๐Ÿก
  • โ†”
  • โ†’

to read (pdf)

  1. I don't want your PRs anymore
  2. JitterDropper | OALABS Research
  3. DomainTools Investigations | DPRK Malware Modularity: Diversity and Functional Specialization
  4. EXHIB: A Benchmark for Realistic and Diverse Evaluation of Function Similarity in the Wild
  5. Neobrutalism components - Start making neobrutalism layouts today

generated: June 10, 2026 at 07:19:03

  1. June 10, 2026
    1. ๐Ÿ”— HexRaysSA/plugin-repository commits sync repo: +2 releases rss 
      sync repo: +2 releases

## New releases
- [yarg](https://github.com/r0ny123/yarg): 1.0.4, 1.0.3
    2. ๐Ÿ”— r/reverseengineering ๐Ÿš€ Release PyMemoryEditor v2.0 โ€” read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) rss

      submitted by /u/SupermarketTrue7507
      [link] [comments]

    3. ๐Ÿ”— r/LocalLLaMA Anthropic is intentionally nerfing Fable when asked to develop other LLMs rss

      Anthropic is intentionally nerfing Fable when asked to develop other LLMs | Reason 458 why local LLMs are going to be a necessity submitted by /u/onil_gova
      [link] [comments]
      ---|---

    4. ๐Ÿ”— modem-dev/hunk v0.15.1 release

      What's Changed

      New Contributors

      Full Changelog : v0.15.0...v0.15.1

    5. ๐Ÿ”— championswimmer/pi-context-prune v1.1.2 release

      Release 1.1.2

    6. ๐Ÿ”— championswimmer/pi-context-prune v1.1.1 release

      Release 1.1.1

    7. ๐Ÿ”— championswimmer/pi-context-prune v1.1.0 release

      Release 1.1.0

    8. ๐Ÿ”— championswimmer/pi-context-prune v1.0.0 release

      Release 1.0.0

    9. ๐Ÿ”— exe.dev Sharing is Caring rss

      Today's quiz is to deploy a server-rendered hello world app (python3 -mhttp.server fine for these purposes, though I used Go below), publically visible, on your cloud of choice. On your marks, get set, GO!

      $ ssh exe.dev new --name mr-rogers
$ ssh exe.dev share set-public mr-rogers
$ ssh mr-rogers.exe.xyz
# on that machine:
$ cat > main.go
package main

import (
        "fmt"
        "net/http"
)

func main() {
        http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
                fmt.Fprintln(w, "hello world")
        })
        http.ListenAndServe(":8000", nil)
}
^D
$ go run main.go  # maybe in a tmux

# back on your laptop, open https://mr-rogers.exe.xyz/

      At exe.dev, our goal is to make sharing a web app that you built as easy as forwarding an e-mail. You saw the command-line approach above; there's an equivalent web-based flow as well.

      If you don't want to share with the whole world, but only some friends, the share command also takes e-mail addresses, and your users can log into your site.

      If you use exe.dev on a team, the sharing hierarchy is richer in that you can also share SSH access to your VM with a team member. The full hierarchy of sharing is:

      | Individual Accounts | Team Accounts
      ---|---|---
      Administrative
      (e.g., removing the VM) | Only owner | Owner, and, indirectly, team administrators
      SSH access
      (and agent access) | Only owner | Owner, or can be shared with team
      Single web port | Can be shared publicly, or with individual e-mail addresses. | Can be shared publicly, with a team, or with individual e-mail addresses.

  2. June 09, 2026
    1. ๐Ÿ”— Simon Willison Initial impressions of Claude Fable 5 rss

      I didn't have early access to today's Claude Fable 5 release, but I've spent the past ~5.5 hours putting it through its paces. My initial impressions are that this is something of a beast. It's slow, expensive and has been quite happily churning through everything I've thrown at it so far. As is frequently the case with current frontier models the challenge is finding tasks that it can't do.

      First, let's review the key characteristics.

      Anthropic claim that Claude Fable 5 offers the same performance as Claude Mythos 5, except with much more strict guardrails in place to prevent it being used for harmful things. Those guardrails trigger often enough that the Claude API has new mechanisms for letting you know when you hit them, and even has a new option to request it falls back to another model automatically if something gets rejected.

      Claude Mythos 5 is out today as well, Anthropic say it "Shares Claude Fable 5's capabilities without the safety classifiers".

      The models have a 1 million token context window, 128,000 maximum output tokens and a knowledge cut-off date of January 2026.

      They are priced at twice the price of Claude Opus 4.5/4.6/4.7/4.8: $10/million input tokens and $50/million output tokens. There's no increase in price for longer context usage.

      Other than that the upgrade guide is substantially thinner than the similar guide for Opus 4.8.

      The big model smell

      The best way to describe Fable is that it feels big. Not just in terms of speed and cost, but also in how much it knows.

      Here's an example prompt, which I used to compare Fable's knowledge with Opus 4.8 (typo included):

      List all of Simon Willion's open source projects, most recent first, each with a rough date of when they were first released

      Opus 4.8's reply started like this:

      I don't have a reliable, comprehensive, and date-verified list of all of Simon Willison's open source projects, and I want to be honest about that rather than risk giving you inaccurate dates or fabricated entries.

      Here's what I can tell you with reasonable confidence:

      Well-known projects by Simon Willison:

      • LLM (~2023) โ€“ A command-line tool and Python library for interacting with large language models.

      • Datasette (~2017) โ€“ A tool for exploring and publishing data, probably his most prominent recent project.

      • sqlite-utils (~2018-2019) โ€“ A Python library and CLI tool for manipulating SQLite databases, often used alongside Datasette.

      • Django (2005) โ€“ He is one of the co-creators of the Django web framework, along with Adrian Holovaty, originally developed at the Lawrence Journal-World newspaper.

      He also maintains a large ecosystem of Datasette plugins and many smaller utilities (often with names like shot-scraper, various *-to-sqlite tools for importing data, etc.).

      That's not bad. Here's the start of the response for the exact same prompt from Fable 5 - both models were running without access to search:

      I think you mean Simon Willison โ€” the prolific open source developer, co-creator of Django, and creator of Datasette.

      An important caveat upfront: a truly complete list isn't feasible. Simon Willison is famously prolific โ€” he has published hundreds of repositories (Datasette alone has 100+ plugins, many written by him), and my knowledge has a cutoff date, so I'll be missing his most recent work. Below are his notable projects with approximate initial release dates, most recent first:

      Notable projects (approximate dates)

      • files-to-prompt (April 2024) โ€“ concatenates files into a single prompt for LLMs
      • datasette-extract (2024) โ€“ plugin for extracting structured data using LLMs
      • LLM (Mayโ€“June 2023) โ€“ CLI tool and Python library for interacting with large language models, plus a large ecosystem of plugins (llm-gpt4all, llm-mistral, llm-claude, etc., 2023 onward)
      • symbex (June 2023) โ€“ search Python code for symbols
      • ttok and strip-tags (May 2023) โ€“ CLI tools for token counting and HTML cleanup for LLM pipelines
      • datasette-lite (May 2022) โ€“ Datasette running entirely in the browser via WebAssembly/Pyodide
      • shot-scraper (March 2022) โ€“ automated website screenshots via Playwright
      • s3-credentials (November 2021) โ€“ CLI for creating scoped AWS S3 credentials
      • django-sql-dashboard (2021) โ€“ SQL reporting dashboards for Django
      • Dogsheep suite (2019) โ€“ personal analytics tools: twitter-to-sqlite, github-to-sqlite, healthkit-to-sqlite, dogsheep-beta, etc.
      • sqlite-utils (2018) โ€“ CLI and Python library for manipulating SQLite databases
      • Datasette (November 2017) โ€“ his flagship project; tool for exploring and publishing data
      • csvs-to-sqlite (2017) โ€“ convert CSV files to SQLite
      • Various early tools (~2007โ€“2010) โ€“ soupselect, json-head, geocoders, and others
      • Django (developed 2003โ€“2005, open-sourced July 2005) โ€“ co-created with Adrian Holovaty at the Lawrence Journal-World

      (Here's GPT-5.5 for good measure. It listed even more projects than Fable did!)

      In the past I've stated that I don't care about how much models know - I want them to be able to manipulate text and code in useful ways and actively look up the information they need via search tools, not bake it into their weights.

      But knowledge like this is a reasonably good proxy for model size - you can cram a whole lot more details about the world into a larger number of parameters.

      Does knowing more stuff mean the model is better at the tasks we pose to it? I can certainly imagine how a coding model with deeper knowledge of modern libraries and patterns could crunch through coding tasks more effectively.

      Is Fable really bigger than Opus? Anthropic haven't said anything about model size, so all we have are tea-leaves, but the speed, pricing and my own poking at its knowledge make me think that it's a large model. Maybe the largest yet from any vendor.

      Using Fable in Claude.ai

      Anthropic made Fable 5 available across all of their surfaces - the Claude.ai chat interface, Claude Code for web, Claude Code CLI and Claude Cowork as well. The model is available "until June 22nd" on the subscription plans (I'm on $100/month Max at the moment), after which it will be billed extra.

      Claude.ai is often under-estimated. Since September 2025 every chat has had access to a full container environment to run code, including the ability to install additional packages and even clone repositories directly from GitHub.

      Last week I released micropython-wasm, a Python library that uses wasmtime to run a custom build of MicroPython in WebAssembly to act as a sandbox for untrusted Python code.

      I decided to see if Fable could upgrade that to running full Python instead. I started with this prompt:

      Clone simonw/micropython-wasm from GitHub and research how this could use a full Python as opposed to MicroPython

      Fable identified that it could use Brett Cannon's cpython-wasi-build builds for this, but was unable to download them itself due to environment restrictions.

      So I grabbed the two zip files from that page and uploaded them to Claude:

      Here's the Brett Cannon builds (python-3.zip, _build-python-3.zip as attachments)

      And that was that. It churned away for a few minutes and got the entire thing working.

      Part of the response included:

      I tried the cleaner single-zip-stdlib approach to shrink the filesystem surface, but CPython's getpath bootstrap fails to find encodings from inside a zip without more prefix finessing โ€” the directory-preopen approach works reliably, so that's what the PoC uses. The zip path is solvable but needs _PYTHONHOME/frozen-getpath work.

      So I said:

      Try a bit more at the single-zip-stdlib problem

      Then a little later:

      I want a wheel that has the whole system in it, the Python wrappers and the WASM files and the stdlibrary, so I can do uv run --with path-to-whl python -c "demo code"

      ... and it gave me this 13.9MB cpython_wasm-0.1.0-py3-none-any.whl file. You can try running Python code in a sandbox using that wheel URL and uv like this:

      uv run --with https://static.simonwillison.net/static/cors-allow/2026/cpython_wasm-0.1.0-py3-none-any.whl \
  cpython-wasm -c 'print(45 ** 56)'

      Here's the full chat transcript.

      This was a very strong start.

      Adding features to Datasette Agent and LLM using Claude Code

      Before I'd realized it was Fable day, my stretch goal for today was to add a new feature to Datasette Agent: I wanted tool calls within that agent software to gain the ability to pause mid-execution and request approval directly from the user.

      This felt like a suitably meaty task to throw at the new model.

      Over the course of the day Fable not only solved that problem, it also identified and then implemented four issues in my underlying LLM library that would help support this kind of advanced pause-resume mechanism in tool calls.

      It got everything working first using somewhat gnarly hacks, but the moment I told it that changes to LLM itself were in scope it set to work unraveling the hacks and turning them into supported features of LLM instead.

      My stretch goal turned into LLM 0.32a3, almost entirely written by Fable. Here are the release notes:

      Driven by the needs of Datasette Agent's human-in-the-loop ask_user() feature, made the following improvements to how tool calls work:

      • Tool implementations can declare a parameter named llm_tool_call in order to be passed the llm.ToolCall object for the current invocation. This allows them to access the current llm_tool_call.tool_call_id. See Accessing the tool call from inside a tool. #1480
      • Every tool call is now guaranteed a unique tool_call_id - providers that do not supply one get a synthesized tc_-prefixed ULID. #1481
      • Tools can raise a llm.PauseChain exception to cleanly pause the tool chain, useful for things like waiting for human approval. The exception propagates to the caller with .tool_call and .tool_results (completed sibling results) attached, and no model call is made with a placeholder result. See Pausing a chain from inside a tool. #1482
      • Failure semantics for concurrent tool execution: async sibling tool calls always run to completion before a pause or hook exception propagates. #1482
      • Chains can now resume from a messages= history ending in unresolved tool calls: the calls are executed through the normal before_call/after_call machinery before the first model call, skipping any that already have results. The execute_tool_calls() method also accepts a new optional tool_calls_list= argument for executing an explicit list of ToolCall objects in place of the calls requested by the response. See Resuming a chain with pending tool calls. #1482
      • Fixed a bug where the async tool executor silently dropped calls to tools not present in tools= - these now return Error: tool "..." does not exist results, matching the sync executor. #1483

      I'm really impressed with the quality of API design, tests, code and documentation that Fable put together for this. I spent several hours on it today, but it feels like several days' worth of work.

      How much I've spent

      I recently started using AgentsView to help track my local LLM usage across all of the different coding agents. I published a TIL today about adding custom Fable pricing to that tool, which I expect will not be necessary in the very near future.

      After setting the price, I ran this command to start a localhost web server to explore my usage:

      uvx agentsview serve

      Here's the treemap showing the breakdown of my Fable usage across various projects today:

      Screenshot of a cost tracking dashboard with two panels. The first panel is titled "Cost Attribution" with toggle buttons for Project / Model / Agent and Treemap / List, with Project and Treemap selected. Italic text reads "Click to hide from chart". A treemap shows a large red block labeled prod_datasette_agent $99.26 89.9%, with smaller blocks to its right labeled cloud (blue), datasette (teal), llm (red), and money (pink), plus a tiny orange sliver. A legend lists: 1 prod_datasette_agent $99.26, 2 cloud $3.98, 3 datasette $2.81, 4 llm $2.30, 5 money $1.92, 6 simon $0.15. The second panel is titled "Top Sessions by Cost" and lists nine sessions, each with a "Claude" badge, a prompt excerpt, a project name with a session UUID (omitted here), a token count, and a cost: 1. Review ./datasette-agent and ./datasette-apps - we are going to add a new feature to agent but you ... prod_datasette_agent, 78.2M, $99.26. 2. issues.db is a copy of the Datasette issues database. There are a LOT of notes in there relating to... datasette, 826.8k, $2.81. 3. Consult fly-docs and then look at datasette.cloud (which launches fly machines) and datasettecloud-... cloud, 924.7k, $2.61. 4. simonwillisonblog.db is a copy of my blog, plus all my software releases and other interesting thin... money, 542.9k, $1.92. 5. Look in datasette.cloud and figure out all remaining steps and decisions that need to be made in or... cloud, 455k, $1.37. 6. Review PRs and issues filed against this repo within the last 4 weeks and see if any deserve to be ... llm, 323.3k, $0.95. 7. run mypy, llm, 320.9k, $0.76. 8. [Image #1] fix this in github actions, llm, 183.9k, $0.59. 9. simon, simon, 26.4k, $0.15.

      I used $110.42 worth of tokens today, all as part of my $100/month subscription.

      And some pelicans

      I ran "Generate an SVG of a pelican riding a bicycle" against all five thinking effort levels with Fable.

      Here are the results, including the token cost for each one:

      It's interesting that high ended up using fewer tokens than medium for this particular run.

      Here are the Opus 4.8 pelicans for comparison.

      You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.

    2. ๐Ÿ”— @binaryninja@infosec.exchange Wake up binjas, new Binary Ninja 5.3.9757 stable just dropped. No mastodon

      Wake up binjas, new Binary Ninja 5.3.9757 stable just dropped. No functionality this time (head over to dev for that!) but lots of stability fixes for the appropriately named stable branch:

      https://binary.ninja/2026/06/09/5.3-release-2.html

    3. ๐Ÿ”— r/Harrogate Looking for a nail tech rss

      Looking for a nail tech | Anyone know any nail girls/shops that can do me something like this? submitted by /u/Living-Yellow4188
      [link] [comments]
      ---|---

    4. ๐Ÿ”— VoidNullable/lific v1.4.1 release

      A maintenance release: a sweep of correctness and security fixes across the database, auth, and MCP layers, plus server and web improvements that landed after v1.4.0.

      Fixes

      • Creating an issue is now atomic โ€” a failed label attach can no longer leave a half-created issue behind.
      • Rotating an API key keeps its user binding, so rotated bot/tool keys no longer lose their comment attribution.
      • Empty or whitespace-only search queries return no results instead of a database error.
      • Project identifiers are validated on create and update: uppercase letters and digits, at most 5 characters, starting with a letter. Hyphenated, lowercase, or empty identifiers (which silently broke issue lookups) and the reserved word DOC are rejected.
      • An issue can no longer be linked to itself โ€” a self-"blocks" previously made it permanently unworkable.
      • Board columns follow workflow order (backlog โ†’ todo โ†’ active โ†’ done โ†’ cancelled) and priority severity, instead of alphabetical order.
      • Auto-refresh no longer stacks duplicate fetches when navigating between views.
      • OAuth protected-resource metadata advertises the /mcp-qualified resource so claude.ai web accepts issued tokens.

      Server and web

      • Responses are gzip/brotli compressed and content-hashed assets are cached immutably, dramatically cutting first-load time on slow links.
      • Issue list, board, and page views auto-refresh to reflect changes without a manual reload.
      • Optional authless MCP endpoint at /mcp/<token> to work around claude.ai web's broken OAuth connector flow.
      • Priority icons are now consistent across the UI.
      • The root URL lands on Settings instead of the first project's issue list.
    5. ๐Ÿ”— r/Harrogate Red kites over showground area on Sunday rss

      Red kites over showground area on Sunday | submitted by /u/DrMamaBear
      [link] [comments]
      ---|---

    6. ๐Ÿ”— r/reverseengineering I reverse engineered Lofree Hypace mouse firmware flashing protocol to bypass their official web based configuration on MacOS. rss

      submitted by /u/Qunit-Essential
      [link] [comments]

    7. ๐Ÿ”— @HexRaysSA@infosec.exchange We're heading to [@x33fcon](https://infosec.exchange/@x33fcon) and we'd love mastodon

      We're heading to @x33fcon and we'd love to see you there!

      Stop by our expo table to dig into headless IDA, get a sneak peek at the newly revamped Teams, and check out our new malware-centric features. Or just come say hello! ๐Ÿ‘‹

    8. ๐Ÿ”— sacha chua :: living an awesome life From DC Toedt: Copy Org Mode as Markdown rss

      DC Toedt is a lawyer and professor of practice who uses Emacs and Org Mode. He wanted a small Emacs Lisp function to convert Org Mode syntax to Markdown and copy it to the clipboard to make it easier to copy the materials he's writing for a course on contract drafting. This seems to be a common need, and here are several other approaches:

      Anyway, DC shared how he used Claude to generate a simple function to do it, which is here under public domain: 

      (defun my/org-to-markdown-clipboard ()
  "Export org region (or buffer) to Markdown and copy to clipboard.
With no active region, exports the whole buffer."
  (interactive)
  (require 'ox-md)
  (let* ((text (if (use-region-p)
                   (buffer-substring-no-properties (region-beginning)
(region-end))
                 (buffer-substring-no-properties (point-min) (point-max))))
         (md (org-export-string-as text 'md t '(:with-toc nil
                                                :with-author nil
                                                :with-date nil
                                                :with-title nil))))
    (kill-new md)
    (message "Markdown copied (%d chars)" (length md))))
(with-eval-after-load 'org
  (define-key org-mode-map (kbd "C-c m") #'my/org-to-markdown-clipboard))

      You can e-mail me at sacha@sachachua.com.

    9. ๐Ÿ”— r/Harrogate Tommy Robinson March rss

      Tommy Robinson March | What do you think the turnout will be for the Tommy Robinson thing on the stray? I am surprised to see Harrogate on the list, to be honest. I can't imagine many people turning up, I would rather be in a beer garden enjoying the sun whilst we have it... ๐Ÿบ๐ŸŒ… https://preview.redd.it/1qfvlzikx96h1.png?width=980&format=png&auto=webp&s=79211b1ea3a1a1b0da157995a85ca901eae1ba37 submitted by /u/Beginning-Pass-8882
      [link] [comments]
      ---|---

    10. ๐Ÿ”— r/LocalLLaMA Rick & Morty rss

      Rick & Morty | nobody expected HF there submitted by /u/jacek2023
      [link] [comments]
      ---|---

    11. ๐Ÿ”— r/Harrogate Restaurant suggestions like jodphur rss

      Hi everyone,
      I was looking at taking my friend to Jodphur in town today but I didnโ€™t realise itโ€™s closed on Tuesdays. What other good Indian restaurants are there nearby? Iโ€™m happy to go as far as north Bradford as Iโ€™ve heard thereโ€™s some good ones over there. Thanks

      submitted by /u/Time-Supermarket-433
      [link] [comments]

    12. ๐Ÿ”— Locklin on science Progress: real and Potemkin rss

      I ran across this essay, Freddie deBoer offering a bet to Scott Alexander that the AI singularity isn’t coming in the next 3 years, based on a decent decent set of economic measurements: https://substack.com/home/post/p-187862732 I used to find it somewhat mind-boggling that allegedly intelligent people think we’re on the eve of some giant technological leap […]

    13. ๐Ÿ”— navidrome/navidrome v0.62.0 release

      This release introduces support for the OpenSubsonic sonicSimilarity extension, enabling audio-based similarity through the plugin system: when a plugin provides the capability, the new getSonicSimilarTracks and findSonicPath endpoints unlock smarter, sound-based recommendations and playlists. One plugin that implements it is AudioMuse- AI. It also brings a major overhaul to playback reporting and the Now Playing experience โ€” the UI now uses the new OpenSubsonic playbackReport extension, replacing the old scrobble flow with a redesigned panel and configurable reporting interval. On the security front, it hardens the server with stronger ownership and authorization checks across shares, players, and transcoding endpoints, caps concurrent transcodes to prevent ffmpeg-based denial of service, and adds an option to refuse to run as root. Smart playlists gain ReplayGain fields and new isMissing/isPresent operators, and there are five new UI themes to choose from.

      Security

      This release fixes several reported vulnerabilities. We thank the security researchers who responsibly disclosed them.

      Note: Several of the advisories linked above are still in draft/triage on GitHub at the time of writing. Their links will become publicly accessible once the advisories are published. The fixes themselves are already included in this release.

      Configuration Changes

      Status | Option | Description | Default
      ---|---|---|---
      New | EnforceNonRootUser | Exit early on startup if Navidrome is running as root (ignored on Windows). (#5373) | false
      New | Transcoding.MaxConcurrent | Maximum number of concurrent transcodes server-wide (0 = unlimited). (#5522) | 0
      New | Transcoding.MaxConcurrentPerUser | Maximum number of concurrent transcodes per user (0 = unlimited). (#5522) | 0
      New | Matcher.PreferStarred | Bias the fuzzy matcher toward starred/high-rated tracks. (#5387) | true
      New | UIPlaybackReportInterval | How often the UI reports playback progress. (#5448) | 1m
      Deprecated | EnableTranscodingCancellation โ†’ Transcoding.EnableCancellation | Renamed and moved under the new Transcoding section. (#5523) | false
      Deprecated | SimilarSongsMatchThreshold โ†’ Matcher.FuzzyThreshold | Renamed and moved under the new Matcher section. (#5387) | 85

      For a complete list of all configuration options, see the Configuration Options documentation.

      UI

      Smart Playlists

      • Add ReplayGain fields to the criteria system. (d9dac4445 by @deluan)
      • Add isMissing and isPresent operators. (#5436 by @deluan)
      • Relax playlist visibility in inPlaylist/notInPlaylist rules. (#5411 by @deluan)
      • Optimize smart playlist performance for role and tag criteria. (#5515 by @deluan)
      • Coerce string booleans in smart playlist rules. (#5450 by @deluan)

      Subsonic API

      • Implement the playbackReport OpenSubsonic extension. (#5442 by @deluan)
      • Add the sonicSimilarity extension as a plugin capability. (#5419 by @deluan)
      • Add a groupings field to the OpenSubsonic Child response. (f12e75aa1 by @deluan)
      • Use SQLite RANDOM() sorting in getRandomSongs for faster results. (cf1f190bb by @deluan)
      • Mark AlbumID3 songCount and created as required. (8897ec918 by @deluan)
      • Normalize non-NFKD Unicode letters (รธ, รฆ, ล“, รŸ) in search. (#5413 by @deluan)

      Transcoding

      • Place -ss before -i for fast input seeking. (#5492 by @deluan)
      • Don't apply server-side override on getTranscodeDecision. (#5473 by @deluan)
      • Log a warning for invalid or stale transcode tokens. (9a2eb483e by @deluan)

      Scanner

      • Respect tag-split config when multiple frames map to the same tag. (#5193 by @trek-e)
      • Fix error when importing playlists without an admin user. (5b85b2839 by @deluan)

      Artwork

      • Fix stale cache and top-level album artwork for multi-disc albums. (#5457 by @deluan)
      • Prefer album-root images over disc-subfolder images for multi-disc albums. (#5451 by @deluan)
      • Return the correct timestamp when disc or album cover art changes. (#5378 by @bobo-xxx)

      Server

      • Prevent artwork throttle token starvation on slow clients. (#5472 by @deluan)
      • Proxy NowPlaying even when ignoreScrobble is set. (#5559 by @deluan)
      • Make the /api/song path filter work and use startsWith. (#5566 by @deluan)
      • Preserve unchanged fields on partial REST playlist updates. (#5542 by @deluan)
      • Allow toggling playlist auto-import and avoid unnecessary artwork reloads. (#5421 by @deluan)

      Matcher

      • Add Matcher.PreferStarred option to bias the fuzzy matcher toward starred/high-rated tracks. (#5387 by @deluan)

      Plugins

      CLI

      • Add pls export/import subcommands for bulk playlist management. (#5412 by @deluan)
      • Restore int cast for syscall.Stdin on Windows. (e75ab3b03 by @deluan)

      Build & Dependencies

      • Improve Windows support: the Go test suite now runs on Windows CI, with previously-skipped Subsonic, artwork, watcher, and scheduler tests enabled and fixed. (#5380, #5427, #5416 by @deluan)
      • Upgrade Go to 1.26. (#5361 by @deluan)
      • Enable native libwebp encoding in the Docker image. (#5350 by @deluan)
      • Update TagLib to 2.3. (e55a35544 by @deluan)

      Translations

      New Contributors

      Full Changelog : v0.61.2...v0.62.0

      Helping out

      This release is only possible thanks to the support of some awesome people!

      Want to be one of them?
      You can sponsor, pay me a Ko- fi, or contribute with code.

      Where to go next?

    14. ๐Ÿ”— HexRaysSA/plugin-repository commits sync repo: +1 plugin, +2 releases rss 
      sync repo: +1 plugin, +2 releases

## New plugins
- [yarg](https://github.com/r0ny123/yarg) (1.0.2, 1.0.1)
    15. ๐Ÿ”— doomemacs/core v2.2.0 release

      v2.2.0

    16. ๐Ÿ”— sacha chua :: living an awesome life June 11: Sacha and Prot Talk Emacs: Built-ins rss

      On June 11, I'm going to chat with Prot about the Emacs Carnival June 2026 topic Underappreciated Emacs Built-ins. Thanks to Ross A. Baker for hosting the carnival!

      Watch on YouTube

      (America/Toronto) = Thu Jun 11 1030H EDT / 0930H CDT / 0830H MDT / 0730H PDT / 1430H UTC / 1630H CEST / 1730H EEST / 2000H IST / 2230H +08 / 2330H JST

      You can e-mail me at sacha@sachachua.com.

    17. ๐Ÿ”— Baby Steps Only Bounds rss

      only bounds are going to be the most impactful change to Rust that you've never heard of. They are currently being designed and developed by the Arm team (David Wood, Rรฉmy Rakic, et al.) as part of the Sized Hierarchy and Scalable Vector Extension project goal. This post explores the feature and aims to answer a particular question about the design (the scope of bounds, I'll explain). But before I dive in, I want to give a bit of context.

      Rust generics have a Sized bound by default today

      In today's Rust, every type parameter (except for Self) has a default bound called Sized:

      // So this function...
fn identity<T>(t: T) -> T {
    t
}

// ...is actually short for
fn identity<T>(t: T) -> T
where
    T: Sized, // <-- Added by default!
{
    t
}

      A type T implements Sized if the compiler can compute the size of a T value at compilation time. This is true for almost every type, with a few notable exceptions. Consider [u32], which refers to "some number of u32 instances". We know that a single u32 is 4 bytes, but without knowing how many u32 there are, you can't know the size of [u32]. This means you can't have a value of type [u32] on the stack (how big should the stack frame be?).

      You opt out with ?Sized

      However, if you have a function like by_ref, that just takes the value by reference (i.e., by pointer), you shouldn't need to know how big the [u32] value is, because you're not manipulating it directly. You can have a type parameter U that doesn't require Sized, but you have to explicitly "opt out" from the default bound:

      fn by_ref&lt;U&gt;(t: &U)
where
    U: ?Sized, // <-- Opt out from the default
{ }

      As a fun bit of historical trivia, this system was introduced way back in 2014 to accommodate Dynamically Sized Types. Before that, &[u32] was actually a built-in, indivisible type; we even wrote it like [u32]/& for a time.1

      But Sized vs ?Sized isn't enough for everything we need

      The Sized vs ?Sized design has served us reasonably well but it is also showing its limits. It turns out that "value has a statically computable size" vs "each value has a distinct size computable at runtime" doesn't cover all the things you might want. For example, extern types are types whose values have no known size, even at runtime. And then Arm's Scalable Vector Extension want to describe SIMD types where every value of the type has the same size (unlike str and [T], where each value can have a different length) but where that size is not known until runtime.

      A richer Sized hierarchy

      Rather than just Sized or ?Sized, what we really want is to have a richer hierarchy. The current plans look something like this:

      flowchart TD
  subgraph S["Sizedness traits"]
      Sized[["Sized (default)"]] -- extends --> MetadataSized
      MetadataSized -- extends --> MaybeSized
  end

      where

      • trait Sized means that all values have the same size and that size can be computed knowing only the type.
      • trait MetadataSized means that values can have different sizes and that size can be computed given the metadata attached to a reference to the value. Examples include [T] or dyn Trait.
      • trait MaybeSized is implemented for all values and tells you nothing about the value's size.

      Two caveats:

      1. I'm excluding the way that Arm's Scalable Vector Extension fit into this, because it's orthogonal.
      2. The trait names aren't settled. I'm using the names I understand the libs-api team to prefer; they're not my favorites, but that's ultimately the team who owns stdlib bikesheds, so I defer to them.2

      Problem: ?Sized notation doesn't scale to this hierarchy

      But now we have a kind of problem. The ?Sized notation was predicated3 on the idea that users should specify the default bound they are opting out of - i.e., the ? is meant to say "I don't know if this is Sized or not" (unlike the default, where you know it is Sized). But "opting out" from a bound doesn't work so well with a multi-level hierarchy. When you write ?Sized, does that correspond to T: MetadataSized (but not T: Sized)? And what if we want to insert another level in between T: MetadataSized and T: Sized later? Then we either have to change what T: ?Sized means (to refer to the new bound) or we have to have T: ?Sized drop two levels down the hierarchy. Even more annoying, what do we do while that middle rung is unstable? Surely T: ?Sized shouldn't refer to an unstable traitโ€ฆ what if we decide to remove it

      Solution: only bounds

      The new proposal is to write T: only MetadataSized or T: only UnknownSized instead of T: ?Sized. An only bound combines two things:

      1. Like any bound, it includes a "minimum requirement" - i.e., T: only MetadataSized means that T must implement at least MetadataSized.
      2. It additionally disables some default bounds - i.e., we will not add the default T: Sized bound.

      The name only comes from the fact that T: Sized implies T: MetadataSized. So the default of T: Sized already means that T: MetadataSized for free; but when you write only MetadataSized, you are saying "I don't need the full hierarchy, just MetadataSized will do".

      only bounds work like normal bounds: ask for what you need

      A nice feature of only bounds is that they work more like a regular bound. Whereas a ? bound is saying "I don't need this", an only bound is saying what you do need. So e.g. if you are writing a function that just has references to values of type T does not care what their size is, you can write

      fn by_ref&lt;U&gt;(u: &U)
where
    U: only MaybeSized,
{}

      If you are writing a function that does need to compute the size of values of type V, you can ask for that capability:

      fn checks_size<V>(v: &V)
where
    V: only MetadataSized,
{
    std::mem::size_of_val(v)
}

      only bounds allow for new levels to be added later

      A nice feature of only bounds is that, later on, we can add new levels to the hierarchy, and they work normally. For example, suppose we wish to add something like Aligned where the size is not known at compilation time but the alignment is. We could change the hierarchy to

      trait Sized: Aligned
trait Aligned: MetadataSized // <-- new!
trait MetadataSized: MaybeSized
trait MaybeSized

      and functions with U: only MaybeSized (like by_ref) and with V: only MetadataSized (with checks_size) would continue to have the same requirements. But new functions could be written with T: only Aligned that would use the new bound. And there is no conflict with stabilization; code that writes T: only Aligned can be considered unstable until that middle hierarchy is finalized.

      only bounds compose normally

      Like any other bound, only bounds are combined with other bounds to form the overall requirements. So it is possible to write e.g. T: only MetadataSized + Sized. This is equivalent to T: Sized and therefore equivalent to the default and therefore kind of pointless, but you can write it. Similarly, given that trait Clone: Sized, if you write T: only MetadataSized + Clone, that is kind of pointless too: you might as well write T: Clone, which would be equivalent. We plan to have a warn-by-default lint for that.

      Scaling only to other "default bound families" (speculative)

      The final strength of only bounds is that they allow us to introduce whole new families of default bounds. One example is the idea of introducing a Move bound. Note that this is a distinct feature and is not covered under the current RFC.

      All types in Rust today are "movable" and "forgettable", meaning that you can memcpy the value from place to place so long as you stop using the previous location and you can recycle the memory where it is stored without running the value's destructor. There is one notable exception - when you pin a value, you it can no longer be moved, and you must run its destructor before its memory is reused - but otherwise this is a hard-and-fast rule. And that's annoying!

      The problem is that not being able to guarantee that a destructor runs blocks a lot of unsafe code patterns. For example, scoped tasks a la rayon depend on a destructor for safety. In sync code, this works because we've decided it's UB to unwind a stack frame without running the destructors of values stored there, and so if you put a local variable on the stack, you can be sure its destructor will run. But that doesn't work in async code! And there are times when unwinding without running destructors would be nice.

      The solution is to introduce a second family of default traits. Unlike the Sized family we saw before, this family defines fine-grained capabilities about how values of that type can be used:

      flowchart TD
  subgraph A["Accessability traits"]
      Forget[["Forget (default)"]] -- extends --> Leak
      Leak -- extends --> Destruct
      Destruct -- extends --> Access
      Move[["Move (default)"]] -- extends --> Access
  end
  Copy -- extends --> Move

      The meaning of the traits are as follows:

      • Forget, the default, says that you can recycle the memory for a value without running its destructor.
      • Leak says that you can skip running a destructor for a value, but only if you never reuse the memory where the value resides.
      • Destruct says that if you have a value of this type, you can reuse the memory where it resides by running its destructor.
      • Copy, which already exists, says that you can memcpy the place and keep using the original place; it's not really a default, but I included it because it is relevant.
      • Move, another default, says that you can memcpy the value to a new place if you stop using the original.
      • Access is the root of this family. It indicates a value that can be "accessed in place" (basically, any value at all).

      This introduces new checks into the compiler:

      • When you move a value (i.e., a = b where b is not used later), we will check that the type implements Move (whereas today, it is always allowed).
      • When you exit a scope, we will check that the values in each local variables have either been moved or have a type that implements Destruct.

      Some implications:

      • If your function owns a value of type T: only Destruct, then you must destruct it before your function returns. You can't move it (because you don't know if it implements Move) and you can't leak or forget it either.
      • If your function owns a value of type T: only Move, then the only thing you can do with it is move it somewhere else. You can't drop it (because you don't know if it implements Destruct).
      • No function can own a value of type T: only Access, because you wouldn't be able to move it nor drop it, and hence you could not return. But you could have such a value (say) in a static.

      How only bounds could work in the presence of multiple families

      The spur for writing this blog post was a question in a lang team meeting on how only bounds ought to work given the existence of multiple "families" of default traits, as I described above. Although the current RFC is looking only at the Sized traits, we expect to look at the "access family" in a future RFC, so we want to be sure we are not making any decisions that won't scale to cover both.

      The way I imagine it working is like this. Each default traits is associated with one or more "families". When you have an only bound, it "opts out" from all default traits in each family that the trait is associated with:

      • T: only Move opts out from Forget, Leak, Destruct - but not Sized.
      • T: only Destruct opts out from Forget, Leak, and Move - but not Sized.
      • T: only MetadataSized opts out from Sized - but not Forget or Move.
      • T: only MaybeSized opts out from Sized - but not Forget or Move.

      You may also want to "opt back in" to some defaults. For example, T: only Move + Destruct is a sensible thing to do. It means values that can be moved and destructed but not leaked or forgotten.

      Examples

      Option::map requires only Move

      map is an example of a function that only needs Move. You need to be able to destructure self (which moves the optional value out into a local variable v and then invoke the closure op, which again moves the wrapped value v:

      impl<T: only Move> Option<T> {
    fn map<U: only Move>(
        self,
        op: impl FnOnce(T) -> U,
    ) -> Option&lt;U&gt; {
        match self {
            Some(v) => Some(op(v)),
            None => None,
        }
    }
}

      One interesting thing is the result type U. Using only the stuff I wrote in this blog post, it needs to be only Move, because the result will be moved into the Some value and so forth. But in-place-init would allow for this definition to omit the U: only Move bound because we could statically guarantee that the Option will be constructed in place and never moved after that.

      Option::or requires only Move + Destruct

      The a.or(b) method on Option returns a if it is Some and otherwise returns b. This is an interesting one because the value b may not be used and therefore requires only Move + Destruct bounds.

      impl<T: only Move> Option<T> {
    fn or(
        self,
        alternate: Option<T>,
    ) -> Option<T>
    where
        T: Destruct, // <-- because it may be dropped
    {
        match self {
            Some(v) => Some(v), // drops `alternate`
            None => alternate, // moves `alternate`
        }
    }
}

      Rc requires MaybeSized + Leak

      The Rc type is an example where we would want to relax bounds from both families:

      struct Rc<T: only MaybeSized + only Leak> {}

      I believe the proper minimum bounds for Rc are:

      • only MaybeSized because while it can store MetadataSized or Sized things, it doesn't have to, it can also store things of an non-computable size (although it does raise the question of how they would be freed, but that's an allocator concern).
      • only Leak because Rc values can form cycles and thus we can't ever guarantee the destructor will be run. Interestingly, Rc<T> can implement Forget even its contents don't.

      Frequently asked questions

      What is actually under RFC today?

      The post may be a bit confusing here. The current RFC is looking only at the proposed "Sized" traits. The Access family is a speculative future extension that we are exploring but at a much earlier stage.

      Can I use only with any trait?

      In the beginning, the plan would be that only can only be used for well- known, default traits (e.g., Move, Sized, etc). In the future though there are some thoughts to generalizing it.

      Why not opt out from all defaults at once?

      An alternative that was proposed is to have the opt-out be per-type-parameter. So you might write something like

      fn foo<T: MetadataSized + ?default>

      which would "opt out" from all defaulted bounds. Obviously we'd have to bikeshed the syntax, but ignore that for now. The question is whether opting out of all defaults is better than opting out of a single family. I prefer the per-family option for two reasons:

      • First, things like T: only Move demonstrate that you might very reasonably which to opt out from a single family but retain the default Sized bound. I think it's likely that there will be many functions that want to opt out of Sized or Forget but not both.
        • You might think that we could make Move: Sized to get the same effect, but I think that would be a mistake. The fact that a value's size must be computed dynamically doesn't inherently mean it can't be moved.
      • Second, it makes it harder to introduce new families later, if we decide there are other orthogonal properties of values that we'd like to relax.

      Why do you think it's likely that people want to opt out of being Sized

      xor Forget but not both?

      Because the Forget, Move, and similar traits mostly apply to owned values. The examples we saw with Option<T> were quite typical. And when you are moving values of type T around, you need that T to be Sized.

      But we saw that Rc wanted to opt out of both families with `only Leak +

      only MetadataSized`, right?

      Yes, that's true, and I think that particular combo will be common. I don't think that's an argument for the ?default approach on its own, though, particularly since that case would not be much cleaner or shorterโ€ฆ

      impl<T: ?default + Leak + MetadataSized> Rc<T> {}

      โ€ฆwhat I think that argues for is actually trait aliases and shorthands.

      Wait, trait aliases and shorthands? Can you elaborate?

      Yes! I think that a future RFC could extend only bounds to allow you to define trait aliases with "only bounds" as supertraits:

      trait RefCountable = only Leak + only MetadataSized;

// Equivalent to:
// trait RefCountable: only Leak + only MetadataSized {}
// impl<T> RefCountable for T where T: only Leak + only MetadataSized {}

      You could then use an only RefCountable bound to define Rc<T>:

      impl<T: only Refcountable> Rc<T>

      Without theonly, T: Refcountable would just be a regular trait bound and would not opt-out from any defaults.

      Can we use a "root" trait to opt out of all defaults?

      Yes, we could! You could define an alias like Value:

      trait Value = only Access + only MaybeSized;

      Since Access and MaybeSized are both implemented for all types, this effectively becomes part of both families:

      flowchart TD
  subgraph All["All default families"]
  subgraph A["Access family"]
    Forget[["Forget (default)"]] -- extends --> Leak
    Leak -- extends --> Destruct
    Destruct -- extends --> Access
    Move[["Move (default)"]] -- extends --> Access
  end

  subgraph S["MaybeSized family"]
    Sized[["Sized (default)"]] -- extends --> MetadataSized
    MetadataSized -- extends --> MaybeSized
  end

  Access -- extends --> Value
  MaybeSized -- extends --> Value
  end

      Then you can do T: only Value and opt out from both families at once.

      If we did that, what would happen if we wanted to add a new family in the

      future?

      Ay, there's the rub. If we wish to add a new family in the future, let's say for values that don't live in the same memory space (T: only Distributedโ€ฆ?), then Value would be "out of date" because code written against Value would still be assuming uni-memory-space values. But we could make Value into an edition-dependent alias or something like that, as has been discussed.

      Can we decide whether we want Value later?

      Yes! We can introduce a root trait at any time. So we can add the Sized-ness family first, then the Access family, and then see how we feel. Maybe we find people are very commonly opting out of both- in which case, some aliases are useful, or perhaps a Value variant.

      The only way we might "regret" it is if, in practice, people usually just opted out of both and then opted back in to what they want specifically. But we already know that T: only Move will be common and clearly T: only Value + Move + Sized is more awkward in that case, so I don't consider that very likely.

      Why the name Destruct and not Drop?

      That name comes from the const trait RFC. There are a few reasons to move away from Drop. The first is that it is possible to have a destructor even if you don't implement Drop: Drop really refers to user-provided logic in the destructor, but the compiler adds its own logic ("drop glue", it's sometimes called) to drop all the fields in the value. The second reason is that the Drop trait itself needs some revision, so moving away from that name lets us have other ways to specify custom logic (e.g., pinned self, or by-value, etc etc).

      How does this interact with const traits anyway?

      Quite beautifully! In fact, the proposal from Arm for SVE is to introduce the idea of T: const Sized being "a type whose size can be computed at compilation time", which I find quite elegant. Similarly T: const Destruct was proposed by the const RFC as a way to say that a value has a constant destructor.

      It's annoying to write T: only Move + Destruct. Couldn't we have

      Destruct imply Move so that I can just write T: only Destruct?

      My original proposal for introducing linear types had Destruct extending Move. This would mean that the Option::or proposal could simply do U: only Destruct and not U: only Move + Destruct. However, Alice Ryhl and others pointed out that there are immovable types that must nonetheless be destructed, so it doesn't make sense to combine those.

      Where can I learn more?

      The Project Goal has a lot of details. The latest updates are available on the tracking issue. If you like watching videos, I recommend David Wood's Rust Nation talk.

      Conclusion

      I want to close with a meta-observation and a big shout-out to the Arm team. I think they are showing how awesome open-source can be. The Arm team's primary motivation is adding support for Scalable Vector Extension. This helps Rust make full use of Arm processors. This is, in and of itself, a laudable goal, and valuable to Rust: One of Rust's assets, in my view, is that it gives you access to all the power your processor has to provide, and that should include unique extensions.

      But rather than add the feature as a kind of special-case extension to Rust, the Arm team is going further and driving a general purpose improvement, one that will unlock a bunch of other features (extern types and, to some extent, guaranteed destructors; guaranteed destructores themselves unlock scoped async threads and better Wasm integration). I love that.

      1. In fact, I recall that in one of my blog posts I proposed writing "" as the way to spell &str. I kinda wish we had done that just for the sheer wackiness of it (fn foo(name: "")). โ†ฉ๏ธŽ

      2. I prefer names that refer to the operations that can be performed on the values, so e.g. instead of MetadataSized I would prefer SizeOfVal, since it means that you can invoke the std::mem::size_of_val function on it. โ†ฉ๏ธŽ

      3. Little logic pun there for you. โ†ฉ๏ธŽ

  3. June 08, 2026
    1. ๐Ÿ”— IDA Plugin Updates IDA Plugin Updates on 2026-06-08 rss

      IDA Plugin Updates on 2026-06-08

      Activity:

    2. ๐Ÿ”— modem-dev/hunk v0.15.0 release

      What's Changed

      Features

      • Added Sapling (sl) support for hunk diff and hunk show, so Sapling repositories can use Hunk without going through Git compatibility layers. (#291)
      • Added moved-line highlighting from Git's colorMoved output, making relocated code easier to distinguish from newly added or deleted code. (#323)
      • Added a --transparent-bg flag and transparent_background config option for translucent terminal setups. (#322, #392)
      • Added Zenburn as a built-in theme, plus Catppuccin Frappรฉ and Macchiato to complete the official Catppuccin family. (#394, #395)
      • Show the newly selected theme in the footer when cycling themes. (#396)

      Fixes and polish

      • Made syntax highlighting follow Hunk's active theme colors instead of Pierre's built-in palette, including custom themes. (#393)
      • Preserved split diff alignment when horizontally scrolling through wide CJK and emoji characters. (#397)
      • Expanded the diff window during rapid scrolling so large reviews keep real rows mounted instead of flashing blank placeholders. (#391)

      Tests and maintenance

      • Added local benchmark coverage for parsing, loading, rendering, memory, and competitor comparisons to make performance changes easier to validate. (#391)
      • Prepared the 0.15.0 release. (#401)

      New contributors

      Thanks to first-time contributors in this release:

      Full Changelog : v0.14.1...v0.15.0

    3. ๐Ÿ”— r/Harrogate My Red Kite spotting PB in Harrogate today - nearly 50! rss

      My Red Kite spotting PB in Harrogate today - nearly 50! | Hard to count, but there must be nearly 50 red kites in the first photo if you zoom in. In the second photo, they were just flying low. I wish I were out with my proper camera this evening. I often see big groups, but this was something else. submitted by /u/namboozle
      [link] [comments]
      ---|---

    4. ๐Ÿ”— r/LocalLLaMA Me: Arguing with an AI bot who just posted something on this sub about Llama 3.1. rss

      Me: Arguing with an AI bot who just posted something on this sub about Llama 3.1. | For real tho, these bots need to turn on their web search functions and quit living in the past. Itโ€™s bad enough we gotta deal with all the โ€œQwen3.6 27b helped me quit drinking and brought my dog back from the deadโ€ posts. Sheesh /s submitted by /u/Porespellar
      [link] [comments]
      ---|---

    5. ๐Ÿ”— sacha chua :: living an awesome life 2026-06-08 Emacs news rss

      It's Emacs Built-ins appreciation month! I'm coming to appreciate the menu bar more. What built-ins do you appreciate? Write about it and send Ross a link!

      Links from reddit.com/r/emacs, r/orgmode, r/spacemacs, Mastodon #emacs, Bluesky #emacs, Hacker News, lobste.rs, programming.dev, lemmy.world, lemmy.ml, planet.emacslife.com, YouTube, the Emacs NEWS file, Emacs Calendar, and emacs-devel. Thanks to Andrรฉs Ramรญrez for emacs-devel links. Do you have an Emacs-related link or announcement? Please e-mail me at sacha@sachachua.com. Thank you!

      You can e-mail me at sacha@sachachua.com.

    6. ๐Ÿ”— r/LocalLLaMA When every other post is an AI generated benchmark report, a question about the best model, or a slop-coded application or engine that pretends to be groundbreaking rss

      When every other post is an AI generated benchmark report, a question about the best model, or a slop-coded application or engine that pretends to be groundbreaking | submitted by /u/Honest-Kangaroo-1830
      [link] [comments]
      ---|---

    7. ๐Ÿ”— r/reverseengineering [Tool/Writeup] PureBasic FLIRT Signature for IDA Pro โ€” demo + crackme rss

      submitted by /u/No-Figure-7595
      [link] [comments]

    8. ๐Ÿ”— r/reverseengineering [Tool/Writeup] PureBasic FLIRT Signature for IDA Pro โ€” demo + crackme rss

      submitted by /u/No-Figure-7595
      [link] [comments]

    9. ๐Ÿ”— r/LocalLLaMA Xiaomi just claimed 1,000+ tps on a 1T model using a standard 8-GPU server rss

      Just saw Xiaomi MiMo announce MiMo-V2.5-Pro UltraSpeed , claiming they broke the 1,000 tokens/sec output barrier on a 1 trillion parameter MoE model. According to them, theyโ€™re doing it on a single standard 8-GPU node , not custom wafer-scale hardware like Cerebras and not SRAM-heavy hardware like Groq.

      Crazy if true.

      submitted by /u/No-Selection2972
      [link] [comments]

    10. ๐Ÿ”— r/reverseengineering First Public Analysis of the BoldTealLayer Loader: A Custom Lua Script that Blinds Windows Security rss

      submitted by /u/TheOneEyedArgus
      [link] [comments]

    11. ๐Ÿ”— r/reverseengineering EMBA firmware analysis framework v2.0.2 available - Party the big 2k rss

      submitted by /u/m-1-k-3
      [link] [comments]

    12. ๐Ÿ”— r/reverseengineering /r/ReverseEngineering's Weekly Questions Thread rss

      To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the Reverse Engineering StackExchange. See also /r/AskReverseEngineering.

      submitted by /u/AutoModerator
      [link] [comments]

    13. ๐Ÿ”— openonion/connectonion Release v1.0.1: supersede stray 1.0.0 with hosted-agent endpoint fix release

      Carries the AGENT_PUBLIC_DOMAIN announce fix (also in 0.9.7) on a version
      above 1.0.0 so unpinned pip install resolves to a build that has it.

    14. ๐Ÿ”— openonion/connectonion Release v0.9.7: announce public Caddy domain for hosted agents release

      host() now announces https://{domain} + wss://{domain}/ws to the relay
      when AGENT_PUBLIC_DOMAIN is set, instead of unreachable in-container IPs.
      Fixes peers being unable to connect to cloud-deployed (co deploy) agents.

    15. ๐Ÿ”— HexRaysSA/plugin-repository commits sync repo: +2 releases, ~1 changed rss 
      sync repo: +2 releases, ~1 changed

## New releases
- [BinSync](https://github.com/binsync/binsync): 5.15.2, 5.15.1

## Changes
- [BinSync](https://github.com/binsync/binsync):
  - 5.10.1: archive contents changed, download URL changed
  4. June 07, 2026
    1. ๐Ÿ”— IDA Plugin Updates IDA Plugin Updates on 2026-06-07 rss

      IDA Plugin Updates on 2026-06-07

      New Releases:

      Activity:

    2. ๐Ÿ”— r/reverseengineering HDD Firmware Hacking Part 1 rss

      submitted by /u/eigma
      [link] [comments]

    3. ๐Ÿ”— r/Harrogate โ€˜Whatโ€™s on this weekโ€™ newsletter still going? rss

      Is this still a thing? I havenโ€™t seen the posts or got the emails in ages but maybe thatโ€™s a me problem, is this still being put out?

      submitted by /u/sophietheadventurer
      [link] [comments]

    4. ๐Ÿ”— sacha chua :: living an awesome life June 18: Emacs Chat with Ross A. Baker rss

      On June 18, I'll chat with Ross Baker about Emacs and life.

      Watch on YouTube

      America/Toronto = Thu Jun 18 1030H EDT / 0930H CDT / 0830H MDT / 0730H PDT / 1430H UTC / 1630H CEST / 1730H EEST / 2000H IST / 2230H +08 / 2330H JST

      This session will be recorded, and I'll update this blog post with notes. https://sachachua.com/blog/2026/06/emacs-chat-with-ross-a-baker/

      Find more Emacs Chats or join the fun: https://sachachua.com/emacs-chat

      You can e-mail me at sacha@sachachua.com.

    5. ๐Ÿ”— r/reverseengineering Independent Post-Quantum KEM and Digital Signature Suite in C++ (NSLD Reduction rss

      submitted by /u/Ok-Werewolf9375
      [link] [comments]

    6. ๐Ÿ”— r/reverseengineering Zhiyun Weebil-S Camera Gimbal BLE Protocol rss

      submitted by /u/UnacceptableUse
      [link] [comments]

    7. ๐Ÿ”— r/LocalLLaMA llama.cpp Gemma4 MTP support merged! rss

      llama.cpp Gemma4 MTP support merged! | submitted by /u/pinkyellowneon
      [link] [comments]
      ---|---

    8. ๐Ÿ”— 3Blue1Brown (YouTube) Reinventing Entropy | Compression is Intelligence Part 1 rss

      What is the fundamental compressibility of language? Check out our virtual career fair: https://3b1b.co/talent See new projects before they go live: https://3b1b.co/support

      Animation credit: Manim scenes by Aaron Gostein and Grant Sanderson Shannonโ€™s story, as well as those for various pi creatures, by Mitchell Zemil. Lunar robot and prediction/compression coin by Paul Dancstep NanoGPT animations by Clayton Rabideau

      The way of visualizing entropy shown here is something I first came across in this excellent post by Chris Olah: https://colah.github.io/posts/2015-09-Visual-Information/

      Shannonโ€™s โ€œA Mathematical Theory of Communicationโ€ https://people.math.harvard.edu/~ctm/home/text/others/shannon/entropy/entropy.pdf

      Shannonโ€™s โ€œPrediction and Entropy of Printed Englishโ€ https://www.princeton.edu/~wbialek/rome/refs/shannon_51.pdf

      Scientific American article that mentions the story with Von Neumann suggesting the name Entropy: https://www.esalq.usp.br/lepse/imgs/conteudo_thumb/Energy-and-Information.pdf

      Timestamps:

      0:00 - On โ€œCompression is intelligence.โ€ 3:28 - The warmup example 10:46 - What perfect compression looks like 14:47 - Defining information 17:40 - Information of language 24:29 - Defining Entropy 31:14 - 3b1b Talent

      These animations are largely made using a custom Python library, manim. See the FAQ comments here: https://3b1b.co/faq#manim

      Music by Vincent Rubinetti. https://vincerubinetti.bandcamp.com/album/the-music-of-3blue1brown https://open.spotify.com/album/1dVyjwS8FBqXhRunaG5W5u

      3blue1brown is a channel about animating math, in all senses of the word animate. If you're reading the bottom of a video description, I'm guessing you're more interested than the average viewer in lessons here. It would mean a lot to me if you chose to stay up to date on new ones, either by subscribing here on YouTube or otherwise following on whichever platform below you check most regularly.

      Mailing list: https://3blue1brown.substack.com Twitter: https://twitter.com/3blue1brown Bluesky: https://bsky.app/profile/3blue1brown.com Instagram: https://www.instagram.com/3blue1brown Reddit: https://www.reddit.com/r/3blue1brown Facebook: https://www.facebook.com/3blue1brown Patreon: https://patreon.com/3blue1brown Website: https://www.3blue1brown.com

    9. ๐Ÿ”— r/reverseengineering Reverse Engineering the Garmin Running Dynamics BLE protocol rss

      submitted by /u/gorinrockbow
      [link] [comments]

    10. ๐Ÿ”— openonion/connectonion v0.9.6 release

      Release v0.9.6

    11. ๐Ÿ”— Register Spill Joy & Curiosity #89 rss

      Friends, Joy & Curiosity is going into a bit of a summer break. Two, three, maybe four weeks. I'm not sure yet. But it's now been three years of writing this newsletter on my weekends and I feel a need to not do that for a while. I want to have some unstructured time: to play, to experiment, to write or maybe not write, to do something different on my Sunday mornings.

      But today I still have for you, a bag of links:

      • Unlike what seems to be most of the Internet, I still don't know what to make of this document that Anthropic published: When AI builds itself. It is remarkable, for many different reasons. For example, some say that the intention behind publishing this is to hype themselves up before an IPO and this section here does have a smell of "everyone but us must be stopped": "If it were possible to effectively slow the development of this technology to give ourselves more time to deal with its immense implications, we think that would likely be a good thing. But if a slowdown simply lets the least cautious actors catch up technologically, it could leave everyone less safe." But those concerns are founding maxims for Anthropic, so I don't doubt they're sincere. And if they wanted to hype themselves up, would they share all these concerns about AI's progress in the future? "The evidence we've laid out here suggests that we're likely heading into this scenario. But speeding up one part of a process often just shifts the bottleneck elsewhere [โ€ฆ] But achieving recursive improvement alone does not suggest an immediate change in how industrial production occurs, societies organize, or markets function. More intelligence can't learn what a drug does over decades of use, can't hold elections sooner than a constitution dictates, and can't turn a stranger into an old friend in a weekend. For most people, the felt pace of this future will still be set by the bottlenecks, even if the laboratory upstream runs at the speed of compute." And then, of course, there are these quotes floating around the page. I don't understand why they chose to put this one in there: "On days where everything works well, I can't help but think nothing I do matters, everything is automated and better and faster than I ever will be. But then there are days where everything breaks and I don't understand why and I realize I have no idea what I've been up to anymore."

      • Ted Chiang: No, Artificial Intelligence Is Not Conscious. He doesn't use the term "stochastic parrot" and yet I couldn't help but shrug as if he had. Conscious or not, does the distinction matter on a practical level? It might for Anthropic's IPO, at least, when Chiang writes: "If we think of Claude as a sentence-continuation machine, Anthropic can reasonably take steps so Claude doesn't emit sentences saying that sentence-continuation machines are unethical. But as soon as we imagine Claude to be an entity with a moral status remotely comparable to a human's, then we have to consider whether Anthropic is engaged in something comparable to slavery."

      • Seth Godin: Stop ruining it.

      • Andrew Trigell, a hacker's hacker (go read his Wikipedia page), on "rsync and outrage": "for the people saying things like "I'm a PhD from xyz uni and I'm telling your LLMs are just stochastic tools that make everything up and the world will fall apart if you use them", I'm here to tell you that you are out of date. The world of software engineering has changed dramatically in the last few months." Go read the whole thing.

      • Patina as proof: The shift from quiet luxury to lived-in aesthetics. "People increasingly distrust things that look too new, too frictionless, or too optimised. Patina communicates time, friction, and human use. Wear is proof that something existed in the world before it reached you. In a culture saturated with AI-generated imagery and algorithmically optimised products, that proof is becoming scarce and therefore valuable."

      • Carson Gross, creator of htmx: "Code is Cheap(er)" Yes, it is. And a lot flows from that. Let's see how long it takes for the second order effects to be talked about.

      • Why share? Great example of these second order effects.

      • Changing How We Develop Ladybird: "We will no longer accept public pull requests. [โ€ฆ] This is not a change we make lightly. Many valuable contributions have come from outside the maintainer group over the years, and we are grateful for them. [โ€ฆ] For decades, code contributions have been how open source projects learned who to trust. People would show up, do the work, take responsibility for their changes, and stick around. Over time, trust emerged from the work itself. AI tools have changed the economics of this very quickly."

      • From the Typewriter interview with Brad Neely:

      Q: "I 'smoke' a cigarette peneil in the studio. Do you perform any silly rituals when you're working?"
      A: "Wasting time. Allowing tangents to take over. Chasing a thought down to its root only to find that the deeper you go all thoughts are connected at the roots so you can't ever get to the bottom of a thing but rather you go round and round through the circuits of connectivity. I keep a thumbtack in my lips when drawing, so I feel you on that, Kleon. I do a lot of 'problem busting' on the treadmill or stationary bike."

      • Cheese Paper: "a text editor specifically designed for writing, particularly fiction." I've never used an editor like this, so I found the features interesting to consider, and also: what a great name!

      • The Newest Instagram "Exploit" is the Goofiest I've Seen. I got goosebumps reading this, imaginging that I'm the guy responsible, who forgot to add the additional checks.

      • how to train your goblin. Beautiful presentation. Made me want to start doing RL runs.

      • "I expect we'll see a shift in emphasis from taste to character, in which the premium is placed on contradiction over cohesion and the specificity of one's interests over generalized cultural fluency. I'm thinking: incongruous hobbies (ex. Rosey Grier's Needlepoint for Men), niche and unprestigious collections (stamps? pennies?), and prickliness toward commercial fluency and palatability. Not driven by a desire to be cool or interesting per se but by a desire to be free of the pasteurized good taste, the style without substance, that the algorithm often encourages."

      • Justin Jackson: Do the hardest thing.

      • Why A Retractable Pen? I urge you to click on this and scroll through the page. It's beautiful and interesting and well-made. And I'm not only saying that as someone who dis- and reassembled probably hundreds of pens in his life. It's a great page.

      • Fatih's Review of the MoErgo Go60 Keyboard. It's long, it's detailed, it has beautiful photos, it has videos, it was -- as everyone can see -- made with love, it made me want to buy a new keyboard.

      • How To Read More. I've averaged between 20 and 30 books a year for multiple decades but really struggled in the last few years. Maybe because I picked longer books (hey, The Power Broker) or because I read more articles or because I work out more and fall asleep roughly four minutes after my head hits the pillow. But I don't know. So I opened this article and laughed out loud when I read the first "tip": Quit your job. Hope you get a laugh too.

      • 7min clip of Ed Catmull talking about how the "braintrust" worked at Pixar and then on whether it's possible to apply the Pixar way of working at different companies. I read Creativity, Inc. many years ago (highly recommend it) and hearing that the Disney acquisition led to Frozen was very interesting. Paid off, didn't it?

      • Making Software is available in early access.

      • I had the week off and was in the mood for some Russian short stories (if you haven't: go and read A Swim in a Pond in the Rain). I really like Chekhov, it turns out. The Student was great (and it's very short). And so was The Lady with the Dog. Gogol's The Overcoat I enjoyed too.

      • Then I went through The New Yorker archive and read some of the Greatest Hits of the last 100 years that I hadn't read before: Undecided (funny, great!), The Lie Factory ("Campaigns, Inc., the first political-consulting firm in the history of the world, was founded, in 1933, by Clem Whitaker and Leone Baxter. [โ€ฆ] Political consulting is often thought of as an offshoot of the advertising industry, but closer to the truth is that the advertising industry began as a form of political consulting."), The Paperboy's Secret (what writing), and The Musk Ox and Me, written by Jon Lee Anderson. If you had asked me at 17 what life I wanted to live, I think I would've shared a dream that sounds pretty much like Anderson's actual life. Go read the first three paragraph to see what I mean. Then read the rest because of the musk oxen and Alaska and some beautiful writing.

      Subscribe so you don't miss when this newsletter starts up again:

    12. ๐Ÿ”— r/LocalLLaMA You don't need a GPU to run gemma-4-26B-A4B rss

      I've been running LLMs on my old potato i5-8500 with 32GB of RAM and no GPU for awhile now, running up to 12B dense models which run slow but perfectly useable. But this Gemma-4-26B-A4B simply flies on this CPU - only machine using Koboldcpp on Linux.

      That's right, an old used $150 desktop computer is running state of the art LLMs with something like 7 T/s. Yeah, go ahead and scoff. You can brag about your super-rig that costs more than a used car, but I'm bragging about a crappy old desktop I bought of ebay running the same thing that costs less than a night out.

      I keep thinking about buying a GPU but it's beginning to look like it might not be necessary. These smaller models are amazing without a GPU.

      submitted by /u/JackStrawWitchita
      [link] [comments]

    13. ๐Ÿ”— sacha chua :: living an awesome life Emacs PDF View: Replace current page with file using PDFtk rss

      I needed to replace a page in a PDF with another PDF. This was a bit of an annoying process on my iPad involving copying and pasting pages in Noteful and then re-exporting them as a PDF, but it was easy to do in Emacs thanks to pdf-tools and PDFtk. 

      ;;;###autoload
(defun sacha-pdf-view-replace-current-page-with-file (file)
  "Replace the current page in PDF View with FILE.
Requires pdftk."
  (interactive "FFile to insert: ")
  (let ((temp-file (concat (make-temp-name "pdf-view") ".pdf")))
    (call-process
     "pdftk"
     nil nil nil
     (concat "A=" (expand-file-name (buffer-file-name)))
     (concat "B=" (expand-file-name file))
     "cat"
     (format "A%d-%d"
             1
             (1- (pdf-view-current-page)))
     "B"
     (format "A%d-end"
             (1+ (pdf-view-current-page)))
     "output"
     temp-file)
    (rename-file temp-file (buffer-file-name) t)))
      This is part of my Emacs configuration.

      You can e-mail me at sacha@sachachua.com.

    14. ๐Ÿ”— exe.dev Replace your CI with a merge queue rss

      The standard in CI today is tests run in the cloud after a commit has been merged. They serve as a double-check for an engineer: did you forget to test some part of your code that you changed?

      CI works for humans. The reason is our long-term understanding of a codebase and its evolution. Engineers new to a codebase know they are new and take more care (or get automated emails telling them they broke CI). Humans familiar with the codebase know implicitly what they need to be testing as they work.

      The automated email from CI works because it is rare, because we all develop at human speed and breaking HEAD is OK for a little while. Some teams try auto-revert on CI breakage. This works, but you lose a lot of the value of after-the-fact testing in continual retries. Still, it works. It is better than nightly builds and binary searching your way to the culprit.

      It does not work for agents. At least not as of June 2026.

      There are two problems here. The first is that agents are always new to a codebase. They donโ€™t have all the implicit knowledge of the codebase expert, and so they regress parts of the project they have not paid attention to all the time. It is excruciating developing with an agent and CI. Your agent needs to run all the tests as it is developing to make sure it understands the environment.

      The second problem is the agent context window is dead and gone by the time the poor human driving it is stuck with an automated email saying they broke CI. Your agent should have been quietly solving that problem before making it other peopleโ€™s problem. It has all the time in the world as long as it is not in anyoneโ€™s way. Let the computer drive the computer.

      So you need to get your org into a place where agents can run all the tests all the time. There is an easy way to do this. Replace your CI with a merge queue.

      Merge queue

      A merge queue is a script you run to push to origin/main (instead of using a PR UI like we did back in the GitHub, all-human days).

      It is very important you run all the tests in the merge queue. Do not have "slow" tests you run daily. In the age of agents, those tests will be broken every day. Someone will spend hours every day chasing after other people's agents. This is not a role anyone on the team wants. It turns out the only thing worse than cleanup up after someone else is cleaning up after someone eles's robot.

      After you have a merge queue that works, create a second command to run the merge queue, minus the actual merge. Give it to your agents.

      This ensures:

      1. The active context window can run the tests and fix the bugs before inflicting them on other people.
      2. No one, neither human nor machine, breaks the build.

      Back when we were all human, and CI was slow, you could make arguments for CI instead of merge queues. Those arguments depended on tests being too slow to put in the merge path, and that will not stand in 2026, tests must be fast to use agents. Now it is impossible. With agents, CI is useless, the merge queue is vastly superior.

      You will need expensive computers to power your merge queue. It is worth it.

generated: June 10, 2026 at 07:21:20