Tech

oMLX 0.3.9.dev2 tested on M1 Max 64GB: SSD cache wins, VLM MTP slower

Tested oMLX 0.3.9.dev2 on M1 Max 64GB across 11 scenarios: SSD KV cache cuts Copilot prefill 88s→33s, VLM MTP slows decode 12-30%, omlx launch reaches Copilot/Codex/Claude Code.

Quake III's Q_rsqrt on Apple M4 vs Zen 3: when it actually beats 1/sqrtf in 2026

Tested Q_rsqrt on Apple M4 (Mac mini) and Zen 3 (Ryzen 5800HS / WSL2). M4's -O2 already rewrites 1/sqrtf to frsqrte and ties Q_rsqrt; x86 clang needs -ffast-math or hits a 12x gap. Hand-written NEON/SSE wrappers turn out slower. Newton 0/1/2 error and the Lomont constant covered too.

oMLX 0.3.9.dev2 for Mac coding agents: Gemma 4 VLM MTP, DFlash, launch copilot

oMLX 0.3.9.dev2 release notes from the angle of Codex/Copilot on Mac local LLMs: Gemma 4 VLM MTP, DFlash, omlx launch copilot, SSD KV cache — what each changes for agent workflows.

RubyGems signup pause after 500+ malicious packages: lockfile and cache checks

RubyGems.org halted new signups after DDoS and 500+ malicious gem uploads. Existing install/push unaffected — check lockfiles for gems added around May 12 2026.

VoxCPM2 and OSS TTS in 2026: Irodori-TTS, F5-TTS, and Japanese fine-tune notes

VoxCPM2 sits in the tokenizer-free corner. Mapped vs F5-TTS, CosyVoice2, Irodori-TTS, Style-Bert-VITS2; plus why Japanese TTS still leans on OpenJTalk.

NIST NVD goes risk-based: which SCA tools still miss Deferred CVEs

NVD API queries: kernel CVEs return Analyzed but SuperAGI CVE-2026-6584 stays Deferred with no CPE. Maps Snyk, Trivy, Grype, Dependabot, OSV-Scanner reliance on NVD vs GHSA/OSV.

React Native OTA after CodePush: Stallion vs EAS Update, rollback and signing

CodePush shut down in March 2025. Compared EAS Update, self-hosted, and Stallion for React Native OTA — rollback, bundle signing, delta delivery — plus Unity AssetBundle parallels, TestFlight for personal apps, PWA Service Worker cache traps, and the lifecycle of deployed code.

Mini Shai-Hulud hits TanStack & Mistral npm: CVE-2026-45321 (CVSS 9.6), TeamPCP campaign chain

TanStack npm compromise (42 pkgs / 84 versions, CVE-2026-45321 CVSS 9.6) on May 11, 2026 UTC spread across UiPath (60+), Mistral, OpenSearch, guardrails-ai, Checkmarx Jenkins. Covers token-revoke wipe ordering, first valid SLSA provenance on malicious npm, and Vect ransomware secondary wave (wiper, not real ransomware). Live tracking.

Ghostty tabs all say 'Claude Code': no-title, env var, and zsh hook fix

Every Ghostty tab turns into 'Claude Code' when running multiple AI CLI sessions. Fix it with shell-integration-features = no-title, CLAUDE_CODE_DISABLE_TERMINAL_TITLE, and a 30-line zsh preexec/precmd/chpwd hook that tags tabs by repo name.

GhostLock PoC: 500K SMB files locked in 8 min via CreateFileW dwShareMode=0

CreateFileW dwShareMode=0 locks 500K SMB files in 8 min with no encryption. Detection key: NAS session exclusive handle counts, not write-based indicators.

WordPress 7.0: wp_ai_client_prompt(), PHP-only blocks, and why RTC was removed

WordPress 7.0 keeps AI Client, Connectors API, PHP-only blocks but drops real-time editing despite 52% storage gain. wp_ai_client_prompt() code and functions.php patterns.

Sugar YMP-01 thermal printer on M1 Mac: halftone + 1D 49 F0 nn density command

Tested on M1 Max: Floyd-Steinberg halftone + BLE pacing + a vendor-specific density command `1D 49 F0 nn` to print sharp photos on the Sugar YMP-01 thermal mini printer from Python.