- â
- â
- July 01, 2026
-
đ openonion/connectonion Release v1.0.5 release
Release v1.0.5
Highlights
A small but useful patch:
co emailnow reliably shows message bodies, andco browserscreenshots print a clean file path instead of a wall of base64.What's Changed
đ Bug Fixes
co email:get_emailsnow reads the API'stext/htmlbody fields (falling back to legacytext_body/html_body), soco email inboxandco email readshow the message body instead of an empty string.co browser:take_screenshotprints the saved file path instead of dumping the base64 image to the terminal.
đ Documentation
- Documented relay connection-stability behavior in the network layer.
Installation
pip install --upgrade connectonionBreaking Changes
None.
Full Changelog :
v1.0.4...v1.0.5
-
- June 30, 2026
-
đ tintinweb/pi-subagents v0.13.0 release
No content.
-
đ obra/superpowers v6.1.0 release
Lower Per-Session Token Cost
The
using-superpowersbootstrap is injected into every session, so its size is paid for constantly. This release trims it and the per-harness references it points to, without dropping behavior-shaping content.- Compressed the
using-superpowersbootstrap. Replaced the graphviz skill-flow diagram with the prose it encoded, folded the standalone Instruction-Priority section into User Instructions, dropped the per-platform "How to Access Skills" walkthrough, and trimmed the Platform Adaptation pointer to the harnesses that still ship a reference file. The full Red Flags rationalization table and the user-instruction precedence rules are unchanged. - Pruned the per-harness tool-mapping references. The verbose action-to-tool tables restated guidance modern agents already follow. Each reference file is trimmed to the harness-specific notes that still carry weight â subagent dispatch, task tracking, instructions-file paths â and
claude-code-tools.mdandcopilot-tools.md, which had nothing harness-specific left, are deleted.
Codex
- Codex can install from the marketplace. Codex marketplace sources expect a
.agents/plugins/marketplace.jsonat the marketplace root; the repo only shipped the Claude marketplace file, so Codex could name the marketplace but found no installable plugin entries. A repo-local Codex marketplace manifest now points at the same repository root, so the plugin is installable from Codex. - Codex no longer ships a SessionStart hook. Codex reliably triggers skills on its own, and the bootstrap hook made the UX worse rather than better. The Codex hook config (
hooks-codex.json) and its manifest registration are removed.
Harness Support
- Gemini CLI support removed. Google EOLed the Gemini CLI on 2026-06-18; the extension can no longer be installed or updated. Gemini is gone from the install docs, the subagent-capable platform lists, and the eval-harness description, and its tool-mapping reference is deleted.
- Compressed the
-
đ Simon Willison Have your agent record video demos of its work with shot-scraper video rss
shot-scraper video is a new command introduced in today's shot-scraper 1.10 release which accepts a
storyboard.ymlfile defining a routine to run against a web application and uses Playwright to record a video of that routine. I've written before about the importance of having coding agents produce demos of their work; this is my latest attempt at enabling them to do that.Here's an example video created using
shot-scraper video, exercising a still in development feature adding the ability to create new tables in Datasette from pasted CSV, TSV or JSON data:That video was created by running this command:
shot-scraper video datasette-bulk-insert-storyboard.yml \ --auth datasette-demo-auth.json --mp4
(That
--authJSON file contains a cookie, as described here in the documentation.)Here's the
datasette-bulk-insert-storyboard.ymlfile:output: /tmp/datasette-bulk-insert-demo.webm server: - uv - --directory - /Users/simon/Dropbox/dev/datasette - run - datasette - -p - 6419 - --root - --secret - "1" - /tmp/demo.db url: http://127.0.0.1:6419/demo/tasks viewport: width: 1280 height: 720 cursor: true wait_for: 'button[data-table-action="insert-row"]' javascript: | (() => { let clipboardText = ""; Object.defineProperty(navigator, "clipboard", { configurable: true, get: () => ({ writeText: async (text) => { clipboardText = String(text); }, readText: async () => clipboardText, }), }); })(); scenes: - name: Bulk insert existing table rows do: - pause: 0.8 - click: 'button[data-table-action="insert-row"]' - wait_for: "#row-edit-dialog[open]" - pause: 0.5 - click: ".row-edit-bulk-insert" - wait_for: ".row-edit-bulk-textarea" - pause: 0.5 - click: ".row-edit-copy-template" - wait_for: "text=Copied" - pause: 0.8 - fill: into: ".row-edit-bulk-textarea" text: | title,owner,status,priority,notes Prepare release video,Ana,doing,1,Recorded with shot-scraper Check pasted CSV import,Ben,review,3,Previewed before inserting Share the branch demo,Chen,queued,2,Bulk insert creates three rows - pause: 0.8 - click: ".row-edit-save" - wait_for: "text=Previewing 3 rows." - pause: 1.2 - click: ".row-edit-save" - wait_for: "text=3 rows inserted." - pause: 1.0 - click: ".row-edit-cancel" - wait_for: "text=Prepare release video" - pause: 1.0 - name: Create a table from pasted CSV open: http://127.0.0.1:6419/demo wait_for: 'details.actions-menu-links summary' do: - pause: 0.8 - click: 'details.actions-menu-links summary' - click: 'button[data-database-action="create-table"]' - wait_for: "#table-create-dialog[open]" - pause: 0.5 - fill: into: ".table-create-table-name" text: "launch_metrics" - click: ".table-create-from-data" - wait_for: ".table-create-data-textarea" - pause: 0.5 - fill: into: ".table-create-data-textarea" text: | metric_id,name,score,recorded_on m001,Activation rate,87.5,2026-06-29 m002,Retention check,72.25,2026-06-30 m003,CSV import health,95,2026-07-01 - pause: 0.8 - click: ".table-create-save" - wait_for: "text=Previewing 3 rows." - pause: 1.2 - click: ".table-create-save" - wait_for_url: "**/demo/launch_metrics" - wait_for: "text=Activation rate" - pause: 1.2
The video command documentation includes simpler examples, but for the purpose of this post I thought I'd go with something more comprehensive.
That demo YAML storyboard was constructed entirely by GPT-5.5 xhigh running in Codex Desktop, using the following prompt run inside my
~/dev/datasettecheckout of this branch:Review the changes on this branch.cd to ~/dev/shot-scraper and run the command "uv run shot-scraper video --help"Now use that new video command to record a video demo of the new features from this branch, including running a "uv run datasette -p 6419 --root --secret 1 /tmp/demo.db" development server so you can record the video against a demo DB that you first create.Now that I've released the feature the prompt could say "
run uvx shot-scraper video --help" instead and it should achieve the same result.I really like this pattern where the
--helpoutput for a command provides enough detail that a coding agent can use it - it works kind of like bundling aSKILL.mdfile directly inside the tool. I used the same pattern for showboat and rodney.How I built this
shot-scraper videostarted as an experimental prototype.shot-scraperis built on top of Playwright, and the key feature it needed was for Playwright to be able to record video of browser sessions with enough control to create the desired demo.I first tried this a few years ago and found that the Playwright-produced videos included additional chrome that was useful for debugging a test failure but unwanted for a product demo.
They fixed that a while ago, but there were still some minor blockers. In particular I was getting a few white frames at the start of the videos, since the recording mechanism kicked in before the first URL was loaded by the browser.
Playwright 1.59 added a new screencast mechanism providing much more finely grained control over video recording. This was very nearly what I needed, but the resulting videos were fixed at 800px wide.
I found a landed PR fixing that but it wasn't yet in a release. Then yesterday they shipped it in playwright-python 1.61.0 and I was finally unblocked to finish implementing the feature!
The code itself was all written by GPT-5.5 xhigh in Codex Desktop. I had it write the documentation as well which gave me a very useful frame for reviewing the design - much of the iteration on the feature came from reviewing that documentation, spotting things that were redundant, inconsistent or confusing, and requesting (or dictating) a better design.
The YAML format itself was mostly defined by the coding agent. I had it use Pydantic to both define and validate the format, partly to make the design easier to review.
This is a great example of the kind of feature that I almost certainly wouldn't have taken on without coding agent support. I filed the original issue in February 2024, and had difficulty finding the necessary time to solve this in amongst all of my other projects.
You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.
-
đ Evan Schwartz Scour - June Update rss
Hi friends,
Many of you mistakenly got onboarding emails yesterday. I'm sorry about that. I was tweaking the way emails are sent to new users and accidentally sent it out to everyone. Don't worry, you'll get your weekly digest on Friday as usual. (If you got a message about verifying your email, please do verify yours if you'd like to continue receiving the weekly digests.)
In June, Scour scoured 841,977 articles from 27,356 feeds , and 123 new users signed up. Welcome!
Here's what's new in the product:
đ Links Between Articles
Scour now tracks and shows which articles cover other ones so you can find coverage, reactions, and responses to a given story. Under any post, you can see both the stories that the given one links to, and which other sources link to it. A detail I especially like is that the covering sources you tend to like and read are shown first, so you can easily find your favorite commentators' reactions.
Relatedly, there's now a page that shows the most widely covered stories across Scour. If you subscribe to specific feeds, you can also add this as a feed to source content from.
Laurynas Keturakis suggested this over a year ago and after finally implementing it this month, it quickly became one of my favorite Scour features. Thanks Laurynas!
đ Grow Your Feed After Reading
After you love or like a post, you'll see a small prompt to add more interests similar to that article's content. Adding interests is the best way to hone your feed and make sure Scour surfaces articles you'll like, so I hope this makes it easier to do that.
If you subscribe to individual feeds, that prompt will also include a way to subscribe to the publisher's feed, if you aren't already, so you'll get more content from them.
Similarly, if you dislike a post, you'll see some options to have less of that kind of content appear in the future.
đą Redesigned Feed User Interface
The Scour feed got a makeover! The new layout should be easier to scan and interact with.

Clicking or tapping a post opens the expanded view:

Also, on mobile, you can swipe articles right or left to quickly like or dislike them.
đşď¸ Discover Section
The new Discover section contains all of your personalized interest and feed recommendations, as well as the pages to browse popular posts, interests, and feeds. Head over there if you'd like to build out your feed more, or if you want to see what others are reading on Scour.
đŁď¸ Better Screen Reader Support
Scour now works far better with assistive technology. Every post is a labeled article whose actions are reachable by screen reader and keyboard, menus support arrow-key navigation, and the things that used to change silently (filter updates, search results, newly loaded posts) are announced as they happen. If you or someone you know reads Scour with assistive tech, I'd love your feedback. See the new Accessibility page for the full picture.
đŹ Testimonials on the Homepage
Enjoying Scour? I added testimonials to the homepage and I'd love to include your review! Email me to let me know your thoughts (and of course, constructive feedback is also very welcome).
đ Some of My Favorite Posts
Here were some of my favorite articles I found on Scour in June:
- I've been thinking a lot about the ways that AI changes what it feels like to be a software engineer and I especially appreciated these takes:
- Andrew Diamond made a great comparison with historical fiction writers in Software Engineering in the Age of AI.
- Vardan Torosyan pointed out that every engineer is now facing the kind of overload engineering managers have always dealt with: There is Too Much.
- Candost discusses having an ownership mindset in On the Changing Role of Software Engineers.
- And a goofy font that Bill Tarbell made that's readable for humans but not for AI: Souls Only.
Happy Scouring!
- Evan
- I've been thinking a lot about the ways that AI changes what it feels like to be a software engineer and I especially appreciated these takes:
-
đ Cryptography & Security Newsletter The Threat of Residential Proxies rss
The last several years have seen the continuous rise of so-called residential proxies. If youâre not familiar with this term, the name refers to the proxies usually (but not always, as we will see later) installed at residential addresses and used for website scraping and similar activities. Itâs a fairly niche topic, and itâs quite likely that you wonât have heard about it. It is, however, a phenomenon that requires your attention.
-
đ HexRaysSA/plugin-repository commits sync repo: +2 releases rss
sync repo: +2 releases ## New releases - [DriverBuddyReloaded](https://github.com/voidsec/driverbuddyreloaded): 2.2.0 - [ida-rpc](https://github.com/bkerler/ida_rpc): 0.1.4 -
đ MetaBrainz Current ListenBrainz server issues/high load rss
Our apologies if you are experiencing outages or slowness on ListenBrainz currently. First it was AI scrapers, now it's K-pop fansâŚ
In short, we are experiencing massive server load from an unexpected and massive increase in listen submissions. Please bear with us as the small (but mighty) ListenBrainz team works on possible mitigations.
None of your listens are being lost, they are all sitting safely in our (massively overloaded) processing queue:
Try to
spot when the trouble started!This has come about because last.fm recently changed how they calculate their statistics, in order to "reduce the impact of bots and scripts on [their] charts and leaderboards".
This has caused BTS (a K-pop group) fans to abandon last.fm en masse and shift their attention to ListenBrainz (and libre.fm). The keen eye will be able to notice a difference in ListenBrainz' current global statistics, compared to last year.
K-pop fans, if you're reading this, please don't

We are a very small team on a very tight budget, and don't have the resources to absorb your onslaught. We will start pausing accounts that are found to be aggressively botting and gaming the charts, as per our code of conduct (section 9).
There's more to dig into on this topic, for instance how these listens are being submitted, and the cultural movements and fandom that prompt this kind of mass action, but we need to be fixing queues, not writing blog posts! So we will let our informed community fill in the gaps, in the comments. Happy reading, and here's hoping that our next update/s will be all good news.
-
đ r/reverseengineering SpotifyC2 rss
submitted by /u/ObligationLucky842
[link] [comments] -
đ MetaBrainz Picard 3 beta 5 released rss
Today, we're making available the fifth beta version for the upcoming MusicBrainz Picard 3. This new versions brings some important changes:
- The Options menu was reworked with generalized quick settings and easier access to scripts and options.
- Handling of the Options dialog and the File Naming Script Editor was streamlined. Editing file naming scripts is now available in the menu in Options > File naming scripts > Edit scripts⌠or via Ctrl+Shift+S.
- Option profiles can now be used with plugin settings, the "Attached option profiles" dialog allows changing selected options.
- Plugins can be installed from a local directory without git, which simplifies local development and plugins created just for personal use.
Download links and a detailed list of changes since Picard 3 beta 4 are available below. For a more detailed overview of what is new in Picard 3 please see the previous blog post Picard 3 Alpha Release.
While we have all the major features implemented and with the latest bug fixes we are confident in the current code, this is still a pre-release and there might be bugs. If you use this, do so with care, backup your files and please report any issues you encounter.
Some of the changes are also backward incompatible, hence we recommend you make a backup of your Picard.ini config file before trying the beta version. You can do so in Picardâs Options under Advanced > Maintenance.
Whatâs new?
Bugfixes
- PICARD-507 - Wrong matching to already loaded release
- PICARD-1696 - No stable sort order for cover art saved to ID3
- PICARD-3308 - macOS: System locale detection fails
- PICARD-3326 - The releases on PyPI lack the source distribution
- PICARD-3327 - MBID auto-loading and auto-analyze do not work after loading session with "No auto-matching on load" enabled
Improvements
- PICARD-3080 - Consider track no. when matching files to AcoustID results
- PICARD-3092 - Support reading duration from 3GP files (.m4a)
- PICARD-3138 - Make user-collections retrieval optional, similar to genres and ratings
- PICARD-3270 - Add ISRC and ISWC to pre-defined columns
- PICARD-3302 - Allow focusing Log View dialog while Options dialog is open
- PICARD-3306 - File naming script UI is overly complex and duplicated
- PICARD-3309 - Unify Options menu toggle actions into configurable Quick settings
- PICARD-3313 - Support executing local non-git plugins
- PICARD-3314 - Add docstrings to
PluginApimethods - PICARD-3315 - Add support for profiles for plugin options and pages
- PICARD-3318 - Attached Profiles dialog should provide a way to configure profiles for this page
- PICARD-3329 - Allow changing the string collator with the
PICARD_COLLATORenvironment variable
Download
We appreciate your interest in trying this new version. Use with care, backup your files and please use theMetaBrainz community forums and the ticket system to give feedback and report bugs.
For Windows and macOS you can download the beta version from the Picard download page. Linux users can run from source or try the beta channel of the Picard snap package.
Picard is free software and the source code is available on GitHub.
Acknowledgements
Code contributions by Laurent Monin, Philipp Wolfer and Bob Swift. Translations were updated by Marc Riera (Catalan), Jeluang (Malay), Nebulain (Chinese (Simplified Han script)) and Theo Asimakopoulos (Greek).
-
đ openonion/connectonion Release v1.0.4 release
Highlights
ConnectOnion v1.0.4 adds a
co emailcommand group â manage your agent's mailbox straight from the terminal. Every agent already has its own address (activated byco auth); now you can send, read, and even claim a custom name without leaving the CLI.What's Changed
⨠Features
co emailâ new CLI command group for the agent mailbox:co email/co email inboxâ list received mail (--last/-n,--unread/-u)co email read <#>â show one message's body and mark it readco email send <to> <subject> <message>â send from your agent address (HTML auto-detected)co email name <name> [--buy]â check or claim a custom address (e.g.aaron@openonion.ai)co email upgrade <tier>â upgrade email tier from credits
send_emailnow reports the actual server-side sender, so a claimed custom name is reflected in thefromfield.
đ Documentation
- New
docs/cli/email.mdand aco emailsection in the CLI README.
Installation
pip install --upgrade connectonionBreaking Changes
None.
Full Changelog :
v1.0.3...v1.0.4 -
đ Rust Blog Announcing Rust 1.96.1 rss
The Rust team has published a new point release of Rust, 1.96.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, getting Rust 1.96.1 is as easy as:
rustup update stableIf you don't have it already, you can get
rustupfrom the appropriate page on our website.What's in 1.96.1
Rust 1.96.1 fixes:
It also fixes three CVEs affecting libssh2 (which is compiled into Cargo):
Contributors to 1.96.1
Many people came together to create Rust 1.96.1. We couldn't have done it without all of you. Thanks!
-
đ Servo Blog May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more! rss
Servo 0.3.0 contains all of the changes we landed in May, which came out to 391 commits (March: 534). For security fixes, see § Security.
Weâve shipped several new web platform features:
- âfont-kerning: noneâ (@simonwuelker, #44634)
- âfont-variant-east-asianâ (@simonwuelker, #44989)
- âfont-variant-ligaturesâ (@simonwuelker, #44903)
- âfont-variant-numericâ (@simonwuelker, #44950)
- âfont-variant-positionâ (@simonwuelker, #45142)
- mp4 files without fast start in < video> (@calvaris, #45084)
<form enctype="multipart/form-data">(@yezhizhen, #45028)<form enctype="text/plain">(@yezhizhen, #45111)- <![CDATA[]]> layout (@mrobinson, #44791)
Plus a bunch of new DOM APIs:
- onslotchange property on ShadowÂRoot (@jdm, #44688)
- screenÂLeft and screenÂTop on Window (@TG199, #45128)
- new Blob() with
{endings: "native"}(@yezhizhen, #44803) - new PerformanceÂMark() (@shubhamg13, #44702)
- parseÂHTML() on Document (@kkoyung, #44952)
- readÂAsÂBinaryÂString() on FileÂReader (@yezhizhen, #44858, #44921)
- performance.measure() with mark values âredirectÂStartâ , âredirectÂEndâ , âsecureÂConnectionÂStartâ , and âresponseÂEndâ (@shubhamg13, #44673, #44624, #44850, #44739)
Weâve also fixed some build issues on Windows (@mukilan, #45079), FreeBSD (@delan, @mrobinson, @mukilan, #44600), and for anyone building Servo on NixOS or with Nix (@freyacodes, #45051, #45135).
This is another big update, so hereâs an outline:
-
Security
â memory safety fixes -
Work in progress
â execCommand(), Sanitizer, IndexedDB, accessibility, workers -
Embedding API
â MSRV, cookies, preferences, diagnostics -
For users and developers
â--host-file,--userscripts, DevTools Debugger -
More on the web platform
â focus, forms, navigation, SubtleCrypto, WebGPU -
Performance
â about:memory, threads, layout, DOM, build times -
Stability
â crashes, hangs, static analysis
Security __ Servoâs JS runtime, SpiderMonkey 140.10.0 , had several memory safety bugs that have been fixed in Servo 0.3.0 with the update to SpiderMonkey 140.10.1 (@jschwe, #44755). For more details, see CVE-2026-7322, CVE-2026-7323, and MFSA 2026-36. Work in progress Weâre continuing to implement document.execÂCommand() for rich text editing , under --pref domÂ_execÂ_commandÂ_enabled (@TimvdLippe, #44735, #44973, #44887). This release adds support for the âbackÂColorâ , âforeÂColorâ , âcreateÂLinkâ , âunlinkâ , âsuperscriptâ , âsubscriptâ , and âremoveÂFormatâ commands (@TimvdLippe, #44644, #44682, #44657, #44710, #44677), plus partial support for the âinsertÂParagraphâ command (@TimvdLippe, #44909). Weâre also working on the Sanitizer API, under --pref domÂ_sanitizerÂ_enabled. With the feature now enabled in servoshellâs experimental mode (@kkoyung, #44701), this release adds support for setÂComments() , setÂDataÂAttributes() , allowÂProcessingÂInstruction() , removeÂProcessingÂInstruction() , and removeÂUnsafe() on Sanitizer (@kkoyung, #44734, #44983). IndexedDB continues to improve, under --pref domÂ_indexeddbÂ_enabled. This release brings a more conformant abort() on IDBÂTransaction (@Taym95, #43950). All of the features above are enabled in servoshellâs experimental mode. Weâve made more progress towards accessibility support, including the name from contents algorithm (@alice, @delan, @mrobinson, #44439) and several changes towards building the accessibility tree incrementally (@alice, @delan, @mrobinson, #44766, #45035, #45207, #44768, #44785, #44801, #44767, #45029). The latter is critical for performance in real-world web content. Weâre now working on SharedWorker and ServiceWorker , under --pref domÂ_sharedworkerÂ_enabled and --pref domÂ_serviceworkerÂ_enabled respectively. This release adds support for new SharedÂWorker() (@Taym95, #44761), and parts of the ServiceWorker API (@gterzian, @arihant2math, #45082, #44787). Embedding API
Servo now requires Rust 1.88.0 or newer, up from the old MSRV of 1.86.0 (@sagudev, #44815). We run compile tests with the MSRV, but most of our testing is now done with Rust 1.95.0 (@simonwuelker, #44632).
Breaking changes to the cookies methods in our SiteDataManager API (@longvatrong111, #44708):
-
SiteÂDataÂManager::clearÂ_cookiesnow takes an additionalcallbackargument, allowing it to be called async â to continue calling it sync, passNoneas thecallback -
SiteÂDataÂManager::clearÂ_sessionÂ_cookiesnow takes an additionalcallbackargument, allowing it to be called async â to continue calling it sync, passNoneas thecallback -
SiteÂDataÂManager::setÂ_cookieÂ_forÂ_urlnow takes an additionalcallbackargument, allowing it to be called async â to continue calling it sync, passNoneas thecallback -
SiteÂDataÂManager::setÂ_cookieÂ_forÂ_urlÂ_asynchas been removed in favour ofsetÂ_cookieÂ_forÂ_urlâ to migrate, replacesetÂ_cookieÂ_forÂ_urlÂ_async(âcallback)withsetÂ_cookieÂ_forÂ_url(âSome(âBox::new(âcallback)))
Breaking changes to our Preferences API (@Narfinger, @mrobinson, #44307):
-
threadpoolsÂ_imageÂ_cacheÂ_workersÂ_max,threadpoolsÂ_indexeddbÂ_workersÂ_max, andthreadpoolsÂ_webstorageÂ_workersÂ_maxhave been removed in favour of a combinedthreadÂ_poolÂ_workersÂ_max -
threadpoolsÂ_fallbackÂ_workerÂ_numhas been renamed tothreadÂ_poolÂ_fallbackÂ_workers -
threadpoolsÂ_asyncÂ_runtimeÂ_workersÂ_maxhas been renamed tothreadÂ_poolÂ_asyncÂ_runtimeÂ_workersÂ_max -
threadpoolsÂ_webrenderÂ_workersÂ_maxhas been renamed tothreadÂ_poolÂ_webrenderÂ_workersÂ_max
Weâve also reworked our DiagnosticsLogging API (@mukilan, #44703):
-
You can now set options with
DiagnosticsLogging::toggleÂ_option, and check if they are enabled withDiagnosticsLogging::isÂ_enabled -
Each option is a variant of
DiagnosticsLoggingOption, a new type that also has useful methods for exposing these options in embedder UI -
(Breaking change)
DiagnosticsLoggingno longer haspubfields representing each option â to migrate, replace field writes and field reads withtoggleÂ_optionandisÂ_enabledrespectively -
(Breaking change)
DiagnosticsLogging::extendÂ_fromÂ_stringno longer accepts ahelpoption â this option only existed to support servoshellâs-Z help/--debug=helpoption, so the code implementing it has been moved to servoshell
For users and developers servoshell has two new options: You can now configure the path to a hosts file with --host-file= (singular), as an alternative to the HOST_FILE (singular) environment variable (@jschwe, #44880). You can now provide a directory of user scripts to run in every document with --userscripts= (@jdm, #44754). When using the Debugger tab in the Firefox DevTools : You can now âblackboxâ a script by clicking Ignore source (@freyacodes, #44359). This prevents breakpoints from being hit inside that script, and it should also allow you to step through execution in the debugger without pausing inside that script. The Scopes panel is more accurate now (@atbrakhi, @eerii, #44765). For developers of Servo itself, please note that per project policy, you must not use the output of large language models or other generative AI tools in your contributions. To help us enforce that, we now have CI checks that reject AI agents as coauthors (@SimonSapin, @delan, #44723). Weâve also fixed build issues with --features vello (@Gae24, @yezhizhen, #44875, #45036). More on the web platform
Weâve improved the default appearance of < dl>, < ol>, < ul>, < table>, < thead>, < tbody>, < tfoot>, < tr>, < td>, < th>, < dir>, < menu>, and < form> (@avis137, #44837, #44920).
CryptoKey is now serializable , allowing it to be used in structuredClone() and postMessage() (@kkoyung, #45163).
Weâve improved JS error messages in several parts of the DOM (@n0blenote, @jdm, @TG199, @PuercoPop, #44704, #45186, #44656).
Weâve improved the conformance of form submission (@yezhizhen, #44943, #44953, #44954, #44957), tab navigation (@mrobinson, #44684), javascript: url navigation (@jdm, @TimvdLippe, #43490), âRefreshâ headers and < meta http-equiv=Refresh> (@jschwe, @mrobinson, #45113, #45116), âline-break: anywhereâ (@mrobinson, @SimonSapin, #44609), assign() on Location (@TG199, @jdm, #44298), crypto.subtle.deriveÂBits() (@kkoyung, #44706), getÂComputedÂStyle() (@Loirooriol, #44856), performance.measure() (@shubhamg13, #44675), readÂAsÂDataÂURL() on FileÂReader (@yezhizhen, #44897, #44924), stream() on Blob (@Taym95, #45133), and ML-KEM in SubtleÂCrypto (@kkoyung, #45153).
Weâve also landed improvements to GPUÂSupportedÂLimits (@sagudev, #45114), GPUÂTexture (@sagudev, #45154), createÂBindÂGroup() on GPUÂDevice (@sagudev, #45140), and other WebGPU features (@sagudev, #45097).
Weâve fixed bugs related to < svg> with âContent-Security-Policyâ (@TimvdLippe, @jdm, #44974), â:activeâ (@SharanRP, @mrobinson, #43953), â:hoverâ (@SharanRP, @mrobinson, #43979), âalign-itemsâ (@yezhizhen, #44396), âborder-image- outsetâ (@lumiscosity, #45039), âpaddingâ with âoverflow: scrollâ (@stevennovaryo, #44263), âpointerupâ events (@mrobinson, #44666), âslotchangeâ events (@jdm, #44688), dynamic import() (@Gae24, #44741), and clip() on CanvasRenderingContext2D (@yezhizhen, #44831).
Performance Weâve built a tool that will help us improve âabout:memoryâ by finding untracked allocations (@jdm, @TimvdLippe, @webbeef, #44674, #44980). Servo now requires fewer OS threads per CPU, after we combined the thread pools for the image cache, web storage, and IndexedDB (@Narfinger, @mrobinson, #44307). Weâve landed a bunch of layout optimisations: The fragment tree is now immutable for the most part, with small pockets of interior mutability where mutability is needed. This means that most fragment tree accesses no longer have to incur the runtime cost of borrowing an AtomicRefCell (@mrobinson, @Loirooriol, #44849). Two steps in the layout process, calculating containing blocks and building the stacking context tree , require traversing the fragment tree. This can be expensive, but weâve now combined them into a single fragment tree traversal in most cases (@SimonSapin, @mrobinson, #44911, #45210). Another step in the layout process, calculating scrollable overflow , used to require traversing the entire fragment tree. Weâve effectively eliminated that traversal, by making the calculation both lazy and incremental (@mrobinson, @Loirooriol, #44854). Weâve improved the caching of fragments, shaping results, and other layout results between reflows (@mrobinson, @Loirooriol, @SimonSapin, #45038, #44769). Weâve made incremental fragment layout more precise (@Loirooriol, @mrobinson, #44925). Weâve reduced the memory usage of text shaping (@mrobinson, @SimonSapin, #44609). DOM attributes are much more efficient in this release: When scripts write attribute values, we avoid serialising them until the attribute is read back by a script (if ever), speeding up frequent writes to inline styles by up to 25% (@mrobinson, #44931). When we parse attributes in HTML or read attribute values internally, we avoid constructing Attr nodes until a script actually needs them, reducing memory usage and making garbage collection less likely (@webbeef, @TimvdLippe, @mrobinson, #44209, #45023, #45031, #45060). Weâve eliminated a traversal of the whole DOM tree whenever an < iframe> is attached to the tree, which is especially noticeable when parsing documents with many <iframe> tags (@mrobinson, #45236). Stylesheet locks now use AtomicRefCell, which is even more efficient than a parking_lot::RwLock (@mrobinson, #44883). On OpenHarmony, we now have a real refresh driver for reduced idle CPU usage (@jschwe, @yezhizhen, #44927), and we now cache the font list on disk for faster startup (@RichardTjokroutomo, @d-desyatkin, #44158). Weâve also reduced allocations, GC rooting steps, and other operations in many parts of Servo (@jschwe, @kkoyung, @mrobinson, @SteveSharonSam, @Narfinger, @jdm, @nodelpit, @simonwuelker, #44961, #44944, #44972, #45231, #45078, #44662, #44679, #44967, #44963, #44933, #44935, #44905). To improve Servoâs build times , weâre moving more code out of our massive script crate (@Narfinger, @jdm, #44598, #44636, #44823), and reduced the size of our dependency tree (@jschwe, #44818). Stability __
Several crashes and hangs have been fixed:
- in âcontentâ (@mrobinson, @Loirooriol, @SimonSapin, #45227, #44762)
- in MediaÂStream (@jdm, #44781)
- in item() on attributes on Element (@webbeef, #44721)
- in appendÂRule() on CSSÂKeyframesÂRule (@mrobinson, #45173)
- in initÂEvent() on FocusÂEvent (@mrobinson, #44870)
- in stop() on Window (@TimvdLippe, #44804)
- in
document.execÂCommand(â"delete")(@TimvdLippe, #44748) - in
--debug-mozjsbuilds (@Gae24, @SharanRP, #44745, #45001) - when evaluating scripts in DevTools while paused (@atbrakhi, #45050)
- when previewing some JS values in DevTools (@eerii, @atbrakhi, #45054)
- when shaping zero-width spaces in layout (@mrobinson, #45176)
- when toggling servoshellâs experimental mode at runtime (@mrobinson, @Loirooriol, #45226)
Weâve continued our long-running effort to use the Rust type system to make certain kinds of dynamic borrow failures impossible (@Gae24, @MavenRain, @Narfinger, @SteveSharonSam, @TimvdLippe, @elomscansio, @jdm, @kkoyung, @yezhizhen, #44712, #44759, #44879, #45014, #45058, #45061, #45076, #45098, #45110, #45149, #45117, #45184, #45201, #44806, #44930, #44942, #44946, #45233, #45181, #44659, #44660, #44664, #44668, #44992, #45000, #45081, #45009, #45225, #45087, #45244, #45245, #45247, #44663, #44665, #44993, #45040, #45053, #44647, #44671, #44681, #44717, #44733, #44686, #44653).
New contributors A special thanks to the following people for landing their first patch in Servo: AbdAlRahman Gad (@AbdAlRahmanGad, #45213) Onyeka Obi (@MavenRain, #44806) Steve Sharon Sam (@SteveSharonSam, #45030) avis137 (@avis137, #44837) Xabier RodrĂguez (@calvaris, #45084) June (@kimjune01, #44816) Matt Van Horn (@mvanhorn, #44740) nicole (@n0blenote, #44704) panxt8 (@panxt8, #44991) Interested in helping build a web browser? Take a look at our curated list of issues that are good for new contributors! Donations __
Thanks again for your generous support! We are now receiving 7659 USD/month (+4.2% from April) in recurring donations. This helps us cover the cost of our speedy CI and benchmarking servers, one of our latest Outreachy interns , and funding maintainer work that helps more people contribute to Servo.
Servo is also on thanks.dev, and already 35 GitHub users (+2 from April) that depend on Servo are sponsoring us there. If you use Servo libraries like url, html5ever, selectors, or cssparser, signing up for thanks.dev could be a good way for you (or your employer) to give back to the community.
We now have sponsorship tiers that allow you or your organisation to donate to the Servo project with public acknowlegement of your support. If youâre interested in this kind of sponsorship, please contact us at join@servo.org.
7659 USD/month
10000
Use of donations is decided transparently via the Technical Steering Committeeâs public funding request process , and active proposals are tracked in servo/project#187. For more details, head to our Sponsorship page.
-
đ Ampcode News Agents in Orbs rss
You can now launch Amp agents remotely in orbs:
Orbs are machines in which an agents can run without supervision. When you create a new thread you get a fresh orb that contains your code, plugins, and tools the agent might need.
Each orb has 32GB memory, 16 cores, $1.66/hour, billed by the minute. They start up quick and go to sleep when you and the agent no longer need them.
Remote and Yet So Near
Agents in orbs aren't running on your machine, but you can control them just like they were.
You can review changes and browse through the files on the orb:
You can use the terminal:
If you want to iterate alongside the agent, you can sync the changes to your local machine by running:
amp sync <thread-id>Like this:
And just like you can spawn new Amp thread with
amp -x, you can useamp -oxto spawn a thread in an orb:amp -ox "Investigate why the latest CI run on 'main' failed"You don't even have to leave the Amp TUI to spawn an agent that lives in orb:
See the manual for more information on orbs and how to use them.
Things Change
The ability to spin up new agents from everywhere and then let them run for as long as they need changed how we work with agents.
Of course, having multiple agents work at the same time was already possible before this: one could use different checkouts for different agents, or worktrees, or run agents manually via SSH on remote hosts.
But when it's this easy to launch an agent on a machine that isn't your own, in the very same interface that you already use to manage your local agents, right next to those local agents, with the very same controls?
Things change.
For one, you tend to do it a lot more.
Why not launch a group of agents to investigate eight different bugs independently when there are no local resource clashes to worry about? Why not turn a bug report into an agent and an investigation instead of a ticket? Why not manage the agent and its results instead of the ticket?
You also start to use them for things you hadn't considered before.
Why not launch an agent to run for a very long time and try out all possible performance optimizations if it doesn't eat up your CPU? Why not have agents run through testing workflows if that doesn't conflict with your local agents and steal memory away from them?
Why not build that prototype? Why not go for that moonshot? Why not try?
Why not?
Time to Find Out
Back in February we said that we hold the models back if we treat them as mere assistants and lock them into a sidebar. The models, we proclaimed, "want to write code and run even when you're not sitting in front of your editor".
And now we're here. Never mind the editor, now we can let our agents run even when we're not sitting at our computer.
We believe that is how a lot of code will be written in the future. We believe that this is not just another step, but a step over an important threshold.
How exactly this will play out we don't know. Some code will likely always be created locally, under close supervision, with a lot of back and forth. But these models are getting so good that the amount of code they can write on their own (and run, and test, and ship) will only grow. At this point, we hold them back if we require them to do it all on a single machine.
And once you let them loose in orbs, you realize how constrained theyâve been.
Time to find out how far they can go.
-
- June 29, 2026
-
đ IDA Plugin Updates IDA Plugin Updates on 2026-06-29 rss
IDA Plugin Updates on 2026-06-29
New Releases:
Activity:
- ida_rpc
- b328142a: Fix parameter renaming
- 55e61b37: Bump version to 0.1.4
- 6e4ff037: Merge remote-tracking branch 'origin/main'
- 23d1e2c9: Merge processor alias fixes
- 0f357546: Fix IDA processor aliases
- 9c10c96e: Merge pull request #1 from bkerler/feature/lumina-signatures
- 88b372bc: Fix x86 to use meta
- d350f3b8: Update documentation
- cd91eeab: Add Lumina signature commands
- rikugan
- 76871d30: feat(tools): improve tool descriptions, add search/filter imports, anâŚ
- fe90a6e8: feat(agent): IDAPython hallucination guard at execute_python
- 42d400a7: docs(claude): fix stale _TOOL_MODULES reference, link CHANGELOG, noteâŚ
- 26e86c9a: Merge branch 'master' of https://github.com/EliteClassRoom/rikugan
- 0cce8319: fix(agent): surface truncation and preserve partial output on broken âŚ
- c95d1849: Merge remote-tracking branch 'EliteClassRoom/master'
- 1fd69334: Fixing goal issue
- ida_rpc
-
đ r/reverseengineering Native Linux ReClass.NET. rss
submitted by /u/jirubizu
[link] [comments] -
đ @HexRaysSA@infosec.exchange The IDA Domain API just got a big update. đ mastodon
The IDA Domain API just got a big update. đ
This version adds microcode, pseudocode, imports, and flowchart modules â covering most of the everyday scripting surface in IDA. Less boilerplate, same power.
Open source and welcoming contributions.
Read the blog for before/after examples.
đ https://hex-rays.com/blog/whats-new-in-the-ida-domain-api -
đ r/reverseengineering TABPE: A monthly Windows PE baseline dataset for Cyber security researchers rss
submitted by /u/seyyid_
[link] [comments] -
đ openonion/connectonion v1.0.3 â Connection-stability hardening release
Connection-stability hardening
Agent sessions now ride through transient relay and network blips instead of aborting. This release also folds in four PRs that merged to
mainduring the cycle.đ§ Connection & Network Resilience
- Relay reconnect : agents stay registered across transient relay failures, and client PING is forwarded so live sessions survive brief drops.
- Reconnect backoff : relay reconnect attempts back off and escalate; ping docs synced; onboard pop tightened.
- Idle forwarder : the io forwarder wait is bounded so idle sessions no longer pin executor threads.
- LLM client : the OpenOnion client now tolerates 20s connects with 5 retries, so a single transient blip can't kill an agent run.
đ Bug Fixes
- Onboard gating : the gated CONNECT completes only after onboard succeeds.
- Trust gate : blacklist is re-applied after onboard so it can't bypass the trust gate.
âťď¸ Internal
- Network rename : caller identity â
agent_address; host recipient ârecipient_address. - Tests : relay supervisor endpoint discovery isolated.
- Docs : connection-stability behavior documented.
đŚ Also included (merged to main this cycle)
- Support named template deploys and repeatable skills (#163)
- Add no-progress guard plugin (#165)
- Align model examples with supported proxy models (#164)
- Publish hosted agent relay profile (#160)
Installation
pip install --upgrade connectonionFull Changelog :
v1.0.2...v1.0.3 -
đ r/reverseengineering Experimental Wine runtime for Nintendo Switch project by dantiicu rss
submitted by /u/r_retrohacking_mod2
[link] [comments] -
đ r/reverseengineering With the help of AI I reverseengineered Crystal Report format rss
submitted by /u/MrSrsen
[link] [comments] -
đ r/reverseengineering /r/ReverseEngineering's Weekly Questions Thread rss
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the Reverse Engineering StackExchange. See also /r/AskReverseEngineering.
submitted by /u/AutoModerator
[link] [comments] -
đ HexRaysSA/plugin-repository commits sync repo: +3 releases, -1 release rss
sync repo: +3 releases, -1 release ## New releases - [ida-rpc](https://github.com/bkerler/ida_rpc): 0.1.3, 0.1.2, 0.1.1 ## Changes - [IDAssist](https://github.com/symgraph/idassist): - removed version(s): 1.1.0 -
đ Szymon Kaliski Q2 2026 rss
Hi!
A couple of side-project updates: keeping my archival tool alive, ssh-over-web-browser tailored to my needs, and a slightly better dictation CLI.
Archivist Updates
I continue to use, and get a lot of value out of, Archivist.
Since the original post about the project, six years ago (sic!), the tool got extended with collecting screenshots, finding similar items across all sources, and recently moved to my new Home Server, hosted as a permanent web app.
For collecting screenshots, I use a two-tier system:
- I have a couple of Hammerspoon shortcuts overriding the default macOS ones, that take the screenshot, place it in
Dropbox/Screenshots/folder, and inject OCR text into the files through a combination oftinyocrandxattr. Dropbox only supports a subset ofxattr, so this took some figuring-out, but I managed to find a way to sync them with the Home Server, with the OCR data surviving in the file. I could do OCR purely in Archivist and save some headaches, but the nice side-effect of having it inxattris that Spotlight indexes that data, so I can do a quick search for image content directly from Spotlight. - Archivist does a refresh of all its sources hourly, and as part of that, picks up any changes to the Dropbox folder, and updates its local DB.
Similarity search was a fun recent addition. As part of the hourly refresh, all images are processed on-device with
DINOv2-basefor embeddings (after some extra post-processing to make them square, without alpha channel, etc.). The resulting vector is stored in the SQLite as a blob of numbers.Together with this, textual values (like the OCR info, metadata, etc.) are embedded with
MiniLM-L6-v2, and stored into another table.The final search uses HNSW index for super fast fetches (under 16ms for my ~10k items), and combines results from image and text similarity searches.
All together, we get this:
Telegraphist
On the topic of always-on custom services, I couldn't find any app that would tick all the boxes for my
ssh-from-iPhone needs:- I continue to stubbornly use
base16-shellfor terminal theming, so I can very easily set colors with a simple command, even though I rarely use it. - I wanted something that works with terminal graphics, as I â also rarely â use
timgto poke at images inline. - Finally, on the Home Server, I'm always in a
tmuxsession, so a native support for that would be nice.
I poked around AppStore, but couldn't find anything ticking at least some of these boxes. I also tested a handful of "web TTY" kinds of things, but nothing sparked joy. So, I made my own TTY-in-a-browser: Telegraphist.
It didn't take much prompting to combine a PTY library, a WebSocket connection, and
xterm.jsand get something tailor-made for me.The
base16-shellcolors not only work in the terminal, but also impact the minimal UI:I can look at images:
And there's a native
tmuxintegration:The most fun part of this project was cutting corners to get to a rough first working version, and then working on improvements from within itself.
Tinyparakeet
Exactly a year ago I wrote about a small Whisper wrapper that I used to use for dictation.
Since then I discovered
parakeetfamily of models, and madetinyparakeetâ a small CLI tool for speech-to-text, fully on-device:It's open source if you, like me, rarely have a need for dictating things, and mostly live in CLI:
szymonkaliski/tinyparakeet.Worth Checking Out
What I've been reading lately:
- The Charisma Machine, recommended by a friend, a great "Look for Opposite Views Instead of Confirming Ones" kind of book on Constructionism.
- Theory and Reality, a great meta-overview of philosophy of science themes. I was already familiar with most of the original works, but it was still fun to go through a refresher, and see them contrasted against each other.
- The Theoretical Minimum, the second half of which was a bit too dense for me right now. Physics has never been my strong suit, and I want to get a bit better at it.
On the web:
- a great talk from Andy Matuschak on LLMs and Malleable Software
- and on that topic, Deadmau5 vibe-coding his own music production tool
- lovely morphing visualizations
- Bret Victor on "Time and Possibility" â the Dynamicland Archive remains a treasure trove
- visualizing p5.js execution
- "I'm not worried about the machines. The machines are fine. I'm worried about us."
- I have a couple of Hammerspoon shortcuts overriding the default macOS ones, that take the screenshot, place it in
-
- June 28, 2026
-
đ IDA Plugin Updates IDA Plugin Updates on 2026-06-28 rss
IDA Plugin Updates on 2026-06-28
New Releases:
Activity:
- ida_rpc
- f8603419: Add unit tests for
_arch_namehelper to validate ARM and non-ARM ar⌠- fdefd3e7: Bump version to v0.1.3, update loader selection behavior to rely on IâŚ
- 927a23b8: Bump version to v0.1.2, add logic to ignore raw import options for exâŚ
- 27154d7a: Refactor architecture name resolution in
analysis.pyto correctly h⌠- 9a10e222: Update README: Document new commands, debugging support, and color maâŚ
- af6faa95: Make
--archmandatory forstartandopencommands, improve binaâŚ
- f8603419: Add unit tests for
- ida_rpc
-
đ r/reverseengineering WinPE as a stateless harness for Windows driver testing and fuzzing rss
submitted by /u/Acanthisitta-Sea
[link] [comments] -
đ r/reverseengineering Reverse-engineering VMware's encrypted + compressed VM memory checkpoint format (vTPM "partial" encryption) rss
submitted by /u/h_e_e_y_a_a_a
[link] [comments] -
đ backnotprop/plannotator v0.21.3 release
Follow @plannotator on X for updates
Missed recent releases? Release | Highlights
---|---
v0.21.2 | Custom reviews as Agent Skills, Cursor + OpenCode review engines, whole-file/general findings, deleted-annotation fix, Codex Ask AI outside git repos
v0.21.1 | Annotate-last blank-page fix on multi-message sessions
v0.21.0 | Direct document editing in annotate mode, live git-status file tree, in-app agent terminal, open files in external apps, HTML renders as HTML
v0.20.3 | Annotations no longer lost when clicking away, off-screen indicator for open comments
v0.20.2 | Pierre CodeView all-files review, large-PR pipeline and instant-open checkout, unified agent engine selection, Pi programmatic plan mode
v0.20.1 | Pi extension install hotfix (pinned@pierre/diffsafter a broken upstream release)
v0.20.0 | Multi-repo workspace reviews, semantic diff overview, UI 2.0 themes and plan look chooser, leaner single-source skill install
v0.19.27 | Kiro CLI integration, Glimpse native window, annotate-last message picker
v0.19.26 | Amp plugin production fixes, Mermaid rendering fix, Settings flicker fix, update notification toast and shimmer
v0.19.24 | Amp integration, configurable data directory, Auto Mode permission option, Pi plan approval fix
v0.19.23 | Droid integration, Windows Pi AI fix, quieter update indicator
What's New in v0.21.3
A follow-up to the code-review work in v0.21.2. The headline is file-scoped comments in code review with a reworked comment experience, and the rest of the release is fixes and polish: a new contributor fixed clipboard and keyboard handling in the VS Code extension, the CLI now prints help for its subcommands, Codex Ask AI moved onto a more reliable transport, and the Ask AI sidebar got a few rough edges sanded down. Eight changes land in total, including a first contribution from @rushelex.
File Comments in Code Review
Until now a code-review comment always attached to a line range. This release adds file-scoped comments â a comment that belongs to a whole file rather than any single line. In the single-file view it renders as a full-text banner directly below the file path; in the all-files view it sits in the file header for expanded files. Guided reviews that produce file-level findings now anchor them where they belong instead of forcing them onto a line.
The comment experience was also unified. Clicking a comment â whether the inline card in the diff, the sidebar entry, or the file banner â replays its stored line range as a controlled highlight, and clicking it again clears the highlight. Scrolling the viewport to a comment is reserved for the sidebar and findings list, so clicking a comment inside the diff highlights it without yanking the page around. The inline, sidebar, and file-banner cards now share a single identity row (badges, author, timestamp), a single action row (edit, copy, delete), and a consistent file-name chip, replacing three separately built layouts that had drifted apart.
PR #973, by @backnotprop.
VS Code Clipboard and Keyboard Handling
The VS Code extension renders Plannotator inside a webview, and two long- standing problems made that webview feel second-class. Copy and paste didn't work â clipboard content never crossed the webview boundary â and standard VS Code keybindings like Cmd+P stopped responding while a Plannotator tab was focused. This release bridges the clipboard so copy, cut, and paste work inside the webview, and forwards keystrokes to VS Code so its keybindings resolve as expected.
PR #970 closing #864 and #969, by @rushelex â who both reported the bugs and contributed the fix.
Codex Ask AI on the App-Server Transport
Codex Ask AI no longer drives
codex execthrough the@openai/codex-sdkpackage. It now runs a long-livedcodex app-serverprocess over JSON-RPC, which respects the user's and enterprise-managed approval policy and supports interactive Allow/Deny approvals surfaced as cards in the UI. The provider id stayscodex-sdkso existing saved preferences keep working. A startup edge case is also fixed: if the app-server process spawned but stalled on its initialize handshake, it was left running and every later question hung until an idle timer reaped it. The process is now killed on a failed handshake, so the next question starts cleanly.PR #971, by @backnotprop.
CLI Subcommand Help
Running
plannotator review --help(and the same for other subcommands) launched the review UI instead of printing help text. The CLI now resolves--helpand-hfor each subcommand before dispatching, so the help flag prints usage and exits without starting a server.PR #974 closing #964, reported by @rrei.
Clickable Ask AI Announcement Cards
The first time Ask AI appears, an announcement dialog presents the available providers as cards. Those cards were missing their click handler, so selecting a provider from the announcement did nothing. They are clickable now and select the provider as expected.
PR #975 closing #972, reported by @Duo-Huang.
Ask AI Sidebar Polish
Two smaller fixes in the code-review Ask AI sidebar. The per-file chat groups used to start collapsed, so every file you had asked about had to be opened by hand; they now default to expanded, while manual collapse still works and persists. And clicking a sidebar comment that no longer matches the active PR or diff scope â for example after switching PRs in place â used to do nothing at all; it now clears the current selection so the click gives visible feedback instead of appearing broken.
Additional Changes
- Dependency maintenance â GitHub Actions used by the build and release workflows were updated (
actions/checkoutto v7,softprops/action-gh-releaseto v3, and others). PR #791, by @renovate.
Install / Update
macOS / Linux:
curl -fsSL https://plannotator.ai/install.sh | bashWindows:
irm https://plannotator.ai/install.ps1 | iexExtra skills (compound, setup-goal, visual-explainer), opt-in:
npx skills add backnotprop/plannotator/apps/skills/extraClaude Code Plugin: Run
/pluginin Claude Code, find plannotator , and click "Update now".OpenCode: Clear cache and restart:
rm -rf ~/.bun/install/cache/@plannotatorThen in
opencode.json:{ "plugin": ["@plannotator/opencode@latest"] }Pi: Install or update the extension:
pi install npm:@plannotator/pi-extensionDroid: Install via the plugin marketplace:
droid plugin marketplace add backnotprop/plannotator droid plugin install plannotator@plannotatorAmp: Install the CLI first, then copy the plugin:
mkdir -p ~/.config/amp/plugins curl -fsSL https://raw.githubusercontent.com/backnotprop/plannotator/main/apps/amp-plugin/plannotator.ts \ -o ~/.config/amp/plugins/plannotator.tsKiro CLI: The installer auto-detects Kiro and installs skills automatically. After installing the CLI, launch with:
kiro-cli chat --agent plannotatorUpgrading from before v0.20.0? Read the v0.20.0 release notes first; that release changed how skills install.
What's Changed
- feat(review): file comments in the diff + unified click-to-highlight comment UX by @backnotprop in #973
- fix(vscode): bridge clipboard and forward keystrokes in webview by @rushelex in #970
- fix(annotate): make Ask AI announcement provider cards clickable by @backnotprop in #975
- fix(cli): print per-subcommand help instead of launching the UI by @backnotprop in #974
- fix(ai): drive Codex Ask AI via codex app-server by @backnotprop in #971
- fix(ai): kill codex app-server if the initialize handshake fails by @backnotprop
- fix(review): default Ask AI per-file chat groups to expanded by @backnotprop
- fix(review): clear selection on out-of-scope sidebar annotation click by @backnotprop
- chore(deps): update github actions by @renovate in #791
New Contributors
Contributors
@rushelex landed their first contribution, and a complete one: they reported that the VS Code extension couldn't paste from the clipboard (#864) and that VS Code keybindings stopped working while a Plannotator tab was focused (#969), then fixed both in #970.
Thanks also to the people who reported the bugs this release fixes:
- @rrei reported that
plannotator review --helplaunched the UI instead of printing help (#964), fixed in #974. - @Duo-Huang reported that the Ask AI announcement provider cards were not clickable (#972), fixed in #975.
Full Changelog :
v0.21.2...v0.21.3 - Dependency maintenance â GitHub Actions used by the build and release workflows were updated (
-
đ r/reverseengineering Blindspot rss
submitted by /u/Expert-Obligation816
[link] [comments] -
đ r/reverseengineering GitHub - iss4cf0ng/NebulaPulsar: NebulaPulsar is a proof-of-concept in-memory implant framework for Java (JSP) and ASP.NET (ASPX/ASHX/ASMX) webshells, originally developed as part of the Alien project. rss
submitted by /u/AcrobaticMonitor9992
[link] [comments] -
đ r/reverseengineering WPA3-SAE + 802.11w on the Broadcom BCM4360 (closed wl blob) rss
submitted by /u/Greenlinkx
[link] [comments] -
đ r/reverseengineering Static BYOVD hunter: Capstone-based IOCTL dispatch extraction rss
submitted by /u/Expert-Obligation816
[link] [comments] -
đ The Pragmatic Engineer Pollen tried to remove my article about CEO Callum Negus-Fancey and CTO Bradley Wright, and Google is assisting with it rss

In 2022, I wrote about the damning fall of events tech company Pollen. The short of it:
Pollen seemed to have pulled off the improbable feat of building a business in the notoriously low margin industry of events, surviving Covid-19, and building a solid software engineering organization. In April this year, the company announced it had raised another $150M in fresh funding.
But just three weeks later, Pollen laid off about 200 people, a third of staff. Leadership assured employees all was well. However, from that point on, things got worse. Leadership later pulled the plug on Slack, employees were not paid wages, pension contributions went missing, and vendors were not paid. Some vendors took matters into their own hands; on 9 August 2022, JIRA was suspended when Atlassian tired of the company's failure to pay.
On 10 August 2022, Pollen went bankrupt, collapsing into administration.
The article looked bad on Pollen's founder, Callum Negus-Fancey. He was ultimately responsible for lying to staff, not paying salaries, the missing pension contributions, and the unpaid health insurance for US employees. The story was so bad that the BBC created a documentary titled Crashed: $800M Festival Fail _. _
And then there was the $3.2M double charge for customers, manually initiated by CTO Bradley Wright, detailed extensively in the documentary Crashed: $800M Festival Fail. That double charge would have been trivial to reverse, but the reversal never happened, customers never got their money back, and the postmortem of the incident was never released to staff.
Four years later, Pollen and Callum Negus-Fancey are attempting to erase this shameful story from the public record. The article is my original writing, and thus I am the copyright holder of it. So imagine my surprise when I was notified that Google removed the article from its search results thanks to a copyright infringement claim it received:


It seems that anyone can file a bogus copyright claim to get an article they don 't like removed from Google's search index. This happened in this case. I have no information on who filed the copyright claim. Even less so on who claims to be the copyright owner? Because I am the only possible copyright owner!
And Google has gone ahead and removed my article about Pollen's shameful collapse from its search results.
I have the option to appeal, which I have done so.
Google 's copyright removal system is clearly being abused, to a comical degree. Someone doesn't like that I went into extreme detail about the events at Pollen - all of which are facts. And, for some reason, bogus copyright requests can be weaponized to remove information like this from Google's search index.
I managed to find the bogus DMCA complaint submission, after Google removed my site from search results. It is absolute BS: it claims that my original article is a copy of a The New York Post article. Which is absolute nonsense!

This "Ellie Piee" claimed that this 1998 article titled Band Leader Hits Winning Chord was copied by my article Inside Pollen's Collapse: "$200M Raised" but Staff Unpaid - Exclusive. The two do not even share a single sentence!
The fake DMCA is made by a fake profile from a country with zero inhabitants. The removal requests by this "Ellie Piee" are made from the country called Bouvet Island, an uninhabited Norwegian dependent territory in the South Atlantic/Southern Ocean near Antarctica. It has zero inhabitants, and is referred to as the "world's most remote island."
Bouvet
Island. No inhabitants, and yet Google accepted a fake DMCA takedown request
from a fake person claiming to reside here. What a jokeWhy does Google allow fraudulent DMCA notices to be filed with no penalty? My own speculation is that it is clear enough that either Pollen, or its former CEO Callum Negus-Fancey, or its cofounder and COO Liam Negus-Fancey or someone else related to the company hired reputation firms to remove Pollen articles from Google. This firm then files the most bogus requests under fake names supposedly residing in uninhabited regions of the world, and Google complies.
I never thought I would have to revisit the shameful history of Pollen, but someone at the company felt the need to prompt me to do so.
Lawsuits are still ongoing against Pollen, by the way. Now that someone from Pollen tried to erase the record of this story, I got a bit of renewed interest in what has happened since. In California, the lawsuit Tayler Ulmer vs Pollen is still in progress, summarized as:
- Tayler Ulmer and five other named former employees, on behalf of themselves and "all similarly situated employees" claim to have been laid off without paid wages and benefits, plus claiming possible fraud
- The filing says that Pollen executives Callum NegusâFancey, Liam NegusâFancey, and James Ellis are personally liable in this lawsuit
- The lawsuit wants to reclaim unpaid wages, unpaid severance, restoration of lost 401(k) contributions, and a uling that all the named entities and individuals are jointly liable, including successor entities, so employees can collect regardless of how Pollen shuffled assets and dissolved subsidiaries
I am wishing best of luck to the claimants - former Pollen employees - and we will see how the judge rules in this lawsuit. The more Pollen wants to silence me writing about this, the more I'll likely pay attention.
Pollen executives should have read what the Streinsand effect means!
-
