🏡

to read (pdf)

generated: January 11, 2026 at 15:04:07

January 11, 2026
1. 🔗 pranshuparmar/witr v0.2.3 release
  What's Changed
  - feat: enhance PR validations with validations and tests by @sunydepalpur in #113
  - Add cpu and memory usage on darwin by @ArNine in #139
  - fix(cli): show cmdline for name match disambiguation by @ggmolly in #138
  - Only retrieve the pid in the LISTENING state on Windows by @ArNine in #145
  - Main PR by @pranshuparmar in #141
  Full Changelog : v0.2.2...v0.2.3
2. 🔗 r/wiesbaden EGYM WELLPASS +1 Mitgliedschaft gesucht 🏋️ rss
  
  Hallo ihr Lieben, ich versuche auf diesem Wege jemanden zu finden, der so lieb ist und eine +1 Mitgliedschaft zu vergeben hat. Das ist für eine Freundin, weil wir zusammen Sport machen wollen 👯‍♀️
  
  Es ist seit neuestem auch legal jemanden mitaufzunehmen, der nicht aus dem gleichen Haushalt kommt ;)
  
  Freue mich über Angebote!!
  
  submitted by /u/nimbus_street_84
  [link] [comments]
3. 🔗 Pagefind/pagefind v1.5.0-beta.1 release
  Hey! This is a big one, so I thought we'd give a beta release a try. This release addresses a lot of long-standing issues and feature requests, alongside delivering an entirely new search UI.
  
  Pagefind Component UI
  
  This is the main reason for a beta release here. Writing a new ground-up UI system for Pagefind has been a big job, and I would love to get some more eyes on it before we send it out into the world on its stable release.
  
  It's so large, in fact, that it has its own documentation site! If you're itching to see what it looks like, check out https://ui.pagefind.app/ for modals and searchboxes and custom web components and more!
  
  The Component UI is available as vendored files in your /pagefind/ output directory, or it's available as an npm package to install and import.
  
  One big request, for anybody reading this who has or wants to contribute translations, is to go look over the files changed in PR 1005. As part of this new UI, we have a new set of translation strings. Thankfully these could mostly be inferred from existing ones, but overall they need reviews from fluent speakers. ❤️
  
  Search Relevance, and Searching Metadata
  
  Pagefind now searches metadata! Yes, all metadata. By default. Importantly, this means it now searches the title metadata. Matches in titles are now taken into account, and search results are very hard to shake from prime positions if all (or much) of the title matches the search query.
  
  This is also something you can configure! See 📘 Configuring Metadata Weights for how to change this title boost, or apply it to any and all metadata fields of your choosing.
  
  Alongside that, a bunch of weird and wonderful ranking bugs were resolved. I'll write more in the final release notes, but PR 1003 goes into great detail on the various improvements that make searches better across the board. Plus PR 996 covers some of the chunk loading bugs that could also cause corner cases with searches.
  
  Diacritics Support
  
  We finally properly support matching across diacritics. You can now find your cafés without remembering how to type é!
  
  This is, yet again, something you can configure. By default, exact diacritic matches are preferred. So if you're searching "cafe", pages with "cafe" will rank higher than pages with "café". Getting this relevance right by default was the final piece of the puzzle for shipping this, which is why it took a while to land. See 📘 Configuring Diacritic Similarity to adjust how this plays out on your site.
  
  Multilingual Improvements
  
  Thanks browsers! Pagefind now taps into Intl.Segmenter to chop search queries in CJK (Chinese, Japanese, Korean) non-whitespace-delimited languages. This was already done during indexing by Pagefind, but users searching still had to delimit their queries. Now searching "这是一段简单的测试文本" searches for the words "这", "是", "一段", "简单", "的", "测试", and "文本", which is also how that sentence was indexed.
  
  Performance!
  
  Pagefind's search now runs in a Web Worker automatically. This doesn't make the search faster, per se, but it dramatically improves perceived performance on large websites by keeping the main thread responsive.
  
  If Web Workers are unavailable, it falls back to the main thread automatically.
  
  More Performance!
  
  Some low-hanging fruit was picked off, and Pagefind's index chunks are now ~45% smaller. The indexing binary (the one you install through npx or your wrapper of choice) is now both smaller (so, faster to download) and faster to run, at least on my macOS machine.
  
  Phew
  
  Most of these things are pretty solid, and the new Component UI is the most in flux. I don't expect it to change much, but be aware nonetheless that some things might change before it stabilises in 1.5.0.
  
  I would love your feedback! Please jump into the GitHub discussion for this release and highlight any issues. This will simmer happily, depending on feedback, for a week or three, so there's room for changes.
  
  If you haven't used a beta release before, simply:
```
# if you run via npx, sub out `pagefind` for `pagefind@beta`
npx pagefind@beta
# or, if you have it as a dependency:
npm i pagefind@beta
# or, if you use the python distribution:
pip install --pre pagefind
# or, via cargo:
cargo install pagefind --version 1.5.0-beta1
```
  Or download the correct binary from this GitHub Release page.
  
  Hope to hear from you!
4. 🔗 batrachianai/toad Content Markup fix release
  [0.5.28] - 2026-01-11
  
  Fixed
  - Fixed crash when running commands that clash with Content markup
5. 🔗 Pagefind/pagefind v1.5.0-alpha.4 release
  
  Point beta and rc releases at the main repo/releases (#1007)
6. 🔗 Register Spill Joy & Curiosity #69 rss
  Back to work this week and what a week it's been! We had a massive launch, we shipped a lot of stuff, I felt like I'm entering a new stage of agentic programming and burned more tokens than ever before.
  
  But the week was also full of surprises.
  
  Apparently, thanks to Anthropic's crackdown on other clients using the Claude Code subscription for things that aren't Claude Code, a lot of people realized for the first time that $200 per month isn't the real price of these tokens. Surprise: I assumed that everybody knew that $200 can't buy you all the things that people have been doing with those subscriptions; that it's heavily subsidized (or optimized, I guess that's what Anthropic would say). Turns out that assumption was wrong. People are shocked. Yes, that 's why we're working so hard to make Amp affordable by leaning on the Internet's Best Business Model, independent of a model house, not even making a profit on individuals' consumption, without burning VC money or compromising the quality of the product by doing routing tricks behind the curtain.
  
  The other surprise: people were surprised about the crackdown. I had assumed that everybody knew that you aren't allowed to reuse the Claude Code subscription. To get one of those $200/month all-you-can-burn API keys with special rate limits, you have to pretend to be the Claude Code OAuth client (also: see how many did that) and, I don't know man, I was naive enough to think that engineers will understand that this isn't how it was intended to be used, you know.
  
  What I do know for a fact though: we've been told early on -- in the middle of last year -- that we can't do that, we can't reuse these Claude Code subscriptions in Amp, because they're Claude Code only. And if we were told, I'm pretty sure, then others were told too.
  
  But now there's a lot of shocked faces and pearls being clutched and Mr. Officer I didn't know you need to validate the ticket, I didn't see the sign, I swear.
  - Yes, we launched the next generation of Amp Free this week: up to $10 per day in credits, powered by ads, usable with Opus 4.5. Up to $300 per month in Opus 4.5 tokens. Go use it. $10 can get you a lot.
  - More spicy news this week: "Scoop: xAI staff had been using Anthropic's models internally through Cursor--until Anthropic cut off the startup's access this week." Feels good to be model-house independent, tell you that.
  - ezyang on the gap between a Helpful Assistant and a Senior Engineer: "In principle, you could prompt the LLM agent to act like a Senior Engineer. In fact, why stop at Senior, let's tell the LLM to be a Staff Engineer! Imagine that scaling continues: what would you expect the LLM to do when instructed to act in this way? Well, imagine a human L7 engineer who has just been hired by a big tech company to head up some big, new, multi-year initiative. Will they say, 'Sure, I can help with that!' and start busily coding away? Of course not: they will go out and start reviewing code, reading docs, talking to people, asking questions, shadowing oncalls, doing small starter tasks-they will start by going out and building context." I agree, our analogies don't fit anymore, because we haven't had Frankenstein Engineers before.
  - Dan Shipper on Agent-Native Architectures. This was very interesting. It's about building agents into end-user applications, but my current campaign slogan is that 2026 will be the year in which agents and codebases melt and this article made me wonder: what if you see your codebase as an application with which the agent has to interact, which tools can you provide?
  - From the same thought-universe: Rijnard on the Code-Only Agent. "The Code-Only agent produces something more precise than an answer in natural language. It produces a code witness of an answer. The answer is the output from running the code. The agent can interpret that output in natural language (or by writing code), but the "work" is codified in a very literal sense. The Code-Only agent doesn't respond with something. It produces a code witness that outputs something."
  - The intro from last week's issue made it into The Pragmatic Engineer: when AI writes almost all code, what happens to software engineering? Next to it are quotes from DHH, Adam Wathan, Malte Uble. This Holiday season apparently really woke something up. Part of me thinks I need to find a non-arrogant way to say "see! I told you! I told you!" and the other part goes "what for?"
  - Kevin Kelly: How Will the Miracle Happen Today?
  - Adam Wathan in his morning walk episode: "I just had to lay off some of the most talented people I've ever worked with and it fucking sucks." This episode really blew up and resulted in viral tweets and HackerNews threads and apparently corporate sponsorship by companies that want to help Tailwind. The question on everyone's mind: is this part of a bigger trend? It's very sad that these layoffs had to happen and I really loved how Adam gave a long, personal referral to all three of the people involved. Dan Hollick (dude what a URL), Philipp, and Jordan. I've worked with Philipp before -- he's an outstanding, top-1% engineer. And, funnily enough, I've interacted with Jordan on GitHub before, because he worked on the Tailwind LSP server and I was working on Zed, trying to get it to work for some user configuration.
  - In the wake of Adam's podcast blowing up, a lot of people commented on Tailwind's business model. A lot of noise, to be sure, but it also sparked some very interesting comments. This one, for example, is a very interesting lens with which to look at AI: "What I keep coming back to is this: AI commoditizes anything you can fully specify. Documentation, pre-built card components, a CSS library, Open Source plugins. Tailwind's commercial offering was built on "specifications". AI made those things trivial to generate. AI can ship a specification but it can't run a business. So where does value live now? In what requires showing up, not just specifying. Not what you can specify once, but what requires showing up again and again. Value is shifting to operations: deployment, testing, rollbacks, observability. You can't prompt 99.95% uptime on Black Friday. Neither can you prompt your way to keeping a site secure, updated, and running." That first sentence -- "AI commoditizes anything you can fully specify" -- man, isn't that something to think about.
  - Talking about trends: the number of questions on StackOverflow over time. Astonishing.
  - This week I learned that Martin Fowler is publishing Fragments. And in that issue he links to this post by Kent Beck that articulates something I haven't been able to: "The descriptions of Spec-Driven development that I have seen emphasize writing the whole specification before implementation. This encodes the (to me bizarre) assumption that you aren't going to learn anything during implementation that would change the specification. I've heard this story so many times told so many ways by well-meaning folks--if only we could get the specification "right", the rest of this would be easy." I think this is exactly what makes me skeptical of leaning too much into the "write all the PRDs and Plans and then just execute"-agentic-programming-workflows. Of course the devil's in the "how do you plan?"-details, but Beck has a point: why would this time be different, why would the magic of "just write a really good, detailed plan and then execute" be different with AI? I don't see a reason. On the contrary, I think the opposite stance -- building software is learning about the software -- is truer than ever: you need more feedback loops, more ways for the agent to hit reality, to learn, to course-correct.
  - Fly released Sprites: Code And Let Live. This is very, very interesting. I'm starting to think that with agents we might be entering a new neither-cattle-nor-pet era, a time of pet/cattle-hybrids. Admittedly, Simon Willison's piece on Sprites helped me make more sense of it after I had a ton of questions (which I also sent to ChatGPT, like: "so are they saying agents should be always-on in these machines?")
  - Brian Guthrie's Move Faster Manifesto. This is great. This part, on it being a choice, is spot-on: "But the hardest part of moving fast isn't execution; it's deciding that it's necessary, and then convincing people that it's possible."
  - I've become fascinated with TBPN and their rise this year, but still didn't know that much about them, nor their backgrounds. This Vanity Fair piece filled some gaps -- it isn't just software changing, is it, it's also media.
  - And I really nodded along to this post by Jordi Hays, about AI needing a Steve Jobs: "Our AI leaders today seem to have forgotten to include humanity in the AI story. 'If AI stays on the trajectory that we think it will, then amazing things will be possible. Maybe with 10 gigawatts of compute, AI can figure out how to cure cancer.' - Sam Altman. I understand what Sam is saying here, and it's not entirely fair to pick a random quote, but there's no doubt that this type of phrasing is not what Steve would have done."
  - Henrik Karlsson: "And you do the same thing with joy. If you learn to pay sustained attention to your happiness, the pleasant sensation will loop on itself until it explodes and pulls you into a series of almost hallucinogenic states, ending in cessation, where your consciousness lets go and you disappear for a while. This takes practice." Made me wish I was better at directing my attention and thoughts.
  - If you squint really hard and make a face and bend your head, this one is related to the Karlsson piece: "Willpower Doesn't Work. This Does." But, hey, even if it isn't related, it's another good reminder.
  - Max Leiter from Vercel on how they "made v0 an effective coding agent". The LLM Suspense framework is neat but it made me wonder: which model generation will make it obsolete?
  - Jason Cohen on the value of focus and what that even means. This is great and something I'll reshare in the future.
  - Nikita Prokopov saying it's hard to justify the icons in macOS Tahoe. I can't say with certainty -- none of the machines I have are on Tahoe yet -- but it looks like I agree with him. Strange feeling reading this, like finding out at the gate that the plane you're about to board as a new type of airplane seat that has an average rating of 2 out of 5.
  - "You're not that guy, Pal."
  If you knew the real price of these tokens, you should subscribe:
7. 🔗 r/wiesbaden Einfluss von Stellenanzeigen auf Bewerbungsabsichten von Studentinnen (Masterarbeit, anonym) rss
  
  Hi an die Deutschsprachigen! 😊
  
  Für meine Masterarbeit im Bereich Wirtschaftswissenschaften untersuche ich, wie Formulierungen in Stellenanzeigen die Bewerbungsabsicht von Studentinnen auf Vertriebspositionen beeinflussen.
  
  Dafür führe ich eine anonyme Online-Umfrage (ca. 10 Minuten) durch und würde mich riesig freuen, wenn ihr teilnehmt oder den Link weiterleitet. 🙏
  
  Teilnahmevoraussetzungen:
  • Du studierst BWL, VWL oder ein anderes wirtschaftswissenschaftliches Fach
  • Geschlecht spielt keine Rolle – alle dürfen teilnehmen!
  
  Ziel der Studie:
  Herausfinden, welche Formulierungen in Jobanzeigen Studentinnen eher abschrecken oder motivieren , sich auf eine Vertriebsstelle zu bewerben.
  
  👉 Hier geht’s zur Umfrage:
  
  https://ww3.unipark.de/uc/Marketing-JLU/4c44/
  
  Vielen Dank an alle, die mich unterstützen! Ihr helft mir wirklich sehr weiter. ❤️
  
  submitted by /u/Klutzy-Present6276
  [link] [comments]
8. 🔗 badlogic/pi-mono v0.42.5 release
  Fixed
  - Reduced flicker by only re-rendering changed lines (#617 by @ogulcancelik). No worries tho, there's still a little flicker in the VS Code Terminal. Praise the flicker.
  - Cursor position tracking when content shrinks with unchanged remaining lines
  - TUI renders with wrong dimensions after suspend/resume if terminal was resized while suspended (#599)
  - Pasted content containing Kitty key release patterns (e.g., :3F in MAC addresses) was incorrectly filtered out (#623 by @ogulcancelik)
9. 🔗 vitali87/code-graph-rag v0.0.28 release
  
  chore: bump version to 0.0.28
10. 🔗 anthropics/claude-code v2.1.4 release
  What's changed
  - Added CLAUDE_CODE_DISABLE_BACKGROUND_TASKS environment variable to disable all background task functionality including auto-backgrounding and the Ctrl+B shortcut
  - Fixed "Help improve Claude" setting fetch to refresh OAuth and retry when it fails due to a stale OAuth token
January 10, 2026
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-01-10 rss
  IDA Plugin Updates on 2026-01-10
  
  New Releases:
  - ghidra-chinese 20260110 - 20872505246
  Activity:
  - augur
    
    7fecba51: chore: update dependencies
  - DriverBuddy-7.4-plus
    
    5e1a6e78: Merge pull request #4 from HyperionGray/copilot/update-to-modern-day-…
    
    5f28ad98: dot-github added, copilot rules, workflows synced
    
    07df7bf3: dot-github added, copilot rules, workflows synced
  - ghidra-chinese
    
    a932fec4: Merge pull request #83 from TC999/sync
  - haruspex
    
    2c33dde4: chore: update dependencies
  - IDAPluginList
    
    4f8a3c59: Update
  - MCP-IDA-PRO
    
    0685fbc2: Fix infer_types: use ida_typeinf.guess_tinfo instead of ida_hexrays
    
    3108ee71: Change plugin host to 0.0.0.0
    
    46b1ad87: Change default host to 0.0.0.0 for network access
    
    02bda69e: Remove unused ida_http.py
    
    10aa7baa: Remove CLAUDE.md from tracking (now in .gitignore)
    
    974ae475: Remove outdated skills and devdocs folders
    
    4e72819f: Remove uv-package.sh
    
    a9695670: v1.0.0: DDD architecture restructuring
  - OpenReCopilot
    
    7cbd75f2: Add demo screenshot and sample binary
    
    149b6548: Reorganize: Move reverse engineering files to reverse-work directory
    
    be68812c: Fix( readme.me): Corrected the incorrect URL link.
    
    0c8b4b27: Major refactoring: Fix bugs and add third-party API support
  - rhabdomancer
    
    7db0e6fa: chore: update dependencies
  - smd_ida_tools2
    
    9da6b6d1: Added name acquiring for J at move jsr commands
    
    2d638e49: Fixed compilation of g_main.cpp
    
    6b285dfd: Updates source files to IDA Pro 9.2 SDK
    
    ee220cdd: Updated source files to C++20
    
    ad1e7129: Solution updated to VS2026
  - suture
    
    1ed7b880: removed: misleading cot_call info from previous implementation
2. 🔗 vitali87/code-graph-rag v0.0.27 release
  
  chore: bump version to 0.0.27
3. 🔗 @cxiao@infosec.exchange quick design for a thing mastodon
  
  quick design for a thing
  if you like it, feel free to use it however you want
  
  #trump #maduro #venezuela #iran #irgc
4. 🔗 vitali87/code-graph-rag v0.0.26 release
  
  chore: bump version to 0.0.26
5. 🔗 r/LocalLLaMA Visualizing RAG, PART 2- visualizing retrieval rss
  
  | Edit: code is live at https://github.com/CyberMagician/Project_Golem Still editing the repository but basically just download the requirements (from requirements txt), run the python ingest to build out the brain you see here in LanceDB real quick, then launch the backend server and front end visualizer. Using UMAP and some additional code to visualizing the 768D vector space of EmbeddingGemma:300m down to 3D and how the RAG “thinks” when retrieving relevant context chunks. How many nodes get activated with each query. It is a follow up from my previous post that has a lot more detail in the comments there about how it’s done. Feel free to ask questions I’ll answer when I’m free submitted by /u/Fear_ltself
  [link] [comments]
  ---|---
6. 🔗 Jessitron AI-coding trick: ask it how it knows rss
  
  Here's the conversation I want:
  
  Me: What do we have to work on?
  Claude: [checks its issue tracker] Oh look at these nice issues that are ready for work…
  
  But the issue tracker (Beads) is new, and is Claude going to check it? or is it going to hare off looking at git log and searching the codebase for TODO?
  
  So I ask it.
  
  Me: if I say "what were we working on?" what actions will you take?
  Claude: I'll check the issue tracker! and then I'll look at git log and then the issue tracker!
  
  This is good news! I'm curious how it knows that. I didn't update CLAUDE.md.
  
  Me : great! How do you know to check beads?
  Claude: … deep explanation of the startup hook that Beads installed
  
  I enjoy that it can explain its own workings. When I don't know how to get it to do something, "ask it" usually teaches me how. It can go meta and explain itself. So fun!
7. 🔗 badlogic/pi-mono v0.42.4 release
  Fixed
  - Bash output expanded hint now says "(ctrl+o to collapse)" (#610 by @tallshort)
  - Fixed UTF-8 text corruption in remote bash execution (SSH, containers) by using streaming TextDecoder (#608)
8. 🔗 badlogic/pi-mono v0.42.3 release
  Changed
  - OpenAI Codex: updated to use bundled system prompt from upstream
9. 🔗 batrachianai/toad The $10 Release release
  [0.5.27] - 2026-01-10
  
  Changed
  - Updated Hugging Face Inference providers
10. 🔗 batrachianai/toad The Lines Release release
  [0.5.26] - 2026-01-10
  
  Fixed
  - Fixed issue with missing refreshes
  Added
  - Added Target lines, and Additional lines, to settings
11. 🔗 Textualize/textual The BLANK Release release
  [7.1.0] - 2026-01-10
  
  Fixed
  - Fixed issue with missing refresh #6318
  Added
  - Added Widget.BLANK which can optimize rendering of large widgets (typically containers that scroll) #6318
12. 🔗 r/reverseengineering Galago executes Android ARM64 native libraries as raw code. rss
  
  submitted by /u/zboralski
  [link] [comments]
13. 🔗 r/LocalLLaMA GLM 5 Is Being Trained! rss
  
  | https://preview.redd.it/lc29bfu0ugcg1.png?width=696&format=png&auto=webp&s=881458479675304548c6a39e72ed0a8b90f5b54a Announced after their IPO submitted by /u/Few_Painter_5588
  [link] [comments]
  ---|---
14. 🔗 @cxiao@infosec.exchange RE: mastodon
  
  RE: https://mastodon.online/@charlesmok/115868370578688572
  
  check out https://smc.peering.tw from this article! it's a very nice visualization of submarine cables around taiwan, and active incidents affecting them
15. 🔗 vitali87/code-graph-rag v0.0.25 release
  
  chore: bump version to 0.0.25
16. 🔗 badlogic/pi-mono v0.42.2 release
  Added
  - /model <search> now pre-filters the model selector or auto-selects on exact match. Use provider/model syntax to disambiguate (e.g., /model openai/gpt-4). (#587 by @zedrdave)
  - FooterDataProvider for custom footers: ctx.ui.setFooter() now receives a third footerData parameter providing getGitBranch(), getExtensionStatuses(), and onBranchChange() for reactive updates (#600 by @nicobailon)
  - Alt+Up hotkey to restore queued steering/follow-up messages back into the editor without aborting the current run (#604 by @tmustier)
  Fixed
  - Fixed LM Studio compatibility for OpenAI Responses tool strict mapping in the ai provider (#598 by @gnattu)
17. 🔗 Mitchell Hashimoto Finding and Fixing Ghostty's Largest Memory Leak rss
  
  (empty)
18. 🔗 Will McGugan Good AI, Bad AI - the experiment rss
  If you are in tech, or possibly even if you aren’t, your social feeds are likely awash with AI. Most developers seem to be either all-in or passionately opposed to AI (with a leaning towards the all-in camp). Personally I think the needle is hovering somewhere between bad and good.
  
  Good AI
  
  AI for writing code is a skill multiplier.
  
  We haven’t reached the point where a normie can say “Photoshop, but easier to use”. Will we ever? But for now it seems those who are already skilled in what they are asking the AI to do, are getting the best results.
  
  I’ve seen accomplished developers on X using AI to realize their projects in a fraction of the time. These are developers who absolutely could write every line that the LLM produces. They choose not to, because time is their most precious commodity.
  
  Why is this good AI? It means that skills acquired in the age before AI 1 are still valuable. We have a little time before mindless automatons force senior developers into new careers as museum exhibits, tapping on their mechanical keyboards in front of gawping school kids, next to the other fossils,
  
  Bad AI
  
  The skill multiplier effect may not be enough to boost inexperienced (or mediocre) developers to a level they would like. But AI use does seem to apply a greater boost to the Dunning-Kruger effect.
  
  If you maintain an Open Source project you may be familiar with AI generated Pull Requests. Easily identifiable by long bullet lists in the description, these PRs are often from developers who copied an issue from a project into their prompt, prefixed with the words “please fix”.
  
  These drive-by AI PRs generate work for the FOSS developer. They can look superficially correct, but it takes time to figure out if the changes really do satisfy the requirements. The maintainer can’t use the usual signals to cut through the noise when reviewing AI generated PRs. Copious amounts of (passing) tests and thorough documentation are no longer a signal that the PR won’t miss the point, either subtly or spectacularly.
  
  This is bad AI (more accurately a bad outcome), because it typically takes more time for the maintainer to review such PRs than the creator took to type in the prompt. And those that contribute such PRs rarely respond to requests for changes.
  
  In the past you could get around this with a blanket ban on AI generated code. Now, I think developers would be foolish to do that. Good code is good code, whether authored by a fleshy mammalian brain or a mechanical process. And it is undeniable that AI code can be good code.
  
  The Experiment
  
  This makes me wonder if the job of maintainer could be replaced with AI.
  
  I want to propose an experiment…
  
  Let’s create a repository with some initial AI generated code: “Photoshop, but easier to use” is as a starting point as good as any. An AI agent will review issues, respond via comments, and may tag the issue with “todo” or close it if it doesn’t reach a bar for relevance and quality.
  
  PRs are accepted for “todo” issues and will be reviewed, discussed, and ultimately merged or closed by the AI. These PRs may be human or AI generated—the AI doesn’t care (as if it could).
  
  Note that PRs could modify any of the prompts used by the AI, and those edits will be reviewed by the AI in the same way as any other file.
  
  Would the end result be quality software or a heinous abomination, succeeding only in creating a honeypot for prompt-injection attacks?
  
  I have no intention of making this happen. But if somebody does, tell me how it goes.
  1. Feels like a long time, but there has only been a single Fast and Furious movie made since the advent of the AI age. ↩
January 09, 2026
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-01-09 rss
  IDA Plugin Updates on 2026-01-09
  
  New Releases:
  Activity:
  - capa
    
    7f3e35ee: loader: gracefully handle ELF files with unsupported architectures (#…
  - ida-hcli
    
    30bbb454: 0.15.3
    
    7dd21650: plugin: repo: github: accept content_type=raw for assets
    
    769698b5: 0.15.2
    
    5672d0b7: feat: add allowed editions to license data
  - ida-structor
    
    ee7bb48b: docs: Document Z3 synthesis, cross-function analysis, and C++ API usage
    
    1842108f: feat: Enable sibling discovery and offset handling in cross-function …
  - idawilli
    
    ec5df57b: Merge pull request #63 from williballenthin/claude/analyze-malware-sa…
    
    62a63d97: Add documentation resource links and API exploration guidance
    
    7d66d507: Document Hex-Rays decompiler license requirement in idalib skill
    
    09818f89: Merge pull request #62 from williballenthin/claude/remove-api-key-log…
    
    2b25942f: Simplify install-ida.sh by removing file logging
    
    24942f7d: Remove credential clearing logic from install-ida.sh
    
    f9ad6220: Merge pull request #61 from williballenthin/claude/test-idapro-import…
    
    436ab3a6: Add ida-domain support and improve skill documentation
    
    5dc5124f: Restructure as proper Claude Code skill
    
    50fc7c6d: Remove session start hook
    
    bdf0a3f4: Move IDA Pro installation from session hook to skill
    
    e1b8d367: Merge pull request #60 from williballenthin/claude/verify-ida-setup-4…
    
    7b8d42b4: Remove py-activate-idalib steps
    
    f04f0df4: Remove existing IDA installation discovery
    
    fa0add54: Add debug logging to session start hook
    
    eab18712: Merge pull request #59 from williballenthin/claude/update-ida-hcli-in…
    
    c26c26a4: Update IDA session hook to use uv pip install ida-hcli
    
    9881c787: Merge pull request #58 from williballenthin/claude/add-ida-session-ho…
    
    f9b3470b: Add session start hook for IDA Pro development in Claude Code web
  - msc-thesis-LLMs-to-rank-decompilers
    
    5dc8698f: Remove obsolete output files and update extraction script for better …
  - suture
    
    d0b27285: added: support for stack structures added: StackRuleSet added: tests …
  - Unicorn-Trace
    
    fdb47234: add user hook, add log function, add example
    
    1a58d160: fix mutiple call
    
    038d4eee: Enhance Unicorn ARM64 IDA Trace Tool
2. 🔗 Simon Willison Fly's new Sprites.dev addresses both developer sandboxes and API sandboxes at the same time rss
  New from Fly.io today: Sprites.dev. Here's their blog post and YouTube demo. It's an interesting new product that's quite difficult to explain - Fly call it "Stateful sandbox environments with checkpoint & restore" but I see it as hitting two of my current favorite problems: a safe development environment for running coding agents and an API for running untrusted code in a secure sandbox.
  
  Disclosure: Fly sponsor some of my work. They did not ask me to write about Sprites and I didn't get preview access prior to the launch. My enthusiasm here is genuine.
  Developer sandboxes
  
  I predicted earlier this week that "we’re due a Challenger disaster with respect to coding agent security" due to the terrifying way most of us are using coding agents like Claude Code and Codex CLI. Running them in --dangerously-skip-permissions mode (aka YOLO mode, where the agent acts without constantly seeking approval first) unlocks so much more power, but also means that a mistake or a malicious prompt injection can cause all sorts of damage to your system and data.
  
  The safe way to run YOLO mode is in a robust sandbox, where the worst thing that can happen is the sandbox gets messed up and you have to throw it away and get another one.
  
  That's the first problem Sprites solves:
  curl https://sprites.dev/install.sh | bash sprite login sprite create my-dev-environment sprite console -s my-dev-environment
  That's all it takes to get SSH connected to a fresh environment, running in an ~8GB RAM, 8 CPU server. And... Claude Code and Codex and Gemini CLI and Python 3.13 and Node.js 22.20 and a bunch of other tools are already installed.
  
  The first time you run claude it neatly signs you in to your existing account with Anthropic. The Sprites VM is persistent so future runs of sprite console -s will get you back to where you were before.
  
  ... and it automatically sets up port forwarding, so you can run a localhost server on your Sprite and access it from localhost:8080 on your machine.
  
  There's also a command you can run to assign a public URL to your Sprite, so anyone else can access it if they know the secret URL.
  
  Storage and checkpoints
  
  In the blog post Kurt Mackey argues that ephemeral, disposable sandboxes are not the best fit for coding agents:
  
  The state of the art in agent isolation is a read-only sandbox. At Fly.io, we’ve been selling that story for years, and we’re calling it: ephemeral sandboxes are obsolete. Stop killing your sandboxes every time you use them. [...]
  
  If you force an agent to, it’ll work around containerization and do work . But you’re not helping the agent in any way by doing that. They don’t want containers. They don’t want “sandboxes”. They want computers.
  
  [...] with an actual computer, Claude doesn’t have to rebuild my entire development environment every time I pick up a PR.
  
  Each Sprite gets a proper filesystem which persists in between sessions, even while the Sprite itself shuts down after inactivity. It sounds like they're doing some clever filesystem tricks here, I'm looking forward to learning more about those in the future.
  
  There are some clues on the homepage:
  
  You read and write to fast, directly attached NVMe storage. Your data then gets written to durable, external object storage. [...]
  
  You don't pay for allocated filesystem space, just the blocks you write. And it's all TRIM friendly, so your bill goes down when you delete things.
  
  The really clever feature is checkpoints. You (or your coding agent) can trigger a checkpoint which takes around 300ms. This captures the entire disk state and can then be rolled back to later.
  
  For more on how that works, run this in a Sprite:
```
cat /.sprite/docs/agent-context.md
```
  Here's the relevant section:
```
## Checkpoints
- Point-in-time checkpoints and restores available
- Copy-on-write implementation for storage efficiency
- Last 5 checkpoints mounted at `/.sprite/checkpoints`
- Checkpoints capture only the writable overlay, not the base image
```
  Or run this to see the --help for the command used to manage them:
  sprite-env checkpoints --help
  Which looks like this:
```
sprite-env checkpoints - Manage environment checkpoints

USAGE:
    sprite-env checkpoints <subcommand> [options]

SUBCOMMANDS:
    list [--history <ver>]  List all checkpoints (optionally filter by history version)
    get <id>                Get checkpoint details (e.g., v0, v1, v2)
    create                  Create a new checkpoint (auto-versioned)
    restore <id>            Restore from a checkpoint (e.g., v1)

NOTE:
    Checkpoints are versioned as v0, v1, v2, etc.
    Restore returns immediately and triggers an async restore that restarts the environment.
    The last 5 checkpoints are mounted at /.sprite/checkpoints for direct file access.

EXAMPLES:
    sprite-env checkpoints list
    sprite-env checkpoints list --history v1.2.3
    sprite-env checkpoints get v2
    sprite-env checkpoints create
    sprite-env checkpoints restore v1
```
  Really clever use of Claude Skills
  
  I'm a big fan of Skills, the mechanism whereby Claude Code (and increasingly other agents too) can be given additional capabilities by describing them in Markdown files in a specific directory structure.
  
  In a smart piece of design, Sprites uses pre-installed skills to teach Claude how Sprites itself works. This means you can ask Claude on the machine how to do things like open up ports and it will talk you through the process.
  
  There's all sorts of interesting stuff in the /.sprite folder on that machine - digging in there is a great way to learn more about how Sprites works.
  
  A sandbox API
  
  Also from my predictions post earlier this week: "We’re finally going to solve sandboxing". I am obsessed with this problem: I want to be able to run untrusted code safely, both on my personal devices and in the context of web services I'm building for other people to use.
  
  I have so many things I want to build that depend on being able to take untrusted code - from users or from LLMs or from LLMs-driven-by-users - and run that code in a sandbox where I can be confident that the blast radius if something goes wrong is tightly contained.
  
  Sprites offers a clean JSON API for doing exactly that, plus client libraries in Go and TypeScript and coming-soon Python and Elixir.
  
  From their quick start:
```
# Create a new sprite
curl -X PUT https://api.sprites.dev/v1/sprites/my-sprite \
-H "Authorization: Bearer $SPRITES_TOKEN"

# Execute a command
curl -X POST https://api.sprites.dev/v1/sprites/my-sprite/exec \
-H "Authorization: Bearer $SPRITES_TOKEN" \
-d '{"command": "echo hello"}'
```
  You can also checkpoint and rollback via the API, so you can get your environment exactly how you like it, checkpoint it, run a bunch of untrusted code, then roll back to the clean checkpoint when you're done.
  
  Managing network access is an important part of maintaining a good sandbox. The Sprites API lets you configure network access policies using a DNS-based allow/deny list like this:
  curl -X POST \ "https://api.sprites.dev/v1/sprites/{name}/policy/network" \ -H "Authorization: Bearer $SPRITES_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "rules": [ { "action": "allow", "domain": "github.com" }, { "action": "allow", "domain": "*.npmjs.org" } ] }'
  Scale-to-zero billing
  
  Sprites have scale-to-zero baked into the architecture. They go to sleep after 30 seconds of inactivity, wake up quickly when needed and bill you for just the CPU hours, RAM hours and GB-hours of storage you use while the Sprite is awake.
  
  Fly estimate a 4 hour intensive coding session as costing around 46 cents, and a low traffic web app with 30 hours of wake time per month at ~$4.
  
  (I calculate that a web app that consumes all 8 CPUs and all 8GBs of RAM 24/7 for a month would cost ((7 cents * 8 * 24 * 30) + (4.375 cents * 8 * 24 * 30)) / 100 = $655.2 per month, so don't necessarily use these as your primary web hosting solution for an app that soaks up all available CPU and RAM!)
  
  Two of my favorite problems at once
  
  I was hopeful that Fly would enter the developer-friendly sandbox API market, especially given other entrants from companies like Cloudflare and Modal and E2B.
  
  I did not expect that they'd tackle the developer sandbox problem at the same time, and with the same product!
  
  My one concern here is that it makes the product itself a little harder to explain.
  
  I'm already spinning up some prototypes of sandbox-adjacent things I've always wanted to build, and early signs are very promising. I'll write more about these as they turn into useful projects.
  
  Update: Here's some additional colour from Thomas Ptacek on Hacker News:
  
  This has been in the works for quite awhile here. We put a long bet on "slow create fast start/stop" --- which is a really interesting and useful shape for execution environments --- but it didn't make sense to sandboxers, so "fast create" has been the White Whale at Fly.io for over a year.
  
  You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.
3. 🔗 r/reverseengineering Hacking Denuvo rss
  
  submitted by /u/RazerOG
  [link] [comments]
4. 🔗 anthropics/claude-code v2.1.3 release
  What's changed
  - Merged slash commands and skills, simplifying the mental model with no change in behavior
  - Added release channel (stable or latest) toggle to /config
  - Added detection and warnings for unreachable permission rules, with warnings in /doctor and after saving rules that include the source of each rule and actionable fix guidance
  - Fixed plan files persisting across /clear commands, now ensuring a fresh plan file is used after clearing a conversation
  - Fixed false skill duplicate detection on filesystems with large inodes (e.g., ExFAT) by using 64-bit precision for inode values
  - Fixed mismatch between background task count in status bar and items shown in tasks dialog
  - Fixed sub-agents using the wrong model during conversation compaction
  - Fixed web search in sub-agents using incorrect model
  - Fixed trust dialog acceptance when running from the home directory not enabling trust-requiring features like hooks during the session
  - Improved terminal rendering stability by preventing uncontrolled writes from corrupting cursor state
  - Improved slash command suggestion readability by truncating long descriptions to 2 lines
  - Changed tool hook execution timeout from 60 seconds to 10 minutes
  - [VSCode] Added clickable destination selector for permission requests, allowing you to choose where settings are saved (this project, all projects, shared with team, or session only)
5. 🔗 Textualize/textual The Good Night's Sleep Release release
  [7.0.3] - 2026-01-09
  
  Fixed
  - Fixed performance issue with large scrollable containers #6317
6. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 plugin, +1 release rss
```
sync repo: +1 plugin, +1 release

## New plugins
- [Suture](https://github.com/libtero/suture) (1.0.0)
```
7. 🔗 HexRaysSA/plugin-repository commits Merge pull request #16 from 19h/v1 rss
```
Merge pull request #16 from 19h/v1

chore: Register libtero and 19h IDA tools in known repositories
```
8. 🔗 r/LocalLLaMA I clustered 3 DGX Sparks that NVIDIA said couldn't be clustered yet...took 1500 lines of C to make it work rss
  | NVIDIA officially supports clustering two DGX Sparks together. I wanted three. The problem: each Spark has two 100Gbps ConnectX-7 ports. In a 3-node triangle mesh, each link ends up on a different subnet. NCCL's built-in networking assumes all peers are reachable from a single NIC. It just... doesn't work. So I wrote a custom NCCL network plugin from scratch. What it does:
  - Subnet-aware NIC selection (picks the right NIC for each peer)
  - Raw RDMA verbs implementation (QP state machines, memory registration, completion queues)
  - Custom TCP handshake protocol to avoid deadlocks
  - ~1500 lines of C
  The result: Distributed inference across all 3 nodes at 8+ GB/s over RDMA. The NVIDIA support tier I'm currently on:
```
├── Supported configs ✓ ├── "Should work" configs ├── "You're on your own" configs ├── "Please don't call us" configs ├── "How did you even..." configs └── You are here → "Writing custom NCCL plugins to cluster standalone workstations over a hand-wired RDMA mesh"
```
  GitHub link: https://github.com/autoscriptlabs/nccl-mesh-plugin Happy to answer questions about the implementation. This was a mass of low-level debugging (segfaults, RDMA state machine issues, GID table problems) but it works. submitted by /u/Ok-Pomegranate1314
  [link] [comments]
  ---|---
9. 🔗 badlogic/pi-mono v0.42.1 release
  Fixed
  - Symlinked directories in prompts/ folders are now followed when loading prompt templates (#601 by @aliou)
10. 🔗 r/LocalLLaMA RTX Blackwell Pro 6000 wholesale pricing has dropped by $150-200 rss
  
  Obviously the RTX Blackwell Pro 6000 cards are of great interest to the people here. I see them come up a lot. And we all ooh and ahh over the people that have 8 of them lined up in a nice row.
  
  It also seems to me like the market is suffering from lack of transparency on these.
  
  My employer buys these cards wholesale, and I can see current pricing and stock in our distributors' systems. (And I may have slipped in an order for one for myself...) It's eye-opening.
  
  I'm probably not supposed to disclose the exact price we buy these at. But I wanted people to know that unlike everything else with RAM in it, the wholesale price of these has dropped by about ~$150-200 from December to January.
  
  I will also say that the wholesale price for the 6000 Pro is only about $600 higher than the wholesale price for the new 72GiB 5000 Pro. So, for the love of god, please don't buy that!
  
  (And no, this is not marketing or an ad; I cannot sell anyone these cards at any price. I would be fired immediately. I just want people to have the best available information when they're looking to buy something this expensive.)
  
  submitted by /u/TastesLikeOwlbear
  [link] [comments]
11. 🔗 HexRaysSA/plugin-repository commits chore: Register libtero and 19h IDA tools in known repositories rss
```
chore: Register libtero and 19h IDA tools in known repositories

known-repositories.txt (modified):
- Added three repositories from user libtero: suture, graphviewer, and idaguides
- Added four repositories from user 19h: ida-lifter, ida-codedump, ida-semray, idalib-dump, chernobog

Impact:
- Expands the tracking list to include additional IDA Pro related utilities, specifically focusing on lifting, dumping, debofuscation, and graph visualization tools.
```
12. 🔗 r/LocalLLaMA The reason why RAM has become so expensive rss
  
  | submitted by /u/InvadersMustLive
  [link] [comments]
  ---|---
13. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 plugin, +1 release rss
```
sync repo: +1 plugin, +1 release

## New plugins
- [BinSync](https://github.com/binsync/binsync) (5.10.1)
```
14. 🔗 r/LocalLLaMA DeepSeek V4 Coming rss
  
  According to two people with direct knowledge, DeepSeek is expected to roll out a next‑generation flagship AI model in the coming weeks that focuses on strong code‑generation capabilities.
  
  The two sources said the model, codenamed V4, is an iteration of the V3 model DeepSeek released in December 2024. Preliminary internal benchmark tests conducted by DeepSeek employees indicate the model outperforms existing mainstream models in code generation, including Anthropic’s Claude and the OpenAI GPT family.
  
  The sources said the V4 model achieves a technical breakthrough in handling and parsing very long code prompts, a significant practical advantage for engineers working on complex software projects. They also said the model’s ability to understand data patterns across the full training pipeline has been improved and that no degradation in performance has been observed.
  
  One of the insiders said users may find that V4’s outputs are more logically rigorous and clear, a trait that indicates the model has stronger reasoning ability and will be much more reliable when performing complex tasks.
  
  https://www.theinformation.com/articles/deepseek-release-next-flagship-ai- model-strong-coding-ability
  
  submitted by /u/External_Mood4719
  [link] [comments]
15. 🔗 @malcat@infosec.exchange [#kesakode](https://infosec.exchange/tags/kesakode) DB update to 1.0.48: mastodon
  
  #kesakode DB update to 1.0.48:
  
  ● new sigs: Crazyhunter, Echogather, IranBot, MaskGramStealer, PulsarRat and Themeforestrat
  ● 9 existing entries updated
  ● FP-fixed signatures: 82
  ● 1146 new clean programs whitelisted
  ● +527K unique functions
  ● +700K unique strings
16. 🔗 r/LocalLLaMA (The Information): DeepSeek To Release Next Flagship AI Model With Strong Coding Ability rss
  
  | (paywall): https://www.theinformation.com/articles/deepseek-release-next-flagship-ai-model-strong-coding-ability submitted by /u/Nunki08
  [link] [comments]
  ---|---
17. 🔗 Textualize/textual The One Line Release release
  [7.0.2] - 2026-01-09
  
  Fixed
  - Removed superfluous style updates when setting display attribute. #6316
18. 🔗 pranshuparmar/witr v0.2.2 release
  What's Changed
  - Fix: sudo command usage in install.sh (introduced in 7ee5907) by @jinks908 in #132
  - docs: Mention windows for conda-forge installation by @pavelzw in #133
  - Main PR by @pranshuparmar in #134
  - fix: escape ansi control characters to avoid security issues by @ggmolly in #117
  - Feat/extended darwin by @chojs23 in #135
  - Main PR by @pranshuparmar in #136
  New Contributors
  - @jinks908 made their first contribution in #132
  Full Changelog : v0.2.1...v0.2.2
19. 🔗 r/LocalLLaMA Big tech companies, now "DRAM beggars," are staying in Pangyo and Pyeongtaek, demanding "give us some supplies." rss
  
  | Not a Korean speaker. Came across this in another sub. The TLDR is that everyone is scrambling to buy as much as they can as soon as they can, because "demanding a 50-60% increase in server DRAM supply prices from the previous quarter during their first-quarter negotiations with customers". Per the article, DDR4 prices went up from $1.40 last January to $9.30 in December (my interpretation is $/GB). If they're increasing by another 50%, that's almost $14/GB!!! So, 1TB of DDR4-3200 will cost north of $14k by Q2 if this is true 🤯 In case anyone thought things weren't already bad, it's going to get much much worse this year. Here's the full Google translate of the article: DRAM, a type of memory semiconductor, was the key driver behind Samsung Electronics' first-quarter operating profit surpassing 20 trillion won. DRAM products, including high-bandwidth memory (HBM), are a core component of the computing infrastructure supporting the artificial intelligence (AI) era. The semiconductor industry predicts that the DRAM shortage, which began in earnest in the second half of last year, will continue until the end of this year, with prices also expected to continue rising. Samsung Electronics and SK Hynix, major suppliers of DRAM, are reportedly demanding a 50-60% increase in server DRAM supply prices from the previous quarter during their first-quarter negotiations with customers. A semiconductor industry insider reported, "Even with significantly higher prices, the prevailing sentiment is 'let's buy as much as we can before it gets more expensive.'" Recently, semiconductor purchasing managers from Silicon Valley tech companies, nicknamed "DRAM Beggars," have been reportedly competing fiercely to secure remaining DRAM inventory at hotels in the Pangyo and Pyeongtaek areas. The semiconductor industry analyzes that "the demand that was initially focused on HBM in the early days of the AI craze is now spreading to server DRAM, creating an unprecedented semiconductor boom." DRAM is a semiconductor that manages a computer's "short-term memory." It stores and quickly transmits necessary data when the central processing unit (CPU), the brain, performs tasks. HBM is specialized for seamlessly delivering the massive data required for AI by increasing the data transmission path (bandwidth) dozens of times compared to conventional DRAM. However, HBM is extremely expensive and has limitations in increasing capacity. This explains why big tech companies are scrambling to secure server DRAM products to store more data. The average contract price of DRAM soared from $1.40 (based on 8GB DDR4) in January last year to $9.30 in December. This marks the first time in seven years and four months that DRAM prices have surpassed the $9 threshold. Kim Dong-won, head of the research center at KB Securities, said, "Due to this price increase, the operating profit margin (the ratio of operating profit to sales) of some general-purpose memories (widely used standard memories) is expected to reach 70%, and DDR5 may even surpass the margin of HBM3E. This year, semiconductor companies' performance is expected to be determined by general-purpose memories." submitted by /u/FullstackSensei
  [link] [comments]
  ---|---
20. 🔗 batrachianai/toad The Blinking Release release
  [0.5.25] - 2026-01-09
  
  Added
  - Added F1 key to toggle help panel
  - Added context help to main widgets
  Changed
  - Changed sidebar binding to ctrl+b
  [0.5.24] - 2026-01-08
  
  Added
  - Added sound for permission request
  - Added terminal title
  - Added blinking of terminal title when asking permission
  - Added an error message if the agent reports an internal error during its turn
21. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 plugin, +2 releases, ~1 changed rss
```
sync repo: +1 plugin, +2 releases, ~1 changed

## New plugins
- [ida-security-scanner](https://github.com/SymbioticSec/ida-security-scanner) (0.1.2, 0.0.1)

## Changes
- [unicorn-tracer-arm64](https://github.com/chenxvb/Unicorn-Trace):
  - 0.1: archive contents changed, download URL changed
```
22. 🔗 HexRaysSA/plugin-repository commits Merge pull request #15 from Anthony-Bondu/patch-1 rss
```
Merge pull request #15 from Anthony-Bondu/patch-1

Add SymbioticSec/ida-security-scanner to known repositories
```
23. 🔗 HexRaysSA/plugin-repository commits Add SymbioticSec/ida-security-scanner to known repositories rss
```
Add SymbioticSec/ida-security-scanner to known repositories

Manually added a new repository entry for 'SymbioticSec/ida-security-scanner'.
```
24. 🔗 badlogic/pi-mono v0.42.0 release
  Added
  - Added OpenCode Zen provider support. Set OPENCODE_API_KEY env var and use opencode/<model-id> (e.g., opencode/claude-opus-4-5).
25. 🔗 badlogic/pi-mono v0.41.0 release
  Added
  - Anthropic OAuth support is back! Use /login to authenticate with your Claude Pro/Max subscription.
26. 🔗 @cxiao@infosec.exchange RE: mastodon
  
  RE: https://infosec.exchange/@watchTowr/115860948823554212
  
  spoiler alert it's ../ AGAIN 😭😭😭😭
27. 🔗 badlogic/pi-mono v0.40.1 release
  Removed
  - Anthropic OAuth support (/login). Use API keys instead.
28. 🔗 r/LocalLLaMA OK I get it, now I love llama.cpp rss
  
  I just made the switch from Ollama to llama.cpp. Ollama is fantastic for the beginner because it lets you super easily run LLMs and switch between them all. Once you realize what you truly want to run, llama.cpp is really the way to go.
  
  My hardware ain't great, I have a single 3060 12GB GPU and three P102-100 GPUs for a total of 42GB. My system ram is 96GB along with an Intel i7-9800x. It blows my mind that with some tuning what difference it can make. You really need to understand each of the commands for llama.cpp to get the most out of it especially with uneven vram like mine. I used Chatgpt, Perplexity and suprisingly only Google AI studio could optimize my settings while teaching me along the way.
  
  Crazy how these two commands both fill up the ram but one is twice as fast as the other. Chatgpt helped me with the first one, Google AI with the other ;). Now I'm happy running local lol.
  
  11t/s:
  sudo pkill -f llama-server; sudo nvidia-smi --gpu-reset -i 0,1,2,3 || true; sleep 5; sudo CUDA_VISIBLE_DEVICES=0,1,2,3 ./llama-server --model /home/llm/llama.cpp/models/gpt-oss-120b/Q4_K_M/gpt- oss-120b-Q4_K_M-00001-of-00002.gguf --n-gpu-layers 21 --main-gpu 0 --flash- attn off --cache-type-k q8_0 --cache-type-v f16 --ctx-size 30000 --port 8080 --host 0.0.0.0 --mmap --numa distribute --batch-size 384 --ubatch-size 256 --jinja --threads $(nproc) --parallel 2 --tensor-split 12,10,10,10 --mlock
  
  21t/s
  sudo pkill -f llama-server; sudo nvidia-smi --gpu-reset -i 0,1,2,3 || true; sleep 5; sudo GGML_CUDA_ENABLE_UNIFIED_MEMORY=0 CUDA_VISIBLE_DEVICES=0,1,2,3 ./llama-server --model /home/llm/llama.cpp/models/gpt-oss-120b/Q4_K_M/gpt- oss-120b-Q4_K_M-00001-of-00002.gguf --n-gpu-layers 99 --main-gpu 0 --split- mode layer --tensor-split 5,5,6,20 -ot "blk\.(2[1-9]|[3-9][0-9])\.ffn_.*_exps\.weight=CPU" --ctx-size 30000 --port 8080 --host 0.0.0.0 --batch-size 512 --ubatch-size 256 --threads 8 --parallel 1 --mlock
  
  Nothing here is worth copying and pasting as it is unique to my config but the moral of the story is, if you tune llama.cpp this thing will FLY!
  
  submitted by /u/vulcan4d
  [link] [comments]
29. 🔗 anthropics/claude-code v2.1.2 release
  What's changed
  - Added source path metadata to images dragged onto the terminal, helping Claude understand where images originated
  - Added clickable hyperlinks for file paths in tool output in terminals that support OSC 8 (like iTerm)
  - Added support for Windows Package Manager (winget) installations with automatic detection and update instructions
  - Added Shift+Tab keyboard shortcut in plan mode to quickly select "auto-accept edits" option
  - Added FORCE_AUTOUPDATE_PLUGINS environment variable to allow plugin autoupdate even when the main auto-updater is disabled
  - Added agent_type to SessionStart hook input, populated if --agent is specified
  - Fixed a command injection vulnerability in bash command processing where malformed input could execute arbitrary commands
  - Fixed a memory leak where tree-sitter parse trees were not being freed, causing WASM memory to grow unbounded over long sessions
  - Fixed binary files (images, PDFs, etc.) being accidentally included in memory when using @include directives in CLAUDE.md files
  - Fixed updates incorrectly claiming another installation is in progress
  - Fixed crash when socket files exist in watched directories (defense-in-depth for EOPNOTSUPP errors)
  - Fixed remote session URL and teleport being broken when using /tasks command
  - Fixed MCP tool names being exposed in analytics events by sanitizing user-specific server configurations
  - Improved Option-as-Meta hint on macOS to show terminal-specific instructions for native CSIu terminals like iTerm2, Kitty, and WezTerm
  - Improved error message when pasting images over SSH to suggest using scp instead of the unhelpful clipboard shortcut hint
  - Improved permission explainer to not flag routine dev workflows (git fetch/rebase, npm install, tests, PRs) as medium risk
  - Changed large bash command outputs to be saved to disk instead of truncated, allowing Claude to read the full content
  - Changed large tool outputs to be persisted to disk instead of truncated, providing full output access via file references
  - Changed /plugins installed tab to unify plugins and MCPs with scope-based grouping
  - Deprecated Windows managed settings path C:\ProgramData\ClaudeCode\managed-settings.json - administrators should migrate to C:\Program Files\ClaudeCode\managed-settings.json
  - [SDK] Changed minimum zod peer dependency to ^4.0.0
  - [VSCode] Fixed usage display not updating after manual compact
30. 🔗 Ampcode News Agents Panel rss
  The Amp editor extension now has a new panel to view and manage all active agent threads.
  
  You can use the keyboard to navigate between threads:
  - j/k or arrow keys to move between threads
  - Space to expand a thread panel to show the last message or tool result
  - Enter to open a thread
  - e to archive or unarchive a thread
  - Esc to toggle focus between the thread list and the input, which starts new threads
  We recommend archiving old threads so the displayed threads represent your working set. You can use Archive Old Threads from the Amp command palette (Cmd-K from the Amp panel) to archive threads older than 72 hours.
  
  As coding agents improve and require less direct human oversight, more time will be spent by humans in managing and orchestrating work across multiple agent threads. We'll have more to share soon.
  
  To get started, click the button on the left end of the navbar or use Cmd-Opt-I (macOS) or Ctrl-Alt-I (Windows/Linux).
January 08, 2026
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-01-08 rss
  IDA Plugin Updates on 2026-01-08
  
  New Releases:
  Activity:
  - DriverBuddy-7.4-plus
    
    3d8ad303: Sync auto-tag-based-review.yml from .github repo
    
    e774e4fc: Sync auto-llm-issue-review.yml from .github repo
    
    96ded052: Sync auto-advance-ball.yml from .github repo
    
    f85aa8ad: Sync auto-copilot-functionality-docs-review.yml from .github repo
    
    9ba310a3: Sync auto-label-comment-prs.yml from .github repo
    
    074368c9: Sync auto-close-issues.yml from .github repo
    
    4284808c: Sync auto-assign-pr.yml from .github repo
    
    59a93cef: Sync auto-assign-copilot.yml from .github repo
    
    7693bcee: Sync trigger-all-repos.yml from .github repo
    
    49baebb4: Sync auto-sec-scan.yml from .github repo
    
    f19df2f1: Sync workflows-sync-template-backup.yml from .github repo
    
    c4998750: Sync auto-label.yml from .github repo
    
    59cc4361: Sync auto-llm-pr-review.yml from .github repo
    
    93829e8b: Sync auto-copilot-code-cleanliness-review.yml from .github repo
    
    a61ff536: Sync auto-tag-based-review.yml from .github repo
    
    e52f2d12: Sync auto-llm-issue-review.yml from .github repo
    
    b6ae4d1e: Sync auto-advance-ball.yml from .github repo
    
    59a6fca8: Sync auto-gpt5-implementation.yml from .github repo
    
    c64529f6: Sync auto-copilot-org-playwright-loop.yaml from .github repo
    
    9334def1: Sync auto-copilot-functionality-docs-review.yml from .github repo
  - ghidra
    
    4e8ff9e6: Merge remote-tracking branch 'origin/patch'
    
    1acb4a37: GP-6301: PyGhidraTaskMonitor no longer hangs python session
  - ida-hcli
    
    511bf887: 0.15.1
    
    e17d3be1: style: apply ruff formatting fixes
    
    6ed6d4ad: add accept eula command
  - ida-structor
    
    fa17365f: feat: Implement Z3-based constraint solver for structure synthesis
    
    f8c836bf: Amend readme…
    
    0321cba9: feat: Migrate configuration from IDB netnodes to global INI file
    
    82de087a: refactor: Replace UIIntegration singleton with stateless namespace fu…
    
    ba48dbd3: fix: Listen for ui_database_closed to ensure safe cleanup
    
    a30cb60c: feat: Implement Structor plugin for automated structure synthesis
  - ida2llvm
    
    85b440d7: PySide6 quick change
  - IDAPluginList
    
    dbc907dd: Update
  - suture
    
    ebb01f9c: support for shifted pointers
    
    1dddf138: fixed: Slice.a= wasn't really expanded due to no pattern.setter
2. 🔗 badlogic/pi-mono v0.40.0 release
  Added
  - Documentation on component invalidation and theme changes in docs/tui.md
  Fixed
  - Components now properly rebuild their content on theme change (tool executions, assistant messages, bash executions, custom messages, branch/compaction summaries)
3. 🔗 badlogic/pi-mono v0.39.1 release
  Fixed
  - setTheme() now triggers a full rerender so previously rendered components update with the new theme colors
  - mac-system-theme.ts example now polls every 2 seconds and uses osascript for real-time macOS appearance detection
4. 🔗 r/LocalLLaMA The NO FAKES Act has a "Fingerprinting" Trap that kills Open Source. We need to lobby for a Safe Harbor. rss
  
  Hey everyone, I’ve been reading the text of the "NO FAKES Act" currently in Congress, and it’s worse than I thought. The Tldr: It creates a "digital replica right" for voices/likenesses. That sounds fine for stopping deepfake porn, but the liability language is a trap. It targets anyone who "makes available" a tool that is primarily used for replicas.
  The Problem: If you release a TTS model or a voice-conversion RVC model on HuggingFace, and someone else uses it to fake a celebrity, you (the dev) can be liable for statutory damages ($5k-$25k per violation). There is no Section 230 protection here. This effectively makes hosting open weights for audio models a legal s*icide mission unless you are OpenAI or Google.
  
  What I did: I contacted my reps email to flag this as an "innovation killer." If you run a repo or care about open weights, you might want to do the same. We need them to add a "Safe Harbor" for tool devs.
  
  S.1367 - 119th Congress (2025-2026): NO FAKES Act of 2025 | Congress.gov | Library of Congress https://share.google/u6dpy7ZQDvZWUrlfc
  
  UPDATE: ACTION ITEMS (How to actually stop this) If you don't want to go to jail for hosting a repo, you need to make noise now. 1. The "Lazy" Email (Takes 30 seconds): Go to Democracy.io or your Senator’s contact page. Subject: Opposition to NO FAKES Act (H.R. 2794 / S. 1367) - Open Source Liability Message: "I am a constituent and software engineer. I oppose the NO FAKES Act unless it includes a specific Safe Harbor for Open Source Code Repositories. The current 'Digital Fingerprinting' requirement (Section 3) is technically impossible for raw model weights to comply with. This bill effectively bans open-source AI hosting in the US and hands a monopoly to Big Tech. Please amend it to protect tool developers." 2. The "Nuclear" Option (Call them): Call the Capitol Switchboard: (202) 224-3121 Ask for Senators Wyden (D) or Massie (R) if you want to thank them for being tech-literate, or call your own Senator to complain. Script: "The NO FAKES Act kills open- source innovation. We need a Safe Harbor for developers who write code, separate from the bad actors who use it."
  
  submitted by /u/PostEasy7183
  [link] [comments]
5. 🔗 r/LocalLLaMA Z.ai (the AI lab behind GLM) has officially IPO'd on the Hong Kong Stock Exchange rss
  
  submitted by /u/Old-School8916
  [link] [comments]
6. 🔗 Simon Willison LLM predictions for 2026, shared with Oxide and Friends rss
  I joined a recording of the Oxide and Friends podcast on Tuesday to talk about 1, 3 and 6 year predictions for the tech industry. This is my second appearance on their annual predictions episode, you can see my predictions from January 2025 here. Here's the page for this year's episode, with options to listen in all of your favorite podcast apps or directly on YouTube.
  
  Bryan Cantrill started the episode by declaring that he's never been so unsure about what's coming in the next year. I share that uncertainty - the significant advances in coding agents just in the last two months have left me certain that things will change significantly, but unclear as to what those changes will be.
  
  Here are the predictions I shared in the episode.
  1 year: It will become undeniable that LLMs write good code
  
  I think that there are still people out there who are convinced that LLMs cannot write good code. Those people are in for a very nasty shock in 2026. I do not think it will be possible to get to the end of even the next three months while still holding on to that idea that the code they write is all junk and it's it's likely any decent human programmer will write better code than they will.
  
  In 2023, saying that LLMs write garbage code was entirely correct. For most of 2024 that stayed true. In 2025 that changed, but you could be forgiven for continuing to hold out. In 2026 the quality of LLM-generated code will become impossible to deny.
  
  I base this on my own experience - I've spent more time exploring AI-assisted programming than most.
  
  The key change in 2025 (see my overview for the year) was the introduction of "reasoning models" trained specifically against code using Reinforcement Learning. The major labs spent a full year competing with each other on who could get the best code capabilities from their models, and that problem turns out to be perfectly attuned to RL since code challenges come with built-in verifiable success conditions.
  
  Since Claude Opus 4.5 and GPT-5.2 came out in November and December respectively the amount of code I've written by hand has dropped to a single digit percentage of my overall output. The same is true for many other expert programmers I know.
  
  At this point if you continue to argue that LLMs write useless code you're damaging your own credibility.
  
  1 year: We're finally going to solve sandboxing
  
  I think this year is the year we're going to solve sandboxing. I want to run code other people have written on my computing devices without it destroying my computing devices if it's malicious or has bugs. [...] It's crazy that it's 2026 and I still pip install random code and then execute it in a way that it can steal all of my data and delete all my files. [...] I don't want to run a piece of code on any of my devices that somebody else wrote outside of sandbox ever again.
  
  This isn't just about LLMs, but it becomes even more important now there are so many more people writing code often without knowing what they're doing. Sandboxing is also a key part of the battle against prompt injection.
  
  We have a lot of promising technologies in play already for this - containers and WebAssembly being the two I'm most optimistic about. There's real commercial value involved in solving this problem. The pieces are there, what's needed is UX work to reduce the friction in using them productively and securely.
  
  1 year: A "Challenger disaster" for coding agent security
  
  I think we're due a Challenger disaster with respect to coding agent security[...] I think so many people, myself included, are running these coding agents practically as root, right? We're letting them do all of this stuff. And every time I do it, my computer doesn't get wiped. I'm like, "oh, it's fine".
  
  I used this as an opportunity to promote my favourite recent essay about AI security, the Normalization of Deviance in AI by Johann Rehberger.
  
  The Normalization of Deviance describes the phenomenon where people and organizations get used to operating in an unsafe manner because nothing bad has happened to them yet, which can result in enormous problems (like the 1986 Challenger disaster) when their luck runs out.
  
  Every six months I predict that a headline-grabbing prompt injection attack is coming soon, and every six months it doesn't happen. This is my most recent version of that prediction!
  
  1 year: Kākāpō parrots will have an outstanding breeding season
  
  (I dropped this one to lighten the mood after a discussion of the deep sense of existential dread that many programmers are feeling right now!)
  
  I think that Kākāpō parrots in New Zealand are going to have an outstanding breeding season. The reason I think this is that the Rimu trees are in fruit right now. There's only 250 of them, and they only breed if the Rimu trees have a good fruiting. The Rimu trees have been terrible since 2019, but this year the Rimu trees were all blooming. There are researchers saying that all 87 females of breeding age might lay an egg. And for a species with only 250 remaining parrots that's great news.
  
  (I just checked Wikipedia and I was right with the parrot numbers but wrong about the last good breeding season, apparently 2022 was a good year too.)
  
  In a year with precious little in the form of good news I am utterly delighted to share this story. Here's more:
  - Kākāpō breeding season 2026 introduction from the Department of Conservation from June 2025 .
  - Bumper breeding season for kākāpō on the cards - 3rd December 2025, University of Auckland.
  I don't often use AI-generated images on this blog, but the Kākāpō image the Oxide team created for this episode is just perfect:
  
  3 years: the coding agents Jevons paradox for software engineering will resolve, one way or the other
  
  We will find out if the Jevons paradox saves our careers or not. This is a big question that anyone who's a software engineer has right now: we are driving the cost of actually producing working code down to a fraction of what it used to cost. Does that mean that our careers are completely devalued and we all have to learn to live on a tenth of our incomes, or does it mean that the demand for software, for custom software goes up by a factor of 10 and now our skills are even more valuable because you can hire me and I can build you 10 times the software I used to be able to? I think by three years we will know for sure which way that one went.
  
  The quote says it all. There are two ways this coding agents thing could go: it could turn out software engineering skills are devalued, or it could turn out we're more valuable and effective than ever before.
  
  I'm crossing my fingers for the latter! So far it feels to me like it's working out that way.
  
  3 years: Someone will build a new browser using mainly AI-assisted coding and it won't even be a surprise
  
  I think somebody will have built a full web browser mostly using AI assistance, and it won't even be surprising. Rolling a new web browser is one of the most complicated software projects I can imagine[...] the cheat code is the conformance suites. If there are existing tests that it'll get so much easier.
  
  A common complaint today from AI coding skeptics is that LLMs are fine for toy projects but can't be used for anything large and serious.
  
  I think within 3 years that will be comprehensively proven incorrect, to the point that it won't even be controversial anymore.
  
  I picked a web browser here because so much of the work building a browser involves writing code that has to conform to an enormous and daunting selection of both formal tests and informal websites-in-the-wild.
  
  Coding agents are really good at tasks where you can define a concrete goal and then set them to work iterating in that direction.
  
  A web browser is the most ambitious project I can think of that leans into those capabilities.
  
  6 years: Typing code by hand will go the way of punch cards
  
  I think the job of being paid money to type code into a computer will go the same way as punching punch cards [...] in six years time, I do not think anyone will be paid to just to do the thing where you type the code. I think software engineering will still be an enormous career. I just think the software engineers won't be spending multiple hours of their day in a text editor typing out syntax.
  
  The more time I spend on AI-assisted programming the less afraid I am for my job, because it turns out building software - especially at the rate it's now possible to build - still requires enormous skill, experience and depth of understanding.
  
  The skills are changing though! Being able to read a detailed specification and transform it into lines of code is the thing that's being automated away. What's left is everything else, and the more time I spend working with coding agents the larger that "everything else" becomes.
  
  You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.
7. 🔗 @HexRaysSA@infosec.exchange 🔎 Here's another sneak peek! mastodon
  
  🔎 Here's another sneak peek!
  IDA 9.3 will expand its decompiler lineup w/ RH850, improve Golang support, update the Microcode Viewer, add the "forbid assignment propagation" feature, and more.
  
  Get the details here: https://hex-rays.com/blog/ida-9.3-expands-decompiler- lineup
8. 🔗 r/LocalLLaMA Jensen Huang saying "AI" 121 times during the NVIDIA CES keynote - cut with one prompt rss
  
  | Someone had to count it. Turns out Jensen said "AI" exactly 121 times in the CES 2025 keynote. I used https://github.com/OpenAgentPlatform/Dive (open-source MCP client) + two MCPs I made: - https://github.com/kevinwatt/yt-dlp-mcp - YouTube download
  - https://github.com/kevinwatt/ffmpeg-mcp-lite - video editing One prompt:
  
  Task: Create a compilation video of every exact moment Jensen Huang says "AI".
  Video source: https://www.youtube.com/watch?v=0NBILspM4c4 Instructions: Download video in 720p + subtitles in JSON3 format (word- level timestamps) Parse JSON3 to find every "AI" instance with precise start/end times Use ffmpeg to cut clips (~50-100ms padding for natural sound) Concatenate all clips chronologically Output: Jensen_CES_AI.mp4
  
  Dive chained the two MCPs together - download → parse timestamps → cut 121 clips → merge. All local, no cloud. If you want to see how it runs: https://www.youtube.com/watch?v=u_7OtyYAX74 The result is... hypnotic. submitted by /u/Prior-Arm-6705
  [link] [comments]
  ---|---
9. 🔗 pranshuparmar/witr v0.2.1 release
  What's Changed
  - added condition for sudo checking in installation script by @5p4r70n in #129
  - Fix nil map panic in launchd_darwin.go when running without root by @Archangelwu in #130
  - Main PR by @pranshuparmar in #131
  New Contributors
  - @5p4r70n made their first contribution in #129
  - @Archangelwu made their first contribution in #130
  Full Changelog : v0.2.0...v0.2.1
10. 🔗 gulbanana/gg GG 0.37.0 release
  This release is based on Jujutsu 0.37.
  
  Added
  - Repository -> Init... and Repository -> Clone... menuitems, for creating repositories.
  - Progress bar for slow git operations (fetch, push, clone).
  - Relative timestamps update on each snapshot (which happen after modifications or when the window/tab is focused).
  - GG now respects the snapshot.auto-update-stale setting. Additionally, when first opening a repo, it will always update the working copy if it's stale.
  Fixed
  - In GUI mode, the Repository -> Open... menuitem always opened a new window even if you didn't have a workspace loaded in the current window.
11. 🔗 r/LocalLLaMA Dialogue Tree Search - MCTS-style tree search to find optimal dialogue paths (so you don't have to trial-and-error it yourself) rss
  | Hey all! I'm sharing an updated version of my MCTS-for-conversations project. Instead of generating single responses, it explores entire conversation trees to find dialogue strategies and prunes bad paths. I built it to help get better research directions for projects, but it can be used for anything https://preview.redd.it/shr3e0liv1cg1.png?width=2560&format=png&auto=webp&s=eec800c6dcd9f1a4fd033d003fe80e102cba8079 Github: https://github.com/MVPandey/DTS Motivation: I like MCTS :3 and I originally wanted to make this a dataset-creation agent, but this is what it evolved into on its own. Basically:DTS runs parallel beam search over conversation branches. You give it a goal and opening message, and it: (Note: this isnt mcts. It's parallel beam search. UCB1 is too wild with llms for me)
  1. Generates N diverse strategies
  2. Forks each into user intent variants - skeptical, cooperative, confused, resistant (if enabled, or defaults to engaged + probing)
  3. Rolls out full multi-turn conversations down each branch
  4. Has 3 independent LLM judges score each trajectory, takes the median
  5. Prunes branches below threshold, backpropagates scores
  6. Repeats for however many rounds you configure
  https://preview.redd.it/zkii0idvv1cg1.png?width=762&format=png&auto=webp&s=905f9787a8b7c7bfafcc599e95a3b73005c331b4 Three judges with median voting helps a lot with the LLM-as-judge variance problem from CAE. Still not grounded in anything real, but outlier scores get filtered. Research context helps but the scroing is still stochastic. I tried a rubric based approach but it was trash. Main additions over CAE:
  - user intent forking (strategies get stress-tested against different personas)
  - deep research integration via GPT-Researcher for domain context
  - proper visualization with conversation playback
  Only supports openai compatible endpoints atm - works with whatever models you have access to there. It's token-hungry though, a full run can hit 300+ LLM calls depending on config. If running locally, disable parallel calls It's open source (Apache 2.0) and I'm happy to take contributions if anyone wants to help out. Just a project. -- BTW: Backend was done mostly by me as the planner/sys designer, etc + Claude Code for implementation/refactoring. Frontend was purely vibe coded. Sorry if the code is trash. submitted by /u/ManavTheWorld
  [link] [comments]
  ---|---
12. 🔗 jj-vcs/jj v0.37.0 release
  About
  
  jj is a Git-compatible version control system that is both simple and powerful. See
  the installation instructions to get started.
  
  Release highlights
  - A new syntax for referring to hidden and divergent change IDs is available:
    xyz/n where n is a number. For instance, xyz/0 refers to the latest
    version of xyz, while xyz/1 refers to the previous version of xyz.
    This allows you to perform actions like jj restore --from xyz/1 --to xyz to
    restore xyz to its previous contents, if you made a mistake.
  For divergent changes, the numeric suffix will always be shown in the log,
  allowing you to disambiguate them in a similar manner.
  
  Breaking changes
  - String patterns in revsets, command
    arguments, and configuration are now parsed as globs by default. Use
    substring: or exact: prefix as needed.
  - remotes.<name>.auto-track-bookmarks is now parsed the same way they
    are in revsets and can be combined with logical operators.
  - jj bookmark track/untrack now accepts --remote argument. If omitted, all
    remote bookmarks matching the bookmark names will be tracked/untracked. The
    old <bookmark>@<remote> syntax is deprecated in favor of <bookmark> --remote=<remote>.
  - On Windows, symlinks that point to a path with / won't be supported. This
    path is invalid on Windows.
  - The template alias format_short_change_id_with_hidden_and_divergent_info(commit)
    has been replaced by format_short_change_id_with_change_offset(commit).
  - The following deprecated config options have been removed:
    
    git.push-bookmark-prefix
    
    ui.default-description
    
    ui.diff.format
    
    ui.diff.tool
    
    The deprecated commit_id.normal_hex() template method has been removed.
  - Template expansion that did not produce a terminating newline will not be
    fixed up to provide one by jj log, jj evolog, or jj op log.
  - The diff conflict marker style can now use \\\\\\\ markers to indicate
    the continuation of a conflict label from the previous line.
  Deprecations
  - The git_head() and git_refs() functions will be removed from revsets and
    templates. git_head() should point to the first_parent(@) revision in
    colocated repositories. git_refs() can be approximated as
    remote_bookmarks(remote=glob:*) | tags().
  New features
  - Updated the executable bit representation in the local working copy to allow
    ignoring executable bit changes on Unix. By default we try to detect the
    filesystem's behavior, but this can be overridden manually by setting
    working-copy.exec-bit-change = "respect" | "ignore".
  - jj workspace add now also works for empty destination directories.
  - jj git remote family of commands now supports different fetch and push URLs.
  - [colors] table now supports dim = true attribute.
  - In color-words diffs, context line numbers are now rendered with decreased
    intensity.
  - Hidden and divergent commits can now be unambiguously selected using their
    change ID combined with a numeric suffix. For instance, if there are two
    commits with change ID xyz, then one can be referred to as xyz/0 and the
    other can be referred to as xyz/1. These suffixes are shown in the log when
    necessary to make a change ID unambiguous.
  - jj util gc now prunes unreachable files in .jj/repo/store/extra to save
    disk space.
  - Early version of a jj file search command for searching for a pattern in
    files (like git grep).
  - Conflict labels now contain information about where the sides of a conflict
    came from (e.g. nlqwxzwn 7dd24e73 "first line of description").
  - --insert-before now accepts a revset that resolves to an empty set when
    used with --insert-after. The behavior is similar to --onto.
  - jj tag list now supports --sort option.
  - TreeDiffEntry type now has a display_diff_path() method that formats
    renames/copies appropriately.
  - TreeDiffEntry now has a status_char() method that returns
    single-character status codes (M/A/D/C/R).
  - CommitEvolutionEntry type now has a predecessors() method which
    returns the predecessor commits (previous versions) of the entry's commit.
  - CommitEvolutionEntry type now has a inter_diff() method which
    returns a TreeDiff between the entry's commit and its predecessor version.
    Optionally accepts a fileset literal to limit the diff.
  - jj file annotate now reports an error for non-files instead of succeeding
    and displaying no content.
  - jj workspace forget now warns about unknown workspaces instead of failing.
  Fixed bugs
  - Broken symlink on Windows. #6934.
  - Fixed failure on exporting moved/deleted annotated tags to Git. Moved tags are
    exported as lightweight tags.
  - jj gerrit upload now correctly handles mixed explicit and implicit
    Change-Ids in chains of commits (#8219)
  - jj git push now updates partially-pushed remote bookmarks accordingly.
    #6787
  - Fixed problem of loading large Git packfiles.
    GitoxideLabs/gitoxide#2265
  - The builtin pager won't get stuck when stdin is redirected.
  - jj workspace add now prevents creating an empty workspace name.
  - Fixed checkout of symlinks pointing to themselves or .git/.jj on Unix. The
    problem would still remain on Windows if symlinks are enabled.
    #8348
  - Fixed a bug where jj would fail to read git delta objects from pack files.
    GitoxideLabs/gitoxide#2344
  Contributors
  
  Thanks to the people who made this release happen!
  - Anton Älgmyr (@algmyr)
  - Austin Seipp (@thoughtpolice)
  - Bryce Berger (@bryceberger)
  - Carlos Knippschild (@chuim)
  - Cole Helbling (@cole-h)
  - David Higgs (@higgsd)
  - Eekle (@Eekle)
  - Gaëtan Lehmann (@glehmann)
  - Ian Wrzesinski (@isuffix)
  - Ilya Grigoriev (@ilyagr)
  - Julian Howes (@jlnhws)
  - Kaiyi Li (@06393993)
  - Lukas Krejci (@metlos)
  - Martin von Zweigbergk (@martinvonz)
  - Matt Stark (@matts1)
  - Ori Avtalion (@salty-horse)
  - Scott Taylor (@scott2000)
  - Shaoxuan (Max) Yuan (@ffyuanda)
  - Stephen Jennings (@jennings)
  - Steve Fink (@hotsphink)
  - Steve Klabnik (@steveklabnik)
  - Theo Buehler (@botovq)
  - Thomas Castiglione (@gulbanana)
  - Vincent Ging Ho Yim (@cenviity)
  - xtqqczze (@xtqqczze)
  - Yuantao Wang (@0WD0)
  - Yuya Nishihara (@yuja)
13. 🔗 Hex-Rays Blog IDA 9.3 Expands and Improves Its Decompiler Lineup rss
  
  We know you’re always looking for broader platform coverage from the Hex-Rays decompiler, which is why we’re adding another one to the lineup: the RH850 decompiler. And of course, we haven’t stopped improving what’s already there. In this upcoming release, we’ve enhanced the analysis of Golang programs, fine-tuned value range optimization, made the new microcode viewer easier to use, and more.
14. 🔗 @cxiao@infosec.exchange RE: mastodon
  
  RE: https://mas.to/@Bislick/115856677525425915
  
  solidarity with venezuelans and those on the bottom resisting authoritarianism, for 26 years. may venezuelans everywhere, those who have stayed and those who have left, have a better country in their lifetimes
15. 🔗 Console.dev newsletter Taws rss
  
  Description: Terminal UI for AWS.
  
  What we like: Uses existing auth options (AWS SSO, credentials, config, env-vars) with multiple profile and region support. Supports lots of resource types (compute, databases, networking, logs). Vim-style navigation and commands. Provides detailed (JSON/YAML) views of resources. Filtering and pagination.
  
  What we dislike: Doesn’t support all resources, so may have some limitations depending on your AWS service usage.
16. 🔗 Console.dev newsletter uv rss
  
  Description: Python package & project manager.
  
  What we like: Replaces your Python toolchain - makes it easy to manage virtual environments, dependencies, Python versions, workspaces. Supports package version management and publishing workflows. Built-in build backend. Cached dependency deduplication. Very fast.
  
  What we dislike: Not quite at a stable release version yet, but is effectively stable.
17. 🔗 Julia Evans A data model for Git (and other docs updates) rss
  Hello! This past fall, I decided to take some time to work on Git's documentation. I've been thinking about working on open source docs for a long time - usually if I think the documentation for something could be improved, I'll write a blog post or a zine or something. But this time I wondered: could I instead make a few improvements to the official documentation?
  
  So Marie and I made a few changes to the Git documentation!
  
  a data model for Git
  
  After a while working on the documentation, we noticed that Git uses the terms "object", "reference", or "index" in its documentation a lot, but that it didn't have a great explanation of what those terms mean or how they relate to other core concepts like "commit" and "branch". So we wrote a new "data model" document!
  
  You can read the data model here for now. I assume at some point (after the next release?) it'll also be on the Git website.
  
  I'm excited about this because understanding how Git organizes its commit and branch data has really helped me reason about how Git works over the years, and I think it's important to have a short (1600 words!) version of the data model that's accurate.
  
  The "accurate" part turned out to not be that easy: I knew the basics of how Git's data model worked, but during the review process I learned some new details and had to make quite a few changes (for example how merge conflicts are stored in the staging area).
  
  updates to git push, git pull, and more
  
  I also worked on updating the introduction to some of Git's core man pages. I quickly realized that "just try to improve it according to my best judgement" was not going to work: why should the maintainers believe me that my version is better?
  
  I've seen a problem a lot when discussing open source documentation changes where 2 expert users of the software argue about whether an explanation is clear or not ("I think X would be a good way to explain it! Well, I think Y would be better!")
  
  I don't think this is very productive (expert users of a piece of software are notoriously bad at being able to tell if an explanation will be clear to non- experts), so I needed to find a way to identify problems with the man pages that was a little more evidence-based.
  
  getting test readers to identify problems
  
  I asked for test readers on Mastodon to read the current version of documentation and tell me what they find confusing or what questions they have. About 80 test readers left comments, and I learned so much!
  
  People left a huge amount of great feedback, for example:
  - terminology they didn't understand (what's a pathspec? what does "reference" mean? does "upstream" have a specific meaning in Git?)
  - specific confusing sentences
  - suggestions of things things to add ("I do X all the time, I think it should be included here")
  - inconsistencies ("here it implies X is the default, but elsewhere it implies Y is the default")
  Most of the test readers had been using Git for at least 5-10 years, which I think worked well - if a group of test readers who have been using Git regularly for 5+ years find a sentence or term impossible to understand, it makes it easy to argue that the documentation should be updated to make it clearer.
  
  I thought this "get users of the software to comment on the existing documentation and then fix the problems they find" pattern worked really well and I'm excited about potentially trying it again in the future.
  
  the man page changes
  
  We ended updating these 4 man pages:
  - git add (before, after)
  - git checkout (before, after)
  - git push (before, after)
  - git pull (before, after)
  The git push and git pull changes were the most interesting to me: in addition to updating the intro to those pages, we also ended up writing:
  - a section describing what the term "upstream branch" means (which previously wasn't really explained)
  - a cleaned-up description of what a "push refspec" is
  Making those changes really gave me an appreciation for how much work it is to maintain open source documentation: it's not easy to write things that are both clear and true, and sometimes we had to make compromises, for example the sentence "git push may fail if you haven’t set an upstream for the current branch, depending on what push.default is set to." is a little vague, but the exact details of what "depending" means are really complicated and untangling that is a big project.
  
  on the process for contributing to Git
  
  It took me a while to understand Git's development process. I'm not going to try to describe it here (that could be a whole other post!), but a few quick notes:
  - Git has a Discord server with a "my first contribution" channel for help with getting started contributing. I found people to be very welcoming on the Discord.
  - I used GitGitGadget to make all of my contributions. This meant that I could make a GitHub pull request (a workflow I'm comfortable with) and GitGitGadget would convert my PRs into the system the Git developers use (emails with patches attached). GitGitGadget worked great and I was very grateful to not have to learn how to send patches by email with Git.
  - Otherwise I used my normal email client (Fastmail's web interface) to reply to emails, wrapping my text to 80 character lines since that's the mailing list norm.
  I also found the mailing list archives on lore.kernel.org hard to navigate, so I hacked together my own git list viewer to make it easier to read the long mailing list threads.
  
  Many people helped me navigate the contribution process and review the changes: thanks to Emily Shaffer, Johannes Schindelin (the author of GitGitGadget), Patrick Steinhardt, Ben Knoble, Junio Hamano, and more.
  
  (I'm experimenting with comments on Mastodon, you can see the comments here)
18. 🔗 Ampcode News The Frontier Is Now Free rss
  
  Every Amp user can now receive daily free credits to use the full Amp experience, including our frontier smart agent powered by Opus 4.5. No payment required, powered by ads—turn them off if you don't want free credits.
  
  If you're a new user, just sign up for Amp, and download the CLI or editor extension.
  
  If you're an existing user, go to user settings to enable ad-supported free credits.
  
  What You Get
  
  The free credit grant replenishes hourly, giving you a total of $10 worth of credits per day or roughly $300 of credits per month. When you've used up free credits, you can either wait for the hourly reset or purchase paid credits.
  
  Amp's smart mode is currently driven by Opus 4.5 (with GPT-5 and Gemini-3-powered subagents like the oracle + librarian). You can also use rush mode, which provides faster inference at a lower cost per token, currently driven by Haiku 4.5.
  
  Really?
  
  Really! Like everything we do, ad-supported inference is an experiment. We can't promise we can do this forever, but we've already rolled it out to a sizable beta group thanks to our ad partners and it has been well-received. You can apply to become an ad partner.
  
  Ads are text-only and never influence Amp's responses. If you don't like ads, you can opt out and just pay the cost of inference.
  
  We invite new users to check out our manual, which contains good tips for using Amp efficiently.
19. 🔗 Ampcode News Efficient MCP Tool Loading rss
  MCP servers often provide a lot of tools, many of which aren't used. That costs a lot of tokens, because these tool definitions have to be inserted into the context window whether they're used by the agent or not.
  
  As an example: the chrome-devtools MCP currently provides 26 tools that together take up 17k tokens; that's 10% of Opus 4.5's context window and 26 tools isn't even a lot for many MCP servers.
  
  To help with that, Amp now allows you to combine MCP server configurations with Agent Skills, allowing the agent to load an MCP server's tool definitions only when the skill is invoked.
  
  How It Works
  
  Create an mcp.json file in the skill definition, next to the SKILL.md file, containing the MCP servers and tools you want the agent to load along with the skill:
```
{
    "chrome-devtools": {
        "command": "npx",
        "args": ["-y", "chrome-devtools-mcp@latest"],
        "includeTools": [
            // Tool names or glob patterns
            "navigate_page",
            "take_screenshot",
            "new_page",
            "list_pages"
        ]
    }
}
```
  At the start of a thread, all the agent will see in the context window is the skill description. When (and if) it then invokes the skill, Amp will append the tool descriptions matching the includeTools list to the context window, making them available just in time.
  
  With this specific configuration, instead of loading all 26 tools that chrome-devtools provides, we instead load only four tools, taking up 1.5k tokens instead of 17k.
  
  Take a look at our ui-preview skill, that makes use of the chrome-devtools MCP, for a full example.
  
  If you want to learn more about skills in Amp, take a look at the Agent Skills section in the manual.
  
  To find out more about the implementation of this feature and how we arrived at it, read this blog post by Nicolay.

generated: January 11, 2026 at 15:06:25

to read (pdf)

What's Changed

Pagefind Component UI

Search Relevance, and Searching Metadata

Diacritics Support

Multilingual Improvements

Performance!

More Performance!

Phew

[0.5.28] - 2026-01-11

Fixed

Fixed

What's changed

IDA Plugin Updates on 2026-01-10

New Releases:

Activity:

Fixed

Changed

[0.5.27] - 2026-01-10

Changed

[0.5.26] - 2026-01-10

Fixed

Added

[7.1.0] - 2026-01-10

Fixed

Added

Added

Fixed

Good AI

Bad AI

The Experiment

IDA Plugin Updates on 2026-01-09

New Releases:

Activity:

Developer sandboxes

Storage and checkpoints

Really clever use of Claude Skills

A sandbox API

Scale-to-zero billing

Two of my favorite problems at once

What's changed

[7.0.3] - 2026-01-09

Fixed

Fixed

[7.0.2] - 2026-01-09

Fixed

What's Changed

New Contributors

[0.5.25] - 2026-01-09

Added

Changed

[0.5.24] - 2026-01-08

Added

Added

Added

Removed

What's changed

IDA Plugin Updates on 2026-01-08

New Releases:

Activity:

Added

Fixed

Fixed

1 year: It will become undeniable that LLMs write good code

1 year: We're finally going to solve sandboxing

1 year: A "Challenger disaster" for coding agent security

1 year: Kākāpō parrots will have an outstanding breeding season

3 years: the coding agents Jevons paradox for software engineering will resolve, one way or the other

3 years: Someone will build a new browser using mainly AI-assisted coding and it won't even be a surprise

6 years: Typing code by hand will go the way of punch cards

What's Changed

New Contributors

Added

Fixed

About

Release highlights

Breaking changes

Deprecations

New features

Fixed bugs

updates to `git push`, `git pull`, and more