- â
- â
to read (pdf)
- I don't want your PRs anymore
- JitterDropper | OALABS Research
- DomainTools Investigations | DPRK Malware Modularity: Diversity and Functional Specialization
- EXHIB: A Benchmark for Realistic and Diverse Evaluation of Function Similarity in the Wild
- Neobrutalism components - Start making neobrutalism layouts today
- May 16, 2026
-
đ r/reverseengineering Brovan â Open-source x86/x64 user-mode binary emulator written in C# rss
submitted by /u/Wrong-Cat-5014
[link] [comments]
-
- May 15, 2026
-
đ r/reverseengineering Brovan: Binary user-mode emulator for x86_64 rss
submitted by /u/AhmedMinegames
[link] [comments] -
đ CERTCC/kaiju 260515 release
-
đ anthropics/claude-code v2.1.143 release
What's changed
- Added plugin dependency enforcement:
claude plugin disablenow refuses when another enabled plugin depends on the target (with a copy-pasteable disable-chain hint), andclaude plugin enableforce-enables transitive dependencies - Added projected context cost (per-turn and per-invocation token estimates) to the
/pluginmarketplace browse pane - Added
worktree.bgIsolation: "none"setting to let background sessions edit the working copy directly withoutEnterWorktree, for repos where worktrees are impractical - PowerShell tool now passes
-ExecutionPolicy Bypass. Opt out withCLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY=1 - Background sessions now preserve the model and effort level you set after waking from idle
- Shift+Tab in attached agent sessions now includes auto mode in the cycle
- Fixed a corrupt
.credentials.jsonwith a non-arrayscopesvalue hanging the CLI on startup or silently aborting OAuth token refresh - Fixed right-click paste in
claude agentson Windows Terminal and WSL - Fixed stop hooks that block repeatedly looping forever â the turn now ends with a warning after 8 consecutive blocks (override via
CLAUDE_CODE_STOP_HOOK_BLOCK_CAP) - Fixed Esc/Ctrl+C not cancelling a pending
/loopwakeup while Claude is idle between iterations - Fixed
/goalevaluator firing while background shells or delegated subagents are still running - Fixed
NO_COLOR/FORCE_COLORin settings.jsonenvstripping Claude Code's own UI colors â they now apply to subprocesses only - Fixed agent view spawning repeated PowerShell processes on Windows when listing sessions
- Fixed
/bgwithout a prompt sending "continue" to the forked session â the fork now waits for input - Fixed
--agent <name>not finding plugin-contributed agents without theplugin:prefix - Fixed deleting a session from agent view not removing its transcript file
- Fixed stale-fragment rendering when scrolling in attached background sessions on Windows Terminal
- Fixed background agents false-positive worker-stall detection storm after host sleep or macOS App Nap
- Fixed 5xx error messages pointing at status.claude.com instead of naming the configured gateway or cloud provider
- The PowerShell tool is now enabled by default on Windows for Bedrock, Vertex, and Foundry users. Opt out with
CLAUDE_CODE_USE_POWERSHELL_TOOL=0. claude agentsnow accepts--add-dir,--settings,--mcp-config, and--plugin-dirand applies them to the dashboard and to background sessions dispatched from itclaude agentsaccepts--permission-mode,--model,--effort, and--dangerously-skip-permissionsto set defaults for sessions dispatched from the viewclaude --bg --dangerously-skip-permissionsnow persists across retireâwake- Fixed background sessions silently capturing IDE file references into the warm spare's input, which caused the reference to be prepended to the next prompt dispatched from
claude agents - Worktree cleanup no longer falls back to
rm -rfwhengit worktree removefails, preventing loss of gitignored or in-progress files - Fixed background-job sessions on macOS getting "Operation not permitted" errors when reading files under
~/Documents,~/Desktop, or~/Downloads, even with Full Disk Access granted. /bgnow preserves--mcp-config,--settings,--add-dir,--plugin-dir, and--strict-mcp-config, so backgrounded sessions keep their MCP servers and settings across respawn.- Background sessions launched from
claude agentsnow honorpermissions.defaultModefrom settings.json (was previously overridden to auto mode) - Fixed: on Windows, pressing â in
claude agentswhile a response was streaming could leave the agents list unresponsive to all input /bgandâ-detach now preserve--fallback-model, so backgrounded workers degrade to the fallback model on overload instead of hard-failing./bgandâ-detach now preserve--allow-dangerously-skip-permissions, so the forked worker keeps bypass-permissions available in its Shift+Tab cycle.- Fixed: background daemon spawn now falls back to the running binary when the
~/.local/bin/claudelauncher is missing or non-executable - Fixed
claude agents --allow-dangerously-skip-permissionsdefaulting dispatched sessions to bypass mode instead of making it available in the permission cycle
- Added plugin dependency enforcement:
-
đ HazAT/glimpse v0.8.1 release
Install:
npm install glimpseui@0.8.1Pi agent package:
pi install npm:glimpseui@0.8.1đ Bug Fixes
- macOS clipboard shortcuts :
âC/âV/âX/âA/âZnow work inside Glimpse windows. Previously the WKWebView had no Edit menu wired up, so AppKit beeped and the clipboard shortcuts did nothing â breaking copy/paste in textareas, inputs, and Monaco editors (e.g. inside pi-diff-review).
The fix has two layers:
1. Install a standard Edit menu (Undo / Redo / Cut / Copy / Paste / Select All) with `target: nil` so AppKit walks the responder chain â WKWebView already implements `cut:`/`copy:`/`paste:`/`selectAll:`/`undo:`/`redo:`, so it picks them up automatically. 2. Add a `performKeyEquivalent` fallback on `GlimpsePanel` for frameless / `.accessory` modes (`--status-item` / `--click-through` / `--hidden` / `--no-dock`) where the menu bar doesn't route key equivalents.Closes #18. Credit @stefanwagnerdev for the
performKeyEquivalentfallback approach. - macOS clipboard shortcuts :
-
đ r/york Safest Way rss
| Came across a new app that I read about on BBC News called Safest Way. Created by someone from York, it plots the safest walking route by plotting a route with good lighting and CCTV. Itâs a bit sad that such an app is needed as I prefer to think the best of people. But itâs looking helpful for those walking solo or anyone wanting some reassurance for themselves. https://www.bbc.co.uk/news/articles/cm2pndkmk0ko submitted by /u/onlyoneatatimeplease
[link] [comments]
---|--- -
đ r/york We loved York rss
| submitted by /u/Weird-Positive-3874
[link] [comments]
---|--- -
đ r/wiesbaden Suche Leute fĂŒr kleine Cybersecurity-/CTF-Gruppe đŸ rss
Hey zusammen,
ich suche ein paar entspannte Leute, die Bock auf Cybersecurity, Hacking, CTFs und generellen Austausch haben. Skill-Level ist komplett egal â ob AnfĂ€nger oder schon tief drin im Rabbit Hole.
Die Idee wÀre, eine kleine Gruppe aufzubauen, in der man:
gemeinsam CTF-Challenges macht
voneinander lernt
Tools/Techniken ausprobiert
sich ĂŒber Security-News austauscht
vielleicht auch kleine Projekte startet
und einfach eine coole Community hat
Also kein elitĂ€rer âdu musst alles könnenâ-Vibe, sondern eher ein sympathischer kleiner Hackertrupp.
Wenn irgendwer Interesse hat, kommentiert einfach oder schreib mir eine DM.
Vielleicht machen wir dann erstmal einen Discord oder sowas auf.
submitted by /u/AgeSalt2446
[link] [comments] -
đ r/york Solo female over 50 Safety rss
Hey there
Coming to visit soon as a solo 50+ female and looking to check out some bars in the evenings. Would this be safe? Never been to a bar solo before
submitted by /u/Parking_Criticism757
[link] [comments] -
đ r/reverseengineering Understanding Stack Buffer Overflows Through Doom and C++ rss
submitted by /u/tucna
[link] [comments] -
đ r/reverseengineering What is it Wednesdays: Episode 0001 rss
submitted by /u/ConferenceGlobal7914
[link] [comments] -
đ r/wiesbaden Morgen 40k 2k Punkte in Wiesbaden rss
Gude allerseits. Ich hab gesehen dass hier ab und zu Warhammer relevante Sachen gepostet werden. DrĂŒcke morgen meinem Chef ein Gelben Schein rein und hĂ€tte Bock auf ne Runde 40k im Warhammer Store. Irgendjemand Interesse? (Ich fĂŒr meinen Teil Spiel Black Templar) Mir egal welche Armee ihr spielt.
submitted by /u/DaK_Dash
[link] [comments] -
đ r/LocalLLaMA Built a fully offline suitcase robot around a Jetson Orin NX SUPER 16GB. Gemma 4 E4B, ~200ms cached TTFT, 30+ sensors, no WiFi/BT/cellular. He has opinions. rss
| Sparky runs entirely on the Jetson. Gemma 4 E4B at Q4_K_M via llama.cpp with q8_0 KV cache and flash attention. 12K context, native system role, sampler defaults from the model card. Cached TTFT around 200ms, sustained 14-15 tok/s. SenseVoiceSmall for STT, Piper for TTS with 43Hz mouth sync, PixiJS face on the lid display. Vision and OCR are native to Gemma 4 now so the BLIP subprocess is gone. 30+ sensors fold into the prompt as natural language every turn. One of the biggest wins was prompt structure for cache stability. Persona and tools at the top, history in the middle, volatile sensor and vision data at the end of the latest user turn. Moving dynamic context out of the system block dropped cached TTFT from multi-second to ~200ms. Configurable entirely on-device via a button row, a joystick, and an analog encoder knob. No network interface at all. Curious if anyone else is running E4B on Orin-class hardware. I'd love to compare tok/s and how you're handling sensor or tool context without blowing your prefix cache. submitted by /u/CreativelyBankrupt
[link] [comments]
---|--- -
đ r/york Flat, straight, clear running routes near to Fulford? rss
I'm a keen runner and love running round York. My current goals mean that I'm doing quite a lot of speed work in training though, and I'm finding it hard to find places to run fast which don't require me to constantly stop to cross roads, weave around people walking etc.
Wondering if anybody has got any suggestions? I run Fulford sort of way but don't mind running out a bit to find somewhere good.
submitted by /u/MajestyA
[link] [comments] -
đ r/york Meeting New people/ students rss
Helloo :)
I am a student from abroad and will stay in York for 2 months doing an internship. What are your tips on meeting other students/ young people here?
Already loving the city!submitted by /u/SpectPenguin2000
[link] [comments] -
đ r/Leeds does anyone else think YappApp is ghastly or are my sensibilities too delicate? rss
I understand the benefit of a local news source but the idea of having the worst day of your life and then some twat flying a drone over to take pictures of you to post on Facebook or zooming in for a better shot is madness
submitted by /u/AdSlow973
[link] [comments] -
đ r/reverseengineering Deep dive into the object creation flow in Windows - PART 3: Post-initialization and Name Lookup rss
submitted by /u/_WinAsm
[link] [comments] -
đ r/reverseengineering Deepdive into the object creation flow in Windows -PART 2 : access check internals rss
submitted by /u/_WinAsm
[link] [comments] -
đ r/reverseengineering Deep dive into the object creation flow in Windows -PART1 : Allocation and Pre-Initialization rss
submitted by /u/_WinAsm
[link] [comments] -
đ r/Yorkshire Yorkshire smokers offered free app to help them quit rss
| submitted by /u/crabcakes110
[link] [comments]
---|--- -
đ r/Leeds Leeds By Drone rss
submitted by /u/BoxofSlice
[link] [comments] -
đ r/wiesbaden Kurzfristig ein wenig Geld verdienen rss
Ich muss mir die irgendwie ĂŒbers Wochenende so 30 - 50⏠verdienen. Ich kann einfache Gartenarbeit wie RasenmĂ€hen, Beete sĂ€ubern, Fugen von Unkraut befreien, etc. BotengĂ€nge oder Ă€hnliches mach ich auch gerne. Ich bin Fachinformatiker, kann also auch bei Problemen mit Computern helfen.
Bei Interesse oder Mitleid bitte melden. Ich bin etwas verzweifelt.
Edith sagt:
Vielen Dank euch allen! Ich komme leider erst jetzt dazu mich wieder zu melden. Ich hab inzwischen was gefunden und bin bis zum Therapiestart in einem Monat erstmal versorgt. Vielen Dank nochmals an alle, die sich Gedanken gemacht haben
submitted by /u/atzedanjo
[link] [comments] -
đ r/reverseengineering [Tool] IOCX - deterministic static IOC extraction for PE binaries (17-second demo) rss
submitted by /u/iocx_dev
[link] [comments] -
đ r/york car hire in York (yes, I do need a car) rss
Hi all, I am fairly dependent on having a car for work and life but mine has just been written off after a collision. I'll likely need to hire one for about a week or more while I find a replacement.
Any recommendations for companies would be super, or indeed who to avoid!
submitted by /u/CanRevolutionary1035
[link] [comments] -
đ r/Yorkshire Just love this view, Richmond, Yorkshire. rss
| submitted by /u/Still_Function_5428
[link] [comments]
---|--- -
đ r/Harrogate Builder recommendations rss
Can anyone recommend a builder for an extension? Cheers
submitted by /u/LurkishEmpire
[link] [comments] -
đ r/Harrogate Anyone else noticed the shift towards pre-loved jewellery lately? rss
| okay so maybe it's just me but has anyone else noticed how differently people talk about pre-loved jewellery now compared to even a few years ago? there used to be this weird stigma around it. like second hand meant lesser somehow and now it's completely flipped, people are actively hunting for it. harrogate feels like a town that gets this. has anyone else gone down the pre-loved route? submitted by /u/FogalandBarnes
[link] [comments]
---|--- -
đ r/Leeds My Child's Geography coursework rss
Hi, all! I was wondering if you could fill out this short survey for my child's geography coursework. It's only three questions and won't take that long at all. It would really help them get a high result and grade. They're counting on a good grade for their coursework to get into university. Thank you all that will take it!
Just copy this link into your web browser: https://www.smartsurvey.co.uk/t/HLQRVC/
submitted by /u/WaveSuspicious9062
[link] [comments] -
đ r/reverseengineering yarax_android: The first Android implementation of yara-x. Blazing fast pattern matching swiss knife running natively on Android. rss
submitted by /u/IndAnony
[link] [comments] -
đ r/york Participants needed đ rss
Hi everyone!
Mods approved post
I am currently recruiting participants for my MRes study exploring intimate partner violece and the influence on help-seeking behaviours.
What is involved?đ€
Two surveys about the experience of intimate partner violence. And An optional interview for individuals who identify as LGBTQIA+.Who can take part?đŹ
Part 1: Individuals 18+ and anyone with relevant lived experience. Participantion is voluntary, anonymous, and confidential.
Part 2: same as above, but identify as LGBTQIA+If you or someone you know might want to take part, please follow this link: https://yorksj.eu.qualtrics.com/jfe/form/SV\_3QWo1FZxZ87xBEG?fbclid=PARlRTSARvHGdleHRuA2FlbQIxMABzcnRjBmFwcF9pZA8xMjQwMjQ1NzQyODc0MTQAAacsbZt\_yhRpzkzZVOvdXS28h0SSL1DVZFwkhM4sNcdCUqz1IZ86X0DuYK2M0A\_aem\_WGPGWLn8pSvGcuTj1tMLhQ
submitted by /u/fattyfatsofatss
[link] [comments] -
đ r/reverseengineering GitHub - jetnoir/metis: Automated binary vulnerability triage for macOS, Linux, and Windows targets rss
submitted by /u/Prize-Unlucky
[link] [comments] -
đ r/reverseengineering GitHub - jetnoir/poppy: Dynamic XPC Observability & Fault Injection for macOS rss
submitted by /u/Prize-Unlucky
[link] [comments] -
đ r/wiesbaden Al Petra Restaurant wieder auf? rss
Hallo, google sagt zu, auf der Webseite steht sowas aber nicht, sollen am renovieren gewesen sein. Ist da jemand vor kurzem mal gewesen oder vorbei gekommen (Moritzstrasse 34) ?
Komme von weiter her mal vorbei und wollte da mal wieder hin.
Danke
.
submitted by /u/QRCodeART
[link] [comments] -
đ r/reverseengineering Trafexia V2 - Mobile Traffic Interceptor Toolkit rss
submitted by /u/danieldev23
[link] [comments] -
đ BarutSRB/OmniWM OmniWM v0.4.9 release
New and improved
- Added clipboard history support in the command palette, including persistence and settings export coverage.
- Continued the Swift-only runtime line after the old Zig-backed release branch, keeping the current app, IPC, and layout stack on main.
- Refined canonical TOML settings handling and command palette behavior around the new clipboard workflow.
Fixes
- Fixed scratchpad reveal recovery and focus completion paths.
- Improved reliability around app startup/settings wiring touched by the clipboard history work.
Release verification
- Built universal
OmniWMandomniwmctlbinaries forarm64andx86_64. - Signed, notarized, stapled, and Gatekeeper-assessed the app bundle.
- Verified packaged app version
0.4.9build47. - Skipped SwiftLint, SwiftFormat checker, and all tests by release instruction.
Checksums
OmniWM-v0.4.9.zip:187f35e57b2efa14f91ca448f859122d68bf2f2ba44682a9fcf337f1219c2d3bGhosttyKit.xcframework-v0.4.9.zip:6b897107225e63cd4a812d27bff8f4afc0ba308916d813313ad02066733cbc85
-
đ backnotprop/plannotator v0.19.17 release
Follow @plannotator on X for updates
Missed recent releases? Release | Highlights
---|---
v0.19.16 | Code navigation with peek view (Cmd/Ctrl+click tokens in diffs)
v0.19.15 | Commit-based diff base, jj evolution diffs, GitLab reliability fixes, OpenCode command intercept fix
v0.19.14 | Visual explainer skill update, PFM code-file hover previews, Graphviz, diff tab size and line bg intensity, hooks settings tab
v0.19.11 | Jujutsu (jj) VCS backend, slimmer hunk separators, collapse viewed files, multi-line gutter selection fix
v0.19.9 | OpenCode user-managed workflow, Pi model switch fix, Codex skill install, shimmer removal
v0.19.8 | 49 themes with syntax highlighting, keyboard shortcut registry, smart code-file path validation, remote URL notifications
v0.19.7 | Codex Stop-hook plan review, Codex skills, sidebar auto-close, file tree context menu
v0.19.6 | Non-blocking Pi browser sessions, agent picker dropdown for OpenCode, annotate-last file resolution fix
v0.19.5 | All-files diff view, clickable code file paths, server-side hide whitespace, non-ASCII path support
v0.19.4 | All-files diff type, code file viewer, hide whitespace, quick-settings popover
What's New in v0.19.17
v0.19.17 reworks the goal setup skill from the ground up and adds a
--versionflag to the CLI.Reworked Goal Setup Skill
The
plannotator-setup-goalskill has been substantially rewritten. The previous version ran a rigid 5-document pipeline with sequential Plannotator review gates on a brief, plan, verification checklist, blockers list, and goal prompt. Each gate required a round trip through the UI before the agent could proceed, making the process slow and interruptive.The new version replaces all of that with an interview-driven flow. The agent rearticulates your objective, then asks targeted questions to surface constraints, dependencies, and acceptance criteria. The answers are distilled into a fact sheet, which is the single Plannotator review gate. Once you approve the facts, the agent drafts the plan and produces the
/goalprompt. Five gates become one; the Python scaffold script is gone; the agent writes files directly.The result is a faster, more conversational process that produces better goal packages. The interview phase captures context that the old brief-writing step often missed, and reviewing a fact sheet is more concrete than reviewing a plan outline.
CLI Version Flag
plannotator --version(or-v) now prints the version and exits. The version is injected at compile time frompackage.jsonvia Bun's--defineflag in the release workflow, so compiled binaries report the exact release version. Uncompiled dev runs showplannotator dev.
Install / Update
macOS / Linux:
curl -fsSL https://plannotator.ai/install.sh | bashWindows:
irm https://plannotator.ai/install.ps1 | iexClaude Code Plugin: Run
/pluginin Claude Code, find plannotator , and click "Update now".OpenCode: Clear cache and restart:
rm -rf ~/.bun/install/cache/@plannotatorThen in
opencode.json:{ "plugin": ["@plannotator/opencode@latest"] }Pi: Install or update the extension:
pi install npm:@plannotator/pi-extension
What's Changed
- feat: add --version / -v flag to CLI by @backnotprop in #725
- Simplify goal setup skill to interview-driven flow by @backnotprop in #727
Full Changelog :
v0.19.16...v0.19.17 -
đ Drew DeVault's blog Add an LLM policy for rust-lang/rust rss
No comment on this PR may mention the following topics:
- Long-term social or economic impact of LLMs
- The environmental impact of LLMs
- Anything to do with the copyright status of LLM output
- Moral judgements about people who use LLMs
We have asked the moderation team to help us enforce these rules.
-
đ Julia Evans Moving away from Tailwind, and learning to structure my CSS rss
Hello! 8 years ago, I wrote excitedly about discovering Tailwind.
At that time I really had no idea how to structure my CSS code and given the choice between a pile of complete chaos and Tailwind, I was really happy to choose Tailwind. It helped me make a lot of tiny sites!
I spent the last week or so migrating a couple of sites away from Tailwind and towards more semantic HTML + vanilla CSS, and it was SO fun and SO interesting, so here are some things I learned!
As usual I'm not a full-time frontend developer and so all of my CSS learning has happened in fits and starts over many years.
it turns out Tailwind taught me a lot
When I started thinking about structuring CSS, I was intimidated at first: I'm not very good at structuring my CSS! But then I started reading blog posts talking about how to structure CSS (like A whole cascade of layers or How I write CSS in 2024) and I realized a couple of things:
- Every CSS code base has a bunch of different things going on (layouts! fonts! colours! common components!)
- It's extremely useful to have systems or guidelines to manage each of those things, otherwise things descend into chaos
- Tailwind has systems for some of these, and I already know those systems! Maybe I can imitate the systems I like!
For example, Tailwind has:
- a reset stylesheet
- a colour palette
- a font scale
the systems I'm going to talk about
I'm going to talk about a few aspects of my CSS codebase and my thoughts so far what kind of rules I want to impose on the codebase for each one. Some of them are copied from Tailwind and some aren't.
- reset
- components
- colours
- font sizes
- utility classes
- the base
- spacing
- responsive design
- the build system
1. reset
I just copied Tailwind's "preflight styles" by going into
tailwind.cssand copying the first 200 lines or so.I noticed that I've developed a relationship with Tailwind's CSS reset over time, for example Tailwind sets
box-sizing: border-boxon every element (which means that an element's width includes its padding):* { box-sizing: border-box; }I think it would be a real adjustment for me to switch to writing CSS without these, and I'm sure there are lots of other things in the Tailwind reset (like
html {line-height: 1.5;}) that I'm subconsciously used to and don't even realize are there.2. components
This next part is the bulk of the CSS!
The idea here is to organize CSS by "components", in a way that's spiritually related to Vue or React components. (though there might not actually be any Javascript at all in the site)
Basically the idea is that:
- Each "component" has a unique class
- The CSS for one component never overrides the CSS for any other component
- Each component has its own CSS file
So editing the CSS for one component won't mysteriously break something in another component. And probably like 80% of the CSS that I would actually want to change is in various component files, so if I'm editing a 100-line component, I just have to think about those 100 lines. It's way easier for me to think about.
For example, this HTML might be the
.zine"component".<figure class="zine horizontal"> <img src="whatever.jpg"> </figure>And the CSS looks something like this, using nested selectors:
.zine { ... &.horizontal { ... } &.vertical { ... } &:hover { ... } }I haven't done anything programmatic (like web components or @scope) that ensures that components won't interfere with each other, but just having a convention and trying my best already feels like a big improvement.
Next: conventions to maintain some consistency across the site and keep these components in line with each other!
3. colours
colours.csshas a bunch of variables like this which I can use as necessary. Colour is really hard and I didn't want to revisit my use of colour in this refactor, so I left this alone.The only guideline I'm trying to enforce here is that all colours used in the site are listed in this file.
:root { --pink: #fea0c2; --pink-light: #F9B9B9; --red: #f91a55; --orange: rgb(222, 117, 31); ... }4. font sizes
One thing I appreciated about Tailwind was that if I wanted to set a font size, I could just think "hm, I want the text to be big", write
text-lg, and be done with it! And maybe if it's not big enough I'd usexlor2xlinstead. No trying to remember whether I'm usingemorpxorrem.So I defined a bunch of variables, taken from Tailwind, like this:
--size-xs: 0.75rem; --line-height-xs: 1rem; --size-sm: 0.875rem; --line-height-sm: 1.25rem;Then if I want to set a font size, I can do it like this. It's a little more verbose than Tailwind but I'm happy with it for now.
h3 { font-size: var(--size-lg); line-weight: var(--line-weight-lg); }5. utilities
There are some things like buttons that appear in many different components. I'm calling these "utilities".
I copied some utility classes from Tailwind (like
.sr-onlyfor things that should only appear for screenreader users).This section is pretty small and I try to be careful about making changes here.
6. the base
"base" styles are styles that apply across the whole site that I chose myself. I have to keep this section really small because I'm not confident enough to enforce a lot of styles across the whole site. These are the only two I feel okay about right now, and I might change the
<section>one:/* put a 950px column in the middle of each <section> */ section { --inner-width: 950px; padding: 3rem max(1rem, (100% - var(--inner-width))/2); } a { color: var(--orange); }I think for the base styles it's going to be easiest for me to work kind of bottom up - first start with almost nothing in the base styles, and then move some styles from the components into base styles as I identify common things I want.
7. spacing
I haven't completely worked out an approach to managing padding and margins yet. I'm definitely trying to be more principled than how I was doing it in Tailwind though, where I would just haphazardly put padding and margins everywhere until it looked the way I wanted.
Right now I'm working towards making the outer layout components in charge of spacing as much as possible. For example if I have a
<section>with a bunch of children that I want to have space between them, I might use this to space the children evenly:section > *+* { margin-top: 1rem; }Some inspiration blog posts:
8. responsive design: use more grid!
The way I was doing responsive design in Tailwind was to use a lot of media queries. Tailwind has this
md:text-xlsyntax that means "apply thetext-xlstyle at sizesmdor larger".I'm trying something pretty different now, which is to make more flexible CSS grid layouts that don't need as many breakpoints. This is hard but it's really interesting to learn about what's possible with grid, and it's a good example of something that I don't think is possible with Tailwind.
For example, I've been learning about how to use
auto-fitto automatically use 2 columns on a big screen and 1 column on a small screen like this:display: grid; grid-template-columns: repeat(auto-fit, minmax(min(100%, 400px), max-content)); justify-content: center;I also used
grid-template-areasa lot which is an amazing feature that I don't think you can use with Tailwind.Some inspiration:
- A responsive grid layout with no media queries from CSS Tricks
9. the build system: esbuild
In development, I don't need a build system: CSS now has both built in import statements, like this:
@import "reset.css"; @import "typography.css"; @import "colors.css";and built in nested selectors, like this:
.page { h2 { ...} }If I want, I can use
esbuildto bundle the CSS file for production. That looks something like this.esbuild style.css --bundle --loader:.svg=dataurl --loader:.woff2=file --outfile=/tmp/out.cssEven though I usually avoid using CSS and JS build systems, I don't mind using esbuild (which I wrote about in 2021 here) because it's based on web standards and because it's a static Go binary.
why migrate away from Tailwind?
A few people asked why I was migrating away from Tailwind. A few factors that contributed are:
- Tailwind has become much more reliant on a build system since 2018, I think it's impossible (?) to use newer versions of Tailwind without using a build system. So I've been using Tailwind v2 for years. (there's also litewind apparently)
- It's always been true that you're supposed to use Tailwind with a build system, but I've never really done that, so I have 2.8MB
tailwind.min.cssfiles in a lot of my projects and it feels a little silly. - I'm a lot better at CSS than I was when I started using Tailwind
- Ultimately Tailwind is limiting: if you want to do Weird Stuff in your CSS, it's not always possible with Tailwind. Those limits can be extremely useful (a lot of this post is about me reimplementing some of Tailwind's limits!) but at this point I'd like to be able to pick and choose.
- I ended up with sites that mixed both vanilla CSS and Tailwind in the same project and that was not fun to maintain
- I got curious about what writing more semantic HTML would feel like.
CSS features I'm curious about
While doing this I learned about a lot of CSS features that I didn't use but am curious about learning about one day:
@layer(from A Whole Cascade of Layers)- @scope)
- container queries
- subgrid
that's all for now!
I still feel happy that I started using Tailwind, even if I'm moving away from it now. I learned a lot from using it and I can still use some parts from it in my sites even after deleting
tailwind.min.css.Thanks to Melody Starling who originally designed and wrote the CSS for wizardzines.com, everything cool and fun about the site is thanks to Melody.
Also I read so many incredible blog posts about CSS while working on this (from CSS Tricks, Smashing Magazine, and more), I've tried to link some of them throughout this post and I really appreciate how much folks in the CSS community share their practices.
-
- May 14, 2026
-
đ IDA Plugin Updates IDA Plugin Updates on 2026-05-14 rss
IDA Plugin Updates on 2026-05-14
Activity:
- diaphora
- a5792684: Added requirements.txt
- ida-claude-plugins
- 5809d125: Add ida-codemode-mcp (private)
- IDA-FastAnalysis
- IDA-MCP
- ida-pro-mcp
- 47de01b1: Update installation instructions
- idac
- pharos
- plugin-ida
- 00b17b90: Merge pull request #115 from RevEngAI/feat/auto-bump-revengai-sdk
- bdd898c9: chore: update workflow
- d9bbb71f: Merge pull request #113 from RevEngAI/feat/auto-bump-revengai-sdk
- 6455cb2b: chore: fix worklow
- 4bc1b7cf: Merge pull request #112 from RevEngAI/feat/auto-bump-revengai-sdk
- 2c2f25fe: chore: bump python workflow version
- dd1b9d46: chore: product team as owners
- 67d138d2: chore: add scheduled workflow to bump revengai SDK pin
- tix-seven
- f4fc6d22: feat: add MOSIP request timeout and retry configuration
- a1acdf2c: Refactor hardware pins and add ultrasonic functionality
- ed26f96c: refactor: centralized demo loggings in one class (PLEASE TEST HUHU)
- 1b323f27: Merge branch 'main' of https://github.com/ark1tech/tix-seven
- diaphora
-
đ tomasz-tomczyk/crit v0.13.1 release
What's Changed
Features
- feat: add resolve/unresolve button to sidebar comment cards by @Amwam in #532 - Thank you!
- feat: add copy-path buttons to file headers and navbar by @tomasz-tomczyk in #538 - Thank you @menzenski for suggesting!
- feat(frontend): redesign waiting modal with collapsed prompt and usage tips by @tomasz-tomczyk in #539
- feat: add HEEx syntax highlighting for .heex/.leex files by @tomasz-tomczyk in #542
Fixes
- fix: add dedup guard to all inline resolve/unresolve buttons by @tomasz-tomczyk in #540
- fix(frontend): polish copy-path buttons and resolve-btn light theme by @tomasz-tomczyk in #543
Internal
- ci: test Windows jobs on VS 2026 preview image by @tomasz-tomczyk in #531
Full Changelog :
v0.13.0...v0.13.1What's Changed
- ci: test Windows jobs on VS 2026 preview image by @tomasz-tomczyk in #531
- feat: add resolve/unresolve button to sidebar comment cards by @Amwam in #532
- feat(frontend): redesign waiting modal with collapsed prompt and usage tips by @tomasz-tomczyk in #539
- feat: add copy-path buttons to file headers and navbar by @tomasz-tomczyk in #538
- fix: add dedup guard to all resolve/unresolve buttons by @tomasz-tomczyk in #540
- feat: add HEEx syntax highlighting for .heex/.leex files by @tomasz-tomczyk in #542
- fix(frontend): polish copy-path buttons and resolve-btn light theme by @tomasz-tomczyk in #543
Full Changelog :
v0.13.0...v0.13.1 -
đ anthropics/claude-code v2.1.142 release
What's changed
- Added new
claude agentsflags:--add-dir,--settings,--mcp-config,--plugin-dir,--permission-mode,--model,--effort, and--dangerously-skip-permissionsto configure dispatched background sessions - Fast mode now uses Opus 4.7 by default (previously Opus 4.6). Set
CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE=1to pin fast mode to Opus 4.6 - Plugins with a root-level
SKILL.mdand noskills/subdirectory are now surfaced as a skill - The
/plugindetails pane andclaude plugin detailsnow show LSP servers a plugin provides /web-setupwarns before replacing an existing GitHub App connection- Fixed
MCP_TOOL_TIMEOUTnot raising the per-request fetch timeout for remote HTTP and SSE MCP servers, which capped tool calls at 60 seconds regardless of the configured value - Fixed background sessions not recognizing pre-existing git worktrees, blocking Edit while EnterWorktree refused to create a duplicate
- Fixed background sessions disappearing and daemon reconnect failing after macOS sleep/wake â the daemon now detects clock jumps instead of treating them as elapsed idle time
- Fixed daemon not exiting cleanly after the binary is upgraded (e.g.
brew upgrade), causing dispatched agents to crash-loop on the deleted path - Fixed background agents crash-looping when the Claude-in-Chrome extension is connected without a shared tab
- Fixed clicking links in an attached
claude agentssession â the background worker's headless browser shim no longer applies while attached - Fixed
claude agents"v to open in editor" using the daemon's default editor instead of your shell's$EDITOR/$VISUAL - Fixed
claude agentsdeadlocking on Windows with network-drive working directories; Ctrl+C now works during startup - Fixed background-color bleed when attaching to a
claude agentssession from Apple Terminal or other 256-color-only terminals - Fixed
claude --bg --dangerously-skip-permissionsnot persisting across retire/wake - Fixed session titles being derived from the URL when the first message is a link
- Fixed redundant
set_modelrequests from remote clients injecting duplicate/modelbreadcrumbs into the transcript - Fixed plugins using
skills: ["./"]showing a false "path escapes plugin directory" error - Fixed plugin cache cleanup deleting the active plugin version directory when no installation metadata is present
- Fixed
/pluginbrowse pane showing "0 installs" for newly published plugins - Fixed plugin advisories not naming every
plugin.jsonkey that shadows a default folder - Improved reactive compaction: the first summarize attempt now seeds from the original request's overflow size, avoiding a wasted near-full-context retry
- Improved hook configuration error: configuring a prompt- or agent-type hook for
SessionStart/Setup/SubagentStartnow shows a clear "use a command-type hook instead" error - Removed stale
/model claude-sonnet-4-20250514suggestion from Usage Policy refusal messages
- Added new
-
đ r/york Looking for people to attend pride with! rss
Hi! I really wanna go to York pride on May 30th, and I realise this may sound silly, but I'm hesitating a bit bc I have absolutely no one to attend with. I don't have any queer friends here and nobody really who would go with me. It would be the first pride I attend. So basically just wondering if anyone would be down to buddy up or group up etc to go to pride? I'm a lesbian in her late twenties, if that matters.
If anyone's interested, send a message or reply!
submitted by /u/meetmeinthewind
[link] [comments] -
đ r/LocalLLaMA NVIDIA Reportedly Prepares RTX 5090 Price Hike Amid Rising GDDR7 Costs (maybe RTX 50 and PRO series as well) rss
| submitted by /u/panchovix
[link] [comments]
---|--- -
đ r/york The destruction has begun rss
| Two days ago three beautiful elegant silver birch trees stood here, within the grounds of Bootham Park Hospital. This morning I was horrified to see they had been cut down. How many more trees will be destroyed as the developersâ bulldozers move in on the park?
The entire area is within a conservation area and as such permission should be sought before and work on trees. I have made a report to the council. submitted by /u/dawnriser
[link] [comments]
---|--- -
đ The Pragmatic Engineer The Pulse: Did capacity shortages turn Anthropic hostile to devs? rss
Hi, this is Gergely with a bonus, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover Big Tech and startups through the lens of senior engineers and engineering leaders. Today, we cover one out of five topics from last week 's The Pulse issue. Full subscribers received the article below seven days ago. If you 've been forwarded this email, you can subscribe here .
Last week, we reported on Anthropic seemingly being on a speed run to break devs' goodwill by silently "nerfing" Claude Code, banning corporate accounts without warning, and a weird growth experiment involving revoking Claude Code and then restoring it. This week, a dev on the $20/month Pro plan had Claude Code removed just days into their subscription:
Claude
Code turned out to be a trial for seven days for some paying customers.
Source:Jaime
GeigerThis week, Anthropic announced a big data center expansion, and relaxing previous usage limitations, while**** Elon Musk's SpaceX / xAI ( a single company after a merger) is renting its complete Colossus 1 data center to Anthropic. From the announcement:
"Colossus 1 features over 220,000 NVIDIA GPUs, including dense deployments of H100, H200, and next-generation GB200 accelerators. The cluster delivers extreme parallel performance for large language models, multimodal systems, scientific simulations, and generative AI at frontier scale.
Anthropic plans to use this additional compute to directly improve capacity for Claude Pro and Claude Max subscribers."
In parallel with this release, Anthropic announced:
- Doubling Claude Code's current 5-hour limits for Pro, Max, Team, and seat-based Enterprise plans
- Removing peak hours limit reduction on Claude Code for Pro and Max plans
- Substantially raising API rate limits for Opus models
Is it possible that capacity issues are what led Anthropic to make Claude worse? It's confirmed the company has struggled with capacity for months. Conveniently, Claude Code being "nerfed" led to lower compute load, while removing Claude Code access from cheap plans could look like rate limiting. Even the banning of corporate accounts could be seen as scaling back at a time when the business has struggled to serve existing growth. Yesterday, (6 May), at the Code with Claude event hosted by Anthropic, CEO, Dario Amodei, said:
"We originally planned for 10x growth, and we've seen something more like 80x growth in revenue and usage over the last period of time."
SpaceX / xAI renting a good chunk of its capacity to Anthropic is ironic, considering that xAI (Musk's AI startup) builds Grok, a frontier model and direct rival of Claude, and also in January, Anthropic banned xAI developers from Claude. As covered at the time:
"It's common for an AI lab to not allow another AI lab to use its model, like at OpenAI, Anthropic, and Google. On the other side, there's also the pertinent question of why a leading AI lab would even want to use a rival for its own day-to-day work?
Turns out, xAI (Elon Musk's AI lab) was relying on Cursor to write code, which we know because they got cut off."
Anthropic likely banned xAI to stop Claude from being potentially distilled while it tried to improve Grok's coding capability. Meanwhile, Musk called Anthropic "misanthropic and evil" earlier this year, and said the new tenant "hates Western civilization". But both parties seem happy to put that behind them and strike a deal, so perhaps there's something else at play.
Could SpaceX / xAI be checking out of the frontier-AI model wars? Leasing a good chunk of its data center capacity might suggest that.**** SpaceX / xAI has two data centers: Colossus 1 and Colossus 2. Colossus 1 represents somewhere around 45% of current SpaceX / xAI capacity, and 20-25% of planned total capacity.
Giving up as much capacity as this might indicate a lack of demand, or capacity sitting idle. It also means Grok is losing out in market share to Claude, ChatGPT, and other leading models. In February 's AI tooling survey we found scarce mention of Grok, which lagged in usage behind open models like DeepSeek and Qwen.
To be fair, unlike Anthropic and OpenAI, Grok never had a B2C nor B2B business that took off. The biggest consumer use case for Grok seems to be its integration into the social media platform, X; at least, I don't know of any tech company using the model for serious work.
" The enemy of my enemy is my friend", says the maxim, and if there's one company Musk hates, it's OpenAI. He is currently suing OpenAI, claiming it betrayed its founding nonprofit mission to develop safe AGI for humanity's benefit by shifting to a profit-driven model backed by Microsoft. Musk also claims that despite investing about $40M, he has no ownership of the company.
He wants $150B in damages, the removal of Sam Altman and Greg Brockman, and for OpenAI to return to a full nonprofit, as per when he invested in the company. We covered more about OpenAI 's own ethical challenges between nonprofit and for-profit right after the firing of Sam Altman in 2023, in the deepdive What is OpenAI, really?
Similarly, Anthropic may well have an issue with OpenAI, if CEO Dario Amodei's failure to join hands with Sam Altman while sharing a stage with the Prime Minister of India earlier this year is anything to go by.
(Most)
AI leaders join hands at the AI Impact Summit with India 's Prime Minister.
Source: FortuneCapacity issues hurting Anthropic would benefit OpenAI, and so by offering significant capacity to Anthropic, Musk is making it harder for OpenAI to win the market. That would be ironic, given he's a former investor.
Read the full issue of last week 's The Pulse , or check out this week 's The Pulse . This week 's issue covers:
- Forward deployed engineering heats up again. Massive demand for the role at Google, OpenAI, and Anthropic. The latest version of the FDE role looks like the consultant / solution architect role done by many early-junior engineers.
- Why are layoffs spiking? Tech job cuts are higher than since early 2023 for various reasons: smaller teams prompt reorgs and reduce the need for middle management. Meanwhile, poorly performing companies make layoffs without the influence of AI.
- New trend: self-reporting 100% AI generated code at Microsoft. With mid-year performance reviews looming, some managers advise their reports to claim they use AI for everything.
- Industry Pulse. Tokenmaxxing at Amazon, too, SaaS companies grow faster than before - perhaps partly due to AI, Bun rewritten in Rust with AI works well, Anthropic overtakes OpenAI in enterprise spend, and more.
- Vibe coding & agentic engineering get uncomfortably close. A relatable observation by software engineer, Simon Willison, about reviewing AI agents' code less than would be ideal.
-
đ r/Leeds Dirt Dyke Dive - worth going??? rss
Hi all - I recently came out as lesbian, and iâm 25(late side i know). I donât have any queer friends at all, so i donât know much about queer spaces etc. I heard about the Dirt Dyke Dive events at wharf chambers and it looks like a great opportunity to meet people but the thought of going alone and standing in a corner is so scary lol. do people turn up alone? or is that really weird? I just wanna meet people whether it be friends or more but any advice is appreciated:)
submitted by /u/AggressiveWinner6401
[link] [comments] -
đ r/reverseengineering VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure rss
submitted by /u/CyberMasterV
[link] [comments] -
đ r/york Wondering what year is this? rss
| submitted by /u/ScrollAndThink
[link] [comments]
---|--- -
đ r/reverseengineering Ghidra 12.1 has been released! rss
submitted by /u/ryanmkurtz
[link] [comments] -
đ r/Yorkshire âAbandonedâ Yorkshire airport begins path to reopening after loan agreement rss
| submitted by /u/JOE_Media
[link] [comments]
---|--- -
đ r/LocalLLaMA Anyone actually using a local LLM as their daily knowledge base? Not for coding, for life stuff. What's your setup? rss
So I've been going down a rabbit hole lately and I can't find many people actually talking about this specific use case.
everyone here runs local LLMs for coding, chat, maybe some creative writing. cool. But what about using it as a proper personal knowledge base? like, dump your own notes, PDFs, random docs into it and actually query your own life privately, every day.
I tried looking into this seriously and hit a wall. Most resources either assume you're a developer building something, or they're 2 years old and recommend tools that have completely changed since.
So genuinely asking, is anyone here actually doing this day to day? Not as an experiment, but as a real workflow?
Things I keep running into that I can't figure out:
- What model are you running for this? RAG on consumer hardware seems finicky depending on quant
- Do you actually trust the retrieval or do you double check everything because hallucinations?
- LlamaIndex vs Ollama vs whatever else has anything actually made this less painful recently?
- Context length, how do you handle it when your personal docs start piling up?
Not looking for a tutorial or a GitHub repo. Just want to hear from someone who's made this work without it becoming a part time job to maintain.
submitted by /u/InformationSweet808
[link] [comments] -
đ r/Yorkshire A trip through Standedge Tunnel â the longest canal tunnel in the UK rss
| The trip takes around three hours, led by Canal & River Trust employees. Tickets start from ÂŁ10 for 30 minute journeys and ÂŁ50 per adult for the 3-hour through trip. submitted by /u/Yorkshire-List
[link] [comments]
---|--- -
đ r/Leeds I'm 16 I've applied for around 450 jobs I just need something rss
I've checked every damm website of the big chains and companies in Leeds (The fast food places mainly) and I've applied for 379 jobs on Indeed and I've only gotten 2 interviews which both failed
I just need something, anything I'll work any damm position for less than minimum wage if anyone knows of anything please god tell me
submitted by /u/SevenVoidDrills2
[link] [comments] -
đ r/reverseengineering Reverse Engineering Slither.ioâs Network Protocol rss
submitted by /u/RevolutionarySalt370
[link] [comments] -
đ r/LocalLLaMA Multi-Token Prediction (MTP) for Qwen on LLaMA.cpp + TurboQuant rss
| Implemented Multi-Token Prediction for QWEN on LLaMA.cpp with TurboQuant. +40% performance! 90% acceptance rate. Running locally on a MacBook Pro M5 Max 64GB RAM. Outputs:
LLaMA.cpp + TurboQuant: 21 tokens/s
LLaMA.cpp + TurboQuant + MTP: 34 tokens/s Patched LLaMA.cpp with MTP and TurboQuant: https://github.com/AtomicBot-ai/atomic-llama-cpp-turboquant Quantized Qwen 3.6 27B (and 35B) into GGUF with MTP: https://huggingface.co/collections/AtomicChat/qwen-36-udt-mtp Local Ai Models App: Atomic.Chat submitted by /u/gladkos
[link] [comments]
---|--- -
đ matklad Catch Flakes On Main rss
Catch Flakes On Main
May 14, 2026
A small Mechanical Habit today:
When using not rocket science rule / merge queue, continue to redundantly run the full test suite on main. Maintain an easily accessible list of recent main failures â these are the flaky tests to eradicate.
For an example, see the âFlakesâ link on https://devhub.tigerbeetle.com
Flaky tests are tests that fail intermittently, once in a thousand runs. This might be due to a genuine bug (assumptions about scheduling that mostly hold) or due to instability of underlying infrastructure (e.g., inability to download a release from GitHub, or to delete a folder on Windows). In either case, flaky tests are a huge productivity drain â as the size and complexity of test suite grows, more and more CI runs fail spuriously, even as each individual test almost always passes.
Flaky tests are challenging to deal with â if you are working on landing a PR and your CI fails due to an obvious flake, the temptation to just re-run the test suite is enormous, especially if thereâs a certain background dissatisfaction with infrastructure stability.
If you are of a mind to do some flake squashing, then your PRs will be green just to spite you! And working off of othersâ PRs would require first to separate flakes from genuine failures.
This is why the merge queue is powerful: if thereâs a guarantee that every commit on the main branch passes the tests, then every failure on main is a flake, by definition. Collecting all such failures into a single list compresses time, allows to prioritize the most impactful sources of instability, and reveals correlations between failures.
-
đ Console.dev newsletter boring rss
Description: SSH tunnel manager.
What we like: Makes it easy to open, persist, and list SSH tunnels. No need to remember SSH argument ordering. Supports TCP and sockets, including a reverse SOCKS5 proxy. Configurable via TOML.
What we dislike: Nothing - does the job well.
-
đ Console.dev newsletter Datatype rss
Description: Charts as a font.
What we like: Render charts using a font so it doesnât require any other dependencies (no JS, no images). Available via Google Fonts or as a self-hosted font. Font appears in-line with text. Variable font so you can configure density and weight - resizes like any normal font.
What we dislike: Only supports bar charts, sparklines, and pie charts.
-
đ Ampcode News npm Package Changes rss
We're now shipping the Amp CLI as a single-file executable (compiled by Bun) instead of as a JavaScript source package. This makes Amp faster and more compatible across platforms and runtimes, and it's necessary to support Amp plugins.
If you're using the recommended direct installation, nothing changes for you. You've been using this single-file executable for several months. You can stop reading here.
If you've installed Amp via npm, you should switch to direct installation:
npm uninstall -g @sourcegraph/amp curl -fsSL https://ampcode.com/install.sh | bash(See all installation methods.)
If you need to keep using npm to install Amp, usually because your company has an internal npm mirror/archive, be aware of some changes:
- The CLI's npm package will now contain the executable instead of sources.
- We're renaming 2 npm packages:
- The Amp CLI is now
@ampcode/cli(was@sourcegraph/amp) - The Amp TypeScript SDK is now
@ampcode/sdk(was@sourcegraph/amp-sdk)
- The Amp CLI is now
The old package names are aliases but will be removed on June 15, 2026.
-
- May 13, 2026
-
đ IDA Plugin Updates IDA Plugin Updates on 2026-05-13 rss
IDA Plugin Updates on 2026-05-13
New Releases:
Activity:
- capa
- claude-of-alexandria
- 8e935966: chore(deps-dev): bump the minor-and-patch group (#48)
- Deobfuscator
- 480dc78b: Update README.md
- diaphora
- ida-hcli
- 9f9b9e25: GitHub: Increase batch size repository retrieval
- IDA-MCP
- 3a48c818: refactor: split gateway registry, add chat agent runner, and improve âŠ
- IDEA
- NyLib2
- dc203c00: Install Vulkan SDK support; conditional console
- 41440f49: fix(pyimgui2): default show_demo_window to False
- 9b3facea: fix(pyimgui2): provide Platform_CreateVkSurface for vk multi-viewport
- b4b38c04: feat(pyimgui2): wire gl3/vk frontends into build and dispatch
- 5101b05c: chore(pyimgui2): untrack generated pyimgui/ output directory
- d87f5b35: fix(pyimgui2): add gl3/vk frontends with InvalidateDeviceObjects hook
-
đ anthropics/claude-code v2.1.141 release
What's changed
- Added
terminalSequencefield to hook JSON output so hooks can emit desktop notifications, window titles, and bells without a controlling terminal - Added
CLAUDE_CODE_PLUGIN_PREFER_HTTPSto clone GitHub plugin sources over HTTPS instead of SSH, for environments without a GitHub SSH key - Added
ANTHROPIC_WORKSPACE_IDenvironment variable for workload identity federation â scopes the minted token to a specific workspace when the federation rule covers more than one - Added
claude agents --cwd <path>to scope the session list to a directory /feedbackcan now include recent sessions (last 24 hours or 7 days) for issues spanning more than the current session- Rewind menu: added "Summarize up to here" to compress earlier context while keeping recent turns intact
- Auto mode permission dialog now explains when a
permissions.askrule caused the prompt - Restored the "view diff in your IDE" option on file-edit permission prompts when an IDE is connected
- Background agents launched via
/bgorâânow preserve the current permission mode instead of reverting to default claude agents: agents that finish work but leave a background shell running now move to Completed instead of staying under Working- Improved spinner feedback during long thinking periods â the spinner now warms to amber after 10 seconds to signal Claude is still working
- Improved plugin menu navigation:
â/Tab switch tabs,âmoves to the tab strip, and tab headers and search box are clickable in fullscreen mode - Fixed background side-queries sending an unavailable Haiku model ID on Bedrock/Vertex/Foundry/gateway when no
ANTHROPIC_SMALL_FAST_MODELoverride is set â now falls back to the main-loop model - Fixed
claude daemon statusand/doctoron Windows throwing when the daemon pipe key file is locked or unreadable â now shows the underlying error instead of an opaque failure - Fixed
claude agentsshowing the agent-type list instead of the dashboard when launched through a wrapper that adds flags - Fixed
claude agentsopening a crashed session firing redundant dispatches when the working directory was deleted - Fixed background jobs on a custom
ANTHROPIC_BASE_URLgateway not getting auto-named â the namer now uses the main model when no Haiku model is configured - Fixed
/modelin one session silently changing the autocompact threshold in other concurrent sessions - Fixed switching permission mode while a tool-permission prompt is open not auto-dismissing the prompt when the new setting permits the tool
- Fixed pressing Enter while a permission/dialog prompt is open also submitting text in the input box
- Fixed hooks receiving a non-existent
transcript_pathafterEnterWorktreeswitches the working directory - Fixed markdown tables with cell wrapping falling back to the vertical key-value layout instead of rendering as a bordered grid (regression in 2.1.136)
- Fixed cancelled prompts being removed from Up-arrow history when auto-restored into the input box, avoiding duplicate entries
- Fixed prompts cancelled with Ctrl+C/Esc before any response being dropped from Up-arrow history
- Fixed Ctrl+C not interrupting a running turn while in vim INSERT/VISUAL mode
- Fixed alternative
chat:submitkeybindings (e.g.meta+enter,ctrl+enter) not working whenenteris rebound tochat:newline - Fixed prompt suggestions being silently disabled when an output style was configured
- Fixed
spinnerVerbssetting not being honored in turn-completion messages - Fixed AskUserQuestion popup hiding the last line of preceding chat content
- Fixed Web Search status showing "Did 0 searches" when searches returned errors
- Fixed multi-line statusline output dropping or corrupting rows when any line exceeds terminal width
- Fixed light-ansi theme using invisible white for diff context lines on light backgrounds â now uses black
- Fixed error overlay dumping minified bundle source that hid the original error message
- Fixed pressing Enter after typing a feedback survey rating digit submitting it as a chat message instead of the rating
- Fixed pressing
xon a selected subagent in the agent panel typing into the prompt instead of stopping the agent - Fixed session title being derived from plugin monitor notifications before the user's first prompt
- Fixed "Allowed by PermissionRequest hook" repeating once per tool call under a collapsed read/search group
- Fixed
/tuisilently dropping running background shells and subagents â now refuses and asks to wait for them to finish - Fixed welcome banner showing "API Usage Billing" on Bedrock, Vertex, Foundry, and other third-party providers â now shows the provider name
- Fixed
/mcpserver list not keeping the focused server visible in short terminals in fullscreen mode - Fixed redaction in
/feedbackbundles producing invalid JSON for quoted values like session IDs - Fixed desktop and third-party provider sessions incorrectly inheriting
apiKeyHelper/ANTHROPIC_AUTH_TOKENfrom host managed-settings - Fixed early analytics events being silently dropped when fired before logger initialization
- Fixed
claude plugin installfailing for plugins whose marketplacerefno longer exists upstream when ashais also pinned - Fixed plugin details pane showing 0 MCP servers for plugins that declare them via
.mcp.json - Fixed plugin MCP servers with unset config variables showing a generic connection failure instead of a "config issue" message with a fix-it hint; malformed
.mcp.jsonentries no longer drop other MCP servers - Fixed MCP server configs using POSIX shell parameter expansions (e.g.
${var%pattern}) being incorrectly flagged as missing environment variables - Fixed MCP HTTP/SSE servers returning 403 on connect showing as "failed" instead of "needs auth"
- Fixed remote MCP servers disconnecting unnecessarily when the optional server-events stream failed to reconnect â tool calls continue over POST
- Fixed Remote Control MCP connectors all failing with 401 when the worker session token rotated mid-session
- Fixed Remote Control automatically re-enrolling a trusted device when the server rejects a stale token, instead of looping through
/login - Fixed a race where early OTel spans could be silently dropped in SDK/headless mode with beta tracing enabled
- Fixed custom
voice:pushToTalkkeybindings and"space": nullunbinds being silently ignored - Fixed Windows Alt+V image paste reporting "no image found" when the clipboard contains a screenshot
- Fixed SDK "Claude Code native binary not found" on Linux when both glibc and musl platform packages are installed
- Bedrock:
awsCredentialExportnow always runs when configured instead of being skipped when ambient AWS credentials resolve, fixing auth for cross-account access - [VSCode] Fixed in-chat mic showing no feedback when the microphone produced only silence â now shows "No audio detected"
- [VSCode] Voice mode: the WSL error now suggests installing
sox libsox-fmt-pulsefor WSLg users claude agents: launching a session no longer fails when the pre-warmed background worker is unhealthy â now falls back to a fresh launchclaude agentsno longer shows empty placeholder sessions left over from backgrounding a fresh REPL, and shows onboarding text when entered via â with no other agents- Empty idle background sessions left over from
âare now automatically retired by the daemon after 5 minutes
- Added
-
đ r/york Best Italian restaurant? rss
I'm having my Hen do in York (nothing crazy). Any recommendations for Italian restaurants? âșïž Thanks!
submitted by /u/iamloubielou
[link] [comments] -
đ hyprwm/Hyprland v0.55.1 release
This is a standard patch release backporting some fixes from main onto 0.55.0.
Fixes backported
- groups: sync window monitor/workspace when added to a group (#14478)
- compositor: fix invalid capture in vectorToWindowUnified
- config/legacy: fix bad format log in handleSource
- config: fix plugin variables with dashes (#14379)
- monitor: fix top-layer bar visibility on workspace change with scrolling-layout fullscreen (#14425)
- pointer: fix cursor bounds not updating on monitor layout changes (#14393)
- render/cm: fix premult in shaders (#14403)
- render/gl/framebuffer: fix swizzle comparisons (#14481)
- algo/floating: do not alter pinned windows' state on ws move (#14513)
- config/lua: allow re-enabling monitors (#14447)
- config/lua: restrict package module loading to lua-only modules (#14526)
- config/propRefresher: avoid crash if event loop manager isn't loaded (#14423)
- gestures/scroll_move: guard col to avoid crash (#14394)
- helpers: include numbers header (#14406)
- input: properly make input-blocked windows inaccessible (#14517)
- meta/lua-stubs: overwrite scale to accept float and int (#14461)
- meta: update lua stubs for permissions (#14400)
- monitor: don't modeset on reserved changes (#14397)
- monitor: don't set back to 8 bit when applying rules (#14404)
- renderer: set proper image description in snapshots (#14398)
Special Thanks
As always, special thanks to these people / companies for supporting Hyprland's continued development:
Sponsors
Diamond
37Signals
Gold
Framework, Butterfly
Donators
Top Supporters:
Tonao Paneguini, Semtex, soy_3l.beantser, Seishin, Nox Ăterna, Illyan, Snorezor, Bonsai, Joshua Weaver, ExBhal, DHH, Mikko_Nyman, Kay, iain, TyrHeimdal, miget.com, alexmanman5, Hunter Wesson, --, RaymondLC92, Theory_Lukas, Brandon Wang, Insprill, lzieniew, 3RM, johndoe42, Jas Singh, RayJameson, MadCatX, Xoores, d, Ammar Hossain, Kiâ, inittux111, Arkevius, John Shelburne, DeWattaUnk, ari-cake, gfunnymoney, alukortti, taigrr
New Monthly Supporters:
tubid2wenty, Uros Cotman, yafantik, Guy, goblin_engineer, Julius John Puno, Peter Buijs, mb, StellaBuckley, haikuolin, Antibaddy, sludge10123, C Money, Lipski, KampotKaca, Kazuhide Takahashi, Skeptomai, bombadurelli, Rebellen, Ălan, StreamCyper, taras, Yury, Sherab, Filinto Delgado, Taddelladius
One-time Donators:
Quuton, Selvan, Tyler Adams, tonis, Sam, Dimitrios Liappis, Chivtar, Eric, aponsasan888, bkode, LonestarF1, Chris, Dogmatic Polack, Larry, maxx, MonolithImmortal, edrix, I like GameNative, take my money., nyxloom, Frederic Toemboel, Schmendiey, himes, brandonia, Xphelus, New user, Miguel Flores- Acton, R3dGh0st, Glen, Vitor Moura GUEDES, Anersyum, le_04, Dan, AT, chorr, Awesome, IdeaSpring, Jacobrale, anonymous, Elias Griffin, w00z4, Marcus Edvardsson, Gerhard, Bashmaks, Benjaneb, R4dicalEdward, MatĂœsek ^^, Michael, Gene Raymond, naivesheep, Neginja, anarchuser, Uta, Francois KERISIT, ay4, Lorenzo santacreu, Gitznik, Jure S, Oliver, Pipes, Mein, ironick, Nlight, Pfoid, DasCleverle, Jaf Endee, DIEBUSTER, senorBeard, alex, Mike, luxxa, JasonPettys, One, Daniel, Sven Eppler, L3rdy, Ilunn, Thorff, XurxoMF, Wonkhester, Brian, Doc O, Mortja, Spook, Miguel Cordero Collar, bennyzen, deah, Sean, Higor, nanea808, Torsten Schieber, I3lack5hield, Kevin Steffer, Zarenno, vfosterm, Nikola, EGB, Dietmar, KilahDentist, Wilf Lin, Rad, Yuza, Supporter, nooob, esseonline, Naresh, darquill, BrnPrs, Pani, BYK, Amaury, nythix, Mika, Patriarch, Gambit, GoatCedric, Adam, MirasM, bl4ckb1rd, Loon, KevOlek, AsciiWolf, Brian Barrow, Anon, Kilian, Cristian M., abhinavmishra094, Dejv78, LinoDB, Trofim, Konstantin, JoaquinCamposPlaza(Ximo), Gabo, Phil, dev2and0m, Neil Brown, zarilion, JavierArias(Javi), Thank you, Mystrasun, Skrazzo, MeguminLoli, revitalist, barcellos-pedro, Juh, Goldie, benabrig, mynus, Daniel Zudel, Grant, Jacob Felknor, Noah, e033x, Nick, Niklas, mkami, Slippy, joenu, Oleksandr, t.i.m., Joss001, M4CETO, Nighty, Donater, David N, Cameron, Ekoban, Kieran, brotiii, Doug, Hypruser#0224975, Shadesofastar, sonicbhoc, GKL, Damien, JoĂŁo Seixas, mothmashine, James Freiwirth, Mek, Krizzkrozz, Panzer, mika.dev, Franky Valley, Sycho sMILEz, Roy, Amundis, willibenmula â€ïž, Justin, marvelousIT, pablo, Alex, Ryan, cito, Juergen, Eric Koslow, valerius21, jfk, Andrejs, tyforupdate, skwrl, DaintyFox
Full Changelog :
v0.55.0...v0.55.1 -
đ backnotprop/plannotator v0.19.16 release
Follow @plannotator on X for updates
Missed recent releases? Release | Highlights
---|---
v0.19.15 | Commit-based diff base, jj evolution diffs, GitLab reliability fixes, OpenCode command intercept fix
v0.19.14 | Visual explainer skill update, PFM code-file hover previews, Graphviz, diff tab size and line bg intensity, hooks settings tab
v0.19.11 | Jujutsu (jj) VCS backend, slimmer hunk separators, collapse viewed files, multi-line gutter selection fix
v0.19.9 | OpenCode user-managed workflow, Pi model switch fix, Codex skill install, shimmer removal
v0.19.8 | 49 themes with syntax highlighting, keyboard shortcut registry, smart code-file path validation, remote URL notifications
v0.19.7 | Codex Stop-hook plan review, Codex skills, sidebar auto-close, file tree context menu
v0.19.6 | Non-blocking Pi browser sessions, agent picker dropdown for OpenCode, annotate-last file resolution fix
v0.19.5 | All-files diff view, clickable code file paths, server-side hide whitespace, non-ASCII path support
v0.19.4 | All-files diff type, code file viewer, hide whitespace, quick-settings popover
v0.19.3 | Configurable feedback messages, hide merged PRs in stacked PR selector
What's New in v0.19.16
v0.19.16 adds IDE-style code navigation to the review UI. Cmd/Ctrl+click any token in a diff to find its definition and references across the repo, displayed in a peek panel below the diff viewer.
Code Navigation with Peek View
During code review, understanding how a function is used or where a type is defined usually means switching to an IDE or running a grep. The review UI now handles this directly.
Cmd+click (or Ctrl+click on Linux/Windows) any token in a diff to search for its definition and references. Results appear in a VS Code-style peek panel that splits into two sections: a syntax-highlighted file preview on the left and a grouped reference list on the right. Click any reference to jump to it in the preview.
The search is powered by ripgrep on the server side. Language-aware definition patterns are built in for TypeScript, JavaScript, Python, Go, and Rust, with a generic fallback for other languages. Results are ranked by proximity: matches in the same file sort first, then the same directory, then the rest of the repo. Definition matches (function declarations, class definitions, type aliases) are separated from usage references so you can quickly distinguish where something is defined from where it's called.
The peek panel is integrated into the dockview layout and works in both single-file tab view and all-files view. It opens below the active diff and can be dismissed with Escape or by clicking the close button.
Install / Update
macOS / Linux:
curl -fsSL https://plannotator.ai/install.sh | bashWindows:
irm https://plannotator.ai/install.ps1 | iexClaude Code Plugin: Run
/pluginin Claude Code, find plannotator , and click "Update now".OpenCode: Clear cache and restart:
rm -rf ~/.bun/install/cache/@plannotatorThen in
opencode.json:{ "plugin": ["@plannotator/opencode@latest"] }Pi: Install or update the extension:
pi install npm:@plannotator/pi-extension
What's Changed
- feat: search-based code navigation with peek view by @backnotprop in #711
Community
@sushi30 requested IDE-like code navigation in #694, describing the use case of exploring related components during review without leaving the context.
Full Changelog :
v0.19.15...v0.19.16 -
đ r/york Weird interaction at Monks Cross subway rss
So I ordered a pizza half and someone started making it. When it got passed to the second employee, i noticed him but just cheese on then put it in the oven. I thought I must have missed him putting on the sauce (surely?). But when I got it (a friend paid hence I didnât get time to check first), I checked at the counter and there was visibly no sauce. I asked about the sauce and the guy lied and said they didnât make it with sauce and it was just cheese and bread. My friend said âlike a cheese toastie?â And he said yes?? When I pointed to the board and showed him that the menu said marinara sauce and I insisted at other subways they made it with sauce, he reluctantly admitted he lied because they had no sauce. I was confused why he lied. When I made the order, they could have just said they didnât have any. Even half way through making it he could have said there was none and it would have been fine. Itâs the fact that I (almost) argued back and forth about whether the pizza subs came with sauce. I thought I was going crazy. Like 1) he said it came with no sauce and thatâs how subway makes them 2) that they are just cheese on bread 3) didnât really respond when I insisted Iâve had them elsewhere with sauce and 4) only admitted it when I pointed at the menu. It was quite shocking that he just kept lying to our faces, i guess hoping weâd just leave. I wasnât trying to be argumentative, I was just utterly confused as to what was happening. The guy offered us ketchup but at that point we didnât want to eat there. And no other staff stepped in, even though they were among it. Kind of understandable in work place, but with no back up I felt crazy. We had to firmly refuse the food and ask for a refund (only on the pizzas btw). They luckily refunded us, but it was so weird. I have tried to contact subway twice about this but Iâve never had a response. I donât want to complain about the lack of sauce (thatâs fine) but having a fully grown (not a teenager) guy try to gaslight me into believing there was never sauce on the pizza subs is bizarre. Has anyone else had something like this happen?
TLDR: subway workers tried to gaslight me into thinking the Margherita pizza sub didnât come with marinara sauce.
submitted by /u/A_hot_bowl_of_geedis
[link] [comments] -
đ r/reverseengineering I Reverse-engineering Need for Speed Underground 2 Server rss
submitted by /u/Ornery-Hat5252
[link] [comments] -
đ HexRaysSA/plugin-repository commits sync repo: +1 plugin, +2 releases rss
sync repo: +1 plugin, +2 releases ## New plugins - [diaphora](https://github.com/joxeankoret/diaphora) (3.4) ## New releases - [clang-include](https://github.com/oxikkk/ida-clang-include): 1.2.0 -
đ r/Leeds Abandoned Festival Foods in Osmondthorpe đ„ rss
Festival House, located in Osmondthorpe, east Leeds, was built in the 1930s and has had many uses in its life. It was originally the laundry for the Leeds Industrial Cooperative Society (LICS) and was constructed in the early 1920s, later becoming Festival Foods Ltd in 1955 which produced food hampers and ice cream. The front was constructed in a striking red-brick Art Deco style. Festival Foods closed its doors in 2020 and since then the building has stood derelict, becoming a blight on the landscape in a mainly residential area. Plans to redevelop the site into a mix of 56 one and two-bed apartments has been put forward but as of May 2026 nothing has gone ahead.
submitted by /u/LostPlacesUK
[link] [comments] -
đ r/wiesbaden Teilnehmende gesucht (Familien mit Kindern 10-18J.): Studie zu Mobbing, Aggression und Psychischen Erkrankungen im Kindes- und Jugendalter -> Kostenloser IQ-Test, Diagnostik +75-200 Euro AufwandsentschĂ€digung rss
Link Im Flyer: https://redcap2.zi-mannheim.de/surveys/?
s=PYR8LAWC9J9M87X4Link zu mehr Infos: https://www.zi-mannheim.de/forschung/probanden- gesucht/mobbing-online-und-offline-deine-erfahrung-ist-wichtig.html
submitted by /u/Beginning-Demand-516
[link] [comments] -
đ r/LocalLLaMA Web-Search is coming to a screeching performance halt as Google shuts down their free search index, and traffic defenders like Cloudflare challenge AI at every gateway. What are our options? rss
Google is closing its free tier to just 50 domains for site-specific search, and an inheritance date of January 1st, 2027, with no public pricing being listed for advanced searches. Cloudflare's new site-default is to challenge all AI bots attempting to scrape web-information for all their customers, including now with a recent partnership all domains hosted by Go-Daddy.
Some of you may have felt it over the last few months, web searches that used to be more effective are now closing with 400 errors from every site your harness attempts to reach. Local models may lose efficacy as their internet pulling capabilities are crushed.
Make no mistake, Google is reinforcing their mote by pulling up the drawbridge for aggressive pricing. This is a direct attempt to close in on the open-host sphere by crippling reliance infrastructure.
As a community, what options do we have at our disposal? Are there any open- projects currently attacking this status quo? Filling this gap will likely be the next big "open" project to hit the market, as solutions to this issue will likely become dependencies as we progress down harness improvement.
submitted by /u/NetTechMan
[link] [comments] -
đ pydantic/pydantic-ai-harness v0.3.0 (2026-05-13) release
What's Changed
- deps: Add support for, and require,
pydantic-ai-slim>=1.95.1by @DouweM in #241 - fix(code_mode): honor Tool Search's deferred-loading contract by @DouweM in #240
Full Changelog :
v0.2.1...v0.3.0 - deps: Add support for, and require,
-
đ @HexRaysSA@infosec.exchange We'll be at [@offensivecon](https://mastodon.social/@offensivecon) Friday and mastodon
We'll be at @offensivecon Friday and Saturday! Stop our sponsor table to check out spotlights on new, in-beta and upcoming features.
Weâll also have swag for anyone who shares feedback on IDA.
See you soon!
-
đ r/reverseengineering I made a video explaining CPU registers for people learning binary exploitation â x86 vs x64 differences included rss
submitted by /u/riemspec
[link] [comments] -
đ r/Harrogate Is anybody on here in the Harrogate area a member of the Harrogate Spa at the Majestic hotel? What is it like? rss
I've been a member at the Harrogate David Lloyd now since 2021, but now I'm looking at leaving the club as I feel like its now becoming too expensive for what it is (jacuzzi, sauna and steam room breaking down a lot) and the gym area not being the best. I've had a shop around for new gym memberships basically. A colleague of mine has told me that the Majestic hotel is a good place to go for the spa, gym and the pool - and its also right near where I live too. Is it worth the money?
submitted by /u/thunderfart_99
[link] [comments] -
đ r/york Anyone else looking forward to Queen Street being finished? rss
I love the changes btw, makes York look even prettier :D
submitted by /u/B3ags
[link] [comments] -
đ r/LocalLLaMA DramaBox - Most Expressive Voice model ever based on LTX 2.3 rss
| The Most Expressive Voice Model. Github: https://github.com/resemble-ai/DramaBox HF Model: https://huggingface.co/ResembleAI/Dramabox HF Space: https://huggingface.co/spaces/ResembleAI/Dramabox submitted by /u/manmaynakhashi
[link] [comments]
---|--- -
đ backnotprop/plannotator v0.19.15 release
Follow @plannotator on X for updates
Missed recent releases? Release | Highlights
---|---
v0.19.14 | Visual explainer skill update, PFM code-file hover previews, Graphviz, diff tab size and line bg intensity, hooks settings tab
v0.19.11 | Jujutsu (jj) VCS backend, slimmer hunk separators, collapse viewed files, multi-line gutter selection fix
v0.19.9 | OpenCode user-managed workflow, Pi model switch fix, Codex skill install, shimmer removal
v0.19.8 | 49 themes with syntax highlighting, keyboard shortcut registry, smart code-file path validation, remote URL notifications
v0.19.7 | Codex Stop-hook plan review, Codex skills, sidebar auto-close, file tree context menu
v0.19.6 | Non-blocking Pi browser sessions, agent picker dropdown for OpenCode, annotate-last file resolution fix
v0.19.5 | All-files diff view, clickable code file paths, server-side hide whitespace, non-ASCII path support
v0.19.4 | All-files diff type, code file viewer, hide whitespace, quick-settings popover
v0.19.3 | Configurable feedback messages, hide merged PRs in stacked PR selector
v0.19.2 | Stacked PR review, source line numbers in feedback, diff type dialog re-show, ghost dot removal, docs cleanup
What's New in v0.19.15
v0.19.15 is a fixes and reliability release. It resolves GitLab pagination failures on large MRs, prevents OpenCode commands from blowing up agent context with auto-attached files, fixes loose list rendering, and addresses several smaller issues across the install scripts and port handling. On the feature side, the diff base picker now supports commit SHAs and jj gains an evolution history diff mode. Thirteen PRs in this release, four from external contributors including one first-timer.
Commit-Based Diff Base
The base branch picker now has a "Commits" tab that lists the last 20 commits on your branch. Click any commit to use it as the diff base instead of a branch. This lets you compare against a specific point in your branch history, which is useful for reviewing incremental progress or isolating a set of changes.
You can also type a commit SHA directly into the search box and press Enter to use it as the base. Both full and abbreviated SHAs work.
Jujutsu Evolution Diff
For jj users, the diff type picker now includes an "Evolution" option that shows the amendment history of the current change. This uses
jj evologto compare the working copy against its previous version, letting you see what changed since your last amend or squash. The option only appears when the current change has 2 or more evolog entries.An evolution log picker in the toolbar lets you select which prior version to compare against when multiple amendments exist.
- Authored by @madhusudancs in #702
OpenCode Command Intercept Fix
OpenCode users running
/plannotator-review,/plannotator-annotate, or/plannotator-archiveon large codebases could hit context-blowing issues. The commands resolved file references before the handler could suppress them, causing large file contents to be auto-attached as context parts. The commands now intercept incommand.execute.beforeinstead of the post-LLM event handler, clearingoutput.partsbefore any file resolution occurs. This also fixes a latent bug where/plannotator-lastcould fail to suppress the LLM turn due to an array reassignment instead of in-place mutation.- #718, closing #713 (reported by @pcfreak30)
GitLab Reliability
Two fixes for GitLab merge request reviews:
Concatenated JSON parsing.
glab api --paginatereturns concatenated JSON arrays ([...][...]) instead of a single merged array. Large MRs with many files, comments, or CI jobs would fail with a JSON parse error. The response parser now handles multi-page concatenation correctly.Inline comment persistence. When posting inline review comments to GitLab, API timeouts or rate limits could silently drop comments. Failed comments are now saved to
~/.plannotator/failed-comments/with the MR slug, and the UI distinguishes between partial failures (warns, avoids duplicates on retry) and total failures (surfaces the error).Additional Changes
- Loose list continuation indent : Multi-paragraph list items now correctly indent continuation content under the parent bullet instead of rendering it flush-left. â #705, closing #704 (reported by @Thraka)
- File comment draft persistence : File-level comments in code review now survive closing and reopening the comment popover. Drafts are keyed by PR URL, diff scope, and file path. â Authored by @codythatsme in #721
- Hooks tab guidance : The Settings Hooks tab now shows the expected hook file path as a copyable button with creation instructions when the improvement hook file is not found. â #707
- PLANNOTATOR_PORT=0 accepted : Setting
PLANNOTATOR_PORT=0no longer logs a spurious "Invalid port" warning. Port 0 tells the OS to assign a random port, matching the default local behavior. â #716, closing #715 (reported by @hearkenmx) - Codex hooks feature flag : The install script now writes
hooks = trueinstead ofcodex_hooks = truein Codex config, matching the current Codex CLI flag name. â Authored by @leoreisdias in #708 - Codex install guidance : Install script output now includes Codex-specific setup instructions. â Authored by @leoreisdias in #720
- CI security : Scoped
id-token:writepermission to only the AWS OIDC deploy jobs that need it, removing it from the release workflow. â #706
Install / Update
macOS / Linux:
curl -fsSL https://plannotator.ai/install.sh | bashWindows:
irm https://plannotator.ai/install.ps1 | iexClaude Code Plugin: Run
/pluginin Claude Code, find plannotator , and click "Update now".OpenCode: Clear cache and restart:
rm -rf ~/.bun/install/cache/@plannotatorThen in
opencode.json:{ "plugin": ["@plannotator/opencode@latest"] }Pi: Install or update the extension:
pi install npm:@plannotator/pi-extension
What's Changed
- fix: indent loose list continuation content under parent bullet by @backnotprop in #705
- fix: scope id-token:write to only AWS OIDC deploy jobs by @backnotprop in #706
- feat(ui): copyable hook path + guidance in Settings Hooks tab by @backnotprop in #707
- fix: update Codex hooks feature flag by @leoreisdias in #708
- Add jj evolog diff mode to code review UI by @madhusudancs in #702
- fix: accept PLANNOTATOR_PORT=0 without spurious warning by @backnotprop in #716
- fix(gitlab): handle concatenated JSON pages from glab --paginate by @backnotprop in #717
- fix(opencode): intercept annotate/review/archive commands before LLM by @backnotprop in #718
- fix(gitlab): persist unposted inline comments + split browser-safe types by @backnotprop in #719
- chore: add Codex install guidance by @leoreisdias in #720
- fix(review): persist file comment drafts across close/reopen by @codythatsme in #721
- feat(review): pick a commit as the diff base by @backnotprop in #723
New Contributors
- @madhusudancs made their first contribution in #702
Community
@madhusudancs built the jj evolution diff mode from scratch, adding a new diff type, the evolog parser, and the evolution log picker UI.
@codythatsme contributed file comment draft persistence, a small change that removes the friction of accidentally closing a comment popover mid-thought.
@leoreisdias contributed two Codex improvements: updating the hooks feature flag name to match the current CLI, and adding setup guidance to the install script output.
Issue reporters who drove fixes in this release:
- @sushi30 requested commit-based diff comparison in #709
- @pcfreak30 reported the OpenCode context-blowing issue in #713
- @xjme reported the GitLab JSON pagination failure in #714
- @nohzafk reported lost GitLab inline comments in #680
- @Thraka reported the loose list indentation bug in #704
- @hearkenmx reported the PLANNOTATOR_PORT=0 warning in #715
Full Changelog :
v0.19.14...v0.19.15 -
đ sacha chua :: living an awesome life Trying out Kanata for one-shot modifiers and home row mods on Linux rss
Prot is a fan of one-shot modifiers. I started experimenting with them using keyd, but now I've moved to using kanata based on his recommendation. I also want to experiment with home row mods so that I can hold down:
forjfor shiftdorkfor controlsorlfor alt- or
aor;for super.
(Based on QWERTY home row, although Xmodmap translates it to Dvorak, where my home row keys are aoeu and htns.)
Here's my config:
(defcfg process-unmapped-keys yes ) (defsrc grv 1 2 3 4 5 6 7 8 9 0 - = bspc tab q w e r t y u i o p [ ] \ caps a s d f g h j k l ; ' ret lsft z x c v b n m , . / rsft lctl lmet lalt spc ralt rmet rctl ) ;; define values for tap time and hold time (defvar tap-time 100 hold-time 200 ) ;; alias definitions (defalias a (tap-hold $tap-time $hold-time a lmeta) s (tap-hold $tap-time $hold-time s lalt) d (tap-hold $tap-time $hold-time d lctrl) f (tap-hold $tap-time $hold-time f lshift) j (tap-hold $tap-time $hold-time j rshift) k (tap-hold $tap-time $hold-time k rctrl) l (tap-hold $tap-time $hold-time l ralt) ; (tap-hold $tap-time $hold-time ; rmeta) osshift (one-shot 60000 lshift) osctrl (one-shot 60000 lctrl) osalt (one-shot 60000 lalt) osralt (one-shot 60000 ralt) osmeta (one-shot 60000 lmet) ) (deflayer base grv 1 2 3 4 5 6 7 8 9 0 - = bspc tab q w e r t y u i o p [ ] \ @osctrl @a @s @d @f g h @j @k @l @; ' ret @osshift z x c v b n m , . / @osshift @osctrl @osmeta @osalt spc @osralt _ @osctrl )I followed the systemd instructions, so things should be loaded when I restart. To reload my config, I use
C-c C-v C-t(org-babel-tangle) and then callsystemctl --user restart kanata.service". Or actually, I have an Org Mode link of the form[[elisp:(progn (org-babel-tangle) (shell-command "systemctl --user restart kanata.service"))][Update config]]so I can just activate the link and have my new definitions loaded.
Resources:
You can e-mail me at sacha@sachachua.com.
-
đ r/Leeds Best isolated place? rss
Iâm looking for somewhere I can go for a nice walk and not see anybody for an hour or two. I would go out to Filey but 1.5hr drive after work is a bit much. Parts of roundhay are nice too but so many kids (which is totally fair). Anybody have any recommendations that arenât miles away? I am happy to drive for 30/45 mins
Edit: thanks so much for all the recs!! Got a good list to tick off now. I went to Hetchell Wood nature reserve this afternoon and didnât see a soul. Absolutely gorgeous!!
submitted by /u/Euphoric_Evidence383
[link] [comments] -
đ sacha chua :: living an awesome life Du 4 mai au 10 mai rss
lundi 4
J'ai discutĂ© des finances avec ma sĆur qui habite aux Pays-Bas. Elle ne peut pas virer l'argent des Philippines aux Pays-Bas, donc je dois l'aider.
J'ai emmenĂ© ma fille Ă son cours de gymnastique. Ăa lui a plu.
mardi 5
Ma fille Ă©tait trĂšs fiĂšre d'avoir rĂ©ussi Ă faire deux prĂ©sentations alors que quelques camarades de classe n'Ă©taient pas prĂȘts Ă passer.
Nous avons commencé à travailler sur un maillot-robe pour ma fille. Il n'y avait pas de patron de couture pour son dessin, donc j'ai fait un prototype à partir des chutes de tissu de sa longue robe de bain d'il y a quelques années.
à mon grand soulagement, le virement bancaire a réussi. Il paraßt que Wise peut m'aider à virer l'argent des Philippines au Canada.
mercredi 6
Mon mari, ma fille, et moi sommes allés chez la cardiologue, qui était trÚs loin : à presque deux heures de métro et de bus pour le trajet aller. Ma fille s'ennuyait beaucoup, mais elle voulait traiter ses palpitations, donc elle a fait l'effort. AprÚs cela, nous avons acheté des récompenses au supermarché à proximité. Elle a choisi une petite bouteille de yaourt à boire.
J'ai emmenĂ© ma fille et son amie au parc pour jouer. Il y avait un garçon qui les embĂȘtait et qui Ă©tait trop jeune pour qu'on puisse le raisonner, alors j'ai dĂ» utiliser ma Voix de Maman pour qu'il arrĂȘte.
jeudi 7
J'ai été ravie de discuter d'Emacs avec Shae Erisson, qui a une expérience intéressante avec les claviers et la programmation sur Emacs.
J'ai travaillé sur la revue des captures d'écran de ma conversation avec John Wiegley et Karthik Chikmagalur. J'ai écrit des fonctions pour identifier les rectangles grùce à l'outil Tesseract OCR. J'ai aussi utilisé les expressions réguliÚres pour masquer des coordonnées GPS et d'autres secrets.
Je suis allée chez une nouvelle hygiéniste pour un nettoyage. J'étais ravie que la réceptionniste et l'hygiéniste aient porté des masques N95 et que la salle de traitement ait une porte fermée.
J'ai discutĂ© des finances de ma mĂšre avec la responsable du studio. J'ai dĂ» m'en occuper parce que ma mĂšre n'est pas capable de gĂ©rer ses finances elle-mĂȘme.
vendredi 8
Je viens de commencer à regarder Astérix et Obélix sur Netflix. J'aimais bien les bandes dessinées quand j'étais petite.
AprÚs l'école, j'ai emmené ma fille au Stockyards pour acheter de l'élastique chez Fabric Fabric pour son maillot-robe. Nous avons aussi cherché des chaussures chez The Shoe Company, Children's Place, Old Navy et Walmart, mais elle n'a rien trouvé qui lui ait plu.
Ensuite, nous avons travaillé sur son maillot-robe.
Pendant que nous regardions PokĂ©mon, j'ai remarquĂ© que mĂȘme Jessie a montrĂ© une belle Ă©volution. Ma fille m'a demandĂ© si je faisais pareil. Je n'ai pas compris, donc je lui ai demandĂ© ce qu'elle voulait dire. Elle est partie grincheuse. Je ne sais pas, mais je ne peux pas lire dans ses pensĂ©es.
Sur Stardew, j'ai plantĂ© le reste des fraises et j'ai engagĂ© le service Ridgeside Odd Jobs pour arroser toutes les plantes dehors. J'ai attendu l'amĂ©lioration de ma poĂȘle pour terminer le dernier paquet parce que nous jouions avec les mods Stardew Valley Expanded (qui demande une friandise) et Love of Cooking (qui demande l'amĂ©lioration pour augmenter la limite du nombre d'aliments).
samedi 9
Mon mari, ma fille et moi sommes allés au centre-ville pour le Science Rendezvous, un festival scientifique. Ma fille s'est beaucoup amusée. Elle a aimé peindre avec des plantes en utilisant des peintures dérivées du curcuma, des betteraves, des épinards, et du chou rouge. Elle s'est aussi intéressée aux bulles qui contiennent du dioxyde de carbone provenant de la neige carbonique.
Sur le chemin du retour, ma fille et moi sommes passées à la pùtisserie chinoise pour des petits pains.
dimanche 10
Ma fille m'a rĂ©veillĂ©e et elle m'a donnĂ© une carte de fĂȘte des MĂšres. Elle a aussi prĂ©parĂ© une omelette de 6 Ćufs pour que l'on se rĂ©gale.
Mon mari a amélioré mon bureau. Il a coupé une autre étagÚre et il l'a attachée à mon bureau comme plateau. C'était trÚs pratique. Maintenant je peux placer plus de choses sur mon bureau.
Sur Stardew Valley, ma fille et moi nous sommes amusées à explorer la Caverne du Crùne. Elle a oublié d'apporter de la nourriture, donc je lui ai donné plusieurs fromages.
You can e-mail me at sacha@sachachua.com.
-
đ r/LocalLLaMA TextGen is now a native desktop app. Open-source alternative to LM Studio (formerly text-generation-webui). rss
| Hi all, I have been making a lot of updates to my project, and I wanted to share them here. TextGen (previously text-generation-webui, also known as my username oobabooga or ooba) has been in development since December 2022, before LLaMa and llama.cpp existed. In the last two months, the project has evolved from a web UI to a no-install desktop app for Windows, Linux, and macOS with a polished UI. I have created a very minimal and elegant Electron integration for that. (Did you know LM Studio is also a web UI running over Electron? Not sure many people know that.) https://preview.redd.it/tk8oibhgjw0h1.png?width=1686&format=png&auto=webp&s=95c70f769766466885c8fdc6e7211525a371a920 It works like this:- You download a portable build from the releases page
- Unzip it
- Double-click textgen
- A window appears
There is no installation, and no files are ever created outside the extracted folder. It's fully self-contained. All your chat histories and settings are stored in a
user_datafolder shipped with the build. There are builds for CUDA, Vulkan, CPU-only, Mac (Apple Silicon and Intel), and ROCm. Some differentiating features:- Full privacy. Unlike LM Studio, it doesn't phone home on every launch with your OS, CPU architecture, app version, and inference backend choices. Zero outbound requests.
- ik_llama.cpp builds (LM Studio and Ollama only ship vanilla llama.cpp). ik_llama.cpp has new quant types like IQ4_KS and IQ5_KS with SOTA quantization accuracy.
- Built-in web search via the
ddgsPython library, either through tool-calling with the built-inweb_searchtool (works flawlessly with Qwen 3.6 and Gemma 4), or through an "Activate web search" checkbox that fetches search results as text attachments. - Tool-calling support through 3 options: single-file .py tools (very easy to create your own custom functions), HTTP MCP servers, and stdio MCP servers. You can enable confirmations so that each tool call shows up with approve/reject buttons before it executes. I have written a guide here.
- The ability to create custom characters for casual chats, in addition to regular instruction-following conversations:
- OpenAI and Anthropic compliant API with very strict spec compliance. It works with Claude Code : you can load a model and run
ANTHROPIC_BASE_URL=http://127.0.0.1:5000 claudeand it will work. - Accurate PDF text extraction using the
PyMuPDFPython library. trafilaturafor web page fetching, which strips navigation and boilerplate from pages, saving a lot of tokens on agentic tool loops.- Chat templates are rendered through Python's Jinja2 library, which works for templates where llama.cpp's C++ reimplementation of jinja sometimes crashes.
I write this as a passion project/hobby. It's free and open source (AGPLv3) as always: https://github.com/oobabooga/textgen submitted by /u/oobabooga4
[link] [comments]
---|--- -
đ r/Leeds Social Events/ Clubs/ General Meet-Ups as a relatively introverted person rss
Hi Guys!
My name is Lewis- Iâm 23 and have relatively recently moved to Leeds for work! I am looking to meet some new people up here as I unfortunately do not yet know anybody up here but would really like to make some new friends!
A bit about me- I enjoy reading, F1 and gaming as well as playing with my cat Pirelli (pictured)! I am relatively introverted although I am always open to trying new things and stepping out of my comfort zone!
If anyone has any ideas or suggestions or just generally wants to chat- please comment/ message me! I would really appreciate it!
Thanks so much for reading- I hope to hear from some of you guys soon (apologies if this type of post seems silly or has been asked before it can be difficult to meet new people in a new place but I really appreciate your help!)
submitted by /u/toilettumour
[link] [comments] -
đ r/Harrogate Best tailors for suits? rss
There seems to be quite a few tailors in town, which are the best for getting a wool suit altered? The shop where I bought the suit from were quoting a lot for alterations so hoping I can get it cheaper at a tailors.
submitted by /u/ahewitt98
[link] [comments] -
đ r/Leeds Anyone dealing with this virus? rss
Started with this awful respiratory virus in last few days. Sore throat suddenly and then a terrible cough which has kept me up all night for 48 hours. Still no relief and a lot of crackling in chest. Anyone else dealing with it, and if so how long did it take to get better? Thanks!
submitted by /u/BillyAire
[link] [comments] -
đ r/Yorkshire Olio x Lidl in Yorkshire! rss
Hi everyone đ I wanted to pop in and let you know that Olio is launching a new trial with Lidl in this area to help rescue surplus food that would otherwise go to waste and redistribute it within the local community đ
Weâre currently looking for local volunteers to help collect unsold food from Lidl stores and share it with neighbours through the Olio app.
We currently have volunteer slots available at:
Pickering & DriffieldIf youâd like to get involved and help save good food from going to waste, you download the Olio App in the App Store or click the link in this post!
submitted by /u/JuniorToe3327
[link] [comments] -
đ r/Yorkshire Leeds University grad attacked in hotel room after 'faulty locks' let intruder gain access rss
| submitted by /u/Legitimate-Break-143
[link] [comments]
---|--- -
đ r/reverseengineering [Claude Code] Android Reverse engineering Skill being updated with tracker/AD neutralization features rss
submitted by /u/RealSimoneAvogadro
[link] [comments] -
đ r/Yorkshire Now and Then: Frenchgate 1945 and 2026 Richmond, Yorkshire. rss
submitted by /u/Still_Function_5428
[link] [comments] -
đ r/Leeds I feel like hyping up Leeds culture for some reason rss
I can never let an argument drop, don't worry I've already defended Leeds culture, but I feel like celebrating it here!
Museums: Royal Armouries is a world class museum, a national museum. Kirkstall Abbey museum, Thackray Museum of Medicine, Henry Moore Institute, Leeds Art Gallery, Leeds City Museum.
Leeds International Piano Competition: one of the top INTERNATIONAL piano competitions known for high standards and launching careers.
Opera North and Northern Ballet: internationally touring companies based in Leeds, very high standard of productions, barely any other cities have their own opera companies outside of national ones.
Cultural diversity: Big south Asian cultural influence also east Asian, Caribbean, African. Cultural events and institutions ran by these communtiies.
Tolerant society: big LGBTQ+ scene, both smaller and larger venues and Leeds Pride. Counter protests against nationalists, weekly pro palestine marches.
Food: diverse and good quality, most world cuisines are catered for. A lot of food events as well.
Music: honestly everyone just knows Leeds has a good music scene. Amazing venues including an Arena. We've managed to sustain a new venue with Project House, quite an achievement considering the struggles of the live music industry. Variety of music from Howard Assembly Room to Wardrobe, Attic, Brudenell, City Varieties, Belgrave. Millenial Square outdoors. Leeds festival.
Theatre: Playhouse and Leeds grand theatre both doing great stuff, also a comedy club.
Cinema: historic cinemas and Leeds International Film Festival is the biggest in the UK outside of London.
Carnival: Leeds West Indian Carnival is one of the longest running in all of Europe.
Industries: Fast growing tech sector which is already well established. UKs third largest manufacturing centre. Largest Legal and Financial sector in England outside of London. Big private sector presence.
Education: Leeds University is the 4th most popular in the UK. Specialist universities for Arts and Music
Sport: International Test Cricket. Football, Rugby and Hockey teams. Tour de France Grand Depart.
Leeds International Festival of Ideas, and Leeds Lit Fest
Tell me more things to love about Leeds please!
submitted by /u/shark-with-a-horn
[link] [comments] -
đ r/reverseengineering LAN-LOK: Living as a sysadmin at an isolated Antarctic research station in the early 90s [DOS game -- would like to collab to reverse engineer] rss
submitted by /u/XenonOfArcticus
[link] [comments] -
đ r/Yorkshire Near Malham cove in the heart of the Yorkshire dales â€ïžâ€ïž rss
| submitted by /u/Spiritual_me_1770
[link] [comments]
---|--- -
đ r/Yorkshire Fish & chips with a view! Jackson's fisheries in bridlington, ÂŁ12.50 rss
| submitted by /u/Wallabydoll
[link] [comments]
---|--- -
đ Project Zero A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens rss
We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. While we had an exploit chain for the Pixel 9, we wanted to see if it was possible to write a similar exploit chain for Pixel 10.
Updating the Dolby Exploit
Altering our exploit for CVE-2025-54957 was fairly straightforward. The majority of needed changes involved updating offsets calculated for the specific version of the library we targeted on the Pixel 9 to similar offsets in the library for Pixel 10. The only challenge (outside of wishing weâd better documented which syncframes contained offsets) was that the Pixel 10 uses RET PAC in the place of
-fstack-protector, which meant that__stack_chk_failwasnât available to be overwritten by code. After a bit of trial and error, we useddap_cpdp_init, initialization code that can be overwritten without causing functional problems, as it is called once when the decoder is initialized and never again. The updated Dolby UDC exploit is available here. This exploit will only work on unpatched devices (SPL December 2025 or earlier).Removal of BigWave, Addition of VPU
Porting the local privilege escalation link of the chain to Pixel 10 was not feasible as the BigWave driver does not ship on this device. However, a new driver is visible in the mediacodec SELinux context at /dev/vpu. This driver is used for interacting with the Chips&Media Wave677DV silicon on the Tensor G5 chip meant for accelerating video decoding. Based on the comments within the open-source C files, this driver is developed and maintained by the same set of developers who built the BigWave driver. Working in collaboration with Jann Horn, we spent 2 hours auditing this VPU driver and discovered an exceptional vulnerability.
Unlike the upstream Linux driver for WAVE521C (which is an older Chips&Media chip), the Pixel driver for WAVE677DV does not integrate with V4L2 (the âVideo for Linux APIâ); instead, it directly exposes the chipâs hardware interface to userspace, including letting userspace map the chipâs MMIO register interface. The driver mainly establishes device memory mappings, does power management, and allows userspace to wait for interrupts from the chip.
The Holy Grail of Kernel Vulnerabilities
This bug in particular caught our attention as exceptionally simple to exploit:
static int vpu_mmap(struct file *fp, struct vm_area_struct *vm) { unsigned long pfn; struct vpu_core *core = container_of(fp->f_inode->i_cdev, struct vpu_core, cdev); vm_flags_set(vm, VM_IO | VM_DONTEXPAND | VM_DONTDUMP); /* This is a CSRs mapping, use pgprot_device */ vm->vm_page_prot = pgprot_device(vm->vm_page_prot); pfn = core->paddr >> PAGE_SHIFT; return remap_pfn_range(vm, vm->vm_start, pfn, vm->vm_end-vm->vm_start, vm->vm_page_prot) ? -EAGAIN : 0; }This mmap handler is intended to be used in order to map the MMIO register region of the VPU hardware into the userland virtual address space - a region contained within a certain physical memory address range. In doing so, it makes a call to remap_pfn_range based purely on the size of the VMA and not at all bounded to the size of this register region. This means that, by specifying a size larger than the register region in an mmap syscall, the caller can map as much physical memory as they want into userland, starting at the physical address of the VPU register region. The entirety of the kernel image (including .text, and .data region) is located at a higher physical address than the VPU register region, and can therefore be accessed and modified by userspace with this bug.
At this point, one can simply overwrite any kernel function to gain kernel code execution - or indeed any primitive one might desire. This is rendered even easier by the fact that the kernel is always at the same physical address on Pixel and so the offset between the VPU memory region and the kernel is always a known value. Thus it is not even necessary to scan for the kernel in the mapped physical memory - you simply know exactly where it is relative to the address returned by mmap, presuming you make the VMA length large enough.
Achieving arbitrary read-write on the kernel with this vulnerability required 5 lines of code and writing a full exploit for this issue required less than a day of effort.
Patch Process
I reported this bug on November 24, 2025 and Android VRP rated the issue High severity. This is an improvement, given that the BigWave bug we used for privilege escalation on the Pixel 9 (which had identical security impact) was initially rated as Moderate severity. This represents a meaningful and positive change in posture regarding how these types of bugs are triaged and patched. The vulnerability was patched 71 days after its initial report, in the February Pixel security bulletin. This is notably fast given that this is the first time that an Android driver bug I reported was patched within 90 days of the vendor first learning about the vulnerability.
Conclusion
There are both positives and negatives to take from this research. A key goal of Project Zero is to drive systemic improvements that go beyond individual bug fixes, influencing better development processes and more resilient codebases that lead to improvements in security for end-users. The handling of this VPU vulnerability demonstrates clear progress in Androidâs triage pipeline, as this bug had an initial remediation in a much shorter period of time than the previous BigWave issues. Androidâs effort to ensure that serious vulnerabilities are patched efficiently will help protect many Android devices.
At the same time, this case underscores the ongoing need for more exhaustively robust and security-aware code in Android drivers. When I reported the bugs in BigWave, I hoped to spur its developers to evaluate their other drivers for obvious security issues, but 5 months later we nevertheless found a serious and extremely shallow vulnerability in their VPU driver that was instantly noticeable with even a cursory audit of the codebase. Strengthening driver security remains a crucial priority for ensuring a safe Android ecosystem, and we continue to strongly encourage vendors to improve software development practices in a proactive effort to prevent these sorts of vulnerabilities from ever reaching end-users.
Security reports often uncover complex issues missed by the product teams but it is important that software vendors take necessary steps to ensure software products, especially security-critical ones, launch in a reasonably vulnerability-free state and that software teams take a proactive approach to software security, code auditing, and vulnerability patching.
-
đ r/reverseengineering r2garlic - The world's fastest Android/DEX decompiler meets radare2! rss
submitted by /u/IndAnony
[link] [comments]
-