Quiet weekend, but systemd v261 and the AUR supply-chain saga both deserve your attention before Monday standup.

1. Systemd v261 ships IMDS subsystem, boot secrets, and kexec handover support — LWN.net · Jun 19
   Systemd v261 is out with three headline additions: a cloud IMDS subsystem for interacting with instance metadata services, a “boot secret” mechanism aimed at machines without a physical TPM, and early support for the kernel’s Live Update Orchestration / Kexec Handover (KHO) feature when it’s enabled. The IMDS subsystem standardises how userspace talks to cloud metadata endpoints, which matters on VM fleets where ad-hoc curl-to-169.254.169.254 scripts currently do that job. Boot secrets give TPM-less systems a path to secrets tied to a specific boot, though the tradeoffs versus a real TPM aren’t spelled out in the release notes. KHO support is the most speculative piece – the kernel feature itself is still maturing, so this is plumbing for a future where live kernel updates don’t require a full reboot cycle.
2. Kumar Kartikeya Dwivedi’s work on BPF programs as coroutines — LWN.net · Jun 19
   BPF programs currently must run to completion in the context they started – Kartikeya Dwivedi’s coroutine proposal lifts that constraint, making long-running BPF tasks expressible without the current trampoline gymnastics. Still experimental, but the LSF/MM/BPF Summit write-up has enough detail to evaluate the tradeoffs.
3. Netflix VMAF v1: why their existing perceptual quality metric wasn’t good enough — Netflix TechBlog · Jun 19
   Christos Bampis and the Netflix video algorithms team detail where the original VMAF model fails – particularly on grain, animation, and short-form content – and what changed in v1 to fix per-frame score instability. Relevant if you’re running codec comparisons or building encode quality gates.
4. Four ingestion bugs that silently wreck Laravel RAG retrieval — Freek Van der Herten · Jun 19
   Freek Van der Herten documents four ingestion-time bugs that silently degrade Laravel RAG retrieval with no exceptions or failed tests to signal the problem. First, naive chunking can sever a sentence mid-answer, dropping answer@1 while source hit@1 still looks fine. Second, building an HNSW index with vector_l2_ops while querying with cosine <=> causes Postgres to silently ignore the index and full-scan every row – Laravel 13’s whereVectorSimilarTo() hardcodes <=>, making this mismatch easier to hit than ever. Third, baking the embedding dimension into the vector(1536) column means any attempt to shrink storage requires a migration plus a full re-embed, and skipping it quietly tanks retrieval to 47%. Fourth, ingesting and querying with different embedding models turns every distance score into noise. All four bugs are demonstrated with real code verified against laravel/ai v0.7.2 and pgvector, with an eval suite to prove the regressions and a full repo to clone.
5. zlib-rs 0.6.4 fixes Intel Raptor Lake crash, adds SIMD optimizations — Phoronix · Jun 21
   zlib-rs 0.6.4 ships three notable fixes alongside minor SIMD tuning. The Intel Raptor Lake crash – caused by a specific MOVB pattern triggering memory corruption – is now worked around at the library level (newer LLVM/Clang also patches it upstream). An off-by-one integer overflow in the AArch64 NEON Adler32 path was producing incorrect checksums, leaving x86_64 AVX2/AVX-512 and scalar paths unaffected. The release also adds a VNNI ILP trick for AVX-512 that shows slightly better throughput on AMD Zen 5, an optimized CRC32 for LoongArch64, and CI improvements. If you’re running zlib-rs on Raptor Lake or AArch64 hardware, this update is not optional.

---

// In other news

Stay safe out there – and maybe check your AUR packages before coffee.