🏡

to read (pdf)

  1. I don't want your PRs anymore
  2. JitterDropper | OALABS Research
  3. DomainTools Investigations | DPRK Malware Modularity: Diversity and Functional Specialization
  4. EXHIB: A Benchmark for Realistic and Diverse Evaluation of Function Similarity in the Wild
  5. Neobrutalism components - Start making neobrutalism layouts today

generated: June 09, 2026 at 04:22:05

  1. June 09, 2026
    1. 🔗 sacha chua :: living an awesome life June 11: Sacha and Prot Talk Emacs: Built-ins rss

      On June 11, I'm going to chat with Prot about the Emacs Carnival June 2026 topic Underappreciated Emacs Built-ins. Thanks to Ross A. Baker for hosting the carnival!

      Watch on YouTube

      (America/Toronto) = Thu Jun 11 1030H EDT / 0930H CDT / 0830H MDT / 0730H PDT / 1430H UTC / 1630H CEST / 1730H EEST / 2000H IST / 2230H +08 / 2330H JST

      You can e-mail me at sacha@sachachua.com.

    2. 🔗 cloudflare/capnweb capnweb-validate@0.2.0 release

      Minor Changes

      • #169 2cb51eb Thanks @teamchong! - Introduced capnweb-validate, a separate package that allows you to wrap your RPC interfaces in runtime type-checking based on your TypeScript interfaces.
    3. 🔗 panda-re/panda v1.8.85 @ refs/heads/dev release

      What's Changed

      Full Changelog : v1.8.83...v1.8.85

    4. 🔗 panda-re/panda v1.8.84 @ refs/heads/dev release

      What's Changed

      Full Changelog : v1.8.83...v1.8.84

  2. June 08, 2026
    1. 🔗 modem-dev/hunk v0.15.0 release

      What's Changed

      Features

      • Added Sapling (sl) support for hunk diff and hunk show, so Sapling repositories can use Hunk without going through Git compatibility layers. (#291)
      • Added moved-line highlighting from Git's colorMoved output, making relocated code easier to distinguish from newly added or deleted code. (#323)
      • Added a --transparent-bg flag and transparent_background config option for translucent terminal setups. (#322, #392)
      • Added Zenburn as a built-in theme, plus Catppuccin Frappé and Macchiato to complete the official Catppuccin family. (#394, #395)
      • Show the newly selected theme in the footer when cycling themes. (#396)

      Fixes and polish

      • Made syntax highlighting follow Hunk's active theme colors instead of Pierre's built-in palette, including custom themes. (#393)
      • Preserved split diff alignment when horizontally scrolling through wide CJK and emoji characters. (#397)
      • Expanded the diff window during rapid scrolling so large reviews keep real rows mounted instead of flashing blank placeholders. (#391)

      Tests and maintenance

      • Added local benchmark coverage for parsing, loading, rendering, memory, and competitor comparisons to make performance changes easier to validate. (#391)
      • Prepared the 0.15.0 release. (#401)

      New contributors

      Thanks to first-time contributors in this release:

      Full Changelog : v0.14.1...v0.15.0

    2. 🔗 r/Harrogate My Red Kite spotting PB in Harrogate today - nearly 50! rss

      My Red Kite spotting PB in Harrogate today - nearly 50! | Hard to count, but there must be nearly 50 red kites in the first photo if you zoom in. In the second photo, they were just flying low. I wish I were out with my proper camera this evening. I often see big groups, but this was something else. submitted by /u/namboozle
      [link] [comments]
      ---|---

    3. 🔗 sacha chua :: living an awesome life 2026-06-08 Emacs news rss

      It's Emacs Built-ins appreciation month! I'm coming to appreciate the menu bar more. What built-ins do you appreciate? Write about it and send Ross a link!

      Links from reddit.com/r/emacs, r/orgmode, r/spacemacs, Mastodon #emacs, Bluesky #emacs, Hacker News, lobste.rs, programming.dev, lemmy.world, lemmy.ml, planet.emacslife.com, YouTube, the Emacs NEWS file, Emacs Calendar, and emacs-devel. Thanks to Andrés Ramírez for emacs-devel links. Do you have an Emacs-related link or announcement? Please e-mail me at sacha@sachachua.com. Thank you!

      You can e-mail me at sacha@sachachua.com.

    4. 🔗 r/LocalLLaMA When every other post is an AI generated benchmark report, a question about the best model, or a slop-coded application or engine that pretends to be groundbreaking rss

      When every other post is an AI generated benchmark report, a question about the best model, or a slop-coded application or engine that pretends to be groundbreaking | submitted by /u/Honest-Kangaroo-1830
      [link] [comments]
      ---|---

    5. 🔗 r/reverseengineering [Tool/Writeup] PureBasic FLIRT Signature for IDA Pro — demo + crackme rss

      submitted by /u/No-Figure-7595
      [link] [comments]

    6. 🔗 r/reverseengineering [Tool/Writeup] PureBasic FLIRT Signature for IDA Pro — demo + crackme rss

      submitted by /u/No-Figure-7595
      [link] [comments]

    7. 🔗 r/LocalLLaMA Xiaomi just claimed 1,000+ tps on a 1T model using a standard 8-GPU server rss

      Just saw Xiaomi MiMo announce MiMo-V2.5-Pro UltraSpeed , claiming they broke the 1,000 tokens/sec output barrier on a 1 trillion parameter MoE model. According to them, they’re doing it on a single standard 8-GPU node , not custom wafer-scale hardware like Cerebras and not SRAM-heavy hardware like Groq.

      Crazy if true.

      submitted by /u/No-Selection2972
      [link] [comments]

    8. 🔗 r/reverseengineering First Public Analysis of the BoldTealLayer Loader: A Custom Lua Script that Blinds Windows Security rss

      submitted by /u/TheOneEyedArgus
      [link] [comments]

    9. 🔗 r/reverseengineering EMBA firmware analysis framework v2.0.2 available - Party the big 2k rss

      submitted by /u/m-1-k-3
      [link] [comments]

    10. 🔗 r/reverseengineering /r/ReverseEngineering's Weekly Questions Thread rss

      To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the Reverse Engineering StackExchange. See also /r/AskReverseEngineering.

      submitted by /u/AutoModerator
      [link] [comments]

    11. 🔗 HexRaysSA/plugin-repository commits sync repo: +2 releases, ~1 changed rss 
      sync repo: +2 releases, ~1 changed

## New releases
- [BinSync](https://github.com/binsync/binsync): 5.15.2, 5.15.1

## Changes
- [BinSync](https://github.com/binsync/binsync):
  - 5.10.1: archive contents changed, download URL changed
  3. June 07, 2026
    1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-06-07 rss

      IDA Plugin Updates on 2026-06-07

      New Releases:

      Activity:

    2. 🔗 r/reverseengineering HDD Firmware Hacking Part 1 rss

      submitted by /u/eigma
      [link] [comments]

    3. 🔗 r/Harrogate ‘What’s on this week’ newsletter still going? rss

      Is this still a thing? I haven’t seen the posts or got the emails in ages but maybe that’s a me problem, is this still being put out?

      submitted by /u/sophietheadventurer
      [link] [comments]

    4. 🔗 sacha chua :: living an awesome life June 18: Emacs Chat with Ross A. Baker rss

      On June 18, I'll chat with Ross Baker about Emacs and life.

      Watch on YouTube

      America/Toronto = Thu Jun 18 1030H EDT / 0930H CDT / 0830H MDT / 0730H PDT / 1430H UTC / 1630H CEST / 1730H EEST / 2000H IST / 2230H +08 / 2330H JST

      This session will be recorded, and I'll update this blog post with notes. https://sachachua.com/blog/2026/06/emacs-chat-with-ross-a-baker/

      Find more Emacs Chats or join the fun: https://sachachua.com/emacs-chat

      You can e-mail me at sacha@sachachua.com.

    5. 🔗 r/reverseengineering Independent Post-Quantum KEM and Digital Signature Suite in C++ (NSLD Reduction rss

      submitted by /u/Ok-Werewolf9375
      [link] [comments]

    6. 🔗 r/reverseengineering Zhiyun Weebil-S Camera Gimbal BLE Protocol rss

      submitted by /u/UnacceptableUse
      [link] [comments]

    7. 🔗 r/LocalLLaMA llama.cpp Gemma4 MTP support merged! rss

      llama.cpp Gemma4 MTP support merged! | submitted by /u/pinkyellowneon
      [link] [comments]
      ---|---

    8. 🔗 r/reverseengineering Reverse Engineering the Garmin Running Dynamics BLE protocol rss

      submitted by /u/gorinrockbow
      [link] [comments]

    9. 🔗 Register Spill Joy & Curiosity #89 rss

      Friends, Joy & Curiosity is going into a bit of a summer break. Two, three, maybe four weeks. I'm not sure yet. But it's now been three years of writing this newsletter on my weekends and I feel a need to not do that for a while. I want to have some unstructured time: to play, to experiment, to write or maybe not write, to do something different on my Sunday mornings.

      But today I still have for you, a bag of links:

      • Unlike what seems to be most of the Internet, I still don't know what to make of this document that Anthropic published: When AI builds itself. It is remarkable, for many different reasons. For example, some say that the intention behind publishing this is to hype themselves up before an IPO and this section here does have a smell of "everyone but us must be stopped": "If it were possible to effectively slow the development of this technology to give ourselves more time to deal with its immense implications, we think that would likely be a good thing. But if a slowdown simply lets the least cautious actors catch up technologically, it could leave everyone less safe." But those concerns are founding maxims for Anthropic, so I don't doubt they're sincere. And if they wanted to hype themselves up, would they share all these concerns about AI's progress in the future? "The evidence we've laid out here suggests that we're likely heading into this scenario. But speeding up one part of a process often just shifts the bottleneck elsewhere […] But achieving recursive improvement alone does not suggest an immediate change in how industrial production occurs, societies organize, or markets function. More intelligence can't learn what a drug does over decades of use, can't hold elections sooner than a constitution dictates, and can't turn a stranger into an old friend in a weekend. For most people, the felt pace of this future will still be set by the bottlenecks, even if the laboratory upstream runs at the speed of compute." And then, of course, there are these quotes floating around the page. I don't understand why they chose to put this one in there: "On days where everything works well, I can't help but think nothing I do matters, everything is automated and better and faster than I ever will be. But then there are days where everything breaks and I don't understand why and I realize I have no idea what I've been up to anymore."

      • Ted Chiang: No, Artificial Intelligence Is Not Conscious. He doesn't use the term "stochastic parrot" and yet I couldn't help but shrug as if he had. Conscious or not, does the distinction matter on a practical level? It might for Anthropic's IPO, at least, when Chiang writes: "If we think of Claude as a sentence-continuation machine, Anthropic can reasonably take steps so Claude doesn't emit sentences saying that sentence-continuation machines are unethical. But as soon as we imagine Claude to be an entity with a moral status remotely comparable to a human's, then we have to consider whether Anthropic is engaged in something comparable to slavery."

      • Seth Godin: Stop ruining it.

      • Andrew Trigell, a hacker's hacker (go read his Wikipedia page), on "rsync and outrage": "for the people saying things like "I'm a PhD from xyz uni and I'm telling your LLMs are just stochastic tools that make everything up and the world will fall apart if you use them", I'm here to tell you that you are out of date. The world of software engineering has changed dramatically in the last few months." Go read the whole thing.

      • Patina as proof: The shift from quiet luxury to lived-in aesthetics. "People increasingly distrust things that look too new, too frictionless, or too optimised. Patina communicates time, friction, and human use. Wear is proof that something existed in the world before it reached you. In a culture saturated with AI-generated imagery and algorithmically optimised products, that proof is becoming scarce and therefore valuable."

      • Carson Gross, creator of htmx: "Code is Cheap(er)" Yes, it is. And a lot flows from that. Let's see how long it takes for the second order effects to be talked about.

      • Why share? Great example of these second order effects.

      • Changing How We Develop Ladybird: "We will no longer accept public pull requests. […] This is not a change we make lightly. Many valuable contributions have come from outside the maintainer group over the years, and we are grateful for them. […] For decades, code contributions have been how open source projects learned who to trust. People would show up, do the work, take responsibility for their changes, and stick around. Over time, trust emerged from the work itself. AI tools have changed the economics of this very quickly."

      • From the Typewriter interview with Brad Neely:

      Q: "I 'smoke' a cigarette peneil in the studio. Do you perform any silly rituals when you're working?"
      A: "Wasting time. Allowing tangents to take over. Chasing a thought down to its root only to find that the deeper you go all thoughts are connected at the roots so you can't ever get to the bottom of a thing but rather you go round and round through the circuits of connectivity. I keep a thumbtack in my lips when drawing, so I feel you on that, Kleon. I do a lot of 'problem busting' on the treadmill or stationary bike."

      • Cheese Paper: "a text editor specifically designed for writing, particularly fiction." I've never used an editor like this, so I found the features interesting to consider, and also: what a great name!

      • The Newest Instagram "Exploit" is the Goofiest I've Seen. I got goosebumps reading this, imaginging that I'm the guy responsible, who forgot to add the additional checks.

      • how to train your goblin. Beautiful presentation. Made me want to start doing RL runs.

      • "I expect we'll see a shift in emphasis from taste to character, in which the premium is placed on contradiction over cohesion and the specificity of one's interests over generalized cultural fluency. I'm thinking: incongruous hobbies (ex. Rosey Grier's Needlepoint for Men), niche and unprestigious collections (stamps? pennies?), and prickliness toward commercial fluency and palatability. Not driven by a desire to be cool or interesting per se but by a desire to be free of the pasteurized good taste, the style without substance, that the algorithm often encourages."

      • Justin Jackson: Do the hardest thing.

      • Why A Retractable Pen? I urge you to click on this and scroll through the page. It's beautiful and interesting and well-made. And I'm not only saying that as someone who dis- and reassembled probably hundreds of pens in his life. It's a great page.

      • Fatih's Review of the MoErgo Go60 Keyboard. It's long, it's detailed, it has beautiful photos, it has videos, it was -- as everyone can see -- made with love, it made me want to buy a new keyboard.

      • How To Read More. I've averaged between 20 and 30 books a year for multiple decades but really struggled in the last few years. Maybe because I picked longer books (hey, The Power Broker) or because I read more articles or because I work out more and fall asleep roughly four minutes after my head hits the pillow. But I don't know. So I opened this article and laughed out loud when I read the first "tip": Quit your job. Hope you get a laugh too.

      • 7min clip of Ed Catmull talking about how the "braintrust" worked at Pixar and then on whether it's possible to apply the Pixar way of working at different companies. I read Creativity, Inc. many years ago (highly recommend it) and hearing that the Disney acquisition led to Frozen was very interesting. Paid off, didn't it?

      • Making Software is available in early access.

      • I had the week off and was in the mood for some Russian short stories (if you haven't: go and read A Swim in a Pond in the Rain). I really like Chekhov, it turns out. The Student was great (and it's very short). And so was The Lady with the Dog. Gogol's The Overcoat I enjoyed too.

      • Then I went through The New Yorker archive and read some of the Greatest Hits of the last 100 years that I hadn't read before: Undecided (funny, great!), The Lie Factory ("Campaigns, Inc., the first political-consulting firm in the history of the world, was founded, in 1933, by Clem Whitaker and Leone Baxter. […] Political consulting is often thought of as an offshoot of the advertising industry, but closer to the truth is that the advertising industry began as a form of political consulting."), The Paperboy's Secret (what writing), and The Musk Ox and Me, written by Jon Lee Anderson. If you had asked me at 17 what life I wanted to live, I think I would've shared a dream that sounds pretty much like Anderson's actual life. Go read the first three paragraph to see what I mean. Then read the rest because of the musk oxen and Alaska and some beautiful writing.

      Subscribe so you don't miss when this newsletter starts up again:

    10. 🔗 r/LocalLLaMA You don't need a GPU to run gemma-4-26B-A4B rss

      I've been running LLMs on my old potato i5-8500 with 32GB of RAM and no GPU for awhile now, running up to 12B dense models which run slow but perfectly useable. But this Gemma-4-26B-A4B simply flies on this CPU - only machine using Koboldcpp on Linux.

      That's right, an old used $150 desktop computer is running state of the art LLMs with something like 7 T/s. Yeah, go ahead and scoff. You can brag about your super-rig that costs more than a used car, but I'm bragging about a crappy old desktop I bought of ebay running the same thing that costs less than a night out.

      I keep thinking about buying a GPU but it's beginning to look like it might not be necessary. These smaller models are amazing without a GPU.

      submitted by /u/JackStrawWitchita
      [link] [comments]

    11. 🔗 sacha chua :: living an awesome life Emacs PDF View: Replace current page with file using PDFtk rss

      I needed to replace a page in a PDF with another PDF. This was a bit of an annoying process on my iPad involving copying and pasting pages in Noteful and then re-exporting them as a PDF, but it was easy to do in Emacs thanks to pdf-tools and PDFtk. 

      ;;;###autoload
(defun sacha-pdf-view-replace-current-page-with-file (file)
  "Replace the current page in PDF View with FILE.
Requires pdftk."
  (interactive "FFile to insert: ")
  (let ((temp-file (concat (make-temp-name "pdf-view") ".pdf")))
    (call-process
     "pdftk"
     nil nil nil
     (concat "A=" (expand-file-name (buffer-file-name)))
     (concat "B=" (expand-file-name file))
     "cat"
     (format "A%d-%d"
             1
             (1- (pdf-view-current-page)))
     "B"
     (format "A%d-end"
             (1+ (pdf-view-current-page)))
     "output"
     temp-file)
    (rename-file temp-file (buffer-file-name) t)))
      This is part of my Emacs configuration.

      You can e-mail me at sacha@sachachua.com.

    12. 🔗 exe.dev Replace your CI with a merge queue rss

      The standard in CI today is tests run in the cloud after a commit has been merged. They serve as a double-check for an engineer: did you forget to test some part of your code that you changed?

      CI works for humans. The reason is our long-term understanding of a codebase and its evolution. Engineers new to a codebase know they are new and take more care (or get automated emails telling them they broke CI). Humans familiar with the codebase know implicitly what they need to be testing as they work.

      The automated email from CI works because it is rare, because we all develop at human speed and breaking HEAD is OK for a little while. Some teams try auto-revert on CI breakage. This works, but you lose a lot of the value of after-the-fact testing in continual retries. Still, it works. It is better than nightly builds and binary searching your way to the culprit.

      It does not work for agents. At least not as of June 2026.

      There are two problems here. The first is that agents are always new to a codebase. They don’t have all the implicit knowledge of the codebase expert, and so they regress parts of the project they have not paid attention to all the time. It is excruciating developing with an agent and CI. Your agent needs to run all the tests as it is developing to make sure it understands the environment.

      The second problem is the agent context window is dead and gone by the time the poor human driving it is stuck with an automated email saying they broke CI. Your agent should have been quietly solving that problem before making it other people’s problem. It has all the time in the world as long as it is not in anyone’s way. Let the computer drive the computer.

      So you need to get your org into a place where agents can run all the tests all the time. There is an easy way to do this. Replace your CI with a merge queue.

      Merge queue

      A merge queue is a script you run to push to origin/main (instead of using a PR UI like we did back in the GitHub, all-human days).

      It is very important you run all the tests in the merge queue. Do not have "slow" tests you run daily. In the age of agents, those tests will be broken every day. Someone will spend hours every day chasing after other people's agents. This is not a role anyone on the team wants. It turns out the only thing worse than cleanup up after someone else is cleaning up after someone eles's robot.

      After you have a merge queue that works, create a second command to run the merge queue, minus the actual merge. Give it to your agents.

      This ensures:

      1. The active context window can run the tests and fix the bugs before inflicting them on other people.
      2. No one, neither human nor machine, breaks the build.

      Back when we were all human, and CI was slow, you could make arguments for CI instead of merge queues. Those arguments depended on tests being too slow to put in the merge path, and that will not stand in 2026, tests must be fast to use agents. Now it is impossible. With agents, CI is useless, the merge queue is vastly superior.

      You will need expensive computers to power your merge queue. It is worth it.

  4. June 06, 2026
    1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-06-06 rss

      IDA Plugin Updates on 2026-06-06

      New Releases:

      Activity:

    2. 🔗 HexRaysSA/plugin-repository commits sync repo: +2 releases rss 
      sync repo: +2 releases

## New releases
- [augur](https://github.com/0xdea/augur): 0.9.3
- [rhabdomancer](https://github.com/0xdea/rhabdomancer): 0.9.3
    3. 🔗 r/LocalLLaMA Another 1-click admin account takeover in pewdiepie's AI tool (language in video nsfw) rss

      submitted by /u/theonejvo
      [link] [comments]

    4. 🔗 r/Harrogate Best Pubs to Watch World Cup rss

      What are folks’ recommendations for where to watch the world cup this summer? I know The Alexandra will host games but are there others worth a look in?

      submitted by /u/CyclePrevious9043
      [link] [comments]

    5. 🔗 r/LocalLLaMA 120 tok/s on 12GB VRAM with Gemma 4 12B QAT MTP rss

      Google just released the QAT (Quantization-Aware Training) variant of their Gemma 4 models, including 12B, so it was only natural for me to benchmark it on my 12GB GPU since it fits entirely in VRAM. I was pleasantly surprised with the result!

      By using llama.cpp patched with the Gemma 4 MTP PR, and loading Unsloth's gemma-4-12B-it-qat-GGUF quant and Google's gemma-4-12B-it-qat-q4_0-unquantized- assistant QAT assistant / draft model, which I converted to GGUF and uploaded to HuggingFace as gemma-4-12B-it-qat-assistant- MTP-Q8_0-GGUF using llama.cpp's convert_hf_to_gguf.py, I was able to achieve 120 tok/s with mtp- bench.py!

      Before we start, here's my PC specs:

      OS: CachyOS GPU: RTX 4070 Super 12GB (iGPU as main GPU) CPU: AMD Ryzen 7 9700X RAM: 32GB DDR5-6000

      Here's my llama.cpp command:

      llama-server \ -m gemma-4-12B-it-qat-UD-Q4_K_XL.gguf \ --model-draft gemma-4-12B-it-qat-assistant-MTP-Q8_0.gguf \ --spec-type draft-mtp \ --spec-draft-n-max 4 \ --parallel 1 \ --ctx-size 131072 \ --temp 1.0 \ --top-p 0.95 \ --top-k 64

      For comparison, here's my mtp-bench.py benchmark

      results without MTP:

      ❯ ./mtp-bench.py code_python pred= 192 draft= 0 acc= 0 rate=n/a tok/s=59.9 code_cpp pred= 192 draft= 0 acc= 0 rate=n/a tok/s=60.0 explain_concept pred= 192 draft= 0 acc= 0 rate=n/a tok/s=59.9 summarize pred= 192 draft= 0 acc= 0 rate=n/a tok/s=59.9 qa_factual pred= 192 draft= 0 acc= 0 rate=n/a tok/s=59.9 translation pred= 192 draft= 0 acc= 0 rate=n/a tok/s=60.0 creative_short pred= 192 draft= 0 acc= 0 rate=n/a tok/s=60.0 stepwise_math pred= 192 draft= 0 acc= 0 rate=n/a tok/s=59.8 long_code_review pred= 192 draft= 0 acc= 0 rate=n/a tok/s=57.6 Aggregate: { "n_requests": 9, "total_predicted": 1728, "total_draft": 0, "total_draft_accepted": 0, "aggregate_accept_rate": null, "wall_s_total": 30.2 }

      Here's my mtp-bench.py benchmark results with MTP:

      ❯ ./mtp-bench.py code_python pred= 192 draft= 172 acc= 133 rate=0.773 tok/s=130.5 code_cpp pred= 192 draft= 187 acc= 128 rate=0.684 tok/s=120.4 explain_concept pred= 192 draft= 213 acc= 119 rate=0.559 tok/s=105.7 summarize pred= 192 draft= 168 acc= 134 rate=0.798 tok/s=133.5 qa_factual pred= 192 draft= 210 acc= 120 rate=0.571 tok/s=107.2 translation pred= 192 draft= 175 acc= 132 rate=0.754 tok/s=128.6 creative_short pred= 192 draft= 240 acc= 110 rate=0.458 tok/s=94.0 stepwise_math pred= 192 draft= 165 acc= 135 rate=0.818 tok/s=135.7 long_code_review pred= 192 draft= 197 acc= 125 rate=0.634 tok/s=111.7 Aggregate: { "n_requests": 9, "total_predicted": 1728, "total_draft": 1727, "total_draft_accepted": 1136, "aggregate_accept_rate": 0.6578, "wall_s_total": 15.66 }

      To achieve this, all you need is a 12GB NVIDIA GPU and enough free VRAM to fit Gemma 4 12GB + assistant entirely in GPU memory. With CachyOS and my dGPU set as a secondary GPU, this gives me pretty much 100% free VRAM. On Windows, or if using your dGPU as your main GPU, you will probably loose 500MB+ of VRAM to the OS and driver, so you might need to lower the context size, or it might simply not work. You'll probably need to do some testing 😄

      Here's step-by-step instructions to get this working:

      1. Clone llama.cpp git clone https://github.com/ggml-org/llama.cpp.git cd llama.cpp 2. Fetch and switch to the Gemma 4 MTP PR branch git fetch origin pull/23398/head:gemma4-mtp git checkout gemma4-mtp 3. Build with CUDA support for NVIDIA GPUs cmake -B build -DGGML_CUDA=ON -DBUILD_SHARED_LIBS=OFF cmake --build build --config Release -j$(nproc) 4. Download Unsloth's Gemma 4 12B QAT here: https://huggingface.co/unsloth/gemma-4-12B-it-qat-GGUF 5. Download Google's Gemma 4 assistant / draft here https://huggingface.co/Janvitos/gemma-4-12B-it-qat-assistant-MTP-Q8_0-GGUF 6. Load the models with llama-server llama-server \ -m gemma-4-12B-it-qat-UD-Q4_K_XL.gguf \ --model-draft gemma-4-12B-it-qat-assistant-MTP-Q8_0.gguf \ --spec-type draft-mtp \ --spec-draft-n-max 4 \ --parallel 1 \ --ctx-size 131072 \ --temp 1.0 \ --top-p 0.95 \ --top-k 64

      Cheers 😄

      submitted by /u/janvitos
      [link] [comments]

    6. 🔗 r/LocalLLaMA Cohere's unreleased coding model (early access for localllama) rss

      Cohere's unreleased coding model (early access for localllama) | Hey, Nick here from Cohere. Thanks for all the feedback on Command A+ the other week everyone. I read these threads all the time about other releases so it was fun to read one about our own :) we would like to do more of it. We actually have our first coding model we’re getting ready to release soon, and I wanted to give this community an opportunity to test it out and give feedback before we officially release it. Figured why not try something different and get you guys to help directly here? It’s a 30B model with 3B active params so it runs nicely on some local set ups. It’s on our Hugging Face for now (more platforms to come as we get the model officially launched soon). This one is small but the team is excited about its speed, we’re seeing token output tests in line with similar models in its size class. The weights are here but again this isn’t publicly launched yet (or even fully ready) so i’d encourage you to test the model with what you are trying to achieve. The goal is to build from our learnings with this release and improve the models, so there’s some room for how this gets used now to shape how we continue to develop it. Check it out and let me know how it’s working for you. Excited to see what people think. Thank you :) submitted by /u/nick_frosst
      [link] [comments]
      ---|---

    7. 🔗 Confessions of a Code Addict Understanding a Process’s Address Space Layout rss

      This is the third video in the virtual memory series based on the virtual memory article/book that I wrote. In the first two videos, we talked about what is virtual memory, and the size of virtual memory address space of a process. In this installment, we understand how this address space is laid out by the operating system and why does it have this specific layout.

      The video covers the following topics:

      • The address space layout of a process

      • The key segments of this address space: text, data, bss, heap, memory-mapped region, stack

      • How the stack grows

      • Performance and security implications of this layout

      In the next video, we will talk about how the kernel maintains the virtual-to- physical address mapping and how the translation works. In the meantime, if you haven't read the virtual memory article, I recommend checking it out. It is also available in an aesthetically pleasing and screen- friendly PDF/EPUB format at the link below.

      Check out Ebook

      Read more

    8. 🔗 Jessitron Verum Factum and the Creator’s Confidence rss

      The other day I read about this Italian philosopher from like 1700 who coined a phrase: verum esse ipsum factum. What is true is what is made, or: we only really understand what we created.

      Verum Factum : we only really know what we made.

      This resonates immediately as a software developer.

      When I wrote a program, or when I've changed it enough, I feel like I know it, like it's under my fingers. It's a particular feeling of knowing. It means I have confidence that I can predict the software, that I can change it, that I can pinpoint problems as an expert. I love that feeling. It's a verum-factum feeling.

      That's what I lose when AI writes the code. 😭

      There's a loss of intimacy with my own programs. I don't know them inside and out, I didn't shape their every structure and dataflow.

      There are ways of working with the agent to keep this verum-factum knowledge, to feel like this program is mine. I seek these. Here are some I've found so far:

      • I establish clear domain terms, some up front and others as the need for them emerges.
      • I notice bounded contexts and ask the agent to break them into modules.
      • I get it to write down design principles and conventions for this app.
      • Behavior tests that the agent can't change without permission: "I've set its boundaries" [1]
      • Traces show me what's happening: I work them into a shape that gives me confidence.
      • Own the loop. It is mine to define how the agent and I know whether the software works.

      When I'm the domain expert, the architect, the product owner, and the design lead-then yeah, that program can feel mine just as when I was mostly the coder.

      Verum-factum still works when I work at the levels of behavior and verification. Even if I miss the satisfaction of carving each clever abstraction.

      [1] This is a kuote from Steve Kuo.

    9. 🔗 r/Harrogate Favourite bars in Harrogate rss

      I’m curious to know where everyone’s favourite place to drink in town is & what you love about those particular spots / what they do well?

      submitted by /u/rhamer03
      [link] [comments]

    10. 🔗 Simon Willison Running Python code in a sandbox with MicroPython and WASM rss

      I've been experimenting with different approaches to running code in a sandbox for several years now, but my latest attempt feels like it might finally have all of the characteristics I've been looking for. I've released it as an alpha package called micropython-wasm, and I'm using it for a code execution sandbox plugin for Datasette Agent called datasette-agent-micropython.

      Why do I want a sandbox?

      My key open source projects - Datasette, LLM, even sqlite-utils - all support plugins.

      I absolutely love plugins as a mechanism for extending software. A carefully designed plugin system reduces the risk involved in trying new things to almost nothing - even the wildest ideas won't leave a lasting influence on the core application itself. My software can grow a new feature overnight and I don't even have to review a pull request!

      There's one major drawback: my plugin systems all use Python and Pluggy, and plugin code executes with full privileges within my applications. A buggy or malicious plugin could break everything or leak private data.

      I'd love to be able to run plugin-style code in an environment where it is unable to read unapproved files, connect to a network, or generally operate in a way that's risky or harmful to the rest of the application or the user's computer.

      My interest covers more than just plugins. For Datasette in particular there are many features I'd like to support where arbitrary code execution would be useful. I've already experimented with this for Datasette Enrichments, where code can be used to transform values stored in a table. I'd love to build a mechanism where you can run code on a schedule that fetches JSON from an approved location, runs a tiny bit of code to reformat it into a list of dictionaries, then inserts those as rows in a SQLite database table.

      What I want from a sandbox

      My goal is to execute code safely within my own Python applications. Here's what I need:

      • Dependencies that cleanly install from PyPI, including binary wheels across multiple platforms if necessary. I don't want people using my software to have to take any extra steps beyond directly installing my Python package.
      • Executed code must be subject to both memory and CPU limits. I don't want while True: s += "longer string" to crash my application or the user's computer.
      • File access must be strictly controlled. Either no filesystem access at all or I get to define exactly which files can be read and which files can be written to.
      • Network access is controlled as well. Sandboxed code should not be able to communicate with anything without going through a layer I fully control.
      • Support for interaction with host functions. A sandbox isn't much use if I can't carefully expose selected platform features to the code that it's running.
      • It has to be robust, supported, and clearly documented. I've lost count of the number of sandbox projects I've seen in repos with warnings that they aren't actively maintained!

      WebAssembly looks really promising here

      Web browsers operate in the most hostile environment imaginable when it comes to malicious code. Their job is to download and execute untrusted code from the web on almost every page load.

      Given this, JavaScript engines should be excellent candidates for sandboxes. Sadly those engines are also extremely complicated, and are not designed for easy embedding in other projects. Most of the V8-in-Python projects I've seen are infrequently maintained and come with warnings not to use them with completely untrusted code.

      WebAssembly is a much better candidate. It was designed from the start to support all of the characteristics I care about and has been tested in browsers for nearly a decade. The wasmtime Python library brings WASM to Python, is actively maintained, and has binary wheels.

      MicroPython in WebAssembly

      WebAssembly engines like wasmtime run WebAssembly binaries. Some programming languages like Rust are easy to compile directly to WebAssembly. Dynamic languages like JavaScript and Python are harder - they support language primitives like eval(), which means they need a full interpreter available at runtime.

      To run Python we need a full Python interpreter compiled to WebAssembly, wired up in a way that makes it easy to feed it code, hook up host functions and access the results.

      Pyodide offers an outstanding package for running Python using WebAssembly in the browser, but using Pyodide in server-side Python isn't supported. The most recent advice I could find was from October 2024 stating "Pyodide is built by the Emscripten toolchain and can only run in a browser or Node.js".

      The other day I decided to take a look at MicroPython as an option for this. The MicroPython site says:

      MicroPython is a lean and efficient implementation of the Python 3 programming language that includes a small subset of the Python standard library and is optimised to run on microcontrollers and in constrained environments.

      WebAssembly sure feels like a constrained environment to me!

      Building the first version

      I had GPT-5.5 Pro do some research for me, which turned up this PR against MicroPython by Yamamoto Takahashi titled "Experimental WASI support for ports/unix".

      It then produced this research.md document, so I let Codex Desktop and GPT-5.5 high loose on it to see what would happen:

      read the research.md document and build this. You will probably need to write a script that compiles a custom WASM version of MicroPython as part of this project - fetch the MicroPython code to a /tmp directory for this as part of that script.

      It worked. I now had a prototype Python library that could execute Python code inside a WebAssembly sandbox!

      The trickiest piece to solve was persistent interpreter state. The WASM build we are using here exposes a single entry point which starts the interpreter, runs the code and then stops the interpreter at the end.

      This works fine for one-off scripts, but for Datasette Agent I want variables and functions to stay resident in memory so I can reuse them across multiple code execution calls.

      A neat thing about working with coding agents is that you can get from an idea to a proof of concept quickly. I prompted:

      For keeping variables resident: what if we ran code inside micropython itself which called a host function get_next_python_code() and then passed that to eval() - and that host function blocked until new code was available, maybe by running in a thread with a queue? Could that or a similar idea help here?

      After some iteration we got to a version of this that works! In Python code you can now do this:

      from micropython_wasm import MicroPythonSession

with MicroPythonSession() as session:
    print(session.run("x = 10\nprint(x)").stdout)
    print(session.run("x += 5\nprint(x)").stdout)
    print(session.run("print(x * 2)").stdout)

      Under the hood this starts a thread, sets up a request queue and then sends messages to that queue for the session.run() command, each time waiting on a reply queue for the result of that execution. Inside WASM the MicroPython interpreter blocks waiting for a __session_next__() host function to return the next line of code, which it runs eval() on before calling __session_result__({"id": request_id, "ok": True}) when each block has been successfully executed.

      The other piece of complexity was supporting host functions, so my Python library could selectively expose functions that could then be called by code running in MicroPython.

      Codex ended up solving this with 78 lines of C, which ends up compiled into the 362KB WebAssembly blob I'm distributing with the package.

      I am by no means a C programmer, but I've read the C and had two different models explain it to me (here's Claude's explanation) and I've subjected it to a barrage of tests.

      The great thing about working with WebAssembly is that if the C turns out to be fatally flawed the worst that can happen is the WebAssembly execution will fail with an exception. I can live with that risk.

      Memory limits are directly supported by wasmtime. CPU limits are a little harder: wasmtime offers a "fuel" concept to limit how many operations a WebAssembly call can execute, and that's the correct fit for this problem, but the units are hard to reason about. I'm experimenting with a 20 million default "fuel" setting now but I'm not confident that it's the most appropriate value.

      Try it yourself

      The micropython-wasm alpha is now live on PyPI.

      You can try it from your own Python code as described in the README. I've also added a simple CLI mode in version 0.1a2 which means you can try it using uvx without first installing it like so:

      uvx micropython-wasm -c 'print("Hello world")'
# To see it run out of fuel:
uvx micropython-wasm -c 's = ""; while True: s += "longer"'
# Outputs: micropython-wasm: guest exited with code 1

      You can also try it in Datasette Agent like this:

      uvx llm keys set openai
# Paste in an OpenAI key, then:
uvx --with datasette-agent \
  --with datasette-agent-micropython \
  --prerelease allow \
  datasette --internal internal.db \
    -s plugins.datasette-llm.default_model gpt-5.5 \
    --root -o

      Then navigate to http://127.0.0.1:8001/-/agent and run the prompt:

      show me some micropython

      Screenshot of a chat application interface with a dark blue-grey header reading "home" on the left and "root" with a hamburger menu icon on the right. Below is a navigation row with "← Back" and "Chat" on the left and an "EXPORT" button on the right. A blue user message bubble reads "show me some micropython". Below it a collapsed thinking section reads "▸Thinking: … to show the result clearly. After that, I can wrap up with a brief explanation!" followed by a "▶ Tool: execute_micropython" label. A code block follows: "# A tiny MicroPython example: blink-style logic + Fibonacci" / "def fib(n):" / " a, b = 0, 1" / " out = []" / " for _ in range(n):" / " out.append(a)" / " a, b = b, a + b" / " return out" / 'print("Hello from MicroPython!")' / 'print("First 10 Fibonacci numbers:", fib(10))' / "# MicroPython often runs on microcontrollers, e.g.:" / "# from machine import Pin" / "# led = Pin(2, Pin.OUT)" / "# led.value(1) # turn LED on" / "# led.value(0) # turn LED off". Below a horizontal divider is the output: "Hello from MicroPython!" / "First 10 Fibonacci numbers: [0, 1, 1, 2, 3, 5, 8, 13, 21, 34]", followed by a "▶ Result: execute_micropython" label. At the bottom is a text input field with placeholder "Type a message..." and a blue "Send" button.

      You can try a live demo of that plugin running in Datasette Agent by signing into agent.datasette.io with your GitHub account.

      Should you trust my vibe-coded sandbox?

      Having complained about immature, loosely-maintained sandboxing libraries, it's deeply ironic that I've now built my own!

      I deliberately slapped an alpha release version on it, and I'm not ready to recommend it to anyone who isn't willing to take a significant risk.

      I've put it through enough testing that I'm OK using it myself. I've shipped my first plugin that uses it, datasette-agent-micropython. I've also locked GPT-5.5 xhigh in that Datasette Agent plugin and challenged it to break out of the sandbox and so far it has not managed to.

      I'm hoping this implementation can convince some companies with professional security teams and high-stakes problems to commit to using Python in WebAssembly as a sandboxing approach and open source their own solutions.

      You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.

    11. 🔗 Armin Ronacher Communities of Not rss

      There is a strange thing that happens in communities that gather around abstinence from something: identity from opposition. At their best these communities are not just negative: childfree spaces can be about autonomy, choice and acceptance, anti-car spaces about safer streets and transit, and LLM-skeptical developer spaces about the future of labor, code quality and slop1. But the thing being refused often does not go away and instead becomes the main subject of the community's identity.

      That would be fine if it stayed at criticism, maybe even angry criticism, but more often than not it turns into policing and hatred towards others. An influencer without children becomes a parent, an urban bike commuter by choice buys a Porsche, a respected developer tries LLMs, and the community feels betrayed because it assumed they were members of the same tribe. The expulsion of that person (who never signed up to be a community member) is entirely imaginary but the punishment that the community unleashes is not: people pile on and shame them, quote them out of context and turn their weakest moments into proof that the person was always unserious, a sharlatan or should not be listened to.

      I do not think the answer is to tell people to stop paying attention. Cars shape cities even for people who cycle, children influence politics, workplaces and taxes even for people who do not have them. For us developers, LLMs show up in editors, issue trackers, hiring conversations, management pressure and code reviews whether we asked for them or not. Resisting that can be legitimate but that is no excuse for using one's rejection to justify shitty mob behavior.

      I understand the thinking all too well, because I have done versions of this myself in the past. It took me a while to become more accepting of other people's worldviews that diverge from mine. Whatever insecurities we have, finding a group of others sharing them can be comforting. The danger is that being part of a crowd of negativity can easily make us part of collective harassment.

      I can only encourage you to breathe, slow down, de-escalate when given the chance, and resist the temptation to always assume the most catastrophic reading. Default to being open to new things. Being negative towards something, and making that ones identity, is an easy trap to fall into.

      1. These examples are not meant as equivalents. The recent mob against rsync is the LLM version that prompted this post. I picked the others because I'm familiar with those communities and they all show similar cases of personal choices being interpreted as betrayal.

generated: June 09, 2026 at 04:24:25