The Git Times

Four years after launch, OpenAI’s official cookbook remains the primary technical reference for developers using its API. Recent commits have expanded the collection with new notebooks focused on building reliable agents and handling structured data — capabilities now central to production deployments.

The repository delivers executable Jupyter notebooks that demonstrate API patterns in Python. After setting the OPENAI_API_KEY environment variable, users can run examples locally or in any compatible IDE. Core topics include thread management in the Assistants API, tool calling for external functions, vision handling for image inputs, and output parsing that guarantees JSON compliance.

These updates arrive as enterprises move beyond simple chat completions toward multi-step reasoning systems. The guides show exact request sequences, error-handling strategies, and cost-control techniques that reduce iteration time from weeks to days. All code carries an MIT license, allowing teams to adapt patterns into commercial applications without overhead.

The cookbook’s value lies in its focus on working implementations rather than abstract theory. As model capabilities expand quarterly, the maintained examples prevent developers from repeating known mistakes around rate limits, context windows, and prompt brittleness.

**

Supervision 0.28.0 introduces sv.CompactMask, a practical response to the memory demands of modern segmentation pipelines. A 1920×1080 frame with 28 instances previously required roughly 55 MB of dense mask data. The new class stores only tight bounding-box crops using RLE encoding, reducing the same masks to approximately 237 KB before further compression—a 240× saving.

Because the API is unchanged, existing filters, area calculations, and annotators continue to work without modification. Calls to .to_dense() occur internally only when pixel-level access is required. The release also adds sv.Detections.from_sam3(), which parses both PCS multi-prompt and PVS video formats from the latest Segment Anything Model. This enables object segmentation through free-text prompts, removing the need for predefined class lists or bounding-box inputs.

These changes reinforce supervision’s established role as a lightweight, model-agnostic layer between inference engines and application logic. The library’s unified sv.Detections object accepts output from Ultralytics YOLO, MMDetection, Hugging Face Transformers, RF-DETR, and Roboflow Inference with minimal glue code. Annotators, trackers, zone counters, and dataset converters remain the primary building blocks for production vision systems.

As teams scale to higher-resolution video and larger numbers of simultaneous detections, the memory efficiencies matter immediately. The update lets developers keep more instances in memory and maintain real-time performance on standard hardware.

Key new patterns

• Replace dense masks with sv.CompactMask.from_dense() in existing detection loops
• Use text prompts with SAM3 for zero-shot interactive tools
• Filter detections by pixel area without materializing full masks

Digital Innovation One has refreshed its dio-lab-open-source repository with material pushed in May 2026 that aligns the lab with present-day GitHub practices. The project remains a structured training ground where developers learn the mechanics of open source participation by performing every step themselves.

Participants fork the repository, create a feature branch, edit files, and submit a pull request. The lab supplies a concrete docs/ directory containing index.html, assets/css/styles.css, assets/js/scripts.js, and supporting Markdown files. This structure lets users practice both documentation updates and minor frontend changes in a realistic setting.

Core exercises now include:

• Creating and merging branches with updated Git commands
• Formatting contributor profiles in Markdown
• Resolving merge conflicts in shared notebooks
• Opening and iterating on pull requests

Jupyter Notebooks bundled in the repository combine executable code examples with explanatory text, allowing learners to run git operations while reading context. The updates address recent platform interface changes and refreshed security guidance for contributions.

As open source underpins infrastructure and AI tooling, the ability to navigate these workflows has become table stakes for working developers. The DIO lab continues to lower the barrier by giving newcomers a safe, repeatable environment to gain that competence. Its ongoing maintenance ensures the exercises reflect how teams actually collaborate on GitHub today rather than how they collaborated in 2023.

(178 words)

Contributors delivered targeted enhancements to PythonRobotics in mid-May 2026, expanding its aerial navigation and legged-robot sections with production-relevant code. New scripts demonstrate drone 3d trajectory following and rocket powered landing using nonlinear model predictive control solved by C-GMRES. A bipedal planner based on an inverted pendulum model was added alongside supporting visualization routines.

The updates preserve the repository’s core design: single-file, minimum-dependency Python examples that expose the internal mechanics of each algorithm. Animations generated with matplotlib now show rocket descent under thrust constraints, three-dimensional drone waypoint tracking, and stable bipedal gait generation. Existing modules for EKF localization, FastSLAM 1.0, LQR-RRT*, Stanley control, and D* Lite received compatibility fixes for current Python ecosystems and CVXPY versions.

These changes arrive as robotics teams increasingly prototype beyond wheeled platforms. The code remains self-contained, allowing engineers to extract individual planners or filters without importing full middleware. Maintenance commits also improved ray-casting grid mapping and quintic polynomial trajectory generation, tightening the link between textbook theory and runnable prototypes.

The project continues to serve dual roles as both reference implementation library and interactive textbook, keeping pace with hardware platforms entering active development.

CARLA has shipped version 0.9.16, bringing production-grade NVIDIA integrations and formal support for its Unreal Engine 5.5 development branch.

The release adds NVIDIA Cosmos Transfer1 for AI model portability and the NVIDIA Neural Reconstruction Engine (NuRec) to reconstruct high-fidelity environments from sensor data. New SimReady OpenUSD and MDL converters now allow teams to import and export production-grade assets and materials directly. Support for left-handed traffic maps extends the simulator’s usefulness to additional global markets.

Infrastructure updates include consistent python3 usage, improved devcontainer documentation, GUI forwarding inside Ubuntu 22.04/24.04 containers, and the ability to mount host Unreal Engine builds. The changelog records 14 fixes, among them corrected waypoint loops, reliable map reloading, and proper handling of OpenDrive SignalReferences. New API functions expose actor component transforms and vehicle door states in recordings. Digital Twin workflows now accept local OSM and XODR files.

The project maintains parallel branches—ue5-dev for the 5.5 work and ue4-dev for the prior codebase—requiring Ubuntu 22.04 or later, or Windows 11, plus RTX 3070-class GPUs with 16 GB VRAM. These changes tighten the loop between simulated sensor suites and the latest neural reconstruction pipelines used by autonomous vehicle teams.

Pinocchio version 4.0 equips rigid-body dynamics users with practical new capabilities for systems containing kinematic loops and frictional contacts. Developed by Inria’s Willow team, the C++ library already provides efficient implementations of Featherstone’s Recursive Newton-Euler and Articulated-Body algorithms together with their analytical derivatives. The latest release extends this foundation.

The lcaba algorithm now computes forward dynamics for mechanisms with closed kinematic loops. A supplied Python example shows its use in simulation. The update also ships a redesigned constraint API built around dedicated models: PointContactConstraintModelTpl, PointAnchorConstraintModelTpl, FrameAnchorConstraintModelTpl, JointLimitConstraintModelTpl and JointFrictionConstraintModelTpl. Each model carries its own data object. Container types ConstraintModelTpl and ConstraintDataTpl unify them at runtime.

Four Delassus operator implementations — dense, sparse, Cholesky-expression and rigid-body variants — calculate the operator (J M^{-1} J^T) with tailored performance characteristics. These feed directly into two new solvers, ADMMConstraintSolverTpl and PGSConstraintSolverTpl. Additional Python scripts demonstrate construction of constraint problems, operator assembly and solver execution on legged-robot models.

Pinocchio remains built on Eigen for linear algebra and integrates collision detection through coal. Its Conda-packaged Python bindings continue to support fast prototyping. The library sits at the core of Crocoddyl, Aligator, the Stack-of-Tasks framework and the Humanoid Path Planner, and it inspired Disney Research’s Kamino simulator. Version 4.0 therefore sharpens an established tool rather than introducing a newcomer.

Web-Check has shipped version 2.1.0, its most meaningful release in over a year. The TypeScript project migrated its frontend from its previous stack to Astro, delivering measurable improvements in load time and bundle size for the self-hosted OSINT dashboard.

Core functionality remains unchanged: given any domain, the tool returns IP metadata, SSL certificate chains, DNS records, HTTP headers, cookies, detected trackers, open ports, traceroute, server location, domain registration data, robots.txt directives, page sitemap, and carbon-footprint estimates. The new release adds fingerprinting for QRATOR and DDoS-Guard web application firewalls, integrates Hudson Rock breach intelligence, and refreshes links to external analysis utilities.

Deployment paths are untouched. Users can launch via one-click Netlify or Vercel templates, pull the official Docker image, or build from source. Configuration flags let operators disable expensive checks; one resource-heavy module has been temporarily disabled for cost reasons.

For platform engineers and security practitioners the updates matter because they reduce friction when auditing external assets. Instead of stitching together output from disparate CLI tools, teams get a single, coherent view of attack surface and configuration weaknesses. Community pull requests drove the firewall signatures, port-sorting fixes, and documentation refreshes. The repository is mirrored on Codeberg for users preferring non-GitHub hosting.

The project continues to prioritize transparency and local control over black-box SaaS alternatives.

Cybersecurity AI (CAI) has published fresh benchmarks showing its alias1 model in the Professional Edition outperforming GPT-5 in AI-versus-AI Capture The Flag scenarios. The May 2026 update focuses on unrestricted operation for security tasks while preserving built-in guardrails.

The Python framework integrates more than 300 models from OpenAI, Anthropic, DeepSeek, Ollama and others. It supplies ready-made tools for reconnaissance, exploitation and privilege escalation, letting developers assemble modular agents tailored to specific workflows. Core safeguards block prompt injection and dangerous command execution.

Community edition remains free for researchers, students and open-source contributors. The €350-per-month PRO tier adds unlimited alias1 tokens, zero refusals on security queries, professional support and European data sovereignty. Real-world validation includes HackTheBox CTFs, bug-bounty programs and enterprise deployments.

The technical report details bug-bounty-ready capabilities, confirming CAI’s role as the standard tooling layer between large language models and practical offensive and defensive security automation. Recent refinements tighten agent orchestration and tool reliability rather than expanding scope.

**

Caddy v2.11.3 ships four security patches addressing real-world attack vectors in production environments.

The fastcgi module now blocks execution of non-PHP files after coordinated work with the FrankenPHP team. The vars module received a complete fix for a published advisory. Most critically, the admin API gained array index normalization and stricter path prefix matching to close remote authentication bypass routes on exposed admin sockets.

Maintainers also backported upstream fixes to quic-go and CertMagic, tightening HTTP/3 and certificate handling. Non-security changes sync placeholder expansion between vars and vars_regexp, refine Tailscale *.ts.net ACME logic, and resolve CI instability.

These updates matter for operators running Caddy at scale. The server already manages automatic HTTPS by default, coordinates clusters, supports ECH, and runs without external dependencies. Its Go implementation provides stronger memory safety than C or C++ alternatives. With the project proven across trillions of requests, the new patches reduce attack surface without changing configuration habits or performance characteristics.

Teams using the JSON API or admin socket should upgrade promptly. The modular architecture continues to let users add capabilities through plugins while keeping the core lean.

(178 words)

PocketBase has shipped v0.38.1, delivering targeted security and operational improvements to its single-file Go backend.

The release forces existing realtime connections to drop their auth state whenever user passwords, collection secrets or equivalent credentials change. Although the system's short idle timeouts already limit exposure, the explicit invalidation shrinks the attack surface. Superuser IP confirmation prompts are now silenced when no change has occurred, reducing routine friction.

Administrative UI updates include support for top-level await inside experimental extension initialization scripts. Each collection tab now displays an error marker, and raw error tooltips have refined styling. A fix for collection index updates ships with a one-time system migration that resaves all indexed collections, ensuring normalized data in the Collection.Indexes field even for indexes created outside PocketBase via the SQLite CLI.

The embedded database layer has been refreshed to modernc.org/sqlite v1.50.1 (SQLite 3.53.1). Minor cleanups address API preview examples and comment typos.

Still pre-1.0, PocketBase remains an embedded SQLite datastore with realtime subscriptions, built-in user and file management, an admin dashboard, and a REST-ish API. It can run as a standalone binary via ./pocketbase serve or as a Go library for custom business logic, producing a single portable executable in either case.

Sway, the Rust-inspired language built for the Fuel blockchain, shipped version 0.71.0 this week with a focused set of compiler and standard-library improvements.

The update prioritizes execution efficiency. Contributors lowered the size threshold inside SROA profitability checks, implemented init_aggr directly in the intermediate representation, and added targeted optimisations for leaf functions. An encode_allow_alias flag now reduces logging overhead. These changes produce smaller bytecode that should consume less gas once deployed.

Language semantics were tightened by forbidding outer variables inside const evaluations, removing a source of subtle bugs. The standard library gained a len method on std::string::String. A fix to the runtime memory layout of string arrays corrects previous padding behaviour that could affect contract predictability.

Tooling housekeeping continued: forc-node migrated into the main forc monorepo, CI scripts were accelerated, and outdated GitHub Actions were refreshed. The project remains written in Rust; building from source requires only the stable toolchain and the just command runner for additional tasks.

Five years after its first commit, Sway is used wherever Fuel developers need Rust-like ergonomics without sacrificing deterministic performance on a UTXO-based VM. The 0.71.0 changes are incremental but directly address real-world bottlenecks reported by teams shipping DeFi and indexing infrastructure.

**

ExplorerPatcher has shipped a targeted update that restores stability on current Windows 11 releases. Tested on builds 26100.4946, 26100.5074, 26200.5751 and 26220.6682, the new version addresses regressions introduced by Microsoft’s 24H2 changes and external service updates.

The ep_weather component now correctly fetches data after modifications on Google’s servers. A separate fix prevents the Recommended section from being hidden in Start11-style menus. The configuration GUI again exposes the File Explorer title bar option on versions from 22H2 forward. These corrections arrived via community contributions, including work by @davids5, @m-wigley and @SandTechStuff.

The project continues to let users replace the Windows 11 taskbar, Start menu and Alt+Tab switcher with Windows 10 equivalents. After installing ep_setup.exe (or the ARM64 variant for Snapdragon systems), preferences are set through the familiar taskbar Properties dialog. The tool patches explorer.exe and supplies a custom dxgi.dll, which must remain unblocked by security software.

With Microsoft iterating rapidly on the shell, ExplorerPatcher maintains a stable bridge for users who value pixel-perfect legacy behavior and granular control. Built-in update checks and straightforward uninstall paths reduce operational friction for both individual power users and managed environments.

Note: Only the official GitHub releases should be used. The recommended exclusion list for third-party antivirus includes C:\Program Files\ExplorerPatcher, %APPDATA%\ExplorerPatcher and the patched system folders.

Hwloc has released version 2.13.0, updating its tools for mapping the increasingly complex layouts of modern computing hardware.

The Hardware Locality project delivers command-line utilities and a C API that reveal the hierarchical organization of processors, memory, and I/O devices. It identifies NUMA nodes, shared caches, processor packages, dies, cores, and hardware threads, along with their attributes and interconnections.

Portability remains a core strength. The library supports Linux distributions with full awareness of cgroups, cpusets, and memory targets. It also runs on Solaris, AIX, macOS, FreeBSD, NetBSD, and Windows without relying on vendor-specific interfaces beyond standard OS facilities.

In high-performance computing, where applications must navigate multiple cache levels and NUMA domains, hwloc enables precise placement decisions that reduce latency and boost throughput. Its lstopo tool produces graphical representations of system topology, aiding both developers and administrators.

As parallel architectures evolve toward greater heterogeneity, the library's ability to abstract these details grows more critical. Version 2.13.0 incorporates updates to maintain compatibility with recent platforms.

The project underscores a fundamental truth in computing: understanding the machine is the first step toward using it efficiently.

Glasgow Interface Explorer is set to regain momentum after years of limited activity. Primary maintainer Catherine whitequark has overcome serious health challenges, large-scale social unrest and displacement, and has now settled in the UK with stable healthcare. Development velocity will increase in coming months and the current team of three maintainers will expand.

Known as the Scots Army Knife for electronics, Glasgow pairs a compact FPGA board with Python-based applets to deliver a reprogrammable platform for digital interfacing and debugging. Users define custom gateware in Python that configures the FPGA for high-speed tasks including SPI, I2C, UART, JTAG, parallel memory access and protocol analysis. The same hardware can function as logic analyzer, programmer, signal generator or protocol bridge without swapping physical tools.

Its open-source hardware and gateware repository lets engineers extend support for new chips or proprietary buses within days rather than weeks. Comprehensive documentation covers both low-level FPGA design and high-level applet development.

The revival arrives as supply-chain constraints and proliferating embedded devices sustain demand for flexible, vendor-neutral tooling. Crowdsupply customers awaiting boards are asked to remain patient; human maintainer capacity, not funding, remains the limiting factor. whitequark maintains a personal Patreon for those wishing to support her living costs directly.

(178 words)

Hardware.Info has shipped version 101.1.1.1, bringing official ahead-of-time compilation support through the new Hardware.Info.Aot NuGet package. The update replaces System.Management with WmiLight on Windows, removing runtime JIT dependencies that previously blocked native publishing.

The library continues to deliver a single IHardwareInfo interface that abstracts platform differences. On Windows it queries WMI. On Linux it reads /proc, /sys and /dev. On macOS it parses sysctl and system_profiler output. One call to RefreshAll() populates complete inventories: battery state, BIOS version, CPU cores with frequencies, drive SMART data, RAM modules, monitor EDID details, motherboard identifiers, network adapters, printers, sound devices and video controllers.

The original Hardware.Info package remains unchanged for standard .NET workloads. Both packages target .NET Standard 2.0, ensuring broad compatibility while the AOT variant now works with dotnet publish -r win-x64 --self-contained without trimming warnings.

This release matters as teams ship more native single-file executables for desktop, IoT and cloud-edge scenarios. Hardware validation code that once required separate code paths can now use the same typed objects everywhere.

Example usage remains concise:

var info = new HardwareInfo();
info.RefreshAll();
foreach (var cpu in info.CpuList) Console.WriteLine(cpu);

The project, first published in 2020, shows continued maintenance with the May 2026 push focused on AOT compatibility and dependency updates.

Godot developers navigating an expanding ecosystem now benefit from recent updates to the awesome-godot repository. Maintained since 2015 and refreshed as recently as this month, the list aggregates free and libre games, plugins, add-ons and scripts while separating them by engine version to prevent compatibility issues.

The games section lists open-source titles such as Librerama, a fast-paced arcade collection built for Godot 4, Poder Solar, a resource-management simulator, and ROTA, a gravity-bending puzzle platformer. XR and 3D categories have grown with new templates and demos that reflect rising interest in immersive projects.

On the tooling side, the repository catalogs editor modules for GDScript and C#, custom syntax themes, engine themes, unofficial builds and Bash automation scripts. A dedicated pointer to Vivraan/godot-lang-support addresses users needing additional programming language integrations.

These updates matter because Godot continues gaining traction among independent studios and educators who require vetted community resources rather than scattered forum links. By filtering for quality and libre licensing, the list shortens discovery time and reduces risk when extending projects. Version-specific organization helps teams migrating from Godot 3 avoid breaking changes while adopting fresh capabilities in version 4.

Contents are grouped into Games, Projects, Plugins, Themes, Tutorials and Websites, delivering immediate starting points for both prototyping and production work.

YARD 1.1.0 refines resource management for Godot 4 developers already familiar with its spreadsheet-style registry editor and lightweight runtime API. The update delivers full compatibility with C#-defined resource scripts, removing previous barriers for mixed or C#-only projects. It also introduces a custom inspector that works with @export_custom and Registry.PROPERTY_HINT_CUSTOM, generating enum-style dropdowns populated by stable registry IDs.

This eliminates manual string entry and the autoload boilerplate that previously plagued resource referencing. Registries remain compact .tres files containing only UIDs and string IDs. The editor tab displays resources in a table view, supports class restrictions, and can synchronize recursively with a chosen directory so entries update automatically as files appear or disappear.

Property indexing happens entirely at edit time. Selected fields are baked into the registry, enabling zero-cost runtime filtering by value. Loading strategy stays under developer control: individual entries, full synchronous load, or threaded asynchronous loading. All heavy operations stay in the editor, leaving runtime overhead minimal.

The release also ships Godot 4.6 compatibility fixes, improved class-restriction dialogs, and editor shortcuts for reindexing. For teams scaling inventories, dialogue databases, or procedural content, these changes tighten the workflow while preserving Godot’s native resource strengths.

Key retained features

• Stable string IDs that survive file moves
• Directory sync with automatic add/remove handling
• Baked indexes for runtime property queries
• Flexible loading with no hidden costs