Judge blocks Pentagon's attempt to label Anthropic a supply chain risk, Apple discontinues the Mac Pro, and LiteLLM suffers a PyPI supply chain attack

9to5Mac

Apple Discontinues the Mac Pro with No Plans for Future Hardware

Apple has officially discontinued the Mac Pro, its high-end professional desktop workstation that had remained largely unchanged since its 2019 redesign. The company found itself unable to justify updating the aging machine, particularly as its Mac Studio with M3 Ultra now offers comparable performance at a better value proposition. With macOS Tahoe's new RDMA over Thunderbolt 5 support, Apple is positioning multiple clustered Macs as the alternative for users who previously relied on Mac Pro's extreme computing power.

FutureSearch

Minute-by-Minute: Responding to the LiteLLM PyPI Supply Chain Attack

A detailed account of discovering and responding to a PyPI supply chain attack targeting the litellm package (v1.82.8). The malicious package contained a .pth file that auto-executed on Python startup, exfiltrating sensitive credentials like SSH keys and AWS secrets. The investigation used Claude Code to identify the payload and confirm the compromise within 72 minutes, resulting in credential rotation and coordinated disclosure to PyPI and LiteLLM maintainers.

GitHub Blog

GitHub Actions 2026 Security Roadmap: Dependency Locking, Policy Controls, and Egress Firewalls

GitHub is rolling out three major security initiatives to protect CI/CD pipelines from supply chain attacks. The roadmap includes workflow dependency locking that locks direct and transitive dependencies using commit SHAs for reproducible workflows, policy-driven execution controls to centrally govern who can trigger workflows and which events are permitted, and infrastructure visibility improvements with near real-time execution telemetry and native egress firewalls for GitHub-hosted runners. These features address recent attacks on projects like tj-actions and Nx that exploited vulnerable CI/CD dependencies and unrestricted network access.

Reco

We Rewrote JSONata with AI in a Day, Saved $500K/Year

Reco's engineering team used AI to rebuild their JSON transformation pipeline by creating gnata, a pure-Go implementation of JSONata. Built in seven hours with just $400 in AI token costs, the new library eliminated the expensive infrastructure required to run thousands of jsonata-js pods on Kubernetes, delivering a 1,000x speedup on common expressions. The solution reduced annual infrastructure costs by $500K while processing billions of events in production.

Cloudflare Blog

A One-Line Kubernetes Fix That Saved 600 Hours a Year

Cloudflare discovered that their Kubernetes Atlantis deployment was taking 30 minutes to restart due to Kubernetes recursively changing file permissions on millions of files stored in a persistent volume. By adding a single configuration line (fsGroupChangePolicy: OnRootMismatch) to their pod's security context, they changed the default behavior from modifying permissions on every mount to only when necessary. This reduced restart times from 30 minutes to 30 seconds, reclaiming approximately 600 hours of engineering time annually that was previously blocked waiting for pod restarts.

OpenTelemetry

OpenTelemetry Profiles Enters Public Alpha

OpenTelemetry's Profiles signal has reached public Alpha status, establishing an industry-wide standard for continuous production profiling alongside the existing traces, metrics, and logs signals. The feature includes an eBPF-based profiler reference implementation and integrates with the OpenTelemetry Collector ecosystem, enabling profiling data correlation with traces. While the format supports existing tools like pprof and efficient data normalization, it remains in Alpha and is not yet recommended for critical production workloads.

GitHub

ATLAS: $500 Consumer GPU Outperforms Claude Sonnet on Coding Benchmarks

ATLAS is a self-hosted AI system that enables smaller language models to compete with frontier API-based models through intelligent infrastructure rather than fine-tuning. Using a frozen 14-billion parameter model on consumer hardware (RTX 5060 Ti), it achieves 74.6% pass rate on coding tasks through a multi-phase pipeline featuring constraint-driven planning, energy-based verification, and self-verified repair. The system operates entirely on-device with no API dependencies and costs approximately $0.004 per task compared to $0.04–$0.07 for API alternatives.

LeadDev

The Latest Tech Layoffs Have All the Hallmarks of AI Washing

Tech companies are increasingly using "AI washing" to justify recent mass layoffs, deploying artificial intelligence transformation as convenient cover for workforce reductions. Rather than implementing genuine AI-driven restructuring, companies are leveraging the current AI boom narrative to mask traditional cost-cutting measures. The article focuses on recent layoffs at Block and Atlassian, arguing that the actual connection between stated AI strategy and headcount decisions warrants much closer scrutiny.

Fedora Community Blog

Fedora Moves from Pagure to Forgejo

Fedora has completed its migration from Pagure — its long-standing self-hosted Git forge — to Forgejo, the community-governed fork of Gitea. The move brings a modern, actively maintained interface and ecosystem to Fedora's development infrastructure, with full compatibility with existing git workflows and improved tooling for contributors. The migration reflects a broader trend of open source projects prioritizing community-controlled infrastructure over unmaintained or commercially-driven alternatives.