Linux 7.2 targets August; an 18-year-old GPU bug surfaces; PQC lands in pip

An 18-year-old bug surfaces via GPU fleet telemetry, AI tooling is making engineers work more hours not fewer, and post-quantum crypto just became a single pip install — all in the same news cycle.

// SECURITY FOCUS

ML-KEM and ML-DSA land in pyca/cryptography, one pip install away

Trail of Bits shipped NIST-standard ML-KEM (key establishment) and ML-DSA (signatures) to pyca/cryptography on June 22 – the same day the White House ordered federal agencies to accelerate PQC migration. If your Python service does any key exchange or signing today, you now have a concrete upgrade path without pulling in a separate library. The hard part shifts from ‘where do I get PQC primitives’ to ‘which endpoints to migrate first’ – start with anything that signs long-lived credentials or negotiates session keys.

What to do: Run `pip show cryptography` across your services; anything on >=42.x can start a PQC migration branch now using ML-KEM-768 for key exchange.

  1. Core dump epidemiology: fixing an 18-year-old bug at OpenAI — OpenAI Blog · Jun 30
    OpenAI engineers correlated large-scale core dumps across their GPU fleet to isolate rare infrastructure crashes, turning up both a hardware fault and a software bug that had been lurking for 18 years. The methodology – treating core dumps as a population-level signal rather than one-off artifacts – is directly portable to any fleet running custom kernels or ML runtimes.
  2. AWS CloudFormation Express mode cuts deployment confirmation to seconds — AWS News Blog · Jun 30
    AWS CloudFormation Express mode skips post-provisioning stabilization checks and marks a deployment complete as soon as resource configuration is applied, cutting deployment time by up to 4x according to AWS’s own benchmarking. The article’s concrete numbers: an SQS queue with DLQ drops from 64 seconds to ~10 seconds, and deleting a Lambda with a network interface attachment drops from 20-30 minutes to ~10 seconds. No template changes are needed – just pass `–deployment-config ‘{“mode”: “EXPRESS”}’` via CLI, CDK’s `–express` flag, or the console toggle. The catch worth noting: rollback is disabled by default in Express mode, so failed production deployments won’t auto-revert unless you explicitly set `disableRollback: false`. Resources keep stabilizing in the background after CloudFormation signals completion, which is fine for iterative dev workflows but means you shouldn’t use this mode anywhere traffic shifts depend on full resource readiness. Available now in all commercial regions at no extra cost.
  3. Linux 7.2 features: cache-aware scheduling, USB4STREAM, AMD ISP4 — Phoronix · Jun 30
    Linux 7.2 is targeting an August release and brings several notable changes across the 43-million-line codebase. The headline additions are Cache Aware Scheduling for better task placement on CPUs with multiple last-level cache domains, USB4STREAM for direct data transfers between systems over USB4/Thunderbolt, and the AMD ISP4 driver finally landing in mainline – enabling the webcam on the HP ZBook Ultra G1a and similar high-end Ryzen laptops. On the performance side, an MGLRU improvement shows 30-100% higher throughput for MongoDB in benchmarks, and /proc/filesystems reads are up to 444% faster. Apple M3 can now boot a mainline kernel but isn’t practically usable yet. Intel TDX gains live security update support without reboots, and AMDGPU picks up initial HDMI 2.1 FRL support. The kernel team also introduced new guidelines to limit further filesystem proliferation – a policy call worth watching if you maintain out-of-tree filesystems.
  4. AI coding is addictive. Engineers are paying the price — LeadDev · Jun 30
    LeadDev’s Engineering Leadership Report 2026 finds AI coding tools are making engineers work more, not less — 45% report longer hours than a year ago, up from 38% in 2025, with the sharpest jump among staff-and-above engineers (53% vs. 28% in 2025). Burnout is tracking the same direction: 49% of engineers feel emotionally drained weekly, up from 39%, and CTO emotional exhaustion jumped 30 percentage points in a single year. The behavioral mechanism is the slot-machine pattern of intermittent rewards — most prompts are routine, some fail, and occasional wins keep users prompting past any natural stopping point. Steve Yegge, who publicly backs AI as a productivity multiplier, admits the effect has him working outside normal hours and crashing from fatigue. The practical fixes suggested in the article are deliberate rather than restrictive: time-box sessions with a hard stop before opening the tool, keep exploratory prompting separate from shipping work, and treat recovery as maintenance rather than optional.
  5. Claude Science is Anthropic’s newest flagship product — MIT Technology Review AI · Jun 30
    Anthropic launched Claude Science, a standalone agentic research product aimed at computational biology and drug development, positioned at the same tier as Claude Code and Claude Cowork. Like Claude Code, it takes high-level instructions and works autonomously – writing and running code on HPC clusters, interfacing with genetics and protein biology toolsets, and prioritizing reproducibility so scientists can trace any result back to its source. It’s available now to all paid Claude subscribers. The article notes John Jumper – who shared the Nobel Prize for AlphaFold – recently left DeepMind for Anthropic, and Harvard physicist Matthew Schwartz estimated Opus 4.5 performs roughly at the level of a second-year grad student on scientific tasks. Anthropic is also using Claude Science for its own drug discovery research into neglected diseases, which the article reads partly as real-world validation work and partly as a signal to pharma companies with deep pockets – handy timing as Anthropic eyes an IPO later this year.

// In other news

ai

  • What’s new in Claude Sonnet 5 (Simon Willison) · Jun 30 — Claude Sonnet 5 ships with extended thinking, a 200K context window, and improved tool use — Simon Willison’s notes cover what actually changed versus Sonnet 4.
  • Introducing GeneBench-Pro (OpenAI Blog) · Jun 30 — OpenAI released GeneBench-Pro, a genomics benchmark using real-world datasets to test AI on biology tasks — useful baseline for evaluating bio-focused model claims.
  • shot-scraper 1.10 (Simon Willison) · Jun 30 — shot-scraper 1.10 adds a `video storyboard.yml` command that lets AI agents record timestamped browser screencasts — handy for debugging and demoing agent runs.
  • Quoting Anthropic (Simon Willison) · Jun 30 — US Department of Commerce lifted export controls on Claude Fable 5 and Mythos 5, removing a distribution constraint that had blocked international deployments.
  • ScarfBench: Benchmarking AI Agents for Enterprise Java Framework Migration (Hugging Face Blog) · Jun 30 — IBM Research’s ScarfBench benchmarks AI agents on real enterprise Java framework migrations — one of few evals grounded in a concrete, painful production task.

cloud

culture

dev

iac

k8s

linux

obs

sec

  • The Realities of AI Video Surveillance (Schneier on Security) · Jun 30 — Schneier links an FT investigation into AI video surveillance deployments in Israel/Iran and Russia conflicts — real-world signal on where the capability gap between vendor claims and battlefield use actually sits.

sre

web

18-year-old bug, 43-million-line kernel, one pip install away from post-quantum crypto — not a slow week.

Leave a comment