Mirko Caserta has released Bruce 2.0, a library that wraps JCA with a clean API. Bruce takes the agony of all the nuts and bolts of security and, well, fixes it. Security libraries earn trust slowly and should - this is not the domain where "looks good to me" is sufficient due diligence, but the reduced API surface might be a good thing for the normative case.
EclipseLink 5.0.0 has been released. EclipseLink is the reference implementation for Jakarta Persistence, and is the standard implementation for many application servers; this release updates some really useful features, like JPQL updates and outdating some APIs that need to be sunset.
The software industry has a short memory. Every generation of tooling has made the same promise: let the machine handle implementation so humans can focus on the problem, in mostly disappointing ways. Now LLMs are making the same pitch, and the instinct is to either panic or sneer. Both responses miss the point. What changed isn't the promise - it's how much of it is actually being kept. The question worth asking isn't whether to adopt, but how to do it without hollowing out the understanding that makes the tools useful in the first place.
The OpenJDK team has released Java 26 - a non-LTS release, but one that supports some important language and API updates, along with some potentially useful ahead-of-time updates for garbage collection and runtime caching. Language updates include progress towards making final mean final - at last - and adding HTTP3 and QUIC support.
ByteCode.News now has an integrated MCP server, providing read-only access to the factoid database, taxonomies, and post content.
Bram Cohen, creator of BitTorrent, has released "Manyana," a version control system with a new way of tracking changes that reduces the impact of merges to something more manageable and coherent. It's only a proof-of-concept as a VCS, not a replacement of Git, but looks interesting.
RasKrebs' sonar is a CLI tool for inspecting and managing everything listening on localhost ports. The name is overloaded, and badly, but the tool works well. So they built something more suitable for their purposes. sonar list gives you ports, process names, Docker container names, Compose projects, CPU/memory usage, and clickable URLs in one shot.
Tela is a remote-access fabric built around encrypted WireGuard tunnels relayed over WebSocket, with no TUN device and no admin privileges required on either end. That implies that spinning up a Tela network has a relatively light administrative burden in terms of system permissions. The access levels required makes it interesting: Tela is not "just another tunnel,” but a userspace tunnel that would be appropriate for all kinds of constrained access deployments.
Addy Osmani put out an essay called "Comprehension Debt - the hidden cost of AI generated code." The problem is that AI can indeed generate code incredibly quickly - but it's more quickly than humans can integrate or understand, or evaluate. The result is a codebase that "works" - code created with "just make the tests pass, please" - but that humans don't understand, and cannot or do not review.