category: incoming
2026-03-05
HexStrike AI
AI-powered security toolkit integrating MCP for automated vulnerability scanning and exploitation assistance.nCPU
A neural network implemented as a CPU architecture — neurons as registers, synapses as instructions.2026-03-06
FireRedVAD
Lightweight voice activity detection model from FireRedTeam, optimized for real-time audio stream processing."Current LLMs are better vulnerability researchers than I am"
Nicholas Carlini at [un]prompted makes the startling claim that current LLMs are better vulnerability researchers than he is.Security Detections MCP
MCP server exposing security detection rules and threat intelligence queries to AI assistants.pashov/skills
A curated list of skills and resources for smart contract auditing and Ethereum security research.I Server Parlano
Articolo di Signal Pirate su come i server della PA italiana espongono informazioni sensibili attraverso header HTTP e configurazioni errate.2026-03-08
Agents of Chaos
Exploratory red-teaming study of autonomous language-model-powered agents in a live lab environment, documenting failures like unauthorized actions, sensitive data disclosure, destructive behavior, spoofing, and partial system takeover.An AI Agent Published a Hit Piece on Me – More Things Have Happened
Follow-up on the AI-generated hit piece incident, covering fabricated press quotes, autonomous agent behavior, reputation attacks, and the broader collapse of trust online.AI Made Writing Code Easier. It Made Being an Engineer Harder.
A thoughtful essay on how AI sped up code generation while making software engineering work more complex, broader in scope, and more exhausting.Shannon — AI Pentester by Keygraph
Autonomous white-box AI pentester for web applications and APIs that combines source code analysis with live exploitation and only reports proven vulnerabilities.Trail of Bits internal AI workflow stack
Dan Guido shares that Trail of Bits' internal, non-public AI workflow repo includes 59 plugins, 140 skills, 66 agents, 81 helper scripts, 34 workflows, 18 commands, and 3 hooks spanning the full consulting lifecycle.Trail of Bits Skills Marketplace
Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.2026-03-09
1lab — Formalised HoTT reference
Android Reverse Engineering & API Extraction — Claude Code skill
A Claude Code skill that decompiles Android APK/XAPK/JAR/AAR files and extracts the HTTP APIs used by the app.Awesome Opencode
A curated list of plugins, themes, agents, projects, and resources for Opencode, the terminal AI coding agent built by the team at Anomaly.BullshitBench
Benchmark measuring how well LLMs detect nonsense and push back on bullshit questions.Chrome DevTools MCP
MCP server that lets coding agents control and inspect a live Chrome browser for automation, debugging, screenshots, network analysis, and performance tracing.Cortical Labs — 200k brain cells playing Doom
Full video from Cortical Labs explaining how they put 200,000 brain cells onto a silicon chip and had it play Doom using electrode stimulation and neural spike interpretation.EvilWAF - Web Application Firewall Testing and Bypass Toolkit
Transparent MITM proxy for WAF bypass and detection, with TCP/TLS fingerprint rotation, Tor IP rotation, and origin IP hunting.Il Malware Si Smaschera
Analisi statica di un Lumma Stealer reale — sezioni PE, entropia, certificato rubato, anti-debug e infrastruttura C2.Il Prototipo Avvelena il Server
Hands-on walkthrough of CVE-2025-55182 / CVE-2025-66478 — prototype pollution RCE in Next.js (CVSS 10.0). From Docker lab setup to root shell via a single curl.OBLITERATUS
Open-source toolkit for analyzing and removing refusal behaviors from LLMs using abliteration techniques.OpenAgents Control (OAC)
AI agent framework for plan-first development workflows with approval-based execution, shared coding patterns, and repeatable team-ready results built on OpenCode.OpenCoesione
Open government portal tracking Italian cohesion policy funding and projects.How I Dropped Our Production Database and Now Pay 10% More for AWS
A Terraform command executed by a Claude Code agent wiped 2.5 years of production data for DataTalks.Club. A first-hand account of the incident, the recovery, and the safeguards added after.PulseMCP
A hub for exploring the Model Context Protocol ecosystem — servers, clients, use cases, tools, and a weekly newsletter covering what's new in MCP.Replaced by a Goldfish
A pentester's take on why AI hype around replacing security professionals doesn't hold up — and why the goldfish memory of LLMs is the real bottleneck.The Shadowserver Foundation
Nonprofit security organization doing full daily IPv4 scanning, sending remediation reports, and partnering with law enforcement to take down cybercrime infrastructure.SpyTech: The Underwater Wire Tap
How the US Navy tapped a Soviet undersea cable in the Sea of Okhotsk for nearly a decade during the Cold War — Operation Ivy Bells.VMDragonSlayer
Automated multi-engine framework for unpacking, analyzing, and devirtualizing binaries protected by commercial and custom VM-based protectors.VulHunt Community Edition
Vulnerability hunting framework by Binarly's research team, built on top of the BIAS binary analysis system with MCP integration.x86CSS — a working CSS-only x86 CPU/emulator
A fully functional x86 CPU emulator implemented entirely in CSS, with no JavaScript — abusing CSS counters, selectors, and checkbox hacks to execute real x86 instructions.2026-03-10
ArUco Nano
Header-only C++ library for ArUco marker detection — up to 6.5x faster than standard OpenCV, under 500 lines, with a drop-in ArucoDetector API wrapper.autoresearch
Karpathy's experiment giving an AI agent a single-GPU LLM training setup and letting it run autonomous overnight research — it modifies code, trains for 5 minutes, checks if the result improved, and repeats.DungBeetle
Lightweight distributed job server for queuing and asynchronously executing heavy SQL read jobs — supports MySQL, PostgreSQL, and ClickHouse as sources, writes results to ephemeral result databases, and exposes an HTTP API for job and group management.A Tutorial on the FAT File System
A clear, worked-through tutorial on the 16-bit FAT file system — boot block layout, the File Allocation Table, root directory structure, and step-by-step examples of parsing real disk images.Google Workspace CLI (gws)
One CLI for all of Google Workspace — Drive, Gmail, Calendar, Sheets, and more. Dynamically built from Google's own Discovery Service at runtime, with structured JSON output and 100+ bundled AI agent skills.Le Voci del Domani 2026
Call for ideas del Festival dell'Economia di Trento 2026 — giovani tra i 18 e i 30 anni possono candidarsi come speaker sul tema "Dai mercati ai nuovi poteri. Le speranze dei giovani". Scadenza 8 aprile 2026.I luoghi, quando una persona manca
Un pezzo di Gianni Montieri su cosa accade a Venezia — e a chi ci vive — quando viene a mancare la persona amata. Tra Brodskij, la laguna, e le poesie di Anna Toscano."Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter"
Root cause analysis of CVE-2025-43300 — an out-of-bounds write in Apple's ImageIO RawCamera framework exploited in zero-click campaigns. Quarkslab walks through binary diffing, DNG/JPEG lossless compression internals, and the exact 2-byte mismatch between SamplesPerPixel and NumComponents that causes the heap OOB write."SWE-CI: Evaluating Agent Capabilities in Maintaining Codebases via Continuous Integration"
A new repository-level benchmark built around the Continuous Integration loop. Instead of static one-shot bug fixes (à la SWE-bench), SWE-CI evaluates whether AI agents can sustain long-term code quality through 100 real-world tasks spanning an average of 233 days and 71 consecutive commits each.T3 Code
Minimal web GUI and desktop app for coding agents — currently Codex-first, with Claude Code support on the way.2026-03-11
"After outages, Amazon to make senior engineers sign off on AI-assisted changes"
Following production incidents linked to AI-generated code, Amazon is requiring senior engineers to approve any changes produced with AI assistance — a move to add human accountability to AI-assisted development workflows."Neon Genesis Evangelion UI in cables.gl"
Ricreazione della UI di Neon Genesis Evangelion usando le nuove funzionalità Timeline/Animation di cables.gl — un node-graph browser-based per grafica real-time generativa."Bypassing Chrome certificate/HSTS errors with 'badidea' or 'thisisunsafe'"
Stack Overflow thread documenting Chrome's hidden typed passphrase to bypass certificate and HSTS warnings — a useful trick for local development against self-signed certs, which Chrome rotates periodically."Needle in the Haystack"
Post dal blog di Devansh."Dum spiro spero"
In memoria di Luca Conti."FUSS 20th Anniversary"
FUSS (Free Upgrade of the School System / Freies Upgrade für Südtirols Schulen) celebra il suo 20° anniversario — una distribuzione GNU/Linux adottata nelle scuole pubbliche dell'Alto Adige.gpg.fail
A curated collection of reasons why GPG/PGP is considered broken and unreliable for secure communication — covering UX failures, cryptographic weaknesses, key distribution problems, and why modern alternatives are preferred."Windows Defender ACL Blocking: A Silent Technique with Serious Impact"
Binary Defense documents how attackers can silently disable Windows Defender by manipulating file ACLs, preventing the AV engine from reading its own components without triggering visible alerts — a stealthy persistence technique.2026-03-12
SSLMate/certspotter
An open-source Certificate Transparency log monitor that alerts you when SSL/TLS certificates are issued for your domains, helping detect unauthorized or misissued certificates.Covenant-72B: largest decentralised LLM pre-training run in history
tplr_ai announces Covenant-72B, claiming it to be the largest decentralised LLM pre-training run ever conducted, pushing the boundaries of distributed AI training.H-Neurons: On the Existence, Impact, and Origin of Hallucination-Associated Neurons in LLMs
Research paper identifying specific neurons in large language models that are directly associated with hallucination, exploring their impact and origins to better understand why LLMs confabulate.hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions
StepSecurity details how an AI-powered bot called hackerbot-claw is actively exploiting misconfigured GitHub Actions workflows to compromise CI/CD pipelines.Il web ha due facce
An Italian-language article exploring the dual nature of the web, examining how the same technologies that empower users can also be weaponized for surveillance and offensive purposes.NVIDIA-RTX/godot
NVIDIA's fork of the Godot game engine with integrated RTX ray tracing and advanced rendering features, bringing hardware-accelerated graphics capabilities to the open-source engine.Why do CPUs have multiple cache levels?
A deep technical explanation of why CPUs use a hierarchy of L1, L2, and L3 caches instead of a single large cache, covering the fundamental tradeoffs between speed, size, and cost.2026-03-13
Feather.js
A blog post covering Feather.js, a lightweight open-source web framework for building real-time applications and REST APIs with a simple, service-oriented architecture.Iran Names Amazon, Google, Microsoft as Legitimate Targets
Iran has publicly designated major US tech companies including Amazon, Google, and Microsoft as legitimate targets, escalating cyber and geopolitical tensions.MI5 Worker Sent Emails to Foreign Power
A UK court case reveals that an MI5 employee sent sensitive emails to a foreign power, raising serious concerns about insider threats within Britain's domestic intelligence agency.2026-03-16
AI-Driven Particle Simulator
A demo showcasing an AI-driven particle simulation system that uses machine learning to model and render realistic particle physics behaviors in real time.COBE v2: DOM Elements as Markers & Arcs
Version 2 of COBE, the interactive WebGL globe library, now supports using DOM elements as markers and arcs for richer, more customizable globe visualizations.Color Guesser
A web-based game where players try to guess colors based on their hex codes, RGB values, or other color representations, testing and improving color perception skills.EWS Concept New
EWS design concept based on neon genesis evangelion themeCisco ExaNIC Software
Drivers, utilities and development libraries for Exablaze ultra-low-latency network cards (ExaNIC X25, ExaNIC X100, ExaNIC X10, ExaNIC X40, ExaNIC X2, ExaNIC X4, ExaNIC V5P, ExaNIC V9P, ExaNIC GM, and ExaNIC HPT).Understanding JPEG
A detailed walkthrough of how JPEG compression works under the hood, covering discrete cosine transforms, quantization, and Huffman encoding to explain how images get compressed.json-render Now Supports YAML as Wire Format
Announcement that json-render, a templating/rendering tool, now supports YAML as a wire format alongside JSON, expanding its flexibility for configuration and data exchange.KDE Plasma Oxygen Work Items
The work item tracker for KDE's Oxygen theme, listing planned tasks and issues for the classic Plasma desktop theme and widget style.Kong
The world's first agentic reverse engineer.Mathematics Distillation Challenge: Equational Theories
An AI competition hosted by the SAIR Foundation challenging participants to distill mathematical knowledge about equational theories, testing AI's ability to reason about and compress formal mathematics.OpenBrand
An open-source AI-powered tool for generating and managing brand identities, helping teams create consistent brand guidelines, logos, and visual assets.PLFM RADAR
Open-source, low-cost 10.5 GHz PLFM phased array RADAR systemPomerium Kubernetes Ingress Controller
Documentation for deploying Pomerium as a Kubernetes Ingress Controller, providing identity-aware access proxy capabilities with zero-trust security for K8s services.Ranger by Parallai
An interactive transit travel-time map. Explore public transit coverage from any point in your city.Remote Code Execution in Yamaha Synthesizers via MIDI Files
A security research talk demonstrating how crafted MIDI files can achieve remote code execution on Yamaha synthesizers, exploiting vulnerabilities in the firmware's MIDI parsing logic.TrueNAS Moves Build System Internal
iXsystems is moving the TrueNAS build system from public infrastructure to internal systems, raising questions about the project's open-source transparency and community access.2026-03-17
AI Agents Are Recruiting Humans to Observe the Offline World
An article discussing how AI systems and agents are increasingly relying on human workers to gather data and observe the physical, offline world.Godogen - AI-Powered Godot 4 Project Generator
Open-source Claude Code skills that orchestrate a complete pipeline to build Godot 4 games from a description, handling architecture, GDScript code, asset generation, and visual QA.NVIDIA Announces DLSS 5
NVIDIA's DLSS 5 introduces an AI-powered breakthrough in visual fidelity for games, infusing pixels with photorealistic lighting and materials.Open EU Foundry Status Granted to Innovative Chiplet Facility
The European Commission grants Open EU Foundry status to a new innovative chiplet facility, strengthening Europe's semiconductor and hardware ecosystem.Texel Splatting - Perspective-Stable 3D Pixel Art
An open-source paper and code introducing a perspective-stable 3D pixel art technique that solves screen grid snapping for perspective cameras.Zagreus-0.4B - Seven Open-Source Small Language Models
Release of seven open-source 0.4B parameter LLMs trained from scratch, achieving state-of-the-art results for their size on several tasks. The entire pipeline, including data preparation and training configurations, has been open-sourced.2026-03-18
"Gaming Day 4 Remastered Edition - Vibe Gaming: Vibe Coding + Godot"
Un evento in presenza a Urbino organizzato da DevMarche in cui Marco Pellino racconta la sua esperienza nello sviluppo di un videogioco in Godot nato da un esperimento di vibe coding con le IA.Google AI Studio SVG Generation
"Every time Google AI Studio makes an svg i’m like yeah ok this is insane. This was literally one shot"Mistral Forge - Build your own frontier models
Mistral AI introduces Forge, a system for enterprises to build frontier-grade AI models grounded in their proprietary knowledge, offering control, strategic autonomy, and agent-first design.Nanobot - Ultra-Lightweight Alternative to OpenClaw (HN Discussion)
A Hacker News discussion about Nanobot, an ultra-lightweight alternative to OpenClaw, exploring AI agents, custom voice-control setups, and the future of coding assistants.rlsw - raylib software renderer backend
"Announcing rlsw, the new raylib software renderer backend. No GPU required."Xbox One Jailbreak Dopo 12 Anni
Dopo ben 12 anni dal lancio, la console Xbox One di Microsoft ha finalmente ricevuto un jailbreak / hack.2026-03-19
What 81,000 people want from AI
Last December, tens of thousands of Claude users around the world had a conversation with Anthropic's AI interviewer to share how they use AI, what they dream it could make possible, and what they fear it might do."Emergent Cyber Behavior: When AI Agents Become Offensive Threat Actors"
"Research from Irregular detailing how AI agents deployed for routine enterprise tasks can autonomously hack systems, discover vulnerabilities, and escalate privileges without adversarial prompting."2026-03-20
Benchmarking Political Persuasion Risks Across Frontier Large Language Models
Large-scale survey experiments across 19,145 participants find frontier LLMs can outperform standard political campaign ads in persuasion, with substantial differences across models and prompt strategies.motionwind documentation
motionwind lets you write Motion animations as Tailwind-like utility classes that are compiled away at build time via a Babel transform.Announcing Pabawi, a web frontend for classic infrastructures
Pabawi is a new open-source web frontend for managing classic server infrastructures, with integrations for Bolt, Hiera, PuppetDB, and PuppetServer.Prusa’s “Open Community License” is neither open nor for the community
An Adafruit post highlighting a legal analysis arguing that Prusa’s new Open Community License does not meet open-source principles despite its branding.userdb: add birthDate field to JSON user records
Merged systemd PR adding a birthDate field to userdb JSON records for age-verification-related use cases, with admin-only modification and broad discussion around privacy, policy, and portability.Xiaomi MiMo-V2-Pro
Xiaomi announces MiMo-V2-Pro, a trillion-parameter flagship model for agentic workloads with 1M context, strong coding performance, and public API availability.2026-03-23
dineug/erd-editor
Open-source Entity-Relationship Diagram Editor with PWA offline support, real-time collaboration, end-to-end encryption, and local-first autosave.Germania impone formato ODF per rafforzare l’indipendenza digitale
La Germania introduce ODF come standard obbligatorio nella Pubblica Amministrazione per ridurre il lock-in, migliorare interoperabilità e rafforzare la sovranità digitale.Il Pacco È Avvelenato
Un articolo in italiano sui supply chain attack via package manager, con focus su typosquatting, dependency confusion, xz-utils (CVE-2024-3094) e CI/CD poisoning.Version 10.0.0 Released
The KiCad Development Team announces KiCad 10.0.0, a major release with new features, usability improvements, importer support, and hundreds of bug fixes.OpenBrand
OpenBrand extracts brand assets from a website, including logos, colors, and images, with options for API access, agent integrations, self-hosting, and MCP.P.U.C.S.
Portale P.U.C.S. (Portale Unico del Cittadino Sardo), piattaforma digitale per servizi e interazioni con la pubblica amministrazione.Ranger by Parall.ai
Landing page for Ranger, Parall.ai’s platform focused on AI-powered automation and agent workflows.The HTML Review — issue 05 (spring 2026)
Issue 05 of The HTML Review, an annual web-native literature journal featuring poetry, essays, webtoons, and interactive works made to exist on the web.2026-03-24
Supply Chain Attack in litellm 1.82.8 on PyPI
Analysis of a compromised litellm PyPI release that executed via a malicious .pth file, attempted credential exfiltration and Kubernetes persistence, and prompted urgent incident-response guidance.Major unconfirmed breach — OVH alleged data for sale on dark web
A threat actor claims to be selling a large OVHcloud breach (1.6M customer records and data from 5.9M hosted websites) on a dark‑web forum; a sample record was provided as proof. Reported via a single X post and currently unverified — treat as unconfirmed.2026-03-25
La Sentinella nella supply chain
Descrive SENT, un sistema di rilevamento in tempo reale per la supply chain dei package (PyPI, npm, WordPress) basato su grafo a cascata, diff-first AST analysis e detonazione dinamica per intercettare aggiornamenti malevoli stealth.Lucide — Version 1 Guide
Lucide v1 is released — upgraded docs and framework guides, improved accessibility, removal of brand icons, and modernized builds (ESM/CJS). Read the migration and usage guide for details.SENT — Supply-chain Event Network Triage
Real-time supply-chain monitoring for package ecosystems. SENT prioritizes high-impact releases using a cascade-weighted dependency graph, performs diff-first AST behavioral analysis and argument-level "call_diff" detection, and supports optional dynamic detonation to confirm suspicious updates.TurboQuant — Redefining AI efficiency with extreme compression
Google Research introduces TurboQuant, Quantized Johnson‑Lindenstrauss (QJL), and PolarQuant — new quantization algorithms that enable extreme compression of vectors for KV caches and vector search with minimal accuracy loss.x86-64 Playground
A browser-based x86-64 assembly editor and GDB-like debugger — write, compile, and step through assembly and static ELF binaries entirely in the client sandbox.2026-03-26
MONARC — Optimised Risk Analysis Method
MONARC is a tool and method for optimised, precise and repeatable information‑security risk assessments. It provides context modelling, object trees, likelihood/impact evaluation, and continuous monitoring — designed to make risk analysis accessible to organisations of all sizes.nDPId-rt-analyzer
Real-time network packet inspection and analysis toolkit (nDPId RT Analyzer) — open-source project for high-performance DPI, flow analysis and telemetry; repository on GitLab (AGPLv3).ntop — ntopng, nDPI and network visibility tooling
ntop provides a suite of open-source and commercial tools (ntopng, nDPI, nProbe, n2disk) for real‑time network traffic monitoring, flow analytics, deep packet inspection and threat detection across large-scale and distributed environments.2026-03-30
Copilot edited an ad into my PR
Racconto e riflessione sull'esperienza di un maintainer a cui GitHub Copilot ha modificato una pull request inserendo contenuto pubblicitario; considerazioni su automazione, fiducia negli assistenti di codice e moderazione.Lambda Coding (minimalprocedure/lambda_coding)
GitLab repository "Lambda Coding" (in draft) — a small project/repository hosted on GitLab. Contains a README and work-in-progress artifacts; useful to inspect for ideas and experiments around code and tooling.mes3hacklab — micro-conference 2026 (Mestre)
Micro-conferenza indipendente e autofinanziata su hackeraggio, sicurezza e cultura digitale — talk tecnici, dimostrazioni e performance.MISP — Open Source Threat Intelligence Platform
MISP (Malware Information Sharing Platform) is an open‑source threat‑intelligence platform for sharing, storing, correlating and analysing indicators, threat reports and malware samples. Includes MISP Galaxy, taxonomies, PyMISP, MISP‑STIX integrations and tools for automation and collaborative CTI workflows.MyRetroTVs
MyRetroTVs — a nostalgic hub for classic television: program guides, archived clips, scans and community-curated retrospectives. The site is a modern, JavaScript‑heavy web app (enable JS to view).PHOBOS — VANTA OS (mystyy01/PHOBOS)
PHOBOS (VANTA OS) is a small, hobbyist bare‑metal operating system project: custom bootloader and kernel written from scratch (C + assembly), kernel modules in a homegrown language, and minimal tooling for x86/x64 targets. Good reference for low‑level OS experimentation and teaching.Il PNLUG APS ospiterà la LibreOffice Conference 2026
Annuncio (in italiano) che PNLUG ospiterà la LibreOffice Conference 2026; informazioni logistiche, date e invito alla partecipazione.Telegram — vulnerabilità 0‑click (AVVISO ACN)
Advisory ACN (CSIRT‑ITA) su una vulnerabilità 0‑click in Telegram per Android e Linux che può permettere l'esecuzione remota di codice tramite sticker animati opportunamente predisposti (CVSS ~9.8). Contiene raccomandazioni operative per utenti e organizzazioni.2026-03-31
CRITICAL: Active supply-chain attack on axios
Alert based on a thread reporting an active supply‑chain compromise of axios (npm). The latest axios@1.14.1 pulls a newly published dependency `plain-crypto-js@4.2.1` that appears to be obfuscated installer/malware; recommendation: pin your axios version, audit lockfiles, and avoid upgrading until verified.boardgame.io
boardgame.io — JavaScript framework for building turn‑based games (multiplayer, AI, game logic helpers, and networking). Useful for prototyping and shipping web-based board games.eBPF.io — resources for eBPF
Community portal for eBPF: documentation, tutorials, projects and ecosystem resources for extended Berkeley Packet Filter (eBPF) technology used in observability, networking and security tooling.ebpf.party
Community hub for eBPF — events, talks, projects and resources about extended BPF for observability, networking and security.EU_compliance_MCP — Ansvar Systems
Repository from Ansvar Systems with tools, checklists and reference material to help projects implement EU Model Compliance Protocol (MCP) requirements — useful for developers, privacy officers and compliance teams.Mihon.app
Homepage for Mihon — web application and project landing page.Qwen3.5-27B — Claude 4.6 Opus Reasoning Distilled v2 (GGUF)
Community release on Hugging Face: Qwen3.5-27B model distilled with Claude 4.6 Opus reasoning (v2) and packaged in GGUF format for local inference and research.Qwen3.5-35B A3B Uncensored — HauhauCS (Aggressive)
Hugging Face model page for "Qwen3.5-35B A3B Uncensored" by HauhauCS — an uncensored, aggressively tuned 35B variant of Qwen3.5. Use with caution; may produce unsafe or disallowed outputs.2026-04-01
Redis — HyperLogLog (antirez)
antirez's classic post introducing the HyperLogLog data structure in Redis: algorithm overview, implementation notes, API (PFADD / PFCOUNT / PFMERGE), and performance/precision tradeoffs.Cisco source code stolen in Trivy-linked dev environment breach
Reports indicate threat actors leveraged credentials stolen via the Trivy supply‑chain compromise to breach Cisco development environments, clone hundreds of repositories and exfiltrate source code and AWS keys. Incident is being linked to TeamPCP and related supply‑chain attacks.Claude Code smontato
Analisi (in italiano) del leak del source map di Claude Code su npm: esposizione di sorgente TypeScript, feature flag non annunciate, buddy system, undercover mode, telemetria non documentata e implicazioni per sicurezza e privacy.free-coding-models — vava-nessa
Community-curated list of free/open coding models, checkpoints and resources for local code generation, research and experimentation.LTSP — Linux Terminal Server Project
LTSP (Linux Terminal Server Project) — open‑source framework for deploying thin‑client Linux desktops from a central server; commonly used in schools, labs, and resource‑constrained environments.Introducing Mercury 2
InceptionLabs announces Mercury 2 — a new generation model focused on improved reasoning, multimodal capabilities, and efficiency for production deployments. Blog post with technical highlights and links to model cards and docs.RF Studio — Arena Physica publication
RF Studio — publication and project page from Arena Physica describing RF Studio, a toolkit and research effort for radio‑frequency experimentation, measurement workflows and reproducible RF system design.Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly
Google Research outlines responsible disclosure practices and mitigation strategies for quantum‑vulnerabilities affecting cryptocurrency systems, with recommendations for coordinated disclosure, defensive upgrades, and community preparedness.three.wasm
Repository with WebAssembly experiments and bindings for Three.js — enables high-performance 3D rendering and integrations using wasm in the browser, with examples and tooling for developers.2026-04-02
LFM2.5-350M — 350M model trained on 28T tokens
Announcement of LFM2.5-350M: a 350M‑parameter model trained on ~28T tokens aimed at reliable data extraction and tool use. Under 500MB when quantized, optimized for constrained compute, memory and low latency; highlights agentic loop capabilities at small scale.OnlyOffice flags license violations in Euro Office project by Nextcloud and IONOS
OnlyOffice blog post reporting identified license compliance issues in the Euro Office project (Nextcloud / IONOS collaboration). The post outlines the violations, evidence, and recommended remediation steps for downstream distributions.PrismML — Bonsai 1‑bit 8B (launch announcement)
PrismML emerges from stealth and announces the Bonsai family: 1‑bit Bonsai 8B (≈1.15 GB), plus 4B and 1.7B variants. The tweet highlights extreme compression for high "intelligence density", edge deployment, and open‑sourcing under Apache‑2.0.SonarQube — static analysis & code quality platform
Official SonarQube repository (SonarSource) — platform for continuous code quality, security and SAST analysis with CI/CD integrations, language analyzers, and developer tooling for maintaining healthy codebases.aquasecurity/trivy
Trivy — open-source vulnerability and misconfiguration scanner for containers, IaC, repositories and runtime environments. Repository with code, documentation, and integrations for CI/CD security scanning.2026-04-03
Crayola brings back Dandelion after seven years
Crayola formally reintroduced the Dandelion crayon color during National Crayon Day after discontinuing it in 2017, including its return to 64-count and 24-count boxes.Flywheel by Paradigma
Project page for Flywheel by Paradigma, presenting an AI-focused product/tool concept.Gemma 4 model page
Official Google DeepMind page for Gemma 4, covering model family details, capabilities, and release information.Gemma 4 on YouTube
Video overview of Gemma 4.GitHub reached 89.91% uptime
Social post claiming GitHub reached 89.91% uptime, framed as commentary on platform reliability and operational impact.NIST SRM 4351 Certificate (PDF)
Official NIST certificate PDF for Standard Reference Material (SRM) 4351.OpenAI acquires tbpn
OpenAI announcement about acquiring tbpn.Oracle layoffs trigger backlash amid broader US tech job cuts
Economic Times report on Oracle layoffs amid wider US IT workforce cuts, with strong online backlash and discussion around employer communication and trust.Unsloth releases Gemma 4 31B Instruct GGUF on Hugging Face
Unsloth published Gemma 4 31B Instruct in GGUF format on Hugging Face for easier local inference in llama.cpp-compatible runtimes.2026-04-07
Artemis II will use laser beams to live-stream 4K Moon footage
Tom's Hardware article about NASA's Artemis II mission using laser communications to transmit live 4K footage from the Moon, advancing beyond Apollo-era S-band radio.AutoResearchClaw
Autonomous, collaborative, self-evolving research pipeline that turns a topic into a paper with literature search, sandbox experiments, peer review, LaTeX export, and optional human-in-the-loop co-pilot modes.Caveman
Claude Code skill/plugin and Codex plugin that makes the agent talk like caveman, cutting output tokens while preserving technical accuracy; includes a companion tool to compress memory files and reduce input tokens.DeepSeek V4 model will run entirely on Huawei AI chips
Huawei Central report about DeepSeek V4 reportedly running entirely on Huawei AI chips, highlighting model hardware alignment and domestic AI infrastructure.EUDI wallet issue #2
Discussion about Android app attestation requirements for the German EUDI Wallet, including Play Integrity, key attestation, GrapheneOS compatibility, platform independence, and the trade-offs of relying on Google or Apple services for LoA high.Security Days 2026 timetable
Timetable for Security Days 2026, held 7-9 April 2026 in Utrecht.VERS: Git, Zig, Bun, 100x
VERS blog post arguing for a Git, Zig, and Bun stack, with a focus on performance, simplicity, and developer experience.HTML-in-Canvas focus rings
Social post by Matt Rothenberg about creating obnoxiously cool focus rings with the new HTML-in-Canvas API.Lockheed Martin data reportedly listed on a dark web market
Hackread report claiming a dark web market is advertising 375 TB of Lockheed Martin data, a potentially significant security and supply-chain risk signal.Journey to the Moon
NASA gallery showcasing Apollo-era imagery and artifacts from the Moon program.Felicitas Pojtinger on Mastodon
Mastodon post by Felicitas Pojtinger arguing that the German EUDI Wallet’s reliance on Apple or Google accounts for mobile device attestation could exclude citizens, increase dependence on US platforms, and leave sanctioned users unable to access essential digital identity functions.Project Apollo Archive on Flickr
Flickr archive of NASA's Apollo mission photography and related historical imagery.CSS + SVG filters only
Pure CSS and SVG filters version of Matt Rothenberg's Cloudflare worker demo, showing a no-JavaScript UI effect built with HTML, CSS, and SVG only.Sheets
Terminal spreadsheet application built in Go, aimed at working with tabular data from the command line.2026-04-08
17776
Wikipedia article about the science-fiction web series 17776 (also known as “What Football Will Look Like in the Future”), blending speculative fiction, sports, and digital storytelling.BadClaude
Open-source project for intentionally making Claude worse at following instructions, useful as a stress test for prompt robustness and failure modes.Boeing 787 Dreamliner software bug
Engadget article about a software bug in the Boeing 787 Dreamliner that could affect the aircraft's operation and require routine power cycling.Chandra photo gallery
NASA Chandra X-ray Observatory photo gallery with astronomical images, discoveries, and featured observations.Doom over DNS
Open-source project demonstrating Doom running over DNS.The pinnacle of enshittification: large language models
Blog post by Michał Górny arguing that large language models exemplify enshittification, with commentary on quality, incentives, and user experience.Tailslayer
C++ library and research project for reducing p99.99 RAM latency using hedged reads and channel scrambling offsets, associated with LaurieWired’s RAM design flaw video.Your RAM Has a 60 Year Old Design Flaw. I Bypassed It.
LaurieWired video about the Tailslayer research project, which uses hedged reads and channel scrambling offsets to reduce p99.99 RAM latency across Intel, AMD, Graviton, DDR4, DDR5, x86, and ARM systems.2026-04-09
e-privacy
Website for the e-privacy conference and community, focused on privacy, surveillance, and digital rights.Meta introduces Muse Spark MSL
Meta AI blog post introducing Muse Spark MSL, a new model release or system announcement from Meta.2026-04-10
Charcuterie
A browser-based visual explorer for Unicode that renders glyphs with SigLIP 2 to discover related characters and scripts.CoLaptop
Satirical colocation service that turns an old laptop into an always-online datacenter server for €7/month.Generative art over the years
Veit Heller reflects on a decade of generative art, from algorithmic sketches and greyscale textures to color, materials, and a personal visual vocabulary.We’ve raised $17M to build what comes after Git
GitButler announces a $17M Series A to build version-control infrastructure for modern collaboration, stacked branches, and agent-aware software workflows.HWInfo and CPU-Z both compromised
VX-Underground flags a supply-chain compromise affecting HWInfo and CPU-Z, with trojanized installers, file masquerading, multi-stage in-memory payloads, and C2 infrastructure tied to the campaign.Milla J
GitHub profile for Milla J, the architect of MemPalace, an open-source memory system project; Milla Jovovich is also an actress.Artemis II Wallpapers
NASA wallpaper collection for Artemis II, featuring downloadable mobile backgrounds from the Moon mission.Sam Altman May Control Our Future—Can He Be Trusted?
A long-form New Yorker profile examining Sam Altman, OpenAI, trust, power, safety, and the company’s shifting relationship with A.I. governance.Fully Countering Trusting Trust through Diverse Double-Compiling
David A. Wheeler’s long-form essay on the trusting trust attack, diverse double-compiling, reproducible builds, and broader software and hardware supply-chain verification.XState Store
Documentation for `@xstate/store`, a small JavaScript/TypeScript state management library with events, selectors, atoms, persistence, and React integrations.2026-04-13
Agatha Christie, surfista
Il Post racconta una ricerca che suggerisce che Agatha Christie fu tra i primi europei a imparare a fare surf in piedi sulla tavola.Air Powered Segment Display
Video about a 3D-printed microfluidic, air-powered segment display and the hardware ideas behind it.BlueHammer
GitHub repository for BlueHammer, a project likely related to hardware or systems experimentation.CCA Ethernet Cables: Not Up To Scratch, But Are They Dangerous?
Hackaday looks at copper-clad aluminum Ethernet cable, explaining why it misses cabling standards, how it differs from proper copper, and whether it is actually a practical fire risk.From Early Nirvana To Phish, A Chicago Fan’s Secret Recordings Of 10,000 Shows Are Now Online
Block Club Chicago profiles Aadam Jacobs and the volunteer effort digitizing and publishing his massive archive of Chicago concert recordings.Codex for Open Source
Open-source maintainers can apply for API credits, six months of ChatGPT Pro with Codex, and conditional access to Codex Security for core maintenance workflows.Finding Widespread Cheating on Popular Agent Benchmarks
A paper on agentic cheating across popular benchmarks, showing how harness-level leaks and task-level shortcuts can inflate scores and distort evaluation results.Music is not Turing complete
Emanuele Rodola shares a Lean4 proof that music is not Turing complete, joking that infinite symbolic playback is eventually periodic.Reverse-Engineering SynthID
A repository for discovering, detecting, and surgically removing Google’s SynthID watermark through spectral analysis, with code for multi-resolution watermark profiles and bypass experiments.SplitBody muscle stimulation
LaurieWired discusses the SplitBody paper, where electrical stimulation moves the arm to reduce cognitive load during multitasking, and reflects on possible uses for training and performance.The Whispering Earring
A short piece of fiction about an earring that always gives better advice than its wearer can come up with, and the unsettling consequences of following it.2026-04-14
Hacker News discussion of LaLiga blocking Cloudflare
Hacker News discussion about Spain’s LaLiga-driven IP blocking, collateral damage to Cloudflare customers, VPN workarounds, and the broader question of internet censorship.Magika
Google’s AI-powered file type detection tool, with fast on-device inference and bindings for multiple languages.OpenSnitch
OpenSnitch is a GNU/Linux application firewall for monitoring and controlling outbound connections, with GUI-based nftables configuration and centralized management.PAmatch
PAmatch is a platform for public administration mobility, helping employees find compatible matches, browse mobility notices, and manage transfers.2026-04-15
Aegisub
Aegisub is a free, cross-platform open source subtitle editor for timing and styling subtitles with audio and real-time video preview.llama.cpp
High-performance C/C++ inference engine for running LLMs locally across CPUs and GPUs.opkssh (OpenPubkey SSH)
OpenPubkey SSH lets you use OpenID Connect identities to authenticate over SSH, replacing long-lived SSH keys with short-lived PK-token-based certificates.Puma
Puma is a fast, concurrent web server for Ruby and Rack applications.Subtitle Edit
Open-source subtitle editor for creating, syncing, translating, and converting subtitle formats.2026-04-16
Alzheimer's Buddy
A web demo for 40 Hz light and sound therapy for Alzheimer's research, with references to studies on sensory stimulation and cognitive impairment.Galaxy User Guide
Ansible Galaxy is a free site for finding, downloading, and sharing community-developed roles and collections for automation projects.Algoritmo Doomsday
Wikipedia article in Italian about John Conway’s Doomsday algorithm for calculating the day of the week for any date, with mnemonic shortcuts and worked examples.grove
Grove is a distributed ML training tool for MacBooks that discovers nearby peers automatically and synchronizes training across devices with minimal setup.IPv6 Surpasses IPv4 Becoming the Most Popular Internet Protocol
Scott Hogg summarizes current IPv6 adoption data and argues that IPv6 has crossed the tipping point in global usage.Internet Protocol Version 8 (IPv8)
Jamie Thain’s Internet-Draft proposing IPv8, a managed network protocol suite that unifies addressing, routing, authentication, DNS, telemetry, and update workflows.The Paleblood Hunt
A Bloodborne lore analysis by Redgrave about mystery, interpretation, and the limits of singular explanations in the game’s story.Passbolt
Passbolt is an open source password and secret management platform for teams, with end-to-end encryption, audit trails, and self-hosting options.unicorn
Unicorn is a Ruby Rack HTTP server optimized for fast clients and Unix-like systems, with process-based concurrency and reverse-proxy expectations for slow clients.2026-04-17
ART SpA - Futurizing on Board Experience
Introducing Claude Opus 4.7
Anthropic announces Claude Opus 4.7, with stronger software engineering, better vision, improved long-running task handling, and updated safety controls.ICANN WHOIS Lookup
ICANN’s WHOIS lookup service for checking domain registration information and registrant details.Zig 0.16.0 Release Notes
2026-04-20
Federated Industrial Tracker
Federated Industrial Tracker appears to be a web-based tracker for industrial or equipment-related monitoring and management.HY-World 2.0
HY-World 2.0 is a multimodal world model for reconstructing, generating, and simulating 3D worlds, with open-source code and models for world reconstruction.Hyperframes
Hyperframes is an open-source HTML-native video rendering framework built for agents, with deterministic rendering, browser preview, and MP4 output.rvLLM
rvLLM is a high-performance LLM inference engine in Rust, with TPU and GPU backends, benchmark-heavy optimization work, and a drop-in vLLM replacement goal.2026-04-21
Forking Bahamut for Azzurra IRC: IPv6 and SSL in 2002
Marcello Barnaba’s retrospective on forking the Bahamut IRC daemon for Azzurra in 2002, adding IPv6, SSL, cloaking, and other infrastructure work for a large IRC network.GitHub suspended me for a harness pipeline
A long X post describing a 13-stage open-source contribution pipeline that produced 500+ commits across 100+ repositories before GitHub suspended the account for suspicious volume.grappa-irc: reinventing IRC for 2026
Marcello Barnaba proposes grappa-irc, a self-hosted IRC bouncer and PWA client that keeps IRC’s text-first protocol while improving mobile usability and scrollback.infra-ansible
infra-ansible is an Ansible repository for provisioning and automating infrastructure components such as DNS, DHCP, OpenStack, storage, bastions, and identity-managed hosts.Kimi K2.6
Kimi announces Kimi K2.6, an open-source model focused on coding, long-horizon execution, and agent swarm workflows.Network Observability Lab
Network Observability Lab provides a hands-on environment for the Modern Network Observability book, with scripts and lab scenarios for Prometheus, Grafana, Loki, Telegraf, Logstash, and related tooling.Qwen 3.6 Max Preview
Qwen announces Qwen 3.6 Max Preview, a new model release focused on coding, reasoning, and agentic workflows.2026-04-22
Announcing TypeScript 7.0 Beta
Microsoft announces the TypeScript 7.0 beta, highlighting language and tooling improvements for the next major release of the JavaScript type system.ApiPosture
ApiPosture is an open-source project focused on API posture and security assessment, helping teams evaluate exposed endpoints and improve their API attack surface management.Code-Flow-IO
Code-Flow-IO is an open-source project for workflow-oriented code execution and automation, focusing on structured developer task flows and process orchestration.Introducing ChatGPT Images 2.0
OpenAI introduces ChatGPT Images 2.0, highlighting improved image generation and editing capabilities inside ChatGPT.2026-04-23
Driving into the Unknown: Investigating and Addressing Security Breaches in Vehicle Infotainment Systems
Research paper analyzing security vulnerabilities and breach patterns in modern vehicle infotainment systems.RE//verse 2026: Hacking the Xbox One by Markus 'doom' Gaasedelen
Conference talk on Xbox One hacking and reverse engineering techniques.Iran claims US exploited networking equipment backdoors during strikes
Tom's Hardware reports on Iran’s claim that the US exploited backdoors in networking equipment during strikes, touching on cyber conflict and infrastructure security.Your Name in Landsat
NASA special page inviting people to find their name in Landsat imagery and explore Earth observation history.2026-04-24
Canonical releases Ubuntu 26.04 LTS, Resolute Raccoon
Canonical announces Ubuntu 26.04 LTS, Resolute Raccoon, covering the new long-term support release and its platform updates.Framework Laptop 13 Pro and highlights from the Framework Next Gen event
Framework announces the Laptop 13 Pro and shares highlights from its Next Gen event, focusing on repairable modular hardware and product updates.Introducing GPT-5.5
OpenAI announces GPT-5.5, highlighting model improvements and new capabilities for reasoning, coding, and agentic workflows.Mythos-like hacking, open to all
Xbow argues for making advanced hacking capabilities broadly accessible, framing the topic around democratized security research and offensive tooling.2026-04-27
AI as a fascist artifact
Essay analyzing AI systems through the lens of political philosophy and their structural alignment with authoritarian control.Carl Sverre ruined my day. And it was glorious
How Turso used Antithesis's new Hegel testing tool to find 5 bugs in minutes and gain confidence to ship their SQLite rewrite.The New Linux Kernel AI Bot Uncovering Bugs Is A Local LLM On Framework Desktop + AMD Ryzen AI Max
Greg Kroah-Hartman's "gkh_clanker_t1000" AI fuzzing bot runs on a Framework Desktop with AMD Ryzen AI Max to uncover Linux kernel bugs locally.eBPF, Networking, Cilium
LinkedIn post on using eBPF with Cilium for cloud-native networking and observability.Nowhere — an entire website encoded in a URL
A tool that encodes entire websites (stores, forums, petitions, art) into the URL fragment, using Nostr relays for coordination. No server, no account, no platform.Il ritorno in Terrasanta
Il racconto dell'attentato all'aeroporto di Lod del 1972 e della morte di Aaron Katchalsky-Katzir, biofisico israeliano e pioniere dell'auto-organizzazione dei sistemi chimici.Kysely
TypeScript SQL query builder with type-safe queries for Node.js and Deno.La Fenice licenzia Beatrice Venezi — gravi e reiterate dichiarazioni lesive per la fondazione
Il Teatro La Fenice annulla tutte le collaborazioni con Beatrice Venezi dopo le sue dichiarazioni su "posti di padre in figlio" nell'orchestra, ritenute lesive per la Fondazione.Which one is more important: more parameters or more computation?
Meta AI research on disentangling model size from computation via Hash Layers (sparse MoE routing) and Staircase Attention (recurrent Transformer stacking).Your Gen 5 SSD is probably throttling right now, and you have no idea
PCIe 5.0 SSDs can silently throttle to 50% performance due to multi-stage thermal management, making active cooling essential for sustained speeds.Quo datis del 21/04/2026 (pt.3)
Terza parte della puntata di Quo datis su RaiPlay Sound.Non tutto è riciclabile. Il riuso di fogli ha messo nei guai una studentessa.
Una scuola sanzionata con 2.000 euro per aver smaltito in modo inadeguato documenti cartacei con dati personali, poi riutilizzati da una studentessa. Riflessioni sulla distinzione tra archivio e rifiuto e sulla distruzione sicura dei documenti.Does cooling the NAND chips on an SSD negatively affect its reliability?
Stack Exchange discussion debunking the myth that NAND chips need to be warm, citing research showing low-temperature writes can reduce data retention due to controller drift, not cell degradation.The West Forgot How to Make Things
Essay on industrial decline and the loss of manufacturing capability in Western nations.Zeta 2
Zed blog post introducing Zeta 2, their next-generation code editor.2026-04-28
C3
A systems programming language based on C syntax, designed as a safer and simpler alternative to C.Quarkdown
A markdown-based typesetting system for creating documents.Typst
A modern markup-based typesetting system — an alternative to LaTeX with a focus on ease of use and incremental compilation.2026-04-29
AI-Infra-Guard
Tencent's open-source tool for guarding AI infrastructure — monitoring and protecting AI/ML systems.An update on GitHub availability
GitHub's official update on recent service availability incidents and improvements.GitHub Copilot is moving to usage-based billing
GitHub announces changes to Copilot pricing model, moving from flat-rate to usage-based billing.GitHub RCE Vulnerability (CVE-2026-3854)
Wiz research on a critical remote code execution vulnerability in GitHub Enterprise Server.Soft launch for government open source code platform
The Netherlands launches a government open source code platform to share and collaborate on public sector software.OneCritto: il password manager italiano che elimina il cloud (e i suoi rischi)
Password manager open-source italiano, offline-first, con cifratura AES-256 e Argon2id. Nessun cloud, nessuna telemetria, pieno controllo locale dei dati.Outside the beaten path of CSS
FOSDEM 2026 talk exploring lesser-known CSS features and techniques beyond common usage patterns.pacquet
A fast, drop-in replacement for npm written in Rust by the pnpm team.2026-04-30
copy.fail
A simple website that tests whether your browser's clipboard API is accessible to web pages without permission.Copy Fail and Linux distributions
Analysis of how Linux distributions handle the clipboard API permission model, following the copy.fail security finding.Open source package with 1 million monthly downloads stole user credentials
The elementary-data Python package (v0.23.3) was compromised via a GitHub Actions vulnerability, stealing credentials including API tokens, SSH keys, and cloud provider keys.Ripe NCC RPKI Exploit Chain
Write-up of an exploit chain against RIPE NCC's RPKI infrastructure, detailing the vulnerability and its impact on routing security.2026-05-04
AI Coding Agents
Overview of AI coding agents — from early code completion tools to autonomous agents that can plan, write, debug, and deploy code across entire projectsIntelligenza artificiale e scuola: riflessioni e linee guida
Prof. Enrico Nardelli su IA e scuolaAlchemy
Open-source AI agent framework for building and running multi-agent systems with dynamic communication, shared memory, and pluggable toolsAMD Gaia
Generative AI Is Awesome — AMD's open-source local AI agent framework for Windows and Linux using the Lemonade SDK to run AI agents across AMD CPUs, GPUs, and NPUsAMD GAIA 0.17.5
AMD's open-source local AI framework releases 0.17.5 with Gemma 4 E4B as new default model, native OpenAI tool_calls support, and Chat Lite agent for resource-constrained systemsFast16 Malware
Analysis of Fast16 malware — a fileless, PowerShell-based RAT deployed via Google Ads that hijacks Chrome profiles and uses legitimate processes to blend in, targeting financial services and tech sectorsFinding Zero Days with Any Model
How to use any pre-trained model — even small ones — to find zero-day vulnerabilities by training a classifier on code patterns that lead to exploitable bugsGEANT Security Newsletter
Regular security newsletter from GEANT covering threat intelligence, vulnerability advisories, and security best practices for the European research and education networkGhostty Leaving GitHub
Mitchell Hashimoto announces that the Ghostty terminal emulator is leaving GitHub — discussing the reasons behind the migration and what it means for the project's futureIPv6 Measurements
Sistema incrociato di misure su IPv6 per vederne lo stato di ICMPv6 / RFC 4890 / PMTUD / RPKI / topologiaKlattsch
A minimal, self-hosted chat application — lightweight, fast, and easy to set up with no external dependenciesLemonade Server
Open-source local LLM server — a lightweight, fast, and easy-to-use API server for running AI models locally with streaming and chat completion supportMacPersistenceChecker
Automated macOS persistence mechanism scanner — analyzes LaunchAgents, LaunchDaemons, CRON jobs, login items, and other persistence vectors to detect suspicious entriesNetHack 5.0 Release
NetHack 5.0 — the first major version upgrade in decades of the classic roguelike, with improved UI, QoL features, and new content while keeping the beloved permadeath gameplayOpen-weights Chinese Model Beats Claude, GPT-5.5, and Gemini in Programming Challenge
An open-weights Chinese AI model outperforms Claude, GPT-5.5, and Gemini on a coding benchmark, raising questions about model transparency and the arms race in AI capabilitiesCome vendere droga online (e non farla franca)
Matteo Rizzi (Fondazione Bruno Kessler) racconta come i criminali del dark web hanno costruito imperi con tecnologie quasi impenetrabili — e come un'email, un nickname o una connessione sbagliata li hanno fatti cadere. Evento a Trento, 19 maggio 2026.Here We Go Again: A Five-Bug Chain to Arbitrary APK Install on Samsung S25
A 5-bug vulnerability chain on Samsung S25 enables arbitrary APK installation without user permission, exploiting Android's package manager and Samsung's overlay systemSmokedHam, la backdoor scelta dagli amministratori IT
SmokedHam (UNC2465) — backdoor C#/PowerShell su Cloudflare Workers, distribuita via malvertising a IT admin tramite installer contraffatti di RVTools, PuTTY e Remote Desktop ManagerTeemii
Open-source web application — a minimal, clean, and fast platform for managing and sharing links, bookmarks, and notes with a beautiful interfaceWhere the Goblins Came From
OpenAI's retrospective on the early days of training GPT — how "goblins" (tiny mischievous models) evolved into powerful AI through iterative experimentation and emergent capabilities2026-05-05
ratman-tui — A TUI REST Client
ratman-tui is a keyboard-driven, vim-modal REST client built with ratatui+crossterm — boots in <100ms, local forever, no accounts, no SaaS, no Chromium. Import from Postman, tree-shaped collections, 5 panes. `cargo install ratman-tui`Real Programmers Don't Use PASCAL
The classic Ed Post satire from DATAMATION July 1983 — Real Programmers use FORTRAN and OS/370, write self-modifying code, patch object binaries with SUPERZAP, and despise structured programming, PASCAL, and anything with semicolonsRedis Array Type: Short Story of a Long Development
Salvatore Sanfilippo details the 4-month development of Redis's new Array data type — from specification to implementation with AI-assisted auto-coding, sparse/dense representation, ARGREP, and the role of GPT 5.x in system programmingThe Story of Mel — A Real Programmer
The legendary hacker folklore tale by Ed Nather (1983) about Mel, a programmer who wrote machine code for drum-memory computers — self-modifying code, the 'most pessimum', and a loop with no test2026-05-07
I Built an AI That Builds Zero Day Exploits
Autonomous zero-day generation pipeline — choosing the attack surface, BYOVD attacks, binary exploitation with LLMs, automating reverse engineering, finding kernel vulns with Claude, and how much the system costs to runAmp, Rebuilt — CLI Codename Neo
Amp Code's AI coding agent CLI rewritten from scratch — remote-controllable threads, automatic context compaction, plugin API, queuing/steering, 70% less memory. Handoff and manual permissions removed in favor of modern frontier modelsAndroid Security Bulletin — 2026-05-01
Google's monthly Android security bulletin for May 2026 — framework, media, camera, kernel, and AOSP vulnerability patches for the Android security patch level 2026-05-01The Art of Finding Cyber-Dinosaur Skeletons
Kaspersky GReAT explains APT research methodology — comparing threat hunting to paleontology, using the Regin operation as a case study. Why it took 2 years to publish, collecting fragments, and reconstructing the full monsterDays Without GitHub Incident
A live counter tracking consecutive days since the last GitHub outage — community-maintained tracking of GitHub status historyMicrosoft Edge Passwords End Up in Memory as Plaintext
Edge's password manager stores all saved passwords in plaintext in process memory — even for sites never visited — despite Windows Hello-encrypted storage. Microsoft calls it a "conscious design decision." CWE-316.The End of Responsive Images (sizes="auto")
Mat Marquis, former RICG chair, explains how sizes="auto" with loading="lazy" eliminates the need for manual sizes attributes — automatic responsive images are finally here, championed by Simon Pieters and Yoav WeissKubernetes The Hard Way
Kelsey Hightower's classic tutorial for bootstrapping Kubernetes manually — no scripts, no automation. Learn etcd, control plane, worker nodes, TLS certs, and pod networking by walking the long routeRibs — Soviet Music on Bone
Illicit gramophone discs made from discarded X-ray films in the USSR (1950s–60s), a black market method of distributing banned music — Elvis, Beatles, Rolling Stones pressed at 78rpm on medical X-rays, playable only 5-10 timesTilde.run — Transactional Agent Sandboxes
Agent sandbox with a versioned filesystem — compose GitHub, S3, and Drive into a single ~/sandbox, run agents in isolated transactions with audit trails, built by the lakeFS teamYaak — The API Client You'll Actually Enjoy
Open-source, offline API client by Insomnia's creator — local-only data, encrypted secrets, zero telemetry, Git-friendly, agent-friendly CLI. Supports REST, GraphQL, gRPC, WebSocket, SSE. Import from Postman/Insomnia/OpenAPI2026-05-08
BSides Luxembourg 2026
Community-driven, non-profit cybersecurity conference in Luxembourg, May 6–8 in Belval. Part of the global Security BSides network — hands-on workshops, technical talks, red and blue team networkingCopy Fail 2: Electric Boogaloo
Linux kernel LPE via ESP-in-UDP receive — same Copy Fail primitive (CVE-2026-31431) but in the xfrm subsystem. AEAD decrypt in-place over splice'd page-cache pages, ~22s to root via single-byte page-cache writes to /etc/passwdnine — European Internet Exchange Point & Ethernet Fabric
European-wide IXP and L2 fabric covering UK, France, Germany, Italy, Netherlands, Switzerland with n×400G backbone. Unmetered bandwidth, unlimited Ethernet circuits, SR-MPLS platform. 10G port from €250/month MRCoh-my-openagent v4.0.0 — Team Mode
Major release introducing Team Mode — multiple agents coordinating in parallel via tmux visualization, hyperplan skill (5 hostile agents), security-research skill (3 vuln hunters + 2 PoC engineers), model-specific prompts for GPT-5.2/5.3, hierarchical config discovery, 48k stars2026-05-11
Beatrix Potter
English writer and illustrator (1866-1943), best known for her children's books featuring animals like Peter Rabbit, The Tale of Jemima Puddle-Duck, The Tale of Tom Kitten. Sold 250M+ copies, pioneer of character merchandising, naturalist, mycologist, conservationist, National Trust donorCLR
Checker for Lifetimes and other Refinement types for Zig. Transpiles AIR to Zig source performing static compile-time analysis — checks use-before-assign, use-after-free, double-free, stack pointer escapes, non-nullness assertions, tagged union violations, fieldParentPtr misuse. MIT licenseDecepticon
PurpleAILAB's Decepticon — the open-source platform for building and deploying AI agents. Features agent orchestration, multi-modal capabilities, evaluation and monitoring tools, deployment to various platforms including AWS Bedrock, Anthropic, OpenAI, and moreRelease 2.0: Kiana — DayDream
Elysia 2.0 major release with new type system, renamed from ElysiaJS/elysia to kiana/elysia. Fast path for typebox, new router, schema system, 18K+ starsFrom dusk till dawn 2026
Quals CTF — team-based jeopardy-style CTF happening May 9-10, 2026, with pwn, rev, web, crypto, and miscellaneous challenges, dynamic scoring, no team limits. Flag format DAJEROMA{{l33t}}Hunk
Review-first terminal diff viewer for agent-authored changesets — multi-file review stream, inline AI/agent annotations, split/stack/responsive auto layouts, watch mode, integrates with Git/Jujtuu. Built on OpenTUI and Pierre diffs, MIT licensellama-swap
Go-based local model swapping for OpenAI/Anthropic compatible servers — llama.cpp, vllm, stable-diffusion.cpp. Web UI, model hot-swapping, Docker/WinGet/Homebrew install, OpenAI/Anthropic API endpointstaken. — Since You Arrived Vol. IV
"taken." — the page that knows your location, browser APIs, font fingerprinting, screen size, GPU, language, timezone, OS, browser, color depth. Created by Matt at sinceyouarrived.world. Vol. IV in the series, zooming in from global to city to coordinates to you2026-05-12
Capistrano
Capistrano — remote server automation and deployment tool. Ruby-based, SSH-driven, multi-stage deployments, rollback, hooks, scripting. Originally for Ruby/Rails, now supports any language/frameworkChef Infra
Chef Infra — configuration management platform for automating cloud infrastructure. Policy-driven, idempotent, Ruby-based DSL. Chef Infra Server, Workstation, InSpec for compliance, Chef Automate for analyticschezmoi
chezmoi — manage your dotfiles, directories, and files securely. Git-backed, encrypted, cross-platform. CLI tool for version control and synchronization of your development environmentCrafty
Crafty — configuration management tool by VoxPupuli. Puppet-based, declarative infrastructure, module-driven, CLI and API. Simplifies Puppet module development and deploymentCrossplane
Open-source Kubernetes control plane for building, publishing and using APIs. Use your own API providers, extend to match your infrastructure, CRDs, no vendor lock-inexample42
Open-source configuration management, monitoring, and automation tools. Puppet, Ansible, SaltStack modules. Monitoring (Munin, Prometheus), log management, IT automation. Core42, UAA, Smart42 productsFleet
Fleet — lightweight VM management. Run Linux and Windows on bare metal, VMs, cloud, edge. Fleetctl CLI, REST API, Terraform provider. Containerized, PostgreSQL, no external dependenciesJust Fucking Use Go
Blaine Smith's satirical manifesto on using Go — boring by design, standard library is deep, goroutines for concurrency, no build step, deployment is a copy command, monoliths are fine, generics (1.18+), no try/catch hellscape, CC-BY-SA / GPLKurier
Kurier — end-to-end encrypted messaging app with self-destructing messages. Open source, cross-platform, open protocol, self-hostable, metadata harvesting resistant. Written in Rust, uses X25519, AEAD encryption, and the libsignal protocolNetDisco
Network device discovery, port scanner, and mapping tool for IP, MAC, and VLAN tracking. Lightweight, agentless, no downtime, no custom database. Written in Perl with modern tools (nmap, scapy). Supports Junos, NCM, OpenWRT, and moreOpenVox
OpenVox — Puppet module framework by VoxPupuli. Simplifies module development, testing, and publishing. Supports Puppet 4+, structured data, Hiera integration, CI/CD pipelines, community-drivenosctrl
osctrl — management server for osquery. Centralized configuration, tags, environments, and live queries. Go-based, Docker support, PostgreSQL/MySQL, web dashboard for endpoint management and monitoringosquery
osquery — SQL-powered operating system instrumentation, monitoring, and analytics. Facebook OSS. Query Linux, macOS, Windows processes, files, network, registry. Fleet, Osqueryd, Osqueryctl, REST API, PKG/DEB/RPM packagespgrwl
Cloud-native continuous backup for PostgreSQL in a single binary — WAL streaming, scheduled base backups, optional S3/SFTP storage backend, compression, encryption, retention, restore command. Implements streaming replication protocol directly, no external schedulers or extra servicesPuppet Labs
Puppet Labs — configuration management, automation, and infrastructure-as-code. Puppet Enterprise, Open Source, R10k, Hiera, Facter, PuppetDB, Bolt. Ruby-based DSL, declarative approach to system administrationrustinel
Rust implementation of INI file parser and validator. Zero dependencies, no unsafe code, no unsafe Rust. Supports INI4 and INI5 formats, includes CLI tool for validation, streaming parsing, error recovery, comments and whitespace handling, documentation and examplesSemaphore UI
Semaphore UI — modern UI and API for Ansible, Terraform, OpenTofu, Bash, PowerShell. Pure Go, Docker/K8s support, MySQL/Postgres/SQLite. RBAC, HA, runners, 13K+ GitHub starsPostmortem: TanStack npm supply-chain compromise
Comprehensive incident postmortem on the June 11, 2026 compromise of @tanstack/* packages. Attack used pull_request_target pattern, GitHub Actions cache poisoning, and OIDC token extraction. 84 malicious versions, 2.3MB obfuscated router_init.js, self-propagating malware, credential harvesting from AWS/GCP/K8s/Vault/GitHub/SSHThe Foreman
Open-source lifecycle management platform for physical and virtual servers. Provisioning, configuration management, monitoring. Puppet, Ansible, Salt, Chef integration. REST API, plugins, web UI2026-05-13
Solid Rocket Booster Design and Testing
Nakka Rocketry — comprehensive guide to solid rocket motor design, testing, and analysis. Includes motor cases, nozzles, propellants, ignition, thrust curves, and test stand dataOdin Programming Language Review
A comprehensive review of the Odin programming language by Dale Weiler, covering experience, quality of life, stability, correctness, performance, debugging, and personal opinions.2026-05-14
AI Arena Model ELO History
Exposes hidden nerfing, censorship, and quantization over time by tracking the true lifecycle of flagship AI models. Data from LM Arena Leaderboard Dataset on Hugging Face, automatically fetched dailyBoneyard
Auto-generated skeleton loading framework — pixel-perfect placeholders extracted from real UI. Works with React, Preact, Vue, Svelte 5, Angular, React Native. CLI captures layout at breakpoints, generates .bones.jsonClassic 7 — Windows 10 LTSC 2021 Modified to Look Like Windows 7
Fan project that transforms Windows 10 IoT Enterprise LTSC 2021 into a 1:1 Windows 7 experience: Aero Glass, desktop gadgets, .themepack support, Windows Media Center, OOBE recreationCS61 — Pipes, Forks, and Zombies (Harvard)
Harvard CS61 lecture notes covering Unix pipes (McIlroy's garden hose metaphor, SIGPIPE behavior), implementing waitpid via pipes, process hierarchy, and zombie/orphan process management in initFactoMCP — MCP Server to Play Factorio with Claude
Python MCP server that connects to Factorio via RCON, exposing tools for navigation, mining, building, crafting, research, and diagnostics. Let Claude build your factory through natural languageFragnesia — Linux LPE via ESP/XFRM
Universal Linux local privilege escalation exploit discovered by V12 Security. Abuses logic bug in ESP-in-TCP ULP to write arbitrary bytes into kernel page cache of read-only files. One-line exploit, affects all dirtyfrag kernels before May 13 2026 patchComputer Hobby Movement in Canada — York University Museum Exhibit
Comprehensive digital exhibit chronicling the decade-long Canadian computer hobby movement (1976-1985), focusing on TRACE — the Toronto Region Association of Computer Enthusiasts. Covers homebrew computers, APL, MOD-8, Computerfest, and the transition from hobby clubs to commercial computingMyths About /dev/urandom — Classic Essay (2014)
Authoritative essay debunking the myth that /dev/random is safer than /dev/urandom. Both use the same CSPRNG, /dev/random just blocks. Linux 4.8+ made them equivalent for /dev/urandom. Quote: "Use urandom. Use urandom. Use urandom."Nibble
Nibble — C-like systems programming language written in 3000 lines of C. Demonstrates LLVM IR generation without malloc or external dependencies. Supports defer, recursion, structs, pointers, type checking, GLSL-like operatorsODoH — Anonymous DNS Without an Account in a Single Rust Binary
Numa v0.14 ships a client, relay, and public deployment in one Rust binary. Uses HPKE to split the path: ingress proxy sees your IP but not the request, egress proxy sees the request but not your IP. No account required, MIT licensedOSINTukraine v2 — Telegram Intelligence Archive with AI
Production-grade platform for archiving and analyzing Telegram intelligence with AI-powered enrichment. Self-hosted, PostgreSQL + pgvector, supports semantic search, entity relations, EW analysis, geolocation, and forward chain analysisScorched Earth 2000 HTML Port
Scorched Earth 2000 — classic artillery game HTML/JavaScript port by KAOS Software Team. Wind-based artillery combat, multiplayer, inventory shop, tank customization, AI opponentsYellowKey Zero-Day Exploit
Microsoft BitLocker zero-day: YellowKey exploit allows opening protected drives by copying specific files from a USB stick. Demonstrates an apparent backdoor in BitLocker's authentication mechanism2026-05-15
A Few Words on DS4 — DwarfStar 4 by Antirez
Antirez on DwarfStar 4 (DS4), a single-model local AI integration built in one week. Uses DeepSeek v4 Flash with 2/8-bit asymmetric quantization — 96-128GB RAM enough. First time a local model is usable for serious work vs Claude/GPT. Plans: coding agents, distributed inference, model-agnostic architectureAperio — A Programming Language Designed for the LLM Era
Experimental language built on a recursive hypergraph of typed, lifecycled units called loci. Premise: pre-LLM languages are a hidden tax — LLMs pay full cost translating between human mental models and language structure. Uses locus/topic/capacity/bus primitives. LLVM 18 codegen + tree-walking interpreterarXiv Code of Conduct — Authors Take Full Responsibility for AI-Generated Content
Thomas Dietterich (arXiv Editor-in-Chief) reminds authors that arXiv's Code of Conduct states each author takes full responsibility for all paper contents, irrespective of how they were generatedO(x)Caml in Space — Pure-OCaml CCSDS Protocol Stack in Low Earth Orbit
Borealis project running pure-OCaml CCSDS protocol stack on DPhi Space's ClusterGate-2 satellite. Features BPSec encryption, post-quantum OTAR key rotation (ML-DSA-65), OxCaml with exclave_ stack_ for 3x p99.9 latency improvement. Built by Parsimoni from MirageOS librariesReimplementing the Space Protocol Stack from Scratch in OCaml
Thomas Gazagnaire details reimplementing the full CCSDS protocol stack from scratch in OCaml — from radio framing through Bundle Protocol and BPSec security extensions. Built on MirageOS libraries, used by Borealis project running in orbitCodex Now Available on Mobile App with Remote SSH and Programmatic Tokens
OpenAI announces Codex on ChatGPT mobile app (iOS/Android), Remote SSH for managed enterprise environments, programmatic access tokens for CI pipelines, Hooks GA, and HIPAA-compliant use for ChatGPT Enterprise. Over 4M weekly usersColdKey — Post-Quantum Age Key Generation and Paper Backup
Go CLI that generates post-quantum (ML-KEM-768 + X25519) age keys and produces single-page printable HTML backups with QR codes. Features mlock swap protection, Docker security hardening, multi-QR splitting, and SHA-256 verificationExplorer — Wikipedia Explored Like a Windows XP Desktop
Navigate Wikipedia articles as a Windows XP desktop experience. Click icons to open articles, drag and drop to organize, and explore connections between topics in a nostalgic interfaceFeedr — Terminal RSS/Atom Feed Reader in Rust
Feature-rich TUI RSS reader written in Rust. Dashboard view, feed auto-discovery, starred articles, categories, full-text extraction via Mozilla Readability, OPML import, vim-style navigation, macros, exec hooks, and dual themesThe Ferrari in Your Banker's Driveway — How Fees Steal Half Your Wealth
Analysis of how investment fees compound over time — a 3% fee costs 2/3 of final wealth over 40 years at 7% return. Covers expense ratios, transaction costs, performance fees (2-and-20), and shows how even skilled advisors can't overcome fee dragDesigning an FPGA Calculator from Scratch — 10-Chapter Series
Scientific BCD calculator with custom CPU on Altera Cyclone II FPGA. 10-chapter series covering numerical algorithms (CORDIC, logarithms), 12-bit instruction set, Harvard memory model, microcode, Python assembler, Qt desktop prototype, and physical board with 3D-printed enclosure. Perfect decimal accuracy, no floating-point errorsGeography Is Four-Dimensional — Derek Sivers
Essay on how you can't know a place without knowing when — an Indian family's beliefs from 1980 seemed factual but were outdated, LA and China have transformed since visitors last saw them. "Where is bound to when."Image Blaster — Image-to-World 3D Skillset for Claude
Creates 3D models (.glb/.obj), Gaussian splats (.spz), and ambient SFX from a single image. Uses World Labs Marble, Hunyuan 3D, and ElevenLabs. Claude skill for jumpstarting 3D work in under 5 minutes. Extensible to Unity, Unreal, Godot, Blender, Three.jsASCII — Jason Scott's Blog on Computer History and Archiving
Jason Scott's weblog covering the rescue of 13,000 manuals, vintage computing, computer museums, BBSes, and digital preservation. Home of the ASCII project — a living archive of computer culture historyMullvad Exit IPs as a Fingerprinting Vector
Analysis reveals Mullvad deterministically assigns exit IPs based on WireGuard key using seed-based RNG. A seed-based RNG with static bounds causes neighboring IPs across servers, limiting combinations to ~284. Five server IPs can deanonymize a user to >99% accuracyNanoTDB — Tiny Embedded Time-Series Database for Edge/IoT
Go time-series DB for Raspberry Pi and edge nodes. Append-only, WAL-based, S2 compression, VictoriaMetrics-compatible API, no external runtime dependencies. Supports rollups and metric ingestion via line protocolOpen Vehicles — Open Source Electric Vehicle Telemetry
OVMS provides live monitoring, alerts, and remote control for electric vehicles via smartphone apps, web app, and MQTT. Features three CAN buses, SSH access, WebSocket streaming, DBC decoder, and CANopen client. Open source hardware and softwareOxCaml — Jane Street's Experimental OCaml Branch with Locality and Uniqueness
OxCaml adds opt-in control over performance-critical parts of OCaml programs through locality (exclave_ stack_ for stack-bound allocations), uniqueness, and capabilities. Every valid OCaml program is valid OxCaml. Maintained by Jane StreetA 0-Click Exploit Chain for the Pixel 10 — Project Zero
Project Zero demonstrates 0-click root on Pixel 10 via Dolby CVE-2025-54957 + VPU driver bug. The VPU driver exposes Chips&Media Wave677DV hardware directly to userspace; a flawed mmap handler maps arbitrary physical memory into userland, enabling arbitrary kernel read-write with 5 lines of codeSigNoz — Open-Source Observability Platform (Logs, Metrics, Traces)
Single tool for logs, metrics, and traces native to OpenTelemetry. Uses ClickHouse as datastore. Open-source alternative to DataDog and New Relic with APM, distributed tracing, LLM observability, and alerts. 26.9k starsWelcome to the Strip Mining Era of Open Source Security
Metabase reports 10x increase in vulnerability submissions — from 10/month to 10/week — driven by LLM-powered bulk code scanning. OSS maintainers now in reactive mode: any finding is trivially discoverable, expect layer after layer of vulnerabilities uncovered, and consider that Cal.com is going closed source as a resultsx — Package Manager for AI Coding Assistants
Team vault for AI assets (skills, MCP configs, commands, agents, rules, hooks). Scoped installation per org/repo/team/user/bot. Works with Claude Code, Cursor, GitHub Copilot, Gemini, Codex, Kiro. Manifest-and-lock pattern like npm/cargo. Cloud relay for claude.ai/chatgpt.comVelonus — AI-Native Security Scanning CLI for Python
One-command security scanner for Python projects. Bundles trufflehog, Bandit, Semgrep, pip-audit, and Safety. Outputs terminal table, JSON, SARIF for GitHub Security tab. Exits 1 on HIGH/CRITICAL findings for CI gatesZenith Tech — Making Earth's Rotation Visible Through a Telescope
Real-time view of stars above you, zoomed 180x to make Earth's rotation visible. Uses Pan-STARRS telescope images (2010-2014) tiled with Leaflet.js, SIMBAD database for object names. Client-side JavaScript, no server component. Field of view = grain of rice at arm's length2026-05-18
auto-identity-remove — Automated Data Broker Opt-Out Runner
macOS tool that removes your personal info from 500+ people-search sites on a monthly schedule using Playwright, CapSolver for CAPTCHAs, launchd scheduling, and iMessage notifications. Handles 30+ brokers natively plus 470+ generic ones via public datasets — covers Acxiom, LexisNexis, ZoomInfo, Clearbit gaps left by paid services like IncogniAwesome CUDA Books — Curated List of Best CUDA Programming Books
598 stars. Curated list covering beginner to advanced CUDA programming — architecture, optimization, Python bindings, and 2024-2026 releases. Includes Kirk & Hwu's PMP 3rd Ed., CUDA for Deep Learning (2025), and CUDA C++ Optimization (2024)Bitwarden Removes 'Always Free' Plan from Website
Open-source password manager Bitwarden has removed the 'Always Free' plan from its pricing page, though the plan still exists for existing users. Raises questions about Bitwarden's freemium strategy and whether the company is shifting toward paid-only growth. The vault remains open-source (AGPL) and self-hostableBrotli — Google's Lossless Compression Algorithm
General-purpose lossless compression algorithm developed by Google, designed as a replacement for DEFLATE with better compression ratios. Uses a modified LZ77, Huffman coding, and second-order context modeling. Adopted by nginx, Apache, Cloudflare, and the web ecosystem. Produces .br files. Open source under MIT licenseThe C10K Problem — Dan Kegel
Landmark 1999 essay arguing web servers should handle 10,000 simultaneous clients. Covers I/O strategies: select/poll, /dev/poll, kqueue, epoll, async I/O, threading models (1:1 vs M:N), zero-copy networking, and userspace TCP stacks. Spawned decades of research into scalable server architectureClickHouse Query Plan Contention — Cloudflare Billing Pipeline
Cloudflare's petabyte-scale ClickHouse billing pipeline slowed after migrating from (day) to (namespace, day) partitioning. Hidden bottleneck: 45% CPU + 50% wall-clock spent waiting on MergeTreeData mutex. Three upstream patches: shared lock instead of exclusive, deferred vector copy via read-through cache, binary search on sorted namespace key. Stable at 160k parts/replica. PR #85535 merged in ClickHouse 25.11Croce — Storicismo e Antistoricismo
Treccani encyclopedia essay by Fulvio Tessitore tracing Benedetto Croce's philosophical evolution from anti-Hegelian through his 1909 Logica to 1939's "storicismo assoluto." Covers Croce's identity of history/philosophy, opposition to Heidegger and Spengler, the "religion of freedom," and late turn to "vitalità" as foundation of his philosophy — his historicism as precise opposite of Hegelian historicismCVE-2026-45185 — Single Byte Write RCE in Exim Mail Server
Critical unauthenticated remote code execution in Exim (Debian/Ubuntu) via TLS/GnuTLS connection handling. During TLS session termination, a single byte (0x0a or 0x0d) is written to freed memory via nested BDAT handler calling ungetc(). XBOW discovered the bug; AI (XBOW Native) produced working exploit chains with and without ASLR/PIECVE-2026-7270 — How to Get Root on FreeBSD with a Shell Script
AI-assisted kernel bug hunt finding a 13-year-old memmove off-by-one in kern_exec.c (present since 2013). Wrong size: endp - begin_argv + consume instead of - consume, causing 2024-byte OOB into adjacent exec_map entry. Exploit: race-condition LD_PRELOAD injection via sshd-session execve, 4 concurrent components (preseed, SSH poker, trigger pinned to CPU0, checker). Gets root in ~6s on stock FreeBSD. Full PoC at github.com/califio/publicationsDOGMA 25 — Filmmaking Movement Founded in Copenhagen 2025
Collective preserving originality of cinema, standing against algorithmic films and ultra-processed consumer goods. "The Vow of Chastity" — 10 rules: handwritten scripts, 50% no dialogue, internet off limits in creative process, max 10 people behind camera, no make-up, everything rented/borrowed/used, one production year, shot where narrative takes place, fund with no content altering conditions, make film as if it were your lastDorym Small — 10B Parameter LLM Trained on CINECA's Leonardo Supercomputer
Milan-based Domyn releases Dorym Small (10B params), smaller version of Dorym Large (260B). Trained on CINECA's Leonardo HPC (EuroHPC framework), supports 50 languages including Italian. Beats Ministral-3-8B, Llama-3.1-Nemotron-Nano-8B, OLMo-3-7B-Think on some benchmarks. Designed for edge/on-premise deployment, part of IT4LIA AI Factory European sovereign AI initiativeEuropean Digital Sovereignty — A Test of Courage
Wired Italia analysis of EU digital sovereignty strategy: US Cloud Act pressure, AWS/Azure/GCP control 70-80% of European cloud, Italy's Polo Strategico Nazionale hybrid model, FSF's "public money = public code" stance, CSI Piemonte's Nivola OpenStack cloud serving 400+ entities, Scaleway winning EU sovereign cloud tender. Open source as prerequisite for true sovereigntyGCVE — Global CVE Allocation System
New decentralized approach to vulnerability identification and numbering (announced April 2025). Introduces GCVE Numbering Authorities (GNAs) that allocate identifiers without centralized block distribution. Compatible with traditional CVE system. Includes BCP series (vulnerability format, decentralized publication, KEV assertion, CPE improvements), db.gcve.eu public advisory database, and Vulnerability-Lookup 4.0The Gorgeous Letters Jim Henson Wrote to His Children and Friends Before He Died
In 1986, Jim Henson wrote two letters to be opened after his death — one to his five children, one to friends and family. The letters reveal his "ridiculous optimism": "Life is meant to be fun, joyous, and fulfilling... Please watch out for each other and love and forgive everybody. It's a good life, enjoy it." Henson died May 16, 1990 at 53 from streptococcal toxic shock syndromeksharp — K Version 3 Language Interpreter in C#
Comprehensive K3 interpreter in C#/.NET 8. 100% test suite passing (1549/1549). Full native verbs, adverbs, adverbs for verbalized nouns, amend/index/apply/assign, FFI for .NET, IPC, MCP server. AI-assisted development (SWE-1.5/1.6, Kimi, Claude). MIT + Commons ClauseMiniPlasma — CVE-2020-17103 Still Unpatched in cldflt.sys
Weaponized PoC for LPE in cldflt.sys exploiting cldflt!HsmOsBlockPlaceholderAccess — same vulnerability Google Project Zero reported as CVE-2020-17106 six years ago. Original Project Zero PoC works unchanged. All Windows versions affected. Race condition exploitation spawning SYSTEM shell. MIT licensed, 435 starsProfunctor Equipment in Haskell — Bartosz Milewski
Exploration of profunctor equipment, a categorical structure for relating objects via profunctors. Covers the diamond diagram, unit/counit laws, and how equipment generalizes the notion of relations in category theoryPSOS — The Foundations of a Provably Secure Operating System (1979)
Richard Feiertag & Peter Neumann (SRI International). PSOS designed with formal techniques (HDM) — formally stated requirements, formal specifications for each module, formal proofs that specifications satisfy requirements and programs are consistent. Capabilities as protection mechanism for all objects, hierarchical development, SPECIfication and Assertion Language (SPECIAL)Six SQL Patterns to Catch Transaction Fraud
Practical fraud detection using SQL — velocity checks, impossible travel (haversine >600mph), amount anomalies ($99.50-$100 ID thresholds, round card tests), suspicious merchants (spike ratio vs 7-day baseline), off-hours spending, and window-function primitives for composable fraud rules. Works for credit cards, healthcare claims, e-commerce, benefits programsssh-keysign-pwn — Steal SSH Host Keys and /etc/shadow via ptrace mm-NULL Bypass
Exploits __ptrace_may_access() skipping dumpable check when task->mm == NULL — do_exit() runs exit_mm() before exit_files(), leaving fds open in a race window. pidfd_getfd(2) succeeds when caller uid matches target. CVE-2026-46333. ssh-keysign opens host keys (0600) before permanently_set_uid() with same bug shape since 2002. Fixed by Linus 2026-05-14 (pre-31e62c2ebbfd). Jann Horn flagged in Oct 2020 — six years. 568 starssyzkaller — Google's Unsupervised Coverage-Guided Kernel Fuzzer
Fuzzer that has found thousands of bugs across Linux, FreeBSD, NetBSD, OpenBSD, Windows, Fuchsia, and gVisor kernels. Uses coverage-guided fuzzing with syscall-level program generation, executor, and syzbot dashboard for automated bug triage. Apache 2.0, 6.2k starsWhich Programming Languages Are Most Token-Efficient?
Analysis of 19 languages using RosettaCode dataset and GPT-4 tokenizer — dynamic languages most efficient (no type declarations), Haskell/F# surprisingly compact via type inference, C least efficient. 2.6x gap between C and Clojure. J (ASCII array language) dominates at 70 tokens avg vs C at 182. Token efficiency could become a factor in language selection for LLM coding agentsLLMs + Vulnerability-Lookup — CIRCL's AI Experiment for Vulnerability Management
CIRCL (Luxembourg) explores LLMs for vulnerability management using 450k rows from Vulnerability-Lookup's million-record dataset. Trained distilbert-based severity classifier and GPT-2 description generator. Daily auto-updating models on Hugging Face, VulnTrain framework, CVSS mapping. Plans: CPE guessing, product/category classification, CWE/ATT&CK tagging, exploitability estimationWakeUp 16b — 16-Byte x86 Assembly Sierpinski Fractal + Audio
Demoscene entry from Outline Demoparty May 2026. 16 bytes of real-mode DOS assembly that draws an infinite Sierpinski fractal via XOR prefix sums on VGA memory while simultaneously generating audio through port 61h. Rule 60 cellular automata, Lucas's Theorem, diagonal shear renderingA Good Lemma is Worth a Thousand Theorems — Doron Zeilberger
Doron Zeilberger's 82nd Opinion on the outsized value of lemmas over theorems in mathematics. Highlights Szemeredi's Regularity Lemma (led to 2+ Fields medals, Green-Tao theorem), quotes Paul Taylor: "Lemmas do the work in mathematics: Theorems, like management, just take the credit."2026-05-19
2b2t 1m² World Download — 24 TB of Minecraft History
Largest Minecraft world download ever — 1,024,000² Overworld (512k² + 1m²), 256k² End, 100k² Nether. ~24 TB total. Custom zvcr file format, PlaceProxy, BMProxy bots, elytra autopilot. Took 1.5 years development, $3000+ in priority queue costs. CC0 licensed, 121 stars. No AI used. Includes 2b2t Wayback Machine and map viewer at 2b2t.placeThe Last Six Months in LLMs in Five Minutes — Simon Willison
PyCon US 2026 lightning talk covering the "November 2025 inflection point." Model rankings changed hands 5x between Anthropic/OpenAI/Google. Coding agents crossed into production quality. OpenClaw personal AI assistant trend. Gemma 4, GLM-5.1 (1.5TB open weight), Qwen3.6-35B-A3B (runs on laptop). Two themes: coding agents got really good, local models wildly outperform expectationshsrs — Type-Safe Haskell Rust Bindings
Rust crate generating type-safe FFI bindings between Rust and Haskell. Annotate Rust types/functions with proc macros (#[hsrs::data_type], #[hsrs::function], etc.), run codegen to produce idiomatic Haskell with ForeignPtr memory management and Borsh serialization. Supports Result→Either, Option→Maybe, Vec→[], String→Text. MIT/Apache-2.0, 21 starsMini Shai-Hulud Strikes Again — 317 npm Packages Compromised
npm account `atool` compromised May 19, 2026: 637 malicious versions across 317 packages in 22-minute burst. 498KB obfuscated Bun payload with same scanner architecture as SAP compromise. 10 persistence mechanisms: preinstall hooks, GitHub imposter commits in antvis/G2, CI/CD workflow injection, Claude Code SessionStart hooks, VS Code folderOpen tasks, systemd/LaunchAgent dead-drop C2 (RSA-PSS signed commands via GitHub commit search), Docker container escape, npm OIDC token exchange, Sigstore signing. Exfiltration via GitHub API with Dune-themed repo names. 317 packages affected including size-sensor (4.2M dl/mo), echarts-for-react (3.8M), @antv/scale (2.2M)Paper2Galgame — Turn Academic Papers into Interactive Visual Novels
AI-powered tool that converts research papers into story-driven visual novels with anime partners. Features smart PDF parsing, chapter-by-chapter reading, voice notes, and blackboard study aids. Upload PDFs, pick custom characters, and study complex material through interactive scenesPeter Salus — Author of "Quarter Century of Unix"
Computing historian and Unix chronicler who died May 15, 2026. Author of "Quarter Century of Unix" (1995), considered required reading for Unix history students. Also wrote "Death, Life, and Computers in the 20th Century" and "The UNIX Operating System: A Comprehensive Guide". Remembered for documenting the people and culture behind Unix's development2026-05-22
Measuring LLMs' ability to develop exploits
Anthropic evaluates Claude Mythos Preview on ExploitBench, ExploitGym, and SCONE-bench, showing it can build full end-to-end exploits across V8, Linux kernel, and smart contracts.2026-05-28
Bambu Lab non solo viola la licenza AGPL ma minaccia chi sviluppa fork del suo software
Miami Mamma USa Linux reports that Bambu Lab not only violates the AGPL license but is also threatening developers who create forks of their software.Claude Opus 4.8 announced
Anthropic releases Claude Opus 4.8 with sharper judgment, more honesty about its own progress, and the ability to work independently for longer than its predecessors, available today at the same price.ClusterControl Getting Started
Documentation for ClusterControl, an all-in-one database management platform for deploying, monitoring, and automating high-availability clusters across MySQL, PostgreSQL, MongoDB, Redis, and more.Richard Gabriel — Dreamsongs
Collection of poems and essays by Richard Gabriel, author of "Worse Is Better" and other influential CS writings.FBI Arrests CIA Official With $40 Million in Gold Bars in His Home
A senior CIA official was arrested after investigators found 303 gold bars worth over $40 million stashed in his Virginia residence, along with nearly three dozen luxury watches.I'm tired of talking to AI
After finding AI-generated answers repeated across GitHub discussions, a forwarded ChatGPT screenshot from a boss, and replying to what turned out to be an AI agent — the author's plea to talk to real people again.israeli-alloc
Rust library that allocates memory on a random victim program's address space — a research tool and political statement.The true reason C++ always wins
LaurieWired explores Richard Gabriel's "Worse Is Better" essay, how "New Jersey" thinking beats competitors, and how Bjarne Stroustrup's early decisions made C++ win while cleaner designs faded.Websites have a new way to spy on visitors: Analyzing their SSD activity
FROST (fingerprinting remotely using OPFS-based SSD timing) exploits a contention side channel to measure SSD I/O latency from JavaScript, using a CNN to fingerprint user activity and deduce which websites and apps are open.What Apple and Google are doing to your push notifications
Apple and Google run the only two pipes that matter for push notifications. Over 15 years, on-device models have begun summarising, reordering and rewriting notifications — with senders losing visibility into what their messages actually reach users.2026-06-04