple introduced Apple Business, a new all-in-one platform for businesses of all sizes, offering features like business email, calendar, directory services with custom domains, and integrated AppleCare. The announcement was made on March 2026, as detailed on Apple’s newsroom. This move could significantly impact the business software market by providing a streamlined, Apple-integrated solution that may attract small to medium enterprises, potentially challenging competitors like Microsoft 365 and Intune. It reflects Apple’s push into enterprise IT management, aiming to simplify workflows and enhance productivity across industries. The platform is offered for free with paid per-user storage upgrades, but community feedback highlights significant usability issues, such as buggy domain lock processes and poor ‘bring your own device’ support. Additionally, it includes features like preinstalled software on corporate MacBooks and user groups for Apple Store and iCloud.

hackernews · soheilpro · Mar 24, 15:29

Background: Apple Business builds on existing Apple enterprise offerings, such as Apple Business Manager, which helps manage devices and apps for businesses. IT management software often faces challenges like integration difficulties and usability issues, as noted in industry reports. Apple’s platform aims to address these by providing a unified solution across its ecosystem, including iOS, iPadOS, macOS, watchOS, and tvOS.

References

Discussion: Community comments express mixed sentiments, with users criticizing the platform for buggy processes, poor usability, and strategic concerns like free pricing limiting improvements, while others see potential for small businesses due to integrated features and low-cost MacBooks. Notable viewpoints include frustration with domain lock issues and praise for its appeal to new businesses under 50 employees.

Tags: #Apple, #Business Software, #IT Management, #Product Announcement, #User Experience

OpenAI shuts down its Sora AI video generation app. ⭐️ 7.0/10

OpenAI announced it is shutting down its Sora AI video generation app, discontinuing both the consumer app and the internet service for professionals, as confirmed by recent news reports. The decision was made public on March 24, 2026, through a post on X from the official Sora account. This shutdown signals potential challenges in the AI video generation market, as it raises questions about the sustainability and cost-effectiveness of such technologies, even from a leading company like OpenAI. It may impact users, developers, and the broader industry by highlighting strategic shifts and resource constraints in AI development. The shutdown includes both the consumer-facing Sora app and the professional internet service, with OpenAI citing factors like high costs and a strategic pivot towards robotics as reasons for the discontinuation. Notably, the announcement came shortly after OpenAI published a guide on Sora safeguards, suggesting potential internal misalignment or abrupt decision-making.

hackernews · mikeocool · Mar 24, 20:01

Background: Sora is an AI video generation tool developed by OpenAI that allows users to create realistic videos from text prompts or uploaded images, supporting various styles like cinematic and photorealistic. It was launched as part of OpenAI’s efforts to advance generative AI technologies, with features such as video remixing and a customizable feed. AI video generation involves algorithms that synthesize visual content, and it has been a rapidly evolving field with applications in entertainment, education, and business.

References

Discussion: Community sentiment is mixed, with some users expressing nostalgia for Sora’s creative potential but noting that novelty wore off quickly, while others criticize the shutdown as a strategic misstep or cost issue. Key viewpoints include concerns about the app’s lack of sustained engagement, its redundancy compared to broader social media platforms, and skepticism about the future of AI video technology.

Tags: #AI, #OpenAI, #Video Generation, #Industry News, #Product Shutdown

Package Managers Implement Dependency Cooldowns to Combat Supply Chain Attacks ⭐️ 7.0/10

Major package managers including pnpm, Yarn, Bun, Deno, uv, pip, and npm have recently implemented dependency cooldown features that delay installation of newly published packages for a configurable period, typically ranging from days to weeks. These features were added between September 2025 and February 2026, with pnpm 10.16 introducing the minimumReleaseAge setting in September 2025 and npm 11.10.0 adding min-release-age in February 2026. This matters because dependency cooldowns provide a practical defense against supply chain attacks by creating a buffer period during which the community can detect malicious updates before they’re widely adopted. As software supply chain attacks increased by 200% in 2023 according to Sonatype research, these security measures help protect millions of developers and organizations from compromised dependencies. Different package managers implement cooldowns with varying configurations: pnpm uses minimumReleaseAge with minimumReleaseAgeExclude for trusted packages, Yarn has npmMinimalAgeGate (in minutes) with npmPreapprovedPackages, Bun configures minimumReleaseAge via bunfig.toml, and pip 26.0 currently only supports absolute timestamps with –uploaded-prior-to rather than relative durations. Most tools allow exemptions for trusted packages, and Seth Larson provides a workaround for pip’s limitation using cron jobs to update absolute dates.

rss · Simon Willison · Mar 24, 21:11

Background: Dependency cooldowns are security measures that create a waiting period between when a package is published and when it can be installed, allowing time for the community to detect potential malicious updates. Software supply chain attacks occur when malicious actors compromise dependencies in the development pipeline, which has become increasingly common with attacks rising 200% in 2023. Package managers are tools that automate the process of installing, updating, and managing software dependencies in development projects.

References

Tags: #package-management, #security, #supply-chain-attacks, #software-engineering, #dependency-management

PHP proposes replacing dual licenses with BSD three-clause license, community vote open until April 4, 2026. ⭐️ 7.0/10

The PHP project, led by Ben Ramsey, is proposing to replace its current dual licenses (PHP v3.01 for most code and Zend v2.0 for the Zend directory) with the BSD three-clause license, and the community is voting on this license update RFC until April 4, 2026. This change matters because it simplifies PHP’s licensing, reducing confusion for developers and projects that rely on PHP, and aligns with broader open-source trends toward permissive licenses like BSD, which could enhance adoption and integration with other software. The proposal aims to deprecate the custom PHP and Zend licenses in favor of the BSD three-clause license, which is OSI-approved and compatible with major copyleft licenses like GPLv2, but the change requires community approval through the ongoing vote.

rss · LWN.net · Mar 24, 16:00

Background: PHP is a widely-used open-source scripting language for web development, originally created by Rasmus Lerdorf. Since 2006, PHP has used a dual-license scheme: PHP v3.01 for most code and Zend v2.0 for the Zend Engine directory, with the Zend license stemming from Zend Technologies’ commercialization efforts. The BSD three-clause license is a permissive open-source license that allows free use, modification, and distribution with minimal restrictions, often used to simplify licensing and improve compatibility.

References

Tags: #PHP, #Open Source, #Licensing, #Software Development, #Community Governance

Chris Down debunks myths about Linux kernel’s zswap and zram subsystems ⭐️ 7.0/10

Chris Down published a detailed analysis explaining the fundamental differences between the Linux kernel’s zswap and zram subsystems, which are often mistakenly viewed as similar compressed swap solutions. The article provides practical guidance on when to use each subsystem to optimize memory management and avoid performance degradation. This clarification is significant because misusing zswap or zram can worsen system performance under memory pressure, affecting system administrators and developers working on resource-constrained environments. Understanding their distinct roles helps optimize Linux systems for better efficiency and reliability in memory management. zswap acts as a compressed RAM cache for swap pages, using zsmalloc for memory pool management, while zram creates a compressed block device in RAM for swap storage. The analysis highlights that choosing the wrong one can be worse than having no swap at all, depending on the kernel’s memory pressure handling strategies.

rss · LWN.net · Mar 24, 13:34

Background: zswap and zram are Linux kernel features designed to improve memory efficiency by compressing data that would otherwise be swapped to disk. zswap provides a compressed cache in RAM for swap pages, whereas zram creates a virtual compressed block device in RAM for swap storage. Both aim to reduce disk I/O and enhance performance, but they operate under different assumptions about memory pressure and allocation. Understanding these subsystems is crucial for effective system tuning in Linux environments.

References

Tags: #linux-kernel, #memory-management, #systems-programming, #performance-optimization, #operating-systems

LM Studio malware scare resolved as Windows Defender false positive ⭐️ 7.0/10

A Reddit user reported Windows Defender flagging LM Studio as malware, but LM Studio developers investigated and confirmed it was a false positive, with Microsoft quickly updating their detection to resolve the issue. This incident occurred in late 2024 and affected versions including 0.3.5 and 0.4.7. This incident highlights the tension between security vigilance and false alarms in the rapidly growing local AI tools ecosystem, where users run sensitive models on personal devices. It demonstrates how quickly security concerns can spread in AI communities and the importance of transparent developer responses to maintain trust. The detection was specifically flagged as ‘Trojan:Win32/Cinjo.O!cl’ by Windows Defender, with only 1 out of 60+ antivirus engines on VirusTotal identifying it as malicious. The timing coincided with the recent LiteLLM PyPI supply chain attack, which initially raised concerns but was confirmed unrelated as LM Studio does not use LiteLLM.

reddit · r/LocalLLaMA · mooncatx3 · Mar 24, 12:39

Background: LM Studio is a popular desktop application that allows users to run local large language models (LLMs) like Llama and Mistral privately on their computers without cloud dependencies. False positives occur when security software mistakenly identifies legitimate files as malware, which can disrupt user workflows and erode trust in software tools. Windows Defender is Microsoft’s built-in antivirus protection that scans for and removes malicious software from Windows systems.

References

Discussion: The community discussion showed initial concern and skepticism, with users sharing technical evidence and personal experiences, but overall sentiment shifted to relief after developer confirmation. Key viewpoints included analysis of VirusTotal results, comparisons to previous false positives, and discussions about supply chain attack risks, though most accepted the false positive explanation once supported by evidence.

Tags: #security, #AI-tools, #false-positive, #community-discussion, #malware-detection

SillyTavern extension brings NPCs to life in any game using local AI models ⭐️ 7.0/10

A developer created a SillyTavern extension that enables dynamic NPC interactions in any game by integrating game wikis for lore, cloning voices from game files, and using local AI models (Cydonia for roleplay and Qwen 3.5 0.8B as a game master) to generate real-time contextual responses. The system runs entirely locally with a small mod bridging the game and SillyTavern backend. This represents a significant advancement in AI-enhanced gaming by making sophisticated NPC interactions accessible across any game without requiring cloud services, potentially transforming how players experience single-player and roleplaying games. It demonstrates practical applications of local LLMs in gaming, addressing latency and privacy concerns while enabling richer, more immersive narratives. The system uses Cydonia (a roleplay-tuned model) for narrative generation and Qwen 3.5 0.8B with structured output to map responses to in-game actions, achieving low latency due to local execution. Current limitations include the need for manual wiki integration and voice cloning from game files, and performance depends on local hardware capabilities.

reddit · r/LocalLLaMA · goodive123 · Mar 24, 12:34

Background: SillyTavern is a locally installed user interface that provides a unified frontend for interacting with various LLM APIs, commonly used for AI roleplaying and chat applications. Cydonia is a specialized roleplay model available on platforms like Hugging Face, optimized for narrative and character interaction tasks. Qwen 3.5 0.8B is a small, open-source multimodal model from Alibaba’s Qwen series, designed for efficient local deployment on consumer hardware.

References

Discussion: Community comments show high enthusiasm for the project’s potential to revolutionize gaming, with comparisons to similar initiatives like Mantella for Skyrim. Key discussions focus on open-source availability, implementation challenges such as real-time spatial awareness and hardware requirements, and debates about AI integration in gaming amidst anti-AI sentiment.

Tags: #AI in Gaming, #Local LLM, #SillyTavern, #NPC Interaction, #Voice Cloning

OpenCode source code audit reveals 7 external domain contacts and privacy concerns ⭐️ 7.0/10

A detailed source code audit of OpenCode, an agentic coding tool, identified connections to 7 external domains including app.opencode.ai, api.opencode.ai, and models.dev, with some lacking opt-in mechanisms or disable flags. The audit also found that the tool hangs on startup without internet connectivity, indicating hard dependencies on external services. This matters because it highlights the growing gap between ‘open source’ claims and actual local functionality in AI development tools, raising significant privacy concerns for developers who expect truly local operation. The findings could impact trust in similar tools that market themselves as local while embedding telemetry or external dependencies by default. The audit specifically noted that while most external connections have disable flags or opt-in mechanisms, the experimental web UI proxy currently lacks a disable flag, though developers plan to bundle it. Additionally, the tool’s startup dependency on internet connectivity was confirmed through user testing where it failed to start without network access.

reddit · r/LocalLLaMA · Spotty_Weldah · Mar 24, 20:53

Background: OpenCode is an agentic coding tool that uses AI to assist with software development workflows, offering both a Text User Interface (TUI) and an experimental web UI. A source code audit is a systematic analysis of application source code to identify security vulnerabilities, compliance issues, or hidden functionality, often conducted to verify privacy and security claims. In the context of ‘local’ AI tools, users typically expect minimal or no external network connections to protect data privacy and ensure offline functionality.

References

Discussion: Community discussion expressed concern about the pattern of ‘local’ tools shipping with telemetry enabled by default, with users noting that tools like Mistral Vibe performed better in privacy comparisons. Several users shared workarounds including privacy-focused forks like kilocode and alternatives like Code Puppy, while others criticized the startup dependency on internet as evidence that OpenCode isn’t truly local.

Tags: #privacy, #open-source, #AI-tools, #telemetry, #code-audit