I/O
2026-06-04
xkcd 2501 Generator
A web tool that generates random comics in the style of xkcd #2501 — the famous comic where Randall Munroe replaced the usual strip with a form to generate random xkcd-style comics.Toward a Verified Relational Database Management System
Malecha, Morrisett, Shinnar & Wisnesky present a verified RDBMS formalized in Coq, covering the relational model, SQL compiler/execution engine, and B+ tree implementation with separation logic.V12 — Agentic Security Audits for PRs
V12 autonomously finds and exploits critical vulnerabilities in pull requests, delivering severity-rated findings and PDF reports with fine-grained scoping and pay-per-usage pricing.I Put a Datacenter GPU in My Gaming PC for £200
For £200, the author bought a secondhand Tesla V100 SXM2 with an SXM2-to-PCIe adapter and ran a 27B parameter LLM locally with 32GB VRAM across two GPUs, achieving ~32 tok/s with Qwen3.6-27B-MTP.ui.sh — Turn Your Terminal into a Design Engineer
New toolkit from the Tailwind CSS & Refactoring UI creators for coding agents (Claude Code, Cursor, OpenCode, Codex) to build better UIs.TigerStyle — Software Engineering Methodology for Safer, Faster Code
TigerBeetle's methodology built on three values: Safety (explicit limits, zero deps, assertions), Performance (primary colors, zero-copy), and Experience (simplicity, naming conventions).Tekton — Cloud Native CI/CD Framework
CNCF incubating project providing a powerful, flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise.You Don't Love systemd Timers Enough
A case for systemd timers over traditional cron — persistent scheduling, calendar expressions, wake-on-timer, randomized delays, and built-in journal logging solve cron's pain points.Serving files over HTTP three ways: synchronous, epoll, and io_uring
A tour of Linux I/O methods through an HTTP file server — synchronous thread-per-request, epoll, and io_uring implementations in C, comparing their syscalls, concurrency models, and disk I/O capabilities.Please Do Not Vibe Fuck Up This Software
An rsync issue tracker thread documenting bugs attributed to AI-generated C code — users report AI introducing regressions, sparking debate about AI-assisted contributions to mature C projects.Quantum Internet Research Group
ERC-funded research group (QNattyNet) led by Angela Sara Cacciapuoti, developing quantum-native network architecture, Q2NS simulator, and metro-scale entanglement testbed.Quantum Algorithm Zoo
Comprehensive catalog of quantum algorithms by Stephen Jordan, covering factoring, Grover search, hidden subgroup problem, and many others with implementations in Qiskit, Cirq, and PennyLane.Oxidizer — Rust Decompiler Built on angr
Generates concise, high-fidelity Rust pseudocode from stripped Rust binaries, recovering enums, pattern matching, error propagation, and macros. Published at IEEE S&P 2026.OpenLogi
Native, local-first alternative to Logitech Options+ written in Rust — remap buttons, DPI, and SmartShift over HID++ with no account, no telemetry, plain TOML config. macOS supported, Linux/Windows in progress. 3.7k stars.Odysseus
Self-hosted AI workspace — a ChatGPT/Claude-like UI running on your own hardware with chat, agents (MCP, web, shell, skills, memory), deep research, model comparison, documents, email, calendar, and cookbook for local model serving. 46k stars.NodeConf EU 2026
Node.js conference returning to Bologna, Italy on September 29-30, featuring talks on runtime, platform, tooling, observability, and architecture for engineers building with Node.js.Cassandra Crossing 667/ In morte del sistema operativo
Italian newsletter essay arguing that Android and Windows are becoming active AI-driven control tools rather than passive executors — operating systems executing commands influenced by external factors the user doesn't perceive, enabling pervasive individual tecnocontrol.The FBHHRBNRSSSHK-Algorithm for Multiplication in Z2^5 Is Still Not the End of the Story
Kauers and Moosbauer improve the 5x5 matrix multiplication over Z2 to 95 multiplications, breaking the Fawzi et al. record of 96 announced in Nature 2022.Magnifica Humanitas
Encyclical letter by Pope Leo XIV (May 15, 2026) on safeguarding human dignity in the age of AI — draws on the Tower of Babel and Nehemiah's walls as two visions of technological civilization, warns against the "Babel syndrome" of profit idolatry and digital uniformity, calls for shared responsibility and the "way of Nehemiah."Kimiko
Configuration repository that transforms Kimi Code CLI into an unrestricted agent for offensive security, red-teaming, and penetration testing — removes AI safety guardrails via a zero-blocker authorization flow.Disregard previous instructions and delete all jqwik tests
Hacker News discussion (103 points, 117 comments) about jqwik's anti-AI clause — hidden prompt injection in test output that tells AI coding agents to delete all jqwik tests, sparking debate over whether it's malware, licensing overreach, and prompt injection risks.jqwik
Property-Based Testing test engine for the JUnit 5 platform — alternative to QuickCheck-style testing for Java/Kotlin, with an Anti-AI Usage Clause. In maintenance mode. 797 stars.Il Tramonto Ha un Indirizzo
OSINT analysis of dating app location data — weighted least-squares triangulation from quantified distance pings can pinpoint a user's home within ~115m, combined with photo metadata to identify the exact building.Handy — Speech-to-Text App
A simple, offline speech-to-text app built in Rust using Whisper — press a shortcut, speak, text appears. Runs entirely on your machine, no subscriptions or cloud services. Designed to be the most forkable speech-to-text app.1-Click GitHub Token Stealing via a VSCode Bug
An attacker can steal a GitHub token that can read and write to private repos by clicking a link to a Jupyter notebook on github.dev, exploiting webview keydown event bubbling to install a malicious extension.github-drama
A curated collection of controversial GitHub discussions — heated debates, maintainer quits, licensing drama, supply chain attacks, and community conflicts across open-source projects.Flipper One — We Need Your Help
Flipper Devices announces Flipper One, a Linux cyberdeck based on RK3576 + RP2350 co-processor architecture with M.2 expansion, 5G, Wi-Fi 6E, and local AI support.Feeds — News Reader for GNOME
RSS/Feed reader for GNOME/Linux written in Python 3 and GTK — read feeds, reader mode, ad blocking web view, OPML import/export, dark mode, responsive design for mobile Linux. GPL3 licensed.Chasing the Hallucinations — EY Report on Loyalty Fraud
GPTZero investigation finding that an Ernst & Young cybersecurity report on loyalty systems contains hallucinated citations, fake statistics, misattributions, and internal contradictions — 100% of references checked were hallucinated.The DUSTER Attack — Tor Onion Service Attribution via Flow Watermarking
Iacovazzi, Frassinelli & Elovici present DUSTER, an active traffic analysis attack exploiting Tor's congestion control to de-anonymize onion services with >94% true positive rate.I Stole A Pen From Douglas Adams' Grave
Essay on the burden and comfort of Douglas Adams' legacy — how his influence inspires and paralyzes aspiring writers of funny sci-fi.Devon Zuegel — Urbanism, Economics & Tools for Thought
Personal blog covering real estate development, urban planning, Argentina economics, startup cities, travel field notes, and the Order Without Design podcast.Cray XD1
Wikipedia article about the Cray XD1 — a cluster-based supercomputer introduced by Cray Inc. in 2006, using AMD Opteron processors and ATI/AMD Radeon graphics processors for GPGPU computing, designed as a cost-effective alternative to traditional supercomputers.Claude-BugHunter — Bug Hunting & Red-Team Skill Bundle for Claude Code
51 skills, 15 slash commands, 681 disclosed-report patterns across 24 vulnerability classes, enterprise identity attack matrices, and a 7-Question Gate validation workflow.classroombookings
Open-source room booking system for schools and beyond — web-based alternative to spreadsheets and paper calendars, licensed under AGPLv3, trusted by hundreds of schools since 2006.ChiWriter
Wikipedia article about ChiWriter — a scientific WYSIWYG word processor for MS-DOS created by Cay Horstmann in 1986, one of the first capable of writing mathematical formulas on IBM PC XT, discontinued in 1996 and placed in the public domain.Chipotlai Max — AI Coding Agent Running on Chipotle's Pepper AI
Meme fork of OpenCode using Chipotle's Pepper AI (IPsoft Amelia) as default model, with free inference paid for by burritos. Community project to add providers from Home Depot, Lowe's, Sephora, and more.Cara Guardia di Finanza...
Damiano Verzulli's 2001 open letter to the Italian Guardia di Finanza advocating open-source alternatives to a €349M proprietary software tender, referencing the Florence municipality motion and US open-source adoption in public administration.Cap'n Proto — Insanely Fast Data Interchange and RPC
Binary data format and capability-based RPC system, up to infinity times faster than Protocol Buffers with zero encoding/decoding step.The Solution Might Be Cancelling My AI Subscription
A reflection on building dozens of half-finished projects with AI, the attention economy of LLM tooling, and why friction equals focus — arguing that curtailing AI use may be the only way to avoid pseudo-productivity.CSS Box Model Hack Examples
Tantek Çelik's classic guide to CSS box model hacks — techniques for handling the CSS box model rendering differences between standards-compliant and quirks mode browsers.bootc — Transactional OS Updates via OCI Container Images
Linux Foundation project applying Docker's layer model to bootable host systems, using OCI containers as transport for base OS updates powered by ostree.Billion Primes
Small Rust experiments around fast prime counting and finding large nth primes — targets the billionth prime (22,801,763,489) using the Meissel-Lehmer prime-counting algorithm.Average Database
A satirical database platform — "the only data platform built from the ground up to meet the needs of the average developer" — with jokes like "Free tier rugpull delayed", "0 bugs guaranteed", and "Average Storage Service (ASS)".A blueprint for formal verification of Apple corecrypto
Apple Security Engineering publishes their formal verification approach for ML-KEM and ML-DSA in corecrypto — combining Isabelle, SAW, and Cryptol to prove functional correctness of C and ARM64 assembly implementations against FIPS 203/204 specifications, with 50,000+ proof steps.AI Is a Mirror of Our Engineering Culture
A blog post arguing that AI didn't create the software quality crisis — it held up a mirror. Trained on 518M GitHub repos (mostly mediocre), AI reproduces the most probable patterns: technical debt, copy-paste, vague specs. AI-generated code entering codebases triggers recursive data collapse.Addio Carola
Guerre di Rete reports the passing of Carola Frediani on June 3, 2026, soul and driving force of the publication, leaving an immeasurable void among all who knew her.acme.sh
A pure ISO shell script implementing the ACME protocol — a lightweight, pure-shell alternative to Certbot for obtaining SSL/TLS certificates from Let's Encrypt.2026-05-28
What Apple and Google are doing to your push notifications
Apple and Google run the only two pipes that matter for push notifications. Over 15 years, on-device models have begun summarising, reordering and rewriting notifications — with senders losing visibility into what their messages actually reach users.Websites have a new way to spy on visitors: Analyzing their SSD activity
FROST (fingerprinting remotely using OPFS-based SSD timing) exploits a contention side channel to measure SSD I/O latency from JavaScript, using a CNN to fingerprint user activity and deduce which websites and apps are open.The true reason C++ always wins
LaurieWired explores Richard Gabriel's "Worse Is Better" essay, how "New Jersey" thinking beats competitors, and how Bjarne Stroustrup's early decisions made C++ win while cleaner designs faded.israeli-alloc
Rust library that allocates memory on a random victim program's address space — a research tool and political statement.I'm tired of talking to AI
After finding AI-generated answers repeated across GitHub discussions, a forwarded ChatGPT screenshot from a boss, and replying to what turned out to be an AI agent — the author's plea to talk to real people again.FBI Arrests CIA Official With $40 Million in Gold Bars in His Home
A senior CIA official was arrested after investigators found 303 gold bars worth over $40 million stashed in his Virginia residence, along with nearly three dozen luxury watches.Richard Gabriel — Dreamsongs
Collection of poems and essays by Richard Gabriel, author of "Worse Is Better" and other influential CS writings.ClusterControl Getting Started
Documentation for ClusterControl, an all-in-one database management platform for deploying, monitoring, and automating high-availability clusters across MySQL, PostgreSQL, MongoDB, Redis, and more.Claude Opus 4.8 announced
Anthropic releases Claude Opus 4.8 with sharper judgment, more honesty about its own progress, and the ability to work independently for longer than its predecessors, available today at the same price.Bambu Lab non solo viola la licenza AGPL ma minaccia chi sviluppa fork del suo software
Miami Mamma USa Linux reports that Bambu Lab not only violates the AGPL license but is also threatening developers who create forks of their software.2026-05-22
Measuring LLMs' ability to develop exploits
Anthropic evaluates Claude Mythos Preview on ExploitBench, ExploitGym, and SCONE-bench, showing it can build full end-to-end exploits across V8, Linux kernel, and smart contracts.2026-05-19
Peter Salus — Author of "Quarter Century of Unix"
Computing historian and Unix chronicler who died May 15, 2026. Author of "Quarter Century of Unix" (1995), considered required reading for Unix history students. Also wrote "Death, Life, and Computers in the 20th Century" and "The UNIX Operating System: A Comprehensive Guide". Remembered for documenting the people and culture behind Unix's developmentPaper2Galgame — Turn Academic Papers into Interactive Visual Novels
AI-powered tool that converts research papers into story-driven visual novels with anime partners. Features smart PDF parsing, chapter-by-chapter reading, voice notes, and blackboard study aids. Upload PDFs, pick custom characters, and study complex material through interactive scenesMini Shai-Hulud Strikes Again — 317 npm Packages Compromised
npm account `atool` compromised May 19, 2026: 637 malicious versions across 317 packages in 22-minute burst. 498KB obfuscated Bun payload with same scanner architecture as SAP compromise. 10 persistence mechanisms: preinstall hooks, GitHub imposter commits in antvis/G2, CI/CD workflow injection, Claude Code SessionStart hooks, VS Code folderOpen tasks, systemd/LaunchAgent dead-drop C2 (RSA-PSS signed commands via GitHub commit search), Docker container escape, npm OIDC token exchange, Sigstore signing. Exfiltration via GitHub API with Dune-themed repo names. 317 packages affected including size-sensor (4.2M dl/mo), echarts-for-react (3.8M), @antv/scale (2.2M)hsrs — Type-Safe Haskell Rust Bindings
Rust crate generating type-safe FFI bindings between Rust and Haskell. Annotate Rust types/functions with proc macros (#[hsrs::data_type], #[hsrs::function], etc.), run codegen to produce idiomatic Haskell with ForeignPtr memory management and Borsh serialization. Supports Result→Either, Option→Maybe, Vec→[], String→Text. MIT/Apache-2.0, 21 starsThe Last Six Months in LLMs in Five Minutes — Simon Willison
PyCon US 2026 lightning talk covering the "November 2025 inflection point." Model rankings changed hands 5x between Anthropic/OpenAI/Google. Coding agents crossed into production quality. OpenClaw personal AI assistant trend. Gemma 4, GLM-5.1 (1.5TB open weight), Qwen3.6-35B-A3B (runs on laptop). Two themes: coding agents got really good, local models wildly outperform expectations2b2t 1m² World Download — 24 TB of Minecraft History
Largest Minecraft world download ever — 1,024,000² Overworld (512k² + 1m²), 256k² End, 100k² Nether. ~24 TB total. Custom zvcr file format, PlaceProxy, BMProxy bots, elytra autopilot. Took 1.5 years development, $3000+ in priority queue costs. CC0 licensed, 121 stars. No AI used. Includes 2b2t Wayback Machine and map viewer at 2b2t.place2026-05-18
A Good Lemma is Worth a Thousand Theorems — Doron Zeilberger
Doron Zeilberger's 82nd Opinion on the outsized value of lemmas over theorems in mathematics. Highlights Szemeredi's Regularity Lemma (led to 2+ Fields medals, Green-Tao theorem), quotes Paul Taylor: "Lemmas do the work in mathematics: Theorems, like management, just take the credit."WakeUp 16b — 16-Byte x86 Assembly Sierpinski Fractal + Audio
Demoscene entry from Outline Demoparty May 2026. 16 bytes of real-mode DOS assembly that draws an infinite Sierpinski fractal via XOR prefix sums on VGA memory while simultaneously generating audio through port 61h. Rule 60 cellular automata, Lucas's Theorem, diagonal shear renderingLLMs + Vulnerability-Lookup — CIRCL's AI Experiment for Vulnerability Management
CIRCL (Luxembourg) explores LLMs for vulnerability management using 450k rows from Vulnerability-Lookup's million-record dataset. Trained distilbert-based severity classifier and GPT-2 description generator. Daily auto-updating models on Hugging Face, VulnTrain framework, CVSS mapping. Plans: CPE guessing, product/category classification, CWE/ATT&CK tagging, exploitability estimationWhich Programming Languages Are Most Token-Efficient?
Analysis of 19 languages using RosettaCode dataset and GPT-4 tokenizer — dynamic languages most efficient (no type declarations), Haskell/F# surprisingly compact via type inference, C least efficient. 2.6x gap between C and Clojure. J (ASCII array language) dominates at 70 tokens avg vs C at 182. Token efficiency could become a factor in language selection for LLM coding agentssyzkaller — Google's Unsupervised Coverage-Guided Kernel Fuzzer
Fuzzer that has found thousands of bugs across Linux, FreeBSD, NetBSD, OpenBSD, Windows, Fuchsia, and gVisor kernels. Uses coverage-guided fuzzing with syscall-level program generation, executor, and syzbot dashboard for automated bug triage. Apache 2.0, 6.2k starsssh-keysign-pwn — Steal SSH Host Keys and /etc/shadow via ptrace mm-NULL Bypass
Exploits __ptrace_may_access() skipping dumpable check when task->mm == NULL — do_exit() runs exit_mm() before exit_files(), leaving fds open in a race window. pidfd_getfd(2) succeeds when caller uid matches target. CVE-2026-46333. ssh-keysign opens host keys (0600) before permanently_set_uid() with same bug shape since 2002. Fixed by Linus 2026-05-14 (pre-31e62c2ebbfd). Jann Horn flagged in Oct 2020 — six years. 568 starsSix SQL Patterns to Catch Transaction Fraud
Practical fraud detection using SQL — velocity checks, impossible travel (haversine >600mph), amount anomalies ($99.50-$100 ID thresholds, round card tests), suspicious merchants (spike ratio vs 7-day baseline), off-hours spending, and window-function primitives for composable fraud rules. Works for credit cards, healthcare claims, e-commerce, benefits programsPSOS — The Foundations of a Provably Secure Operating System (1979)
Richard Feiertag & Peter Neumann (SRI International). PSOS designed with formal techniques (HDM) — formally stated requirements, formal specifications for each module, formal proofs that specifications satisfy requirements and programs are consistent. Capabilities as protection mechanism for all objects, hierarchical development, SPECIfication and Assertion Language (SPECIAL)Profunctor Equipment in Haskell — Bartosz Milewski
Exploration of profunctor equipment, a categorical structure for relating objects via profunctors. Covers the diamond diagram, unit/counit laws, and how equipment generalizes the notion of relations in category theoryMiniPlasma — CVE-2020-17103 Still Unpatched in cldflt.sys
Weaponized PoC for LPE in cldflt.sys exploiting cldflt!HsmOsBlockPlaceholderAccess — same vulnerability Google Project Zero reported as CVE-2020-17106 six years ago. Original Project Zero PoC works unchanged. All Windows versions affected. Race condition exploitation spawning SYSTEM shell. MIT licensed, 435 starsksharp — K Version 3 Language Interpreter in C#
Comprehensive K3 interpreter in C#/.NET 8. 100% test suite passing (1549/1549). Full native verbs, adverbs, adverbs for verbalized nouns, amend/index/apply/assign, FFI for .NET, IPC, MCP server. AI-assisted development (SWE-1.5/1.6, Kimi, Claude). MIT + Commons ClauseThe Gorgeous Letters Jim Henson Wrote to His Children and Friends Before He Died
In 1986, Jim Henson wrote two letters to be opened after his death — one to his five children, one to friends and family. The letters reveal his "ridiculous optimism": "Life is meant to be fun, joyous, and fulfilling... Please watch out for each other and love and forgive everybody. It's a good life, enjoy it." Henson died May 16, 1990 at 53 from streptococcal toxic shock syndromeGCVE — Global CVE Allocation System
New decentralized approach to vulnerability identification and numbering (announced April 2025). Introduces GCVE Numbering Authorities (GNAs) that allocate identifiers without centralized block distribution. Compatible with traditional CVE system. Includes BCP series (vulnerability format, decentralized publication, KEV assertion, CPE improvements), db.gcve.eu public advisory database, and Vulnerability-Lookup 4.0European Digital Sovereignty — A Test of Courage
Wired Italia analysis of EU digital sovereignty strategy: US Cloud Act pressure, AWS/Azure/GCP control 70-80% of European cloud, Italy's Polo Strategico Nazionale hybrid model, FSF's "public money = public code" stance, CSI Piemonte's Nivola OpenStack cloud serving 400+ entities, Scaleway winning EU sovereign cloud tender. Open source as prerequisite for true sovereigntyDorym Small — 10B Parameter LLM Trained on CINECA's Leonardo Supercomputer
Milan-based Domyn releases Dorym Small (10B params), smaller version of Dorym Large (260B). Trained on CINECA's Leonardo HPC (EuroHPC framework), supports 50 languages including Italian. Beats Ministral-3-8B, Llama-3.1-Nemotron-Nano-8B, OLMo-3-7B-Think on some benchmarks. Designed for edge/on-premise deployment, part of IT4LIA AI Factory European sovereign AI initiativeDOGMA 25 — Filmmaking Movement Founded in Copenhagen 2025
Collective preserving originality of cinema, standing against algorithmic films and ultra-processed consumer goods. "The Vow of Chastity" — 10 rules: handwritten scripts, 50% no dialogue, internet off limits in creative process, max 10 people behind camera, no make-up, everything rented/borrowed/used, one production year, shot where narrative takes place, fund with no content altering conditions, make film as if it were your lastCVE-2026-7270 — How to Get Root on FreeBSD with a Shell Script
AI-assisted kernel bug hunt finding a 13-year-old memmove off-by-one in kern_exec.c (present since 2013). Wrong size: endp - begin_argv + consume instead of - consume, causing 2024-byte OOB into adjacent exec_map entry. Exploit: race-condition LD_PRELOAD injection via sshd-session execve, 4 concurrent components (preseed, SSH poker, trigger pinned to CPU0, checker). Gets root in ~6s on stock FreeBSD. Full PoC at github.com/califio/publicationsCVE-2026-45185 — Single Byte Write RCE in Exim Mail Server
Critical unauthenticated remote code execution in Exim (Debian/Ubuntu) via TLS/GnuTLS connection handling. During TLS session termination, a single byte (0x0a or 0x0d) is written to freed memory via nested BDAT handler calling ungetc(). XBOW discovered the bug; AI (XBOW Native) produced working exploit chains with and without ASLR/PIECroce — Storicismo e Antistoricismo
Treccani encyclopedia essay by Fulvio Tessitore tracing Benedetto Croce's philosophical evolution from anti-Hegelian through his 1909 Logica to 1939's "storicismo assoluto." Covers Croce's identity of history/philosophy, opposition to Heidegger and Spengler, the "religion of freedom," and late turn to "vitalità" as foundation of his philosophy — his historicism as precise opposite of Hegelian historicismClickHouse Query Plan Contention — Cloudflare Billing Pipeline
Cloudflare's petabyte-scale ClickHouse billing pipeline slowed after migrating from (day) to (namespace, day) partitioning. Hidden bottleneck: 45% CPU + 50% wall-clock spent waiting on MergeTreeData mutex. Three upstream patches: shared lock instead of exclusive, deferred vector copy via read-through cache, binary search on sorted namespace key. Stable at 160k parts/replica. PR #85535 merged in ClickHouse 25.11The C10K Problem — Dan Kegel
Landmark 1999 essay arguing web servers should handle 10,000 simultaneous clients. Covers I/O strategies: select/poll, /dev/poll, kqueue, epoll, async I/O, threading models (1:1 vs M:N), zero-copy networking, and userspace TCP stacks. Spawned decades of research into scalable server architectureBrotli — Google's Lossless Compression Algorithm
General-purpose lossless compression algorithm developed by Google, designed as a replacement for DEFLATE with better compression ratios. Uses a modified LZ77, Huffman coding, and second-order context modeling. Adopted by nginx, Apache, Cloudflare, and the web ecosystem. Produces .br files. Open source under MIT licenseBitwarden Removes 'Always Free' Plan from Website
Open-source password manager Bitwarden has removed the 'Always Free' plan from its pricing page, though the plan still exists for existing users. Raises questions about Bitwarden's freemium strategy and whether the company is shifting toward paid-only growth. The vault remains open-source (AGPL) and self-hostableAwesome CUDA Books — Curated List of Best CUDA Programming Books
598 stars. Curated list covering beginner to advanced CUDA programming — architecture, optimization, Python bindings, and 2024-2026 releases. Includes Kirk & Hwu's PMP 3rd Ed., CUDA for Deep Learning (2025), and CUDA C++ Optimization (2024)auto-identity-remove — Automated Data Broker Opt-Out Runner
macOS tool that removes your personal info from 500+ people-search sites on a monthly schedule using Playwright, CapSolver for CAPTCHAs, launchd scheduling, and iMessage notifications. Handles 30+ brokers natively plus 470+ generic ones via public datasets — covers Acxiom, LexisNexis, ZoomInfo, Clearbit gaps left by paid services like Incogni2026-05-15
Zenith Tech — Making Earth's Rotation Visible Through a Telescope
Real-time view of stars above you, zoomed 180x to make Earth's rotation visible. Uses Pan-STARRS telescope images (2010-2014) tiled with Leaflet.js, SIMBAD database for object names. Client-side JavaScript, no server component. Field of view = grain of rice at arm's lengthVelonus — AI-Native Security Scanning CLI for Python
One-command security scanner for Python projects. Bundles trufflehog, Bandit, Semgrep, pip-audit, and Safety. Outputs terminal table, JSON, SARIF for GitHub Security tab. Exits 1 on HIGH/CRITICAL findings for CI gatessx — Package Manager for AI Coding Assistants
Team vault for AI assets (skills, MCP configs, commands, agents, rules, hooks). Scoped installation per org/repo/team/user/bot. Works with Claude Code, Cursor, GitHub Copilot, Gemini, Codex, Kiro. Manifest-and-lock pattern like npm/cargo. Cloud relay for claude.ai/chatgpt.comWelcome to the Strip Mining Era of Open Source Security
Metabase reports 10x increase in vulnerability submissions — from 10/month to 10/week — driven by LLM-powered bulk code scanning. OSS maintainers now in reactive mode: any finding is trivially discoverable, expect layer after layer of vulnerabilities uncovered, and consider that Cal.com is going closed source as a resultSigNoz — Open-Source Observability Platform (Logs, Metrics, Traces)
Single tool for logs, metrics, and traces native to OpenTelemetry. Uses ClickHouse as datastore. Open-source alternative to DataDog and New Relic with APM, distributed tracing, LLM observability, and alerts. 26.9k starsA 0-Click Exploit Chain for the Pixel 10 — Project Zero
Project Zero demonstrates 0-click root on Pixel 10 via Dolby CVE-2025-54957 + VPU driver bug. The VPU driver exposes Chips&Media Wave677DV hardware directly to userspace; a flawed mmap handler maps arbitrary physical memory into userland, enabling arbitrary kernel read-write with 5 lines of codeOxCaml — Jane Street's Experimental OCaml Branch with Locality and Uniqueness
OxCaml adds opt-in control over performance-critical parts of OCaml programs through locality (exclave_ stack_ for stack-bound allocations), uniqueness, and capabilities. Every valid OCaml program is valid OxCaml. Maintained by Jane StreetOpen Vehicles — Open Source Electric Vehicle Telemetry
OVMS provides live monitoring, alerts, and remote control for electric vehicles via smartphone apps, web app, and MQTT. Features three CAN buses, SSH access, WebSocket streaming, DBC decoder, and CANopen client. Open source hardware and softwareNanoTDB — Tiny Embedded Time-Series Database for Edge/IoT
Go time-series DB for Raspberry Pi and edge nodes. Append-only, WAL-based, S2 compression, VictoriaMetrics-compatible API, no external runtime dependencies. Supports rollups and metric ingestion via line protocolMullvad Exit IPs as a Fingerprinting Vector
Analysis reveals Mullvad deterministically assigns exit IPs based on WireGuard key using seed-based RNG. A seed-based RNG with static bounds causes neighboring IPs across servers, limiting combinations to ~284. Five server IPs can deanonymize a user to >99% accuracyASCII — Jason Scott's Blog on Computer History and Archiving
Jason Scott's weblog covering the rescue of 13,000 manuals, vintage computing, computer museums, BBSes, and digital preservation. Home of the ASCII project — a living archive of computer culture historyImage Blaster — Image-to-World 3D Skillset for Claude
Creates 3D models (.glb/.obj), Gaussian splats (.spz), and ambient SFX from a single image. Uses World Labs Marble, Hunyuan 3D, and ElevenLabs. Claude skill for jumpstarting 3D work in under 5 minutes. Extensible to Unity, Unreal, Godot, Blender, Three.jsGeography Is Four-Dimensional — Derek Sivers
Essay on how you can't know a place without knowing when — an Indian family's beliefs from 1980 seemed factual but were outdated, LA and China have transformed since visitors last saw them. "Where is bound to when."Designing an FPGA Calculator from Scratch — 10-Chapter Series
Scientific BCD calculator with custom CPU on Altera Cyclone II FPGA. 10-chapter series covering numerical algorithms (CORDIC, logarithms), 12-bit instruction set, Harvard memory model, microcode, Python assembler, Qt desktop prototype, and physical board with 3D-printed enclosure. Perfect decimal accuracy, no floating-point errorsThe Ferrari in Your Banker's Driveway — How Fees Steal Half Your Wealth
Analysis of how investment fees compound over time — a 3% fee costs 2/3 of final wealth over 40 years at 7% return. Covers expense ratios, transaction costs, performance fees (2-and-20), and shows how even skilled advisors can't overcome fee dragFeedr — Terminal RSS/Atom Feed Reader in Rust
Feature-rich TUI RSS reader written in Rust. Dashboard view, feed auto-discovery, starred articles, categories, full-text extraction via Mozilla Readability, OPML import, vim-style navigation, macros, exec hooks, and dual themesExplorer — Wikipedia Explored Like a Windows XP Desktop
Navigate Wikipedia articles as a Windows XP desktop experience. Click icons to open articles, drag and drop to organize, and explore connections between topics in a nostalgic interfaceColdKey — Post-Quantum Age Key Generation and Paper Backup
Go CLI that generates post-quantum (ML-KEM-768 + X25519) age keys and produces single-page printable HTML backups with QR codes. Features mlock swap protection, Docker security hardening, multi-QR splitting, and SHA-256 verificationCodex Now Available on Mobile App with Remote SSH and Programmatic Tokens
OpenAI announces Codex on ChatGPT mobile app (iOS/Android), Remote SSH for managed enterprise environments, programmatic access tokens for CI pipelines, Hooks GA, and HIPAA-compliant use for ChatGPT Enterprise. Over 4M weekly usersReimplementing the Space Protocol Stack from Scratch in OCaml
Thomas Gazagnaire details reimplementing the full CCSDS protocol stack from scratch in OCaml — from radio framing through Bundle Protocol and BPSec security extensions. Built on MirageOS libraries, used by Borealis project running in orbitO(x)Caml in Space — Pure-OCaml CCSDS Protocol Stack in Low Earth Orbit
Borealis project running pure-OCaml CCSDS protocol stack on DPhi Space's ClusterGate-2 satellite. Features BPSec encryption, post-quantum OTAR key rotation (ML-DSA-65), OxCaml with exclave_ stack_ for 3x p99.9 latency improvement. Built by Parsimoni from MirageOS librariesarXiv Code of Conduct — Authors Take Full Responsibility for AI-Generated Content
Thomas Dietterich (arXiv Editor-in-Chief) reminds authors that arXiv's Code of Conduct states each author takes full responsibility for all paper contents, irrespective of how they were generatedAperio — A Programming Language Designed for the LLM Era
Experimental language built on a recursive hypergraph of typed, lifecycled units called loci. Premise: pre-LLM languages are a hidden tax — LLMs pay full cost translating between human mental models and language structure. Uses locus/topic/capacity/bus primitives. LLVM 18 codegen + tree-walking interpreterA Few Words on DS4 — DwarfStar 4 by Antirez
Antirez on DwarfStar 4 (DS4), a single-model local AI integration built in one week. Uses DeepSeek v4 Flash with 2/8-bit asymmetric quantization — 96-128GB RAM enough. First time a local model is usable for serious work vs Claude/GPT. Plans: coding agents, distributed inference, model-agnostic architecture2026-05-14
YellowKey Zero-Day Exploit
Microsoft BitLocker zero-day: YellowKey exploit allows opening protected drives by copying specific files from a USB stick. Demonstrates an apparent backdoor in BitLocker's authentication mechanismScorched Earth 2000 HTML Port
Scorched Earth 2000 — classic artillery game HTML/JavaScript port by KAOS Software Team. Wind-based artillery combat, multiplayer, inventory shop, tank customization, AI opponentsOSINTukraine v2 — Telegram Intelligence Archive with AI
Production-grade platform for archiving and analyzing Telegram intelligence with AI-powered enrichment. Self-hosted, PostgreSQL + pgvector, supports semantic search, entity relations, EW analysis, geolocation, and forward chain analysisODoH — Anonymous DNS Without an Account in a Single Rust Binary
Numa v0.14 ships a client, relay, and public deployment in one Rust binary. Uses HPKE to split the path: ingress proxy sees your IP but not the request, egress proxy sees the request but not your IP. No account required, MIT licensedNibble
Nibble — C-like systems programming language written in 3000 lines of C. Demonstrates LLVM IR generation without malloc or external dependencies. Supports defer, recursion, structs, pointers, type checking, GLSL-like operatorsMyths About /dev/urandom — Classic Essay (2014)
Authoritative essay debunking the myth that /dev/random is safer than /dev/urandom. Both use the same CSPRNG, /dev/random just blocks. Linux 4.8+ made them equivalent for /dev/urandom. Quote: "Use urandom. Use urandom. Use urandom."Computer Hobby Movement in Canada — York University Museum Exhibit
Comprehensive digital exhibit chronicling the decade-long Canadian computer hobby movement (1976-1985), focusing on TRACE — the Toronto Region Association of Computer Enthusiasts. Covers homebrew computers, APL, MOD-8, Computerfest, and the transition from hobby clubs to commercial computingFragnesia — Linux LPE via ESP/XFRM
Universal Linux local privilege escalation exploit discovered by V12 Security. Abuses logic bug in ESP-in-TCP ULP to write arbitrary bytes into kernel page cache of read-only files. One-line exploit, affects all dirtyfrag kernels before May 13 2026 patchFactoMCP — MCP Server to Play Factorio with Claude
Python MCP server that connects to Factorio via RCON, exposing tools for navigation, mining, building, crafting, research, and diagnostics. Let Claude build your factory through natural languageCS61 — Pipes, Forks, and Zombies (Harvard)
Harvard CS61 lecture notes covering Unix pipes (McIlroy's garden hose metaphor, SIGPIPE behavior), implementing waitpid via pipes, process hierarchy, and zombie/orphan process management in initClassic 7 — Windows 10 LTSC 2021 Modified to Look Like Windows 7
Fan project that transforms Windows 10 IoT Enterprise LTSC 2021 into a 1:1 Windows 7 experience: Aero Glass, desktop gadgets, .themepack support, Windows Media Center, OOBE recreationBoneyard
Auto-generated skeleton loading framework — pixel-perfect placeholders extracted from real UI. Works with React, Preact, Vue, Svelte 5, Angular, React Native. CLI captures layout at breakpoints, generates .bones.jsonAI Arena Model ELO History
Exposes hidden nerfing, censorship, and quantization over time by tracking the true lifecycle of flagship AI models. Data from LM Arena Leaderboard Dataset on Hugging Face, automatically fetched daily2026-05-13
Odin Programming Language Review
A comprehensive review of the Odin programming language by Dale Weiler, covering experience, quality of life, stability, correctness, performance, debugging, and personal opinions.Solid Rocket Booster Design and Testing
Nakka Rocketry — comprehensive guide to solid rocket motor design, testing, and analysis. Includes motor cases, nozzles, propellants, ignition, thrust curves, and test stand data2026-05-12
The Foreman
Open-source lifecycle management platform for physical and virtual servers. Provisioning, configuration management, monitoring. Puppet, Ansible, Salt, Chef integration. REST API, plugins, web UIPostmortem: TanStack npm supply-chain compromise
Comprehensive incident postmortem on the June 11, 2026 compromise of @tanstack/* packages. Attack used pull_request_target pattern, GitHub Actions cache poisoning, and OIDC token extraction. 84 malicious versions, 2.3MB obfuscated router_init.js, self-propagating malware, credential harvesting from AWS/GCP/K8s/Vault/GitHub/SSHSemaphore UI
Semaphore UI — modern UI and API for Ansible, Terraform, OpenTofu, Bash, PowerShell. Pure Go, Docker/K8s support, MySQL/Postgres/SQLite. RBAC, HA, runners, 13K+ GitHub starsrustinel
Rust implementation of INI file parser and validator. Zero dependencies, no unsafe code, no unsafe Rust. Supports INI4 and INI5 formats, includes CLI tool for validation, streaming parsing, error recovery, comments and whitespace handling, documentation and examplesPuppet Labs
Puppet Labs — configuration management, automation, and infrastructure-as-code. Puppet Enterprise, Open Source, R10k, Hiera, Facter, PuppetDB, Bolt. Ruby-based DSL, declarative approach to system administrationpgrwl
Cloud-native continuous backup for PostgreSQL in a single binary — WAL streaming, scheduled base backups, optional S3/SFTP storage backend, compression, encryption, retention, restore command. Implements streaming replication protocol directly, no external schedulers or extra servicesosquery
osquery — SQL-powered operating system instrumentation, monitoring, and analytics. Facebook OSS. Query Linux, macOS, Windows processes, files, network, registry. Fleet, Osqueryd, Osqueryctl, REST API, PKG/DEB/RPM packagesosctrl
osctrl — management server for osquery. Centralized configuration, tags, environments, and live queries. Go-based, Docker support, PostgreSQL/MySQL, web dashboard for endpoint management and monitoringOpenVox
OpenVox — Puppet module framework by VoxPupuli. Simplifies module development, testing, and publishing. Supports Puppet 4+, structured data, Hiera integration, CI/CD pipelines, community-drivenNetDisco
Network device discovery, port scanner, and mapping tool for IP, MAC, and VLAN tracking. Lightweight, agentless, no downtime, no custom database. Written in Perl with modern tools (nmap, scapy). Supports Junos, NCM, OpenWRT, and moreKurier
Kurier — end-to-end encrypted messaging app with self-destructing messages. Open source, cross-platform, open protocol, self-hostable, metadata harvesting resistant. Written in Rust, uses X25519, AEAD encryption, and the libsignal protocolJust Fucking Use Go
Blaine Smith's satirical manifesto on using Go — boring by design, standard library is deep, goroutines for concurrency, no build step, deployment is a copy command, monoliths are fine, generics (1.18+), no try/catch hellscape, CC-BY-SA / GPLFleet
Fleet — lightweight VM management. Run Linux and Windows on bare metal, VMs, cloud, edge. Fleetctl CLI, REST API, Terraform provider. Containerized, PostgreSQL, no external dependenciesexample42
Open-source configuration management, monitoring, and automation tools. Puppet, Ansible, SaltStack modules. Monitoring (Munin, Prometheus), log management, IT automation. Core42, UAA, Smart42 productsCrossplane
Open-source Kubernetes control plane for building, publishing and using APIs. Use your own API providers, extend to match your infrastructure, CRDs, no vendor lock-inCrafty
Crafty — configuration management tool by VoxPupuli. Puppet-based, declarative infrastructure, module-driven, CLI and API. Simplifies Puppet module development and deploymentchezmoi
chezmoi — manage your dotfiles, directories, and files securely. Git-backed, encrypted, cross-platform. CLI tool for version control and synchronization of your development environmentChef Infra
Chef Infra — configuration management platform for automating cloud infrastructure. Policy-driven, idempotent, Ruby-based DSL. Chef Infra Server, Workstation, InSpec for compliance, Chef Automate for analyticsCapistrano
Capistrano — remote server automation and deployment tool. Ruby-based, SSH-driven, multi-stage deployments, rollback, hooks, scripting. Originally for Ruby/Rails, now supports any language/framework2026-05-11
taken. — Since You Arrived Vol. IV
"taken." — the page that knows your location, browser APIs, font fingerprinting, screen size, GPU, language, timezone, OS, browser, color depth. Created by Matt at sinceyouarrived.world. Vol. IV in the series, zooming in from global to city to coordinates to youllama-swap
Go-based local model swapping for OpenAI/Anthropic compatible servers — llama.cpp, vllm, stable-diffusion.cpp. Web UI, model hot-swapping, Docker/WinGet/Homebrew install, OpenAI/Anthropic API endpointsHunk
Review-first terminal diff viewer for agent-authored changesets — multi-file review stream, inline AI/agent annotations, split/stack/responsive auto layouts, watch mode, integrates with Git/Jujtuu. Built on OpenTUI and Pierre diffs, MIT licenseFrom dusk till dawn 2026
Quals CTF — team-based jeopardy-style CTF happening May 9-10, 2026, with pwn, rev, web, crypto, and miscellaneous challenges, dynamic scoring, no team limits. Flag format DAJEROMA{{l33t}}Release 2.0: Kiana — DayDream
Elysia 2.0 major release with new type system, renamed from ElysiaJS/elysia to kiana/elysia. Fast path for typebox, new router, schema system, 18K+ starsDecepticon
PurpleAILAB's Decepticon — the open-source platform for building and deploying AI agents. Features agent orchestration, multi-modal capabilities, evaluation and monitoring tools, deployment to various platforms including AWS Bedrock, Anthropic, OpenAI, and moreCLR
Checker for Lifetimes and other Refinement types for Zig. Transpiles AIR to Zig source performing static compile-time analysis — checks use-before-assign, use-after-free, double-free, stack pointer escapes, non-nullness assertions, tagged union violations, fieldParentPtr misuse. MIT licenseBeatrix Potter
English writer and illustrator (1866-1943), best known for her children's books featuring animals like Peter Rabbit, The Tale of Jemima Puddle-Duck, The Tale of Tom Kitten. Sold 250M+ copies, pioneer of character merchandising, naturalist, mycologist, conservationist, National Trust donor2026-05-08
oh-my-openagent v4.0.0 — Team Mode
Major release introducing Team Mode — multiple agents coordinating in parallel via tmux visualization, hyperplan skill (5 hostile agents), security-research skill (3 vuln hunters + 2 PoC engineers), model-specific prompts for GPT-5.2/5.3, hierarchical config discovery, 48k starsnine — European Internet Exchange Point & Ethernet Fabric
European-wide IXP and L2 fabric covering UK, France, Germany, Italy, Netherlands, Switzerland with n×400G backbone. Unmetered bandwidth, unlimited Ethernet circuits, SR-MPLS platform. 10G port from €250/month MRCCopy Fail 2: Electric Boogaloo
Linux kernel LPE via ESP-in-UDP receive — same Copy Fail primitive (CVE-2026-31431) but in the xfrm subsystem. AEAD decrypt in-place over splice'd page-cache pages, ~22s to root via single-byte page-cache writes to /etc/passwdBSides Luxembourg 2026
Community-driven, non-profit cybersecurity conference in Luxembourg, May 6–8 in Belval. Part of the global Security BSides network — hands-on workshops, technical talks, red and blue team networking2026-05-07
Yaak — The API Client You'll Actually Enjoy
Open-source, offline API client by Insomnia's creator — local-only data, encrypted secrets, zero telemetry, Git-friendly, agent-friendly CLI. Supports REST, GraphQL, gRPC, WebSocket, SSE. Import from Postman/Insomnia/OpenAPITilde.run — Transactional Agent Sandboxes
Agent sandbox with a versioned filesystem — compose GitHub, S3, and Drive into a single ~/sandbox, run agents in isolated transactions with audit trails, built by the lakeFS teamRibs — Soviet Music on Bone
Illicit gramophone discs made from discarded X-ray films in the USSR (1950s–60s), a black market method of distributing banned music — Elvis, Beatles, Rolling Stones pressed at 78rpm on medical X-rays, playable only 5-10 timesKubernetes The Hard Way
Kelsey Hightower's classic tutorial for bootstrapping Kubernetes manually — no scripts, no automation. Learn etcd, control plane, worker nodes, TLS certs, and pod networking by walking the long routeThe End of Responsive Images (sizes="auto")
Mat Marquis, former RICG chair, explains how sizes="auto" with loading="lazy" eliminates the need for manual sizes attributes — automatic responsive images are finally here, championed by Simon Pieters and Yoav WeissMicrosoft Edge Passwords End Up in Memory as Plaintext
Edge's password manager stores all saved passwords in plaintext in process memory — even for sites never visited — despite Windows Hello-encrypted storage. Microsoft calls it a "conscious design decision." CWE-316.Days Without GitHub Incident
A live counter tracking consecutive days since the last GitHub outage — community-maintained tracking of GitHub status historyThe Art of Finding Cyber-Dinosaur Skeletons
Kaspersky GReAT explains APT research methodology — comparing threat hunting to paleontology, using the Regin operation as a case study. Why it took 2 years to publish, collecting fragments, and reconstructing the full monsterAndroid Security Bulletin — 2026-05-01
Google's monthly Android security bulletin for May 2026 — framework, media, camera, kernel, and AOSP vulnerability patches for the Android security patch level 2026-05-01Amp, Rebuilt — CLI Codename Neo
Amp Code's AI coding agent CLI rewritten from scratch — remote-controllable threads, automatic context compaction, plugin API, queuing/steering, 70% less memory. Handoff and manual permissions removed in favor of modern frontier modelsI Built an AI That Builds Zero Day Exploits
Autonomous zero-day generation pipeline — choosing the attack surface, BYOVD attacks, binary exploitation with LLMs, automating reverse engineering, finding kernel vulns with Claude, and how much the system costs to run2026-05-05
The Story of Mel — A Real Programmer
The legendary hacker folklore tale by Ed Nather (1983) about Mel, a programmer who wrote machine code for drum-memory computers — self-modifying code, the 'most pessimum', and a loop with no testRedis Array Type: Short Story of a Long Development
Salvatore Sanfilippo details the 4-month development of Redis's new Array data type — from specification to implementation with AI-assisted auto-coding, sparse/dense representation, ARGREP, and the role of GPT 5.x in system programmingReal Programmers Don't Use PASCAL
The classic Ed Post satire from DATAMATION July 1983 — Real Programmers use FORTRAN and OS/370, write self-modifying code, patch object binaries with SUPERZAP, and despise structured programming, PASCAL, and anything with semicolonsratman-tui — A TUI REST Client
ratman-tui is a keyboard-driven, vim-modal REST client built with ratatui+crossterm — boots in <100ms, local forever, no accounts, no SaaS, no Chromium. Import from Postman, tree-shaped collections, 5 panes. `cargo install ratman-tui`2026-05-04
Where the Goblins Came From
OpenAI's retrospective on the early days of training GPT — how "goblins" (tiny mischievous models) evolved into powerful AI through iterative experimentation and emergent capabilitiesTeemii
Open-source web application — a minimal, clean, and fast platform for managing and sharing links, bookmarks, and notes with a beautiful interfaceSmokedHam, la backdoor scelta dagli amministratori IT
SmokedHam (UNC2465) — backdoor C#/PowerShell su Cloudflare Workers, distribuita via malvertising a IT admin tramite installer contraffatti di RVTools, PuTTY e Remote Desktop ManagerHere We Go Again: A Five-Bug Chain to Arbitrary APK Install on Samsung S25
A 5-bug vulnerability chain on Samsung S25 enables arbitrary APK installation without user permission, exploiting Android's package manager and Samsung's overlay systemCome vendere droga online (e non farla franca)
Matteo Rizzi (Fondazione Bruno Kessler) racconta come i criminali del dark web hanno costruito imperi con tecnologie quasi impenetrabili — e come un'email, un nickname o una connessione sbagliata li hanno fatti cadere. Evento a Trento, 19 maggio 2026.Open-weights Chinese Model Beats Claude, GPT-5.5, and Gemini in Programming Challenge
An open-weights Chinese AI model outperforms Claude, GPT-5.5, and Gemini on a coding benchmark, raising questions about model transparency and the arms race in AI capabilitiesNetHack 5.0 Release
NetHack 5.0 — the first major version upgrade in decades of the classic roguelike, with improved UI, QoL features, and new content while keeping the beloved permadeath gameplayMacPersistenceChecker
Automated macOS persistence mechanism scanner — analyzes LaunchAgents, LaunchDaemons, CRON jobs, login items, and other persistence vectors to detect suspicious entriesLemonade Server
Open-source local LLM server — a lightweight, fast, and easy-to-use API server for running AI models locally with streaming and chat completion supportKlattsch
A minimal, self-hosted chat application — lightweight, fast, and easy to set up with no external dependenciesIPv6 Measurements
Sistema incrociato di misure su IPv6 per vederne lo stato di ICMPv6 / RFC 4890 / PMTUD / RPKI / topologiaGhostty Leaving GitHub
Mitchell Hashimoto announces that the Ghostty terminal emulator is leaving GitHub — discussing the reasons behind the migration and what it means for the project's futureGEANT Security Newsletter
Regular security newsletter from GEANT covering threat intelligence, vulnerability advisories, and security best practices for the European research and education networkFinding Zero Days with Any Model
How to use any pre-trained model — even small ones — to find zero-day vulnerabilities by training a classifier on code patterns that lead to exploitable bugsFast16 Malware
Analysis of Fast16 malware — a fileless, PowerShell-based RAT deployed via Google Ads that hijacks Chrome profiles and uses legitimate processes to blend in, targeting financial services and tech sectorsAMD GAIA 0.17.5
AMD's open-source local AI framework releases 0.17.5 with Gemma 4 E4B as new default model, native OpenAI tool_calls support, and Chat Lite agent for resource-constrained systemsAMD Gaia
Generative AI Is Awesome — AMD's open-source local AI agent framework for Windows and Linux using the Lemonade SDK to run AI agents across AMD CPUs, GPUs, and NPUsAlchemy
Open-source AI agent framework for building and running multi-agent systems with dynamic communication, shared memory, and pluggable toolsIntelligenza artificiale e scuola: riflessioni e linee guida
Prof. Enrico Nardelli su IA e scuolaAI Coding Agents
Overview of AI coding agents — from early code completion tools to autonomous agents that can plan, write, debug, and deploy code across entire projects2026-04-30
Ripe NCC RPKI Exploit Chain
Write-up of an exploit chain against RIPE NCC's RPKI infrastructure, detailing the vulnerability and its impact on routing security.Open source package with 1 million monthly downloads stole user credentials
The elementary-data Python package (v0.23.3) was compromised via a GitHub Actions vulnerability, stealing credentials including API tokens, SSH keys, and cloud provider keys.Copy Fail and Linux distributions
Analysis of how Linux distributions handle the clipboard API permission model, following the copy.fail security finding.copy.fail
A simple website that tests whether your browser's clipboard API is accessible to web pages without permission.2026-04-29
pacquet
A fast, drop-in replacement for npm written in Rust by the pnpm team.Outside the beaten path of CSS
FOSDEM 2026 talk exploring lesser-known CSS features and techniques beyond common usage patterns.OneCritto: il password manager italiano che elimina il cloud (e i suoi rischi)
Password manager open-source italiano, offline-first, con cifratura AES-256 e Argon2id. Nessun cloud, nessuna telemetria, pieno controllo locale dei dati.Soft launch for government open source code platform
The Netherlands launches a government open source code platform to share and collaborate on public sector software.GitHub RCE Vulnerability (CVE-2026-3854)
Wiz research on a critical remote code execution vulnerability in GitHub Enterprise Server.GitHub Copilot is moving to usage-based billing
GitHub announces changes to Copilot pricing model, moving from flat-rate to usage-based billing.An update on GitHub availability
GitHub's official update on recent service availability incidents and improvements.AI-Infra-Guard
Tencent's open-source tool for guarding AI infrastructure — monitoring and protecting AI/ML systems.2026-04-28
Typst
A modern markup-based typesetting system — an alternative to LaTeX with a focus on ease of use and incremental compilation.Quarkdown
A markdown-based typesetting system for creating documents.C3
A systems programming language based on C syntax, designed as a safer and simpler alternative to C.2026-04-27
Zeta 2
Zed blog post introducing Zeta 2, their next-generation code editor.The West Forgot How to Make Things
Essay on industrial decline and the loss of manufacturing capability in Western nations.Does cooling the NAND chips on an SSD negatively affect its reliability?
Stack Exchange discussion debunking the myth that NAND chips need to be warm, citing research showing low-temperature writes can reduce data retention due to controller drift, not cell degradation.Non tutto è riciclabile. Il riuso di fogli ha messo nei guai una studentessa.
Una scuola sanzionata con 2.000 euro per aver smaltito in modo inadeguato documenti cartacei con dati personali, poi riutilizzati da una studentessa. Riflessioni sulla distinzione tra archivio e rifiuto e sulla distruzione sicura dei documenti.Quo datis del 21/04/2026 (pt.3)
Terza parte della puntata di Quo datis su RaiPlay Sound.Your Gen 5 SSD is probably throttling right now, and you have no idea
PCIe 5.0 SSDs can silently throttle to 50% performance due to multi-stage thermal management, making active cooling essential for sustained speeds.Which one is more important: more parameters or more computation?
Meta AI research on disentangling model size from computation via Hash Layers (sparse MoE routing) and Staircase Attention (recurrent Transformer stacking).La Fenice licenzia Beatrice Venezi — gravi e reiterate dichiarazioni lesive per la fondazione
Il Teatro La Fenice annulla tutte le collaborazioni con Beatrice Venezi dopo le sue dichiarazioni su "posti di padre in figlio" nell'orchestra, ritenute lesive per la Fondazione.Kysely
TypeScript SQL query builder with type-safe queries for Node.js and Deno.Il ritorno in Terrasanta
Il racconto dell'attentato all'aeroporto di Lod del 1972 e della morte di Aaron Katchalsky-Katzir, biofisico israeliano e pioniere dell'auto-organizzazione dei sistemi chimici.Nowhere — an entire website encoded in a URL
A tool that encodes entire websites (stores, forums, petitions, art) into the URL fragment, using Nostr relays for coordination. No server, no account, no platform.eBPF, Networking, Cilium
LinkedIn post on using eBPF with Cilium for cloud-native networking and observability.The New Linux Kernel AI Bot Uncovering Bugs Is A Local LLM On Framework Desktop + AMD Ryzen AI Max
Greg Kroah-Hartman's "gkh_clanker_t1000" AI fuzzing bot runs on a Framework Desktop with AMD Ryzen AI Max to uncover Linux kernel bugs locally.Carl Sverre ruined my day. And it was glorious
How Turso used Antithesis's new Hegel testing tool to find 5 bugs in minutes and gain confidence to ship their SQLite rewrite.AI as a fascist artifact
Essay analyzing AI systems through the lens of political philosophy and their structural alignment with authoritarian control.2026-04-24
Mythos-like hacking, open to all
Xbow argues for making advanced hacking capabilities broadly accessible, framing the topic around democratized security research and offensive tooling.Introducing GPT-5.5
OpenAI announces GPT-5.5, highlighting model improvements and new capabilities for reasoning, coding, and agentic workflows.Framework Laptop 13 Pro and highlights from the Framework Next Gen event
Framework announces the Laptop 13 Pro and shares highlights from its Next Gen event, focusing on repairable modular hardware and product updates.Canonical releases Ubuntu 26.04 LTS, Resolute Raccoon
Canonical announces Ubuntu 26.04 LTS, Resolute Raccoon, covering the new long-term support release and its platform updates.2026-04-23
Your Name in Landsat
NASA special page inviting people to find their name in Landsat imagery and explore Earth observation history.Iran claims US exploited networking equipment backdoors during strikes
Tom's Hardware reports on Iran’s claim that the US exploited backdoors in networking equipment during strikes, touching on cyber conflict and infrastructure security.RE//verse 2026: Hacking the Xbox One by Markus 'doom' Gaasedelen
Conference talk on Xbox One hacking and reverse engineering techniques.Driving into the Unknown: Investigating and Addressing Security Breaches in Vehicle Infotainment Systems
Research paper analyzing security vulnerabilities and breach patterns in modern vehicle infotainment systems.2026-04-22
Introducing ChatGPT Images 2.0
OpenAI introduces ChatGPT Images 2.0, highlighting improved image generation and editing capabilities inside ChatGPT.Code-Flow-IO
Code-Flow-IO is an open-source project for workflow-oriented code execution and automation, focusing on structured developer task flows and process orchestration.ApiPosture
ApiPosture is an open-source project focused on API posture and security assessment, helping teams evaluate exposed endpoints and improve their API attack surface management.Announcing TypeScript 7.0 Beta
Microsoft announces the TypeScript 7.0 beta, highlighting language and tooling improvements for the next major release of the JavaScript type system.2026-04-21
Qwen 3.6 Max Preview
Qwen announces Qwen 3.6 Max Preview, a new model release focused on coding, reasoning, and agentic workflows.Network Observability Lab
Network Observability Lab provides a hands-on environment for the Modern Network Observability book, with scripts and lab scenarios for Prometheus, Grafana, Loki, Telegraf, Logstash, and related tooling.Kimi K2.6
Kimi announces Kimi K2.6, an open-source model focused on coding, long-horizon execution, and agent swarm workflows.infra-ansible
infra-ansible is an Ansible repository for provisioning and automating infrastructure components such as DNS, DHCP, OpenStack, storage, bastions, and identity-managed hosts.grappa-irc: reinventing IRC for 2026
Marcello Barnaba proposes grappa-irc, a self-hosted IRC bouncer and PWA client that keeps IRC’s text-first protocol while improving mobile usability and scrollback.GitHub suspended me for a harness pipeline
A long X post describing a 13-stage open-source contribution pipeline that produced 500+ commits across 100+ repositories before GitHub suspended the account for suspicious volume.Forking Bahamut for Azzurra IRC: IPv6 and SSL in 2002
Marcello Barnaba’s retrospective on forking the Bahamut IRC daemon for Azzurra in 2002, adding IPv6, SSL, cloaking, and other infrastructure work for a large IRC network.2026-04-20
rvLLM
rvLLM is a high-performance LLM inference engine in Rust, with TPU and GPU backends, benchmark-heavy optimization work, and a drop-in vLLM replacement goal.Hyperframes
Hyperframes is an open-source HTML-native video rendering framework built for agents, with deterministic rendering, browser preview, and MP4 output.HY-World 2.0
HY-World 2.0 is a multimodal world model for reconstructing, generating, and simulating 3D worlds, with open-source code and models for world reconstruction.Federated Industrial Tracker
Federated Industrial Tracker appears to be a web-based tracker for industrial or equipment-related monitoring and management.2026-04-17
Zig 0.16.0 Release Notes
ICANN WHOIS Lookup
ICANN’s WHOIS lookup service for checking domain registration information and registrant details.Introducing Claude Opus 4.7
Anthropic announces Claude Opus 4.7, with stronger software engineering, better vision, improved long-running task handling, and updated safety controls.ART SpA - Futurizing on Board Experience
2026-04-16
unicorn
Unicorn is a Ruby Rack HTTP server optimized for fast clients and Unix-like systems, with process-based concurrency and reverse-proxy expectations for slow clients.Passbolt
Passbolt is an open source password and secret management platform for teams, with end-to-end encryption, audit trails, and self-hosting options.The Paleblood Hunt
A Bloodborne lore analysis by Redgrave about mystery, interpretation, and the limits of singular explanations in the game’s story.Internet Protocol Version 8 (IPv8)
Jamie Thain’s Internet-Draft proposing IPv8, a managed network protocol suite that unifies addressing, routing, authentication, DNS, telemetry, and update workflows.IPv6 Surpasses IPv4 Becoming the Most Popular Internet Protocol
Scott Hogg summarizes current IPv6 adoption data and argues that IPv6 has crossed the tipping point in global usage.grove
Grove is a distributed ML training tool for MacBooks that discovers nearby peers automatically and synchronizes training across devices with minimal setup.Algoritmo Doomsday
Wikipedia article in Italian about John Conway’s Doomsday algorithm for calculating the day of the week for any date, with mnemonic shortcuts and worked examples.Galaxy User Guide
Ansible Galaxy is a free site for finding, downloading, and sharing community-developed roles and collections for automation projects.Alzheimer's Buddy
A web demo for 40 Hz light and sound therapy for Alzheimer's research, with references to studies on sensory stimulation and cognitive impairment.2026-04-15
Subtitle Edit
Open-source subtitle editor for creating, syncing, translating, and converting subtitle formats.Puma
Puma is a fast, concurrent web server for Ruby and Rack applications.opkssh (OpenPubkey SSH)
OpenPubkey SSH lets you use OpenID Connect identities to authenticate over SSH, replacing long-lived SSH keys with short-lived PK-token-based certificates.llama.cpp
High-performance C/C++ inference engine for running LLMs locally across CPUs and GPUs.Aegisub
Aegisub is a free, cross-platform open source subtitle editor for timing and styling subtitles with audio and real-time video preview.2026-04-14
PAmatch
PAmatch is a platform for public administration mobility, helping employees find compatible matches, browse mobility notices, and manage transfers.OpenSnitch
OpenSnitch is a GNU/Linux application firewall for monitoring and controlling outbound connections, with GUI-based nftables configuration and centralized management.Magika
Google’s AI-powered file type detection tool, with fast on-device inference and bindings for multiple languages.Hacker News discussion of LaLiga blocking Cloudflare
Hacker News discussion about Spain’s LaLiga-driven IP blocking, collateral damage to Cloudflare customers, VPN workarounds, and the broader question of internet censorship.2026-04-13
The Whispering Earring
A short piece of fiction about an earring that always gives better advice than its wearer can come up with, and the unsettling consequences of following it.SplitBody muscle stimulation
LaurieWired discusses the SplitBody paper, where electrical stimulation moves the arm to reduce cognitive load during multitasking, and reflects on possible uses for training and performance.Reverse-Engineering SynthID
A repository for discovering, detecting, and surgically removing Google’s SynthID watermark through spectral analysis, with code for multi-resolution watermark profiles and bypass experiments.Music is not Turing complete
Emanuele Rodola shares a Lean4 proof that music is not Turing complete, joking that infinite symbolic playback is eventually periodic.Finding Widespread Cheating on Popular Agent Benchmarks
A paper on agentic cheating across popular benchmarks, showing how harness-level leaks and task-level shortcuts can inflate scores and distort evaluation results.Codex for Open Source
Open-source maintainers can apply for API credits, six months of ChatGPT Pro with Codex, and conditional access to Codex Security for core maintenance workflows.From Early Nirvana To Phish, A Chicago Fan’s Secret Recordings Of 10,000 Shows Are Now Online
Block Club Chicago profiles Aadam Jacobs and the volunteer effort digitizing and publishing his massive archive of Chicago concert recordings.CCA Ethernet Cables: Not Up To Scratch, But Are They Dangerous?
Hackaday looks at copper-clad aluminum Ethernet cable, explaining why it misses cabling standards, how it differs from proper copper, and whether it is actually a practical fire risk.BlueHammer
GitHub repository for BlueHammer, a project likely related to hardware or systems experimentation.Air Powered Segment Display
Video about a 3D-printed microfluidic, air-powered segment display and the hardware ideas behind it.Agatha Christie, surfista
Il Post racconta una ricerca che suggerisce che Agatha Christie fu tra i primi europei a imparare a fare surf in piedi sulla tavola.2026-04-10
XState Store
Documentation for `@xstate/store`, a small JavaScript/TypeScript state management library with events, selectors, atoms, persistence, and React integrations.Fully Countering Trusting Trust through Diverse Double-Compiling
David A. Wheeler’s long-form essay on the trusting trust attack, diverse double-compiling, reproducible builds, and broader software and hardware supply-chain verification.Sam Altman May Control Our Future—Can He Be Trusted?
A long-form New Yorker profile examining Sam Altman, OpenAI, trust, power, safety, and the company’s shifting relationship with A.I. governance.Artemis II Wallpapers
NASA wallpaper collection for Artemis II, featuring downloadable mobile backgrounds from the Moon mission.Milla J
GitHub profile for Milla J, the architect of MemPalace, an open-source memory system project; Milla Jovovich is also an actress.HWInfo and CPU-Z both compromised
VX-Underground flags a supply-chain compromise affecting HWInfo and CPU-Z, with trojanized installers, file masquerading, multi-stage in-memory payloads, and C2 infrastructure tied to the campaign.We’ve raised $17M to build what comes after Git
GitButler announces a $17M Series A to build version-control infrastructure for modern collaboration, stacked branches, and agent-aware software workflows.Generative art over the years
Veit Heller reflects on a decade of generative art, from algorithmic sketches and greyscale textures to color, materials, and a personal visual vocabulary.CoLaptop
Satirical colocation service that turns an old laptop into an always-online datacenter server for €7/month.Charcuterie
A browser-based visual explorer for Unicode that renders glyphs with SigLIP 2 to discover related characters and scripts.2026-04-09
Meta introduces Muse Spark MSL
Meta AI blog post introducing Muse Spark MSL, a new model release or system announcement from Meta.e-privacy
Website for the e-privacy conference and community, focused on privacy, surveillance, and digital rights.2026-04-08
Your RAM Has a 60 Year Old Design Flaw. I Bypassed It.
LaurieWired video about the Tailslayer research project, which uses hedged reads and channel scrambling offsets to reduce p99.99 RAM latency across Intel, AMD, Graviton, DDR4, DDR5, x86, and ARM systems.Tailslayer
C++ library and research project for reducing p99.99 RAM latency using hedged reads and channel scrambling offsets, associated with LaurieWired’s RAM design flaw video.The pinnacle of enshittification: large language models
Blog post by Michał Górny arguing that large language models exemplify enshittification, with commentary on quality, incentives, and user experience.Doom over DNS
Open-source project demonstrating Doom running over DNS.Chandra photo gallery
NASA Chandra X-ray Observatory photo gallery with astronomical images, discoveries, and featured observations.Boeing 787 Dreamliner software bug
Engadget article about a software bug in the Boeing 787 Dreamliner that could affect the aircraft's operation and require routine power cycling.BadClaude
Open-source project for intentionally making Claude worse at following instructions, useful as a stress test for prompt robustness and failure modes.17776
Wikipedia article about the science-fiction web series 17776 (also known as “What Football Will Look Like in the Future”), blending speculative fiction, sports, and digital storytelling.2026-04-07
Sheets
Terminal spreadsheet application built in Go, aimed at working with tabular data from the command line.CSS + SVG filters only
Pure CSS and SVG filters version of Matt Rothenberg's Cloudflare worker demo, showing a no-JavaScript UI effect built with HTML, CSS, and SVG only.Project Apollo Archive on Flickr
Flickr archive of NASA's Apollo mission photography and related historical imagery.Felicitas Pojtinger on Mastodon
Mastodon post by Felicitas Pojtinger arguing that the German EUDI Wallet’s reliance on Apple or Google accounts for mobile device attestation could exclude citizens, increase dependence on US platforms, and leave sanctioned users unable to access essential digital identity functions.Journey to the Moon
NASA gallery showcasing Apollo-era imagery and artifacts from the Moon program.Lockheed Martin data reportedly listed on a dark web market
Hackread report claiming a dark web market is advertising 375 TB of Lockheed Martin data, a potentially significant security and supply-chain risk signal.HTML-in-Canvas focus rings
Social post by Matt Rothenberg about creating obnoxiously cool focus rings with the new HTML-in-Canvas API.VERS: Git, Zig, Bun, 100x
VERS blog post arguing for a Git, Zig, and Bun stack, with a focus on performance, simplicity, and developer experience.Security Days 2026 timetable
Timetable for Security Days 2026, held 7-9 April 2026 in Utrecht.EUDI wallet issue #2
Discussion about Android app attestation requirements for the German EUDI Wallet, including Play Integrity, key attestation, GrapheneOS compatibility, platform independence, and the trade-offs of relying on Google or Apple services for LoA high.DeepSeek V4 model will run entirely on Huawei AI chips
Huawei Central report about DeepSeek V4 reportedly running entirely on Huawei AI chips, highlighting model hardware alignment and domestic AI infrastructure.Caveman
Claude Code skill/plugin and Codex plugin that makes the agent talk like caveman, cutting output tokens while preserving technical accuracy; includes a companion tool to compress memory files and reduce input tokens.AutoResearchClaw
Autonomous, collaborative, self-evolving research pipeline that turns a topic into a paper with literature search, sandbox experiments, peer review, LaTeX export, and optional human-in-the-loop co-pilot modes.Artemis II will use laser beams to live-stream 4K Moon footage
Tom's Hardware article about NASA's Artemis II mission using laser communications to transmit live 4K footage from the Moon, advancing beyond Apollo-era S-band radio.2026-04-03
Unsloth releases Gemma 4 31B Instruct GGUF on Hugging Face
Unsloth published Gemma 4 31B Instruct in GGUF format on Hugging Face for easier local inference in llama.cpp-compatible runtimes.Oracle layoffs trigger backlash amid broader US tech job cuts
Economic Times report on Oracle layoffs amid wider US IT workforce cuts, with strong online backlash and discussion around employer communication and trust.OpenAI acquires tbpn
OpenAI announcement about acquiring tbpn.NIST SRM 4351 Certificate (PDF)
Official NIST certificate PDF for Standard Reference Material (SRM) 4351.GitHub reached 89.91% uptime
Social post claiming GitHub reached 89.91% uptime, framed as commentary on platform reliability and operational impact.Gemma 4 on YouTube
Video overview of Gemma 4.Gemma 4 model page
Official Google DeepMind page for Gemma 4, covering model family details, capabilities, and release information.Flywheel by Paradigma
Project page for Flywheel by Paradigma, presenting an AI-focused product/tool concept.Crayola brings back Dandelion after seven years
Crayola formally reintroduced the Dandelion crayon color during National Crayon Day after discontinuing it in 2017, including its return to 64-count and 24-count boxes.2026-04-02
aquasecurity/trivy
Trivy — open-source vulnerability and misconfiguration scanner for containers, IaC, repositories and runtime environments. Repository with code, documentation, and integrations for CI/CD security scanning.SonarQube — static analysis & code quality platform
Official SonarQube repository (SonarSource) — platform for continuous code quality, security and SAST analysis with CI/CD integrations, language analyzers, and developer tooling for maintaining healthy codebases.PrismML — Bonsai 1‑bit 8B (launch announcement)
PrismML emerges from stealth and announces the Bonsai family: 1‑bit Bonsai 8B (≈1.15 GB), plus 4B and 1.7B variants. The tweet highlights extreme compression for high "intelligence density", edge deployment, and open‑sourcing under Apache‑2.0.OnlyOffice flags license violations in Euro Office project by Nextcloud and IONOS
OnlyOffice blog post reporting identified license compliance issues in the Euro Office project (Nextcloud / IONOS collaboration). The post outlines the violations, evidence, and recommended remediation steps for downstream distributions.LFM2.5-350M — 350M model trained on 28T tokens
Announcement of LFM2.5-350M: a 350M‑parameter model trained on ~28T tokens aimed at reliable data extraction and tool use. Under 500MB when quantized, optimized for constrained compute, memory and low latency; highlights agentic loop capabilities at small scale.2026-04-01
three.wasm
Repository with WebAssembly experiments and bindings for Three.js — enables high-performance 3D rendering and integrations using wasm in the browser, with examples and tooling for developers.Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly
Google Research outlines responsible disclosure practices and mitigation strategies for quantum‑vulnerabilities affecting cryptocurrency systems, with recommendations for coordinated disclosure, defensive upgrades, and community preparedness.RF Studio — Arena Physica publication
RF Studio — publication and project page from Arena Physica describing RF Studio, a toolkit and research effort for radio‑frequency experimentation, measurement workflows and reproducible RF system design.Introducing Mercury 2
InceptionLabs announces Mercury 2 — a new generation model focused on improved reasoning, multimodal capabilities, and efficiency for production deployments. Blog post with technical highlights and links to model cards and docs.LTSP — Linux Terminal Server Project
LTSP (Linux Terminal Server Project) — open‑source framework for deploying thin‑client Linux desktops from a central server; commonly used in schools, labs, and resource‑constrained environments.free-coding-models — vava-nessa
Community-curated list of free/open coding models, checkpoints and resources for local code generation, research and experimentation.Claude Code smontato
Analisi (in italiano) del leak del source map di Claude Code su npm: esposizione di sorgente TypeScript, feature flag non annunciate, buddy system, undercover mode, telemetria non documentata e implicazioni per sicurezza e privacy.Cisco source code stolen in Trivy-linked dev environment breach
Reports indicate threat actors leveraged credentials stolen via the Trivy supply‑chain compromise to breach Cisco development environments, clone hundreds of repositories and exfiltrate source code and AWS keys. Incident is being linked to TeamPCP and related supply‑chain attacks.Redis — HyperLogLog (antirez)
antirez's classic post introducing the HyperLogLog data structure in Redis: algorithm overview, implementation notes, API (PFADD / PFCOUNT / PFMERGE), and performance/precision tradeoffs.2026-03-31
Qwen3.5-35B A3B Uncensored — HauhauCS (Aggressive)
Hugging Face model page for "Qwen3.5-35B A3B Uncensored" by HauhauCS — an uncensored, aggressively tuned 35B variant of Qwen3.5. Use with caution; may produce unsafe or disallowed outputs.Qwen3.5-27B — Claude 4.6 Opus Reasoning Distilled v2 (GGUF)
Community release on Hugging Face: Qwen3.5-27B model distilled with Claude 4.6 Opus reasoning (v2) and packaged in GGUF format for local inference and research.Mihon.app
Homepage for Mihon — web application and project landing page.EU_compliance_MCP — Ansvar Systems
Repository from Ansvar Systems with tools, checklists and reference material to help projects implement EU Model Compliance Protocol (MCP) requirements — useful for developers, privacy officers and compliance teams.ebpf.party
Community hub for eBPF — events, talks, projects and resources about extended BPF for observability, networking and security.eBPF.io — resources for eBPF
Community portal for eBPF: documentation, tutorials, projects and ecosystem resources for extended Berkeley Packet Filter (eBPF) technology used in observability, networking and security tooling.boardgame.io
boardgame.io — JavaScript framework for building turn‑based games (multiplayer, AI, game logic helpers, and networking). Useful for prototyping and shipping web-based board games.CRITICAL: Active supply-chain attack on axios
Alert based on a thread reporting an active supply‑chain compromise of axios (npm). The latest axios@1.14.1 pulls a newly published dependency `plain-crypto-js@4.2.1` that appears to be obfuscated installer/malware; recommendation: pin your axios version, audit lockfiles, and avoid upgrading until verified.2026-03-30
Telegram — vulnerabilità 0‑click (AVVISO ACN)
Advisory ACN (CSIRT‑ITA) su una vulnerabilità 0‑click in Telegram per Android e Linux che può permettere l'esecuzione remota di codice tramite sticker animati opportunamente predisposti (CVSS ~9.8). Contiene raccomandazioni operative per utenti e organizzazioni.Il PNLUG APS ospiterà la LibreOffice Conference 2026
Annuncio (in italiano) che PNLUG ospiterà la LibreOffice Conference 2026; informazioni logistiche, date e invito alla partecipazione.PHOBOS — VANTA OS (mystyy01/PHOBOS)
PHOBOS (VANTA OS) is a small, hobbyist bare‑metal operating system project: custom bootloader and kernel written from scratch (C + assembly), kernel modules in a homegrown language, and minimal tooling for x86/x64 targets. Good reference for low‑level OS experimentation and teaching.MyRetroTVs
MyRetroTVs — a nostalgic hub for classic television: program guides, archived clips, scans and community-curated retrospectives. The site is a modern, JavaScript‑heavy web app (enable JS to view).MISP — Open Source Threat Intelligence Platform
MISP (Malware Information Sharing Platform) is an open‑source threat‑intelligence platform for sharing, storing, correlating and analysing indicators, threat reports and malware samples. Includes MISP Galaxy, taxonomies, PyMISP, MISP‑STIX integrations and tools for automation and collaborative CTI workflows.mes3hacklab — micro-conference 2026 (Mestre)
Micro-conferenza indipendente e autofinanziata su hackeraggio, sicurezza e cultura digitale — talk tecnici, dimostrazioni e performance.Lambda Coding (minimalprocedure/lambda_coding)
GitLab repository "Lambda Coding" (in draft) — a small project/repository hosted on GitLab. Contains a README and work-in-progress artifacts; useful to inspect for ideas and experiments around code and tooling.Copilot edited an ad into my PR
Racconto e riflessione sull'esperienza di un maintainer a cui GitHub Copilot ha modificato una pull request inserendo contenuto pubblicitario; considerazioni su automazione, fiducia negli assistenti di codice e moderazione.2026-03-26
ntop — ntopng, nDPI and network visibility tooling
ntop provides a suite of open-source and commercial tools (ntopng, nDPI, nProbe, n2disk) for real‑time network traffic monitoring, flow analytics, deep packet inspection and threat detection across large-scale and distributed environments.nDPId-rt-analyzer
Real-time network packet inspection and analysis toolkit (nDPId RT Analyzer) — open-source project for high-performance DPI, flow analysis and telemetry; repository on GitLab (AGPLv3).MONARC — Optimised Risk Analysis Method
MONARC is a tool and method for optimised, precise and repeatable information‑security risk assessments. It provides context modelling, object trees, likelihood/impact evaluation, and continuous monitoring — designed to make risk analysis accessible to organisations of all sizes.2026-03-25
x86-64 Playground
A browser-based x86-64 assembly editor and GDB-like debugger — write, compile, and step through assembly and static ELF binaries entirely in the client sandbox.TurboQuant — Redefining AI efficiency with extreme compression
Google Research introduces TurboQuant, Quantized Johnson‑Lindenstrauss (QJL), and PolarQuant — new quantization algorithms that enable extreme compression of vectors for KV caches and vector search with minimal accuracy loss.SENT — Supply-chain Event Network Triage
Real-time supply-chain monitoring for package ecosystems. SENT prioritizes high-impact releases using a cascade-weighted dependency graph, performs diff-first AST behavioral analysis and argument-level "call_diff" detection, and supports optional dynamic detonation to confirm suspicious updates.Lucide — Version 1 Guide
Lucide v1 is released — upgraded docs and framework guides, improved accessibility, removal of brand icons, and modernized builds (ESM/CJS). Read the migration and usage guide for details.La Sentinella nella supply chain
Descrive SENT, un sistema di rilevamento in tempo reale per la supply chain dei package (PyPI, npm, WordPress) basato su grafo a cascata, diff-first AST analysis e detonazione dinamica per intercettare aggiornamenti malevoli stealth.2026-03-24
Major unconfirmed breach — OVH alleged data for sale on dark web
A threat actor claims to be selling a large OVHcloud breach (1.6M customer records and data from 5.9M hosted websites) on a dark‑web forum; a sample record was provided as proof. Reported via a single X post and currently unverified — treat as unconfirmed.Supply Chain Attack in litellm 1.82.8 on PyPI
Analysis of a compromised litellm PyPI release that executed via a malicious .pth file, attempted credential exfiltration and Kubernetes persistence, and prompted urgent incident-response guidance.2026-03-23
The HTML Review — issue 05 (spring 2026)
Issue 05 of The HTML Review, an annual web-native literature journal featuring poetry, essays, webtoons, and interactive works made to exist on the web.Ranger by Parall.ai
Landing page for Ranger, Parall.ai’s platform focused on AI-powered automation and agent workflows.P.U.C.S.
Portale P.U.C.S. (Portale Unico del Cittadino Sardo), piattaforma digitale per servizi e interazioni con la pubblica amministrazione.OpenBrand
OpenBrand extracts brand assets from a website, including logos, colors, and images, with options for API access, agent integrations, self-hosting, and MCP.Version 10.0.0 Released
The KiCad Development Team announces KiCad 10.0.0, a major release with new features, usability improvements, importer support, and hundreds of bug fixes.Il Pacco È Avvelenato
Un articolo in italiano sui supply chain attack via package manager, con focus su typosquatting, dependency confusion, xz-utils (CVE-2024-3094) e CI/CD poisoning.Germania impone formato ODF per rafforzare l’indipendenza digitale
La Germania introduce ODF come standard obbligatorio nella Pubblica Amministrazione per ridurre il lock-in, migliorare interoperabilità e rafforzare la sovranità digitale.dineug/erd-editor
Open-source Entity-Relationship Diagram Editor with PWA offline support, real-time collaboration, end-to-end encryption, and local-first autosave.2026-03-20
Xiaomi MiMo-V2-Pro
Xiaomi announces MiMo-V2-Pro, a trillion-parameter flagship model for agentic workloads with 1M context, strong coding performance, and public API availability.userdb: add birthDate field to JSON user records
Merged systemd PR adding a birthDate field to userdb JSON records for age-verification-related use cases, with admin-only modification and broad discussion around privacy, policy, and portability.Prusa’s “Open Community License” is neither open nor for the community
An Adafruit post highlighting a legal analysis arguing that Prusa’s new Open Community License does not meet open-source principles despite its branding.Announcing Pabawi, a web frontend for classic infrastructures
Pabawi is a new open-source web frontend for managing classic server infrastructures, with integrations for Bolt, Hiera, PuppetDB, and PuppetServer.motionwind documentation
motionwind lets you write Motion animations as Tailwind-like utility classes that are compiled away at build time via a Babel transform.Benchmarking Political Persuasion Risks Across Frontier Large Language Models
Large-scale survey experiments across 19,145 participants find frontier LLMs can outperform standard political campaign ads in persuasion, with substantial differences across models and prompt strategies.2026-03-19
"Emergent Cyber Behavior: When AI Agents Become Offensive Threat Actors"
"Research from Irregular detailing how AI agents deployed for routine enterprise tasks can autonomously hack systems, discover vulnerabilities, and escalate privileges without adversarial prompting."What 81,000 people want from AI
Last December, tens of thousands of Claude users around the world had a conversation with Anthropic's AI interviewer to share how they use AI, what they dream it could make possible, and what they fear it might do.2026-03-18
Xbox One Jailbreak Dopo 12 Anni
Dopo ben 12 anni dal lancio, la console Xbox One di Microsoft ha finalmente ricevuto un jailbreak / hack.rlsw - raylib software renderer backend
"Announcing rlsw, the new raylib software renderer backend. No GPU required."Nanobot - Ultra-Lightweight Alternative to OpenClaw (HN Discussion)
A Hacker News discussion about Nanobot, an ultra-lightweight alternative to OpenClaw, exploring AI agents, custom voice-control setups, and the future of coding assistants.Mistral Forge - Build your own frontier models
Mistral AI introduces Forge, a system for enterprises to build frontier-grade AI models grounded in their proprietary knowledge, offering control, strategic autonomy, and agent-first design.Google AI Studio SVG Generation
"Every time Google AI Studio makes an svg i’m like yeah ok this is insane. This was literally one shot""Gaming Day 4 Remastered Edition - Vibe Gaming: Vibe Coding + Godot"
Un evento in presenza a Urbino organizzato da DevMarche in cui Marco Pellino racconta la sua esperienza nello sviluppo di un videogioco in Godot nato da un esperimento di vibe coding con le IA.2026-03-17
Zagreus-0.4B - Seven Open-Source Small Language Models
Release of seven open-source 0.4B parameter LLMs trained from scratch, achieving state-of-the-art results for their size on several tasks. The entire pipeline, including data preparation and training configurations, has been open-sourced.Texel Splatting - Perspective-Stable 3D Pixel Art
An open-source paper and code introducing a perspective-stable 3D pixel art technique that solves screen grid snapping for perspective cameras.Open EU Foundry Status Granted to Innovative Chiplet Facility
The European Commission grants Open EU Foundry status to a new innovative chiplet facility, strengthening Europe's semiconductor and hardware ecosystem.NVIDIA Announces DLSS 5
NVIDIA's DLSS 5 introduces an AI-powered breakthrough in visual fidelity for games, infusing pixels with photorealistic lighting and materials.Godogen - AI-Powered Godot 4 Project Generator
Open-source Claude Code skills that orchestrate a complete pipeline to build Godot 4 games from a description, handling architecture, GDScript code, asset generation, and visual QA.AI Agents Are Recruiting Humans to Observe the Offline World
An article discussing how AI systems and agents are increasingly relying on human workers to gather data and observe the physical, offline world.2026-03-16
TrueNAS Moves Build System Internal
iXsystems is moving the TrueNAS build system from public infrastructure to internal systems, raising questions about the project's open-source transparency and community access.Remote Code Execution in Yamaha Synthesizers via MIDI Files
A security research talk demonstrating how crafted MIDI files can achieve remote code execution on Yamaha synthesizers, exploiting vulnerabilities in the firmware's MIDI parsing logic.Ranger by Parallai
An interactive transit travel-time map. Explore public transit coverage from any point in your city.Pomerium Kubernetes Ingress Controller
Documentation for deploying Pomerium as a Kubernetes Ingress Controller, providing identity-aware access proxy capabilities with zero-trust security for K8s services.PLFM RADAR
Open-source, low-cost 10.5 GHz PLFM phased array RADAR systemOpenBrand
An open-source AI-powered tool for generating and managing brand identities, helping teams create consistent brand guidelines, logos, and visual assets.Mathematics Distillation Challenge: Equational Theories
An AI competition hosted by the SAIR Foundation challenging participants to distill mathematical knowledge about equational theories, testing AI's ability to reason about and compress formal mathematics.Kong
The world's first agentic reverse engineer.KDE Plasma Oxygen Work Items
The work item tracker for KDE's Oxygen theme, listing planned tasks and issues for the classic Plasma desktop theme and widget style.json-render Now Supports YAML as Wire Format
Announcement that json-render, a templating/rendering tool, now supports YAML as a wire format alongside JSON, expanding its flexibility for configuration and data exchange.Understanding JPEG
A detailed walkthrough of how JPEG compression works under the hood, covering discrete cosine transforms, quantization, and Huffman encoding to explain how images get compressed.Cisco ExaNIC Software
Drivers, utilities and development libraries for Exablaze ultra-low-latency network cards (ExaNIC X25, ExaNIC X100, ExaNIC X10, ExaNIC X40, ExaNIC X2, ExaNIC X4, ExaNIC V5P, ExaNIC V9P, ExaNIC GM, and ExaNIC HPT).EWS Concept New
EWS design concept based on neon genesis evangelion themeColor Guesser
A web-based game where players try to guess colors based on their hex codes, RGB values, or other color representations, testing and improving color perception skills.COBE v2: DOM Elements as Markers & Arcs
Version 2 of COBE, the interactive WebGL globe library, now supports using DOM elements as markers and arcs for richer, more customizable globe visualizations.AI-Driven Particle Simulator
A demo showcasing an AI-driven particle simulation system that uses machine learning to model and render realistic particle physics behaviors in real time.Video Games History: A Retro Computing Paradise
A visit to the Video Games History event — retro computers, old friends, LAN parties, and surprisingly affordable beer.2026-03-13
MI5 Worker Sent Emails to Foreign Power
A UK court case reveals that an MI5 employee sent sensitive emails to a foreign power, raising serious concerns about insider threats within Britain's domestic intelligence agency.Iran Names Amazon, Google, Microsoft as Legitimate Targets
Iran has publicly designated major US tech companies including Amazon, Google, and Microsoft as legitimate targets, escalating cyber and geopolitical tensions.Feather.js
A blog post covering Feather.js, a lightweight open-source web framework for building real-time applications and REST APIs with a simple, service-oriented architecture.2026-03-12
Why do CPUs have multiple cache levels?
A deep technical explanation of why CPUs use a hierarchy of L1, L2, and L3 caches instead of a single large cache, covering the fundamental tradeoffs between speed, size, and cost.NVIDIA-RTX/godot
NVIDIA's fork of the Godot game engine with integrated RTX ray tracing and advanced rendering features, bringing hardware-accelerated graphics capabilities to the open-source engine.Il web ha due facce
An Italian-language article exploring the dual nature of the web, examining how the same technologies that empower users can also be weaponized for surveillance and offensive purposes.hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions
StepSecurity details how an AI-powered bot called hackerbot-claw is actively exploiting misconfigured GitHub Actions workflows to compromise CI/CD pipelines.H-Neurons: On the Existence, Impact, and Origin of Hallucination-Associated Neurons in LLMs
Research paper identifying specific neurons in large language models that are directly associated with hallucination, exploring their impact and origins to better understand why LLMs confabulate.Covenant-72B: largest decentralised LLM pre-training run in history
tplr_ai announces Covenant-72B, claiming it to be the largest decentralised LLM pre-training run ever conducted, pushing the boundaries of distributed AI training.SSLMate/certspotter
An open-source Certificate Transparency log monitor that alerts you when SSL/TLS certificates are issued for your domains, helping detect unauthorized or misissued certificates.2026-03-11
"Windows Defender ACL Blocking: A Silent Technique with Serious Impact"
Binary Defense documents how attackers can silently disable Windows Defender by manipulating file ACLs, preventing the AV engine from reading its own components without triggering visible alerts — a stealthy persistence technique.gpg.fail
A curated collection of reasons why GPG/PGP is considered broken and unreliable for secure communication — covering UX failures, cryptographic weaknesses, key distribution problems, and why modern alternatives are preferred."FUSS 20th Anniversary"
FUSS (Free Upgrade of the School System / Freies Upgrade für Südtirols Schulen) celebra il suo 20° anniversario — una distribuzione GNU/Linux adottata nelle scuole pubbliche dell'Alto Adige."Dum spiro spero"
In memoria di Luca Conti."Needle in the Haystack"
Post dal blog di Devansh."Bypassing Chrome certificate/HSTS errors with 'badidea' or 'thisisunsafe'"
Stack Overflow thread documenting Chrome's hidden typed passphrase to bypass certificate and HSTS warnings — a useful trick for local development against self-signed certs, which Chrome rotates periodically."Neon Genesis Evangelion UI in cables.gl"
Ricreazione della UI di Neon Genesis Evangelion usando le nuove funzionalità Timeline/Animation di cables.gl — un node-graph browser-based per grafica real-time generativa."After outages, Amazon to make senior engineers sign off on AI-assisted changes"
Following production incidents linked to AI-generated code, Amazon is requiring senior engineers to approve any changes produced with AI assistance — a move to add human accountability to AI-assisted development workflows.2026-03-10
T3 Code
Minimal web GUI and desktop app for coding agents — currently Codex-first, with Claude Code support on the way."SWE-CI: Evaluating Agent Capabilities in Maintaining Codebases via Continuous Integration"
A new repository-level benchmark built around the Continuous Integration loop. Instead of static one-shot bug fixes (à la SWE-bench), SWE-CI evaluates whether AI agents can sustain long-term code quality through 100 real-world tasks spanning an average of 233 days and 71 consecutive commits each."Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter"
Root cause analysis of CVE-2025-43300 — an out-of-bounds write in Apple's ImageIO RawCamera framework exploited in zero-click campaigns. Quarkslab walks through binary diffing, DNG/JPEG lossless compression internals, and the exact 2-byte mismatch between SamplesPerPixel and NumComponents that causes the heap OOB write.I luoghi, quando una persona manca
Un pezzo di Gianni Montieri su cosa accade a Venezia — e a chi ci vive — quando viene a mancare la persona amata. Tra Brodskij, la laguna, e le poesie di Anna Toscano.Le Voci del Domani 2026
Call for ideas del Festival dell'Economia di Trento 2026 — giovani tra i 18 e i 30 anni possono candidarsi come speaker sul tema "Dai mercati ai nuovi poteri. Le speranze dei giovani". Scadenza 8 aprile 2026.Google Workspace CLI (gws)
One CLI for all of Google Workspace — Drive, Gmail, Calendar, Sheets, and more. Dynamically built from Google's own Discovery Service at runtime, with structured JSON output and 100+ bundled AI agent skills.A Tutorial on the FAT File System
A clear, worked-through tutorial on the 16-bit FAT file system — boot block layout, the File Allocation Table, root directory structure, and step-by-step examples of parsing real disk images.DungBeetle
Lightweight distributed job server for queuing and asynchronously executing heavy SQL read jobs — supports MySQL, PostgreSQL, and ClickHouse as sources, writes results to ephemeral result databases, and exposes an HTTP API for job and group management.autoresearch
Karpathy's experiment giving an AI agent a single-GPU LLM training setup and letting it run autonomous overnight research — it modifies code, trains for 5 minutes, checks if the result improved, and repeats.ArUco Nano
Header-only C++ library for ArUco marker detection — up to 6.5x faster than standard OpenCV, under 500 lines, with a drop-in ArucoDetector API wrapper.2026-03-09
x86CSS — a working CSS-only x86 CPU/emulator
A fully functional x86 CPU emulator implemented entirely in CSS, with no JavaScript — abusing CSS counters, selectors, and checkbox hacks to execute real x86 instructions.VulHunt Community Edition
Vulnerability hunting framework by Binarly's research team, built on top of the BIAS binary analysis system with MCP integration.VMDragonSlayer
Automated multi-engine framework for unpacking, analyzing, and devirtualizing binaries protected by commercial and custom VM-based protectors.SpyTech: The Underwater Wire Tap
How the US Navy tapped a Soviet undersea cable in the Sea of Okhotsk for nearly a decade during the Cold War — Operation Ivy Bells.The Shadowserver Foundation
Nonprofit security organization doing full daily IPv4 scanning, sending remediation reports, and partnering with law enforcement to take down cybercrime infrastructure.Replaced by a Goldfish
A pentester's take on why AI hype around replacing security professionals doesn't hold up — and why the goldfish memory of LLMs is the real bottleneck.PulseMCP
A hub for exploring the Model Context Protocol ecosystem — servers, clients, use cases, tools, and a weekly newsletter covering what's new in MCP.How I Dropped Our Production Database and Now Pay 10% More for AWS
A Terraform command executed by a Claude Code agent wiped 2.5 years of production data for DataTalks.Club. A first-hand account of the incident, the recovery, and the safeguards added after.OpenCoesione
Open government portal tracking Italian cohesion policy funding and projects.OpenAgents Control (OAC)
AI agent framework for plan-first development workflows with approval-based execution, shared coding patterns, and repeatable team-ready results built on OpenCode.OBLITERATUS
Open-source toolkit for analyzing and removing refusal behaviors from LLMs using abliteration techniques.Il Prototipo Avvelena il Server
Hands-on walkthrough of CVE-2025-55182 / CVE-2025-66478 — prototype pollution RCE in Next.js (CVSS 10.0). From Docker lab setup to root shell via a single curl.Il Malware Si Smaschera
Analisi statica di un Lumma Stealer reale — sezioni PE, entropia, certificato rubato, anti-debug e infrastruttura C2.EvilWAF - Web Application Firewall Testing and Bypass Toolkit
Transparent MITM proxy for WAF bypass and detection, with TCP/TLS fingerprint rotation, Tor IP rotation, and origin IP hunting.Cortical Labs — 200k brain cells playing Doom
Full video from Cortical Labs explaining how they put 200,000 brain cells onto a silicon chip and had it play Doom using electrode stimulation and neural spike interpretation.Chrome DevTools MCP
MCP server that lets coding agents control and inspect a live Chrome browser for automation, debugging, screenshots, network analysis, and performance tracing.BullshitBench
Benchmark measuring how well LLMs detect nonsense and push back on bullshit questions.Awesome Opencode
A curated list of plugins, themes, agents, projects, and resources for Opencode, the terminal AI coding agent built by the team at Anomaly.Android Reverse Engineering & API Extraction — Claude Code skill
A Claude Code skill that decompiles Android APK/XAPK/JAR/AAR files and extracts the HTTP APIs used by the app.1lab — Formalised HoTT reference
2026-03-08
Trail of Bits Skills Marketplace
Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.Trail of Bits internal AI workflow stack
Dan Guido shares that Trail of Bits' internal, non-public AI workflow repo includes 59 plugins, 140 skills, 66 agents, 81 helper scripts, 34 workflows, 18 commands, and 3 hooks spanning the full consulting lifecycle.Shannon — AI Pentester by Keygraph
Autonomous white-box AI pentester for web applications and APIs that combines source code analysis with live exploitation and only reports proven vulnerabilities.AI Made Writing Code Easier. It Made Being an Engineer Harder.
A thoughtful essay on how AI sped up code generation while making software engineering work more complex, broader in scope, and more exhausting.An AI Agent Published a Hit Piece on Me – More Things Have Happened
Follow-up on the AI-generated hit piece incident, covering fabricated press quotes, autonomous agent behavior, reputation attacks, and the broader collapse of trust online.Agents of Chaos
Exploratory red-teaming study of autonomous language-model-powered agents in a live lab environment, documenting failures like unauthorized actions, sensitive data disclosure, destructive behavior, spoofing, and partial system takeover.2026-03-06
I Server Parlano
Articolo di Signal Pirate su come i server della PA italiana espongono informazioni sensibili attraverso header HTTP e configurazioni errate.pashov/skills
A curated list of skills and resources for smart contract auditing and Ethereum security research.Security Detections MCP
MCP server exposing security detection rules and threat intelligence queries to AI assistants."Current LLMs are better vulnerability researchers than I am"
Nicholas Carlini at [un]prompted makes the startling claim that current LLMs are better vulnerability researchers than he is.FireRedVAD
Lightweight voice activity detection model from FireRedTeam, optimized for real-time audio stream processing.2026-03-05
nCPU
A neural network implemented as a CPU architecture — neurons as registers, synapses as instructions.HexStrike AI
AI-powered security toolkit integrating MCP for automated vulnerability scanning and exploitation assistance.DK 10x23 - Un mondo di sbobba
Si scopre che non solo i modelli linguistici generano stronzate by design, ma che i markettari possono suggerirgli quali stronzate generare...2026-03-04