Saturday, 06 June 2026
Ladybird closes public PRs over AI risks; Python JIT halted pending PEP; Microsoft open-sources pg_durable for PostgreSQL
Today's Lead
Ladybird
Changing How We Develop Ladybird
Ladybird browser is discontinuing public pull requests and transitioning to a maintainer-only code contribution model as it approaches its first alpha release. The team cites concerns about AI-generated code and the increased security risks facing production software that handles untrusted internet content. While the source code remains publicly available, external contributions will now be limited to bug reports, testing, design feedback, and security reports—a rare public stance against AI-assisted open-source contributions from a high-profile project.
Also today
Python Discourse
An Announcement from the Steering Council Regarding the JIT Project
The Python Steering Council has called for a Standards Track PEP to formally evaluate whether CPython's experimental JIT compiler should become an official supported feature. Until the PEP is accepted, no new JIT development can be merged to main, though bugfixes and security patches remain permitted. The Council set a flexible six-month timeline for PEP submission and expects the proposal to address maintenance sustainability, compatibility with existing CPython features, success metrics, and architectural stability.
Read →GitHub / Microsoft
pg_durable: PostgreSQL In-Database Durable Execution
Microsoft open-sourced pg_durable, a PostgreSQL extension that enables durable execution of long-running workflows directly within the database using a SQL-native DSL. It eliminates the need for external orchestration services such as Temporal or Conductor by providing checkpointing and recovery capabilities built into PostgreSQL, making it ideal for pipelines, batch ingestion, and scheduled maintenance tasks that require reliability guarantees without additional infrastructure.
Read →The Register
GOV.UK Goes Dutch on Payments as It Dumps Stripe
The UK's Government Digital Service has switched from Stripe to Dutch payment processor Adyen for GOV.UK Pay, securing a £25.3 million three-year contract affecting over 70% of organisations on the platform. The migration will move approximately 1,000 services to Adyen while WorldPay continues handling central government and NHS payments. The new arrangement enables "pay by bank" services using open banking, allowing direct bank transfers without card details across the 137.5 million annual transactions processed on the platform.
Read →Alexis Purslane
Statistical Analysis: Did Claude Increase Bugs in rsync?
A statistical analysis of whether Claude-assisted development introduced bugs into the rsync project finds no evidence of abnormality. By examining severity-weighted bug rates across 36 releases, the author found that the two Claude-containing releases fell within the historical distribution with p-values of 46% and 74%, directly refuting viral social media claims to the contrary. The author attributes the controversy to confirmation bias and pre-existing skepticism toward AI rather than actual data, offering a data-driven counterpoint to the ongoing debate about AI code quality.
Read →Gemma 4 QAT Models: Optimizing Compression for Mobile and Laptop Efficiency
Google released Gemma 4 model checkpoints optimized with Quantization-Aware Training (QAT), enabling efficient deployment on mobile devices and consumer hardware while preserving model quality. Unlike standard post-training quantization, QAT simulates the quantization process during training itself to minimize accuracy loss. The Gemma 4 E2B model has been compressed to under 1GB, with the optimized checkpoints available on Hugging Face and supported by llama.cpp, Ollama, and Transformers.js.
Read →University of Rochester
New Desalination Method Turns Ocean Water into Drinking Water Without Waste
Researchers at the University of Rochester have developed a solar-powered desalination system using laser-etched black metal panels that convert seawater into drinking water without producing toxic brine waste. The innovation uses "superwicking" surfaces to naturally direct salt deposits away from active areas while extracting nearly all available solar radiation. The recovered salts can be further processed to extract lithium for batteries, potentially addressing both water scarcity and critical mineral supply concerns simultaneously.
Read →Sumner Evans
Stop Using Conventional Commits
This post argues that Conventional Commits is a flawed standard that prioritizes commit type over scope—the author contends scope is more valuable for navigating history but is marked as optional in the spec. The author criticises the format for redundant type prefixes, and for failing to deliver on its promises around automated changelogs, semantic versioning, and secure build automation. The recommended alternative is scope-prefixed commits in the style used by Linux and Go (e.g., subsystem: description), placing the most useful navigation context first.
Read →404 Media
The U.S. Military Quietly Turned GPS Into a Global Numbers Station
A security researcher discovered that the U.S. military has been using GPS satellites to broadcast encrypted cryptographic keys since around 2007, functioning as a covert global "numbers station." By analysing over 12 million satellite observations, the researcher found that a 176-bit sequence in GPS signals contains Pentagon messages enabling military personnel worldwide to receive updated encryption keys via satellite. The system operates invisibly within publicly accessible GPS data that every civilian GPS receiver decodes.
Read →Simon Willison
OpenAI Launches ChatGPT Lockdown Mode to Block Prompt Injection Data Exfiltration
OpenAI has launched Lockdown Mode, rolling out across ChatGPT Free, Plus, Pro, and Business tiers, which prevents data exfiltration from prompt injection attacks by limiting outbound network requests. The feature directly addresses the "Lethal Trifecta" vulnerability—the combination of private data access, exposure to untrusted content, and an exfiltration channel—by blocking the final data-theft stage using deterministic controls rather than AI evaluation. As Simon Willison notes, the existence of the feature implicitly confirms that ChatGPT's default configuration offers limited protection against determined exfiltration attacks.
Read →