tag: open-source
2026-03-05
nCPU
A neural network implemented as a CPU architecture — neurons as registers, synapses as instructions.2026-03-06
FireRedVAD
Lightweight voice activity detection model from FireRedTeam, optimized for real-time audio stream processing.Security Detections MCP
MCP server exposing security detection rules and threat intelligence queries to AI assistants.pashov/skills
A curated list of skills and resources for smart contract auditing and Ethereum security research.2026-03-08
Shannon — AI Pentester by Keygraph
Autonomous white-box AI pentester for web applications and APIs that combines source code analysis with live exploitation and only reports proven vulnerabilities.Trail of Bits Skills Marketplace
Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.2026-03-09
1lab — Formalised HoTT reference
Android Reverse Engineering & API Extraction — Claude Code skill
A Claude Code skill that decompiles Android APK/XAPK/JAR/AAR files and extracts the HTTP APIs used by the app.Awesome Opencode
A curated list of plugins, themes, agents, projects, and resources for Opencode, the terminal AI coding agent built by the team at Anomaly.Chrome DevTools MCP
MCP server that lets coding agents control and inspect a live Chrome browser for automation, debugging, screenshots, network analysis, and performance tracing.EvilWAF - Web Application Firewall Testing and Bypass Toolkit
Transparent MITM proxy for WAF bypass and detection, with TCP/TLS fingerprint rotation, Tor IP rotation, and origin IP hunting.OBLITERATUS
Open-source toolkit for analyzing and removing refusal behaviors from LLMs using abliteration techniques.OpenAgents Control (OAC)
AI agent framework for plan-first development workflows with approval-based execution, shared coding patterns, and repeatable team-ready results built on OpenCode.VMDragonSlayer
Automated multi-engine framework for unpacking, analyzing, and devirtualizing binaries protected by commercial and custom VM-based protectors.VulHunt Community Edition
Vulnerability hunting framework by Binarly's research team, built on top of the BIAS binary analysis system with MCP integration.x86CSS — a working CSS-only x86 CPU/emulator
A fully functional x86 CPU emulator implemented entirely in CSS, with no JavaScript — abusing CSS counters, selectors, and checkbox hacks to execute real x86 instructions.2026-03-10
ArUco Nano
Header-only C++ library for ArUco marker detection — up to 6.5x faster than standard OpenCV, under 500 lines, with a drop-in ArucoDetector API wrapper.autoresearch
Karpathy's experiment giving an AI agent a single-GPU LLM training setup and letting it run autonomous overnight research — it modifies code, trains for 5 minutes, checks if the result improved, and repeats.DungBeetle
Lightweight distributed job server for queuing and asynchronously executing heavy SQL read jobs — supports MySQL, PostgreSQL, and ClickHouse as sources, writes results to ephemeral result databases, and exposes an HTTP API for job and group management.A Tutorial on the FAT File System
A clear, worked-through tutorial on the 16-bit FAT file system — boot block layout, the File Allocation Table, root directory structure, and step-by-step examples of parsing real disk images.Google Workspace CLI (gws)
One CLI for all of Google Workspace — Drive, Gmail, Calendar, Sheets, and more. Dynamically built from Google's own Discovery Service at runtime, with structured JSON output and 100+ bundled AI agent skills.T3 Code
Minimal web GUI and desktop app for coding agents — currently Codex-first, with Claude Code support on the way.2026-03-11
"FUSS 20th Anniversary"
FUSS (Free Upgrade of the School System / Freies Upgrade für Südtirols Schulen) celebra il suo 20° anniversario — una distribuzione GNU/Linux adottata nelle scuole pubbliche dell'Alto Adige.2026-03-12
SSLMate/certspotter
An open-source Certificate Transparency log monitor that alerts you when SSL/TLS certificates are issued for your domains, helping detect unauthorized or misissued certificates.NVIDIA-RTX/godot
NVIDIA's fork of the Godot game engine with integrated RTX ray tracing and advanced rendering features, bringing hardware-accelerated graphics capabilities to the open-source engine.2026-03-13
Feather.js
A blog post covering Feather.js, a lightweight open-source web framework for building real-time applications and REST APIs with a simple, service-oriented architecture.2026-03-16
COBE v2: DOM Elements as Markers & Arcs
Version 2 of COBE, the interactive WebGL globe library, now supports using DOM elements as markers and arcs for richer, more customizable globe visualizations.EWS Concept New
EWS design concept based on neon genesis evangelion themeCisco ExaNIC Software
Drivers, utilities and development libraries for Exablaze ultra-low-latency network cards (ExaNIC X25, ExaNIC X100, ExaNIC X10, ExaNIC X40, ExaNIC X2, ExaNIC X4, ExaNIC V5P, ExaNIC V9P, ExaNIC GM, and ExaNIC HPT).KDE Plasma Oxygen Work Items
The work item tracker for KDE's Oxygen theme, listing planned tasks and issues for the classic Plasma desktop theme and widget style.Kong
The world's first agentic reverse engineer.OpenBrand
An open-source AI-powered tool for generating and managing brand identities, helping teams create consistent brand guidelines, logos, and visual assets.PLFM RADAR
Open-source, low-cost 10.5 GHz PLFM phased array RADAR systemTrueNAS Moves Build System Internal
iXsystems is moving the TrueNAS build system from public infrastructure to internal systems, raising questions about the project's open-source transparency and community access.2026-03-17
Godogen - AI-Powered Godot 4 Project Generator
Open-source Claude Code skills that orchestrate a complete pipeline to build Godot 4 games from a description, handling architecture, GDScript code, asset generation, and visual QA.Texel Splatting - Perspective-Stable 3D Pixel Art
An open-source paper and code introducing a perspective-stable 3D pixel art technique that solves screen grid snapping for perspective cameras.Zagreus-0.4B - Seven Open-Source Small Language Models
Release of seven open-source 0.4B parameter LLMs trained from scratch, achieving state-of-the-art results for their size on several tasks. The entire pipeline, including data preparation and training configurations, has been open-sourced.2026-03-18
Nanobot - Ultra-Lightweight Alternative to OpenClaw (HN Discussion)
A Hacker News discussion about Nanobot, an ultra-lightweight alternative to OpenClaw, exploring AI agents, custom voice-control setups, and the future of coding assistants.rlsw - raylib software renderer backend
"Announcing rlsw, the new raylib software renderer backend. No GPU required."2026-03-20
motionwind documentation
motionwind lets you write Motion animations as Tailwind-like utility classes that are compiled away at build time via a Babel transform.Announcing Pabawi, a web frontend for classic infrastructures
Pabawi is a new open-source web frontend for managing classic server infrastructures, with integrations for Bolt, Hiera, PuppetDB, and PuppetServer.Prusa’s “Open Community License” is neither open nor for the community
An Adafruit post highlighting a legal analysis arguing that Prusa’s new Open Community License does not meet open-source principles despite its branding.userdb: add birthDate field to JSON user records
Merged systemd PR adding a birthDate field to userdb JSON records for age-verification-related use cases, with admin-only modification and broad discussion around privacy, policy, and portability.2026-03-23
dineug/erd-editor
Open-source Entity-Relationship Diagram Editor with PWA offline support, real-time collaboration, end-to-end encryption, and local-first autosave.Germania impone formato ODF per rafforzare l’indipendenza digitale
La Germania introduce ODF come standard obbligatorio nella Pubblica Amministrazione per ridurre il lock-in, migliorare interoperabilità e rafforzare la sovranità digitale.Version 10.0.0 Released
The KiCad Development Team announces KiCad 10.0.0, a major release with new features, usability improvements, importer support, and hundreds of bug fixes.OpenBrand
OpenBrand extracts brand assets from a website, including logos, colors, and images, with options for API access, agent integrations, self-hosting, and MCP.Ranger by Parall.ai
Landing page for Ranger, Parall.ai’s platform focused on AI-powered automation and agent workflows.2026-03-25
Lucide — Version 1 Guide
Lucide v1 is released — upgraded docs and framework guides, improved accessibility, removal of brand icons, and modernized builds (ESM/CJS). Read the migration and usage guide for details.SENT — Supply-chain Event Network Triage
Real-time supply-chain monitoring for package ecosystems. SENT prioritizes high-impact releases using a cascade-weighted dependency graph, performs diff-first AST behavioral analysis and argument-level "call_diff" detection, and supports optional dynamic detonation to confirm suspicious updates.x86-64 Playground
A browser-based x86-64 assembly editor and GDB-like debugger — write, compile, and step through assembly and static ELF binaries entirely in the client sandbox.2026-03-26
MONARC — Optimised Risk Analysis Method
MONARC is a tool and method for optimised, precise and repeatable information‑security risk assessments. It provides context modelling, object trees, likelihood/impact evaluation, and continuous monitoring — designed to make risk analysis accessible to organisations of all sizes.nDPId-rt-analyzer
Real-time network packet inspection and analysis toolkit (nDPId RT Analyzer) — open-source project for high-performance DPI, flow analysis and telemetry; repository on GitLab (AGPLv3).ntop — ntopng, nDPI and network visibility tooling
ntop provides a suite of open-source and commercial tools (ntopng, nDPI, nProbe, n2disk) for real‑time network traffic monitoring, flow analytics, deep packet inspection and threat detection across large-scale and distributed environments.2026-03-30
Lambda Coding (minimalprocedure/lambda_coding)
GitLab repository "Lambda Coding" (in draft) — a small project/repository hosted on GitLab. Contains a README and work-in-progress artifacts; useful to inspect for ideas and experiments around code and tooling.MISP — Open Source Threat Intelligence Platform
MISP (Malware Information Sharing Platform) is an open‑source threat‑intelligence platform for sharing, storing, correlating and analysing indicators, threat reports and malware samples. Includes MISP Galaxy, taxonomies, PyMISP, MISP‑STIX integrations and tools for automation and collaborative CTI workflows.PHOBOS — VANTA OS (mystyy01/PHOBOS)
PHOBOS (VANTA OS) is a small, hobbyist bare‑metal operating system project: custom bootloader and kernel written from scratch (C + assembly), kernel modules in a homegrown language, and minimal tooling for x86/x64 targets. Good reference for low‑level OS experimentation and teaching.Il PNLUG APS ospiterà la LibreOffice Conference 2026
Annuncio (in italiano) che PNLUG ospiterà la LibreOffice Conference 2026; informazioni logistiche, date e invito alla partecipazione.2026-03-31
boardgame.io
boardgame.io — JavaScript framework for building turn‑based games (multiplayer, AI, game logic helpers, and networking). Useful for prototyping and shipping web-based board games.eBPF.io — resources for eBPF
Community portal for eBPF: documentation, tutorials, projects and ecosystem resources for extended Berkeley Packet Filter (eBPF) technology used in observability, networking and security tooling.EU_compliance_MCP — Ansvar Systems
Repository from Ansvar Systems with tools, checklists and reference material to help projects implement EU Model Compliance Protocol (MCP) requirements — useful for developers, privacy officers and compliance teams.2026-04-01
Redis — HyperLogLog (antirez)
antirez's classic post introducing the HyperLogLog data structure in Redis: algorithm overview, implementation notes, API (PFADD / PFCOUNT / PFMERGE), and performance/precision tradeoffs.free-coding-models — vava-nessa
Community-curated list of free/open coding models, checkpoints and resources for local code generation, research and experimentation.LTSP — Linux Terminal Server Project
LTSP (Linux Terminal Server Project) — open‑source framework for deploying thin‑client Linux desktops from a central server; commonly used in schools, labs, and resource‑constrained environments.three.wasm
Repository with WebAssembly experiments and bindings for Three.js — enables high-performance 3D rendering and integrations using wasm in the browser, with examples and tooling for developers.2026-04-02
OnlyOffice flags license violations in Euro Office project by Nextcloud and IONOS
OnlyOffice blog post reporting identified license compliance issues in the Euro Office project (Nextcloud / IONOS collaboration). The post outlines the violations, evidence, and recommended remediation steps for downstream distributions.PrismML — Bonsai 1‑bit 8B (launch announcement)
PrismML emerges from stealth and announces the Bonsai family: 1‑bit Bonsai 8B (≈1.15 GB), plus 4B and 1.7B variants. The tweet highlights extreme compression for high "intelligence density", edge deployment, and open‑sourcing under Apache‑2.0.SonarQube — static analysis & code quality platform
Official SonarQube repository (SonarSource) — platform for continuous code quality, security and SAST analysis with CI/CD integrations, language analyzers, and developer tooling for maintaining healthy codebases.aquasecurity/trivy
Trivy — open-source vulnerability and misconfiguration scanner for containers, IaC, repositories and runtime environments. Repository with code, documentation, and integrations for CI/CD security scanning.2026-04-03
Unsloth releases Gemma 4 31B Instruct GGUF on Hugging Face
Unsloth published Gemma 4 31B Instruct in GGUF format on Hugging Face for easier local inference in llama.cpp-compatible runtimes.2026-04-07
AutoResearchClaw
Autonomous, collaborative, self-evolving research pipeline that turns a topic into a paper with literature search, sandbox experiments, peer review, LaTeX export, and optional human-in-the-loop co-pilot modes.Caveman
Claude Code skill/plugin and Codex plugin that makes the agent talk like caveman, cutting output tokens while preserving technical accuracy; includes a companion tool to compress memory files and reduce input tokens.VERS: Git, Zig, Bun, 100x
VERS blog post arguing for a Git, Zig, and Bun stack, with a focus on performance, simplicity, and developer experience.Sheets
Terminal spreadsheet application built in Go, aimed at working with tabular data from the command line.2026-04-08
BadClaude
Open-source project for intentionally making Claude worse at following instructions, useful as a stress test for prompt robustness and failure modes.Doom over DNS
Open-source project demonstrating Doom running over DNS.Tailslayer
C++ library and research project for reducing p99.99 RAM latency using hedged reads and channel scrambling offsets, associated with LaurieWired’s RAM design flaw video.2026-04-10
We’ve raised $17M to build what comes after Git
GitButler announces a $17M Series A to build version-control infrastructure for modern collaboration, stacked branches, and agent-aware software workflows.Milla J
GitHub profile for Milla J, the architect of MemPalace, an open-source memory system project; Milla Jovovich is also an actress.2026-04-13
BlueHammer
GitHub repository for BlueHammer, a project likely related to hardware or systems experimentation.Codex for Open Source
Open-source maintainers can apply for API credits, six months of ChatGPT Pro with Codex, and conditional access to Codex Security for core maintenance workflows.Reverse-Engineering SynthID
A repository for discovering, detecting, and surgically removing Google’s SynthID watermark through spectral analysis, with code for multi-resolution watermark profiles and bypass experiments.2026-04-14
Magika
Google’s AI-powered file type detection tool, with fast on-device inference and bindings for multiple languages.OpenSnitch
OpenSnitch is a GNU/Linux application firewall for monitoring and controlling outbound connections, with GUI-based nftables configuration and centralized management.2026-04-15
Aegisub
Aegisub is a free, cross-platform open source subtitle editor for timing and styling subtitles with audio and real-time video preview.llama.cpp
High-performance C/C++ inference engine for running LLMs locally across CPUs and GPUs.opkssh (OpenPubkey SSH)
OpenPubkey SSH lets you use OpenID Connect identities to authenticate over SSH, replacing long-lived SSH keys with short-lived PK-token-based certificates.Puma
Puma is a fast, concurrent web server for Ruby and Rack applications.Subtitle Edit
Open-source subtitle editor for creating, syncing, translating, and converting subtitle formats.2026-04-16
Galaxy User Guide
Ansible Galaxy is a free site for finding, downloading, and sharing community-developed roles and collections for automation projects.grove
Grove is a distributed ML training tool for MacBooks that discovers nearby peers automatically and synchronizes training across devices with minimal setup.Passbolt
Passbolt is an open source password and secret management platform for teams, with end-to-end encryption, audit trails, and self-hosting options.unicorn
Unicorn is a Ruby Rack HTTP server optimized for fast clients and Unix-like systems, with process-based concurrency and reverse-proxy expectations for slow clients.2026-04-20
HY-World 2.0
HY-World 2.0 is a multimodal world model for reconstructing, generating, and simulating 3D worlds, with open-source code and models for world reconstruction.Hyperframes
Hyperframes is an open-source HTML-native video rendering framework built for agents, with deterministic rendering, browser preview, and MP4 output.rvLLM
rvLLM is a high-performance LLM inference engine in Rust, with TPU and GPU backends, benchmark-heavy optimization work, and a drop-in vLLM replacement goal.2026-04-21
Forking Bahamut for Azzurra IRC: IPv6 and SSL in 2002
Marcello Barnaba’s retrospective on forking the Bahamut IRC daemon for Azzurra in 2002, adding IPv6, SSL, cloaking, and other infrastructure work for a large IRC network.grappa-irc: reinventing IRC for 2026
Marcello Barnaba proposes grappa-irc, a self-hosted IRC bouncer and PWA client that keeps IRC’s text-first protocol while improving mobile usability and scrollback.infra-ansible
infra-ansible is an Ansible repository for provisioning and automating infrastructure components such as DNS, DHCP, OpenStack, storage, bastions, and identity-managed hosts.Kimi K2.6
Kimi announces Kimi K2.6, an open-source model focused on coding, long-horizon execution, and agent swarm workflows.Network Observability Lab
Network Observability Lab provides a hands-on environment for the Modern Network Observability book, with scripts and lab scenarios for Prometheus, Grafana, Loki, Telegraf, Logstash, and related tooling.2026-04-22
ApiPosture
ApiPosture is an open-source project focused on API posture and security assessment, helping teams evaluate exposed endpoints and improve their API attack surface management.Code-Flow-IO
Code-Flow-IO is an open-source project for workflow-oriented code execution and automation, focusing on structured developer task flows and process orchestration.2026-04-24
Canonical releases Ubuntu 26.04 LTS, Resolute Raccoon
Canonical announces Ubuntu 26.04 LTS, Resolute Raccoon, covering the new long-term support release and its platform updates.Framework Laptop 13 Pro and highlights from the Framework Next Gen event
Framework announces the Laptop 13 Pro and shares highlights from its Next Gen event, focusing on repairable modular hardware and product updates.2026-04-27
Nowhere — an entire website encoded in a URL
A tool that encodes entire websites (stores, forums, petitions, art) into the URL fragment, using Nostr relays for coordination. No server, no account, no platform.Kysely
TypeScript SQL query builder with type-safe queries for Node.js and Deno.2026-04-28
C3
A systems programming language based on C syntax, designed as a safer and simpler alternative to C.Quarkdown
A markdown-based typesetting system for creating documents.Typst
A modern markup-based typesetting system — an alternative to LaTeX with a focus on ease of use and incremental compilation.2026-04-29
AI-Infra-Guard
Tencent's open-source tool for guarding AI infrastructure — monitoring and protecting AI/ML systems.Soft launch for government open source code platform
The Netherlands launches a government open source code platform to share and collaborate on public sector software.OneCritto: il password manager italiano che elimina il cloud (e i suoi rischi)
Password manager open-source italiano, offline-first, con cifratura AES-256 e Argon2id. Nessun cloud, nessuna telemetria, pieno controllo locale dei dati.pacquet
A fast, drop-in replacement for npm written in Rust by the pnpm team.2026-05-04
Alchemy
Open-source AI agent framework for building and running multi-agent systems with dynamic communication, shared memory, and pluggable toolsAMD Gaia
Generative AI Is Awesome — AMD's open-source local AI agent framework for Windows and Linux using the Lemonade SDK to run AI agents across AMD CPUs, GPUs, and NPUsAMD GAIA 0.17.5
AMD's open-source local AI framework releases 0.17.5 with Gemma 4 E4B as new default model, native OpenAI tool_calls support, and Chat Lite agent for resource-constrained systemsGhostty Leaving GitHub
Mitchell Hashimoto announces that the Ghostty terminal emulator is leaving GitHub — discussing the reasons behind the migration and what it means for the project's futureKlattsch
A minimal, self-hosted chat application — lightweight, fast, and easy to set up with no external dependenciesMacPersistenceChecker
Automated macOS persistence mechanism scanner — analyzes LaunchAgents, LaunchDaemons, CRON jobs, login items, and other persistence vectors to detect suspicious entriesNetHack 5.0 Release
NetHack 5.0 — the first major version upgrade in decades of the classic roguelike, with improved UI, QoL features, and new content while keeping the beloved permadeath gameplayTeemii
Open-source web application — a minimal, clean, and fast platform for managing and sharing links, bookmarks, and notes with a beautiful interface2026-05-05
ratman-tui — A TUI REST Client
ratman-tui is a keyboard-driven, vim-modal REST client built with ratatui+crossterm — boots in <100ms, local forever, no accounts, no SaaS, no Chromium. Import from Postman, tree-shaped collections, 5 panes. `cargo install ratman-tui`2026-05-07
Yaak — The API Client You'll Actually Enjoy
Open-source, offline API client by Insomnia's creator — local-only data, encrypted secrets, zero telemetry, Git-friendly, agent-friendly CLI. Supports REST, GraphQL, gRPC, WebSocket, SSE. Import from Postman/Insomnia/OpenAPI2026-05-08
oh-my-openagent v4.0.0 — Team Mode
Major release introducing Team Mode — multiple agents coordinating in parallel via tmux visualization, hyperplan skill (5 hostile agents), security-research skill (3 vuln hunters + 2 PoC engineers), model-specific prompts for GPT-5.2/5.3, hierarchical config discovery, 48k stars2026-05-11
Decepticon
PurpleAILAB's Decepticon — the open-source platform for building and deploying AI agents. Features agent orchestration, multi-modal capabilities, evaluation and monitoring tools, deployment to various platforms including AWS Bedrock, Anthropic, OpenAI, and moreHunk
Review-first terminal diff viewer for agent-authored changesets — multi-file review stream, inline AI/agent annotations, split/stack/responsive auto layouts, watch mode, integrates with Git/Jujtuu. Built on OpenTUI and Pierre diffs, MIT licensellama-swap
Go-based local model swapping for OpenAI/Anthropic compatible servers — llama.cpp, vllm, stable-diffusion.cpp. Web UI, model hot-swapping, Docker/WinGet/Homebrew install, OpenAI/Anthropic API endpoints2026-05-14
Classic 7 — Windows 10 LTSC 2021 Modified to Look Like Windows 7
Fan project that transforms Windows 10 IoT Enterprise LTSC 2021 into a 1:1 Windows 7 experience: Aero Glass, desktop gadgets, .themepack support, Windows Media Center, OOBE recreationCS61 — Pipes, Forks, and Zombies (Harvard)
Harvard CS61 lecture notes covering Unix pipes (McIlroy's garden hose metaphor, SIGPIPE behavior), implementing waitpid via pipes, process hierarchy, and zombie/orphan process management in initFactoMCP — MCP Server to Play Factorio with Claude
Python MCP server that connects to Factorio via RCON, exposing tools for navigation, mining, building, crafting, research, and diagnostics. Let Claude build your factory through natural languageComputer Hobby Movement in Canada — York University Museum Exhibit
Comprehensive digital exhibit chronicling the decade-long Canadian computer hobby movement (1976-1985), focusing on TRACE — the Toronto Region Association of Computer Enthusiasts. Covers homebrew computers, APL, MOD-8, Computerfest, and the transition from hobby clubs to commercial computingMyths About /dev/urandom — Classic Essay (2014)
Authoritative essay debunking the myth that /dev/random is safer than /dev/urandom. Both use the same CSPRNG, /dev/random just blocks. Linux 4.8+ made them equivalent for /dev/urandom. Quote: "Use urandom. Use urandom. Use urandom."ODoH — Anonymous DNS Without an Account in a Single Rust Binary
Numa v0.14 ships a client, relay, and public deployment in one Rust binary. Uses HPKE to split the path: ingress proxy sees your IP but not the request, egress proxy sees the request but not your IP. No account required, MIT licensedOSINTukraine v2 — Telegram Intelligence Archive with AI
Production-grade platform for archiving and analyzing Telegram intelligence with AI-powered enrichment. Self-hosted, PostgreSQL + pgvector, supports semantic search, entity relations, EW analysis, geolocation, and forward chain analysisScorched Earth 2000 HTML Port
Scorched Earth 2000 — classic artillery game HTML/JavaScript port by KAOS Software Team. Wind-based artillery combat, multiplayer, inventory shop, tank customization, AI opponents2026-05-15
A Few Words on DS4 — DwarfStar 4 by Antirez
Antirez on DwarfStar 4 (DS4), a single-model local AI integration built in one week. Uses DeepSeek v4 Flash with 2/8-bit asymmetric quantization — 96-128GB RAM enough. First time a local model is usable for serious work vs Claude/GPT. Plans: coding agents, distributed inference, model-agnostic architectureAperio — A Programming Language Designed for the LLM Era
Experimental language built on a recursive hypergraph of typed, lifecycled units called loci. Premise: pre-LLM languages are a hidden tax — LLMs pay full cost translating between human mental models and language structure. Uses locus/topic/capacity/bus primitives. LLVM 18 codegen + tree-walking interpreterO(x)Caml in Space — Pure-OCaml CCSDS Protocol Stack in Low Earth Orbit
Borealis project running pure-OCaml CCSDS protocol stack on DPhi Space's ClusterGate-2 satellite. Features BPSec encryption, post-quantum OTAR key rotation (ML-DSA-65), OxCaml with exclave_ stack_ for 3x p99.9 latency improvement. Built by Parsimoni from MirageOS librariesReimplementing the Space Protocol Stack from Scratch in OCaml
Thomas Gazagnaire details reimplementing the full CCSDS protocol stack from scratch in OCaml — from radio framing through Bundle Protocol and BPSec security extensions. Built on MirageOS libraries, used by Borealis project running in orbitColdKey — Post-Quantum Age Key Generation and Paper Backup
Go CLI that generates post-quantum (ML-KEM-768 + X25519) age keys and produces single-page printable HTML backups with QR codes. Features mlock swap protection, Docker security hardening, multi-QR splitting, and SHA-256 verificationFeedr — Terminal RSS/Atom Feed Reader in Rust
Feature-rich TUI RSS reader written in Rust. Dashboard view, feed auto-discovery, starred articles, categories, full-text extraction via Mozilla Readability, OPML import, vim-style navigation, macros, exec hooks, and dual themesThe Ferrari in Your Banker's Driveway — How Fees Steal Half Your Wealth
Analysis of how investment fees compound over time — a 3% fee costs 2/3 of final wealth over 40 years at 7% return. Covers expense ratios, transaction costs, performance fees (2-and-20), and shows how even skilled advisors can't overcome fee dragDesigning an FPGA Calculator from Scratch — 10-Chapter Series
Scientific BCD calculator with custom CPU on Altera Cyclone II FPGA. 10-chapter series covering numerical algorithms (CORDIC, logarithms), 12-bit instruction set, Harvard memory model, microcode, Python assembler, Qt desktop prototype, and physical board with 3D-printed enclosure. Perfect decimal accuracy, no floating-point errorsImage Blaster — Image-to-World 3D Skillset for Claude
Creates 3D models (.glb/.obj), Gaussian splats (.spz), and ambient SFX from a single image. Uses World Labs Marble, Hunyuan 3D, and ElevenLabs. Claude skill for jumpstarting 3D work in under 5 minutes. Extensible to Unity, Unreal, Godot, Blender, Three.jsASCII — Jason Scott's Blog on Computer History and Archiving
Jason Scott's weblog covering the rescue of 13,000 manuals, vintage computing, computer museums, BBSes, and digital preservation. Home of the ASCII project — a living archive of computer culture historyNanoTDB — Tiny Embedded Time-Series Database for Edge/IoT
Go time-series DB for Raspberry Pi and edge nodes. Append-only, WAL-based, S2 compression, VictoriaMetrics-compatible API, no external runtime dependencies. Supports rollups and metric ingestion via line protocolOpen Vehicles — Open Source Electric Vehicle Telemetry
OVMS provides live monitoring, alerts, and remote control for electric vehicles via smartphone apps, web app, and MQTT. Features three CAN buses, SSH access, WebSocket streaming, DBC decoder, and CANopen client. Open source hardware and softwareOxCaml — Jane Street's Experimental OCaml Branch with Locality and Uniqueness
OxCaml adds opt-in control over performance-critical parts of OCaml programs through locality (exclave_ stack_ for stack-bound allocations), uniqueness, and capabilities. Every valid OCaml program is valid OxCaml. Maintained by Jane StreetSigNoz — Open-Source Observability Platform (Logs, Metrics, Traces)
Single tool for logs, metrics, and traces native to OpenTelemetry. Uses ClickHouse as datastore. Open-source alternative to DataDog and New Relic with APM, distributed tracing, LLM observability, and alerts. 26.9k starssx — Package Manager for AI Coding Assistants
Team vault for AI assets (skills, MCP configs, commands, agents, rules, hooks). Scoped installation per org/repo/team/user/bot. Works with Claude Code, Cursor, GitHub Copilot, Gemini, Codex, Kiro. Manifest-and-lock pattern like npm/cargo. Cloud relay for claude.ai/chatgpt.comVelonus — AI-Native Security Scanning CLI for Python
One-command security scanner for Python projects. Bundles trufflehog, Bandit, Semgrep, pip-audit, and Safety. Outputs terminal table, JSON, SARIF for GitHub Security tab. Exits 1 on HIGH/CRITICAL findings for CI gatesZenith Tech — Making Earth's Rotation Visible Through a Telescope
Real-time view of stars above you, zoomed 180x to make Earth's rotation visible. Uses Pan-STARRS telescope images (2010-2014) tiled with Leaflet.js, SIMBAD database for object names. Client-side JavaScript, no server component. Field of view = grain of rice at arm's length2026-05-18
auto-identity-remove — Automated Data Broker Opt-Out Runner
macOS tool that removes your personal info from 500+ people-search sites on a monthly schedule using Playwright, CapSolver for CAPTCHAs, launchd scheduling, and iMessage notifications. Handles 30+ brokers natively plus 470+ generic ones via public datasets — covers Acxiom, LexisNexis, ZoomInfo, Clearbit gaps left by paid services like IncogniBitwarden Removes 'Always Free' Plan from Website
Open-source password manager Bitwarden has removed the 'Always Free' plan from its pricing page, though the plan still exists for existing users. Raises questions about Bitwarden's freemium strategy and whether the company is shifting toward paid-only growth. The vault remains open-source (AGPL) and self-hostableBrotli — Google's Lossless Compression Algorithm
General-purpose lossless compression algorithm developed by Google, designed as a replacement for DEFLATE with better compression ratios. Uses a modified LZ77, Huffman coding, and second-order context modeling. Adopted by nginx, Apache, Cloudflare, and the web ecosystem. Produces .br files. Open source under MIT licenseThe C10K Problem — Dan Kegel
Landmark 1999 essay arguing web servers should handle 10,000 simultaneous clients. Covers I/O strategies: select/poll, /dev/poll, kqueue, epoll, async I/O, threading models (1:1 vs M:N), zero-copy networking, and userspace TCP stacks. Spawned decades of research into scalable server architectureCVE-2026-45185 — Single Byte Write RCE in Exim Mail Server
Critical unauthenticated remote code execution in Exim (Debian/Ubuntu) via TLS/GnuTLS connection handling. During TLS session termination, a single byte (0x0a or 0x0d) is written to freed memory via nested BDAT handler calling ungetc(). XBOW discovered the bug; AI (XBOW Native) produced working exploit chains with and without ASLR/PIECVE-2026-7270 — How to Get Root on FreeBSD with a Shell Script
AI-assisted kernel bug hunt finding a 13-year-old memmove off-by-one in kern_exec.c (present since 2013). Wrong size: endp - begin_argv + consume instead of - consume, causing 2024-byte OOB into adjacent exec_map entry. Exploit: race-condition LD_PRELOAD injection via sshd-session execve, 4 concurrent components (preseed, SSH poker, trigger pinned to CPU0, checker). Gets root in ~6s on stock FreeBSD. Full PoC at github.com/califio/publicationsDOGMA 25 — Filmmaking Movement Founded in Copenhagen 2025
Collective preserving originality of cinema, standing against algorithmic films and ultra-processed consumer goods. "The Vow of Chastity" — 10 rules: handwritten scripts, 50% no dialogue, internet off limits in creative process, max 10 people behind camera, no make-up, everything rented/borrowed/used, one production year, shot where narrative takes place, fund with no content altering conditions, make film as if it were your lastDorym Small — 10B Parameter LLM Trained on CINECA's Leonardo Supercomputer
Milan-based Domyn releases Dorym Small (10B params), smaller version of Dorym Large (260B). Trained on CINECA's Leonardo HPC (EuroHPC framework), supports 50 languages including Italian. Beats Ministral-3-8B, Llama-3.1-Nemotron-Nano-8B, OLMo-3-7B-Think on some benchmarks. Designed for edge/on-premise deployment, part of IT4LIA AI Factory European sovereign AI initiativeGCVE — Global CVE Allocation System
New decentralized approach to vulnerability identification and numbering (announced April 2025). Introduces GCVE Numbering Authorities (GNAs) that allocate identifiers without centralized block distribution. Compatible with traditional CVE system. Includes BCP series (vulnerability format, decentralized publication, KEV assertion, CPE improvements), db.gcve.eu public advisory database, and Vulnerability-Lookup 4.0ksharp — K Version 3 Language Interpreter in C#
Comprehensive K3 interpreter in C#/.NET 8. 100% test suite passing (1549/1549). Full native verbs, adverbs, adverbs for verbalized nouns, amend/index/apply/assign, FFI for .NET, IPC, MCP server. AI-assisted development (SWE-1.5/1.6, Kimi, Claude). MIT + Commons ClauseMiniPlasma — CVE-2020-17103 Still Unpatched in cldflt.sys
Weaponized PoC for LPE in cldflt.sys exploiting cldflt!HsmOsBlockPlaceholderAccess — same vulnerability Google Project Zero reported as CVE-2020-17106 six years ago. Original Project Zero PoC works unchanged. All Windows versions affected. Race condition exploitation spawning SYSTEM shell. MIT licensed, 435 starsProfunctor Equipment in Haskell — Bartosz Milewski
Exploration of profunctor equipment, a categorical structure for relating objects via profunctors. Covers the diamond diagram, unit/counit laws, and how equipment generalizes the notion of relations in category theoryPSOS — The Foundations of a Provably Secure Operating System (1979)
Richard Feiertag & Peter Neumann (SRI International). PSOS designed with formal techniques (HDM) — formally stated requirements, formal specifications for each module, formal proofs that specifications satisfy requirements and programs are consistent. Capabilities as protection mechanism for all objects, hierarchical development, SPECIfication and Assertion Language (SPECIAL)ssh-keysign-pwn — Steal SSH Host Keys and /etc/shadow via ptrace mm-NULL Bypass
Exploits __ptrace_may_access() skipping dumpable check when task->mm == NULL — do_exit() runs exit_mm() before exit_files(), leaving fds open in a race window. pidfd_getfd(2) succeeds when caller uid matches target. CVE-2026-46333. ssh-keysign opens host keys (0600) before permanently_set_uid() with same bug shape since 2002. Fixed by Linus 2026-05-14 (pre-31e62c2ebbfd). Jann Horn flagged in Oct 2020 — six years. 568 starssyzkaller — Google's Unsupervised Coverage-Guided Kernel Fuzzer
Fuzzer that has found thousands of bugs across Linux, FreeBSD, NetBSD, OpenBSD, Windows, Fuchsia, and gVisor kernels. Uses coverage-guided fuzzing with syscall-level program generation, executor, and syzbot dashboard for automated bug triage. Apache 2.0, 6.2k starsLLMs + Vulnerability-Lookup — CIRCL's AI Experiment for Vulnerability Management
CIRCL (Luxembourg) explores LLMs for vulnerability management using 450k rows from Vulnerability-Lookup's million-record dataset. Trained distilbert-based severity classifier and GPT-2 description generator. Daily auto-updating models on Hugging Face, VulnTrain framework, CVSS mapping. Plans: CPE guessing, product/category classification, CWE/ATT&CK tagging, exploitability estimationWakeUp 16b — 16-Byte x86 Assembly Sierpinski Fractal + Audio
Demoscene entry from Outline Demoparty May 2026. 16 bytes of real-mode DOS assembly that draws an infinite Sierpinski fractal via XOR prefix sums on VGA memory while simultaneously generating audio through port 61h. Rule 60 cellular automata, Lucas's Theorem, diagonal shear rendering2026-05-19
2b2t 1m² World Download — 24 TB of Minecraft History
Largest Minecraft world download ever — 1,024,000² Overworld (512k² + 1m²), 256k² End, 100k² Nether. ~24 TB total. Custom zvcr file format, PlaceProxy, BMProxy bots, elytra autopilot. Took 1.5 years development, $3000+ in priority queue costs. CC0 licensed, 121 stars. No AI used. Includes 2b2t Wayback Machine and map viewer at 2b2t.placehsrs — Type-Safe Haskell Rust Bindings
Rust crate generating type-safe FFI bindings between Rust and Haskell. Annotate Rust types/functions with proc macros (#[hsrs::data_type], #[hsrs::function], etc.), run codegen to produce idiomatic Haskell with ForeignPtr memory management and Borsh serialization. Supports Result→Either, Option→Maybe, Vec→[], String→Text. MIT/Apache-2.0, 21 starsMini Shai-Hulud Strikes Again — 317 npm Packages Compromised
npm account `atool` compromised May 19, 2026: 637 malicious versions across 317 packages in 22-minute burst. 498KB obfuscated Bun payload with same scanner architecture as SAP compromise. 10 persistence mechanisms: preinstall hooks, GitHub imposter commits in antvis/G2, CI/CD workflow injection, Claude Code SessionStart hooks, VS Code folderOpen tasks, systemd/LaunchAgent dead-drop C2 (RSA-PSS signed commands via GitHub commit search), Docker container escape, npm OIDC token exchange, Sigstore signing. Exfiltration via GitHub API with Dune-themed repo names. 317 packages affected including size-sensor (4.2M dl/mo), echarts-for-react (3.8M), @antv/scale (2.2M)2026-05-28
Bambu Lab non solo viola la licenza AGPL ma minaccia chi sviluppa fork del suo software
Miami Mamma USa Linux reports that Bambu Lab not only violates the AGPL license but is also threatening developers who create forks of their software.israeli-alloc
Rust library that allocates memory on a random victim program's address space — a research tool and political statement.2026-06-04