Charles Choi has announced the release of the Casual Make: a menu-driven interface, implemented as part of the Casual suite of tools, for Makefile Mode in GNU Emacs.

Emacs supports makefile editing with make-mode which has a mix of useful and half-baked (though thankfully obsoleted in 30.1) commands. It is from this substrate that I'm happy to announce the next Casual user interface: Casual Make.

Of particular note to Casual Make is its attention to authoring and identifying automatic variables whose arcane syntax is un-memorizable. Want to know what $> means? Just select it in the makefile and use the . binding in the Casual Make menu to identify what it does in the mini-buffer.

Casual Make is part of Casual 2.4.0, released on March 12 and is available from MELPA. The 2.4.0 update to Casual also includes documentation in the Info format for the first time.

• Front: PyPI terms of service; Zig 0.14; Matrix; Timer IDs and ABI; Module integrity checking; Capability analysis.
• Briefs: Path traversal; Below vulnerability; Ubuntu 25.04; Flang; Gstreamer 1.26.0; Framework Mono 6.14.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Damien Neil has written an article for the Go Blog about path traversal vulnerabilities and the os.Root API added in Go 1.24 to help prevent them.

Root permits relative path components and symlinks that do not escape the root. For example, root.Open("a/../b") is permitted. Filenames are resolved using the semantics of the local platform: On Unix systems, this will follow any symlink in "a" (so long as that link does not escape the root); while on Windows systems this will open "b" (even if "a" does not exist).

The Zig project has announced the release of the 0.14 version of the language, including changes from more than 250 contributors. Zig is a low-level, memory-unsafe programming language that aims to compete with C instead of depending on it. Even though the language has not yet had a stable release, there are a number of projects using it as an alternative to C with better metaprogramming. While the project's release schedule has been a bit inconsistent, with the release of version 0.14 being delayed several times, the release contains a number of new convenience features, broader architecture support, and the next steps toward removing Zig's dependency on LLVM.

The SUSE Security Team blog has a post with a detailed analysis of a vulnerability (CVE-2025-27591) in the below tool for recording and displaying system data.

In January 2025, Below was packaged and submitted to openSUSE Tumbleweed. Below runs as a systemd service with root privileges. The SUSE security team monitors additions and changes to systemd service unit files in openSUSE Tumbleweed, and through this we noticed problematic log directory permissions applied in Below's code.

The LLVM project's Fortran compiler, which has for many years gone by the name "flang-new", will now simply be "flang", starting from LLVM's 20.1.0 release on March 4. The announcement, which includes details about the history of flang, comes after a long period of development and discussion. The community has considered renaming flang several times before now, but has always held off out of a feeling that the compiler was not yet ready. Now, the members of the project believe that flang has become stable and complete enough to earn its name.

We are almost 10 years from the first announcement of what would become LLVM Flang. In the LLVM monorepo alone there have been close to 10,000 commits from around 400 different contributors. Undoubtedly more in Classic Flang before that.

Version 1.26.0 of the GStreamer cross-platform multimedia framework has been released. Notable changes in this release include support for the H.266 Versatile Video Coding (VVC) codec, Low Complexity Enhancement Video Coding (LCEVC) support, closed caption improvements, and JPEG XS image codec support.

Matrix provides an open network for secure, decentralized communication. It has enjoyed some success over the last few years as an IRC replacement and real-time chat for a number of open-source projects. But adoption by a subset of open-source developers is a far cry from the mainstream adoption that Matthew Hodgson, Matrix project lead and CEO of Element (the company that created Matrix), would like to see. At FOSDEM 2025, he discussed the history of Matrix, its missteps in chasing mainstream adoption, its current status, as well as some of the wishlist features for taking Matrix into the mainstream.

Version 6.14.0 of Framework Mono has been announced.

This is the first release of Framework Mono from its new home at WineHQ. It includes work from the past 5 years that was never included in a stable release because no stable branch had been created in that time. Highlights are native support for ARM64 on macOS and many improvements to windows forms for X11.

See the release notes for a full list of new features and plans for future releases.

The Python project's recent switch to a tail-calling interpreter may not provide as large a speed advantage as initially thought. A blog post from Nelson Elhage gives the details. In short, switching to a tail-call-based interpreter accidentally works around an unfixed regression in LLVM 19. On other compilers, the performance benefit (while still present) is more moderate.

When the tail-call interpreter was announced, I was surprised and impressed by the performance improvements, but also confused: I'm not an expert, but I'm passingly-familiar with modern CPU hardware, compilers, and interpreter design, and I couldn't explain why this change would be so effective. I became curious – and perhaps slightly obsessed – and the reports in this post are the result of a few weeks of off-and-on compiling and benchmarking and disassembly of dozens of different Python binaries, in an attempt to understand what I was seeing.