Debian 12 exits regular support, Bun moves to Rust, and a 29-year-old Squid bug finally gets a name.
// SECURITY FOCUS
29-year-old Squid proxy bug “Squidbleed” leaks HTTP requests
Squid is still the default forward proxy in a surprising number of internal corporate networks and container egress setups – if you haven’t audited what’s running on port 3128, this is the push. The bug leaks HTTP request content, which in a forward-proxy position means credentials and session tokens in cleartext headers are in scope.
What to do: Check `squid -v` on any forward-proxy hosts this week and verify you’re on a patched release; the original advisory is via The Hacker News linked from Schneier’s post.
- Debian 12 “Bookworm” regular security support ends, LTS team takes over — Debian News · Jul 12
As of July 12, 2026, Debian 12 “Bookworm” exits regular security support and the LTS team takes over, extending coverage through June 30, 2028. Users who can should upgrade to Debian 13 “Trixie”; those stuck on Bookworm get two more years of patches across amd64, i386, arm64, armhf, and – new for LTS – ppc64el. Not every package is covered: run debian-security-support to identify gaps. Separately, Debian 11 “Bullseye” LTS hits end-of-life August 31, 2026, so anyone still on Bullseye needs to move now. - Bun is rewriting itself in Rust, moving away from Zig — Freek Van der Herten · Jul 10
Jarred Sumner explains that Bun is migrating its codebase from Zig to Rust after persistent memory safety problems caused by mixing GC and manual memory management. The rewrite is being done mechanically, driven by the existing test suite, with Claude handling much of the translation work so the team doesn’t have to freeze feature development for a year. The source article is a short pointer to the original post on bun.com, so the full reasoning is there rather than here. - GitHub: better Copilot code-review tools made quality worse, then they fixed it — GitHub Engineering · Jul 10
GitHub’s Copilot code review team swapped its custom code-exploration tools for the shared Unix-style tools (grep, glob, view) already used by Copilot CLI, expecting a clean win on maintenance overhead. Instead, benchmarks showed higher review cost and fewer useful comments caught – not because the tools were worse, but because their instructions implied a broad “explore the repo” workflow rather than a reviewer’s “start from the diff, narrow fast” workflow. Rewriting the tool instructions to match how a reviewer actually investigates a pull request – grep and glob first to narrow, view only when a specific file or line range is identified, batch searches before reads – flipped the regression into roughly 20% lower average review cost while holding quality steady. The same focused instructions applied to Copilot CLI didn’t produce the same gain, which is the useful counterexample: shared tools work across products, but the workflow instructions have to match the job. The broader point, written up by engineer Napalys Klicius, is that tool descriptions for LLM agents are closer to API contracts than implementation details – vague prompting changes what the agent notices, how much context it carries, and when it decides it has enough evidence. - Realtek RTL8723BS WiFi driver hardened against malicious access points in Linux 7.2-rc3 — Phoronix · Jul 12
Alexandru Hossu patched multiple out-of-bounds memory read/write conditions in the RTL8723BS staging driver, triggered by malformed over-the-air frames from a malicious access point – no user interaction beyond connecting to a rogue AP required. The flaws have existed since the driver entered Linux staging in 2017, so roughly eight years of kernels are affected. The fixes land in Linux 7.2-rc3 and will be back-ported to stable branches. The RTL8723BS is an 802.11 b/g/n SDIO chip with Bluetooth 4.0 found in a wide range of embedded and low-cost devices, so the exposure surface is broad even if each individual device seems obscure. - Datadog on making agentic token costs visible in production — Datadog Blog · Jul 10
Datadog’s 2026 State of AI Engineering report found that token usage per request more than doubled for median customers year-over-year and quadrupled for 90th-percentile users across Datadog-monitored services. The article breaks down where agentic token costs actually accumulate – tool schemas loaded on every call regardless of relevance, unbounded session history in multi-turn ReAct-style agents, and redundant retrieval loops that inject duplicate chunks into context. Fixes include trimming tool catalogs to only what the current task needs, using sliding-window or summarization-based history compaction, and deduplicating retrieval chunks across loop iterations – but the article is clear that none of these are verifiable without span-level token instrumentation in place first. The practical guidance is to capture input vs. output token splits at the individual span level, not just aggregate dashboards, since aggregate figures hide the compounding behavior. This is a Datadog product post, so the observability tooling it recommends is their own – but the diagnostic framing around tool schema bloat and session history growth applies regardless of what you use to instrument it.
// In other news
ai
- sqlite-utils 4.1.1 (Simon Willison) · Jul 12 — sqlite-utils 4.1.1 patches an edge case caught by Claude in code review – a small but concrete example of LLM-assisted library QA catching a real bug.
- Fable gets another bump (Simon Willison) · Jul 12 — GPT-5.6 Sol matching Fable/Mythos capability benchmarks has pushed Anthropic to again delay their AGI timeline estimate – second public revision this year.
- Profiling in PyTorch (Part 3): Attention is all you profile (Hugging Face Blog) · Jul 10 — Part 3 of HuggingFace’s PyTorch profiling series focuses on attention mechanisms – worth reading if you’re benchmarking transformer inference and need flame graph baselines.
cloud
- Improving Smart Tiered Cache for Public Cloud Regions (Cloudflare Blog) · Jul 10 — Cloudflare’s Smart Tiered Cache now lets you specify your origin’s cloud region (AWS, GCP, Azure, OCI) to pick the geographically closest upper-tier PoP, cutting cache-miss latency for region-anchored origins.
k8s
- How Talos Omni makes Talos Linux more secure (Sidero Labs) · Jul 10 — Sidero Labs details how Talos Omni extends node-level attack surface reduction across fleet enrollment, encrypted management traffic, and secret handling – useful reading before adopting Omni in prod.
linux
- Updated Debian 13: 13.6 released (Debian News) · Jul 11 — Debian 13.6 (Trixie) ships the latest security fixes and reverts a GeoIP database change that broke geolocation-dependent configs – patch now if you’re on Trixie.
- Updated Debian 12: 12.15 released (Debian News) · Jul 11 — Debian 12.15 is the final point release of Bookworm as it transitions to oldstable – last chance to catch security fixes before the support model shifts.
- LLVM Merges x86 LFI “Lightweight Fault Isolation” Target For In-Process Sandboxing (Phoronix) · Jul 11 — LLVM merges Stanford’s x86 LFI target for in-process sandboxing, following the AArch64 version – native code isolation without a separate process, relevant for plugin hosts and browsers.
- Linux 7.2-rc3 Released: Close To The “New Normal” (Phoronix) · Jul 12 — Linux 7.2-rc3 is out with slightly higher commit rates than prior RCs but still tracking toward a stable August release – good moment to regression-test driver patches.
- Mesa’s Rusticl Now Enables Arm Mali Panfrost Driver Support By Default (Phoronix) · Jul 11 — Mesa’s Rusticl OpenCL runtime now enables Arm Mali Panfrost by default, meaning Mali GPU compute workloads should just work on supported boards without manual driver config.
sec
- AI Surveillance and Social Progress (Schneier on Security) · Jul 10 — Schneier argues that near-term AI surveillance capable of tracking all public activity creates a structural threat to protest and dissent – grounded policy analysis, not speculation.
sre
- Measuring the Impact of Personalized Recommendations (Netflix TechBlog) · Jul 10 — Netflix researchers describe their causal inference methodology for measuring recommendation impact at scale – the experimental design details are what make this worth reading, not the results.
web
- Passwordless Sign-In with Fortify Two-Factor Support in Laravel (Laravel News) · Jul 10 — Walkthrough of wiring Laravel Fortify for passwordless login while preserving TOTP two-factor auth – covers the non-obvious session/pipeline ordering issue most tutorials skip.
- A tour of my dotfiles (Freek Van der Herten) · Jul 10 — Freek Van der Herten’s dotfiles tour covers PHP/Laravel-specific aliases and shell tooling – worth a skim if you work in that stack and want to steal a few time-savers.
Stay patched, stay skeptical – see you Monday.

Leave a comment