🏡

↔
→

generated: December 16, 2025 at 15:04:53

December 16, 2025
1. 🔗 r/reverseengineering Firmware security analyzer EMBA v2.0.0 - A brave new world of firmware analysis - released rss
  
  submitted by /u/m-1-k-3
  [link] [comments]
2. 🔗 MetaBrainz MusicBrainz Server update, 2025-12-16 rss
  We are back with one last small release before the holidays, which mostly improves URL handling, fixing some broken cleanups and allowing linking to a few new databases. We are also including one small new feature, allowing to browse events by series in the API (to get, for example, all the concerts in a tour in one go). And finally, recording and release group edits entered while editing a release will now also indicate the release they were entered from, mirroring the feature that we recently added for the relationship editor.
  
  A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.
  
  Thanks to Jim DeLaHunt and owlpharoah for having contributed to the code. Thanks to Anesidora, Aszazin, dvirtz, fabi123, finalsummer, Griomo, Raman Sinclair, Relaxo5, sanojjonas, yindesu and xodus for having reported bugs and suggested improvements. Thanks to Avava_Ava, Besnik, Echelon, GABG, LeoVallejo, Pioneers, kKZvtcqX, karpuzikov, mfmeulenbelt, miausalvaje, salo.rock, wileyfoxyx and yyb987 for updating the translations. And thanks to all others who tested the beta version!
  
  The git tag is v-2025-12-16.0.
  
  Fixed Bug
  - [MBS-14188] - Artist area search no longer opens with certain userscripts active
  - [MBS-14197] - Juno Download artist/label URLs are rejected if they contain %, ~, or .
  - [MBS-14199] - YouTube cleanup breaks @ links containing %
  - [MBS-14202] - Patreon /cw links are wrongly cleaned up
  Improvement
  - [MBS-14137] - Warn before new work removal in relationship editor
  - [MBS-14150] - "Releases with the same barcode in different release groups" should display the release group types
  - [MBS-14178] - Indicate the edited release on recording and RG edits entered from the release editor
  - [MBS-14179] - Include browse item if it is the same as the entity item
  - [MBS-14187] - Don't block runeberg.org for non-work entities
  - [MBS-14209] - Add lesarchivesduspectacle.net to the other databases whitelist
  - [MBS-14210] - Add mixesdb.com to the other databases whitelist
  New Feature
  - [MBS-14201] - Browse events by series
3. 🔗 r/reverseengineering byvalver: The Shellcode Null-Byte Annihilator rss
  
  submitted by /u/umpolungfishtaco
  [link] [comments]
4. 🔗 Textualize/textual The last before Toad release release
  Mainly a fix for some new themes, but also an update to toggle buttons. If you have toggle buttons in your app, this may impact snapshot tests.
  
  [6.10.0] - 2025-12-16
  
  Fixed
  - Fixed broken themes #6286
  - Updated toggle button style for consistency #6286
5. 🔗 r/reverseengineering Why Your ‘Secure’ Smart Home is Just a $50 Raspberry Pi Away From Being Hacked (A Field Guide for the Digitally Aware) rss
  
  submitted by /u/voidrane
  [link] [comments]
6. 🔗 apple/embedding-atlas v0.14.0 release
  New Features
  - Viewport-dependent density-based downsampling. This allows the embedding view to scale to a larger number of points. Downsampling by default kicks in at 4M points. See #118 for more details. Thanks @maxdumas!
  What's Changed
  - fix: scroll dashboard to new chart on adding a new chart with plus button by @donghaoren in #105
  - feat: move export into dedicated menu action, increase spacing between buttons by @domoritz in #104
  - chore: update feature flag note by @domoritz in #106
  - fix: labels may overlap when embedding view is resized by @donghaoren in #108
  - feat: allow adjusting embedding view colors and ordinal colors in theme by @donghaoren in #113
  - fix: overriding derived values in predicates widget by @donghaoren in #114
  - fix: dependabot alert (mdast-util-to-hast) by @donghaoren in #116
  - feat: add url state saving to upload page by @donghaoren in #115
  - feat: add viewport-dependent density-based downsampling by @maxdumas in #118
  - fix: search box may appear underneath charts in dashboard layout by @donghaoren in #120
  - chore: bump version to 0.14.0 by @donghaoren in #119
  New Contributors
  - @maxdumas made their first contribution in #118
  Full Changelog : v0.13.0...v0.14.0
7. 🔗 Mr. Money Mustache My Unexpected Journey to Hormone Replacement (TRT) rss
  -
  
  As a man of Science, I’m supposed to hide my enthusiasm about this somewhat controversial subject, and instead direct you only to the peer-reviewed studies.
  
  But man, I feel like I’ve stumbled upon the fountain of youth here. And the more I dig into the details and the hype and controversy surrounding the field of Hormone Replacement therapy, the more I need to share the word about it to my fellow middle-aged people (both men and women).
  
  But first a quick backstory:
  
  I’ve been interested in optimization and trying to get the most out of my body and mind since I was a little kid. I started vacuuming up all the training and nutrition books and magazines I could find while I was just a teenager, and that field still remains a favorite of mine over 30 years later. And if you’re a long-time reader here you’ve been reminded plenty of times of this interest, because health has always been the very heart of Mustachianism.
  
  But a funny thing has been happening in the last ten years: even as I kept honing the healthy living habits and trying my best to improve, there seemed to be a force pulling me back almost as hard. So despite working a bit harder and smarter every year, I still felt myself riding a gradually declining tide of energy, motivation, and physical stamina.
  
  “Perhaps this is just what it means to grow old” , I thought to myself,
  
  “But I’m still gonna keep fighting it!”
  
  Yet there was one thing that didn’t quite fit. Why was I having this decline in energy, when some of my older friends weren’t? And why was I still seeing people out there in their 50s, 60s and well beyond doing things that I felt too tired to do today?
  
  One of these tireless friends is a guy named Kevin, who is the personification of the highly energetic successful middle-aged man. He’s a semi-retired serial entrepreneur (and extreme rock climber) who lives in Boulder. And through an interesting twist of fate, in April of 2025 he invited me out for a hike right around the time I was doing all this wondering. And during this hike (and climb) he told me about his latest venture, a boutique men’s health company that specializes in helping men just like us get their youth back through the process of testosterone replacement therapy.
  
  Kevin even showed me the (literal) ropes of climbing Boulder’s Flatirons mountains for the first time
  
  Long story short: his ideas planted a seed in my head, which led to a bunch of research and a growing interest in trying TRT myself. I had of course heard about the process, but for some reason never considered doing it until I heard Kevin’s enthusiasm: he had been on it for several years, and according to him it is a “night and day difference” in all the things you want in life: energy, focus, thinking speed, and of course physical health.
  
  This is the key slide from a presentation Kevin’s company gave on TRT. Yes, it sounds like hype when you present it this way, but these are just the physiological properties of Testosterone itself, not just TR therapy. Which is why it’s such a valuable thing to try to maximize the hormone.
  
  Another convenient twist of fate is that I happen to be dating an REI doctor - a Reproductive Endocrinologist and Infertility specialist who has two board certifications in exactly the relevant bodily systems that are affected by these hormones. And while she was initially skeptical that I needed more Testosterone (and in her practice she regularly sees the downsides of men taking the stuff too early in life and thus compromising their own fertility), she has followed along and helped me learn at each step of this process, eventually becoming fully in support of the program.
  
  So I signed up as a test customer for Kevin’s new company, which is called Bolt Health. I worked with their doctor to get a baseline blood test and review my numbers compared to all the past tests I've collected, and as it turned out, my levels had been dropping consistently over the years, and the latest test was by far the lowest ever.
  
  Even more telling, my age-related drop in Testosterone was correlating perfectly with my decline in energy and motivation:
  
  These are my total T numbers from blood tests dating back to 2012. The "free" testosterone number is actually even more important than total, but it usually correlates pretty closely under normal conditions.
  
  The next step was a prescription for a tiny daily dose of supplemental T, which arrived at my house the next week along with instructions for how to use it. And so began the journey.
  
  Now let’s jump forward seven months to the present day as I write this.
  
  And wow, what a great year it has been! I only wish I had known and tried this a few years earlier, because I’m getting a lot more out of my life.
  
  It’s not a night-and-day difference for me, but more like a 50% boost in overall youthfulness and energy. The biggest subjective change is that I just don’t have sucky tired days anymore , which was the main problem with my life before: wasting too much of my precious freedom due to not having the energy to enjoy it.
  
  This is why I’ve become somewhat of an evangelist for hormone replacement therapy for people from about age 45 onwards. It won’t work for everyone - if your levels are already pretty high, you don’t get the same boost. Two of my male friends tried TRT and quit because they didn’t notice any benefit. But these same two guys already had plenty of energy to begin with, which is usually a sign that the body has what it needs.
  
  TRT’s Sketchy Reputation
  
  It turns out I am very late to this party. Although Testosterone supplementation started out as a niche practice in the 1940s, from the 2010s onward it has been everywhere.
  
  TRT is the reason you see every actor suddenly showing up buff overnight for their superhero roles and it’s also why so many of today’s CEOs don’t look anything like yesterday’s CEOs.
  
  -
  
  In many cases, it has gone too far with young men using it just to gain muscle for the beach or the football field, and questionable online providers (aka “Prescription Mills”) handing out prescriptions to anyone with a valid credit card - with profit as their sole motive. It became overhyped in certain pockets of Bro Culture, where every Bro eventually receives the advice “Bro! You need to get on the T!” from another Bro, and therefore does it. And some of this reputation surely contributed to my own skepticism.
  
  But there’s a lot of valid science behind TRT, if you’re the right candidate and you take the right dosage. And because of that, I feel it is probably under- hyped in my own demographic, the Nerdy Tech Worker Semi Retired Dad contingent. And that’s why I’m writing this blog post, because there are a lot of us out there.
  
  Many of us just tend to work with what we were given, and accept that aging means slowing down. And for those of us already enjoying an early retirement, we have the option of unlimited rest and recuperation time, so who really cares if we get tired a bit more often? After all, what better way to flex one’s wealth than with a decadent Tuesday Afternoon Nap while everyone else is stuck in the office?
  
  While this seemingly healthy attitude has a lot of positive aspects, it can also mask a real problem which may be easily fixable. Because sometimes, the only thing that’s even better than an afternoon nap, is having the energy and motivation to go out for an afternoon hike, bike ride or adventure with friends. More energy is also pretty darned useful if you’re still raising kids or trying to do well in your career as a person over 45.
  
  How it Actually Works (and What Happened to Me)
  
  Distilling all of the fluffy discussion above into the simplest possible answer: TRT means using a tiny needle to inject a few drops of clear liquid just below the surface of your skin. And you do this by yourself at home, ideally once every morning.
  
  -
  
  Here’s one of the baby needles I use for my daily dose.
  The typical serving is less than one tenth of a milliliter, which is only a few drops.
  
  And while the term “needle” sounds scary to some, this is very different from the monstrosities they use to draw blood from your veins. This one is so miniature that you don’t need special training to use it, and you usually don’t even feel it.
  
  So I began doing this to myself on May 1st of this year, while keeping a daily journal of my results along the way. The results seemed to be almost immediate in all the promised areas, but I know how powerful the Placebo Effect can be so I kept my skeptic’s hat on to see what would happen in the long run.
  
  I was seeing increased energy and motivation as well as lean weight gain through the whole spring and summer, but I remember the first truly shocking observation happened during a mountain vacation in July. I was part of a multi-family trip with lively adults, chaotic kids, early mornings, late nights with a few drinks, very intense high altitude sunshine and nonstop physical activities. It was just the type of situation that would drain my energy pretty quickly in the past.
  
  But on day three I went out on a solo mountain bike ride to explore the area, and as I was climbing a long ascent with the blazing sun cooking me from every angle I just somehow kept having plenty of energy to keep climbing. Then I came down and joined the group for a few games of full-sun pickleball, biked back up the mountain to our cabin, and the story of unlimited energy went on from there.
  
  “Hot Damn” , I thought to myself, “I don’t know whose youthful and tireless body I have inherited here but I’d sure like to keep it!”
  
  In August, the Bolt Health program scheduled a follow-up blood test for me and sure enough, my Testosterone levels had been boosted from 415 to 730ng/dL, bringing me from the low side of normal to the higher side.
  
  Many labs define “normal” as anywhere between 300 and 1000, which seems strange to me given the huge effect this hormone has on your wellbeing. It’s a bit like saying “Most cars have between 90 and 300 horsepower, so it doesn’t really matter what engine you have”
  
  I mean yeah, either one will still get you down the road, but which one would you rather be driving?
  
  Since then, it has just been more of the same good results. My improvements ramped up and then just stayed there - so I’m operating at a new, much higher and more enjoyable level of functioning. Energy and motivation are no longer a problem, and I even find myself willing to make longer-term plans again (before this everything beyond same-day planning felt overwhelming). And my body seems to just want to gain strength and size with any excuse. Heavy weights feel lighter and the hard manual labor I still like to spend my time on feels easier for longer. It’s nice to be young again!
  
  Far more bountiful energy made for an action-packed 2025!
  
  So Why Doesn’t Everyone Do This?
  
  When you dig into the details, hormone replacement is mired in a soup of both real and incorrect information about both its benefits and its risks. And then our well-meaning medical establishment locks this whole container of soup deep in the cabinet with a label that says, “Needs Further Study”. But if you summarize the findings on both sides of the issue, you’ll see this:
  
  Stuff you should do BEFORE trying TRT:
  
  The modern American Lifestyle is a Testosterone and Health Crusher. It’s a miracle that anybody feels good ever with the crap that people do to their bodies. So if you’re not already doing all the simple, natural, outdoor things that naturally boost your health, energy, and hormone levels, you’ll want to start with these first. You can find a pretty complete list on my oft-cited Badassity Tracker page.
  
  Since I was already doing all of these things pretty consistently, I felt ready to take the next step and at least consider hormone supplementation. But wait, there’s more!
  
  Risks of TRT:
  - Decreased fertility for men hoping to conceive
  - Increased production of red blood cells, which may increase the risk of blood clots for people with certain risk factors (a good provider should screen you for these risks before prescribing)
  - Potential worsening of certain prostrate conditions if you already have them
  - Mood fluctuations and acne, especially if the dosing is way off.
  The Importance of Dosing:
  
  Many of the problems above are more likely to appear when the body is flooded with too much testosterone. In the bad old days, TRT was administered by sticking a pellet beneath your skin or injecting a large amount into the butt which then gets used up over the next several weeks. One friend recounted a story of extreme moodiness when the pellet was first implanted, ramping down to tiredness by the time the hormone was all gone.
  
  More modern providers like Bolt have fixed this problem by breaking the dose into much smaller servings which you administer each day. The idea is that your levels remain stable, and you need a lot less overall which reduces side effects.
  
  For my part, I have not had any of the negative side effects because I was a pretty ideal candidate in the first place: 50 years old with depressed Testosterone levels but an otherwise healthy lifestyle and no risk factors.
  
  The Internet TRT Police
  
  My hope in sharing this article is to be transparent and hopefully take some of the stigma out of this subject of other people who might benefit. Because in our modern over-connected world, everybody has an opinion on your life, even when you didn’t ask them.
  
  A member of the Internet TRT Police stepped in on Twitter as soon as I mentioned this idea there.
  
  And it’s not just men - many women in this same age group benefit from Estrogen replacement (and there are even interesting stories about female testosterone supplementation in certain situations as this author shares). The point is that aging is normal, but in some cases there’s a pretty easy way to make it slower
  
  How Much Does this Cost?
  
  The great news is that Testosterone itself is a cheap and widely available substance, typically under $50 per month even for people like me without conventional insurance or drug coverage. The expensive part (here in the US) is just the doctor stuff - consultations, blood tests, ongoing analysis and prescription renewals and so on.
  
  The company that I used is positioned as a premium provider, bundling these services along with a bunch of other men’s health perks and deliveries for a few hundred dollars, which is expensive relative to most other parts of my budget, but still cheap if I consider the life and financial benefits of being 20-50% more energetic and productive.
  
  If you want to be on this program, your final decision will hinge on your income, insurance coverage if applicable, whether your existing doctor can already help you, and how much service and advice you’re willing to pay for.
  
  Note: I decided not to become a Bolt health affiliate because I wanted to write this article without conflict of interest. And I can honestly say, Bolt’s product and service seem great to me because I know and trust the people who run it. But it’s also the only one I’ve tried. So I don’t know much about the competition and there may be other good options out there. At the very minimum, you can always try one service and switch to another if you don’t like the first one.
  
  The Bottom Line
  
  I’ve got lots more to say on money and early retirement, and lots of interesting projects in the works now too. So I’m thankful to have stumbled upon this booster for all aspects of life, so I can do more of everything else, for even more decades than I had expected.
  
  I wish this same type of good fortune for you, however you create it.
  
  --
  
  In the Comments:Do you have questions about hormone replacement or anything else in this article? I’ll try to invite Kevin, Dr. Sean Bender and other knowledgeable people to contribute and answer questions as well.
  
  Further Reading:
  
  Is testosterone therapy safe- Take a breath before you take the plunge _ - Harvard Health (2024)
  Cardiovascular Safety of Testosterone Therapy (aka the TRAVERSE Study) (2023)
  TRT - Association with Mortality in High Risk Subgroups (2023)
  Bolt Health website - if you do decide to go with this company, be sure to ask for their best discount even though it's not related to me. _
8. 🔗 Ampcode News Clickable Diagrams rss
  
  Mermaid diagrams generated by Amp in the editor extensions now include code references. Click on a node or edge to jump to the relevant file or code snippet.
December 15, 2025
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2025-12-15 rss
  IDA Plugin Updates on 2025-12-15
  
  New Releases:
  - idapromcp_333 v1.3
  Activity:
  - augur
    
    2947b0d4: style: make usage return a !
  - chernobog
    
    b0531ae9: feat: Add CHERNOBOG_RESET mechanism to flush deobfuscation state
    
    5276c6a6: fix: Reset deobfuscation state on view refresh to allow re-analysis
    
    e0271d75: fix: Defer full deflattening analysis to maturity 3 for stable CFG re…
    
    2a20acf9: feat: Integrate Z3 solver for symbolic deflattening and opaque predic…
    
    62b9c14f: fix broken ida-cmake symlink
    
    f5c5b1bc: feat: Add Chernobog, a Hikari LLVM deobfuscator plugin for IDA Pro
  - efiXplorer
    
    231556b6: add initial support for standalone SMM modules (#128)
  - ghidra
    
    16350d99: GP-6155: Fixing compilation error
    
    8616d0f8: Merge remote-tracking branch 'origin/patch'
  - haruspex
    
    139103e3: style: make usage return a !
  - IDAPluginList
    
    4da1b1e6: Update
  - idapromcp_333
    
    c9205a7b: Update README.md
    
    d38a4552: 优化项目结构和代码
  - IDATools
    
    27b956a9: Update README with IDA-NO-MCP tool details
  - quokka
    
    67f731f1: Merge pull request #73 from quarkslab/dependabot/github_actions/actio…
  - rhabdomancer
    
    5291d46b: doc: improve documentation
    
    3e9df353: refactor: simplify match logic in find_all
    
    0ffe5550: refactor: pass Priority by value to simplify functions that use it
    
    1bfb52c1: refactor: improve performance and prevent regex injection in `KnownBa…
    
    bda1ad95: doc: add an item to the todo list
    
    27899e57: style: make usage return a !
2. 🔗 Simon Willison I ported JustHTML from Python to JavaScript with Codex CLI and GPT-5.2 in 4.5 hours rss
  I wrote about JustHTML yesterday - Emil Stenström's project to build a new standards compliant HTML5 parser in pure Python code using coding agents running against the comprehensive html5lib-tests testing library. Last night, purely out of curiosity, I decided to try porting JustHTML from Python to JavaScript with the least amount of effort possible, using Codex CLI and GPT-5.2. It worked beyond my expectations.
  
  TL;DR I built simonw/justjshtml, a dependency-free HTML5 parsing library in JavaScript which passes 9,200 tests from the html5lib-tests suite and imitates the API design of Emil's JustHTML library. It took two initial prompts and a few tiny follow-ups. GPT-5.2 running in Codex CLI ran uninterrupted for several hours, burned through 1,464,295 input tokens, 97,122,176 cached input tokens and 625,563 output tokens and ended up producing 9,000 lines of fully tested JavaScript across 43 commits. Time elapsed from project idea to finished library: about 4 hours, during which I also bought and decorated a Christmas tree with family and watched the latest Knives Out movie. Some background One of the most important contributions of the HTML5 specification ten years ago was the way it precisely specified how invalid HTML should be parsed. The world is full of invalid documents and having a specification that covers those means browsers can treat them in the same way - there's no more "undefined behavior" to worry about when building parsing software. Unsurprisingly, those invalid parsing rules are pretty complex! The free online book Idiosyncrasies of the HTML parser by Simon Pieters is an excellent deep dive into this topic, in particular Chapter 3. The HTML parser. The Python html5lib project started the html5lib-tests repository with a set of implementation-independent tests. These have since become the gold standard for interoperability testing of HTML5 parsers, and are used by projects such as Servo which used them to help build html5ever, a "high-performance browser-grade HTML5 parser" written in Rust. Emil Stenström's JustHTML project is a pure-Python implementation of an HTML5 parser that passes the full html5lib-tests suite. Emil spent a couple of months working on this as a side project, deliberately picking a problem with a comprehensive existing test suite to see how far he could get with coding agents. At one point he had the agents rewrite it based on a close inspection of the Rust html5ever library. I don't know how much of this was direct translation versus inspiration (here's Emil's commentary on that) - his project has 1,215 commits total so it appears to have included a huge amount of iteration, not just a straight port. My project is a straight port. I instructed Codex CLI to build a JavaScript version of Emil's Python code. The process in detail I started with a bit of mise en place. I checked out two repos and created an empty third directory for the new project: cd ~/dev git clone https://github.com/EmilStenstrom/justhtml git clone https://github.com/html5lib/html5lib-tests mkdir justjshtml cd justjshtml Then I started Codex CLI for GPT-5.2 like this: codex --yolo -m gpt-5.2 That --yolo flag is a shortcut for --dangerously-bypass-approvals-and-sandbox, which is every bit as dangerous as it sounds. My first prompt told Codex to inspect the existing code and use it to build a specification for the new JavaScript library: We are going to create a JavaScript port of ~/dev/justhtml - an HTML parsing library that passes the full ~/dev/html5lib-tests test suite. It is going to have a similar API to the Python library but in JavaScript. It will have no dependencies other than raw JavaScript, hence it will work great in the browser and node.js and other environments. Start by reading ~/dev/justhtml and designing the user-facing API for the new library - create a spec.md containing your plan. I reviewed the spec, which included a set of proposed milestones, and told it to add another: Add an early step to the roadmap that involves an initial version that parses a simple example document that is valid and returns the right results. Then add and commit the spec.md file. Here's the resulting spec.md file. My request for that initial version became "Milestone 0.5" which looked like this: Milestone 0.5 — End-to-end smoke parse (single valid document) Implement the smallest end-to-end slice so the public API is real early: new JustHTML("<html><head></head><body><p>Hello</p></body></html>") returns a tree with the expected tag structure and text nodes. doc.toText() returns "Hello" and doc.errors is empty for this valid input. Add scripts/smoke.js (no deps) that runs the example and asserts the expected structure/output. Gate: node scripts/smoke.js passes. Then I told it: Implement Milestone 0.5 And off it went. The resulting code appeared to work so I said: Configure GitHub Actions test.yml to run that on every commit, then commit and push I ran git init and created a private GitHub repository for this project at this point, and set up the local directory to push to that remote. Here's that initial push. Then I told it: OK do the rest, commit and push often And that was almost it! I set my laptop to not fall asleep and left it to its devices while we went off to buy a Christmas tree. The "commit and push often" meant I could monitor its progress on my phone by refreshing the commit log on GitHub. I was running this against my $20/month ChatGPT Plus account, which has a five hour token allowance window for Codex CLI. That ran out at 6:35pm and Codex paused, so I waited until the reset point at 7:14pm and typed: Keep going At 9:30pm it declared itself done with the following summary message: • What’s Done - html5lib-tests now run in CI and pass: tokenizer 6810/6810, tree 1770/1782 (12 skipped: #script-on), serializer 230/230, encoding 82/83 (1 skipped: scripted) (.github/workflows/test.yml:1). - Public API expanded: stream() (src/stream.js:1), CSS selectors query()/ matches() (src/selector.js:1), and toMarkdown() (src/markdown.js:1), all exported via src/index.js:1. - Added no-deps unit scripts for selectors/stream/markdown (scripts/run- selector-tests.js:1, scripts/run-stream-tests.js:1, scripts/run-markdown- tests.js:1) and wired them into CI. - Fixed TreeBuilder so <br> no longer closes <p> (src/treebuilder.js:647). As a finishing touch, I had it add a playground interface so I could try out the new library in my browser. I prompted: Add a playground.html in the top level folder which loads the necessary ES modules from ./src/... and implements the exact same functionality as seen on https://tools.simonwillison.net/justhtml but using the JavaScript library instead of Pyodide It fetched my existing JustHTML playground page (described here) using curl and built a new playground.html file that loaded the new JavaScript code instead. This worked perfectly. I enabled GitHub Pages for my still-private repo which meant I could access the new playground at this URL: https://simonw.github.io/justjshtml/playground.html All it needed now was some documentation: Add a comprehensive README with full usage instructions including attribution plus how this was built plus how to use in in HTML plus how to use it in Node.js You can read the result here. We are now at eight prompts total, running for just over four hours and I've decorated for Christmas and watched Wake Up Dead Man on Netflix. According to Codex CLI: Token usage: total=2,089,858 input=1,464,295 (+ 97,122,176 cached) output=625,563 (reasoning 437,010) My llm-prices.com calculator estimates that at $29.41 if I was paying for those tokens at API prices, but they were included in my $20/month ChatGPT Plus subscription so the actual extra cost to me was zero. What can we learn from this?
  
  I'm sharing this project because I think it demonstrates a bunch of interesting things about the state of LLMs in December 2025.
  - Frontier LLMs really can perform complex, multi-hour tasks with hundreds of tool calls and minimal supervision. I used GPT-5.2 for this but I have no reason to believe that Claude Opus 4.5 or Gemini 3 Pro would not be able to achieve the same thing - the only reason I haven't tried is that I don't want to burn another 4 hours of time and several million tokens on more runs.
  - If you can reduce a problem to a robust test suite you can set a coding agent loop loose on it with a high degree of confidence that it will eventually succeed. I called this designing the agentic loop a few months ago. I think it's the key skill to unlocking the potential of LLMs for complex tasks.
  - Porting entire open source libraries from one language to another via a coding agent works extremely well.
  - Code is so cheap it's practically free. Code that works continues to carry a cost, but that cost has plummeted now that coding agents can check their work as they go.
  - We haven't even begun to unpack the etiquette and ethics around this style of development. Is it responsible and appropriate to churn out a direct port of a library like this in a few hours while watching a movie? What would it take for code built like this to be trusted in production?
  I'll end with some open questions:
  - Does this library represent a legal violation of copyright of either the Rust library or the Python one?
  - Even if this is legal, is it ethical to build a library in this way?
  - Does this format of development hurt the open source ecosystem?
  - Can I even assert copyright over this, given how much of the work was produced by the LLM?
  - Is it responsible to publish software libraries built in this way?
  - How much better would this library be if an expert team hand crafted it over the course of several months?
  You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.
3. 🔗 r/reverseengineering How a Kernel Bug Froze My Machine: Debugging an Async-profiler Deadlock rss
  
  submitted by /u/tnavda
  [link] [comments]
4. 🔗 sacha chua :: living an awesome life 2025-12-15 Emacs news rss
  - Help wanted:
    
    Emacs Lisp Developer job posting
  - Upcoming events (iCal file, Org):
    
    M-x Research: TBA https://m-x-research.github.io/ Wed Dec 17 0800 America/Vancouver - 1000 America/Chicago - 1100 America/Toronto - 1600 Etc/GMT - 1700 Europe/Berlin - 2130 Asia/Kolkata – Thu Dec 18 0000 Asia/Singapore
    
    Emacs APAC: Emacs APAC meetup (virtual) https://emacs-apac.gitlab.io/announcements/ Sat Dec 27 0030 America/Vancouver - 0230 America/Chicago - 0330 America/Toronto - 0830 Etc/GMT - 0930 Europe/Berlin - 1400 Asia/Kolkata - 1630 Asia/Singapore
  - Beginner:
    
    Emacs expliqué à mes enfants
  - Emacs configuration:
    
    Adithya Kumar - Consistent Emacs Key Bindings Across Terminals (Reddit, Irreal)
    
    senchawizard/whompmacs: An Emacs configuration called W.H.O.M.P., standing for nothing at the moment. - Codeberg.org (@senchawizard@mstdn.social)
    
    gregnewman/gmacs: My emacs configuration for org-mode, python, javascript and react development. (@greg@masto.gregnewman.io)
    
    dotfiles/nixos/emacs/init.el at main · scovl/dotfiles · GitHub (@lobocode@hachyderm.io)
    
    Hey everyone, this is my emacs configuration. I call it witchmacs. (Reddit)
  - Emacs Lisp:
    
    Protesilaos Stavrou: ‘Emacs Lisp Elements’ book version 2
    
    Video about writing the wiktionary-bro package and getting it on MELPA (1:11:26, Reddit)
  - Appearance:
    
    change-font.el — paste.sr.ht (@zyd@yap.zyd.lol)
    
    Einar Mostad: The good side-window side
    
    Protesilaos Stavrou: Emacs: spacious-padding version 0.8.0
  - Navigation:
    
    Jeremy Friesen: Extending Core Emacs Bookmark Package
    
    Srijan Choudhary: 2025-12-15-001: kill-region-or-backward-word
  - Dired:
    
    When your beloved Dired works as expected - dired-create-dir-or-file, dired-goto-dir-or-file
  - Writing:
    
    Christian Tietze: Join the All-Virtual EmacsConf December 6 and 7 and Check out My Zettelkasten Talk (Irreal)
  - Writing:
    
    Jour 11 : orthographe et grammaire · Emacs expliqué à mes enfants
  - Org Mode:
    
    Wisdom - Writing literate Emacs Lisp with Org Mode (16:52, Reddit)
    
    org-transclusion-blocks: transclude from src block headers, scroll through source blocks and more (Reddit)
    
    (Update) org-supertag 5.3.0: Import Property to Field (good for first-time user) (Reddit)
    
    Update on my word-processor like page view minor mode for org! (Reddit)
    
    Jack Baty: Finding Howm notes with Org-node
    
    Org Mode requests: [RFC] Allow empty headlines without trainling space (was: Fwd: [PATCH] Allow empty headlines without trailing space)
    
    Joar von Arndt: Handwritten notes in Emacs using Xournal++
    
    Org Calendar Server (Reddit)
    
    org-social.el 2.8 - notifications, post preview (@andros@activity.andros.dev)
  - Completion:
    
    Alvaro Ramirez: Bending Emacs - Episode 8: completing-read (YouTube 17:05, Reddit, Irreal)
    
    Comparison of different templating packages
  - Coding:
    
    magit-insert-worktrees improves status buffers (Reddit)
    
    Catch2 emacs mode (Reddit) - wrapper for the Catch2 C++ testing framework
  - Mail, news, and chat:
    
    Gijs Hillenius: Emacs Gnus: specify which mail folders to see at all times
    
    Email in Emacs (2024)
  - Multimedia:
    
    Release v0.10 · alphapapa/listen.el (music player for Emacs) (Reddit)
  - Fun:
    
    xenodium talking about Emacs zones (screensavers)
    
    Jeremy Friesen: Extending Emacs to Play Mythic Bastionland
    
    DnD Character tracking with typst & emacs (01:41)
  - AI:
    
    Introducing gptel-forge: LLM-Powered Pull Request Descriptions for Forge (Reddit)
    
    James Dyer: Expanding Ollama Buddy: Mistral Codestral Integration
    
    Eric Dallo talks about ECA ~55 min (Reddit)
  - Community:
    
    Emacs Carnival, December 2025 - "The People of Emacs" - George Jones (@eludom@fosstodon.org)
    
    Eric MacAdie: Emacs Carnival: People Of Emacs
    
    Back to the egg - Emacs in the 70s · Curious Musings (@eludom@fosstodon.org)
    
    why jlamothe likes Emacs
    
    Irreal: What Happened To Abo-abo? - parenting
  - Other:
    
    NANO Calendar v1.0 (update) (Reddit)
    
    tanrax/quick-weather.el: Sparkline weather forecasts in Emacs (@andros@activity.andros.dev)
    
    ZeniesQis/screenshot-capture: Screen capture and Screenshots using ffmpeg, image-magick and scrot (@Zenie@piaille.fr)
    
    Some problems of modernizing Emacs (eev @ EmacsConf 2025) (25:23)
    
    posacs - dynamic module that exposes a few POSIX functions to Elisp including getenv, setenv, and unsetenv (Reddit)
    
    Access infisical secrets in Emacs with infisical.el (Reddit)
    
    Living inside Emacs: sending receipts to my accountant
    
    I made a (rudimentary) major mode for interacting with devices
    
    Marcin Borkowski: Improving Emacs screenshots
    
    The Annoying Usefulness of Emacs - YouTube (@jnpn@mastodon.social)
    
    Emacs and (Apple) Shortcuts (Reddit, Irreal)
    
    Installing Emacs in CRUX
  - Emacs development:
    
    emacs-devel:
    
    Proposal: Releasing ELPA package upgrades after re-reviews (@pkal@social.sdfeu.org)
    
    Re: Generic functions for VC - elisp tradeoffs between writing and debugging
    
    Add NEWS and auto-load entry for antlr-mode
    
    Warn about uses of the 'any' atom in rx
  - New packages:
    
    dired-video-thumbnail: Display video thumbnails from dired (MELPA)
    
    lumos-mode: Major mode for LUMOS schema language (MELPA)
    
    nael: Major mode for Lean (MELPA)
    
    unison-ts-mode: Tree-sitter support for Unison (MELPA)
    
    wiktionary-bro: Lookup Wiktionary entries (MELPA)
    
    zk-consult: Consult integration for zk (MELPA)
  Links from reddit.com/r/emacs, r/orgmode, r/spacemacs, Mastodon #emacs, Bluesky #emacs, Hacker News, lobste.rs, programming.dev, lemmy.world, lemmy.ml, planet.emacslife.com, YouTube, the Emacs NEWS file, Emacs Calendar, and emacs-devel. Thanks to Andrés Ramírez for emacs-devel links. Do you have an Emacs-related link or announcement? Please e-mail me at sacha@sachachua.com. Thank you!
  
  View org source for this post
  
  You can e-mail me at sacha@sachachua.com.
5. 🔗 r/LocalLLaMA I'm strong enough to admit that this bugs the hell out of me rss
  
  | submitted by /u/ForsookComparison
  [link] [comments]
  ---|---
6. 🔗 r/LocalLLaMA They're finally here (Radeon 9700) rss
  
  | submitted by /u/Zeikos
  [link] [comments]
  ---|---
7. 🔗 r/wiesbaden Need an advice for searching appartments in Wiesbaden rss
  
  Hello Wiesbaden!
  
  I hope it’s okay to ask here. I’m a young Ukrainian refugee currently living in Wiesbaden with a family of my friend. I’m looking for a place to live in or around Wiesbaden by myself.
  
  I would be very grateful for any advice on how to find housing in this situation, or for tips about landlords, organizations, websites that might be useful.
  So far i tried WG-Gesucht, ImmoScout24, GWW, NHW and Wuestenrot.
  Sent over 50 applications in 3 months and barely got any responses, not even a single invitation for just checking appartments.
  
  I’ve been having a really hard time, mainly because I don’t have a Schufa yet. And, as far as i can understand, i can't get it because my bank account still isn't old enough.
  I completely understand the current housing situation and the concerns of landlords, and I want to mention that I do have all other required documents available.
  
  Thank you very much in advance for reading and for any tips!
  
  submitted by /u/SlowTree440
  [link] [comments]
8. 🔗 r/LocalLLaMA Chatterbox Turbo, new open-source voice AI model, just released on Hugging Face rss
  
  | Links:
  - Model (PyTorch): https://huggingface.co/ResembleAI/chatterbox-turbo
  - Model (ONNX): https://huggingface.co/ResembleAI/chatterbox-turbo-ONNX
  - GitHub: https://github.com/resemble-ai/chatterbox
  - Demo: https://huggingface.co/spaces/ResembleAI/chatterbox-turbo-demo submitted by /u/xenovatech
  [link] [comments]
  ---|---
9. 🔗 @cxiao@infosec.exchange RE: mastodon
  
  RE: https://infosec.exchange/@decoderloop/115724184603654406
  
  I've made an update to the Rust Malware Sample Gallery! 20 new malware families, and lots of new samples collected for you to practice your Rust RE skills on! I'm also hoping to keep this more up to date than it previously has been (:
  
  https://github.com/decoderloop/rust-malware- gallery
10. 🔗 r/LocalLLaMA NVIDIA releases Nemotron 3 Nano, a new 30B hybrid reasoning model! rss
  
  | Unsloth GGUF: https://huggingface.co/unsloth/Nemotron-3-Nano-30B-A3B-GGUF Nemotron 3 has a 1M context window and the best in class performance for SWE-Bench, reasoning and chat. submitted by /u/Difficult-Cap-7527
  [link] [comments]
  ---|---
11. 🔗 Anton Zhiyanov Timing 'Hello, world' rss
  Here's a little unscientific chart showing the compile/run times of a "hello world" program in different languages:
```
Hello world timings

Bash        <0.4s  ■
C           <0.4s  ■
JavaScript  <0.4s  ■
Lua         <0.4s  ■
PHP         <0.4s  ■
Python      <0.4s  ■
Ruby        <0.4s  ■
Rust         0.5s  ■■
V            0.5s  ■■
R            0.5s  ■■
Swift        0.6s  ■■■
Go           0.6s  ■■■
Haskell      0.8s  ■■■■■
C++          0.9s  ■■■■■■
Zig          1.0s  ■■■■■■■
Elixir       1.2s  ■■■■■■■■■
C#           1.3s  ■■■■■■■■■■
Java         1.7s  ■■■■■■■■■■■■■■
Odin         1.7s  ■■■■■■■■■■■■■■
Dart         1.9s  ■■■■■■■■■■■■■■■■
Kotlin       8.4s  ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■...■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
```
  For interpreted languages, the times shown are only for running the program, since there's no separate compilation step.
  
  I had to shorten the Kotlin bar a bit to make it fit within 80 characters.
  
  All measurements were done in single-core, containerized sandboxes on an ancient CPU, and the timings include the overhead of docker run. So the exact times aren't very interesting, especially for the top group (Bash to Ruby) — they all took about the same amount of time.
  
  Here is the program source code in C:
```
#include <stdio.h>

void greet(const char* name) {
    printf("Hello, %s!\n", name);
}

int main() {
    greet("World");
}



Hello, World!
```
  Other languages: Bash · C# · C++ · Dart · Elixir · Go · Haskell · Java · JavaScript · Kotlin · Lua · Odin · PHP · Python · R · Ruby · Rust · Swift · V · Zig
  
  Of course, this ranking will be different for real-world projects with lots of code and dependencies. Still, I found it curious to see how each language performs on a simple "hello world" task.
12. 🔗 r/LocalLLaMA New Google model incoming!!! rss
  
  | https://x.com/osanseviero/status/2000493503860892049?s=20 https://huggingface.co/google submitted by /u/R46H4V
  [link] [comments]
  ---|---
13. 🔗 r/reverseengineering /r/ReverseEngineering's Weekly Questions Thread rss
  
  To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the Reverse Engineering StackExchange. See also /r/AskReverseEngineering.
  
  submitted by /u/AutoModerator
  [link] [comments]
14. 🔗 jellyfin/jellyfin 10.11.5 release
  🚀 Jellyfin Server 10.11.5
  
  We are pleased to announce the latest stable release of Jellyfin, version 10.11.5! This minor release brings several bugfixes to improve your Jellyfin experience. As always, please ensure you take a full backup before upgrading!
  
  You can find more details about and discuss this release on our forums.
  
  Changelog (17)
  
  📈 General Changes
  - Fix unnecessary database JOINs in ApplyNavigations [PR #15666], by @andrewrabert
  - Skip invalid ignore rules [PR #15746], by @Shadowghost
  - Fix backdrop images being deleted when stored with media [PR #15766], by @theguymadmax
  - Fix NullReferenceException in ApplyOrder method [PR #15768], by @theguymadmax
  - Fix AV1 decoding hang regression on RK3588 [PR #15776], by @nyanmisaka
  - Fix collections display order [PR #15767], by @theguymadmax
  - Fix parental rating filtering with sub-scores [PR #15786], by @theguymadmax
  - Fix case sensitivity edge case [PR #15752], by @Collin-Swish
  - Fix trickplay images using wrong item on alternate versions [PR #15757], by @theguymadmax
  - Fix blocking in async context in LimitedConcurrencyLibraryScheduler [PR #15662], by @SapientGuardian
  - Use original name for MusicAritist matching [PR #15689], by @gnattu
  - Backport dependencies [PR #15723], by @Shadowghost
  - Fix symlinked file size [PR #15681], by @ivanjx
  - Fix ItemAdded event triggering when updating metadata [PR #15680], by @theguymadmax
  - Fix: Add .ts fallback for video streams to prevent crash [PR #15690], by @martenumberto
  - Fix stack overflow during scan (#15000) [PR #15698], by @myzhysz
  - Fix the empty output of trickplay on RK3576 [PR #15670], by @nyanmisaka
15. 🔗 r/LocalLLaMA Aaaand... is gone... rss
  
  | submitted by /u/HumanDrone8721
  [link] [comments]
  ---|---
16. 🔗 r/wiesbaden Birthday/New year celebration rss
  
  Is there a spot anyone recommends to be at for my birthday coming up? Its on the 30th (turning 23) and im staying untill the 3rd of January so ill be there to celebrate new year too. Another friend is visiting from the states to celebrate with me as well. Where can we go for a good time?
  
  submitted by /u/Consistent_Item_7462
  [link] [comments]
17. 🔗 tonsky.me Statistics made simple rss
  I have a weird relationship with statistics: on one hand, I try not to look at it too often. Maybe once or twice a year. It’s because analytics is not actionable: what difference does it make if a thousand people saw my article or ten thousand?
  
  I mean, sure, you might try to guess people’s tastes and only write about what’s popular, but that will destroy your soul pretty quickly.
  
  On the other hand, I feel nervous when something is not accounted for, recorded, or saved for future reference. I might not need it now, but what if ten years later I change my mind?
  
  Seeing your readers also helps to know you are not writing into the void. So I really don’t need much, something very basic: the number of readers per day/per article, maybe, would be enough.
  
  Final piece of the puzzle: I self-host my web projects, and I use an old- fashioned web server instead of delegating that task to Nginx.
  
  Static sites are popular and for a good reason: they are fast, lightweight, and fulfil their function. I, on the other hand, might have an unfinished gestalt or two: I want to feel the full power of the computer when serving my web pages, to be able to do fun stuff that is beyond static pages. I need that freedom that comes with a full programming language at your disposal. I want to program my own web server (in Clojure, sorry everybody else).
  
  Existing options
  
  All this led me on a quest for a statistics solution that would uniquely fit my needs. Google Analytics was out: bloated, not privacy-friendly, terrible UX, Google is evil, etc.
  
  What is going on?
  
  Some other JS solution might’ve been possible, but still questionable: SaaS? Paid? Will they be around in 10 years? Self-host? Are their cookies GDPR- compliant? How to count RSS feeds?
  
  Nginx has access logs, so I tried server-side statistics that feed off those (namely, Goatcounter). Easy to set up, but then I needed to create domains for them, manage accounts, monitor the process, and it wasn’t even performant enough on my server/request volume!
  
  My solution
  
  So I ended up building my own. You are welcome to join, if your constraints are similar to mine. This is how it looks:
  
  It’s pretty basic, but does a few things that were important to me.
  
  Setup
  
  Extremely easy to set up. And I mean it as a feature.
  
  Just add our middleware to your Ring stack and get everything automatically: collecting and reporting.
```
(def app
  (-> routes
    ...
    (ring.middleware.params/wrap-params)
    (ring.middleware.cookies/wrap-cookies)
    ...
    (clj-simple-stats.core/wrap-stats))) ;; <-- just add this
```
  It’s zero setup in the best sense: nothing to configure, nothing to monitor, minimal dependency. It starts to work immediately and doesn’t ask anything from you, ever.
  
  See, you already have your web server, why not reuse all the setup you did for it anyway?
  
  Request types
  
  We distinguish between request types. In my case, I am only interested in live people, so I count them separately from RSS feed requests, favicon requests, redirects, wrong URLs, and bots. Bots are particularly active these days. Gotta get that AI training data from somewhere.
  
  RSS feeds are live people in a sense, so extra work was done to count them properly. Same reader requesting feed.xml 100 times in a day will only count as one request.
  
  Hosted RSS readers often report user count in User-Agent, like this:
```
Feedly/1.0 (+http://www.feedly.com/fetcher.html; 457 subscribers; like FeedFetcher-Google)

Mozilla/5.0 (compatible; BazQux/2.4; +https://bazqux.com/fetcher; 6 subscribers)

Feedbin feed-id:1373711 - 142 subscribers
```
  My personal respect and thank you to everybody on this list. I see you.
  
  Graphs
  
  Visualization is important, and so is choosing the correct graph type. This is wrong:
  
  Continuous line suggests interpolation. It reads like between 1 visit at 5am and 11 visits at 6am there were points with 2, 3, 5, 9 visits in between. Maybe 5.5 visits even! That is not the case.
  
  This is how a semantically correct version of that graph should look:
  
  Some attention was also paid to having reasonable labels on axes. You won’t see something like 117, 234, 10875. We always choose round numbers appropriate to the scale: 100, 200, 500, 1K etc.
  
  Goes without saying that all graphs have the same vertical scale and syncrhonized horizontal scroll.
  
  Insights
  
  We don’t offer much (as I don’t need much), but you can narrow reports down by page, query, referrer, user agent, and any date slice.
  
  Not implemented (yet)
  
  It would be nice to have some insights into “What was this spike caused by?”
  
  Some basic breakdown by country would be nice. I do have IP addresses (for what they are worth), but I need a way to package GeoIP into some reasonable size (under 1 Mb, preferably; some loss of resolution is okay).
  
  Finally, one thing I am really interested in is “Who wrote about me?” I do have referrers, only question is how to separate signal from noise.
  
  Performance. DuckDB is a sport: it compresses data and runs column queries, so storing extra columns per row doesn’t affect query performance. Still, each dashboard hit is a query across the entire database, which at this moment (~3 years of data) sits around 600 MiB. I definitely need to look into building some pre-calculated aggregates.
  
  One day.
  
  How to get
  
  Head to github.com/tonsky/clj-simple-stats and follow the instructions:
  
  Let me know what you think! Is it usable to you? What could be improved?
  
  P.S. You can try the live example at tonsky.me/stats. The data was imported from Nginx access logs, which I turned on and off on a few occasions, so it’s a bit spotty. Still, it should give you a general idea.
18. 🔗 Servo Blog November in Servo: monthly releases, context menus, parallel CSS parsing, and more! rss
  Landing in Servo 0.0.3 and our November nightly builds, we now have context menus for links, images, and other web content (@atbrakhi, @mrobinson, #40434, #40501), vsync on Android (@mrobinson, #40306), light mode for the new tab page (@arihant2math, #40272), plus several web platform features:
  - < video controls> (@rayguo17, #40578)
  - < use> in SVG (@WaterWhisperer, #40684)
  - ☢️ ‘font-optical-sizing’ (@simonwuelker, #40829, #40861, #40884)
  - ‘brotli’ in CompressionStream and DecompressionStream (@Taym95, #40842)
  - ‘display-p3-linear’ in CSS color() and color-mix() (@Loirooriol, #40525)
  - calc() now works in grid layout (@nicoburns, #34846)
  - ResizeObserver is now enabled by default (@jdm, #40378)
  Font variations are now applied in ‘font-weight’ and ‘font- stretch’ (@simonwuelker, #40867), fixing a rendering issue in the Web Engines Hackfest website.
  
  @kkoyung has landed some huge improvements in the SubtleCrypto API, including some of the more modern algorithms in this WICG draft, and a fix for constant-time base64 (@kkoyung, #40334). We now have full support for SHA3-256 , SHA3-384 , SHA3-512 (@kkoyung, #40765), cSHAKE128 , cSHAKE256 (@kkoyung, #40832), Argon2d , Argon2i , Argon2id , ChaCha20-Poly1305 , ECDH , ECDSA , and X25519 :
  
  Algorithm | deriveBits | exportKey | generateKey | importKey | sign | verify
  ---|---|---|---|---|---|---
  Argon2d | #40936 | n/a | n/a | #40932 | n/a | n/a
  Argon2i | #40936 | n/a | n/a | #40932 | n/a | n/a
  Argon2id | #40936 | n/a | n/a | #40932 | n/a | n/a
  ChaCha20-Poly1305 | n/a | #40948 | n/a | #40948 | n/a | n/a
  ECDH | #40333 | #40298 | #40305 | #40253 | n/a | n/a
  ECDSA | n/a | #40536 | #40553 | #40523 | #40591 | #40557
  X25519 | #40497 | #40421 | #40480 | #40398 | n/a | n/a
  
  < details> now fires ‘toggle’ events (@lukewarlow, #40271), and < details name> is now exclusive, like radio buttons (@simonwuelker, #40314). InputEvent , which represents ‘input’ and ‘beforeinput’ events, now has composed , data , isComposing , and inputType properties (@excitablesnowball, #39989).
  
  Embedding API Each webview can now now have its own rendering context (@mrobinson, @mukilan, #40794, #40738, #40721, #40594, #40923). This effectively enables full support for multiple windows , and we’ve started incorporating that into servoshell (@mrobinson, @mukilan, #40883). Our previously unused context menu API has been replaced with a new, more effective API that includes actions for links, images, and other web content (@mrobinson, @atbrakhi, #40402, #40501, #40607). For more details, see the docs for ContextMenu , EmbedderControl::ContextMenu, and WebViewDelegate::show_embedder_control(). WebView now has can_go_back() and can_go_forward() methods, and servoshell now uses those to disable the back and forward buttons (@mrobinson, #40598). Having introduced our new RefreshDriver API in October, we’ve now removedServo::animating() (@mrobinson, #40799) and ServoDelegate::notify_animating_changed() (@mrobinson, #40886), and similarly cleaned up the obsolete and inefficient “animating” state in servoshell (@mrobinson, #40715). We’ve moved virtually all of the useful items in the Servo API to the root of the servo library crate (@mrobinson, #40951). This is a breaking change , but we expect that it will greatly simplify embedding Servo, and it means you can even write use servo::*; in a pinch. When running Servo without a custom ClipboardDelegate, we normally use the system clipboard by default. But if there’s no system clipboard, we now have a built-in fallback clipboard (@mrobinson, #40408), rather than having no clipboard at all. Note that the fallback clipboard is very limited, as it can only store text and does not work across processes. Performance and stability
  
  Servo now parses CSS in parallel with script and layout (@mrobinson, @vimpunk, #40639, #40556), and can now measure Largest Contentful Paint in PerformanceObserver as well as in our internal profiling tools (@shubhamg13, @boluochoufeng, #39714, #39384).
  
  Just-in-time compilation (JIT) is now optional (@jschwe, #37972), which can be useful in situations where generating native code is forbidden by policy or unwanted for other reasons.
  
  We’ve improved the performance of incremental layout (@Loirooriol, @mrobinson, #40795, #40797), touch input (@kongbai1996, #40637), animated GIF rendering (@mrobinson, #40158), the prefs subsystem (@webbeef, #40775), and parseFromString() on DOMParser (@webbeef, #40742). We also use fewer IPC resources when internal profiling features are disabled (@lumiscosity, #40823).
  
  We’ve fixed a bug causing nytimes.com to hang (@jdm, #40811), as well as fixing crashes in Speedometer 3.0 and 3.1 (@Narfinger, #40459), grid layout (@nicoburns, #40821), the fonts subsystem (@simonwuelker, #40913), XPath (@simonwuelker, #40411), ReadableStream (@Taym95, #40911), AudioContext (@Taym95, #40729), and when exiting Servo (@mrobinson, #40933).
  
  Donations
  
  Thanks again for your generous support! We are now receiving 6433 USD/month (+11.8% over October) in recurring donations. This helps us cover the cost of our speedy CI and benchmarking servers, one of our latest Outreachy interns , and funding maintainer work that helps more people contribute to Servo.
  
  Servo is also on thanks.dev, and already 28 GitHub users (same as October) that depend on Servo are sponsoring us there. If you use Servo libraries like url, html5ever, selectors, or cssparser, signing up for thanks.dev could be a good way for you (or your employer) to give back to the community.
  
  We now have sponsorship tiers that allow you or your organisation to donate to the Servo project with public acknowlegement of your support. A big thanks from Servo to our newest Bronze Sponsors: Jenny & Phil Porada, Josh Aas , LambdaTest , and Sandwich! If you’re interested in this kind of sponsorship, please contact us at join@servo.org.
  
  6433 USD/month
  
  10000
  
  Use of donations is decided transparently via the Technical Steering Committee’s public funding request process , and active proposals are tracked in servo/project#187. For more details, head to our Sponsorship page.
December 14, 2025
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2025-12-14 rss
  IDA Plugin Updates on 2025-12-14
  
  New Releases:
  - dylib_dobby_hook latest
  Activity:
  - d810-ng
    
    6bf5ebc9: vendor: Bundle clang, typing_extensions, and ida_reloader dependencie…
    
    f7675452: test(samples): Add comprehensive obfuscation test cases and binaries …
  - dylib_dobby_hook
    
    b08b1c25: Daily update
  - haruspex
    
    c35c983f: test: improve tests by removing unwrap calls
  - ida-swarm
    
    82afc923: lldb readme
  - ida_domain_mcp
    
    671ab8b3: Add streamable http support to README
    
    ddc9ad6a: Add streamable http support
  - idaguides
    
    5b69ea10: fixed: adding empty line after single statement block made guide disa…
  - rhabdomancer
    
    120faefb: doc: revert a style change in README.md
    
    4d561372: doc: update CHANGELOG.md
    
    2b1cfb0b: test: improve tests by removing unwrap calls
    
    4cdf88bb: style: improve documentation
2. 🔗 r/wiesbaden Anyone here lived in Oberursel as well? rss
  
  Hi all,
  
  My partner and I have narrowed our choices down to moving to Wiesbaden or Oberursel. We're in our early 30s, no kids, but expect to have some im the next couple years. Would like to hear from someone who has lived in both places to help us gain more clarity on which is best.
  
  Our concerns about Oberursel is that its size may feel a little suffocating though we hear it has a more active social scene on the international front, which is important to us.
  
  Our main concern about Wiesbaden is that it may be too quiet. While we enjoy a more peaceful life, we would also like the option for events, a buzzing cafe/restaurant scene...while also being a decent place to raise kids. We also really like the quick connect to nature.
  
  We've been trying to visit both to get a better picture but visiting and living are also two very different things.
  
  Would appreciate anyone's 2 cents on their experiences.
  
  submitted by /u/scoobeeroo
  [link] [comments]
3. 🔗 r/reverseengineering How Malware Analysts at Australia's ASD (NSA equivalent) Reverse Engineers Obfuscated Malware rss
  
  submitted by /u/Salt_Court_6490
  [link] [comments]
4. 🔗 r/reverseengineering Automated reverse engineering Industroyer malware rss
  
  submitted by /u/Important_Craft_5864
  [link] [comments]
5. 🔗 Textualize/textual The arbitrary release release
  Very small release. Mostly for the awesome themes that were recently contributed.
  
  [6.9.0] - 2025-12-14
  
  Added
  - Added Solarized Dark theme #6278
  - Added Rosé Pine themes #6277
  Fixed
  - Fixed fuzzy matcher displaying wrong matched characters with simple substring match #6282
6. 🔗 @cxiao@infosec.exchange attacking on hanukkah is absolutely disgusting. support and love to all jewish mastodon
  
  attacking on hanukkah is absolutely disgusting. support and love to all jewish friends here, you should not have to be wondering for your safety this season
7. 🔗 News Minimalist 🐢 US lifts some sanctions on Belarus + 8 more stories rss
  
  In the last 3 days ChatGPT read 88467 top news stories. After removing previously covered events, there are 9 articles with a significance score over 5.5.
  
  [5.6] US lifts some trade sanctions on Belarus —abcnews.go.com(+130)
  
  The United States will lift sanctions on Belarusian potash following talks in Minsk, signaling a significant step toward normalizing relations with the long-isolated nation and its authoritarian leader.
  
  U.S. Special Envoy John Coale made the announcement after meeting President Alexander Lukashenko in Minsk over the weekend. Coale described the talks as "very productive," stating that normalizing relations between the two countries is the ultimate goal.
  
  A close Russian ally, Belarus has faced Western sanctions for human rights abuses and its role in the Ukraine war. The move follows Belarus releasing over 430 political prisoners since July 2024.
  
  [5.5] Hong Kong's biggest pro-democracy party votes to disband after more than 30 years —abcnews.go.com(+16)
  
  Hong Kong’s largest pro-democracy party, the Democratic Party, has voted to disband after over 30 years, effectively ending a significant chapter of the city's opposition political movement.
  
  Members voted overwhelmingly to dissolve, citing the current political climate following Beijing's 2020 national security law, which led to the arrests of many activists and former party leaders.
  
  Founded in 1994, the moderate party advocated for universal suffrage. Its closure is part of a wider trend of civil society groups disbanding under immense political pressure in the city.
  
  [5.5] China to tax contraceptives —newsday.com(+10)
  
  China will impose a 13% value-added tax on contraceptives beginning January 1. The new policy ends a 30-year tax exemption and aims to encourage more births amid population decline.
  
  The move has drawn public skepticism and expert warnings about potential health risks. Officials are concerned higher costs could lead to more unplanned pregnancies and sexually transmitted infections among the population.
  
  This policy reverses decades of state-promoted contraception from the former one-child era. China already has high abortion rates, and STI infections have been increasing in recent years.
  
  Highly covered news with significance over 5.5
  
  [6.2] Trump forms coalition with Singapore, Australia, Japan, South Korea, and Israel to counter China on rare earths and tech — politico.eu (+12)
  
  [6.2] EU indefinitely freezes €210 billion in Russian assets to aid Ukraine — theguardian.com (+119)
  
  [6.0] Polar bears' DNA adapts to Arctic warming — de.euronews.com (German) (+2)
  
  [5.6] Israel kills senior Hamas commander, potentially violating cease-fire — nytimes.com [$] (+79)
  
  [5.5] TerraUSD creator Do Kwon receives 15-year prison sentence for $40 billion crypto collapse — bbc.com (+25)
  
  [6.1] FDA approves first new antibiotics to treat gonorrhea in decades — wcvb.com (+8)
  
  Thanks for reading!
  
  — Vadim
  
  You can create your own significance-based RSS feed with premium.
  
  Powered by beehiiv
8. 🔗 Simon Willison JustHTML is a fascinating example of vibe engineering in action rss
  I recently came across JustHTML, a new Python library for parsing HTML released by Emil Stenström. It's a very interesting piece of software, both as a useful library and as a case study in sophisticated AI-assisted programming.
  
  First impressions of JustHTML
  
  I didn't initially know that JustHTML had been written with AI assistance at all. The README caught my eye due to some attractive characteristics:
  - It's pure Python. I like libraries that are pure Python (no C extensions or similar) because it makes them easy to use in less conventional Python environments, including Pyodide.
  - "Passes all 9,200+ tests in the official html5lib-tests suite (used by browser vendors)" - this instantly caught my attention! HTML5 is a big, complicated but meticulously written specification.
  - 100% test coverage. That's not something you see every day.
  - CSS selector queries as a feature. I built a Python library for this many years ago and I'm always interested in seeing new implementations of that pattern.
  - html5lib has been inconsistently maintained over the last few years, leaving me interested in potential alternatives.
  - It's only 3,000 lines of implementation code (and another ~11,000 of tests.)
  I was out and about without a laptop so I decided to put JustHTML through its paces on my phone. I prompted Claude Code for web on my phone and had it build this Pyodide-powered HTML tool for trying it out:
  
  This was enough for me to convince myself that the core functionality worked as advertised. It's a neat piece of code!
  
  Turns out it was almost all built by LLMs
  
  At this point I went looking for some more background information on the library and found Emil's blog entry about it: How I wrote JustHTML using coding agents:
  
  Writing a full HTML5 parser is not a short one-shot problem. I have been working on this project for a couple of months on off-hours.
  
  Tooling: I used plain VS Code with Github Copilot in Agent mode. I enabled automatic approval of all commands, and then added a blacklist of commands that I always wanted to approve manually. I wrote an agent instruction that told it to keep working, and don't stop to ask questions. Worked well!
  
  Emil used several different models - an advantage of working in VS Code Agent mode rather than a provider-locked coding agent like Claude Code or Codex CLI. Claude Sonnet 3.7, Gemini 3 Pro and Claude Opus all get a mention.
  
  Vibe engineering, not vibe coding
  
  What's most interesting about Emil's 17 step account covering those several months of work is how much software engineering was involved, independent of typing out the actual code.
  
  I wrote about vibe engineering a while ago as an alternative to vibe coding.
  
  Vibe coding is when you have an LLM knock out code without any semblance of code review - great for prototypes and toy projects, definitely not an approach to use for serious libraries or production code.
  
  I proposed "vibe engineering" as the grown up version of vibe coding, where expert programmers use coding agents in a professional and responsible way to produce high quality, reliable results.
  
  You should absolutely read Emil's account in full. A few highlights:
  1. He hooked in the 9,200 test html5lib-tests conformance suite almost from the start. There's no better way to construct a new HTML5 parser than using the test suite that the browsers themselves use.
  2. He picked the core API design himself - a TagHandler base class with handle_start() etc. methods - and told the model to implement that.
  3. He added a comparative benchmark to track performance compared to existing libraries like html5lib, then experimented with a Rust optimization based on those initial numbers.
  4. He threw the original code away and started from scratch as a rough port of Servo's excellent html5ever Rust library.
  5. He built a custom profiler and new benchmark and let Gemini 3 Pro loose on it, finally achieving micro-optimizations to beat the existing Pure Python libraries.
  6. He used coverage to identify and remove unnecessary code.
  7. He had his agent build a custom fuzzer to generate vast numbers of invalid HTML documents and harden the parser against them.
  This represents a lot of sophisticated development practices, tapping into Emil's deep experience as a software engineer. As described, this feels to me more like a lead architect role than a hands-on coder.
  
  It perfectly fits what I was thinking about when I described vibe engineering.
  
  Setting the coding agent up with the html5lib-tests suite is also a great example of designing an agentic loop.
  
  "The agent did the typing"
  
  Emil concluded his article like this:
  
  JustHTML is about 3,000 lines of Python with 8,500+ tests passing. I couldn't have written it this quickly without the agent.
  
  But "quickly" doesn't mean "without thinking." I spent a lot of time reviewing code, making design decisions, and steering the agent in the right direction. The agent did the typing; I did the thinking.
  
  That's probably the right division of labor.
  
  I couldn't agree more. Coding agents replace the part of my job that involves typing the code into a computer. I find what's left to be a much more valuable use of my time.
  
  You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.
9. 🔗 Register Spill Joy & Curiosity #66 rss
  The number one thing that I keep thinking about these days is how to reconcile the following in my head:
  
  Friends of mine -- very experienced and very good programmers -- are saying loudly and publicly and in private too that agents are useless. It's slop, they say. It's all just averages. No brilliance, no creativity, and half of it doesn't work. It can't do what I do. They point out where it failed to make an edit. Where it gave a function a weird name. Where it didn't run the tests.
  
  Then there's my experience with using them. I see Amp knock out stuff that would've taken me days and, as a junior engineer, possibly weeks, if I had done it myself. I saw Amp built a tiny and brilliant renderer for box- drawing characters in my terminal emulator. It does performance optimizations, it builds very good looking animations in our TUI framework. It built this and this and this with no hands on the wheel. I saw it build a one-off migration tool for our production database, carefully balancing tradeoffs here to build something that's reliable and inspectable, but also one-off, with as little code as I would've written. It helped me deploy and run it and then refine it. When it can't find jq on a machine, it uses Python for one-liners, doesn't matter. Yesterday I had it help me configure Home Assistant on my Raspberry Pi and I just sat there and talked to it like a true assistant.
  
  It's very good. Very, very, very good. So good that I'm starting to think the whole "we will all just delegate work to agents" might not be as unrealistic as it sounds like.
  
  But then someone writes somewhere that these agents "can barely write code" and I can't help but silently wonder: what the hell are you talking about man?
  - My teammate Lewis wrote about how he does context management in Amp and how 200k of tokens is plenty if you use handoff, references, and forks. And then he also shipped the thread map, which, when he first showed it off in Tallinn a week ago, caused a whole scene in the room, with people saying "whoa" and "holy shit" out loud. Not kidding. People literally gathered around Lewis saying ooh and aah while showed off what he had built. That, in turn, made me get up and walk over and also say "holy shit, dude".
  - Ryan and I talked to Mckay Wrigley about Opus 4.5 and how we see the future of software development. It's all happening, isn't it.
  - Obie Fernandez (the Obie Fernandez in case you also used Rails between 2010 and 2015) on "what happens when the coding becomes the least interesting part of the work". This is some of the realest, truest, most experienced writing on the topic of agents taking over. I agree with nearly everything he writes here.
  - Related, Paul Buchheit: "It was always possible to clone software, but doing so was costly and time consuming, and the clone would need to be much cheaper, making any such venture financially non-viable. With AI, that equation is now changing." Read the other two paragraphs.
  - Great: The Resonant Computing Manifesto. Before I started reading, just by name and context alone, I had assumed this it was going to be another "we have to fight the slop!" chant, but it's not. It actually sees a chance in AI: "This is where AI provides a missing puzzle piece. Software can now respond fluidly to the context and particularity of each human--at scale. One-size-fits-all is no longer a technological or economic necessity. Where once our digital environments inevitably shaped us against our will, we can now build technology that adaptively shapes itself in service of our individual and collective aspirations. We can build resonant environments that bring out the best in every human who inhabits them." But it's a chance we have to take: "Regardless of which path we choose, the future of computing will be hyper-personalized. The question is whether that personalization will be in service of keeping us passively glued to screens--wading around in the shallows, stripped of agency--or whether it will enable us to direct more attention to what matters."
  - My productivity app is a never-ending .txt file. Mine is Apple Notes.
  - How Not to Waste Your Life: "it is only, in poet Mario Benedetti's shimmering words, when we cease sparing ourselves and start spending ourselves that we come truly alive." When we cease sparing ourselves and start spending ourselves. And then: "Because the mind is the crucible of experience and perception, there is no greater waste of life than the waste of mind." And then, on Hawthorne: "What fortifies the spirit to do its work in the world, be it art or activism, often appears on the surface as wasted time -- the hours spent walking in a forest and watching the clouds over the city skyline and pebble-hunting on the beach, the purposeless play of the mind daydreaming and body dancing, all the while ideas and fortitudes fermenting within." How very hard is it to live your life like that and how very easy it sounds, doesn't it.
  - How to be exceptional at anything. Alternative name: how to be someone people want to work with.
  - GPT-5.2 came out. A new frontier model is very interesting, of course, but this part here, in the "economically valuable tasks" section of the post, really stuck with me: "GPT‑5.2 Thinking beats or ties top industry professionals on 70.9% of comparisons on GDPval knowledge work tasks, according to expert human judges. These tasks include making presentations, spreadsheets, and other artifacts. GPT‑5.2 Thinking produced outputs for GDPval tasks at >11x the speed and <1% the cost of expert professionals, suggesting that when paired with human oversight, GPT‑5.2 can help with professional work." It's been years since I've had to create a spreadsheet or a presentation for work, so it's a bit of a blind spot for me, but all I could think was: yeah, they're really going after office work now, just like Anthropic.
  - Hacker News user keepamovin used Gemini 3 to hallucinate the Hacker News frontpage ten years from now: Hacker News frontpage 2035. It's very good! My favorite: "Show HN: A text editor that doesn't use AI"
  - That Hacker News experiment caused Andrej Karpathy to look backwards in time. He built the Hacker News time capsule in which GPT-5.1 grades comments from ten years ago on their prescience.
  - Brian Cantrill on using LLMs at Oxide. There's a lot of good stuff in there, but this, I think, is my favorite distillation: "Finally, LLM-generated prose undermines a social contract of sorts: absent LLMs, it is presumed that of the reader and the writer, it is the writer that has undertaken the greater intellectual exertion. (That is, it is more work to write than to read!) For the reader, this is important: should they struggle with an idea, they can reasonably assume that the writer themselves understands it -- and it is the least a reader can do to labor to make sense of it. If, however, prose is LLM-generated, this social contract becomes ripped up: a reader cannot assume that the writer understands their ideas because they might not so much have read the product of the LLM that they tasked to write it." Makes me think of all the times I've asked other engineers to write an RFC about something they propose we should do. Often the goal wasn't the RFC, but that someone sits down and thinks.
  - Wish I could remember how I ended up reading this: "⁠⁠Sometimes, the most romantic thing a person can do is hand you a thought they've been carrying for years. They do so gently, as though it might break in your hands. It could be a memory wrapped in a metaphor or a belief they've never said aloud until now. These moments are quiet offerings as invitations to step into their interior world."
  - Daniel Miessler in The Bubble Is Labor: "Companies only hire people because they can't do all the work themselves. […] In other words, the only reason the current labor market (and our economy that's based on it) exist at all is because there's a group of founders/owners who need lots of help producing their goods and services. They are not required by anyone to hire me or you to help them if they don't need that help. And the exact moment they can do the work themselves, they will, and not a second after." I really don't mean this in a smug why-isn't-everyone-as-smart-as-me way and maybe it's because I've only ever worked in start-ups or small companies or maybe it's because my parents and grandparents have always been self-employed, but: yeah, of course, and the sooner you figure this out, the better your career will go.
  - "What happens when Cormac McCarthy rewrites your economics paper?"
  - One of my many computing blind spots comes from the fact that I don't use a lot of Microsoft products. I have no clue how probably 90% of all office workers in the world use their computers. So this article here, on Microsoft's AI offerings failing, was very interesting: "Dare I say it, Gemini is actually helpful, and can usually execute tasks you might actually need in a day to day job. 'Find me a meeting slot on this date to accommodate these timezones' -- Gemini will actually do it. Copilot 365 doesn't even have the capability to schedule a calendar event with natural language in the Outlook mobile app, or even provide something as basic as clickable links in some cases. At least Xbox's Gaming Copilot has a beta tag to explain why it fails half of the time. It's truly absurd how half-baked a lot of these features are, and it's odd that Microsoft sought to ship them in this state. And Microsoft wants to make Windows 12 AI first? Please."
  - I gave a five minute speech at the pub last night about this: "I'll say it every month. But competent use of Excel or Google Docs could have wiped out 30% of white collar jobs , but that's not how it works. Heck, 40% of roles could be eliminated if people just knew how to run a meeting better and could prioritize." The big question isn't whether these models are amazing (they are), but whether it'll matter or not.
  - Admittedly, I didn't get all of it, but this was very interesting: seeing like an agent. Good punchline too: "internal markets improve on hierarchy when coordination costs fall - False (GTM dominates Engineering even with full information)" And the article led me to read up on The Nature of the Firm, which I thought was very handy.
  - Size of Life.
  - Adrien Grand and Morgan Gallant on the turbopuffer blog: Vectorized MAXSCORE over WAND, especially for long LLM-generated queries. The conclusion is very interesting: "'Serial and dumb' can often beat 'smart and random' on modern CPUs. Furthermore, agents write longer queries than humans, so it's becoming increasingly important for text search to scale well with the number of terms. These factors force us to periodically revisit our choices of algorithms and their implementations. For text search, this means that the cursor has shifted more and more from WAND to MAXSCORE, which scales better with the number of terms and can be tuned to be more CPU-friendly." (I pair-read this with GPT-5.2 to try it out and asked it about a bunch of the scoring-related algorithms, recommended.)
  - More Nano Banana prompting tips, this time straight from Google.
  - Talking about that Nano Banana: let's not forget how confusing and absurd and funny (in the Kafka way) it is to even get started with Google models. Raise your hand and leave a like if you too thought "what the hell is a model garden , man" the first time you saw it.
  - I can't tell you what it's about, to be honest, and I don't even know whether this is the right name, but Shopify Editions Winter '26 "The Renaissance Edition" is a very beautiful and fascinating page. I'm usually a bit meh as soon as scroll effects show up, but this one? Very nice.
  - Very often I think of this pair of Emmett Shear tweets: "People who have only ever worked for companies structured into clear hierarchy are missing an entire mode of work and collaboration which is vastly more … alive, for lack of a better word. The trusted-peers-on-a-mission mode it incredible. Early startups, bands, movie crews, sports teams, happy families on vacation…they mostly operate in this mode especially at first. You're just jamming together, people are looking out for the group and themselves as one."
  - Good reminder: Notes on Internet Addiction. I'm no saint and I catch myself ending thoughts with "… but it's also been so good to me!" The only thing that truly has worked: set a 30 minute per day limit for all social media apps on my phone, lock that limit behind a password, and -- here comes the crucial bit that makes this work -- and let my wife set the password. Believe me: you don't want to ask your wife "can you give me 20 more minutes of Twitter?" very often.
  - Hell yes, SVGs rock: an SVG is all you need.
  - This was inspiring and made me want to build more things and change how I approach building them: Rebuilding Our Website for the Agent Era. "Teams are buying powerful tools and wondering why everything still feels slow. The answer is usually that they're running agents on infrastructure designed for humans. Once you rebuild the infrastructure, everything becomes this fast." I've been saying this for the past year: for decades developer tooling had to adapt to the codebase. "Oh, your tool doesn't work in our monorepo? Sorry, no can do." Now, though, with these agents, the monorepo will adapt, is my bet. The pull is too strong. The big question: what does the codebase of the future look like? That's what we want to find out at Amp.
  - Eli Bendersky is revisiting Jack Crenshaw's "Let's Build a Compiler" -- lovely!
  - My Christmas present to you: Tinker, Tailor, Soldier, Spy (1979) Edited, HD, English Subtitles. Yes, yes , this is the BBC Tinker Tailor, the one with Alec Guinness playing George Smiley, all in one video, on YouTube, with freaking subtitles. You know how rare that is? It's rare, man. I love the 2011 movie and watched it many times and last week I finally had the good sense to just search on YouTube for the BBC version, which I've been wanting to watch for years now, but it's very hard to find in Germany, in English, with subtitles. It's so good watching this and comparing it to the movie and see what choices they made differently.
  If you also keep thinking "what will software look like in a few years?", you should subscribe:
10. 🔗 r/reverseengineering SHA-256 Structural Weakness Discovery: 174/256 Bit Correlation Achieved via Evolutionary Differential Cryptanalysis rss
  
  submitted by /u/No_Arachnid_5563
  [link] [comments]
December 13, 2025
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2025-12-13 rss
  IDA Plugin Updates on 2025-12-13
  
  New Releases:
  - idaguides IDA Guides v1.0.0
  - SuperHint v1.2.0
  Activity:
  - augur
    
    0298237b: style: improve some message wording
  - ghidra-hello
    
    2145fc0c: Add initial documentation for SBSCRPT v4.0
  - ida_domain_mcp
    
    0792a3ec: Update translations
    
    f18ad85a: Update README.md
  - idaguides
    
    c4ac25c7: Add files via upload
  - idapromcp_333
    
    684f7f43: Update README.md
  - playlist
    
    fef0e132: erm
  - SuperHint
    
    e27d4f11: Fix installation instructions formatting in README
    
    1a742f15: Revise installation instructions for SuperHint
    
    3bd0bf8e: Update README.md
    
    b1701e18: change version
    
    5ef74f68: Merge branch 'main' of github.com:p05wn/SuperHint
    
    1a4c4aee: update plugin version
    
    40ed62e8: Update README for clarity on hint comments
    
    489d5e19: fix: some small bugs
    
    a8ba5e97: fix: function argument
    
    283663ee: Merge branch 'main' of github.com:p05wn/SuperHint
    
    e707c371: fix: fixed some bugs
    
    8276a7f2: Update README with feature details and future updates
    
    dc031f21: docs: update readme
    
    79c28a41: feat: Supporting global variables and functions
    
    b55f0d67: Clarify usage instructions in README
2. 🔗 r/LocalLLaMA 8x RTX Pro 6000 server complete rss
  
  | TL;DR: 768 GB VRAM via 8x RTX Pro 6000 (4 Workstation, 4 Max-Q) + Threadripper PRO 9955WX + 384 GB RAM Longer: I've been slowly upgrading my GPU server over the past few years. I initially started out using it to train vision models for another project, and then stumbled into my current local LLM obsession. In reverse order: Pic 5: Initially was using only a single 3080, which I upgraded to a 4090 + 3080. Running on an older 10900k Intel system. Pic 4: But the mismatched sizes for training batches and compute was problematic, so I upgraded to double 4090s and sold off the 3080. They were packed in there, and during a training run I ended up actually overheating my entire server closet, and all the equipment in there crashed. When I noticed something was wrong and opened the door, it was like being hit by the heat of an industrial oven. Pic 3: 2x 4090 in their new home. Due to the heat issue, I decided to get a larger case and a new host that supported PCIe 5.0 and faster CPU RAM, the AMD 9950x. I ended up upgrading this system to dual RTX Pro 6000 Workstation edition (not pictured). Pic 2: I upgraded to 4x RTX Pro 6000. This is where problems started happening. I first tried to connect them using M.2 risers and it would not POST. The AM5 motherboard I had couldn't allocate enough IOMMU addressing and would not post with the 4th GPU, 3 worked fine. There are consumer motherboards out there that could likely have handled it, but I didn't want to roll the dice on another AM5 motherboard as I'd rather get a proper server platform. In the meantime, my workaround was to use 2 systems (brought the 10900k out of retirement) with 2 GPUs each in pipeline parallel. This worked, but the latency between systems chokes up token generation (prompt processing was still fast). I tried using 10Gb DAC SFP and also Mellanox cards for RDMA to reduce latency, but gains were minimal. Furthermore, powering all 4 means they needed to be on separate breakers (2400w total) since in the US the max load you can put through 120v 15a is ~1600w. Pic 1: 8x RTX Pro 6000. I put a lot more thought into this before building this system. There were more considerations, and it became a many months long obsession planning the various components: motherboard, cooling, power, GPU connectivity, and the physical rig. GPUs: I considered getting 4 more RTX Pro 6000 Workstation Editions, but powering those would, by my math, require a third PSU. I wanted to keep it 2, so I got Max Q editions. In retrospect I should have gotten the Workstation editions as they run much quieter and cooler, as I could have always power limited them. Rig: I wanted something fairly compact and stackable that I could directly connect 2 cards on the motherboard and use 3 bifurcating risers for the other 6. Most rigs don't support taller PCIe cards on the motherboard directly and assume risers will be used. Options were limited, but I did find some generic "EO3" stackable frames on Aliexpress. The stackable case also has plenty of room for taller air coolers. Power: I needed to install a 240V outlet; switching from 120V to 240V was the only way to get ~4000W necessary out of a single outlet without a fire. Finding 240V high-wattage PSUs was a bit challenging as there are only really two: the Super Flower Leadex 2800W and the Silverstone Hela 2500W. I bought the Super Flower, and its specs indicated it supports 240V split phase (US). It blew up on first boot. I was worried that it took out my entire system, but luckily all the components were fine. After that, I got the Silverstone, tested it with a PSU tester (I learned my lesson), and it powered on fine. The second PSU is the Corsair HX1500i that I already had. Motherboard: I kept going back and forth between using a Zen5 EPYC or Threadripper PRO (non-PRO does not have enough PCI lanes). Ultimately, the Threadripper PRO seemed like more of a known quantity (can return to Amazon if there were compatibility issues) and it offered better air cooling options. I ruled out water cooling, because the small chance of a leak would be catastrophic in terms of potential equipment damage. The Asus WRX90 had a lot of concerning reviews, so the Asrock WRX90 was purchased, and it has been great. Zero issues on POST or RAM detection on all 8 RDIMMs, running with the expo profile. CPU/Memory: The cheapest Pro Threadripper, the 9955wx with 384GB RAM. I won't be doing any CPU based inference or offload on this. Connectivity: The board has 7 PCIe 5.0 x16 cards. At least 1 bifurcation adapter would be necessary. Reading up on the passive riser situation had me worried there would be signal loss at PCIe 5.0 and possibly even 4.0. So I ended up going the MCIO route and bifurcated 3 5.0 lanes. A PCIe switch was also an option, but compatibility seemed sketchy and it's costs $3000 by itself. The first MCIO adapters I purchased were from ADT Link; however, they had two significant design flaws: The risers are powered via the SATA peripheral power, which is a fire hazard as those cable connectors/pins are only rated for 50W or so safely. Secondly, the PCIe card itself does not have enough clearance for the heat pipe that runs along the back of most EPYC and Threadripper boards just behind the PCI slots on the back of the case. Only 2 slots were usable. I ended up returning the ADT Link risers and buying several Shinreal MCIO risers instead. They worked no problem. Anyhow, the system runs great (though loud due to the Max-Q cards which I kind of regret). I typically use Qwen3 Coder 480b fp8, but play around with GLM 4.6, Kimi K2 Thinking, and Minimax M2 at times. Personally I find Coder and M2 the best for my workflow in Cline/Roo. Prompt processing is crazy fast, I've seen VLLM hit around ~24000 t/s at times. Generation is still good for these large models, despite it not being HBM, around 45-100 t/s depending on model. Happy to answer questions in the comments. submitted by /u/koushd
  [link] [comments]
  ---|---
3. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 release, -1 release rss
```
sync repo: +1 release, -1 release

## New releases
- [SuperHint](https://github.com/p05wn/SuperHint): 1.2.1

## Changes
- [SuperHint](https://github.com/p05wn/SuperHint):
  - removed version(s): 1.2.0
```
4. 🔗 r/reverseengineering z8086: Rebuilding the 8086 from Original Microcode rss
  
  submitted by /u/tnavda
  [link] [comments]
5. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 plugin, +2 releases rss
```
sync repo: +1 plugin, +2 releases

## New plugins
- [SuperHint](https://github.com/p05wn/SuperHint) (1.2.0, 1.0.0)
```
6. 🔗 r/LocalLLaMA OpenAI's flagship model, ChatGPT-5.2 Thinking, ranks most censored AI on Sansa benchmark. rss
  
  | submitted by /u/Difficult-Cap-7527
  [link] [comments]
  ---|---
7. 🔗 The Pragmatic Engineer The Pulse: Could a 5-day RTO be around the corner for Big Tech? rss
  Hi, this is Gergely with a bonus, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover Big Tech and startups through the lens of senior engineers and engineering leaders. Today, we cover one out of four topics from last week 's The Pulse issue. Full subscribers received the below article seven days ago. To get articles like this in your inbox, every week,subscribe here .
  
  A year ago, Amazon became the first tech giant to bring staff back into the office for the full five days per week. Back then, I analyzed the reasons for the change, and whether other workplaces would follow suit by dropping the widespread hybrid policy of 2-3 days/week in the office.
  
  Now, Meta employees in the Instagram division have become the latest subjects of a full return to the office, following an announcement by the social media platform this week.
  
  Instagram's 5-day return to office
  
  Instagram employees received the unexpected email on Monday, reports fellow Substacker, Alex Heath, who acquired a copy of the message. It was sent internally by Instagram CEO Adam Mosseri, who wrote:
  
  "1. Back to the office: I believe that we are more creative and collaborative when we are together in-person. (...)
  
  2. Fewer meetings: We all spend too much time in meetings that are not effective, and it's slowing us down. Every six months, we'll cancel all recurring meetings and only re-add the ones that are absolutely necessary (...)
  
  3. More demos, less decks: Most product overviews should be prototypes instead of decks.
  
  4. Faster decision-making: We're going to have a more formalized unblocking process with DRIs, and I'll be at the priorities progress unblocking meeting every week."
  
  This decision by Meta affects around a quarter of company staff, and it's hard to imagine other divisions not following Instagram's lead; after all, everything in Mosseri's memo likely applies across the business.
  
  Five years ago, CEO Mark Zuckerberg predicted 50% of Meta staff would work remotely by now, which didn't happen. Indeed, with Instagram's new 5-day RTO, I'd be surprised if 5% of Meta folks work remotely in two years' time.
  
  The reason for Insta 's RTO seems rooted in the leadership's belief that in- office is more productive, as indicated by the top bullet point of Mosseri's message. That message in full:
  
  "I believe that we are more creative and collaborative when we are together in-person. I felt this pre-COVID and I feel it any time I go to our New York office where the in-person culture is strong.
  
  Starting February 2, I'm asking everyone in my rollup based in a US office with assigned desks to come back full time (five days a week). The specifics:
  - You'll still have the flexibility to work from home when you need to, since I recognize there will be times you won't be able to come into the office. I trust you all to use your best judgment in figuring out how to adapt to this schedule.
  - In the NY office, we won't expect you to come back full time until we've alleviated the space constraints. We'll share more once we have a better sense of timeline.
  - In MPK [Menlo Park, the HQ], we'll move from MPK21 to MPK22 on January 26 so everyone has an assigned desk. We're also offering the option to transfer from the MPK to SF office for those people whose commute would be the same or better with that change. We'll reach out directly to those people with more info.
  - XFN [cross-functional] partners will continue to follow their own org norms.
  - There is no change for employees who are currently remote".
  From what I've seen of Mosseri from afar, he seems like a pretty straight shooter. It's clear that he feels in-office creates more energy, and in Mosseri's defense, I hear similar from many startup founders and leaders who say remote work causes a bunch of headaches: it's harder to spot motivational problems and performance issues, information travels more slowly, and rallying teams is harder.
  
  There 's no doubt that running a full-remote company is a lot of effort. There's often-overlooked labor involved in hiring, onboarding, performance management, team celebrations, and even company-wide meetings - none of it is easy.
  
  Linear is a full-remote company with nearly 50 people working there, which recently published details about how it operates. They're introducing the concept of "coworking hubs", flying in teams for in-person events, and holding regular off-sites, while being careful to hire people who fit the culture.
  
  My feeling is that remote work policies at tech companies are going to become questions of their leaders ' preferences. Many devs prefer remote work: there's fewer interruptions, more deep focus, and less commuting. Most of us would probably be just as productive - and probably more so - than when being interrupted in-office.
  
  Leaders who prefer full-remote can cite flexibility and easier hiring from a larger pool of candidates as clear benefits. Meanwhile, those most comfortable with in-person will always have enough reasons to justify a 5-day RTO, along the lines of Mosseri's reasoning. Advocates of hybrid setups cite balancing of focus time and efficiency.
  
  In today's job market, any company that pays closer to the top of the market can probably get away with five-days-a-week RTO. Meta is in this space, and although I'm sure plenty of devs will dislike the change, the alternative is to go out on the job market, accept a pay cut to join a new company, and start rebuilding your internal network.
  
  Since we're in the midst of a weird job market, it makes switching jobs more difficult than before, when the job market was very hot. In this respect, Instagram has external conditions on its side. For devs at Meta, one upside is that Big Tech experience opens more doors, even in this tough job market.
  
  One caveat is that a 5-day RTO is unlikely in places where it's hard to hire the right people. So, AI engineers and those working on AI products should be pretty safe, for instance, because those roles are incredibly in- demand, as indicated by the trend of higher base salaries for AI engineers. Based on that, few companies should want to push those workers to quit to join competitors.
  
  Many subscribers expense this newsletter to their learning and development budget. If you have such a budget, here 's an email you could send to your manager .
8. 🔗 r/wiesbaden Jemand Lust auf Weihnachtsmarkt und Beats on Ice? rss
  
  Gruppe von Studis aus Gießen. Haben noch eine Freikarte für Beats on Ice ab 20 Uhr heute. Sind down neue Leute kennenlernen:)
  
  submitted by /u/RonDji11
  [link] [comments]
9. 🔗 r/LocalLLaMA Qwen3 Next generation optimization rss
  
  | A lot of people were requesting dedicated optimizations, so here they are. I added an optimized autoregressive delta net computation that short-circuits all the recurrect decay calculation because for n_seq_tokens = 1 it all collapses. I also made sure to specifically optimize out all unneeded reshapes / conts in that version. The end result is a 40% generation speed upgrade on my box. If you want, you can try it out and tell me how it works on your end. submitted by /u/ilintar
  [link] [comments]
  ---|---
10. 🔗 HexRaysSA/plugin-repository commits Update known-repositories.txt rss
```
Update known-repositories.txt
```
11. 🔗 r/reverseengineering REshare Ramblings - Bad Vibes with IDA rss
  
  submitted by /u/buherator
  [link] [comments]

generated: December 16, 2025 at 15:06:12