What Edu is reading this week (May 17 - 23, 2026)

Heavy FreeBSD week — a new kernel LPE (CVE-2026-45250), a decade-long Ubuntu migration story, and OpenBSD 7.9 out. Also: Flipper One opens up community development, a self-healing WireGuard mesh, and tools for stripping AI watermarks.

AI, Agents & Tools

• microsoft/AI-Engineering-Coach: Microsoft’s toolkit for better agentic engineering — patterns, prompts, and workflows aimed at improving what AI agents actually do, not just how they’re wired up.
• automateyournetwork/netclaw: AI agent that interrogates your network — polls devices, collects data, and answers questions about your infrastructure through a conversational interface.
• MinishLab/semble: Fast semantic code search for AI agents — claims ~98% fewer tokens than grep+read while maintaining accuracy. Useful for agentic coding pipelines navigating large repos.
• wiltodelta/remove-ai-watermarks: CLI and library for stripping visible (Gemini) and invisible (SynthID, C2PA, EXIF) AI watermarks from images.
• A new generation of ads for the AI era of Search: Google announces new ad formats built with Gemini inside AI-powered Search — ads are now embedded in the AI overview, not just the sidebar.
• We let AIs run radio stations: HN thread on fully AI-run radio stations — automated programming, DJ banter, and song selection, with the usual community debate around what this means for human radio.
• DecayDock – AI Smart Fridge Companion / DecayDock: The Tiny AI Device That Combats Food Waste: ESP32-CAM + TFT display that tracks food freshness in your fridge using local AI. The Instructables post has the build; Hackster covers the concept.

Security

• FatGid - FreeBSD 14.x kernel LPE / venglin/setcred: CVE-2026-45250: A four-byte type confusion in a credential-handling syscall yields a root shell on FreeBSD 14.x. The landing page is concise; the PoC repo has the full exploit code.
• 0xdeadbeefnetwork/ssh-keysign-pwn: Exploits the ptrace_may_access mm-NULL bypass + pidfd_getfd to steal SSH host private keys and /etc/shadow on pre-31e62c2ebbfd kernels.
• pocs/fragnesia: PoC from v12-security’s collection — details are sparse in the repo description, worth tracking if you follow their work.
• Alcoholless / AkihiroSuda/alcless: Lightweight security sandbox for macOS — restricts network and filesystem access for Homebrew packages, AI agents, and other untrusted programs without needing a VM.

Cloud, Kubernetes & Infrastructure

• cgroups: From Chaos to Control: Deep dive into Linux cgroups v1 vs v2 — the history, the architectural differences, and what it means for Kubernetes workloads. Solid foundation piece.
• encodeous/nylon: Self-healing WireGuard mesh — reroutes around failures in seconds with no coordination server and no cloud dependency. Fully FOSS.
• alebeck/boring: Minimal SSH tunnel manager with config-file-defined named tunnels and auto-reconnect. Does one thing well.
• ttlequals0/MinusPod: Self-hosted server that strips ads from podcast feeds before playback — no client-side plugins required, works with any podcast app.

Linux & Systems

• OpenBSD 7.9: OpenBSD 7.9 released — new hardware support, kernel improvements, and the usual security hardening pass.
• The FreeBSD Project: FreeBSD.org got a redesign — worth a look if you haven’t visited in a while.
• This blog ran on Ubuntu 16.04 for 10 years. I migrated it to FreeBSD: Migration notes from a decade on Ubuntu 16.04 to FreeBSD on Hetzner — covers jails, Bastille, Caddy reverse proxy, and cross-continent load testing results.
• Announcing Web Serial Support in Firefox: Firefox 151 ships the Web Serial API for desktop — browsers can now talk directly to microcontrollers, 3D printers, power meters, and other serial-connected hardware.
• clefspear/starcommand: Generative terminal greeting — spawns a unique, deterministic rocket artwork on every new shell session across bash, zsh, fish, and PowerShell.

Development & Tools

• Slumber: TUI HTTP client — define, execute, and share configurable HTTP requests from the terminal. Requests live in config files, so they’re version-controllable.
• zakirullin/files.md: Personal knowledge system built on plain .md files — no app lock-in, no database, just directories and text.
• indaco/malt: Fast Homebrew alternative for macOS — warm installs in milliseconds, post_install scripts that actually run. Drop-in replacement.

Hardware, Electronics & Fun

• Flipper One — we need your help / Tech specs - Flipper One: Flipper opens up Flipper One development to the community — a full Linux cyberdeck in Flipper form factor. The tech specs page has the hardware breakdown.
• BlueSCSI Images: Curated disk images for BlueSCSI v2, with a dedicated Macintosh section — useful if you’re running BlueSCSI in a vintage Mac and want pre-built system images.
• Was my $48K GPU server worth it?: An independent researcher’s honest accounting of building a 6×6000 Ada GPU server after leaving FAANG — build notes, problems encountered, and whether the investment paid off for AI research.
• andrzej3393/oldputer: ESP32 + WeAct 4.2" e-paper display built to look like a vintage computer — retro aesthetic, low power, interesting case design.
• kageroumado/phosphene: Video wallpaper engine for macOS Tahoe — plays video files as your desktop background, a feature macOS doesn’t support natively.
• Capsolver: AI-powered CAPTCHA solving service — supports reCAPTCHA, Cloudflare, AWS WAF, OCR, and more. Worth knowing about for automation and testing workflows.