open source
Top in open source
Safetensors vs Pickle: Why Hugging Face Chose It After the Security Audit
A Trail of Bits audit cleared Safetensors as the Hub's default weights format, closing the load-time code execution vector that pickle-based PyTorch checkpoints carry.
ossHugging Face Is Absorbing Computer Vision Into Vision-Language Models
Computer vision is consolidating onto vision-language models on Hugging Face's Hub, so practitioners must prove each checkpoint does what its Model Card claims.
Akrites Defends Open Source Code, Not in Court: What It Can and Can't Do
Akrites, launched June 25 by the Linux Foundation, is a vulnerability-coordination body that pledges to patch abandoned packages, not a legal defense fund for maintainers.
ossEmotion Vectors Replicate in Open-Source LLMs, but Steering Is Unproven
A June 2026 preprint shows the open-weight models Apertus-8B and Gemma-4-E4B encode emotion vectors at r=0.76 to 0.83, but does not prove steering controls behavior.
ossOpen-Source AI Adoption Index Uses Chat Logs and O*NET Data to Replicate Frontier-Lab Studies
A 2026 arXiv preprint open-sources an AI adoption index from chat logs and O*NET data; finance, CS, and arts top adoption. AI passes workflows but errs on specific tool calls.
ossOpenKnowledge Keeps Markdown Local but Routes the Vault to Cloud Coding Agents
OpenKnowledge is a GPL-3.0 markdown editor whose built-in MCP server hands local vault files to cloud coding agents. Local storage survives; local-only inference does not.
ossCost and Access, Not Ideology, Drive Open-Weight Chinese Model Adoption
The shift toward open-weight Chinese models runs on cost and access, not openness. Operators inherit the work of vetting provenance, licenses, and benchmark reproducibility.
ossBot-Account Lookups Miss 97% of AI Coding Agent Commits, 180M-Repo Census Finds
A 180-million-repo census finds bot-account lookups miss 97% of Claude Code commits, a 30x recall gap that makes prior AI-agent adoption estimates a floor.
- jun 22ossOpenAI's Patch the Planet Is Security Capacity for Nine Projects, Not Sustainability Funding
- jun 22ossMiniMax M3 Claims GPT-5.5-Beating Code With 1M Context and Open Weights
- jun 20ossLithuania's Open-Source Drone-Detection Network Signals an Air-Defense Shift
- jun 20ossNLnet's Grant Model Diverges From VC-Backed Open Source
- jun 20ossAdam's Open-Source AI CAD Claim Lacks a Confirmed Repo or Accuracy Benchmark
- jun 20ossEpic Open-Sources Lore, a VCS Pitched at Git's Scaling Ceiling
- jun 15ossZhipu Open-Sources GLM-5.2 Under MIT While Anthropic Tightens Model Access
- jun 08ossDuckDB Queries Hugging Face Parquet Files Over HTTP Without Downloads
- jun 01ossOpen-Source Workspace Suite tinycld Takes On Google and Nextcloud
- jun 01ossDARPA's AIxCC Postmortem: What Autonomous Cyber Reasoning Systems Got Right and Wrong
- jun 01ossAn Open-Source Home Camera That Encrypts End-to-End Instead of Trusting Ring
- jun 01ossYour Open-Source License Won't Stop Someone Phishing With Your Code
- may 29ossAn Open-Source 80386 Rebuilt Around Intel's Original Microcode
- may 28ossModels.dev Turns Scattered AI Model Pricing Into One Open Database
- may 27ossFrontier AI Has Broken Open CTFs: Why Claude Code Now One-Shots Medium Pwn Challenges
- may 27ossAudiomass Adds Multitrack to the Browser-Only Open-Source Audio Editor
- may 25ossOne Coding Agent Per Kanban Card: Kanbots Stress-Tests Parallel AI Workflow
- may 25ossMicrosoft Open-Sources the Earliest Known DOS Source Code: What 1980 Tim Paterson 86-DOS Reveals
- may 24ossNesbitt's Open Source Death Taxonomy Exposes a Health Score Blind Spot
- may 24ossColorado SB051 Carves Out Open Source From Age Verification After Maintainer Backlash
- may 24ossColorado SB26-051 Shields Non-Commercial Open Source by Omission, Not by Design
- may 23ossFiles.md Bets on Plain Markdown Folders as the Obsidian Exit Ramp
- may 22ossNx Console 18.95.0 Compromise Hides a Multi-Stage Credential Stealer in an Orphan Commit
- may 17ossOppo Open-Sources X-OmniClaw: Edge-Native Android Agent That Runs Vision and OCR On-Device
- may 17ossNVIDIA Open-Sources SANA-WM: 60s 720p Video From One RTX 5090 With Hybrid Linear Attention
- may 17ossBrowserAct Open-Sources Stealth Browser Engine with 93% Token Reduction Claim
- may 16ossFisker Owners Open-Source the Ocean EV: CAN Bus Maps, Home Assistant, and the Flying Doctors Network
- apr 28osspgBackRest Is No Longer Maintained: PostgreSQL Backup Alternatives After the Project Stalls
- apr 27ossfree-claude-code Routes Claude Code Through NVIDIA NIM and Local Models After Anthropic's CLI Ban
- apr 23ossInside Rowboat's Knowledge Graph: Why an Obsidian-Compatible Vault Sidesteps Vector DBs for Personal AI Memory
- apr 22ossHugging Face's Spring 2026 Report: China 41% of Downloads, Industry Share Collapses From 70% to 37%
- apr 22ossNeural Computers From MetaAuto: Video Models Can Replace Shell Interpreters, But Not Stateful Tasks
- apr 19ossGitHub CLI's `gh skill` Command: One Standard to Rule Claude Code, Copilot, Cursor, and Gemini
- feb 20ossKeep Android Open: F-Droid's Fight Against a Locked-Down Mobile Future
“Open source” stopped being a binary the moment vendors learned to weaponize the label. A model release with a revenue cap is not Apache 2.0. An app whose core is closed but whose plugin API is public is not a community project. A repository archived on Friday and revived on Monday by a sponsor coalition is not the same artifact it was a week earlier. This beat covers the gap between what a license header claims and what the code, the maintainers, and the governance actually permit.
The through-line is durability under pressure. Supply-chain compromises ride into editors through orphan commits and signed-but-malicious packages. Health dashboards miss the bot-maintained zombies and the burned-out solo committers. Owners of bankrupt vendors reverse-engineer CAN buses and cloud APIs to keep their hardware alive. Regulators draft age-verification and platform-distribution rules that exempt non-commercial code by accident rather than design, and the carve-outs hold only until someone tests them in court. Each story is a stress test on the assumption that “the code is out there” is enough.
We cover open-weight model drops, self-hostable alternatives to closed SaaS, license arbitrage, packaging-ecosystem attacks, and the policy fights that decide which licenses survive contact with commercial reality — but always with the same question underneath: if the upstream walks away tomorrow, what do you actually own?