๐Ÿก
  • โ†”
  • โ†’

to read (pdf)

  1. I don't want your PRs anymore
  2. JitterDropper | OALABS Research
  3. DomainTools Investigations | DPRK Malware Modularity: Diversity and Functional Specialization
  4. EXHIB: A Benchmark for Realistic and Diverse Evaluation of Function Similarity in the Wild
  5. Neobrutalism components - Start making neobrutalism layouts today

generated: June 17, 2026 at 13:04:22

  1. June 17, 2026
    1. ๐Ÿ”— gchq/CyberChef v11.2.0 release

      See the CHANGELOG and commit messages for details.

    2. ๐Ÿ”— pydantic/pydantic-ai-harness v0.4.0 (2026-06-17) release

      What's Changed

      • feat: add FileSystem and Shell capabilities by @strawgate in #260
      • feat(logfire): add ManagedPrompt capability by @dmontagu in #257
      • feat: add Planning capability with cache-safe plan reminders (experimental) by @strawgate in #266
      • feat: add SubAgents capability for task delegation (experimental) by @strawgate in #267
      • Add StepPersistence capability for step-event durability across delegates (experimental) by @dsfaccini in #251

      • Add experimental compaction menu: SummarizingCompaction, ClearToolResults, DeduplicateFileReads, TieredCompaction by @DouweM in
        #191

      • feat(compaction): add ClampOversizedMessages for runaway generations (experimental) by @dsfaccini in #286

      • feat(experimental): OverflowingToolOutput capability for oversized tool returns by @dsfaccini in #290
      • feat(subagents): per-delegate run controls (usage limits, timeout, call budget, soft-failure) (experimental) by @dsfaccini in #283
      • feat(shell): control subprocess environment to stop secret inheritance by @dsfaccini in #284
      • Add host-backed OS and filesystem access to CodeMode sandbox by @adtyavrdhn in #262
      • Add CodeMode dynamic_catalog flag for cache-stable tool disclosure by @DouweM in #243
      • ci: add pydantic-ai v2 beta early-warning job and make code_mode v1/v2 compatible by @adtyavrdhn in #291

      New Contributors

      Full Changelog : v0.3.0...v0.4.0

    3. ๐Ÿ”— obra/superpowers v6.0.2 release

      Install Fixes

      • We no longer ship theevals submodule. It broke plugin installs for some users, so the eval harness now lives in its own repo, separate from the published plugin. (#1778, #1774)
    4. ๐Ÿ”— r/reverseengineering Reverse engineering "encrypted" kids VTech walkie talkie rss

      submitted by /u/sillysillysoftware
      [link] [comments]

  2. June 16, 2026
    1. ๐Ÿ”— IDA Plugin Updates IDA Plugin Updates on 2026-06-16 rss

      IDA Plugin Updates on 2026-06-16

      Activity:

    2. ๐Ÿ”— earendil-works/pi v0.79.6 release

      Fixed

      • Fixed HTTP dispatcher configuration to preserve a caller's deliberate fetch override instead of reinstalling the undici global fetch over it.
      • Fixed inherited OpenCode Go DeepSeek V4 thinking-off requests to send the provider's thinking: { type: "disabled" } compatibility parameter.
    3. ๐Ÿ”— r/reverseengineering wit keeps claims tied to the thing that proves them rss

      submitted by /u/zboralski
      [link] [comments]

    4. ๐Ÿ”— r/reverseengineering VAXD - lightweight PE EXE/DLL disassembler and patch-assistance tool for Windows rss

      submitted by /u/Bicurico
      [link] [comments]

    5. ๐Ÿ”— earendil-works/pi v0.79.5 release

      New Features

      • Provider-scoped API key environments - auth.json API key entries can now include env overrides for provider-specific Cloudflare, Azure OpenAI, Google Vertex, Amazon Bedrock, cache retention, and proxy settings without changing the project shell. See Auth File.
      • Global HTTP proxy setting - Configure httpProxy once in global settings to apply HTTP_PROXY and HTTPS_PROXY to Pi-managed HTTP clients. See Network.
      • Vercel AI Gateway attribution - Vercel AI Gateway requests now include Pi attribution headers by default. See API Keys.

      Added

      • Added Vercel AI Gateway request attribution headers (http-referer and x-title) for Vercel AI Gateway models (#5798 by @rwachtler).
      • Added an xp footer marker when experimental features are enabled.
      • Added a global httpProxy setting that applies as HTTP_PROXY and HTTPS_PROXY for Pi-managed HTTP clients (#5790).
      • Added auth.json API key env values so provider-specific environment overrides can be scoped to Pi and propagated to inherited provider configuration (#5728).

      Changed

      • Updated the vendored Markdown parser used by HTML session exports to marked 18.0.5.

      Fixed

      • Fixed inherited OpenAI Responses streaming to tolerate null message content from OpenAI-compatible servers before tool calls (#5819).
      • Fixed inherited OpenCode DeepSeek V4 thinking requests to avoid sending both thinking and reasoning_effort (#5818).
      • Fixed device-code login to stop opening the browser automatically.
      • Fixed inherited editor Cursor Up handling so non-empty drafts jump to the start of the line before browsing input history (#5789 by @4h9fbZ).
      • Fixed inherited Z.AI GLM-5.2 thinking requests to send reasoning_effort with the provider's high/max effort mapping (#5770).
      • Fixed successful pi update on Windows to exit naturally instead of calling process.exit(0), avoiding a Node.js/libuv assertion after version-check network requests (#5805).
      • Fixed inherited Google and google-vertex Gemini model metadata to map latest aliases to the current models, add Gemini 3.5 Flash for Vertex, correct Gemini 2.5 Flash Vertex cache pricing, and remove shut-down Vertex preview models (#5761).
      • Fixed the session selector to stay open and show the all-sessions empty state when both current-folder and all-scope session lists are empty (#5747).
      • Fixed inherited Moonshot AI China model metadata to include Kimi K2.7 Code, and omitted unsupported thinking-off payloads for Kimi K2.7 Code models (#5760).
    6. ๐Ÿ”— 3Blue1Brown (YouTube) 100 random chords, how many intersections? rss

      Part of a series of monthly puzzles done in collaboration with MoMath.

    7. ๐Ÿ”— obra/superpowers v6.0.0 release

      v6.0.0 (2026-06-16)

      Superpowers 6.0 is a big release. The headline is a rewrite of how subagent- driven-development reviews each task โ€” cheaper, stricter, and harder to game.

      While these numbers won't hold on every harness and for every workload, in our evals, Claude Code and Codex produce similar high-quality results roughly twice as fast and while spending almost 50% fewer tokens.

      It also adds three new harnesses (Kimi Code, Pi, and Antigravity), gives the brainstorming visual companion a better security model, and rewrites a number of skills' tool calls to be significantly more vendor-neutral.

      Visible Changes

      • The two per-task reviewer prompts became one. spec-reviewer-prompt.md and code-quality-reviewer-prompt.md are gone, replaced by a single task-reviewer-prompt.md. If you dispatch the old files directly, switch to the new one.
      • The legacy global worktree directory is gone. using-git-worktrees and finishing-a-development-branch no longer use ~/.config/superpowers/worktrees/. Worktrees now land in the project โ€” an existing .worktrees/ or worktrees/ if you have one, otherwise a fresh .worktrees/ โ€” unless you say otherwise.

      New Harness Support

      Superpowers now runs on three more harnesses. Each ships its own bootstrap, a tool-mapping reference, and tests, and each gets its own install section in the README.

      • Kimi Code โ€” a plugin manifest, install docs, and manifest tests; install from Kimi's marketplace or straight from the repo. (initial manifest by @qer)
      • Pi โ€” a session-start extension that registers the skills and injects the using-superpowers bootstrap. Pi has native skills, so it needs no compatibility shim.
      • Antigravity (agy) โ€” installs the plugin directly and bootstraps from the first message; verified end-to-end against the standard "make a react todo list" acceptance test.

      Subagent-Driven Development

      A long run of cost-and-quality experiments on real projects reshaped how the controller reviews each task. The old flow ran two reviewers per task and leaned on the controller's judgment for model choice and severity, and both turned out to be expensive and easy to game. The new flow runs one reviewer per task, hands work off as files instead of pasted text, and takes several judgment calls away from the controller.

      • One reviewer per task, two verdicts. A single task-reviewer-prompt.md reads the task's diff once and returns both a spec-compliance verdict and a quality verdict, so one fix pass clears both. A new "can't verify from the diff" verdict flags requirements that live in untouched code, for the controller to check itself. (#1538, #1543)
      • One broad review at the end. The run finishes with a single whole-branch review on the most capable model, instead of re-reviewing everything task by task.
      • Plans get a pre-flight read. Before the first task, the controller checks the plan for internal conflicts โ€” and for anything the plan asks for that a reviewer would flag as a defect โ€” and raises it all at once, rather than stumbling into it mid-run.
      • Diffs and task text move as files. A pasted diff parks itself permanently in the most expensive context, and a reviewer without one rebuilds it by hand โ€” the single biggest reviewer cost. Two new scripts, task-brief and review-package, write the task text and the review diff to files for the subagent to read.
      • Every dispatch states its model. Left to choose, controllers stopped naming a model at all โ€” and an unnamed model quietly inherits the session's most expensive one, so one run put all 26 of its reviewers on the top tier. The templates now require a model, with guidance that reaches for cheaper tiers when the work allows.
      • The controller can't tell a reviewer what to ignore. Real runs caught controllers coaching reviewers to skip a finding or call it "Minor at most," and the flaw shipped. Suppressing findings and pre-rating severity are now banned outright, and a defect the plan itself mandates gets reported for you to decide on rather than waved through.
      • Reviewers are read-only and skeptical of rationales. Review no longer touches the working tree or branch โ€” a reviewer running git checkout had been orphaning later commits โ€” and an implementer's "I left this unabstracted on purpose" no longer talks a reviewer out of a real finding.
      • Stronger evidence and reporting. Reviewers back each answer with a file and line, the implementer's report moves to a file and carries red/green evidence when TDD applies, and a progress ledger lets a controller that loses its context resume instead of redoing finished work. (#994)

      Writing Plans

      Plans now carry the structure the controller and reviewers used to re-derive on every dispatch.

      • A Global Constraints block lists the rules that bind every task โ€” version floors, dependency limits, naming and copy, exact values โ€” copied in verbatim, so they actually reach the implementers and reviewers downstream.
      • A per-task Interfaces block names exactly what each task consumes and produces, so an implementer who sees only its own task still knows its neighbors' contracts.
      • Right-sizing guidance keeps a task at the size that earns its own test cycle and a reviewer's pass, folding setup, config, and docs into the task that needs them. In testing, a plan written this way needed one round of fixes where the control needed two to four โ€” and the control shipped a real bug.

      Brainstorming Visual Companion

      The visual companion is a small web server the agent opens alongside the conversation. It had no authentication at all, so on a shared or remote machine anyone who could reach the port could read your brainstorm โ€” or inject events the agent treats as your input. This release gives it a real security model and makes it survive restarts and dropped connections.

      • A per-session key now guards everything. The agent's URL carries a one-time key, the browser tucks it into a tab-scoped cookie, and every request and WebSocket connection has to present it. This closes the door to stray local tabs and routable remote hosts alike, including the DNS-rebinding case an origin allowlist can't catch. (Closes #1014)
      • The file server stays in its sandbox. It refuses symlinks, dotfiles, and any path that climbs out of the content directory, ignores macOS resource-fork files, and sends the usual no-store and deny-framing headers. Files that hold the session key are written owner-only.
      • The companion is offered only when it helps. The skill raises it the first time a question would read better shown than told, as its own message, and lets a decline stand. Accepting opens your browser to the first screen. (Closes #755)
      • It survives restarts and flaky connections. Given a project directory, the server keeps the same port and key across restarts, so an open tab simply reconnects. The page reconnects on its own, shows a live status pill, and raises a "paused" overlay while the server is down.
      • Longer idle life, safer shutdown. The idle timeout went from 30 minutes to 4 hours, and stop-server.sh now confirms it owns the right process before signaling, so it never kills an unrelated node after a reboot. (#1703)
      • Windows launch hardening โ€” consolidated shell detection, and Windows now relies on the idle timeout for shutdown, since Node can't track POSIX process ownership across MSYS2.

      Existing Harness Updates

      • Codex now bootstraps through its own SessionStart hook rather than shared wiring, and the Codex App gained an install section and fuller tool docs (web search, AGENTS.md, personal skills). (#1540)
      • OpenCode got an action-based tool mapping across its plugin, install doc, and README, plus a bootstrap-caching test.
      • Cursor 's manifest dropped its agents and commands entries, since those directories no longer exist.

      One Set of Skills, Every Harness

      The skills used to speak Claude Code's dialect โ€” "use the Task tool," "put it in CLAUDE.md." This release rewrites that vocabulary in terms of what you're actually doing ("dispatch a subagent," "your instructions file") and adds a per-harness reference that maps each action to the right tool, checked against each runtime. Prose that named "Claude" now says "your agent."

      • A tool reference per harness at skills/using-superpowers/references/, covering Claude Code, Codex, Copilot, Gemini, Pi, and Antigravity.
      • finishing-a-development-branch went forge-neutral โ€” it no longer hardcodes gh pr create, so agents push with whatever forge tooling they have. (#1609)
      • One rename: "Claude Search Optimization" is now "Skill Discovery Optimization," since the technique isn't Claude-specific.

      Writing Skills

      Two additions for skill authors.

      • Match the Form to the Failure โ€” a short table for picking the right kind of guidance. A flat "don't do X" works for discipline slips but backfires when the problem is the shape of an output, where a worked example does better. The table, and a tighter scope on the existing rationalization section, steer authors to the form that actually helps.
      • Micro-Test Wording โ€” a cheap way to check a phrasing before committing to it: sample it a handful of times against a no-guidance control and read every result by hand, treating run-to-run variance as a warning sign.

      Testing

      Skill-behavior testing moved out of tests/ into a new evals/ submodule built on "drill," which runs real Claude Code, Codex, and Gemini sessions and judges them with an LLM. Several in-tree bash suites retired once a stricter drill scenario covered them; the few with no equivalent stayed. From here on, tests/ holds plugin-code tests and evals/ holds skill-behavior tests, and docs/testing.md explains the split. New backends reach Antigravity, Pi, and more models, and new shell-lint and pre-commit checks guard the harness. (#1541)

      Bug Fixes

      • systematic-debugging no longer forces every session into extended thinking. One bullet held the exact keyword Claude Code scans for, quietly tripping the switch on every session that loaded the skill. A hyphen breaks the keyword; the text still reads. (#1283, by @nick Galatis)
      • The Windows SessionStart hook stopped printing a write error every session โ€” each printf now routes through cat to absorb the broken pipe, and the output is otherwise unchanged. (#1612, reported by @silvertakana)
      • Windows foreground mode tracks the right process and clears its owner PID on MSYS2. (by @nestorluiscamachopaz)
      • Theusing-superpowers bootstrap no longer lists "debugging" as a skill that doesn't exist. (reported by @mhat)
      • The TDD skill links the testing anti-patterns reference. (#1532, #1529; link fix #1474 by @stable Genius)
      • using-git-worktrees fixes its step numbering and drops stale Cursor references. (#1522, and by @fuleinist)
      • The Codex review skill swaps a private in-joke for plain guidance. (#1531)

      Documentation & Contributor Guidelines

      • A guide to porting Superpowers to a new harness (docs/porting-to-a-new-harness.md) lays out the three pieces every integration needs and the one rule that makes or breaks it: load the bootstrap at session start.
      • Every PR and issue now discloses how it was made โ€” model, harness, version, and installed plugins, or a note that it was written by hand. We weigh a contribution differently depending on what produced it. PRs also target dev, not main. The PR template, all three issue templates, and a new platform-support template carry this.

      Contributors

      Thanks to @mattvanhorn, @nawfal, @nick Galatis, @silvertakana, @nestorluiscamachopaz, @qer, @mhat, @stable Genius, @fuleinist, @dev_Hakaze, @robotsnh, Rahul, and @arittr.

    8. ๐Ÿ”— r/reverseengineering Reverse Engineering 1988's BattleTech: The Crescent Hawk's Inception (Westwood/Infocom) - Seeking Collaborators rss

      submitted by /u/kessen999
      [link] [comments]

    9. ๐Ÿ”— Kagi release notes June 16th, 2026 - Search widgets catching up, Assistant starts fresh rss

      Bringing search widgets up to speed

      Weโ€™re starting a broader effort to improve our search widgets! First up: sports scores and dice rolling.

      Sports scores now show up in a sidebar next to search results, so you can quickly check upcoming games, live scores, and recent results, just in time for the World Cup.

      A screenshot of a Kagi search results page for world cup games displaying FIFA World Cup 2026 scheduling information and a side panel showing live and finished match results for various international groups.

      And weโ€™ve also added dice rolling support for all you gamers out there, in case you ever need to roll a d20, 2d4 + 2, or perhaps even 8d6.

      The new Kagi Assistant is here

      Over the last few weeks, weโ€™ve been rolling out a new Kagi Assistant experience. Most of you are already using it, and today weโ€™re officially retiring the old assistant.

      This is more than a visual refresh, we rebuilt the Assistant experience around a new layout, smoother web and mobile use, and a lot of UX improvements that add up quickly.

      And just as importantly, this gives us the foundation we need for the next set of Assistant improvements weโ€™ve been working towards.

      Note: there is one notable change - folders have replaced tags. This means each thread can now belong to only one folder. We appreciate this is a downgrade for users who relied on multiple tags per thread, and we donโ€™t want to handwave that away. We made this tradeoff because folders give Assistant a simpler, more predictable organisation model, and because multi tag usage was relatively low: about 20% of active accounts used tags at all, and appx 4% had any thread with more than one tag.

      Still, for those affected, we understand this change may be frustrating. Thank you for bearing with us as we build towards a stronger Assistant experience!

      Kagi Translate update

      We've paused free access to Kagi Translate while we sort out running costs, so you'll need to be signed in to use it. If you have an active subscription, Translate still works. Sign in on translate.kagi.com or in the mobile apps. We share more details on this decision in this blog post.

      Other improvements and bug fixes

      Kagi Search

      Kagi APIs

      • NEW: Extraction now keeps links from the original document, to enable deeper crawling flows.
      • NEW: Related searches is now part of the API responses, with more metadata than the v0 version where applicable.
      • NEW: Per-key cost tracking is now enabled. You can select a key in the usage page to see the specific key cost attached. (Cost tracking only available from when we deployed, historic data is not present.)
      • Fix: Extraction is now faster and more reliable.
      • Fix: Personalization rule types are now correctly validated with the doc types.
      • Fix: Various other internal improvements for a more stable experience.

      Kagi Assistant

      • Regression: new assistant scrolls to bottom when inference completes #10648 @spiffytech
      • The new Assistant does not let me edit the output from the model. #10670 @Fernold
      • Japanese IME: Enter key submits message instead of confirming composition #10707 @n22z9y28vh
      • New system prompt causing regressions esp. in no-search mode, and ignores /system_prompt_overwrite #10684 @igakagi
      • New assistant doesn't respect prefers-reduced-motion #10711 @magiruuvelvet
      • New Kagi Assistant does not remember sidebar on refresh #10727 @emptyjar
      • New Assistant: Undo File Type Restrictions #10721 @AzuraFilth
      • Assistant converts CSV uploads into markdown #10647 @fxgn
      • Specific code snippet returns 403 Forbidden error #10689 @Fusl
      • Assistant Not Searching Web or Citing Sources Despite Web Sarch Toggle Enabled #10657 @cmart
      • Kagi Assistant Does Not Reliably Read Larger Documents/Attached Files #10516 @aeiro
      • Assistant can't reach github files #10697 @Numerlor
      • Assistant does not scroll on output #10742 @emptyjar
      • References do not export, Markdown or JSON. #10741 @relaxos_palaiologos
      • Images inside Kagi Assistant responses do not appear #10296 @MustafaD
      • Assistant sidebar does not stay closed when resizing the window #10762 @emptyjar
      • Pressing 'Enter' key should confirm deletion dialog in Kagi Assistant #10793 @kray
      • Enter key does not submit message on iPadOS #10708 @n22z9y28vh
      • New assistant models from Anthropic, such as Claude Fable 5, refuse to work. #10812 @FranziKay
      • New Assistant hides lines, when it clearly has the space #10710 @7aad94e9
      • The new UI for Assistant is worse in every measurable way #10720 @mspgrunt
      • Settings -> Appearance -> Save : Not working in Orion Private mode #10724 @markkrueg
      • Customizable keyboard shortcuts (Assistant/General) #6650 @bert
      • Kagi Assistent new UI is too small #6142 @HRA42
      • Pasting text that exceeds x characters should automatically attach it as a text file #6739 @Coops
      • Dynamic Chat Window Scaling for Widescreen Users #6379 @unruffled5088

      Kagi Translate

      • Text cannot be copied anymore from Word and text from a PDF has hard returns behind every line #10476 @JaninevdK
      • โ€œcurled quotesโ€ instead of "straight quotes" #7011 @FranziKay
      • Kagi Translate extension wrongly detects certain monitor as 'mobile' #10693 @Roon

      Post of the week

      This week's featured social media mention:

      Bluesky post from public health guy saying: been using it for a few years and it's basically my third most important subscription now, after internet and water

      Featured Kagi tip ๐Ÿ’ก

      Here's a guide on how to make Kagi truly yours with custom CSS. Tweak colors, fonts, and layout, hide elements you don't need, or apply a community theme for a search experience that looks exactly how you want.

      Collage of Kagi Search screenshots showing custom CSS themes, with handwritten labels pointing to a high contrast view for low vision, glassy image search effects, a tighter compact layout, and a custom color scheme palette.

    10. ๐Ÿ”— Hex-Rays Blog IDA 9.4: Wider Processor and Platform Support rss

      IDA 9.4: Wider Processor and Platform Support

      IDA 9.4 comes with a brand-new Qualcomm Hexagon DSP module, an MCore family covering C-SKY V1, and deeper coverage of ARM, TriCore and RISC-V.

    11. ๐Ÿ”— HexRaysSA/plugin-repository commits Feat/EA-771 recently added pipeline (#31) rss 
      Feat/EA-771 recently added pipeline (#31)

* feat(merger): drive Recently Added by catalog-entry date (EA-771)

Stop propagating stale recently_added/recently_updated editorial tags from
api-plugins.json into combined.json (they had no date check; 169 plugins
carried them regardless of recency). Add dynamic_metadata.added_at sourced
from known-repositories.txt '# Discovered on' markers so the UI can drive
"Recently added" by when a plugin entered the Hex-Rays catalog rather than
when its underlying GitHub repo was created.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* ci: pass --known-repos to the merge step (EA-771)

The CI build runs merge_plugins.py inline in deploy.yml, not via the justfile.
Without --known-repos the merger gets no catalog-entry dates, so every plugin
ships with added_at=null and 'Recently added' renders empty. Pass the file so
production matches local builds.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* refactor(merger): derive added_at from git history, not comment markers

Parsing known-repositories.txt's '# Discovered on' / '# added' comments made
that human-written format a load-bearing API. Instead, reconstruct each repo's
catalog-entry date from the author date of the commit that first added its line
(one git log pass). Dates stay UTC; a shallow-clone guard omits added_at rather
than collapsing every repo onto the boundary commit. Coverage improves (seed
repos now dated too) with no dependency on comment formatting.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* refactor(merger): derive added_at from the HCLI index history, drop --known-repos

Reconstruct catalog-entry dates from the git history of plugin-repository.json
(the HCLI index, already passed via --hcli) instead of known-repositories.txt.
The index is the source of truth for what's installable via the plugin manager,
so a plugin's added_at is the author date of the commit that first introduced
its host. Removes the --known-repos arg and its justfile/deploy.yml wiring.

Semantics: 'recently added' now means 'recently indexed into the manager', so a
freshly-packaged but long-existing repo (e.g. diaphora) correctly surfaces.
Legacy api-only plugins aren't in the index and get no added_at โ€” they are a
frozen, all-old dump that can never be 'recently added', so null is correct and
has zero UI impact.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: fnania <fnania@hex-rays.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
    12. ๐Ÿ”— @HexRaysSA@infosec.exchange It's not too late to sign-up... mastodon

      It's not too late to sign-up...

      We're hosting a free virtual workshop/webinar on idalib โ€” IDA as a library. Call IDA's analysis engine directly from your own code, automate workflows without launching the GUI, and integrate IDA into any toolchain you're already running.

      ๐Ÿ‘‰ https://2dgu4h.share- eu1.hsforms.com/2D4ZYPjdCRFODEGRKtMILwQ

    13. ๐Ÿ”— Confessions of a Code Addict Page Tables from First Principles rss

      This is the fourth video in our virtual memory series based on the article/ebook I wrote. In the last few videos, we covered what virtual memory is, its size, and the address space layout of a process. In this video, we learn how the kernel stores virtual-to-physical address mappings in the form of a page table, what that looks like, and how the hardware performs an address translation by walking the page table.

      But instead of jumping directly to page tables, we derive the design from first principles like real system designers. We start from the problem statement of efficiently storing virtual address mappings and performing lookups efficiently, and from there, we iteratively arrive at the final solution that looks like modern-day page tables. I believe that this way, not only you would understand page tables better, but also develop the design chops needed to build solutions in other domains.

      In the next video, we will talk about protection bits in virtual pages. Till then, if you haven't read the original article/book, I recommend checking that out. You can also get it in the form of a beautiful PDF for offline reading using the link below.

      Get Virtual Memory Ebook

      Read more

    14. ๐Ÿ”— r/reverseengineering VAXD - lightweight PE EXE/DLL disassembler and patch-assistance tool for Windows rss

      submitted by /u/Bicurico
      [link] [comments]

    15. ๐Ÿ”— backnotprop/plannotator v0.20.3 release

      Follow @plannotator on X for updates

      Missed recent releases? Release | Highlights
      ---|---
      v0.20.2 | Pierre CodeView all-files review, large-PR pipeline and instant-open checkout, unified agent engine selection, Pi programmatic plan mode
      v0.20.1 | Pi extension install hotfix (pinned @pierre/diffs after a broken upstream release)
      v0.20.0 | Multi-repo workspace reviews, semantic diff overview, UI 2.0 themes and plan look chooser, leaner single-source skill install
      v0.19.27 | Kiro CLI integration, Glimpse native window, annotate-last message picker
      v0.19.26 | Amp plugin production fixes, Mermaid rendering fix, Settings flicker fix, update notification toast and shimmer
      v0.19.24 | Amp integration, configurable data directory, Auto Mode permission option, Pi plan approval fix
      v0.19.23 | Droid integration, Windows Pi AI fix, quieter update indicator
      v0.19.22 | Safari copy fix in plan viewer, CLAUDE_CONFIG_DIR support for session logs
      v0.19.21 | Ask AI in plan review and annotate mode, shared AI runtime, origin-aware provider defaults
      v0.19.20 | Interactive goal setup UI, OpenCode submit_plan fixes, browser no-op sentinel handling for Claude agents
      v0.19.18 | Edit-based submit_plan for OpenCode, Pi namespace migration, Codex annotate-last fix, OpenCode commands dir fix

      What's New in v0.20.3

      v0.20.3 is a small patch of two PRs, both focused on the comment popover used in plan review and annotate mode. The first stops in-progress annotation text from being thrown away, and stops the annotation panel from forcing itself open. The second adds a way to find a comment box again after it scrolls out of view. Both came out of community feature requests.

      Annotations No Longer Lost When You Click Away

      The comment popover used to close on any click outside it, which discarded whatever you had typed but not yet saved. A misplaced click meant retyping the annotation. Now a popover that holds text or an attached image stays open when you click elsewhere, so your in-progress work survives a stray click. Empty popovers still close on an outside click, and Escape and the X button still cancel explicitly, so nothing changes about how you dismiss a box you actually want to discard.

      The same release stops annotations from forcing the right annotation panel open. If you had closed the panel, adding a plan annotation or a code-file popout annotation used to reopen it and pull focus away from what you were reading. The panel now stays in whatever state you left it, and you can open it from the header toggle when you want it. The annotation itself is still selected and still shows its highlight, so it is never lost or hidden.

      Off-Screen Indicator for an Open Comment

      Because an open comment box now persists when you click or scroll away, it became possible to leave one open above or below the visible area and lose track of it. When that happens, a small pill appears pinned to the top or bottom of the viewport with a chevron pointing toward the box and an "Open comment" label. Clicking it scrolls back to the comment. The indicator only appears for a box that has actually left the viewport and disappears as soon as it returns, so it stays out of the way the rest of the time.

      Install / Update

      macOS / Linux:

      curl -fsSL https://plannotator.ai/install.sh | bash

      Windows:

      irm https://plannotator.ai/install.ps1 | iex

      Extra skills (compound, setup-goal, visual-explainer), opt-in:

      npx skills add backnotprop/plannotator/apps/skills/extra

      Claude Code Plugin: Run /plugin in Claude Code, find plannotator , and click "Update now".

      OpenCode: Clear cache and restart:

      rm -rf ~/.bun/install/cache/@plannotator

      Then in opencode.json:

      {
  "plugin": ["@plannotator/opencode@latest"]
}

      Pi: Install or update the extension:

      pi install npm:@plannotator/pi-extension

      Droid: Install via the plugin marketplace:

      droid plugin marketplace add backnotprop/plannotator
droid plugin install plannotator@plannotator

      Amp: Install the CLI first, then copy the plugin:

      mkdir -p ~/.config/amp/plugins
curl -fsSL https://raw.githubusercontent.com/backnotprop/plannotator/main/apps/amp-plugin/plannotator.ts \
  -o ~/.config/amp/plugins/plannotator.ts

      Kiro CLI: The installer auto-detects Kiro and installs skills automatically. After installing the CLI, launch with:

      kiro-cli chat --agent plannotator

      Upgrading from before v0.20.0? Read the v0.20.0 release notes first; that release changed how skills install.

      What's Changed

      • Keep annotation panel closed when adding annotations by @backnotprop in #919
      • feat(annotate): off-screen indicator for open comment popover by @backnotprop in #920

      Community

      Both changes in this release answer feature requests from the community. @8bitjoey asked for the annotation input to keep its text instead of closing on an outside click (#821), and @jj- valentine asked for annotations to be saved rather than lost (#888). @SyahrulBhudiF and @gwynnnplaine joined the discussion on #821 that shaped the behavior.

      Full Changelog : v0.20.2...v0.20.3

    16. ๐Ÿ”— HexRaysSA/plugin-repository commits sync repo: +1 plugin, +3 releases, ~1 changed rss 
      sync repo: +1 plugin, +3 releases, ~1 changed

## New plugins
- [ida-nativeaot](https://github.com/dump-guy/ida-nativeaot) (1.0.2, 1.0.1, 1.0.0)

## Changes
- [diaphora](https://github.com/joxeankoret/diaphora):
  - 3.4: archive contents changed, download URL changed
    17. ๐Ÿ”— Ampcode News Diffs rss
      Outsource your coding, but not your understanding of the code.

      As agents generate larger quantities of code, it is more important than ever for humans to comprehend the code to ensure its quality.

      You can now review any thread's code changes directly in Amp, on desktop or mobile.

      While a thread has an active environment, you can scroll through the diff, request changes on specific sections, and stage changes interactively:

      Some care and attention has gone into the diffing algorithm, which performs duplicate block detection to make it easier to see what has actually changed. This can significantly reduce cognitive load when reviewing large agent-generated changesets.

      Here is an example where Amp (left) makes it easier to see that the only thing that has changed is the removal of the if-branch of the conditional:

      Amp's diff highlighting for duplicated code
      Ours
      GitHub's diff highlighting for duplicated code
      Theirs

      If you drive your threads primarily from the terminal, use the command palette (Ctrl-O) to open the diff for your current thread in your browser:

      Open thread in browser shortcut

  3. June 15, 2026
    1. ๐Ÿ”— IDA Plugin Updates IDA Plugin Updates on 2026-06-15 rss

      IDA Plugin Updates on 2026-06-15

      New Releases:

      Activity:

      • augur
        • 7a3ce1ce: refactor: use AsRef bounds for all pub fn
      • diaphora
      • ffxiv_bossmod
      • haruspex
        • e4104920: refactor: use AsRef bounds for all pub fn
      • ida-fusion-mcp
        • bb75a854: feat: add router-native idalib parity tools
        • 28822cf7: docs: design router-native idalib integration
        • 1e448889: fix installer missing IDA scan roots
      • ida-ios-helper
        • ee8218ee: Merge pull request #18 from doronz88/feature/swift
        • 482c9aa4: swift_types: Gate IDA-9.4 native ABI behind version check (compat 9.0โ€ฆ
        • 1e6e3028: swift_dump_import: Synthesize class structs + slot-resolve named methโ€ฆ
        • fd91fa8d: swift_dump_import: Auto-name + type Swift class methods via ipsw swifโ€ฆ
        • 4d55eb0e: swift_types: Per-callsite ClosureCtx typing for Dispatch sync closures
        • 4696de9e: swift_types: Expand FUNCTIONS_SIGNATURES with stdlib + Foundation + bโ€ฆ
        • 7e1dd83a: swift_types: Mark Swift throws functions with __spoils + renamโ€ฆ
        • 915f2c6e: swift_types: Erase __chkstk_darwin calls from the prolog
        • 35bb94b3: swift_oslog: Collapse Swift _os_log_impl(โ€ฆ) build-up into a one-liner
        • cb511173: swift_types: Rename Swift opaque-storage buffer lvars to _buf
        • 171f200c: swift_types: Rename Swift opaque-storage prolog lvars and type the VWโ€ฆ
        • 31de1467: swift_types: Type each Swift mangled name in __swift5_typeref as a C โ€ฆ
        • 4e1d62e9: swift_types: __swiftClassCall (x20 self) typing + post-print cfunc inโ€ฆ
        • 6e809337: scripts: Add headless probe_func + idat IPC server for plugin iteration
      • ida-nativeaot
        • 546b831b: docs: add UI screenshots + hero image; drop washi keyword; bump to v1โ€ฆ
        • a93072d4: v1.0.1 - rename to ida-nativeaot.*, name-sync fixes, search and overvโ€ฆ
      • ida_rpc
        • ee39b999: Fix pytest collection of ida-rpc integration script
        • 609b235f: Add loader discovery, forced selection via --loader, and loader-speโ€ฆ
        • c4304e00: Fix read_bytes issue
      • rhabdomancer
        • 69528487: refactor: use AsRef<Path> bounds for all pub fn
    2. ๐Ÿ”— roboflow/supervision supervision-0.29.0 release

      ๐Ÿš€ Added

      • Added sv.VertexEllipseAreaAnnotator, sv.VertexEllipseOutlineAnnotator, and sv.VertexEllipseHaloAnnotator for visualizing keypoint uncertainty as covariance ellipses. (#2277, #2286)

        import cv2

        import supervision as sv from rfdetr import RFDETRKeypointPreview

        image = cv2.imread("") model = RFDETRKeypointPreview()

        key_points = model.predict(image)

        annotator = sv.VertexEllipseAreaAnnotator( sigma=[1.0, 2.0, 3.0], color=[sv.Color.GREEN, sv.Color.YELLOW, sv.Color.RED], opacity=0.4, ) annotated = annotator.annotate(image.copy(), key_points)

      rf-detr-ellipse-promo-2.mp4

          import cv2
import supervision as sv
from rfdetr import RFDETRKeypointPreview

image = cv2.imread("<SOURCE_IMAGE_PATH>")
model = RFDETRKeypointPreview()

key_points = model.predict(image)

annotator = sv.VertexEllipseOutlineAnnotator(
    sigma=[1.0, 2.0, 3.0],
    color=[sv.Color.GREEN, sv.Color.YELLOW, sv.Color.RED],
    thickness=2,
)
annotated = annotator.annotate(image.copy(), key_points)

      rf-detr-ellipse-promo-3.mp4

          import cv2
import supervision as sv
from rfdetr import RFDETRKeypointPreview

image = cv2.imread("<SOURCE_IMAGE_PATH>")
model = RFDETRKeypointPreview()

key_points = model.predict(image)

annotator = sv.VertexEllipseHaloAnnotator(
    sigma=[1.0, 2.0, 3.0],
    color=[sv.Color.GREEN, sv.Color.YELLOW, sv.Color.RED],
    opacity=0.6,
)
annotated = annotator.annotate(image.copy(), key_points)

      rf-detr-ellipse-promo-1.mp4

      ๐ŸŒฑ Changed

      box_nms_demo box_nmm_demo obb_nms_demo obb_nmm_demo

      • sv.Detections.area is now OBB-aware. When oriented box coordinates are present, the property returns the polygon area of the rotated bounding box (via the shoelace formula) instead of the axis-aligned box area. (#2306)

      • sv.InferenceSlicer now detects OBB outputs from callbacks and automatically falls back to sequential processing to avoid thread-safety issues when thread_workers > 1. (#2256)

      • Fixed sv.oriented_box_iou_batch to correctly handle non-square canvases. Previously, rasterization assumed square dimensions, leading to incorrect IoU values for tall or wide images. (#2282)

      ๐Ÿ”ง Fixed

      • Fixed sv.process_video audio stream handling. The audio muxing path now correctly creates temp files on the same filesystem, decodes ffmpeg errors, and avoids muxing incomplete output. (#2252)

      • Fixed sv.Detections.from_vlm returning None for class_id on empty VLM parses. Now returns an empty int ndarray. (#2239)

      • Fixed sv.Detections.from_inference to preserve class_name as a string-dtype array when predictions are empty. Previously it returned an untyped empty array. (#2270)

      • Fixed sv.HeatMapAnnotator divide-by-zero crash when called with empty detections. (#2269)

      • Fixed COCO export emitting 0-indexed category_id values. Now correctly emits 1-indexed IDs as per the COCO specification. (#2276)

      • Fixed COCO annotation and image IDs not being chainable across dataset splits. IDs are now sequential across train/val/test. (#2267)

      • Fixed sv.DetectionDataset.as_yolo losing OBB rotation when exporting oriented bounding boxes. (#2289)

      • Fixed YOLO dataset loading to sort class names by numeric keys when the data.yaml uses integer class IDs. (#2296)

      • Fixed letterbox utility to support grayscale images. (#2297)

      • Fixed file extension filters to normalize casing (e.g. .JPG now matches .jpg). (#2298)

      โš ๏ธ Deprecated

      Deprecated | Removal | Replacement
      ---|---|---
      KeyPoints.confidence | 0.32.0 | KeyPoints.keypoint_confidence
      merge_inner_detection_object_pair | 0.32.0 | None (internal use only)
      merge_inner_detections_objects | 0.32.0 | None (internal use only)
      merge_inner_detections_objects_without_iou | 0.32.0 | None (internal use only)
      validate_detections_fields | 0.32.0 | None (internal use only)
      validate_vlm_parameters | 0.32.0 | None (internal use only)
      validate_fields_both_defined_or_none | 0.32.0 | None (internal use only)
      validate_xyxy | 0.32.0 | None (internal use only)
      validate_mask | 0.32.0 | None (internal use only)
      validate_class_id | 0.32.0 | None (internal use only)
      validate_confidence | 0.32.0 | None (internal use only)
      validate_tracker_id | 0.32.0 | None (internal use only)
      validate_data | 0.32.0 | None (internal use only)
      validate_xy | 0.32.0 | None (internal use only)
      validate_key_point_confidence | 0.32.0 | None (internal use only)
      validate_key_points_fields | 0.32.0 | None (internal use only)
      validate_resolution | 0.32.0 | None (internal use only)
      validate_custom_values | 0.32.0 | None (internal use only)
      validate_input_tensors | 0.32.0 | None (internal use only)
      validate_labels | 0.32.0 | None (internal use only)

      ๐Ÿ† Contributors

      @SkalskiP (Piotr Skalski), @Borda (Jirka Borovec), @kounelisagis (Agis Kounelis), @RitwijParmar (Ritwij Aryan Parmar), @Khanz9664 (Shahid Ul Islam), @satishkc7 (SATISH K C), @Ace3Z (Mahbod Tajdini), @madhav-c, @RubenHaisma (Ruben Haisma), @adhavan18 (Tamil Adhavan), @Bortlesboat (Andrew Barnes), @Lourdhu02, @tarunbommawar27, @YousefZahran1 (Youssef Ibrahim), @JFrench- Enterprise, @Patel- Prem (Premkumar Patel)

    3. ๐Ÿ”— roboflow/supervision supervision-0.28.0 release

      ๐Ÿ”ฆ Spotlight

      Memory-efficient masks with sv.CompactMask

      Segmentation models produce one full-resolution bitmap per instance. On a 1920ร—1080 image with 28 detections that is ~55 MB of mask data. Most pixels are background. sv.CompactMask stores only the tight bounding-box crop, RLE-encoded โ€” the same 28 masks drop to ~237 KB of crops, a 240ร— reduction before RLE kicks in.

      It's a drop-in replacement: annotators, filters, and area all work unchanged.

      supervision-sam3

      import supervision as sv

# any segmentation model โ€” RF-DETR Seg, YOLO-Seg, SAM3
detections = model.predict(image)  # sv.Detections with dense masks

dense_mb = detections.mask.nbytes / 1024 / 1024
compact = sv.CompactMask.from_dense(
    masks=detections.mask,
    xyxy=detections.xyxy,
    image_shape=image.shape[:2],
)
detections.mask = compact  # swap in โ€” API unchanged

# filter by pixel area without materialising dense masks
large = detections[compact.area > 1000]

# annotators call .to_dense() internally
annotated = sv.MaskAnnotator().annotate(image.copy(), detections)

      SAM3 text-prompted segmentation

      SAM3 segments objects by free-text prompt โ€” no class list, no bounding boxes. sv.Detections.from_sam3() parses both PCS (multi-prompt) and PVS (video) response formats into a standard sv.Detections, with class_id set to the prompt index.

      import requests, base64
import supervision as sv

PROMPTS = ["person", "bag"]

with open("image.jpg", "rb") as f:
    img_b64 = base64.b64encode(f.read()).decode()

response = requests.post(
    f"https://api.roboflow.com/inferenceproxy/seg-preview?api_key={API_KEY}",
    json={
        "image": {"type": "base64", "value": img_b64},
        "prompts": [{"type": "text", "text": p} for p in PROMPTS],
    },
    headers={"Content-Type": "application/json"},
)
sam3_result = response.json()

h, w = cv2.imread("image.jpg").shape[:2]
detections = sv.Detections.from_sam3(sam3_result=sam3_result, resolution_wh=(w, h))
# class_id == 0 โ†’ "person", class_id == 1 โ†’ "bag"

      ๐Ÿ”„ Migration

      VideoInfo.fps is now float

      NTSC frame rates (23.976, 29.97, 59.94) were silently truncated. fps is now the true float โ€” cast at call sites that need an integer.

      Before

      info = sv.VideoInfo.from_video_path("clip.mp4")
buf = collections.deque(maxlen=info.fps)
trace = sv.TraceAnnotator(trace_length=info.fps)

      After

      info = sv.VideoInfo.from_video_path("clip.mp4")
buf = collections.deque(maxlen=int(info.fps))
trace = sv.TraceAnnotator(trace_length=int(info.fps))

      sv.ByteTrack deprecated โ€” use ByteTrackTracker

      Tracker implementations now live in the dedicated trackers package. sv.ByteTrack remains available in 0.28โ€“0.29 with DeprecationWarning; removal in 0.30.0.

      Before

      tracker = sv.ByteTrack()
detections = tracker.update_with_detections(detections)

      After

      # pip install trackers
from trackers import ByteTrackTracker

tracker = ByteTrackTracker()
detections = tracker.update(detections)

      ๐Ÿš€ Added

      • Memory-efficient masks withsv.CompactMask. Sparse segmentation masks are now stored as a crop region plus RLE-encoded data instead of full-resolution bitmaps, cutting memory use by 10โ€“100ร— for typical instance-segmentation outputs. It's a drop-in change โ€” sv.Detections.mask, filtering, merging, and area all keep working without materialising the full array. (#2159)

      • SAM3 detection and PVS support infrom_inference. sv.Detections.from_inference now parses SAM3 detection and point-video-segmentation outputs, both from the local inference package and from Roboflow-hosted server responses. (#2103, #2152)

      • Compressed COCO RLE masks infrom_inference. Inference responses with rle or rle_mask fields containing a compressed counts string (as produced by pycocotools) are decoded directly into binary masks, skipping the lossy polygon round-trip. (#2178)

      • Standardlogging module instead of print. Diagnostic output is now emitted under the supervision logger, so applications can capture, filter, or silence it through standard logging configuration. (#2154)

      • RGBA hex codes insv.Color. sv.Color.from_hex accepts 8-digit hex (#ff00ff80), and Color.as_hex() round-trips alpha when not fully opaque. New top-level helpers: sv.hex_to_rgba, sv.rgba_to_hex, and sv.is_valid_hex. (#2004)

      • Dynamic kernel sizing in blur and pixelate annotators. BlurAnnotator(kernel_size=None) and PixelateAnnotator(pixel_size=None) (the new default) compute the kernel per detection as a fraction of the shorter bounding-box side, giving visually consistent results across object scales. (#709)

      • sv.ImageAssets for sample images. A counterpart to the existing video assets โ€” downloads sample images for examples and tutorials. (#932)

      • Boundary warnings inInferenceSlicer. Emits a warning when callback detections fall outside tile boundaries, helping you spot coordinate-system bugs in custom callbacks early. (#2186)

      โš ๏ธ Breaking Changes

      • sv.VideoInfo.fps is now float, not int. Frame rates like 23.976, 29.97, and 59.94 are no longer truncated. If you pass fps to APIs that require an integer (deque(maxlen=...), TraceAnnotator(trace_length=...)), wrap with int(...). (#2210)

      • sv.rle_to_mask returns bool, not uint8. This matches the long-declared signature. Code that does mask * 255 still works via NumPy broadcasting, but explicit casts like mask.view(np.uint8) will break. Add .astype(np.uint8) if you relied on the undocumented integer output. (#2178)

      See the migration guide below for before/after snippets.

      ๐ŸŒฑ Changed

      • Metric arrays usefloat32 instead of float64. sv.MeanAveragePrecisionResult and related arrays (mAP_scores, ap_per_class, iou_thresholds, precision/recall) drop to float32, reducing memory and speeding up computation. Numerical results may differ in the last few digits. (#2169)

      • rle_to_mask and mask_to_rle moved. New canonical path: supervision.detection.utils.converters. The old supervision.dataset.utils import still works but is deprecated. (#2178)

      ๐Ÿ—‘๏ธ Deprecated

      • normalized_xyxy argument renamed to xyxy in denormalize_boxes. sv.denormalize_boxes(normalized_xyxy=...) still works but emits a FutureWarning; switch to xyxy=. Scheduled for removal in 0.30.0.

      • sv.ByteTrack โ†’ ByteTrackTracker (external trackers package). Install with pip install trackers; the method renames from update_with_detections() to update(). Scheduled for removal in 0.30.0. (#2215)

      • supervision.keypoint โ†’ supervision.key_points. Also deprecated: the LMM enum (use VLM), from_lmm (use from_vlm), create_tiles in supervision.utils.image, ensure_cv2_image_for_processing in supervision.utils.conversion, and the keypoint validators in supervision.validators. (#2214)

      ๐Ÿ”ง Fixed

      • PolygonZone no longer double-counts overlapping zones. When two polygons contain the same anchor, each zone now reflects its own containment instead of every zone claiming the detection. (#1991)

      • LineZone respects class identity across reused tracker IDs. Trackers that recycle tracker_id across classes no longer leak crossing state from one object to another. (#1868)

      • process_video raises immediately on callback errors. Previously the exception was swallowed and the process hung until the writer was flushed. (#2022)

      • DetectionDataset populates class_name. Loaded annotations now carry data["class_name"], matching what model connectors produce. (#2156)

      • ByteTrack preserves externally assigned tracker_id. No longer overwrites caller-assigned IDs on the first update. (#1364)

      • Confusion matrix double-counting fixed. evaluate_detection_batch now correctly matches multiple predictions to the same target, so FP/FN counts match expectations. (#1853)

      • MeanAverageRecall mAR@K is now COCO-compliant. Computed using top-K detections per image; previous values were inflated relative to pycocotools. (#2136)

      • Detections.is_empty() handles empty tracker_id. Returns True for zero-row detections regardless of whether tracker_id is None or an empty array. (#2209)

      • CSVSink and JSONSink slice custom_data per row. NumPy arrays, lists, and tuples whose length matches the detection count are now indexed per row, instead of being written whole for every detection. (#2199, #2216)

      • TraceAnnotator smooth mode handles stationary tracks. Deduplicates anchor points and falls back to a raw polyline when splprep cannot fit fewer than 4 unique points. (#2217)

      • load_coco_annotations rejects path-traversal annotations. Refuses file_name entries that escape the images directory via ../ or absolute paths. (#2218)

      • OBB datasets no longer blow up memory. Loading oriented-bounding-box datasets stopped allocating full-image masks per box. (#2187)

      • KeyPoints boolean mask indexing fixed. Uniform-count selection now works correctly when all instances share the same keypoint count. (#2188)

      • DetectionDataset.as_coco() preserves area and iscrowd. No longer dropped silently in the round-trip. (#2185)

      • force_mask=True precision and COCO empty-polygon export. Annotation conversion no longer loses precision, and COCO export tolerates empty polygons across formats. (#1746, #1086, #265)

      ๐Ÿ† Contributors

      A huge thank you to everyone who shipped this release:

      Full changelog : 0.27.0...0.28.0

    4. ๐Ÿ”— @HexRaysSA@infosec.exchange You know the drill: Stop by our sponsor table at mastodon

      You know the drill: Stop by our sponsor table at @recon to get a sneak peek at IDA 9.4, learn about our new malware extensions, share your feedback for some primo swag, or just say hi.

      We're also partnering with BlackHoodie again this year, and our own Arnau Gร mez i Montolio will be closing out Sunday with the final session.

    5. ๐Ÿ”— roboflow/supervision 0.29.0rc1 release

      releasing 0.29.0rc1

    6. ๐Ÿ”— r/reverseengineering Factoring "short-sleeve" RSA keys with polynomials rss

      submitted by /u/tnavda
      [link] [comments]

    7. ๐Ÿ”— @binaryninja@infosec.exchange Join us live on June 24th at 1pm ET as Zenyard launches with Binary Ninja! mastodon

      Join us live on June 24th at 1pm ET as Zenyard launches with Binary Ninja! Zenyardโ€™s AI reverse engineering assistant helps to analyze binaries faster and with greater accuracy. We'll be taking a deep dive into what makes Zenyard's integration stand out, have it rebuild Swift code for us, and have it reason about code-flows among multiple binaries. https://youtube.com/live/JG15oxrWgp0

    8. ๐Ÿ”— r/reverseengineering GitHub - Zypherion-Technologies/HallWatch: Usermode detector that catches indirect syscalls. rss

      submitted by /u/AhmedMinegames
      [link] [comments]

    9. ๐Ÿ”— sacha chua :: living an awesome life 2026-06-15 Emacs news rss

      Lots of discussion around Karthik's latest blog post Even More Batteries Included with Emacs (Reddit, HN, lobste.rs). Check it out!

      Links from reddit.com/r/emacs, r/orgmode, r/spacemacs, Mastodon #emacs, Bluesky #emacs, Hacker News, lobste.rs, programming.dev, lemmy.world, lemmy.ml, planet.emacslife.com, YouTube, the Emacs NEWS file, Emacs Calendar, and emacs-devel. Thanks to Andrรฉs Ramรญrez for emacs-devel links. Do you have an Emacs-related link or announcement? Please e-mail me at sacha@sachachua.com. Thank you!

      You can comment on Mastodon or e-mail me at sacha@sachachua.com.

    10. ๐Ÿ”— r/reverseengineering Need DRM Bypass on course website to download video , DM (paid) , rss

      submitted by /u/Lord-AMaN
      [link] [comments]

    11. ๐Ÿ”— earendil-works/pi v0.79.4 release

      New Features

      • Automatic first-run theme selection - pi detects the terminal background on first run and defaults to the dark or light theme. See Selecting a Theme.
      • Standalone binary integrity checksums - GitHub release assets now include SHA256SUMS files for verifying standalone binary downloads. See Quickstart Install.

      Added

      • Added SHA256SUMS integrity files to standalone binary GitHub release assets (#5739).
      • Added first-run interactive theme detection from the terminal background (#5385 by @vegarsti).

      Fixed

      • Fixed bash tool output collection to keep draining stdout/stderr after the child exits while descendants still write, avoiding truncated late output (#5753 by @Mearman).
      • Fixed /tree help rendering to show compact wrapped controls instead of truncating them on narrow terminals (#5055).
      • Fixed SIGTERM/SIGHUP interactive shutdown to keep signal handlers installed until terminal cleanup completes, preventing signal-exit from re-sending the signal and leaving the terminal in raw/Kitty keyboard mode (#5724).
      • Fixed extensions documentation to clarify that pi.getActiveTools() returns active tool names while pi.getAllTools() returns tool metadata (#5729).
      • Fixed question and questionnaire extension examples to wrap long prompt, option, and help text instead of truncating it (#5708 by @xl0).
      • Fixed package commands such as pi list, pi install, and pi update to terminate after completing even if an extension leaves background handles open (#5687).
      • Fixed pi update for pnpm global installs whose configured global-bin-dir no longer matches the active pnpm home (#5689).
      • Fixed npm package specs that use ranges or tags (for example @^1.2.7) so installed package resources still load instead of being treated as mismatched exact pins (#5695).
      • Fixed inherited Anthropic 1-hour prompt-cache write cost accounting to price 1-hour cache writes at 2x input instead of the 5-minute cache-write rate (#5738 by @theBucky).
      • Fixed inherited GitHub Copilot Claude adaptive-thinking effort metadata to match manually checked Copilot model capabilities (#4637).
      • Fixed inherited OpenCode/OpenCode Go completion model metadata to omit long-retention cache fields for routes that reject prompt_cache_retention (#5702).
      • Fixed inherited overlay compositing over CJK wide characters so borders stay aligned when an overlay starts inside a full-width cell (#5297).
      • Fixed inherited WezTerm inline Kitty image rendering during full redraw fallbacks so image padding rows are reserved before the placement is drawn without regressing tall-image placement (#5618, #4415).
      • Fixed custom provider config so plain uppercase API key and header values remain literals instead of being treated as legacy environment references; use explicit $ENV_VAR syntax for environment variables (#5661).
    12. ๐Ÿ”— VoidNullable/lific v1.6.0 release

      Lific gets a planning layer. Plans turn a goal into an ordered, arbitrarily- nestable tree of steps that persists across sessions and context compaction โ€” the thing that separates an issue tracker from a project planner. Steps can mirror issues, so closing an issue checks its step and completing a step closes its issue, all recorded in the audit log.

      Plans

      • Persisted, nestable step trees. A plan is a first-class, project-scoped tree of steps (steps containing steps, any depth) that survives across agent sessions and compaction. Issues stay flat and lateral; the hierarchy lives on the plan.
      • Steps mirror issues, both ways. Link a step to an issue and the two stay in sync: closing the issue checks the step (anywhere it appears), and marking a step done closes its issue. Reopening an issue reopens its steps in active plans, stamped with the reason. Closing a plan's anchor issue auto-archives the plan. Done flows down from issues, never silently up from plans.
      • Authored in one call. Four MCP tools: create_plan builds a full nested tree at once, get_plan rehydrates it for the next session, and edit_plan_step / update_plan_step handle surgical edits, done toggles, issue links, and structure changes โ€” with every side effect reported back in the result.
      • First-class in the web UI. A Plans tab alongside Issues, Board, Modules, and Pages: a list grouped by status and a detail view with a real nested tree โ€” done toggles, per-step markdown descriptions, issue chips with provenance, an anchor issue, a progress bar, and an activity timeline. Built on the same shell as the issue and page views.
      • Fully audited. Every plan and step mutation lands in the audit log with actor attribution, including the issue-driven cascades (recorded as system-driven via the triggering issue). A new /api/plans/{id}/activity surface and plan support across list_resources and delete.
      • REST + CLI. Full /api/plans CRUD plus step operations, identifiers as PROJ-PLAN-n.

      Issue list

      • Accurate per-status tallies in the topbar. The count was previously filteredIssues.length over a fetch capped at 200, so it silently undercounted once a project grew past that. A new count_issues_by_status query (a single indexed GROUP BY) and GET /api/projects/{id}/issue-counts endpoint return true per-status counts and a real total.
      • Click a status count to toggle that filter , with narrowed views rendering "shown of total" so the number is always honest.
      • List fetch limit raised 200 โ†’ 1000 so rows don't truncate as early.
    13. ๐Ÿ”— r/reverseengineering /r/ReverseEngineering's Weekly Questions Thread rss

      To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the Reverse Engineering StackExchange. See also /r/AskReverseEngineering.

      submitted by /u/AutoModerator
      [link] [comments]

    14. ๐Ÿ”— exe.dev Announcing the exe.dev iOS app rss

      We're delighted to announce that exe.dev has an iOS app now in the App Store. There's a lot to write about how we built it, but today let's talk about the why. After all, the exe.dev dashboard and Shelley already work on mobile browsers.

      They say the best camera is the one you have with you. The best terminal is the one you have with you too. We couldn't build the following features without building an app, so an app it is:

      Notifications. Agentic conversations are high-latency, and it's useful to be notified when it's your turn. Nothing on iOS comes close to the native notifications experience. Of course, we built this with an exe integration: other software you build on your VM can use the same notify.int.exe.xyz integration to ping your phone.

      Share sheet. Many prompts begin with a screenshot. Take one, click share, and click on exe.dev to start an agentic conversation. Whether it's a UI element that's out of alignment or a Slack message you received, the share sheet speeds up "time to agent is working on it."

      exe.dev in the iOS share sheet

      Voice. We built a voice mode that can harness the power of having real computing resources available to you.

      SSH. There are several excellent SSH clients already available for SSH, but the process of creating a key and registering it with exe.dev is cumbersome. We do not yet support mosh (it's on the roadmap!) which makes roaming prone to dropping connections. Having a terminal client in our app side-steps that. We have happy users that have persistent Claude Code sessions in their terminals. Paste works, by the way.

      Multiplexing Shelley. One of our taglines is "a VM for every idea." Instead of walking through each VM in turn to find unfinished business, the iOS app provides a centralized place.

      I want to thank our TestFlight users for providing valuable feedback while suffering through many a crash!

      The app is in the App Store. Give it a whirl. Send us feedback via Discord or support@exe.dev.

      Your browser does not support the video tag.

  4. June 14, 2026
    1. ๐Ÿ”— IDA Plugin Updates IDA Plugin Updates on 2026-06-14 rss

      IDA Plugin Updates on 2026-06-14

      New Releases:

      Activity:

    2. ๐Ÿ”— backnotprop/plannotator v0.20.2 release

      Follow @plannotator on X for updates

      Missed recent releases? Release | Highlights
      ---|---
      v0.20.1 | Pi extension install hotfix (pinned @pierre/diffs after a broken upstream release)
      v0.20.0 | Multi-repo workspace reviews, semantic diff overview, UI 2.0 themes and plan look chooser, leaner single-source skill install
      v0.19.27 | Kiro CLI integration, Glimpse native window, annotate-last message picker
      v0.19.26 | Amp plugin production fixes, Mermaid rendering fix, Settings flicker fix, update notification toast and shimmer
      v0.19.24 | Amp integration, configurable data directory, Auto Mode permission option, Pi plan approval fix
      v0.19.23 | Droid integration, Windows Pi AI fix, quieter update indicator
      v0.19.22 | Safari copy fix in plan viewer, CLAUDE_CONFIG_DIR support for session logs
      v0.19.21 | Ask AI in plan review and annotate mode, shared AI runtime, origin-aware provider defaults
      v0.19.20 | Interactive goal setup UI, OpenCode submit_plan fixes, browser no-op sentinel handling for Claude agents
      v0.19.18 | Edit-based submit_plan for OpenCode, Pi namespace migration, Codex annotate-last fix, OpenCode commands dir fix
      v0.19.17 | Reworked goal setup skill (interview-driven flow), CLI --version flag

      What's New in v0.20.2

      v0.20.2 is a code-review-heavy release of nine PRs, two of them from first- time contributors. The largest work rebuilds the all-files review view on Pierre's CodeView and adds a pipeline that keeps very large pull requests fast and complete instead of failing or rendering empty. Agent engine selection is unified across review and tour modes, the Pi extension gains a programmatic plan-mode control event, and several reliability fixes land across review cleanup, annotate error messaging, and markdown rendering.

      All-Files Code Review on Pierre CodeView

      The all-files code review surface was rebuilt on Pierre's CodeView renderer, replacing the previous custom diff view and its lazy-mounting layer. The new foundation virtualizes large diffs, renders change-type status in file headers and the file tree, and presents renames as old/path โ†’ new/path rather than as a blank change. The annotation model, drafts, feedback export, and keyboard shortcuts carry over unchanged, so the way you review and send feedback is the same.

      Large Pull Request Pipeline, Instant-Open Checkout, and Scroll Performance

      Reviewing very large pull requests previously hit several walls: GitHub refused oversized diffs outright, the local checkout blocked the review from opening, and some files came back from the platform with no patch content and rendered as empty stubs. This release addresses all three.

      When a platform refuses an oversized diff, Plannotator now pages through the per-file API and stitches the result into a unified diff, so the review still loads. When the platform withholds per-file content on a truncated diff, an amber "Partial diff ยท Load full diff" notice offers to recompute the exact diff locally, and a staleness check surfaces a refresh prompt when the underlying files change mid-review. The --local checkout no longer blocks startup: the review server opens as soon as the platform diff arrives and the checkout warms in the background, with agent jobs, full-stack diff, and code navigation waiting on it only when they need real files.

      Scrolling the all-files view was also reworked. Syntax highlighting moved off the main thread into a worker pool, lazy full-content augmentation no longer hitches mid-scroll, and visibility tracking was coalesced to once per frame. The result is smoother scrolling on large diffs, with a clean fallback to unhighlighted text if the worker pool is unavailable.

      Unified Agent Mode Engine Selection

      The agent panel's engine selection was reworked so review and tour modes share one consistent model. Previously the selection conflated provider and mode in a single setting; it now separates the active mode from the engine choice (Claude or Codex) for each, with existing settings migrated forward. The change makes it clearer which engine runs for review versus tour and removes a class of confusing defaults.

      Programmatic Plan Mode for Pi

      The Pi extension gained a plan-mode event so other extensions and automation can drive Plannotator's plan mode programmatically. A request can enter, exit, toggle, or query plan mode, and receives the resulting phase (idle, planning, or executing) in return. This opens the plan workflow to scripted and multi-extension setups on Pi without requiring a manual command or shortcut.

      Review Cleanup and PR Feedback Fixes

      Two reliability fixes for the review path. First, the standalone server now routes SIGINT and SIGTERM through its normal shutdown so the existing cleanup runs on interrupt or termination. Aborting a review while a large pull request was still checking out in the background previously left clone and fetch processes running and stale git worktree registrations behind; those are now cleaned up, with a second interrupt still forcing an immediate quit.

      Second, the review feedback sent to the agent on "Send Feedback" now includes the triage instruction (review the feedback, verify it against the code, and discuss before changing anything) for pull request reviews, not just local diffs. The instruction is appended whenever you send annotations and is correctly omitted for platform actions that post an approval or comment directly to the host. The behavior is consistent across Claude Code, OpenCode, and Pi.

      Clearer Annotate and Markdown Behavior

      Running plannotator annotate on a file type it does not support (for example a .cs or .pdf file) reported a misleading "File not found" even when the file was present. It now reports that the type is unsupported, lists the supported extensions, and points to plannotator review for code. Separately, custom angle-bracket autolinks are kept literal instead of having their contents parsed for markdown styling, so links that contain markdown-like characters render correctly.

      Additional Changes

      • README redesign. The project README was rebuilt around a feature table with a centered note on AI assistance and refreshed styling. #891 and #892

      Install / Update

      macOS / Linux:

      curl -fsSL https://plannotator.ai/install.sh | bash

      Windows:

      irm https://plannotator.ai/install.ps1 | iex

      Extra skills (compound, setup-goal, visual-explainer), opt-in:

      npx skills add backnotprop/plannotator/apps/skills/extra

      Claude Code Plugin: Run /plugin in Claude Code, find plannotator , and click "Update now".

      OpenCode: Clear cache and restart:

      rm -rf ~/.bun/install/cache/@plannotator

      Then in opencode.json:

      {
  "plugin": ["@plannotator/opencode@latest"]
}

      Pi: Install or update the extension:

      pi install npm:@plannotator/pi-extension

      Droid: Install via the plugin marketplace:

      droid plugin marketplace add backnotprop/plannotator
droid plugin install plannotator@plannotator

      Amp: Install the CLI first, then copy the plugin:

      mkdir -p ~/.config/amp/plugins
curl -fsSL https://raw.githubusercontent.com/backnotprop/plannotator/main/apps/amp-plugin/plannotator.ts \
  -o ~/.config/amp/plugins/plannotator.ts

      Kiro CLI: The installer auto-detects Kiro and installs skills automatically. After installing the CLI, launch with:

      kiro-cli chat --agent plannotator

      Upgrading from before v0.20.0? Read the v0.20.0 release notes first; that release changed how skills install.

      What's Changed

      • feat(review): migrate all-files code review to Pierre CodeView by @backnotprop in #885
      • fix(markdown): keep custom angle autolinks literal by @ishowman in #867
      • fix(annotate): improve error message for unsupported file types by @ishowman in #870
      • refactor(agent-mode): Unify agent mode engine selection by @codythatsme in #868
      • feat(review): large-PR pipeline, instant-open checkout, scroll perf, and worker-pool highlighting by @backnotprop in #893
      • feat(readme): redesign README by @backnotprop in #891
      • style(readme): center AI note under feature table by @backnotprop in #892
      • fix(review): signal-safe cleanup + triage suffix for PR feedback by @backnotprop in #914
      • feat(pi): add programmatic plan mode event by @Termina1 in #898

      New Contributors

      Contributors

      @ishowman landed two fixes in their first contributions: a clearer error from plannotator annotate when a file type is not supported, and a markdown fix that keeps custom angle-bracket autolinks literal instead of styling their contents. @Termina1 added the programmatic plan-mode event to the Pi extension, letting other extensions and automation enter, exit, toggle, or query plan mode and read back the resulting phase. @codythatsme unified agent mode engine selection so review and tour modes share one consistent model for choosing between Claude and Codex, with existing settings migrated forward.

      This release also resolved community-reported issues. @NikiforovAll reported the misleading "File not found" message from plannotator annotate on unsupported file types, with a concrete .cs reproduction. @Thraka reported the markdown autolink rendering issue, and @MannXo contributed to the discussion that shaped the fix.

      Full Changelog : v0.20.1...v0.20.2

    3. ๐Ÿ”— HexRaysSA/plugin-repository commits sync repo: +1 release, ~2 changed rss 
      sync repo: +1 release, ~2 changed

## New releases
- [IDAGuides](https://github.com/libtero/idaguides): 1.1.0

## Changes
- [IDASQL](https://github.com/allthingsida/idasql):
  - 0.0.10: archive contents changed
- [xray](https://github.com/hexrays-plugin-contributions/xray):
  - 2025.9.24: archive contents changed

generated: June 17, 2026 at 13:06:41