🏡

to read (pdf)

generated: June 13, 2026 at 10:01:56

June 13, 2026
1. 🔗 earendil-works/pi v0.79.3 release
  Fixed
  - Fixed inherited OpenAI GPT-5.4/GPT-5.5 and OpenAI Codex GPT-5.4/GPT-5.4 mini/GPT-5.5 context window metadata to use the observed 272k-token Codex backend limit, avoiding a billing hazard from prompts above Codex's accepted limit (reported by @trethore).
2. 🔗 gchq/CyberChef v11.1.0 release
  
  See the CHANGELOG and commit messages for details.
3. 🔗 syncthing/syncthing v2.1.2-rc.2 release
  Major changes in 2.1
  - Devices and folders can now be grouped in the GUI by setting the new
    group attribute.
  - HTTP and HTTPS proxies with support for CONNECT can now be used, in
    addition to the existing support for SOCKS proxies (the environment
    variable all_proxy=https://...).
  - Block indexing can be turned off for folders where it's more desirable to
    optimise for reduced database size and overhead than minimal transfer
    size (the blockIndexing attribute on folder configuration).
  - GUI login session duration can be configured to be longer or shorter than
    the default one week, or set to infinitely long. The cookie path can also
    be adjusted. (The sessionCookieDurationS and sessionCookiePath
    attributes in the GUI configuration.)
  This release is also available as:
  - APT repository: https://apt.syncthing.net/
  - Docker image: docker.io/syncthing/syncthing:2.1.2-rc.2 or ghcr.io/syncthing/syncthing:2.1.2-rc.2
    ({docker,ghcr}.io/syncthing/syncthing:2 to follow just the major version)
  What's Changed
  
  Fixes
  - fix: on Windows don't allocate console if not opened inside one by @Shablone in #10726
  - fix(connections): do not report connection metrics for self (ref #10509) by @calmh in #10724
  - fix: let umask do the thing by @calmh in #10723
  - fix(fs, model): improve symlink resilience in file shortcut by @calmh in #10739
  - fix(protocol): always expect & validate block hash in requests by @calmh in #10738
  - fix(protocol): be more stringent about blocks in non-file entries by @calmh in #10737
  - fix(protocol): loosen restriction on size of directory entries by @calmh in #10743
  Other
  - chore(syncthing): open URLs via Windows API instead via cmd.exe by @Shablone in #10712
  - chore(db, model): separate methods to drop a device vs its files by @imsodin in #10480
  - build(deps): update dependencies by @calmh in #10740
  New Contributors
  - @Shablone made their first contribution in #10712
  Full Changelog : v2.1.1...v2.1.2-rc.2
4. 🔗 facebookresearch/faiss v1.14.3 release
  Highlights
  - Metal GPU backend expansion — new MetalIndexIVFFlat with IVF scan/merge kernels and expanded top-k support (#5202); Metal now enabled by default on Apple Silicon machines (#5280)
  - TurboQuant in ScalarQuantizer — full Algorithm 2 (QJL stage) with SIMD and optimizations (#5170)
  - Sapphire Rapids (SPR) optimizations — ScalarQuantizer L2/IP (#5173), VPOPCNTDQ-based HammingComputer (#5183), and VPOPCNTDQ-based RaBitQ kernel (#5149)
  - faiss-gpu pip wheels — new GPU wheel packaging (#5131); musllinux wheels re-enabled for faiss-cpu (#5299)
  - SVS static vamana support (#5224)
  - HNSWis_similarity mode for IP/similarity metrics (#5246, #5226)
  - HNSW search performance — reserve VisitedTableSet capacity to avoid rehashes (#5290), search_from_candidate_unbounded templatized for VisitedTable devirtualization (#5270), and runtime checks avoided in VisitedTable (#5234)
  - NEON FINE_SIZE=2 specializations for Index2LevelDecoderImpl and IndexPQDecoder (#5255)
  - cuVS upgraded to 26.06 (#5240); CI updated to ROCm 7 (#5196)
  - Deserialization hardening — bool-field validation (#5279) and null inner-index rejection in IDMap / BinaryFromFloat (#5239)
  - Build robustness — fix non-AVX2 import SIGILL via .rodata partitioning tables (#5298), Windows ARM64 (MSVC) NEON build fix (#5274), and AVX512_SPR dispatch fix on AMD (#5281)
  Full Changelog
  
  Added
  - 261d8f2 Add IVFSQTurboQSearchParameters to init.pyi stub (#5304)
  - 684a32d Add manual Faiss nightly workflow dispatch (#5300)
  - 10b6b2a Add MetalIndexIVFFlat with IVF scan/merge kernels and expanded top-k support (#5202)
  - 74d3619 TurboQuant in ScalarQuantizer: full Algorithm 2 (QJL stage) with SIMD and optimizations (#5170)
  - 5066009 Add Python HNSW tutorial (#5260)
  - 3cff0f4 Add Sapphire Rapids optimizations for ScalarQuantizer (L2, IP) (#5173)
  - 46ef80d Support IndexIDMap/IndexIDMap2 in reverse_index_factory (#5266)
  - 420158b Add VPOPCNTDQ-based HammingComputer for Sapphire Rapids+ (#5183)
  - d8f1c27 Implement NEON-based FINE_SIZE=2 specializations for Index2LevelDecoderImpl and IndexPQDecoder (#5262)
  - 0951b53 Support user provided blas library (#5189)
  - 215740e SVS static vamana support (#5224)
  - d24ad6e Add is_similarity mode to HNSW (#5246)
  - aa332cd Implement NEON-based FINE_SIZE=2 specializations for Index2LevelDecoderImpl and IndexPQDecoder (#5255)
  - 5d9aae6 Add faiss-gpu pip wheel packaging (#5131)
  - 6f1cf64 Add VPOPCNTDQ-based RaBitQ kernel for Sapphire Rapids+ (#5149)
  Changed
  - 262fc3c Re-enable musllinux wheels for faiss-cpu (#5299)
  - 1cdc370 Run CI on push to main to refresh ccache cache (#5291)
  - 379ee75 Reserve VisitedTableSet capacity to avoid rehashes during HNSW search (#5290)
  - 6513a24 Enable Metal by default on Apple machines (#5280)
  - fe46c3c Validate bool fields during deserialization (#5279)
  - 480f917 Type imbalance_factor and wire the .pyi stub into the buck build (#5269)
  - e60baeb Templatize search_from_candidate_unbounded for VisitedTable devirtualization (#5270)
  - c000190 Accelerate ScalarQuantizer::QT_bf16 with AVX512-BF16. (#4889)
  - 7504fc8 Upgrade CUVS Version to 26.06 (#5240)
  - d12683c facebook-unused-include-check in IndexBinaryIVF.cpp (#5263)
  - 99d9013 facebook-unused-include-check in distances_simd.cpp (#5264)
  - 2f0368b facebook-unused-include-check in hamming_avx2.cpp (#5265)
  - 0c72755 Remove unused include of platform_macros.h in partitioning.cpp
  - e6b8f6d IndexHNSW: use HNSW::is_similarity for IP/similarity metrics + tests (#5226)
  - c0575f2 avoid runtime checks in VisitedTable (#5234)
  - 1cb7601 Eliminate per-code denormalization in uniform SQ distance computation (#5166)
  - f29d862 Revert D106693266: Implement NEON-based FINE_SIZE=2 specializations for Index2LevelDecoderImpl and IndexPQDecoder
  - ef96e3d Updating CI to ROCm 7 (#5196)
  - f5217d7 facebook-unused-include-check in IndexBinaryHNSW.cpp (#5251)
  - 3e6ed99 facebook-unused-include-check in IndexBinaryIVF.cpp (#5252)
  - 108868b Reject null inner index in IDMap and BinaryFromFloat deserialization (#5239)
  - a64b549 Add IndexLattice r2 limit to cap decode-cache build cost (#5238)
  - 0993715 faiss: Replace remaining get_single_code calls with ScopedCodes (#5248)
  - 910e435 facebook-unused-include-check in hamming_avx2.cpp (#5242)
  - d581f2f Use per-SIMD TU scan for standalone PQ (AVX2 gather inlining) (#5233)
  Fixed
  - 20afed0 make intentional cudaGetLastError() error-clears explicit ((void)) for clang21 -- fixes S674096 (#5302)
  - e420e94 Move partitioning shifts tables to .rodata to fix non-AVX2 import SIGILL (#5298)
  - 15bd823 Fix cuVS nightly (#5273)
  - 17cc967 Fix AVX512_SPR dispatch on AMD: require AVX512_FP16 CPUID (#5281)
  - e69bfee Stabilize RaBitQ tests on AVX512_SPR by switching to cross-level equivalence (#5277)
  - c4c6514 Stub fixes: knn torch overload, ResidualCoarseQuantizer ctor, remove duplicate I/O defs (#5283)
  - eb4c1ea Fix Windows ARM64 (MSVC) build broken by NEON SIMD templatization (#5274)
  - ab63238 Install missing InvertedListScannerStats.h header (#5268)
  - 1405415 Fix broken fbcode//faiss/tests:test_index_binary - test_replicas (test_index_binary.TestReplicasAndS (#5258)
  - 34eb989 fix(python): int64 coercions for MapLong2Long + InvertedLists DOWNCAST chain (#5257)
  - d492af4 faiss: initialize ids_tab to -1 in Top1BlockResultHandler::begin_multiple (#5249)
  - a4e417f Fix: static SIMD dispatch falls to scalar for avx512_spr/avx512/arm_sve builds (#5057)
  - 3edc6e1 Guard Panorama autovec pragmas against nvcc frontend (#5241)
  - c7689c4 Fix ODR violation in ScannerMixIn by adding SIMDLevel template parameter (#5148)
  - ca87f41 Open SIFT demo data in binary mode (#5213)
  Full diff : v1.14.2...v1.14.3
5. 🔗 r/reverseengineering "Instead of touching grass for 6 months I built an AI that names 150,000 sub_ functions overnight. I have no regrets [SpectrIDA]" SELF PROMO (i love the tool tho) rss
  
  submitted by /u/Awkward_Fox518
  [link] [comments]
6. 🔗 anthropics/claude-code v2.1.177 release
  
  No content.
7. 🔗 r/reverseengineering Hunting the 30-Year-Old World of Xeen MT-32 Crash rss
  
  submitted by /u/finalpatch
  [link] [comments]
8. 🔗 tonsky.me Every Frame Perfect rss
  A while ago I was reading about Wayland and this quote stuck with me:
  
  A stated goal of Wayland is “every frame is perfect”.
  
  And I think this is a goal we should all aspire to. Wayland is talking about the technical side of things (modern GPU stacks are very complex and Wayland is trying to take control back) but it could be applied to UI too.
  
  The rule of thumb is:
  
  If I take a screenshot of your app at any moment, it must make sense
  
  Why care about every frame? It builds trust. Users can’t see the code, so UI is the only way for them to judge the quality of the app. If UI looks good, that means developers had time to polish it, which means that they probably spent a comparable amount of time to iron out the code. It’s a heuristic, but a reasonable one.
  
  Now, what does it mean in practice? I can think of a few things:
  - No white flashes between screens.
  - No partially loaded content.
  - No relayout while content loads.
  - Internally consistent. If one part of the UI says “1 update available”, another part should not say “Checking for updates...”
  - Precise animations.
  Animations often end up being forgotten. A UI might look great in both start and end states but very janky in between. Like this:
  
  If you feel like there are weird things going on there, there are! Look at slowed down version:
  
  Now let’s apply our rule and take screenshots in the middle of the animation. This doesn’t look right:
  
  Neither does this:
  
  Both of these frames are not perfect.
  
  Let’s look at another example. Safari:
  
  Placeholder text here moves from the center but cursor animates from the left position:
  
  Not the end of the world by any means, but it does create a feeling that these two components are not in sync with each other. Next thought: maybe they weren’t designed together? If so, then they might not work well together. That’s how trust is lost.
  
  This desynchronization can lead to a lot of confusion. For example, in Photos, when switching between Crop and Adjust mode, picture snaps into place immediately but the crop border is animated:
  
  This creates a false feeling that something subtly changes when you switch between modes. And you know what? I don’t want my UI to give me false feelings. I want it to be a precise instrument, not an animated toy.
  
  Sometimes animations are supposed to help you understand a transition, so it’s doubly sad when they make it harder. Follow the magnifying glass:
  
  Same with Youtube. They had the simplest task in the world: move a rectangle from one position to another! Yet they decided to do something very strange:
  
  Can you explain this? Does it make sense?
  
  Probably a technical limitation of the DOM architecture they decided earlier on. I call these situations “The technology has outsmarted the programmer”. But no matter the reason, the result is an imperfect frame.
  
  Sometimes animations are left out as an afterthought. Whatever happens, happens. Then we get this:
  
  The details are fascinating to watch:
  
  So yeah. Please pay attention not only to the start and end states, but also to everything in between. Every frame matters.
  
  I’ll leave you with this unprovoked zoom animation from Preview app. Take care!
June 12, 2026
1. 🔗 earendil-works/pi v0.79.2 release
  New Features
  - Clearer Bedrock validation guidance - Amazon Bedrock data retention validation errors now link to AWS data retention documentation. See Amazon Bedrock.
  Added
  - Added an experimental first-time setup flow behind PI_EXPERIMENTAL=1 that asks for a dark/light theme choice (preselecting the detected appearance) and opt-in analytics data sharing on first launch with the default agent directory; opting in stores a trackingId in settings.json (#5587 by @vegarsti).
  - Added AWS data retention documentation links to inherited Amazon Bedrock unsupported data retention mode validation errors (#5561 by @unexge).
  Fixed
  - Fixed project trust detection to ignore global ~/.pi/agent state when running from $HOME, and made pi update use only saved or explicit project trust without prompting (#5619).
  - Fixed experimental first-time setup to skip forked sessions instead of rerunning the setup prompts (#5627 by @vegarsti).
  - Fixed inherited OpenAI-compatible context overflow detection for parenthesized maximum context length (N) errors (#5677).
  - Fixed inherited OpenAI GPT-5.4/GPT-5.5 and OpenAI Codex GPT-5.4/GPT-5.4 mini/GPT-5.5 context window metadata to match current OpenAI limits (#5644).
  - Fixed inherited Anthropic refusal stops to preserve provider stop_details explanations in error messages (#5666 by @rwachtler).
  - Increased the inherited OpenAI Codex Responses SSE response-header timeout to 20 seconds to reduce false-positive stalls while retaining the bounded wait introduced for zero-event hangs (#4945).
  - Fixed inherited Claude Fable 5 thinking-off requests to omit Anthropic's unsupported thinking.type: "disabled" payload (#5567 by @tmustier).
  - Fixed inherited late tool progress callbacks after tool settlement to be ignored instead of emitting stale tool_execution_update events (#5573).
  - Fixed inherited user-message transcript rendering so standalone + messages no longer render as - (#5657).
  - Fixed inherited slash-separated fuzzy queries so provider/model completions remain matchable after insertion.
  - Fixed inherited WezTerm inline Kitty image rendering so reserved row clears do not erase all but the top strip of tool image previews (#5618).
  - Fixed inherited editor wrapping for CJK text to break at character boundaries instead of leaving large trailing gaps (#5585 by @haoqixu).
  - Fixed inherited loose Markdown list rendering to preserve blank-line separation between list items (#5562 by @Perlence).
  - Fixed --model resolution for authenticated custom model IDs whose slash prefix matches an unauthenticated built-in provider (#5643).
  - Fixed /fork to keep session parent chains connected when the forked path contains labels (#5669).
  - Fixed /share and /export HTML exports to use the active fallback theme when the configured custom theme no longer exists (#5596).
  - Fixed custom fallback model IDs with :<thinking> suffixes to preserve the requested thinking level when the provider template model does not advertise reasoning (#5560 by @haoqixu).
2. 🔗 anthropics/claude-code v2.1.176 release
  What's changed
  - Session titles are now generated in the language of your conversation (set the language setting to pin a specific language)
  - Added footerLinksRegexes setting for regex-matched link badges in the footer row, configurable via user or managed settings
  - Improved Bedrock credential caching: credentials from awsCredentialExport are now cached until their Expiration instead of a fixed 1 hour
  - Fixed availableModels enforcement: alias model picks can no longer be redirected to a blocked model via ANTHROPIC_DEFAULT_*_MODEL environment variables, and /fast now refuses to toggle when it would switch to a model outside the allowlist
  - Fixed auto mode failing on Fable 5 for organizations without Opus 4.8 enabled — the classifier now falls back to the best available Opus model
  - Fixed hook if conditions for Read/Edit/Write tool paths: documented patterns like Edit(src/**), Read(~/.ssh/**), and Read(.env) now match correctly
  - Fixed Linux sandbox failing to start when .claude/settings.json is a symlink with an absolute target
  - Fixed /copy and mouse-selection copy not reaching the system clipboard inside tmux over SSH, and tmux paste buffer not loading on versions older than 3.2
  - Fixed Remote Control connecting from web/mobile silently switching the session's model
  - Fixed Remote Control disconnect notifications showing a bare numeric code instead of a human-readable reason, and connection failures adding a duplicate line to the conversation transcript
  - Fixed Remote Control sessions not disconnecting when you sign in to a different account
  - Fixed /cd and worktree moves leaving the session reporting the previous directory's git branch
  - Fixed claude agents: pressing back in one window no longer detaches other windows attached to the same session
  - Fixed backgrounded sessions showing "Working" forever when /bg mid-turn had nothing left to continue
  - Fixed background agent search by PR URL: PRs opened during scheduled wakeups or while a job was blocked now appear in claude agents search
  - Fixed the agents view input showing no text cursor on Windows
  - Fixed claude --bg -cn <name> not seeding the session name
  - Fixed background sessions to neutralize Windows network paths in persisted state before respawn
  - Fixed background-session respawn rejecting malformed resume IDs from corrupted state files
  - Fixed the Windows background-service daemon not starting when ~/.claude/daemon has the ReadOnly attribute set
  - Fixed cloud sessions failing with "Could not resolve authentication method" when idle for too long before being claimed
  - Background sessions now show clearer guidance when a window left open across an auto-update can't submit a reply, and claude daemon status explains version-skew behavior
3. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 plugin, +3 releases, -1 release rss
```
sync repo: +1 plugin, +3 releases, -1 release

## New plugins
- [ida-rpc](https://github.com/bkerler/ida_rpc) (0.1.0)

## New releases
- [IDASQL](https://github.com/allthingsida/idasql): 0.0.17
- [ida-bochs-binaries](https://github.com/hexrayssa/ida-bochs-binaries): 1.0.1

## Changes
- [IDASQL](https://github.com/allthingsida/idasql):
  - removed version(s): 0.0.1
```
4. 🔗 3Blue1Brown (YouTube) Measuring the entropy of English rss
  
  Full video: https://youtu.be/l6DKRf-fAAM
5. 🔗 HexRaysSA/plugin-repository commits merge: discover changelog URLs, mirroring readme_url (EA-770) rss
```
merge: discover changelog URLs, mirroring readme_url (EA-770)

Probe the local mirror then GitHub for CHANGELOG.md / CHANGES.md /
HISTORY.md / docs/CHANGELOG.md and write metadata.changelog_url on each
plugin record in combined.json, exactly like README discovery. The
probe helpers are now filename-list-driven so both share one code path.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
```
6. 🔗 syncthing/syncthing v2.1.2-rc.1 release
  Major changes in 2.1
  - Devices and folders can now be grouped in the GUI by setting the new
    group attribute.
  - HTTP and HTTPS proxies with support for CONNECT can now be used, in
    addition to the existing support for SOCKS proxies (the environment
    variable all_proxy=https://...).
  - Block indexing can be turned off for folders where it's more desirable to
    optimise for reduced database size and overhead than minimal transfer
    size (the blockIndexing attribute on folder configuration).
  - GUI login session duration can be configured to be longer or shorter than
    the default one week, or set to infinitely long. The cookie path can also
    be adjusted. (The sessionCookieDurationS and sessionCookiePath
    attributes in the GUI configuration.)
  This release is also available as:
  - APT repository: https://apt.syncthing.net/
  - Docker image: docker.io/syncthing/syncthing:2.1.2-rc.1 or ghcr.io/syncthing/syncthing:2.1.2-rc.1
    ({docker,ghcr}.io/syncthing/syncthing:2 to follow just the major version)
  What's Changed
  
  Fixes
  - fix: on Windows don't allocate console if not opened inside one by @Shablone in #10726
  - fix(connections): do not report connection metrics for self (ref #10509) by @calmh in #10724
  - fix: let umask do the thing by @calmh in #10723
  - fix(fs, model): improve symlink resilience in file shortcut by @calmh in #10739
  - fix(protocol): always expect & validate block hash in requests by @calmh in #10738
  - fix(protocol): be more stringent about blocks in non-file entries by @calmh in #10737
  Other
  - chore(syncthing): open URLs via Windows API instead via cmd.exe by @Shablone in #10712
  - chore(db, model): separate methods to drop a device vs its files by @imsodin in #10480
  - build(deps): update dependencies by @calmh in #10740
  New Contributors
  - @Shablone made their first contribution in #10712
  Full Changelog : v2.1.1...v2.1.2-rc.1
7. 🔗 anthropics/claude-code v2.1.175 release
  What's changed
  - Added enforceAvailableModels managed setting — when enabled, the availableModels allowlist also constrains the Default model (a Default that would resolve to a disallowed model now falls back to the first allowed model), and user or project settings can no longer widen a managed availableModels list
8. 🔗 anthropics/claude-code v2.1.174 release
  What's changed
  - Added wheelScrollAccelerationEnabled setting to disable mouse-wheel scroll acceleration in fullscreen mode
  - Fixed the /model picker hiding the model family that Default resolves to — Opus now appears as its own row on Max/Team Premium/Enterprise plans, Sonnet on Pro/Team plans, and Opus on pay-as-you-go API accounts
  - Fixed /model picker showing a hardcoded Sonnet version label when ANTHROPIC_DEFAULT_SONNET_MODEL pins a different Sonnet
  - Fixed the "Fable 5 is now consuming usage credits" banner incorrectly showing for enterprise accounts with usage-based billing
  - Fixed Bedrock GovCloud regions (us-gov-*) deriving the wrong inference profile prefix (global instead of us-gov), causing 400 errors on derived model IDs
  - Fixed background sessions inheriting another session's ANTHROPIC_* provider env (gateway URL, custom headers, /model aliases) from the shell that started the background daemon
  - Fixed a 1-2 second pause when exiting Claude Code shortly after a shell command was interrupted or killed on macOS and Linux
  - Fixed git commit co-author attribution showing an incorrect model name for some models
  - Fixed the /advisor dialog pre-selecting a saved advisor model that is blocked by the availableModels allowlist
  - Fixed skill hot-reload re-sending the entire skill listing when a single skill changed; only changed skills are now re-announced
  - Fixed Workflow tool agent() subagents missing per-agent attribution headers
  - [VSCode] Added usage attribution to the Account & usage dialog (/usage) showing cache misses, long context, subagents, and per-skill/agent/plugin/MCP breakdowns over the last 24h or 7d
  - Fixed pre-warmed background workers failing with "Could not resolve authentication method" when claimed after sitting idle
June 11, 2026
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-06-11 rss
  IDA Plugin Updates on 2026-06-11
  
  New Releases:
  - idasql IDASQL v0.0.17
  Activity:
  - augur
    
    37f71f1e: doc: further improve comments
    
    e067043f: doc: improve comments
  - capa
    
    2c12cbb4: tests: add data-driven test fixtures for rule matcher (#2987)
    
    0fba3e58: tests: split out ELF OS detection fixtures into their own JSON
    
    028aa533: tests: add more ELF OS detection cases (#3099)
    
    e69eb70d: Sync capa-testfiles submodule
    
    8a18bd0e: tests: add more granular ELF OS detection tests, data-driven (#3098)
  - ghidra
    
    2b377071: Merge remote-tracking branch 'origin/patch'
  - haruspex
    
    1bd91ec5: doc: further improve comments
    
    bb968840: doc: improve comments
  - idasql
    
    8b9ac87a: idasql v0.0.17: domain-split tables, .pin autostart, UI context, CRUD…
  - rhabdomancer
    
    161378ce: doc: fitrher improve comments
    
    6ec06cd0: doc: improve comments
2. 🔗 Simon Willison Claude Fable is relentlessly proactive rss
  After two days of experience with Claude Fable 5 I think the best way to describe it is relentlessly proactive. It knows a whole lot of tricks and it will deploy pretty much any of them to get to its goal.
  
  I'll illustrate this with an example. I was hacking on Datasette Agent today when I noticed a glitch: a horizontal scrollbar that shouldn't be there in the jump menu chat prompt. I snapped this screenshot:
  
  Then I started a fresh claude session in my datasette-agent checkout, dragged in the screenshot and told it:
  
  Look at dependencies to help figure out why there is a horizontal scrollbar here
  
  I had a hunch the cause was in a dependency of Datasette Agent (likely Datasette itself) and I knew Fable was good at digging into dependency code, either by inspecting installed files in its own virtual environment site-packages or by referencing a local checkout on disk. Telling it to start with dependencies felt like a good bet.
  
  I got distracted by a domestic task and wandered away from my computer.
  
  When I came back a few minutes later I saw my machine open a browser window in my regular Firefox and then navigate to the dialog in question. I had not told Claude Code to use any browser automation, and I was pretty sure it wasn't possible for it to trigger mouse movements or keyboard shortcuts within a window, so how was it doing that?
  
  I watched in fascination as it continued with its explorations, then saw it open a Safari window instead of Firefox. I also grabbed this snapshot from the Claude terminal:
  
  What was it doing there with uv run --with pyobjc-framework-Quartz?
  
  It turns out Fable had hacked up its own pattern for taking screenshots of browser windows. It was using Python to iterate through all available windows on my machine, then filtering for Safari windows with expected strings such as "textarea" in the window name. It used that to find their window number - an integer like 153551 - which it could then use with the screencapture CLI tool to grab a PNG.
  
  OK fine, that's a neat way of taking screenshots. But what was it taking screenshots of?
  
  Turns out it had been writing its own scratch HTML pages to try and recreate the bug, then opening Safari and grabbing screenshots.
  
  Here's that /tmp/textarea-scrollbar-test.html page it created, and the screenshot it took with screencapture -x -o -l 153551 /tmp/safari-cases.png:
  
  (I have way too many open tabs!)
  
  OK, so I can see how it's opening test pages and taking screenshots, but how on earth was it triggering the modal dialog that was meant to be under test? That's only available via a click or a keyboard shortcut, and I couldn't see a mechanism for it to run those in Safari.
  
  I eventually figured out what it had done.
  
  Claude was running in a folder that contained the source code for the application. It knows enough about Datasette to be able to run a local development server. It turns out it was editing Datasette's own templates to add JavaScript that would trigger the correct keyboard shortcut as soon as the window opened, adding code like this:
  <script> window.addEventListener("load", function () { setTimeout(function () { document.dispatchEvent(new KeyboardEvent("keydown", {key: "/", bubbles: true})); }, 1200); }); </script>
  1.2 seconds after the window opens, this code triggers a simulated / key, which is the keyboard shortcut for opening the modal dialog.
  
  There was one challenge left. In order to understand what was going on, Claude needed to run JavaScript on the page to take measurements for itself.
  
  It wrote its own custom web application to capture information via CORS, then ran that as a local server and opened a page with JavaScript that would POST directly to it!
  
  Here's the Python web app it wrote, using the standard library http.server package:
```
from http.server import HTTPServer, BaseHTTPRequestHandler

class H(BaseHTTPRequestHandler):
    def do_POST(self):
        n = int(self.headers.get("Content-Length", 0))
        open("/tmp/diag.json", "w").write(self.rfile.read(n).decode())
        self.send_response(200)
        self.send_header("Access-Control-Allow-Origin", "*")
        self.end_headers()
    def do_OPTIONS(self):
        self.send_response(200)
        self.send_header("Access-Control-Allow-Origin", "*")
        self.send_header("Access-Control-Allow-Headers", "*")
        self.end_headers()
    def log_message(self, *a):  # quiet
        pass

HTTPServer(("127.0.0.1", 9999), H).serve_forever()
```
  All this does is accept a POST request full of JSON and write that to the /tmp/diag.json file. It sends Access-Control-Allow-Origin: * headers (including from OPTIONS requests) so that code running on another domain can still communicate back to it.
  
  Then Claude injected this code into the template that it was loading in a browser:
  const host = document.querySelector("navigation-search"); const ta = host.shadowRoot.querySelector("textarea"); const cs = getComputedStyle(ta); fetch("http://127.0.0.1:9999/diag", { method: "POST", body: JSON.stringify({ dpr: window.devicePixelRatio, scrollWidth: ta.scrollWidth, clientWidth: ta.clientWidth, whiteSpace: cs.whiteSpace, width: cs.width, }), });
  This took measurements of the <textarea> inside the <navigation-search> Web Component and sent them to the server, which wrote them to a file on disk, which Claude could then read.
  
  Having figured out all of these tricks Fable... hit some invisible guardrail and downgraded itself to Opus. Thankfully Opus had access to the full transcript and could continue using the tricks pioneered by Fable, and shortly afterwards found, tested and verified the fix.
  
  I prompted Opus to:
  
  Write a report in /tmp/automation-report.md where you note down all of the tricks you have used in this session to test against real browsers on my computer, include runnable code examples
  
  Which produced this report, which was invaluable for piecing together the details of what had happened for this post.
  
  I've shared the full terminal transcript of the Claude Code session as well.
  
  A review of everything it did
  
  Based on a screenshot and a one-line prompt, Claude Fable 5 + Claude Code:
  - Figured out the recipe to run the local development server (with fake environment variables needed to get it running)
  - Fired up a Playwright Chrome session
  - Turned on the visible scrollbars setting for Chrome defaults write com.google.chrome.for.testing AppleShowScrollBars Always (it turned that off again later)
  - Cycled through Firefox and WebKit in Playwright too, failing to recreate the bug
  - Worked out my default browser was Safari
  - Built a textarea-scrollbar-test.html HTML document
  - Opened that in real (not Playwright) Firefox
  - Found that osascript -e 'tell application "System Events" to tell process "firefox" to id of window 1' was blocked because "osascript is not allowed assistive access"
  - Figured out that uv run --with pyobjc-framework-Quartz python workaround, described above
  - Added JavaScript to the site templates in order to trigger the / key
  - Built its own little Python CORS web server to capture JSON data
  - Rewrote the template to capture that data and send it to the server
  - Scripted its way through the Web Component shadow DOM to the information it needed
  - Opened Safari to confirm the source of the bug
  - Modified its custom template to hack in a potential fix
  - Confirmed the hacked fix worked
  - Reported back on how to fix the problem
  Like I said, relentlessly proactive!
  
  An estimate of the cost
  
  I'm currently on the $100/month Claude Max plan, which includes a generous allowance for Fable up until June 22nd after which Anthropic say they'll start charging full API prices for it.
  
  I'm using AgentsView to track my spending (see this TIL). Here's what AgentsView says this session would have cost me if I was paying full price for it:
```
~ % uvx agentsview session usage be8850a7-6119-46a0-b5d6-79c7fff5ae2b
Session:       be8850a7-6119-46a0-b5d6-79c7fff5ae2b
Agent:         claude
Output:        68606
Peak ctx:      113178
Cost:          ~$12.11 (claude-fable-5, claude-opus-4-8)
```
  If you don't keep a close eye on it, Fable will quite happily burn $12 in tokens inventing new ways to debug your CSS.
  
  I really need to lock this thing down
  
  On the one hand, watching Fable go to extreme lengths to get the information that it needed to debug what was, in the end, a two-line CSS fix, was fascinating.
  
  But on the other hand... this is a robust reminder that coding agents can do anything you can do by typing commands into a terminal - and frontier models know every trick in the book, and evidently a few that nobody has ever written down before.
  
  If Fable had been acting on malicious instructions - a prompt injection attack hidden in code or an issue thread, or something I'd carelessly pasted into my terminal - it's alarming to think quite how far it could go to exfiltrate data or cause other forms of mischief.
  
  Running coding agents outside of a sandbox has always been a bad idea - it's my top contender for a Challenger disaster incident, as described by Johann Rehberger in The Normalization of Deviance in AI.
  
  Fable is arguably smarter and hence more suspicious of potentially malicious instructions. But that smartness is very much a two-edged sword: if it does get subverted by instructions, the amount of damage it can do given its relentless proactivity is terrifying.
  
  You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options.
3. 🔗 r/reverseengineering Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it rss
  
  submitted by /u/alphacentarii
  [link] [comments]
4. 🔗 The Pragmatic Engineer The Pulse: a trend of trying to cut back on AI spend within eng departments? rss
  Hi, this is Gergely with a bonus, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover Big Tech and startups through the lens of senior engineers and engineering leaders. Today, we cover one out of four topics from The Pulse issue from two weeks ago. Full subscribers received the article below fourteen days ago. If you 've been forwarded this email, you can subscribe here .
  
  The below The Pulse is interesting, as a week after the original was sent it out, OpenAI CEO Sam Altman also said how AI budgeting is a huge issue for some companies - echoing findings from this analysis.
  
  In mid-May, Uber president, Andrew McDonald, was on the Rapid Response podcast for a conversation about the ridesharing giant with host Bob Safian, who raised the lack of hoped-for efficiency leverage from AI, citing the language learning app, Duolingo.
  
  "When you hear companies talking about 25% of code commits over the last quarter were AI-driven, or how their token usage went from X to Y percentage of employees: all these numbers are amazing. I think it's a massive transformation of society", McDonald said.
  
  "But, then you go and you talk to your senior engineering leaders, and you're asking: "how many projects that were "on the cutting room floor" got moved above the line [of being done] because of the productivity gains? Because 25% of our code commits were via Claude Code last quarter."
  
  That link [of improved productivity thanks to AI] is not there yet. I mean, maybe implicitly there's more that is getting shipped, but it's very hard to draw a line between one of those stats and more useful consumer features.
  
  Over the coming quarters and years, maybe that will become clearer. But today it's hard, even if some of the underlying metrics are trending in a really astronomical direction.
  
  Our CTO, Praveen, went viral because he said in an interview that we had blown through our AI budget for 2026 and it was the middle of March. We're going to have to start talking about token consumption and the associated cost versus headcount, and making tradesoffs on that as an engineering organization.
  
  If you 're not able to draw a direct line to [how many] useful features and functionality you're shipping to your users, that tradeoff [on AI spend] becomes harder to justify because AI is not free.
  
  If you're just a user [of AI tools] sitting there and coming up with interesting use cases, and you don't pay the bill, it can feel [like AI is free]. But somebody's paying the bill".
  
  My hunch is that pretty much every company is starting to, or will do soon, ask questions about the massive growth in AI spend; starting with AI coding tools. I talked with a few folks at larger and smaller companies about it:
  - OpenCode: customer demand for optimizing spend is spiking. Yesterday, on the podcast episode with OpenCode creator, Dax Raad, he said demand for OpenCode's hosted inference service (OpenCode Zen) surpassed all expectations because larger companies want cheaper, but still capable, AI models. He revealed that over the past month, every single inbound enterprise request was about optimizing spend. So, there's some widespread concern about AI bills.
  - Companies with cutting-edge AI bite the bullet with model routing. I talked with a CTO and a Head of Engineering at two cutting-edge tech companies. They also do not have an obvious return on investment (ROI) as yet. Still, they feel they have no choice but to pay the "intelligence premium" for state-of-the-art models or increase the number of bugs shipped. To reduce costs, both are considering "smart" model routing based on use case and prompt. These places pay top-of-market for the best engineers, so similarly, there are expectations of access to the best tools and models.
  - DoorDash: More knowledge-sharing sessions and responsibility for devs. The leading food delivery company gives responsibility for spending to devs: everyone has a high monthly token usage limit. To exceed it, you need to justify why, and also share the plan for being more efficient next month. Many regular in-house knowledge-sharing sessions are about efficient AI use.
  - Traditional company: monthly limits and dumb-model downgrades. One month ago, one of the largest retirement-savings companies in the US updated its AI usage policy for all devs, a current engineer told me, imposing a monthly GitHub Copilot token limit. Once gone, devs must use the less capable "0x" models on Copilot, which are not charged extra: GPT‑5 mini, GPT‑4.1, and Grok Code Fast 1.
  - Startups: signing up for multiple Claude / Codex Max subscriptions. I talked with several smaller startups that are generating meaningful revenue, and don't want to pay expensive API prices. So, they've made it a practice for devs to get subsidized Claude Code Max or Codex Max subscriptions.
  There 's a new bottom-up focus on AI efficiency. Most tech companies do a variety of internal knowledge-sharing things like regular team demos, lunch- and-learn sessions, and engineering all-hands. I've been noticing more AI efficiency-focused sessions in the past couple of months, coming from engineers: no top-down mandate!
  
  Engineering all-hands, CTOs, and even CEOs have started to raise concerns about increasing AI token costs, and now more engineers are experimenting with cheaper models for simpler tasks, model routing, more efficient token usage, etc.
  
  I'd expect that during the next performance review and promotion cycles, engineers who helped save on token costs might be rewarded, like two years ago, when engineering teams were rewarded for saving on third-party vendor bills.
  
  For an engineer, the best way to show impact in your work is to translate it to money: revenue generated, or costs saved. With AI spending as high as (or higher than) on observability, it should be straightforward to show massive savings with smart optimizations. There's a touch of irony in how any savings - for which there might be promotions and pay rises - will come from the places that actually did the rocketing spending.
  
  Read the full issue in the previous The Pulse. Or check out this week's The Pulse: Did Anthropic's new model just boost rival Codex's market share?
5. 🔗 The Pragmatic Engineer The Pulse: Antigravity 2.0 takes ‘IDE’ out of its new IDE rss
  Hi, this is Gergely with a bonus, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover Big Tech and startups through the lens of senior engineers and engineering leaders. Today, we cover one out of four topics from The Pulse issue from 21 May 2026. Full subscribers received the article below three weeks days ago. If you 've been forwarded this email, you can subscribe here .
  
  Yesterday, Google launched a full redesign of its flagship AI IDE, Antigravity 2.0. The "original" Antigravity came out in November 2025, as pretty much a clone of Windsurf, the IDE whose team Google acquired for $2.4B last July.
  
  Google has turned Antigravity into two distinct applications, "Antigravity IDE" (its former incarnation) and "Antigravity 2.0". This new version itself resembles a clone of Codex's desktop app. When you install Antigravity 2.0, there are two different applications. From Google's launch post:
  
  "If you already have installed the Antigravity IDE, when that application next updates, it will automatically update to Antigravity 2.0. At this point, you will be asked if you would like to still keep the Antigravity IDE, which is recommended for developers:
  
  My sense is that the team at Google may have struggled to decide whether to keep supporting "original" Antigravity while investing in the Codex-like experience, and so kept both. Whatever the reasoning, it has created confusing naming, and it feels to me like the team's true focus is 2.0.
  
  Big change: Antigravity 2.0 throws out the IDE and adds a conversational interface
  
  The upgrade feels rushed, sloppy, and poorly thought out. I had Antigravity on my machine, and installed Antigravity 2.0 separately. I wanted to use them side-by-side, but when I tapped "Restart to update" on Antigravity 1.0, it upgraded itself to Antigravity 2.0 (the non-IDE version). Suddenly, I had two applications with different names, but neither is an IDE:
  
  Testing times: Two apps but no IDE version on my machine, due to lack of testing
  
  Google has introduced an "Agent Manager" concept that feels unintuitive, and perhaps suitably, its creator struggles to explain it (emphasis mine:)
  
  "When we launched the Google Antigravity IDE in November 2025, there was no agent-first GUI surface in the market. We wanted to prove that such a surface worked, at least for software development. So, while the core of the Antigravity IDE was a familiar agent-powered IDE, we introduced the Agent Manager, a second surface that stripped away much of the "IDE" UI. This allowed users to focus on the agent conversations themselves, the artifacts the agents produced, and multi-agent management.
  
  Even without this separation, we have been pleasantly surprised how many people have adopted the Agent Manager in the Antigravity IDE for such non- development tasks, but it is not particularly intuitive ".
  
  The "Agent Manager" is basically a way to launch several agents, and the most intuitive interfaces for doing so are inside Claude and Codex desktop apps and Claude CoWork. Antigravity 2.0 copies them by starting new agent tasks on the right hand of the UI, and keeping track of them.
  
  Google looks indecisive about what to do with the IDE part of Antigravity. The release announcement suggests they'll keep on confusing users (emphasis mine:)
  
  "Although Antigravity 2.0 is the future, we won't disrupt your workflows right away. For now, both the Antigravity IDE application itself and the Agent Manager in the Antigravity IDE will remain available. In an upcoming release, we will remove the Agent Manager from the Antigravity IDE, turning the IDE into a purely agent-powered IDE. "
  
  Basically, the Antigravity IDE (not "the future" in Google's vision) will become more limited over time. It's unclear what a "purely" agent-powered IDE will be once agentic functionality is removed, especially as Antigravity IDE is not the future, as per Google.
  
  Not only that, but the announcement also encourages devs to use Antigravity 2.0 with other IDEs! From the launch post (emphasis mine):
  
  "We recommend dual-wielding Antigravity 2.0 with your IDE of choice, whether it is the Antigravity IDE or otherwise. Googlers have already been dual wielding Antigravity 2.0 with a whole host of IDEs! We will have compatible extensions and plugins into other popular IDEs shortly".
  
  To me, this suggests Google will retire Antigravity IDE and recommend VS Code, JetBrains, Cursor, or Zed, with Antigravity. Then again, why would Cursor or Zed support Antigravity? The messaging is extremely confusing: Google's still the king of opacity.
  
  Feedback on Antigravity 2.0 has been negative due to bugs, poor UX and model support, more bugs, and eating up Gemini token quotas rapidly. Antigravity does not support state-of-the-art Anthropic or OpenAI models (no Opus 4.7 or GPT 5.5). Not supporting OpenAI's models like this is sensible as they're competitors, but Google is an investor in Anthropic, so not supporting Opus 4.7 (while supporting the legacy 4.6 model) is a bit odd.
  
  Models which Antigravity 2.0 supports
  
  Gemini 3.5 Flash is Google's cutting-edge model, but it gets lots of complaints from devs for editing files without asking, and seems like an inefficient model. Another common complaint is that Antigravity uses up the $100/month Ultra subscription daily quota in minutes. Basically, it seems like a poor-quality product that wasn't polished due to lack of time or inclination.
  
  In context, it's embarrassing for there to be a "Codex" folder in the launch video if it suggests that Google's own Antigravity devs are using Codex for day-to-day work. It also suggests that the launch video was not reviewed properly, otherwise this obvious detail would presumably have been caught and fixed:
  
  Codex folder in Documents suggests Antigravity devs are users of it. Source: Antigravity 2.0 launch video
  
  To upset devs even more, Google is replacing its open source Gemini CLI with the closed source Antigravity CLI. There are a few issues with this move:
  - Antigravity CLI does not support Google's own Agent Client Protocol (ACP), used for programmatic control, primarily for IDE and other developer tool integrations. This is protocol which IDEs like JetBrains and Zed have adopted, so Antigravity CLI becomes incompatible with them
  - Google offers no migration path from Gemini CLI settings/skills/MCPs into Antigravity. Figure it out on your own!
  - Devs using Gemini models are forced to move as Google has removed support for Gemini 3.5 Flash model from Gemini CLI. It can only be used from Antigravity CLI. Clearly, this was done to force a move. Why not offer a migration path?
  My sense is the Antigravity team is moving fast, breaking things, and shipping a broken product. It feels like the Antigravity 2.0 and Antigravity CLI products have been rushed to meet the annual Google conference (Google I/O) deadline, this week. Google deprecates existing products to attempt to get users to switch to the new version. But the new one is broken.
  
  What 's changed? Manu Cornet __ penned this cartoon in 2011__
  
  And this is a big reason why I don't believe Google will become a serious player in the dev tools space - not even with AI dev tools. Every six to twelve months they remind devs who onboarded to their dev tools that it was a mistake to do so. I would expect the majority of Google CLI and Antigravity users to go and try products from other vendors - be that Cursor, Anthropic, OpenAI, GitHub, or others - and for few to stick around after their workflows are broken.
6. 🔗 r/reverseengineering [Reverse-Engineering] Skeet CS:GO source code (Gamesense) rss
  
  submitted by /u/Imaginary_Command184
  [link] [comments]
7. 🔗 r/reverseengineering [Reverse-Engineering] Skeet CS:GO source code (Gamesense) rss
  
  submitted by /u/Imaginary_Command184
  [link] [comments]
8. 🔗 r/reverseengineering Giulio Zausa's MMO-CHIP Makes Reverse Engineering Old Silicon Chips a Multiplayer Game rss
  
  submitted by /u/r_retrohacking_mod2
  [link] [comments]
9. 🔗 r/reverseengineering I built 99 adversarially malformed PE files to test tool robustness - here’s what happened rss
  
  submitted by /u/iocx_dev
  [link] [comments]
10. 🔗 HexRaysSA/plugin-repository commits sync repo: +1 release rss
```
sync repo: +1 release

## New releases
- [yarg](https://github.com/r0ny123/yarg): 1.0.5
```
11. 🔗 anthropics/claude-code v2.1.173 release
  What's changed
  - Fixed Fable 5 model names with a [1m] suffix not being normalized — Fable 5 includes 1M context by default, so the suffix is now stripped automatically
  - Fixed a spurious "sandbox dependencies missing" startup warning on Windows when sandbox was enabled in settings
12. 🔗 r/reverseengineering Drive Firmware Security - Phison S11 rss
  
  submitted by /u/igor_sk
  [link] [comments]
13. 🔗 Console.dev newsletter sem rss
  
  Description: Semantic Git diffs.
  
  What we like: Provides a higher-level abstraction to understand what changed in the code e.g. showing function names added/removed. Includes a dependency graph to highlight what might be impacted by a change. Supports JSON output for LLMs to better analyze changes.
  
  What we dislike: Useful starting point to understand changes before you get into the details using Git.
14. 🔗 Console.dev newsletter Herdr rss
  
  Description: Agent terminal multiplexer.
  
  What we like: TUI for tmux-style persistence for multiple AI agent sessions. Easily detach, reattach, and work locality or remotely over SSH. Works with your existing terminal. Keyboard-first, but supports the mouse. Agents can use it to operate their own workspaces. Has a mobile-optimized view.
  
  What we dislike: Live handoff for updating a running Herdr server works well, but is still technically experimental so don’t rely on it yet.
June 10, 2026
1. 🔗 IDA Plugin Updates IDA Plugin Updates on 2026-06-10 rss
  IDA Plugin Updates on 2026-06-10
  
  New Releases:
  - ida-ios-helper 1.0.22
  Activity:
  - ida-ios-helper
    
    3d5b9fa1: :sparkles: Add nonatomic to setters as well
2. 🔗 anthropics/claude-code v2.1.172 release
  What's changed
  - Sub-agents can now spawn their own sub-agents (up to 5 levels deep)
  - Amazon Bedrock now reads the AWS region from ~/.aws config files when AWS_REGION isn't set, matching AWS SDK precedence; /status shows where the region came from
  - Added a search bar when browsing a marketplace's plugins in /plugin
  - Added model attribute to the claude_code.lines_of_code.count OTEL metric
  - Fixed sessions using 1M context without usage credits getting permanently stuck — the session now automatically compacts back under the standard context limit
  - Fixed a repeating "an image in the conversation could not be processed and was removed" error when the conversation contained multiple images
  - Fixed the agents view keeping a session under Working with a busy spinner for up to 30 seconds after the worker replied
  - Fixed background agents potentially reading another directory's project settings (.mcp.json approvals, trust) when dispatched onto a pre-warmed worker
  - Fixed background-session attach failing with EAUTH for sessions started on an older version after the daemon auto-updated
  - Fixed a background sub-agent staying stuck as "active" in the agent panel after a nested agent it spawned was stopped
  - Fixed /model suggestions in the claude agents dispatch input rendering with a misleading slash prefix and showing models disabled for your org
  - Fixed availableModels restrictions not being applied to subagent model overrides, the agent dispatch model picker, and the advisor model
  - Fixed availableModels allowlists hiding the /model picker's Opus and Sonnet 1M rows when entries use version-specific IDs like claude-opus-4-8
  - Fixed the /model picker on Bedrock offering models the provider doesn't serve — selecting one silently switched the session model and lit the selection marker on multiple rows
  - Fixed model IDs getting a doubled 1M-context suffix (e.g. [1M][1m]) when ANTHROPIC_DEFAULT_OPUS_MODEL already includes one
  - Fixed opusplan model setting not shipping with 1M context in plan mode for entitled users; the opusplan[1m] workaround now also correctly switches to Opus in plan mode
  - Fixed WebFetch(domain:*.example.com) wildcard domain rules never matching subdomains in allow, deny, and ask position, and file permission rules with mid-pattern wildcards (e.g. Read(secrets-*/config.json)) being rejected at startup
  - Fixed up-arrow prompt history showing the main agent's prompts while a subagent's chat tab is open
  - Fixed memory recall not finding mounted team memory stores (CLAUDE_MEMORY_STORES) in remote sessions
  - Fixed workflow validation rejecting scripts whose prompt strings or comments merely mention Date.now()/Math.random()
  - Disable mouse tracking on Windows consoles that don't fully support it
  - Fixed the /plugin marketplace list losing its cursor after backing out of a long plugin list, and Esc from the plugin browser returning to the wrong tab
  - Improved performance in long conversations by removing redundant message normalization and avoiding full message-history transforms when streaming tool-use state is unchanged
  - Reduced idle CPU usage: /goal status chip no longer re-renders the terminal at 5 Hz while idle, and fewer UI re-renders while subagents run in parallel
  - Improved Claude in Chrome tool loading: browser tools now load in a single batched call instead of one per tool
  - Improved the non-interactive Usage Policy refusal message to suggest starting a new session or changing your model
  - /code-review now keeps the ultra option visible when you're not signed in to claude.ai, with an explanation that the cloud review requires a claude.ai account
  - Shortened the Remote Control footer indicator to "/rc active" and hid it on narrow terminals
  - Stopped promoting /loop in remote sessions, where pending loops don't keep the container alive
  - [VSCode] Fixed PowerShell tool calls rendering as raw JSON instead of a proper command display and permission dialog, and stripped ANSI escape codes from displayed shell output
3. 🔗 r/reverseengineering IDA 9.4 Beta | Hex-Rays Docs rss
  
  submitted by /u/kenansulayman
  [link] [comments]
4. 🔗 sacha chua :: living an awesome life La semaine du 1 au 7 juin rss
  
  lundi le premier juin
  
  Ma fille a séché les cours et elle n'a pas non plus voulu aller à son cours de gymnastique parce qu'elle a eu une mauvaise nuit et elle était toujours grincheuse.
  
  Au lieu de la harceler, j'ai travaillé sur des transcriptions et sur mon bulletin d'information sur Emacs. J'ai écrit des fonctions pour comparer les mots et effacer les étendues qui correspondent avec les mots effacés.
  
  Après avoir lu dans sa chambre pendant longtemps, elle a finalement réapparu de bonne humeur. Elle et moi avons préparé du sushi pour le dîner. Ensuite, nous avons joué au Scrabble dehors.
  
  Elle a porté sa prothèse oculaire toute seule. Elle a dit qu'elle l'a fait pour elle-même. Je pense que l'autonomie est très importante pour ma fille.
  
  Nous avons fait du vélo à la cour de récréation avec son amie, où nous avons rejoint d'autres amies. De temps en temps, ma fille était surstimulée. Quand ça arrivait, elle a joué au Scrabble avec moi et la nourrice de ses amies. Après qu'une de ses amies soit partie, nous sommes allées à l'autre cour de récréation pour jouer encore.
  
  mardi 3
  
  Ma fille a participé à l'école ce matin même s'il y avait un remplaçant, mais elle n'a pas voulu y participer l'après-midi. Nous sommes assises dehors et nous avons travaillé sur ses devoirs. Nous avons vu des pics.
  
  J'ai emmené ma fille au parc pour jouer avec ses amis. Elle a aimé faire du vélo autour du parc avec ses amis et sans adultes. Ils ont aussi fait du vélo autour de la pataugeoire qui était sèche parce qu'elle n'était pas encore ouverte. Ils tournaient en rond.
  
  J'ai fait l'erreur de jouer à mon jeu de Tileman Reworked près de ma fille. Elle a voulu m'aider, bien. Elle a recueilli les citrouilles et les canneberges, bien. Elle a commencé à couper l'herbe près des récoltes, euh… J'ai essayé d'expliquer qu'il ne fallait pas la couper, mais elle est devenue grincheuse parce que je la corrigeais. Elle m'a dit qu'elle voulait seulement m'aider et elle est partie furieuse. Ce n'est pas grave. Je pense que cette ferme est trop compliquée pour elle pour le moment. Notre ferme habituelle est meilleure. J'apprécie qu'elle ait voulu m'aider, et c'était juste un jeu. C'est aussi bien si elle apprend comment coopérer.
  
  J'ai commencé à réécrire la transcription de la conversation entre ma sœur et notre cousine.
  
  jeudi 4
  
  J'ai discuté d'Emacs avec Ben Zanin. Il a partagé sa configuration sur elfeed, la musique, et d'autres sujets.
  
  J'ai travaillé comme consultante. J'ai pris un cours de formation.
  
  Ma fille et moi avons fait du vélo au parc. Nous avons joué à la pataugeoire et au bac à sable. Nous avons improvisé des histoires de Donjons et Dragons avec les dés sur mon smartphone.
  
  J'ai discuté avec mes sœurs et quelques personnes des assurances-vie de ma mère. Notre accès au compte bancaire sera limité si ma sœur décède, donc il vaut mieux que nous fassions la paperasse maintenant.
  
  vendredi 5
  
  J'ai eu ma première session de la conversation avec mon tuteur aujourd'hui ! À mon grand étonnement, j'ai pu suivre assez de ses mots et j'ai pu expliquer mes pensées ( avec une mauvaise grammaire, bien sûr ). Je sais qu'il fallait que je m'entraîne à penser en français au lieu de traduire de l'anglais, donc davantage parler, davantage apprendre. C'est un exercice intense. J'avais transpiré. Nous avons réussi à parler de la programmation, des études à l'université, le travail, la vie, et d'autres sujets.
  
  J'ai augmenté le stockage pour les vidéos de ma sœur.
  
  J'ai signé la paperasse pour les assurances-vie.
  
  J'ai appelé ma mère et je l'ai informée de la paperasse.
  
  samedi 6
  
  J'ai téléchargé encore d'autres vidéos de ma sœur.
  
  Nous avons joué aux Donjons et Dragons avec ses tantes et ses cousines. Ma fille était la meneuse de jeu pour une partie de la session. Nous avons cherché une petite chèvre perdue, et nous avons combattu quatre bandits déguisés en gardes.
  
  Nous avons fait des mochis.
  
  J'ai payé la pénalité pour la soumission en retard du bilan de vérification du revenu étranger que je n'ai pas pu finir l'année précédente parce que le banquier était peu communicatif. Tant pis. Je pense que si ça arrive encore, je dois le soumettre avec ma meilleure estimation.
  
  Dans mon jeu Tileman Reworked de Stardew Valley, j'ai finalement accédé à la boutique de Willy, le pêcheur. C'était le dernier jour d'automne de la quatrième année.
  
  J'ai travaillé comme consultante. J'ai analysé des mises à jour.
  
  dimanche 7
  
  J'ai emmené ma fille chez le perceur pour examiner ses oreilles. Le perceur nous a dit qu'elle avait l'autorisation de changer pour de nouvelles boucles d'oreilles. Sur le chemin du retour, nous avons fait une promenade dans le parc.
  
  J'ai emmené ma fille au Dufferin Mall pour sélectionner des boucles d'oreilles. Après quelques comparaisons, ma fille a opté pour des clous d'oreilles en acier plaqué or avec des pierres moyennes chez New Steel. C'était bon marché.
  
  J'ai fini de coudre la robe de ma fille. Elle voulait me coudre une robe, donc j'ai préparé des pièces pour elle. Il vaut mieux que j'utilise beaucoup d'épingles et que je trace une ligne à la craie.
  
  View Org source for this post
  
  You can e-mail me at sacha@sachachua.com.
5. 🔗 Hex-Rays Blog IDA 9.4 Beta Is Now Available rss
  
  If you're part of our Beta Program, the new build is now available in the Download Center of your customer portal. Your testing and feedback are essential in validating new features, surfacing regressions, and ensuring this release is ready for production use.
  
  Not enrolled yet? Joining the program is quick and easy, just click Subscribe from your customer portal dashboard - see below for details.
6. 🔗 r/reverseengineering Trane Tracer HVAC cybersecurity issues rss
  
  submitted by /u/derp6996
  [link] [comments]
7. 🔗 3Blue1Brown (YouTube) What's the perfect encoding? How do you know? rss
  
  Full video: https://youtu.be/l6DKRf-fAAM
8. 🔗 HexRaysSA/plugin-repository commits sync repo: +2 releases rss
```
sync repo: +2 releases

## New releases
- [yarg](https://github.com/r0ny123/yarg): 1.0.4, 1.0.3
```
9. 🔗 r/reverseengineering 🚀 Release PyMemoryEditor v2.0 — read, write and scan the memory of any running process, in pure Python (Windows, Linux & macOS) rss
  
  submitted by /u/SupermarketTrue7507
  [link] [comments]
10. 🔗 exe.dev Sharing is Caring rss
  Today's quiz is to deploy a server-rendered hello world app (python3 -mhttp.server fine for these purposes, though I used Go below), publically visible, on your cloud of choice. On your marks, get set, GO!
```
$ ssh exe.dev new --name mr-rogers
$ ssh exe.dev share set-public mr-rogers
$ ssh mr-rogers.exe.xyz
# on that machine:
$ cat > main.go
package main

import (
        "fmt"
        "net/http"
)

func main() {
        http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
                fmt.Fprintln(w, "hello world")
        })
        http.ListenAndServe(":8000", nil)
}
^D
$ go run main.go  # maybe in a tmux

# back on your laptop, open https://mr-rogers.exe.xyz/
```
  At exe.dev, our goal is to make sharing a web app that you built as easy as forwarding an e-mail. You saw the command-line approach above; there's an equivalent web-based flow as well.
  
  If you don't want to share with the whole world, but only some friends, the share command also takes e-mail addresses, and your users can log into your site.
  
  If you use exe.dev on a team, the sharing hierarchy is richer in that you can also share SSH access to your VM with a team member. The full hierarchy of sharing is:
  
  | Individual Accounts | Team Accounts
  ---|---|---
  Administrative
  (e.g., removing the VM) | Only owner | Owner, and, indirectly, team administrators
  SSH access
  (and agent access) | Only owner | Owner, or can be shared with team
  Single web port | Can be shared publicly, or with individual e-mail addresses. | Can be shared publicly, with a team, or with individual e-mail addresses.
11. 🔗 Armin Ronacher Gaslighting Openness rss
  
  I have been a staunch supporter of Open Source for a long time, including experiments in funding it. I'm a true believer in the idea that Open Source always wins in the long run, but not automatically and not quickly. Right now it is being stressed by AI slop, shifting contributor dynamics, the falling cost of producing code, and large companies learning to close doors behind them.
  
  A lot of that battle today is manipulation of the narrative. Opinion makers on social media and in business circles increasingly frame access as irresponsibility. That is why the EU's DMA matters, even if many people (including myself) reflexively hate EU regulation. Apple's fight over delayed AI features in Europe is not about Brussels being annoying: it is about whether users can access their own devices and data. The phone is yours, the data is yours, yet Apple decides who may reach it and takes the agency away from you and then tries to make that sound like it is in your interest (supposedly it's for your safety and security).
  
  The closer you get to the core of AI, the more this shows up. Anthropic has every financial incentive to restrict what people can do with Mythos and Fable, and they wrap those restrictions in safety and (national) security language. Some restrictions may be defensible, but not all of them are. They trained their models on public works, then block Open Source attempts to learn from and distill these systems.
  
  Disliking the EU, China, or any other large government should not make us forget that true democratized access to technology including AI is in all our interest. Some temporary product pain, including delayed Apple AI features, will be worth paying if it keeps gates open. We should not let companies own the narrative that preventing access is in our interest, particularly not as Europeans where the odds are already stacked against us by our underdeveloped capital markets, brain drain and internal fighting.