InfoQ Homepage Open Source Content on InfoQ
-
TigerFS Mounts PostgreSQL Databases as a Filesystem for Developers and AI Agents
TigerFS is a new experimental filesystem that mounts a database as a directory and stores files directly in PostgreSQL. The open source project exposes database data through a standard filesystem interface, allowing developers and AI agents to interact with it using common Unix tools such as ls, cat, find, and grep, rather than via APIs or SDKs.
-
Swift 6.3 Stabilizes Android SDK, Extends C Interop, and More
Swift 6.3 advances Swift cross-platform story with official Android support, improves significantly C interoperability through the new @c attribute, and continues extending embedded programming support. It also strengthens the ecosystem with a unified build system direction and gives developers more low-level performance control.
-
Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response
A major security incident affecting the widely used open source vulnerability scanner Trivy has exposed critical weaknesses in software supply chain security, after maintainers confirmed that a malicious release was briefly distributed to users.
-
PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information
Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating sensitive information. LiteLLM is downloaded roughly 3 million times per day.
-
QCon London 2026: Introducing Tansu.io — Rethinking Kafka for Lean Operations
Peter Morgan introduced Tansu at QCon London, an open-source, Kafka-compatible, stateless, leaderless broker that scales to zero, with pluggable storage (S3, SQLite, Postgres), broker-side schema validation, and direct writes to Iceberg and Delta Lake. Written in Rust, it uses 20MB of RAM and starts in 10 milliseconds.
-
Sonatype Launches Guide to Enhance Safety in AI-Assisted Code Generation
Sonatype Guide is a real-time guardrail system that sits between AI coding tools and the open-source ecosystem, ensuring AI-generated code uses safe, valid, and maintainable dependencies.
-
QCon London 2026: Morgan Stanley Rethinks Its API Program for the MCP Era
Morgan Stanley engineers Jim Gough and Andreea Niculcea showed how they're retooling the bank's API program for AI agents using MCP and FINOS CALM. Live demos covered compliance guardrails, deployment gates, and zero-downtime rollouts across 100+ APIs. First API deployment shrank from two years to two weeks. They also demoed Google's A2A protocol running alongside MCP.
-
Google Open-Sources the Common Expression Language for Python
Google has open sourced CEL-expr-python, a Python implementation of the Common Expression Language (CEL), a non-Turing complete embedded policy and expression language designed for simplicity, speed, safety, and portability.
-
How Grab Optimizes Image Caching on Android with Time-Aware LRU
To improve image cache management in their Android app, Grab engineers transitioned from a Least Recently Used (LRU) cache to a Time-Aware Least Recently Used (TLRU) cache, enabling them to reclaim storage more effectively without degrading user experience or increasing server costs.
-
Google Launches Automated Review Feature in Gemini CLI Conductor
Google has enhanced its Gemini CLI extension, Conductor, by adding support for automated reviews. The company says this update allows Conductor "to go beyond just planning and execution into validation", enabling it to check AI-generated code for quality and adherence to guidelines, strengthening confidence, safety, and control in AI-assisted development workflows.
-
MySQL 9.6 Changes Foreign Key Constraints and Cascade Handling
MySQL is changing the way foreign key constraints and cascades are managed. Starting with MySQL 9.6, foreign key validation and cascade actions are handled by the SQL layer rather than the InnoDB storage engine. This will improve change tracking, replication accuracy, and data consistency, making MySQL more reliable for CDC pipelines, mixed-database environments, and analytics workloads.
-
AI "Vibe Coding" Threatens Open Source as Maintainers Face Crisis
Daniel Stenberg shut down cURL's bug bounty after AI submissions hit 20%. Mitchell Hashimoto banned AI code from Ghostty. Steve Ruiz closed all external PRs to tldraw. Economic research shows "vibe coding" weakens the user engagement that sustains open source. As developers delegate to AI agents, documentation visits and bug reports collapse—threatening the ecosystem's viability.
-
Uforwarder: Uber’s Scalable Kafka Consumer Proxy for Efficient Event-Driven Microservices
Uber has open-sourced uForwarder, a push-based Kafka consumer proxy built to handle trillions of messages and multiple petabytes of data daily. The system introduces context-aware routing, head-of-line blocking mitigation, adaptive auto-rebalancing, and partition-level delay processing to improve scalability, workload isolation, and hardware efficiency in large-scale event-driven microservices.
-
LocalStack for AWS Drops Community Edition Raising Developer Concerns
LocalStack has recently announced changes to the delivery of its AWS Cloud emulators, dropping the popular open source Community Edition, and creating a single image that requires registration. Projects that currently pull the latest community image will need to update their workflows.
-
GitHub Copilot SDK Lets Developers Integrate Copilot CLI's Engine into Apps
Now available in technical preview on GitHub, the GitHub Copilot SDK lets developers embed the same engine that powers GitHub Copilot CLI into their own apps, making it easier to build agentic workflows.