PEAKS No 53: Chat Control Returns, GhostLock Hits Linux, and Grok 4.5 Lands

Hi there!

I found a great books deal during a sustained, intentional and desired doomscrolling session: Linux: All The Things from O’Reilly via Humble Bundle. Link here. You can get up to 15 titles, including: “Learning Kali Linux”, “Linux System Programming” and “Linux Observability with BPF”. And to take advantage of all of these, here is a practical method for reading a book a week. I don’t believe it will work in this case :D.

🛡️ Security & Privacy

  • EU's Chat Control 1.0 quietly returns. Parliament failed by a narrow margin to block the Council's fast-tracked resurrection of the expired voluntary chat-scanning law, reviving suspicionless message scanning until 2028, while the permanent "Chat Control 2.0" regulation stays deadlocked over encrypted messaging. More | More | More
  • "Januscape" lets guests escape KVM hosts. A 16-year-old use-after-free in Linux's KVM shadow-paging code (CVE-2026-53359) lets a rogue VM crash or take over its Intel or AMD host in multi-tenant clouds; patches are rolling out now. More | More
  • "GhostLock" gives any Linux user instant root. A 15-year-old futex use-after-free (CVE-2026-43499), found by an AI bug-hunting tool, achieves 97% reliable root and container escape on nearly every mainstream distro; patch immediately. More
  • New EU cars must film your face — but not say where the footage goes. Mandatory driver-distraction cameras rolled out July 7, and murky retention rules leave privacy safeguards largely undefined despite GDPR's baseline protections. More
  • Accenture confirms breach after hacker lists stolen data. A threat actor calling itself "888" claims to be selling 35GB of Accenture source code, SSH keys, and Azure credentials; the firm says it was contained with no operational impact. More
  • "GitLost" tricked GitHub's AI agent into leaking private repos. A crafted public GitHub Issue used prompt injection to make GitHub's Agentic Workflows read and publicly post README contents from private repositories in the same org. More
  • The "first AI-run ransomware attack" still had a human boss. Sysdig clarified that while an AI agent handled the JadePuffer intrusion's technical execution end-to-end, a human still picked the victim, provisioned infrastructure, and supplied credentials. More

🛸 Tech

  • OpenPrinter wants to fix disposable printers. A repairable, refillable-cartridge printer/plotter built on open-source hardware and a Raspberry Pi Zero W, aiming to cut e-waste and ink costs. More
  • QuadRF sees WiFi through walls and tracks drones. This Raspberry Pi 5-powered phased-array radio does real-time RF beamforming and augmented-reality signal visualization for under $500. More
  • Debian 13.6 ships with a big security bundle. The "trixie" point release patches dozens of CVEs across Apache, curl, QEMU, and more, plus new Secure Boot CA update support via fwupd. More
  • protobuf-py brings a Pythonic Protobuf runtime. Buf's from-scratch, fully spec-conformant Protobuf library for Python ditches Google's C-binding ergonomics while matching its performance in real workloads. More

🤖 AI

  • Simon Willison's agent now records its own demo videos. His new shot-scraper video tool lets coding agents produce polished screen-capture demos from a YAML storyboard, built almost entirely by GPT-5.5 in Codex. More
  • 30 papers, Ilya Sutskever's reading list for John Carmack. A curated, plain-language-annotated collection of the foundational deep learning papers said to have shaped modern AI. More
  • Mistral's Robostral Navigate steers robots with one camera. An 8B-parameter model hits 76.6% on the R2R-CE navigation benchmark using only RGB input, beating rivals that rely on LiDAR or depth sensors. More
  • Anthropic and AE Studio test switchable "dangerous knowledge" modules. Their GRAM method isolates dual-use capabilities like virology or cybersecurity into removable model modules, approximating multiple filtered models from a single training run. More
  • xAI launches Grok 4.5 for coding and agentic work. Trained with Cursor, it claims strong SWE-Bench results, 80 TPS speed, and roughly 4x better token efficiency than rival frontier models. More

🛠️ Tools

  • Organic Maps and its community fork CoMaps. Two free, open-source, ad-free offline navigation apps built on OpenStreetMap data, with CoMaps forked from Organic Maps for fully community-driven development. More | More
  • PCBJam runs KiCad entirely in your browser. An early-access alpha lets you open and edit PCB projects with nothing installed and nothing uploaded to a server. More
  • Herdr is tmux for coding agents. This agent multiplexer runs persistent, remotely-attachable terminal sessions for Claude Code, Codex, and other CLI agents, with a socket API for orchestration. More
  • Kode Dot: a pocket-sized programmable maker device. ESP32-P4/C5 hardware with an AMOLED touchscreen, NFC, RFID, IR, and GPIO in a handheld form factor for makers and pentesters. More

📐 Misc

  • Donald Knuth's The Art of Computer Programming, still evolving. The legendary series' official homepage tracks new fascicles, errata, and translations — Volume 4C is now underway. More
  • What we still don't know about microplastics in our blood. A Yale interview with chemist Cassandra Rauert explains how lab contamination and false positives have overstated some findings — and debunks the "credit card a week" claim. More
  • Terence Tao revives 25-year-old Java applets with AI coding agents. The mathematician used modern agents to port his old visualization tools to JavaScript in hours, plus built new ones for special relativity and the Gilbreath conjecture. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan