- β
- β
- July 16, 2026
-
π @binaryninja@infosec.exchange Every superhero needs a Sidekick. Join us tomorrow at 2pm ET to see the mastodon
Every superhero needs a Sidekick. Join us tomorrow at 2pm ET to see the incredible powers of Sidekick 26: https://www.youtube.com/live/S5hAxyopaQk
-
π earendil-works/pi v0.80.8 release
New Features
- Unified model runtime and provider authentication β
ModelRuntimecentralizes model configuration, provider-owned/login, and dynamic provider catalogs. See Providers. - Live model catalog refresh β
/modelrefreshes configured providers in the background, andpi update --modelsforces an immediate refresh. See Install and Manage. - xAI device-code OAuth and Grok 4.5 Responses support β Sign in to xAI with a device code and use Grok 4.5 with low, medium, or high thinking. See xAI.
Breaking Changes
- Replaced the SDK's
CreateAgentSessionOptions.authStorageandmodelRegistryoptions with the asyncmodelRuntimeoption.AuthStorageand its storage backends are no longer exported; useModelRuntime(or a custom pi-aiCredentialStore), orreadStoredCredential()for one-off reads of auth.json. - Removed redundant
ModelRuntime.getAll(),find(),getSnapshot(), andgetAuthOptions()projections. Use the pi-aiModelsmethodsgetModels(),getModel(),getProviders(), andcheckAuth()directly. - Replaced SDK request-auth assembly through
ModelRegistry.getApiKeyAndHeaders()withModelRuntime.getAuth(). Passing a provider ID returns provider-scoped auth; passing a model also resolves built-in,models.json, and extension model headers. - Changed extension-facing
ModelRegistry.refresh()from synchronousvoidtoPromise<void>becausemodels.jsonloading is asynchronous. Extensions must await it before making synchronous registry reads. - Moved canonical dynamic catalog refresh to async
ModelRuntime.refresh()/pi-aiModels.refresh(). Legacy extension OAuthmodifyModelsremains supported as a synchronous compatibility projection after credential initialization.
Added
- Added
ModelRuntimeas the canonical async SDK and internal model/auth facade while preserving the synchronous extension-facingModelRegistryAPI.ModelRuntime.create()accepts any pi-aiCredentialStorethrough itscredentialsoption. - Added provider-owned
/logindiscovery directly from registered pi-ai providers, including ambient auth status and informational links. - Added file-backed dynamic catalogs in
models-store.json, per-provider pi.dev catalog overlays, and Radius gateway support including offline migration from legacy credential-cached catalogs. - Added extension provider
refreshModels(context)support for dynamic model discovery with optional provider-controlled persistence. - Added
pi update --modelsto force an immediate model catalog refresh without updating pi or extensions. - Added inherited xAI device-code OAuth login and Grok 4.5 OpenAI Responses support, with low, medium, and high thinking levels (#6651 by @Jaaneek).
Changed
- Changed
ModelRuntimeto compose built-in providers, immutablemodels.jsonconfiguration, and extension overlays through ad-hoc pi-ai provider methods. - Changed
ModelRuntimeto own final request assembly:getAuth(model)includes configured model headers, stream methods resolve auth once, andbefore_provider_headersruns as the Models-only header transform before provider dispatch. - Changed
/modelto render the current model snapshot immediately, refresh configured providers in the background, and update the open selector with partial results or timeout errors.
Fixed
- Fixed configured-provider catalog refresh to parse pi.dev's model-ID keyed responses, throttle checks to once per four hours, send the versioned pi user agent, treat unimplemented routes as unavailable overlays, and show concise refresh status in
/model. - Fixed adjacent assistant thinking blocks to render as one thinking section.
- Fixed inherited OpenAI Codex session IDs longer than 64 characters to meet the API limit (#6630).
- Fixed inherited terminal output to normalize tab characters consistently (#6697 by @xz-dev).
- Fixed the Windows terminal title after checking npm packages (#6629).
- Fixed Bun standalone binaries to bundle OAuth adapters for interactive logins.
- Unified model runtime and provider authentication β
-
π HexRaysSA/plugin-repository commits sync repo: +1 release, -1 release, ~1 changed rss
sync repo: +1 release, -1 release, ~1 changed ## New releases - [llm-explainer](https://github.com/pgarba/ida-llm-explainer): 1.7.3 ## Changes - [BinSync](https://github.com/binsync/binsync): - removed version(s): 5.10.1 - 5.15.2: archive contents changed, download URL changed -
π 3Blue1Brown (YouTube) But what is cross-entropy? | Compression is Intelligence Part 2 rss
Where the loss function for training LLMs comes from. Job opportunities aligned to this audience: https://3b1b.co/talent Early views and other perks for supporters: https://3b1b.co/support Home page: https://www.3blue1brown.com
Manim animations by Aaron Gostein and Grant Sanderson NanoGPT animation by Clayton Rabideau 3d black-box model by Paul Dancstep Music by Vince Rubinetti
Timestamps
0:00 - Language trees and zipping 3:02 - Recap optimal codes 5:20 - Defining cross-entropy 8:26 - Intuition and examples 12:59 - Application to language trees 14:55 - Pre-training LLMs 20:38 - What makes this loss function best? 26:13 - Distillation 30:12 - 3b1b Talent 31:35 - KL Divergence
These animations are largely made using a custom Python library, manim. See the FAQ comments here: https://3b1b.co/faq#manim
Music by Vincent Rubinetti. https://vincerubinetti.bandcamp.com/album/the-music-of-3blue1brown https://open.spotify.com/album/1dVyjwS8FBqXhRunaG5W5u
3blue1brown is a channel about animating math, in all senses of the word animate. If you're reading the bottom of a video description, I'm guessing you're more interested than the average viewer in lessons here. It would mean a lot to me if you chose to stay up to date on new ones, either by subscribing here on YouTube or otherwise following on whichever platform below you check most regularly.
Mailing list: https://3blue1brown.substack.com Twitter: https://twitter.com/3blue1brown Bluesky: https://bsky.app/profile/3blue1brown.com Instagram: https://www.instagram.com/3blue1brown Reddit: https://www.reddit.com/r/3blue1brown Facebook: https://www.facebook.com/3blue1brown Patreon: https://patreon.com/3blue1brown Website: https://www.3blue1brown.com
-
π Assemblage-Dataset/Assemblage refactor-complete-v1 release
deep re-architecture complete
-
π Rust Blog Announcing Rust 1.97.1 rss
The Rust team has published a new point release of Rust, 1.97.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.
If you have a previous version of Rust installed via rustup, getting Rust 1.97.1 is as easy as:
rustup update stableIf you don't have it already, you can get
rustupfrom the appropriate page on our website.What's in 1.97.1
Rust 1.97.1 fixes a miscompilation in an LLVM optimization.
We have backported both an LLVM fix and a disable of the underlying change in Rust 1.97.0 of Rust's generated IR that increased the likelihood of this happening. However, note that the underlying miscompilation has been present since at least Rust 1.87.
If you'd like to help us out by testing future releases, you might consider running your code's CI or locally using the beta channel (
rustup default beta) or the nightly channel (rustup default nightly). Please report any bugs you might come across!Contributors to 1.97.1
Many people came together to create Rust 1.97.1. We couldn't have done it without all of you. Thanks!
-
π Console.dev newsletter Ant rss
Description: Lightweight JS runtime.
What we like: Smaller binary, 100% compatibility, fast package installation. Supports TypeScript with no build step. Includes a VM-isolated sandbox as core functionality with capability-based security.
What we dislike: No docs. Is writing a JS runtime in C a good idea in 2026?
-
π Console.dev newsletter SΓ€tteri rss
Description: Markdown pipeline.
What we like: Compile Markdown to HTML or JS and process it through a plugin-based pipeline. Hook into multiple stages of the compilation process. Uses syntax highlighting with Shiki as an example plugin. Supports various features like frontmatter, math, smart punctuation, GitHub formatting for tables, footnotes, etc.
What we dislike: No support for Svelte SVX.
-
- July 15, 2026
-
π IDA Plugin Updates IDA Plugin Updates on 2026-07-15 rss
IDA Plugin Updates on 2026-07-15
New Releases:
Activity:
- binsync
- 24364095: Give Versioning to Auxiliary Server (#530)
- disrobe
- 0627e9df: ruby: keep regexp literal flags by decoding the ibf option byte and rβ¦
- 420fbe41: php-decompile: parenthesize an equality operand of a relational compaβ¦
- 5c2fe9d4: lua decompiler: index a reserved-word field or method name with a braβ¦
- 8d7be9f4: x86 lifter: model memory bt/bts/btr/btc, CL-controlled shl/shr/sar/shβ¦
- 28a53812: py-decompile: keep the else arm of a guard whose then-arm is a with oβ¦
- a42c1033: as3: re-emit e4x attribute multinames with the @ sigil so obj.@id no β¦
- 2ec575a6: beam: quote erlang reserved-word atoms so re-emitted terms re-parse tβ¦
- ida-llm-explainer
- bc97e2b6: v1.7.0: packed-string carving, caller-fetch, lvar & signature fixes
- ida_rpc
- 4fa7de72: Add support for IDA Pro 9.4
- mcrit-plugin
- binsync
-
π Assemblage-Dataset/Assemblage refactor-baseline-v0 release
Clean baseline before the deep re-architecture: in-flight work landedβ¦
-
π Assemblage-Dataset/Assemblage recovery-baseline-worktree: Recover baseline: re-establish version control after .git loss release
The previous .git directory was destroyed (only an empty .git/lfs stub
remained: no HEAD, refs, objects, or config), so prior commit history is
unrecoverable. This commit snapshots the current working tree as a fresh
baseline onmain.Provenance: this tree is a heavy restructure of harp-lab/Assemblage
(code moved under backend/, SQLModel + pydantic-v2 rewrite, Textual TUI,
Assemblage_dataset_cli submodule, 2025-2026 Alembic migrations). None of
the four upstream branches (master, linux_github, windows_github,
windows_vcpkg) share this layout, so upstream cannot reconstruct the lost
history; it is added as theupstreamremote for reference only..gitignore hardened to exclude large data artifacts that would otherwise
break a commit: winpe.sqlite (102 GB), hf_binaries/ (361 GB),
data_refill/linux_licensed.duckdb (127 GB), and related
.sqlite/.duckdb/.zst/.xz/*.tar archives.Co-Authored-By: Claude Fable 5 noreply@anthropic.com
-
π r/LocalLLaMA Grok Build open sourced under Apache 2.0 license rss
| submitted by /u/FreemanDave
[link] [comments]
---|--- -
π r/LocalLLaMA Google is updating Gemma 4's chat templates, bringing major fixes to tool calling and reducing "laziness", and enabling Flash Attention 4 on Hopper GPUs, plus an interactive guide on how to work with and improve its vision! rss
...And preserve_thinking!!!!!!!!
Ignore the image links here is the source: https://x.com/googlegemma/status/2077449152062247219 https://huggingface.co/spaces/google/gemma4_vision_token_budget submitted by /u/Iwaku_Real
[link] [comments]
---|--- -
π r/LocalLLaMA Thinking Machines releases first open-weight model βInklingβ rss
| https://thinkingmachines.ai/news/introducing-inkling/ submitted by /u/WhyLifeIs4
[link] [comments]
---|--- -
π r/LocalLLaMA Linus Torvalds tells people to stop attacking others for using AI rss
I realize that some people really dislike AI, but this is an area where I'm willing to absolutely put my foot down as the top-level maintainer.
Linux is not one of those anti-AI projects, and if somebody has issues with that, they can do the open-source thing and fork it.
Or just walk away.
AI is a tool, just like other tools we use. And it's clearly a useful one.
It may not have been that "clearly" even just a year ago, but it's no longer in question today.
There are other questions around AI (like what the economy of it will actually look like in the end), but "is it useful" is no longer one of those questions. Anybody who doubts that clearly hasn't actually used it.
Yes, it can also be a somewhat painful tool, both for maintainer workloads and just from a "it keeps finding embarrassing bugs" standpoint.
But the solution is not to put your head in the sand and sing "La La La, I can't hear you" at the top of your voice like some people seem to do.
The solution is to make sure those LLM tools help maintainers instead of just causing them pain. There's no question on that side.
We're not forcing anybody to use it, but I will very loudly ignore people who try to argue against other people from using it.
And no, AI isn't perfect. But Christ, anybody who points to the problems at AI had better be looking in the mirror and pointing at themselves at the same time.
Because it's not like natural intelligence is always all that great either.
The kernel project has been and will continue to be about the technology.
Sure, the social angle of working on open source is important and often a very motivating part of the project, but in the end that's a side benefit, not the point of the project.
This is NOT some kind of "social warrior" project, never has been, and never will be.
In the kernel community we do open source because it results in better technology, not because of religious reasons.
And so we make decisions primarily based on technical merit. Not fear of new tools.submitted by /u/Illustrious_Car344
[link] [comments]
---|--- -
π r/LocalLLaMA The best model is the one you can actually run rss
| Don't get me wrong, all the big models are amazing, and every contribution to open source models is great. But I'm GPU poor and I can't use them locally. I'm currently running gemma-4-12b-it-qat-GGUF:UD-Q4_K_XL as my personal chat assistant, and I am so so happy with it! I still can't believe I can talk to my computer. submitted by /u/OneFanFare
[link] [comments]
---|--- -
π HexRaysSA/plugin-repository commits sync repo: +3 releases rss
sync repo: +3 releases ## New releases - [llm-explainer](https://github.com/pgarba/ida-llm-explainer): 1.7.0, 1.6.2 - [mcrit-ida](https://github.com/danielplohmann/mcrit-plugin): 1.1.8 -
π jesseduffield/lazygit v0.63.1 release
Fixes for a few regressions introduced in the v0.63.0 release.
What's Changed
Fixes π§
- Improve index.lock retry mechanism by @stefanhaller in #5788
- Fix userEvents panic by @stefanhaller in #5793
- Fix a deadlock on Windows when switching between longer diffs by @stefanhaller in #5815
Maintenance βοΈ
- Allow releasing from a branch other than master by @stefanhaller in #5819
Full Changelog :
v0.63.0...v0.63.1 -
π VoidNullable/lific v2.2.1 release
The MCP tool surface gets smaller and cheaper: 27 tools (down from 29) at about 5.6k tokens of schema (down from 6.4k), measured with tiktoken o200k_base against
tools/listoutput.One export tool instead of three
export_issue,export_page, andexport_projectmerged into a singleexportthat dispatches on identifier shape, the same wayget_activityalready did:PRO-42exports the issue,PRO-DOC-3the page, barePROthe whole project. Same Viewer gating and outputs per branch. Clients calling the old tool names must switch toexport.Leaner tool schemas
Tool and parameter descriptions were rewritten to stop repeating what tool outputs already show at call time (paging hints, provenance markers), what sibling parameters already state, and what other tools already define (the edit-by-string contract is now stated once, in
edit_issue). Internal tracker references leaked into five field descriptions and are gone. Net: 6,436 to 5,641 schema tokens.
-
- July 14, 2026
-
π IDA Plugin Updates IDA Plugin Updates on 2026-07-14 rss
IDA Plugin Updates on 2026-07-14
New Releases:
Activity:
- augur
- 41edd0f2: ci: improve
- capa
- 30f93787: Merge pull request #3114 from mandiant/dependabot/pip/msgpack-1.2.1
- ghidra
- 7462bcec: Merge remote-tracking branch 'origin/patch'
- 45d95c50: Merge remote-tracking branch
- ce37accf: Do not normalize build_exe in pcodetests definitions
- d463fbff: Merge remote-tracking branch 'origin/patch'
- 88566a13: Merge branch 'GP-7065_ghidorahrex_PR-9371_p-mikeg_fix_arm_sev_encoding'
- f18269b0: Fix sev.w arm encoding.
- 237d1a9f: Merge remote-tracking branch 'origin/patch'
- 87d10fc6: GP-7064: Fixing XmlLoader path traversal
- haruspex
- 1edfcb68: ci: improve
- ida-llm-explainer
- IDAPluginList
- a3173079: chore: Auto update IDA plugins (Updated: 19, Cloned: 0, Failed: 0)
- rhabdomancer
- 3e09ac3a: ci: add cargo test
- rikugan
- augur
-
π VoidNullable/lific v2.2.0 release
The web UI goes realtime, MCP tool output slims down to respect agent context budgets, and a security fix stops clients from spoofing their IP to the rate limiter. This is also the first release with external contributions: realtime invalidation arrived as PR #4 (@mjc) and comments pagination as PR #5 (@Joshuabaker2).
Realtime web invalidation
Two browser tabs - or you and your agent - no longer drift apart. Every write pushes an invalidation event over a WebSocket and open views resync live: issues, pages, plans, comments, attachments, saved views, module/folder structure, plans' cross-project issue effects, and the authz toggle. (PR #4 by @mjc, hardened and extended in review.)
- The socket is a credentialed surface : sessions are revalidated every 60 seconds (logout or expiry tears the connection down), connections are capped per user, and a no-op write emits no event.
- Reconnects behave : views resync after the socket comes back (nothing missed while offline), an expired session breaks the reconnect loop instead of hammering the server, and navigating away tears the socket down cleanly.
Security: the rate limiter no longer trusts client-supplied X-Forwarded-
For (LIF-206)
Per-IP rate-limit keys came from the leftmost
X-Forwarded-Forentry - which the client controls. A direct attacker could rotate XFF per request for a fresh bucket, spoof a victim's IP, or poison the key space with garbage. Now:- New
server.trusted_proxiesconfig (CIDR list), defaulting to loopback-only - which preserves real-client-IP behavior behind Tailscale Funnel with zero config change. Invalid entries fail startup loudly. Add only proxy ranges you operate. - The genuine TCP peer is the key unless that peer is a trusted proxy. For trusted peers, the full XFF chain is walked right-to-left skipping trusted hops and the first untrusted IP wins; malformed or all-trusted chains fail closed to the peer address.
X-Real-IPis consulted only when XFF is absent, and header values must parse as strict IPs (with IPv4-mapped-IPv6 normalization).
MCP tool output respects the context window
Agents pay for every token a tool returns, and the chattiest tools were spending that budget on things the agent didn't ask for. The defaults now return the working set, with explicit opt-ins for the full picture:
get_boardomits done/cancelled issues by default (LIF-300): status grouping shows closed columns as count-only stubs, priority/module grouping drops them with a trailing count.include_closed=truerestores the old render;max_per_columncaps each column with a⦠+N moretail.get_issuedefaults to the last 3 comments (LIF-301) with a truncation header;include_comments='all'for the whole thread,'none'for a stub.list_commentsgains alimit.list_commentspaginates (LIF-326, PR #5 by @Joshuabaker2):limit/offseton MCP and matching query params on REST, withhas_morecontinuation hints. Unqualified calls still return the full thread in ascending order, exactly as before.update_plan_stepreturns a compact receipt (LIF-302) - side-effect notes plus a one-line progress summary instead of re-rendering the whole tree.echo_tree=truerestores the old output.get_issuerelation lines carry the related issue's status (LIF-303):Blocked by: LIF-42 (done)answers the follow-up before it's asked.
MCP: search, resume flow, and discoverability
- Literal search mode (LIF-304):
mode='literal'does a case-insensitive substring scan over issues, pages, and comments - finding punctuation-heavy needles likecore:sodom,[RequiredSpecs], or--trace-plansthat FTS tokenizes away. - Resume-flow signals :
update_issuereports plan-step cascades (auto-completed/reopened steps) fired by closing a linked issue (LIF-324);list_resources(type='project')appends workable count, active plan count, and last-activity age, sorted most-recently-active first (LIF-325); the server instructions tell agents to check for an existing plan before creating a duplicate (LIF-322). list_issuescan sort by priority (LIF-323):order_by=priorityjoins the whitelist.manage_resourceproject updates are discoverable (LIF-327): the schema now spells out that projects are targeted viaproject=<IDENT>, andcurrent_namewithoutprojectreturns an instructive error instead of a generic one.- Regression coverage: tool outputs never HTML-escape stored text (LIF-299).
Web UI: sub tabs, sidebar, and touch
- Sub tabs across every list view (LIF-305, LIF-308): issues get All/Recent/Open/Closed, pages get Browse/Recent/Drafts/Archived (archived pages finally have a first-class home), plans get Active/Done/Archived/All, modules get Active/Backlog/Archive/All. Counts on every tab, per-project persistence.
- Sidebar recents (LIF-307): the five most recent items of the active section, one click away. Archived pages and plans stay out - recents are a jump-back-in affordance.
- Drag-resizable sidebar width, persisted (LIF-309) - including the fix for the Tailwind ordering bug where the resize work broke the mobile drawer.
- Page re-parenting works on touch (LIF-280): a Move-to-folder picker covers what desktop does by drag.
- PWA manifest + icons (LIF-321): add Lific to a phone home screen and it opens like an app.
- Command palette results stack title over snippet and render FTS
**match**highlights as emphasis instead of raw markers (LIF-328).
Cross-project integrity and pagination correctness
A field-report sweep hardened the seams between projects and the views that page over data:
- Cross-project references are rejected everywhere they could sneak in : an issue can't take another project's module (LIF-310), a page can't move into another project's folder (LIF-311), and a folder can't be parented under a folder from another project (LIF-312).
- Page moves are transactional in the UI : a failed move rolls back visually (LIF-313), concurrent moves are guarded (LIF-318), and a move no longer triggers stale reloads (LIF-320).
- Lists page all the way : plan lists use stable cursor pagination (LIF-316) and load every page (LIF-314); sidebar page recents paginate instead of truncating (LIF-315, LIF-317).
Auth-optional now reaches the browser (LIF-297)
Fixes the 2.1.0 field report "auth required false isn't working": REST and MCP honored
[auth] required = false, but the web UI still showed a login screen - the SPA decides signed-in state via/api/auth/me(400 for the anonymous operator) and only skips the login form when the instance advertises single-user auto-login.GET /api/instancenow advertises auto-login when auth is off, andPOST /api/auth/auto-loginmints the first-admin session underrequired = falsejust as it does underweb_auto_login. The browser goes straight to the dashboard, signed in as the first admin. With zero accounts the signup screen still appears once (there is nobody to sign in as); the two flags share a threat model, and auth-off already refuses to start with a non-localhostpublic_url.Everything else
- Literal
\n/\tin code blocks survive round-trips (LIF-142): text unescaping now only fires on real control characters, so documentation about escape sequences stops being mangled into actual newlines. - Backup staging files can't accumulate (LIF-329): a dump that fails mid-write now cleans up its partial
.tmparchive, and the interval backup task sweeps stale staging leftovers from a crashed run - previously invisible to rotation and stranded forever. - A failed crates.io publish fails the release run (LIF-288): the publish step swallowed every error, including the 403 that silently skipped v2.0.0's publish. Only the idempotent "version already uploaded" case is tolerated now, and duplicate detection matches narrowly (LIF-319).
-
π r/LocalLLaMA Bonsai 27B: The First 27B-Class Model to Run on a Phone rss
submitted by /u/yogthos
[link] [comments] -
π r/LocalLLaMA Bonsai 27B: 1-bit dense LLM running locally in your browser using custom WebGPU kernels rss
| Very impressive release by the PrismML team. 1-bit quantization shrinks it from 54GB to just 3.8GB (-93%), while retaining 90% of its intelligence. - Collection on Hugging Face: https://huggingface.co/collections/prism-ml/bonsai-27b
- Demo link: https://huggingface.co/spaces/webml-community/bonsai-webgpu- kernels submitted by /u/xenovatech
[link] [comments]
---|--- -
π r/LocalLLaMA Prism-ML Bonsai Qwen 3.6 27B rss
| submitted by /u/thoquz
[link] [comments]
---|--- -
π r/LocalLLaMA Kimi K3 in the next few hours. Deepseek V4 GA later in the week. New Liquid models. New Mistral models sometime this month. And some rumours suggest GLM 5.5 is coming in August. Openweight AI is eating good. rss
| dam bois we eating good this week ngl, The velocity of the open_weight ecosystem right now is hitting a point where proprietary, closed-source APIs are losing their leverage on compute intelligence. When you have DeepSeek V4 dropping native MXFP4 mixtures of experts with massive context capabilities alongside Liquid's non_transformer breakthroughs and impending heavyweights from Mistral and Moonshot, the raw computational cost of intelligence is plummeting to near zero, scary for sam altman, yippee for us But as the base models become insanely capable commodity infrastructure, the talk inside enterprise engineering teams is shifting . The real problem now isn't "how smart is the open-weight model we hosted on our cluster? problem is "how do we stop this raw,autonomous intelligence from introducing big failure modes into our core systems?" The smarter these open_weights get at multi-step reasoning, the more unpredictable their execution paths become when granted full access to data environments. This infrastructure bottleneck is exactly why the elite engineers are separating the raw model weights from the governance layer. Regulated teams are no longer letting agents talk directly to inner databases or orchestration loops; instead, they are forcing all open-weight model traffic through enterprise grade control frameworks like Palantir Foundry or the Lyzr Control Plane. but all in all good week ahead, i wonder if any of these models will ever reach the short lived popularity of deep seek, i still remember how crazy everyone was when they heard about deepseeks training cost submitted by /u/iSyN707
[link] [comments]
---|--- -
π earendil-works/pi v0.80.7 release
Breaking Changes
- Removed the
openai-responsescompat.sendSessionIdHeaderflag frommodels.json. Session-affinity behavior is now controlled bycompat.sessionAffinityFormat("openai","openai-nosession", or"openrouter"). ReplacesendSessionIdHeader: falsewithsessionAffinityFormat: "openai-nosession"(#6496 by @petrroll).
New Features
- Cache-friendly dynamic tool loading - Extensions can add tools during execution while supported Anthropic and OpenAI Responses models preserve prompt-cache prefixes. See Dynamic Tool Loading.
- Message copy shortcut -
Ctrl+Xcopies the last assistant message in the transcript or the selected message in/tree, making older and branched messages directly copyable. See Display and Message Queue. - Fable 5
xhighandmaxthinking - Nativexhighandmaxthinking levels are available across generated provider catalogs. See Model Options.
Added
- Added cache-friendly dynamic tool loading for extension tools activated by tool results. Supported Anthropic and OpenAI Responses models load definitions where they become available, preserving the cached prompt prefix. See Dynamic Tool Loading (#6474).
- Added inherited native
xhighandmaxthinking levels for Claude Fable 5 across all generated provider catalogs (#6490 by @davidbrai). - Added
Ctrl+Xto copy the last assistant message, or the selected message in/tree. - Added inherited
toolChoicesupport for OpenAI and Codex Responses, including required and named tool selection (#6588 by @xl0).
Fixed
- Fixed inherited OpenRouter model context windows to use the top provider's actual context length (#6481 by @davidbrai).
- Fixed inherited OpenRouter OpenAI-compatible session IDs to use the
x-session-idheader instead of OpenAI-specific session-affinity fields (#6496 by @petrroll). - Fixed
Ctrl+Vto paste clipboard text when the pasteboard does not contain an image. - Fixed
/login amazon-bedrockto prompt for and save a Bedrock API key instead of only displaying ambient AWS credential setup instructions. - Fixed inherited Amazon Bedrock ambient AWS credentials to keep using SigV4 authentication, including for custom model IDs (#6532 by @ribelo).
- Fixed inherited Cloudflare Workers AI and AI Gateway authentication to use ambient account and gateway IDs when stored credentials contain only an API key (#6292 by @markphelps).
- Fixed inherited legacy terminal decoding for Alt+symbol key combinations such as
Alt+,andAlt+.(#6523 by @ribelo). - Fixed the GitHub Copilot
mai-code-1-flash-pickermodel to route through the/responsesendpoint (#6544 by @petrroll). - Fixed branch summaries to work with providers that use ambient authentication instead of API keys (#6595 by @davidbrai).
- Fixed inherited Amazon Bedrock errors to report unhandled provider stop reasons instead of only
An unknown error occurred(#6598 by @davidbrai). - Fixed npm package removal when installed packages have conflicting peer dependencies (#6604 by @davidbrai).
- Fixed inherited Azure OpenAI Responses reasoning replay when
encrypted_contentappears only in the terminal response event (#6608 by @davidbrai). - Fixed inherited Anthropic-compatible proxies that omit
usagefrommessage_deltaevents (#6611 by @davidbrai). - Fixed inherited OpenCode OpenAI Responses models to omit the unsupported
session-idheader while preserving other cache-affinity data (#6645 by @davidbrai). - Fixed system prompt cache invalidation across dates by removing the current date from the default prompt (#6621).
- Removed the
-
π r/LocalLLaMA πA new GLM model incoming rss
| Spoiler from one of the founders of Z.ai who released GLM 5.2 a month ago. Get ready for something new π₯³ submitted by /u/serige
[link] [comments]
---|--- -
π r/LocalLLaMA I just don't get it. These big tech companies can illegally scrape the entire internet and gatekeep their better models behind higher prices. So it's natural that people look for affordable options, and there will be providers who apparently distill models from them. rss
| The irony? They cry existential threat when they were the ones who made us feel that way first. submitted by /u/Blue-Sea2255
[link] [comments]
---|--- -
π @HexRaysSA@infosec.exchange π’ IDA 9.4 is here! mastodon
π’ IDA 9.4 is here!
Huge thanks to our beta testers for spending the last several weeks refining this release.β’ The Apple Dyld Shared Cache workflow has been rebuilt from the ground up.
β’ The decompiler now speaks Swift, with proper ABI modelling for self, async context, and error paths.
β’ Two new processor modules land β Qualcomm Hexagon and MCore.
β’ Navigation gets a major upgrade with Pathfinder and a redesigned Jump Anywhere.
β’ The Teams add-on now runs on Git.
β’ And idalib, previously Pro-only, now ships with IDA Home.π Read the blog for the full breakdown and/or jump ahead to the release notes, then grab your update in the Download Center.
https://hex-rays.com/blog/ida-9.4-release-a-new-dyld-shared-cache-swift- analysis-new-teams-add-on-and-more- -
π New Music Releases Saliva - Longshot rss
Saliva - a new release is available:
- 2026-07-14: Longshot (Single)
Amazon: Canada | Deutschland | France | United Kingdom | United States
Visit muspy for more information.
-
- July 13, 2026
-
π IDA Plugin Updates IDA Plugin Updates on 2026-07-13 rss
IDA Plugin Updates on 2026-07-13
New Releases:
Activity:
- augur
- d524797b: chore: update deps and lint allowlist
- CTF-Tools
- a6a81ac5: Add webshell files for remote command execution
- disrobe
- c7571052: flutter aot: recover declared class and method names from a stripped β¦
- 3f78fcc1: nspack: derive the per-image e8/e9 marker byte and only rewrite brancβ¦
- dd12bd14: py-decompile: recover an except-as-e handler's trailing else/sibling β¦
- 7cac6275: update spin to 0.9.9 after 0.9.8 was yanked, keeping cargo-deny green
- f7afbac4: refresh the pinned python metric to 96.05 percent (6038 of 6286)
- 37f98183: mpress: reverse the packer's exact x64 e8/e9 and rip-relative branch β¦
- haruspex
- ida-ins-hinter
- 3614c115: Initial release of IDA Instruction Hinter
- ida-llm-explainer
- f10d1c80: Batch dialog auto-apply-on-Done; reliable lvar rename/type fixes; v1.6.1
- ida-sdk
- d76bad44: docs: update ida-cmake acknowledgements
- IFSO-CYBER-FORENSICS-PROJECT
- rhabdomancer
- rikugan
- 5e91c3f6: fix(loop): scope traceback to execute_python + add integration test fβ¦
- 910148b5: docs: update CLAUDE.md docs-review gate section for post-error migration
- 3be1db8f: chore: apply ruff format to 5 files (clean up trailing newlines + minβ¦
- 4c02ab93: feat(ui): replace docs-gate checkbox with docs_review_mode combobox
- ecf001a6: test(loop): strengthen post-error reviewer guard tests
- 1284eb74: feat(loop): move docs-reviewer from pre-execute to post-error
- bb68b2f4: feat(reviewer): update docs-reviewer prompt for post-error role
- 20fea07b: test(prompts): tighten docs-review-section regression guard
- b4df042e: feat(prompts): add IDA API Module Quick Reference to system prompt
- 3ba4b6a0: refactor(config): replace require_ida_docs_for_complex_scripts with dβ¦
- 471f7c3b: feat(tools): add traceback_classifier for post-error docs gate
- ea383027: docs(plan): docs-review post-error implementation plan
- d40f4a9f: docs(spec): docs-review gate post-error hybrid design
- b0b6611f: Merge remote-tracking branch 'EliteClassRoom/master'
- 9c42ba9e: Refactor the code to make it faster to run
- ea05a552: chore(release): bump version to 1.10.3
- 227a0767: chore(deps): sync uv.lock with pyyaml dev dependency
- Spectra
- 87bd645f: Remove legacy CLI commands and simplify agent output
- b855330f: Stop spinner before approval prompt and clear UI
- 4707ced1: Improve CLI thinking spinner and line handling
- d363b24e: Simplify thinking animation in shell UI
- bbba5eb0: Improve markdown table parsing and rendering
- 859f78de: Update shell_ui.py
- 12ad1812: Enhance memory clearing in shell REPL
- 090fc3d4: Add /clear_memory command
- c34b88c3: Batch consecutive tool results and add check_tools
- 57b53707: Add session delete command parsing
- e776fb28: Add /history command to view session messages
- 23ef5a9c: Add loading spinner and tool progress indicators
- 49d102f4: Add input timeout and attempt limits to CLI
- 85ec13f2: Add vulnerability analysis skill; v1.3.0 release
- augur
-
π r/LocalLLaMA J-Wash: A novel way to brainwash and customize large language models based on Anthropic's Jacobian-Lens! rss
| submitted by /u/Extraaltodeus
[link] [comments]
---|--- -
π r/LocalLLaMA This is why we need local models and opensource harnesses rss
| submitted by /u/Comfortable-Rock-498
[link] [comments]
---|--- -
π Hex-Rays Blog IDA 9.4 Release: A New Dyld Shared Cache, Swift Analysis, New Teams add-on, and more ... rss
After weeks of feedback and refinement from our beta testers, we are excited to introduce IDA 9.4!
Building on 9.3, this release reworks how IDA handles Apple's Dyld Shared Cache, teaches the decompiler to speak Swift, adds two brand-new processor modules, and reshapes everyday navigation with the new Pathfinder widget and a redesigned Xrefs Graph. There is also a change we are especially happy about for hobbyists: idalib, our headless automation library, now ships with IDA Home.

-
π r/LocalLLaMA I benchmarked 15 "E-Waste" GPUs with Modern Workloads rss
| I've spent the last year building GPU coolers and a custom benchmarking tool to figure out if decommissioned NVIDIA enterprise GPUs have any use with modern workloads. Cards like the P100 (16GB) are going for around $75 and the V100 (16GB) for under $200. Combined with dirt-cheap X99 Xeon motherboards, they are a massive source of idle VRAM that's hard to ignore for the homelab. People often finger-wag and warn against these due to EOL software and terrible power efficiency. But for a homelab? You can easily work around software limits by compiling older software (like llama.cpp) from source, and to save power, just turn the box off when you aren't doing AI tasks. Over the winter, I used a custom Dockerized benchmarking suite to test a whole box of Tesla GPUs (K80, M10, M40, M60, P40, P100, V100, T40) across LLMs, computer vision, Blender, Whisper, and more. Here is the TL;DR of the results:- The V100 is the Sweet Spot : The V100 (16GB) completely surprised me. Its performance hangs right up there with the much more expensive T40.
- P40 > P100 for LLMs: The community consensus holds true here. If you specifically want to run Large Language Models, with Pascal, use P40.
- M60 is a Whisper Beast : If you have a ton of audio transcription to do, the M60 is shockingly capable (beating even V100) and can be had for only $50.
- Scaling is Linear : Stacking cards doesn't hit a wall of diminishing returns within a 4U chassis. More GPUs generally equal linear performance scaling, though if you mix generations, slower cards will bottleneck your faster ones in LLM setups.
- CPU/Mobo Choice : Faster single-core CPU speeds help slightly for tasks like Whisper and Vision Transformers, but generally, any cheap X99 board and high-lane Xeon will feed these GPUs perfectly fine.
The complete set of graphs and findings are on my blog. Now that I have the setup and tooling, I'd love to benchmark more workloads, anything missing from my findings you'd like to see next? submitted by /u/eso_logic
[link] [comments]
---|--- -
π r/LocalLLaMA Apple M7 Ultra Chip Planned With Up to 1.5 TB of Unified Memory rss
| submitted by /u/Mochila-Mochila
[link] [comments]
---|--- -
π openonion/connectonion Release v1.2.0 release
Release v1.2.0
Highlights
co browseris now a multi-agent browser CLI : several AI agents can share one persistent, logged-in browser without stepping on each other's pages β each task in its own tab, with a contention guard that teaches a colliding agent the tab lifecycle instead of silently corrupting a page. The daemon layer was hardened against every startup/shutdown race we could find (and reproduce), and agents can now be interrupted gracefully mid-task.What's Changed
β¨ Features
- co browser multi-agent tabs (#195):
-t/--tabtargeting for direct functions anddo;tab open / ls / closelifecycle; per-tab ownership claims with a 120s guard window; loud exit-4 teaching errors on contention; wire-v1 JSON envelope (quote-safe caller/tab names); structured exit codes0/1/2/3/4 - Graceful stop (#188): a client INTERRUPT is honored at the iteration boundary via the existing stop_signal
- Hosted-session safety + Patchright stealth (#186, #189): per-session tabs never tear down each other's context; patchright pinned to 1.61.2 with a stealth-driver integrity check
- Outlook token rotation (#187): refresh tokens on every use and persist the rotation
π Bug Fixes
- Daemon startup race (#197): two terminals' simultaneous first commands could fork two daemons (the loser unlinked the winner's live socket β reproduced in practice). The daemon now holds a lifetime
flockacross probe-and-bind; a pid file distinguishes a busy daemon from a stale socket, so a longdocan never be mistaken for a dead daemon - Ownership cleanup: releasing a tab drops its page, registration, claim, and remembered URL together β a reused tab name starts blank, never on the previous owner's page
- A typo'd command no longer acquires a 120s tab claim;
close_tab()without an argument closes the caller's own tab, never the shared main tab - Clients tell "daemon busy" apart from "daemon did not start", and fail fast on a dead daemon's stale socket
π Documentation
- New
docs/co-browser.md: quick start, tab lifecycle, contention model, exit-code contract, everyday-function examples,doguidance, visible-vs-headless, troubleshooting - Managed key onboarding clarified (#159)
Installation
pip install --upgrade connectonionBreaking Changes
None.
Full Changelog :
v1.1.0...v1.2.0 - co browser multi-agent tabs (#195):
-
π Rust Blog crates.io: development update rss
Another six months have passed since our last development update, and the crates.io team has been busy. Here's a summary of the most notable changes and improvements made to crates.io since then.
Source Code Viewer Crate pages now have a "Code" tab that lets you browse the contents of published crate versions directly on crates.io. This shows you the exact files that cargo downloads when you add a crate as a dependency, which might differ from the linked repository. This makes it much easier to audit your dependencies, including files that never appear in the repository, like the normalized Cargo.toml files that cargo generates. The viewer comes with a file tree sidebar with search functionality, syntax highlighting, and GitHub-style line selection, where clicking or dragging line numbers produces shareable #L10-L20 URLs. Under the hood, the server now builds a zip file for every published version. Since the .crate files that cargo consumes are gzipped tarballs without random access support, a background job re-packs each of them into a seekable zip archive plus a JSON manifest describing the contained files. Both are served from our static CDN. The frontend then fetches only the manifest and loads each file on demand with an HTTP range request. Because of this architecture, browsing crate sources essentially adds no load on the crates.io API servers. Existing crate versions have been backfilled, so this works for old releases too. The rendering library behind the code viewer is a diff renderer at heart, and that's no accident: a version-to-version diff viewer built on the same infrastructure is currently in the works. This will allow you to review exactly what changed between two published versions, right on crates.io. Stay tuned! Untangling crates.io Accounts from GitHub At the end of May, the crates.io team accepted . Crates.io accounts always
have been tightly coupled to GitHub: signing in means "Log in with GitHub", and your crates.io identity is your GitHub username. The RFC changes that. It introduces usernames that are native to crates.io and independent of linked GitHub accounts, as a prerequisite for eventually supporting login via other identity providers.
The implementation of crates.io usernames has started, but there is still a lot left to do, most visibly the ability to change your crates.io username. After that is complete, there will be future RFCs and implementation for signing in with identity providers other than GitHub. Since all of this touches authentication and account security, we are deliberately taking it slow and rolling these changes out in small, carefully reviewed steps.
Advisories and Suggestions
In our January update we introduced the "Security" tab, which shows security advisories from the RustSec database. We have since taken this integration one step further: crates that RustSec has flagged as unmaintained now show a warning banner directly on their crate pages, linking to the corresponding advisory for details and possible alternatives. Thanks to Dirkjan Ochtman for implementing this feature!

Related to this, some popular crates have been largely absorbed into the Rust standard library over the years, like
lazy_static, which has been superseded bystd::sync::LazyLocksince Rust 1.80. Crate pages of such crates now show a friendly "You might not need this dependency" banner describing the standard library replacement, and superseded crates in dependency lists get a small light bulb icon with a similar hint.
The dataset behind this feature lives in the new rust-lang/std-replacement- data repository, together with a documented inclusion policy: standard library replacements only, every entry must cite the stable
std,core, orallocAPI and Rust version, and crate maintainers get a notice-and-comment window before an entry is added. New entries can be proposed upstream and can benefit other tools too.Ferris
The most delightful change of this cycle: the Ferris on our error pages now follows your mouse cursor with its eyes:

Getting a 404 error on crates.io is now slightly less sad.
Svelte Frontend Migration Completed
In our January update, we announced that we were experimenting with porting the crates.io frontend from Ember.js to Svelte. This experiment has concluded successfully: the new frontend reached feature parity, went through a public testing phase in April, became the default at the beginning of May, and the Ember.js app has been removed from our repository.
We designed this change to be invisible for our users, since the new frontend is a 1:1 port of the previous design and functionality. For the team and our contributors, however, it is a big deal: the frontend is now built on a more modern framework, which should make it easier for new contributors to get started. It also allows us to iterate faster, as the source code viewer above demonstrates.
We want to thank the Ember.js team for a framework that served crates.io well for many years, and the Svelte team for making the transition so enjoyable.
Miscellaneous
These were some of the more visible changes to crates.io over the past six months, but a lot has happened "under the hood" as well:
-
Search performance : Relevance-sorted search queries previously ranked every crate matching the query, which could take 1-2 seconds for short or common search terms. Ranking is now bounded to the 1,000 matching crates with the highest recent download counts.
-
Reverse dependencies performance : The reverse dependencies endpoint no longer recomputes the full dependent set on every request. It is now served from a precomputed table kept in sync by database triggers, turning an expensive join into a bounded index scan and greatly reducing the chance of getting a timeout error.
-
New ARCHITECTURE.md : If you've ever wondered how crates.io actually works, our
ARCHITECTURE.mddocument got a complete rewrite. It is now organized around the high-level systems that make up crates.io and how they fit together, and includes walkthroughs of what happens when you runcargo publish, why a typical crate download never touches our API servers, and how download counts are derived from CDN access logs. -
Definition lists : READMEs now render Markdown definition lists, a widely used Markdown extension. Our markdown renderer comrak already supported them, the extension just wasn't enabled yet. Thanks to @mistaste for this contribution!
-
CDN cache tags : Files uploaded to our static CDN now carry cache-tag metadata, allowing us to invalidate all cached files of a crate or a specific release in a single operation, instead of issuing one invalidation per file URL.
-
Caching improvements : We removed a global
Vary: Cookieresponse header that was preventing our CDNs from caching public API responses and frontend assets effectively. Per-user responses now useCache-Control: no-storeinstead, resulting in better cache hit rates at the CDN edge. -
Accessibility : We have made crates.io friendlier to screen readers: decorative icons are now hidden from the accessibility tree, heading hierarchies have been fixed, and lists are marked up as proper lists. ARIA snapshot tests now ensure that regressions can't slip in unnoticed. We plan to continue to improve crates.io accessibility over the coming months.
-
Git index performance : The background worker's local clone of the git index is now a bare and shallow repository, eliminating roughly 250,000 checked-out files and the full commit history from its disk, improving its performance as we see increased rates of crate publication. The periodic index squashing now goes through the GitHub API instead of generating large git packs locally, which had previously caused out-of-memory failures on the production worker.
Feedback
We hope you enjoyed this update on the development of crates.io. If you have any feedback or questions, please let us know on Zulip or GitHub. We are always happy to hear from you and are looking forward to your feedback!
-
-
π Armin Ronacher The Tower Keeps Rising rss
I feel that some vibecoded software changes somewhat randomly and unexpectedly. That made me think about Bruegel's "The Tower of Babel" which shows an already quite chaotic depiction of the Tower of Babel. The story is usually told as one about pride and ambition and ultimately why people no longer speak the same language. But it is also a story about the unity that makes technological progress work.
The text begins with a technology upgrade:
And they said one to another, Go to, let us make brick, and burn them thoroughly. And they had brick for stone, and slime had they for morter.
They use it for a civilizational project:
let us build us a city and a tower, whose top may reach unto heaven
But when God assesses the situation the bricks are not what concern him:
the people is one, and they have all one language, [β¦] and now nothing will be restrained from them.1
The source of their power is coordination. They share a language and with that shared language they can combine their work into something no one of them could build alone. God does not take away the bricks or their knowledge of how to make them. He takes away their ability to understand one another, and construction stops.
There is the appealing idea that AI-assisted programming means better tools which lets us build more ambitious software. That is certainly true at the level of the individual and without doubt a developer with an agent will be dramatically more capable of changing a codebase. But large software projects have never been limited only by how quickly an individual can produce code. They are limited by how well people can coordinate their understanding of the system they are changing.
The shared language of a software project is not English or Python but it is the common understanding of what its concepts mean, where the boundaries are, which invariants matter, who owns what, and why the system has the shape it does. This language is rarely written down in one place. It lives partly in documentation and code, but also in code review, conversations, arguments, and the experience of having to explain a change to somebody else.
Before agents, some of this shared understanding was maintained by friction. If I wanted to change your storage layer, I usually had to read your code, ask you questions, and perhaps coordinate with another team whose service depended on it. This was slow, and much of that slowness was waste but not all of it was. Some of it was the process by which your understanding became mine, and by which both of us discovered whether we still agreed about how the system worked. This friction synchronizes people.
Agents remove much of that friction. I can ask an agent to add OAuth, you can ask one to add caching, and somebody else can ask one to rebuild the database from first principles and make the UI pink. Each change can be reasonable in isolation. The code can compile, the tests can pass, and the explanations can be generated on demand. None of us necessarily has to talk to the others, or even acquire the part of the shared model that the change once would have forced us to learn.
As I said many times before: agents do not feel pain, only humans do. Agents now let us act in parts of the system where we would previously have needed other people and in code bases where the people would have revolted.
When I look at some vibecoded scaled-up projects the codebases become Babel not because nobody can communicate, but because nobody needs to. Every developer has a tireless translator that can explain a corner of the tower and make whatever local alteration they ask of it. The changes keep landing, even as the architectural language that would let the humans reason about them together disappears.
But it's not the biblical story. At Babel, the loss of common language stops construction whereas in AI-assisted engineering, construction can continue after shared understanding has already collapsed. The lack of an immediate failure is what makes it curious and a bit disorienting. The tower does not fall, and so we do not notice what was lost. It just keeps rising.
-