The Git Times

TensorFlow 2.21.0 introduces targeted changes that prioritize efficient on-device inference over backward compatibility. The release removes Python 3.9 support and eliminates the TensorBoard dependency from the core package, forcing teams to modernize their environments and decouple visualization tools.

Improvements concentrate on tf.lite. The update adds int8 and int16x8 implementations for the SQRT operator, extends int16x8 coverage to EQUAL and NOT_EQUAL, and introduces native int2 and uint4 types. New capabilities include int2/int4 casting, SRQ int2 in fully connected layers, and int4 slicing. These additions enable smaller model footprints and faster execution on phones, microcontrollers, and embedded accelerators where every byte matters.

tf.image gains JPEG XL decoding, allowing direct ingestion of the high-compression format now used by major browsers and content delivery networks. In tf.data, NoneTensorSpec becomes part of the public API so developers can reliably test for optional tensors in pipelines.

More than fifty contributors, including Google engineers and independent developers, delivered these updates. Installation remains straightforward—pip install tensorflow for GPU or pip install tensorflow-cpu for lightweight builds—yet existing codebases using deprecated Python or implicit TensorBoard hooks will require immediate adjustments.

The changes reflect TensorFlow’s long-term shift toward production efficiency as quantization moves from research curiosity to standard practice.

Netdata has shipped v2.10.2, a targeted maintenance release that fixes three classes of operational friction for users running its real-time monitoring agent.

The update guards the diskspace.plugin against NULL filesystem pointers on ZFS, swapping a blocking pool-capacity collector for a lightweight cache fed by existing statvfs calls. The change prevents coredumps on degraded or exporting pools. SNMP polling becomes more reliable by lowering the default MaxOIDs from 60 to 20 and removing 32-bit counter fallbacks that caused type switching between collection cycles. Finally, the dynamic configuration subsystem no longer emits false-positive “timed out waiting for enable/disable decision” warnings; back-pressure now propagates upstream instead of surfacing 503 errors.

These fixes arrive as infrastructure operators demand per-second visibility without adding overhead. Written in C, Netdata collects thousands of metrics per second from Linux kernels, cgroups, Docker, Kubernetes, MySQL, PostgreSQL, MongoDB and Prometheus endpoints. Its built-in machine-learning models flag anomalies and forecast capacity while the agent itself rarely exceeds 3 % CPU and a few hundred megabytes of RAM. Data stays local by default, eliminating the need for central collectors.

For lean teams already running the agent, v2.10.2 simply removes reasons to restart it. The project, now over a decade old, continues to prove that high-resolution observability and low resource usage are not mutually exclusive.

OpenArm has shipped version 1.1 of its open-source 7DOF humanoid arm, the second release of the OpenArm 01 platform. The update focuses on hardware reliability, teleoperation performance, assembly clarity, and vendor transparency after 18 months of community use in physical AI labs.

Key changes tackle previously reported pain points. An automated zero-position calibration routine replaces error-prone manual alignment, ensuring repeatable joint referencing across sessions. A new modular camera mount provides verified CAD for Realsense D435 chest cameras and D405 wrist cameras, standardizing data collection pipelines that previously required custom fabrication.

On the leader arm, engineers redesigned the J5 casing and added a rubber-band coupling interface. This enables natural elbow tracking during bilateral teleoperation, eliminating earlier ambiguity caused by redundant joint configurations in 7-DoF motion.

The arm retains its defining characteristics: human-scale proportions, high backdrivability, and sufficient payload for contact-rich manipulation while remaining compliant for safe human interaction. A complete bimanual system costs $6,500. Multiple repositories deliver hardware files under CERN-OHL-S-2.0, URDF descriptions, CAN motor control, ROS2 nodes, and simulation support for MuJoCo and Genesis.

The release demonstrates steady iteration on an accessible platform for imitation learning, reinforcement learning, and force-feedback research rather than radical redesign.

Kornia has announced a strategic shift toward end-to-end vision solutions, prioritizing integration of state-of-the-art Vision Language Models and Vision Language Agents. The move extends the project's original mandate as a differentiable computer vision library built on PyTorch.

Since its creation in 2018, Kornia has supplied over 500 differentiable operators that slot directly into neural network training. These include Gaussian, Sobel and Median filters, affine and homography transformations, histogram equalization, CLAHE, and edge detectors such as Canny and Laplacian. All operations support batch processing, automatic differentiation and GPU acceleration.

The library's augmentation tools—AugmentationSequential, PatchSequential, RandAugment and TrivialAugment—enable complex, differentiable data pipelines. Pre-trained models already cover face detection with YuNet, feature matching via LoFTR and LightGlue, descriptor extraction with DISK, and segmentation through SAM.

Version 0.8.2 delivers mostly maintenance: expanded documentation with SEO meta descriptions, dependency bumps, link fixes and pre-commit standardization. The project has also migrated its community chat to Discord.

The timing matters. As robotics and spatial AI systems demand unified perception pipelines, Kornia's differentiable geometry combined with emerging VLMs offers a single framework for both low-level pixel operations and high-level reasoning. Researchers can now backpropagate through the entire stack without switching libraries.

**

The Gazebo project has released Jetty, corresponding to gz-sim 10.0.0. The update refines the modular libraries that separate physics, rendering, sensing and transport functions, allowing each to evolve independently while maintaining tight integration.

Dynamics simulation now routes through the Gazebo Physics library with clearer API boundaries for selecting and swapping engines. Rendering employs OGRE v2 via Gazebo Rendering to produce accurate lighting, shadows and texture detail on complex meshes. Sensor output, handled by Gazebo Sensors, includes calibrated models for laser range finders, 2D/3D cameras, IMUs, GPS and force-torque units, with configurable noise profiles.

Plugin interfaces received incremental upgrades for robot, sensor and world control. The Gazebo GUI supports additional plugin entry points for real-time introspection. Command-line tools gained options for headless operation and automated scenario scripting. TCP/IP transport via Gazebo Transport improves asynchronous message passing, making it simpler to run heavy simulation loads on remote servers while keeping lightweight client interfaces local.

Compatibility with ROS 2 remains unchanged, preserving existing control stacks. Pre-built models of the PR2, TurtleBot, Pioneer 2DX and iRobot Create continue to be available through Gazebo Fuel, with SDF used for custom construction. Builds target Ubuntu Noble, with maintained Homebrew and Windows support.

The release reflects steady iteration on 16 years of robotics simulation experience rather than wholesale redesign.

OWASP Juice Shop has released version 19.2.1 with changes focused on its build pipeline. The update automatically syncs coding challenge snippets with the project's documentation repository and fixes generation of frontend bundle analysis diagrams.

Written in TypeScript, the application presents a realistic online shop riddled with vulnerabilities drawn from the full OWASP Top 10 and additional real-world flaws. These include SQL injection in product search, broken access control in administrative functions, insecure deserialization, and GraphQL endpoint weaknesses.

The project supports multiple deployment methods. Users can clone the repository, run npm install and npm start, or use packaged 64-bit distributions for Windows, macOS and Linux. Docker images and Vagrant configurations further simplify setup for training environments.

First published in 2014, Juice Shop remains actively maintained precisely because web application attacks continue to evolve. The latest release reduces manual work for maintainers while preserving the application's value as a safe testbed. Security teams deploy it to let participants exploit flaws firsthand before learning corresponding defenses.

Its modular challenge architecture allows both free-form hacking and structured learning paths. This flexibility explains its enduring role in corporate workshops, university courses and capture-the-flag events.

Concrete impact: trainers gain fresh challenge data without extra steps, while tool vendors can reliably benchmark scanners against consistent vulnerable endpoints.

The latest release of intuitem/ciso-assistant-community tightens core functions in its open-source GRC platform. Version 3.15.9 focuses on usability and data integrity rather than broad new capabilities, addressing friction points reported by practitioners managing overlapping regulatory demands.

Key changes target the EBIOS RM module with a direct navigation button from strategic scenario details back to parent studies. Vulnerabilities can now link to follow-up tasks inside the data wizard. Risk assessment import and export routines were revised for reliable round-tripping, while finding exports received sanitization to prevent formatting errors on re-import. The CLI gained a name flag for assessments, easing automation scripts.

Interface updates sort domains within the asset graph and correct multi-level filtering. Task email templates now support links and full variable lists. Hardening fixes align the community edition with enterprise requirements.

These incremental improvements reinforce the project's deliberate architecture. It maintains strict separation between compliance requirements and reusable security controls, enabling the same evidence to satisfy multiple frameworks without duplication. The platform ships with 130 frameworks—including ISO 27001, NIST CSF, SOC 2, PCI DSS, NIS2, DORA, GDPR and HIPAA—plus automatic control mapping, built-in threat libraries, risk quantification, and remediation tracking.

An API-first design supports both interactive use and external automation via CLI, Kafka or direct calls. Custom frameworks remain editable through a lightweight open format. For teams buried in spreadsheets and point tools, the release reduces manual reconciliation work that previously consumed audit cycles.

**

Trivy v0.70.0, released this month, delivers targeted improvements to its unified scanning engine rather than broad new feature additions. The Go application consolidates vulnerability, misconfiguration, secret and SBOM detection across container images, Kubernetes clusters, Git repositories, VM images and filesystems.

Notable changes include refined misconfiguration rules for current IaC tools, expanded secret detection patterns for cloud credentials, and more consistent SBOM generation in SPDX and CycloneDX formats. Scan performance on large Kubernetes deployments has been optimised, reducing memory usage during cluster-wide audits. The vulnerability database refresh now pulls from additional upstream sources, tightening coverage for recent CVEs in popular language ecosystems.

Usage remains unchanged at the command level. A typical invocation looks like trivy image python:3.4-alpine or trivy k8s --report summary. The binary, available via Homebrew, direct download or the aquasec/trivy Docker image, requires no daemon and runs equally well in CI pipelines or developer workstations.

For teams already using Trivy, version 0.70.0 removes several deprecated scanner flags and standardises output schemas, forcing minor workflow updates but delivering cleaner integration with downstream reporting tools. The project continues to ship canary builds from main for early testing, though the maintainers explicitly advise against production use of those images.

The net result is a more precise tool for organisations that have moved beyond basic CVE scanning and now require combined SBOM, license and secret visibility across their entire supply chain.

Gitea v1.26.0 delivers concrete upgrades for teams running their own development infrastructure. The Go-based platform, which combines Git hosting, code review, package registries, and CI/CD in a single binary, now supports the full Actions concurrency syntax, giving developers finer control over parallel workflow execution and resource usage.

Notable additions include a built-in Terraform state registry, instance-wide informational banners, and a maintenance mode that administrators can activate without disrupting running services. Workflow dependencies can now be visualized directly in the UI, and failed jobs gain a one-click re-run button. The release also introduces automatic changelog generation, keyboard shortcuts for repository search, OpenAPI spec rendering, and non-zipped artifact support for newer runners.

Security fixes bound page sizes in repository listings, while several performance improvements target the Actions backend. Breaking changes modernize API annotations and default PUBLIC_URL_DETECTION to auto.

For organizations wary of vendor lock-in, these updates narrow the gap with commercial platforms while preserving Gitea's lightweight footprint and straightforward deployment. The binary runs on everything from Raspberry Pi to enterprise servers with minimal configuration.

**

RustDesk version 1.4.6 delivers native binaries for AArch64 alongside existing x86_64 support, reflecting the shift toward ARM hardware in servers, laptops and mobile devices. The release provides .deb packages for Ubuntu on both architectures, Apple Silicon DMGs for macOS, signed APKs for Android, and a Flatpak bundle for Linux desktop environments. An official iOS build is now listed on the App Store, while a web client enables browser-based sessions without installation.

The Rust codebase continues to emphasize direct P2P connectivity when possible, with optional self-hosted rendezvous and relay servers for environments that prohibit external traffic. Administrators can deploy these components via official Docker images, keeping all session data inside their own infrastructure. Video encoding relies on libvpx, aom and opus, managed through vcpkg during builds.

The desktop GUI has fully migrated to Flutter, retiring the earlier Sciter implementation for better cross-platform consistency and faster iteration. Build instructions now target stable Rust toolchains and document the exact dependency steps required for clean compilation on Ubuntu 18 and newer.

These updates arrive as organizations audit remote-access tools for supply-chain risk and regulatory compliance. By removing mandatory cloud intermediaries, 1.4.6 lowers both cost and exposure for teams that already run their own identity and networking infrastructure. (178 words)

nanobrew is a package manager for macOS and Linux written in Zig. It reports warm installs of cached packages in roughly 3.5 milliseconds and cold installs approximately nine times faster than Homebrew. The project reuses Homebrew formulas, bottles and casks while shipping as a single 1.2 MB static binary with no Ruby runtime or bootstrapping step.

Design choices emphasize speed and predictability. nb install performs no automatic update, parallelizing all dependency downloads and extractions by default. Cask installs omit the com.apple.quarantine attribute, eliminating Gatekeeper prompts. Third-party taps work without extra configuration. On Linux and in Docker containers, native .deb support delivers up to 13× faster warm installs than apt-get.

Version 0.1.191, released 20 April 2026, fixed hardlink extraction in bottles such as unzip, perl and postgresql@17 by replacing the previous fallback with a native USTAR/GNU tar parser. Apple Silicon binaries are now Developer ID signed and notarized. Command benchmarks improved markedly: nb leaves on a cold cache of roughly 100 packages dropped from 10.0 s to 0.83 s, now 1.37× faster than Homebrew on the same hardware. Search and resolver times also fell by nearly half.

The tool covers the common fast path but explicitly omits post_install hooks, source builds and Mac App Store integration. nb bundle install returns instantly when a Brewfile is satisfied.

NWinfo has shipped version 1.6.2, its most substantial update in months. The command-line and GUI utility, written in C, continues to read hardware directly rather than routing queries through WMI, delivering lower latency and fewer permission hurdles on locked-down Windows installs.

The new release focuses on modern bus and graphics details. It now reports GPU memory frequency, PCIe link speeds and current link width for every PCI device. Storage diagnostics gained AAM/APM value display in S.M.A.R.T. output, while the audio subsystem can measure device loudness. GUI users will see HVCI status, expanded sound-card information and an option to export a compact summary report.

Other fixes address NULL dereferences in DMI strings, ARM64 build stability, mainboard miscellaneous data and garbled characters in localized output. PCI vendor and device IDs are now stored as uint16_t, and the bundled pci_ids.h database has been refreshed.

These changes matter as PCIe 5.0 hardware and memory-heavy GPUs become standard in both workstations and gaming rigs. Engineers and system integrators who rely on nwinfo for JSON or YAML inventory scripts gain more precise data without installing heavier commercial tools.

The project remains under the Unlicense and incorporates libcpuid, CrystalDiskInfo routines and Nuklear for its lightweight interface.

The WLED-wemos-shield project has shipped version 3.0, relocating all solder jumpers to the back of the PCB for easier configuration after assembly. The pinout has been revised and a PWM fan circuit added, addressing thermal demands in enclosed or high-output installations.

Designed for the Wemos D1 Mini (ESP8266) or ESP32 D1 Mini, the shield converts these compact boards into full-featured WLED controllers. It supplies a 3.3 V to 5 V level shifter for stable signalling to long runs of WS2812, WS2815, SK6812 or APA102 LEDs, supports both single-wire and clocked data protocols, and includes a power selector for 5 V, 12 V or 24 V strips.

Other onboard elements remain: analog and digital audio inputs for sound-reactive firmware, a relay to eliminate phantom power draw when LEDs are off, I2C header for OLED displays or environmental sensors, I2S on ESP32 variants, optional IR receiver, Dallas temperature probe footprint, and auxiliary 5 V output. The project supplies ready binaries from the main WLED repository plus Atuline and MoonModules sound-reactive forks.

For builders integrating lighting into permanent fixtures or audio installations, these incremental hardware changes reduce assembly friction and broaden environmental tolerance without increasing board size.

PCBs cost $5 for ten boards; fully assembled units are available on Tindie.

Following its most recent commits in April 2026, the openstreetmap/chef repository continues to orchestrate configuration for every machine run by the OpenStreetMap Foundation's Operations Working Group. The project employs CINC, the open-source Chef platform, to enforce consistent state across the entire fleet.

All servers carry dragon names and are assembled through layered roles. Server-specific files such as faffy.rb declare IP addresses, included services and local quirks. Hardware roles like hp-g9.rb capture motherboard and firmware settings reusable across identical machines. Location roles form a hierarchy—equinix-dub.rb sits inside datacentre, organisation and country definitions—while service roles such as web-frontend pull in the exact recipes, configuration values and dependent roles required.

The team follows the organization-repository model: every cookbook lives inside this single repository with no external dependencies. This simplifies testing, accelerates rollouts and guarantees that knife commands operate against a known, self-contained codebase.

The setup matters now because OpenStreetMap's traffic—tile serving, API calls and planet-file distribution—keeps rising. Small changes to a hardware or service role can be tested locally, peer-reviewed and deployed with minimal risk, keeping the global infrastructure reliable without manual intervention on distant machines.

Contributing remains straightforward; the operations team stays reachable on #osmf-operations and via Matrix bridge.

The Super Mario Bros. Remastered project has shipped version 1.0.2, bringing targeted improvements for both gameplay and content creation. The update adds official support for the European SMB1 ROM, alongside the ability to regenerate assets and re-verify ROM integrity when graphics become corrupted.

Custom level authors benefit most. The restriction on checkpoints has been removed, allowing unlimited placement across all subareas. Boo colour unlocks now scale with completion time rather than repeated runs, culminating in Golden Boo. New optional character animations are documented in the project wiki, and creators can set a precise frame-rate limit in the options menu.

Portable operation is now activated by simply dropping a portable.txt file next to the executable. Resource packs gain .ogg music support, Firebars can toggle their original “snappy” movement, and mushroom ejection direction now respects which half of the block is struck. Level Share Square browsing displays difficulty with skulls and ratings with stars; completed levels restore the previous view state.

Built in GDScript for Godot 4.6, the project continues to recreate the original NES titles and Lost Levels with refined physics while requiring a legitimate ROM. The changes reflect steady iteration by its maintainer and contributors rather than wholesale redesign.

Bliss Shader's release11 refines its core promise of inconsistent, context-aware illumination in Minecraft. The GLSL edit of Chocapic v9 avoids static lighting models, generating scenes whose mood and color temperature shift depending on biome, time, and player position.

The most significant recent change is Null's voxel floodfill colored lighting system. It propagates light in three dimensions with proper color bleed, sharply reducing leaks. Emin and Gri573 contributed practical fixes that further tighten light containment. WoMspace's depth-of-field overhaul delivers smoother focal transitions useful for both gameplay and recording.

Customization remains extensive. Dozens of sliders control shadow softness, water caustics, atmospheric scattering, and cloud behavior. Three update channels exist: release versions appear on Modrinth and Curseforge once stable; the stable branch receives regular tested builds; the unstable branch tracks daily commits for users willing to file issues.

Installation is direct. Download the repository zip from the main branch and drop the archive into the shader packs folder—no extraction required.

These incremental improvements matter as Minecraft 1.21 players seek visual variety without external renderers. The project shows how sustained community editing can evolve an established shader into a distinctly moody visual language.

LibGDX 1.14.0 focuses on incremental modernization of the veteran Java game framework. The release improves compatibility with current toolchains while addressing long-standing pain points for developers shipping to desktop, Android, iOS, HTML5, Windows, Linux and macOS.

Notable changes include native class support for Tiled map files, allowing cleaner integration of tile sets and object layers. FreeType has been updated to 2.13.3 for more consistent font rendering. Android users gain concrete fixes: crash prevention when calculating soft-button bar height, Pools API adjustments to eliminate desugar conflicts, and an extracted createGraphics method that simplifies custom AndroidGraphics subclasses.

Build compatibility now extends cleanly to Java 21 after the Spotless Gradle plugin update. Convenience additions comprise static Vector.One fields and a new JsonValue#toJson overload accepting a Writer. The release also replaces deprecated Android audio and cursor APIs, corrects misspellings in AsyncExecutor, and supplies a dark-mode logo variant.

These updates, drawn from more than a dozen community pull requests, demonstrate the project's continued maintenance without altering its core contract: full OpenGL ES access and no enforced architecture or coding style. The Apache 2.0 framework therefore remains a stable base for teams iterating on 2D and 3D titles while leveraging its mature third-party ecosystem.