- β
- β
- June 29, 2026
-
π @HexRaysSA@infosec.exchange The IDA Domain API just got a big update. π mastodon
The IDA Domain API just got a big update. π
This version adds microcode, pseudocode, imports, and flowchart modules β covering most of the everyday scripting surface in IDA. Less boilerplate, same power.
Open source and welcoming contributions.
Read the blog for before/after examples.
π https://hex-rays.com/blog/whats-new-in-the-ida-domain-api -
π r/reverseengineering TABPE: A monthly Windows PE baseline dataset for Cyber security researchers rss
submitted by /u/seyyid_
[link] [comments] -
π r/reverseengineering TRAWL: Self-hosted scraping engine β bypasses any JS challenge & captcha: Cloudflare, Turnstile, reCAPTCHA, hCaptcha, GeeTest. FlareSolverr & Byparr alternative and drop-in replacement for your *arr stack. rss
submitted by /u/Germond_
[link] [comments] -
π r/reverseengineering Experimental Wine runtime for Nintendo Switch project by dantiicu rss
submitted by /u/r_retrohacking_mod2
[link] [comments] -
π r/reverseengineering With the help of AI I reverseengineered Crystal Report format rss
submitted by /u/MrSrsen
[link] [comments] -
π r/reverseengineering /r/ReverseEngineering's Weekly Questions Thread rss
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the Reverse Engineering StackExchange. See also /r/AskReverseEngineering.
submitted by /u/AutoModerator
[link] [comments] -
π HexRaysSA/plugin-repository commits sync repo: +3 releases, -1 release rss
sync repo: +3 releases, -1 release ## New releases - [ida-rpc](https://github.com/bkerler/ida_rpc): 0.1.3, 0.1.2, 0.1.1 ## Changes - [IDAssist](https://github.com/symgraph/idassist): - removed version(s): 1.1.0 -
π Szymon Kaliski Q2 2026 rss
Hi!
A couple of side-project updates: keeping my archival tool alive, ssh-over-web-browser tailored to my needs, and a slightly better dictation CLI.
Archivist Updates
I continue to use, and get a lot of value out of, Archivist.
Since the original post about the project, six years ago (sic!), the tool got extended with collecting screenshots, finding similar items across all sources, and recently moved to my new Home Server, hosted as a permanent web app.
For collecting screenshots, I use a two-tier system:
- I have a couple of Hammerspoon shortcuts overriding the default macOS ones, that take the screenshot, place it in
Dropbox/Screenshots/folder, and inject OCR text into the files through a combination oftinyocrandxattr. Dropbox only supports a subset ofxattr, so this took some figuring-out, but I managed to find a way to sync them with the Home Server, with the OCR data surviving in the file. I could do OCR purely in Archivist and save some headaches, but the nice side-effect of having it inxattris that Spotlight indexes that data, so I can do a quick search for image content directly from Spotlight. - Archivist does a refresh of all its sources hourly, and as part of that, picks up any changes to the Dropbox folder, and updates its local DB.
Similarity search was a fun recent addition. As part of the hourly refresh, all images are processed on-device with
DINOv2-basefor embeddings (after some extra post-processing to make them square, without alpha channel, etc.). The resulting vector is stored in the SQLite as a blob of numbers.Together with this, textual values (like the OCR info, metadata, etc.) are embedded with
MiniLM-L6-v2, and stored into another table.The final search uses HNSW index for super fast fetches (under 16ms for my ~10k items), and combines results from image and text similarity searches.
All together, we get this:
Telegraphist
On the topic of always-on custom services, I couldn't find any app that would tick all the boxes for my
ssh-from-iPhone needs:- I continue to stubbornly use
base16-shellfor terminal theming, so I can very easily set colors with a simple command, even though I rarely use it. - I wanted something that works with terminal graphics, as I β also rarely β use
timgto poke at images inline. - Finally, on the Home Server, I'm always in a
tmuxsession, so a native support for that would be nice.
I poked around AppStore, but couldn't find anything ticking at least some of these boxes. I also tested a handful of "web TTY" kinds of things, but nothing sparked joy. So, I made my own TTY-in-a-browser: Telegraphist.
It didn't take much prompting to combine a PTY library, a WebSocket connection, and
xterm.jsand get something tailor-made for me.The
base16-shellcolors not only work in the terminal, but also impact the minimal UI:I can look at images:
And there's a native
tmuxintegration:The most fun part of this project was cutting corners to get to a rough first working version, and then working on improvements from within itself.
Tinyparakeet
Exactly a year ago I wrote about a small Whisper wrapper that I used to use for dictation.
Since then I discovered
parakeetfamily of models, and madetinyparakeetβ a small CLI tool for speech-to-text, fully on-device:It's open source if you, like me, rarely have a need for dictating things, and mostly live in CLI:
szymonkaliski/tinyparakeet.Worth Checking Out
What I've been reading lately:
- The Charisma Machine, recommended by a friend, a great "Look for Opposite Views Instead of Confirming Ones" kind of book on Constructionism.
- Theory and Reality, a great meta-overview of philosophy of science themes. I was already familiar with most of the original works, but it was still fun to go through a refresher, and see them contrasted against each other.
- The Theoretical Minimum, the second half of which was a bit too dense for me right now. Physics has never been my strong suit, and I want to get a bit better at it.
On the web:
- a great talk from Andy Matuschak on LLMs and Malleable Software
- and on that topic, Deadmau5 vibe-coding his own music production tool
- lovely morphing visualizations
- Bret Victor on "Time and Possibility" β the Dynamicland Archive remains a treasure trove
- visualizing p5.js execution
- "I'm not worried about the machines. The machines are fine. I'm worried about us."
- I have a couple of Hammerspoon shortcuts overriding the default macOS ones, that take the screenshot, place it in
-
- June 28, 2026
-
π IDA Plugin Updates IDA Plugin Updates on 2026-06-28 rss
IDA Plugin Updates on 2026-06-28
New Releases:
Activity:
- ida_rpc
- f8603419: Add unit tests for
_arch_namehelper to validate ARM and non-ARM arβ¦ - fdefd3e7: Bump version to v0.1.3, update loader selection behavior to rely on Iβ¦
- 927a23b8: Bump version to v0.1.2, add logic to ignore raw import options for exβ¦
- 27154d7a: Refactor architecture name resolution in
analysis.pyto correctly hβ¦ - 9a10e222: Update README: Document new commands, debugging support, and color maβ¦
- af6faa95: Make
--archmandatory forstartandopencommands, improve binaβ¦
- f8603419: Add unit tests for
- ida_rpc
-
π r/reverseengineering WinPE as a stateless harness for Windows driver testing and fuzzing rss
submitted by /u/Acanthisitta-Sea
[link] [comments] -
π r/reverseengineering Reverse-engineering VMware's encrypted + compressed VM memory checkpoint format (vTPM "partial" encryption) rss
submitted by /u/h_e_e_y_a_a_a
[link] [comments] -
π backnotprop/plannotator v0.21.3 release
Follow @plannotator on X for updates
Missed recent releases? Release | Highlights
---|---
v0.21.2 | Custom reviews as Agent Skills, Cursor + OpenCode review engines, whole-file/general findings, deleted-annotation fix, Codex Ask AI outside git repos
v0.21.1 | Annotate-last blank-page fix on multi-message sessions
v0.21.0 | Direct document editing in annotate mode, live git-status file tree, in-app agent terminal, open files in external apps, HTML renders as HTML
v0.20.3 | Annotations no longer lost when clicking away, off-screen indicator for open comments
v0.20.2 | Pierre CodeView all-files review, large-PR pipeline and instant-open checkout, unified agent engine selection, Pi programmatic plan mode
v0.20.1 | Pi extension install hotfix (pinned@pierre/diffsafter a broken upstream release)
v0.20.0 | Multi-repo workspace reviews, semantic diff overview, UI 2.0 themes and plan look chooser, leaner single-source skill install
v0.19.27 | Kiro CLI integration, Glimpse native window, annotate-last message picker
v0.19.26 | Amp plugin production fixes, Mermaid rendering fix, Settings flicker fix, update notification toast and shimmer
v0.19.24 | Amp integration, configurable data directory, Auto Mode permission option, Pi plan approval fix
v0.19.23 | Droid integration, Windows Pi AI fix, quieter update indicator
What's New in v0.21.3
A follow-up to the code-review work in v0.21.2. The headline is file-scoped comments in code review with a reworked comment experience, and the rest of the release is fixes and polish: a new contributor fixed clipboard and keyboard handling in the VS Code extension, the CLI now prints help for its subcommands, Codex Ask AI moved onto a more reliable transport, and the Ask AI sidebar got a few rough edges sanded down. Eight changes land in total, including a first contribution from @rushelex.
File Comments in Code Review
Until now a code-review comment always attached to a line range. This release adds file-scoped comments β a comment that belongs to a whole file rather than any single line. In the single-file view it renders as a full-text banner directly below the file path; in the all-files view it sits in the file header for expanded files. Guided reviews that produce file-level findings now anchor them where they belong instead of forcing them onto a line.
The comment experience was also unified. Clicking a comment β whether the inline card in the diff, the sidebar entry, or the file banner β replays its stored line range as a controlled highlight, and clicking it again clears the highlight. Scrolling the viewport to a comment is reserved for the sidebar and findings list, so clicking a comment inside the diff highlights it without yanking the page around. The inline, sidebar, and file-banner cards now share a single identity row (badges, author, timestamp), a single action row (edit, copy, delete), and a consistent file-name chip, replacing three separately built layouts that had drifted apart.
PR #973, by @backnotprop.
VS Code Clipboard and Keyboard Handling
The VS Code extension renders Plannotator inside a webview, and two long- standing problems made that webview feel second-class. Copy and paste didn't work β clipboard content never crossed the webview boundary β and standard VS Code keybindings like Cmd+P stopped responding while a Plannotator tab was focused. This release bridges the clipboard so copy, cut, and paste work inside the webview, and forwards keystrokes to VS Code so its keybindings resolve as expected.
PR #970 closing #864 and #969, by @rushelex β who both reported the bugs and contributed the fix.
Codex Ask AI on the App-Server Transport
Codex Ask AI no longer drives
codex execthrough the@openai/codex-sdkpackage. It now runs a long-livedcodex app-serverprocess over JSON-RPC, which respects the user's and enterprise-managed approval policy and supports interactive Allow/Deny approvals surfaced as cards in the UI. The provider id stayscodex-sdkso existing saved preferences keep working. A startup edge case is also fixed: if the app-server process spawned but stalled on its initialize handshake, it was left running and every later question hung until an idle timer reaped it. The process is now killed on a failed handshake, so the next question starts cleanly.PR #971, by @backnotprop.
CLI Subcommand Help
Running
plannotator review --help(and the same for other subcommands) launched the review UI instead of printing help text. The CLI now resolves--helpand-hfor each subcommand before dispatching, so the help flag prints usage and exits without starting a server.PR #974 closing #964, reported by @rrei.
Clickable Ask AI Announcement Cards
The first time Ask AI appears, an announcement dialog presents the available providers as cards. Those cards were missing their click handler, so selecting a provider from the announcement did nothing. They are clickable now and select the provider as expected.
PR #975 closing #972, reported by @Duo-Huang.
Ask AI Sidebar Polish
Two smaller fixes in the code-review Ask AI sidebar. The per-file chat groups used to start collapsed, so every file you had asked about had to be opened by hand; they now default to expanded, while manual collapse still works and persists. And clicking a sidebar comment that no longer matches the active PR or diff scope β for example after switching PRs in place β used to do nothing at all; it now clears the current selection so the click gives visible feedback instead of appearing broken.
Additional Changes
- Dependency maintenance β GitHub Actions used by the build and release workflows were updated (
actions/checkoutto v7,softprops/action-gh-releaseto v3, and others). PR #791, by @renovate.
Install / Update
macOS / Linux:
curl -fsSL https://plannotator.ai/install.sh | bashWindows:
irm https://plannotator.ai/install.ps1 | iexExtra skills (compound, setup-goal, visual-explainer), opt-in:
npx skills add backnotprop/plannotator/apps/skills/extraClaude Code Plugin: Run
/pluginin Claude Code, find plannotator , and click "Update now".OpenCode: Clear cache and restart:
rm -rf ~/.bun/install/cache/@plannotatorThen in
opencode.json:{ "plugin": ["@plannotator/opencode@latest"] }Pi: Install or update the extension:
pi install npm:@plannotator/pi-extensionDroid: Install via the plugin marketplace:
droid plugin marketplace add backnotprop/plannotator droid plugin install plannotator@plannotatorAmp: Install the CLI first, then copy the plugin:
mkdir -p ~/.config/amp/plugins curl -fsSL https://raw.githubusercontent.com/backnotprop/plannotator/main/apps/amp-plugin/plannotator.ts \ -o ~/.config/amp/plugins/plannotator.tsKiro CLI: The installer auto-detects Kiro and installs skills automatically. After installing the CLI, launch with:
kiro-cli chat --agent plannotatorUpgrading from before v0.20.0? Read the v0.20.0 release notes first; that release changed how skills install.
What's Changed
- feat(review): file comments in the diff + unified click-to-highlight comment UX by @backnotprop in #973
- fix(vscode): bridge clipboard and forward keystrokes in webview by @rushelex in #970
- fix(annotate): make Ask AI announcement provider cards clickable by @backnotprop in #975
- fix(cli): print per-subcommand help instead of launching the UI by @backnotprop in #974
- fix(ai): drive Codex Ask AI via codex app-server by @backnotprop in #971
- fix(ai): kill codex app-server if the initialize handshake fails by @backnotprop
- fix(review): default Ask AI per-file chat groups to expanded by @backnotprop
- fix(review): clear selection on out-of-scope sidebar annotation click by @backnotprop
- chore(deps): update github actions by @renovate in #791
New Contributors
Contributors
@rushelex landed their first contribution, and a complete one: they reported that the VS Code extension couldn't paste from the clipboard (#864) and that VS Code keybindings stopped working while a Plannotator tab was focused (#969), then fixed both in #970.
Thanks also to the people who reported the bugs this release fixes:
- @rrei reported that
plannotator review --helplaunched the UI instead of printing help (#964), fixed in #974. - @Duo-Huang reported that the Ask AI announcement provider cards were not clickable (#972), fixed in #975.
Full Changelog :
v0.21.2...v0.21.3 - Dependency maintenance β GitHub Actions used by the build and release workflows were updated (
-
π r/reverseengineering Blindspot rss
submitted by /u/Expert-Obligation816
[link] [comments] -
π r/reverseengineering GitHub - iss4cf0ng/NebulaPulsar: NebulaPulsar is a proof-of-concept in-memory implant framework for Java (JSP) and ASP.NET (ASPX/ASHX/ASMX) webshells, originally developed as part of the Alien project. rss
submitted by /u/AcrobaticMonitor9992
[link] [comments] -
π r/reverseengineering WPA3-SAE + 802.11w on the Broadcom BCM4360 (closed wl blob) rss
submitted by /u/Greenlinkx
[link] [comments] -
π r/reverseengineering Static BYOVD hunter: Capstone-based IOCTL dispatch extraction rss
submitted by /u/Expert-Obligation816
[link] [comments] -
π The Pragmatic Engineer Pollen tried to remove my article about CEO Callum Negus-Fancey and CTO Bradley Wright, and Google is assisting with it rss
In 2022, I wrote about the damning fall of events tech company Pollen. The short of it:
Pollen seemed to have pulled off the improbable feat of building a business in the notoriously low margin industry of events, surviving Covid-19, and building a solid software engineering organization. In April this year, the company announced it had raised another $150M in fresh funding.
But just three weeks later, Pollen laid off about 200 people, a third of staff. Leadership assured employees all was well. However, from that point on, things got worse. Leadership later pulled the plug on Slack, employees were not paid wages, pension contributions went missing, and vendors were not paid. Some vendors took matters into their own hands; on 9 August 2022, JIRA was suspended when Atlassian tired of the company's failure to pay.
On 10 August 2022, Pollen went bankrupt, collapsing into administration.
The article looked bad on Pollen's founder, Callum Negus-Fancey. He was ultimately responsible for lying to staff, not paying salaries, the missing pension contributions, and the unpaid health insurance for US employees. The story was so bad that the BBC created a documentary titled Crashed: $800M Festival Fail _. _
And then there was the $3.2M dobule charge for customers, manually initiated by CTO Bradley Wright, detailed extensively in the documentary Crashed: $800M Festival Fail. That double charge would have been trivial to reverse, but the reversal never happened, customers never got their money back, and the postmortem of the incident was never released to staff.
Four years later, Pollen and Callum Negus-Fancey are attempting to erase this shameful story from the public record. The article is my original writing, and thus I am the copyright holder of it. So imagine my surprise when I was notified that Google removed the article from its search results thanks to a copyright infringement claim it received:
It seems that anyone can file a bogus copyright claim to get an article they don 't like removed from Google's search index. This happened in this case. I have no information on who filed the copyright claim. Even less so on who claims to be the copyright owner? Because I am the only possible copyright owner!
And Google has gone ahead and removed my article about Pollen's shameful collapse from its search results.
I have the option to appeal, which I have done so.
Google 's copyright removal system is clearly being abused, to a comical degree. Someone doesn't like that I went into extreme detail about the events at Pollen - all of which are facts. And, for some reason, bogus copyright requests can be weaponized to remove information like this from Google's search index.
I managed to find the bogus DMCA complaint submission, after Google removed my site from search results. It is absolute BS: it claims that my original article is a copy of a The New York Post article. Which is absolute nonsense!
This "Ellie Piee" claimed that this 1998 article titled Band Leader Hits Winning Chord was copied by my article Inside Pollen's Collapse: "$200M Raised" but Staff Unpaid - Exclusive. The two do not even share a single sentence!
The fake DMCA is made by a fake profile from a country with zero inhabitants. The removal requests by this "Ellie Piee" are made from the country called Bouvet Island, an uninhabited Norwegian dependent territory in the South Atlantic/Southern Ocean near Antarctica. It has zero inhabitants, and is referred to as the "world's most remote island."
Bouvet
Island. No inhabitants, and yet Google accepted a fake DMCA takedown request
from a fake person claiming to reside here. What a jokeWhy does Google allow fraudulent DMCA notices to be filed with no penalty? My own speculation is that it is clear enough that either Pollen, or its former CEO Callum Negus-Fancey, or its cofounder and COO Liam Negus-Fancey or someone else related to the company hired reputation firms to remove Pollen articles from Google. This firm then files the most bogus requests under fake names supposedly residing in uninhabited regions of the world, and Google complies.
I never thought I would have to revisit the shameful history of Pollen, but someone at the company felt the need to prompt me to do so.
Lawsuits are still ongoing against Pollen, by the way. Now that someone from Pollen tried to erase the record of this story, I got a bit of renewed interest in what has happened since. In California, the lawsuit Tayler Ulmer vs Pollen is still in progress, summarized as:
- Tayler Ulmer and five other named former employees, on behalf of themselves and "all similarly situated employees" claim to have been laid off without paid wages and benefits, plus claiming possible fraud
- The filing says that Pollen executives Callum NegusβFancey, Liam NegusβFancey, and James Ellis are personally liable in this lawsuit
- The lawsuit wants to reclaim unpaid wages, unpaid severance, restoration of lost 401(k) contributions, and a uling that all the named entities and individuals are jointly liable, including successor entities, so employees can collect regardless of how Pollen shuffled assets and dissolved subsidiaries
I am wishing best of luck to the claimants - former Pollen employees - and we will see how the judge rules in this lawsuit. The more Pollen wants to silence me writing about this, the more I'll likely pay attention.
Pollen executives should have read what the Streinsand effect means!
-
- June 27, 2026
-
π IDA Plugin Updates IDA Plugin Updates on 2026-06-27 rss
IDA Plugin Updates on 2026-06-27
Activity:
- IDA-VTable-Utility
- ff3b29af: Added interface for other plugins to rename/retype VTable entries. Maβ¦
- ida_rpc
- a429c2eb: Improve commandline output
- IDA-VTable-Utility
-
π r/reverseengineering Reverse Engineering dobreprogramy.pl Bundler - Extracting Clean Download URLs Without Executing Adware rss
submitted by /u/ContestOk9541
[link] [comments] -
π Locklin on science Statistical picture of Quantum Mechanics rss
The statistical picture of quantum mechanics is an idea I had in my mind more or less as the correct picture, while occasionally simultaneously holding the gaseous nonsense that the Schroedinger equation somehow describes things the individual particles are doing. Stated simply, the modulus of the solutions to the Schroedinger equation describe a statistical ensemble […]
-
π iv-org/invidious v2.20260626.0 release
v2.20260626.0
Wrap-up
This release hardens playlists, channels, and search, adds a privacy option for searches, and modernizes the packaging and CI pipeline.
Searches can now be submitted via
POSTso queries do not leak into server logs or browser history, Invidious cookies work across alternative domains, and "Watch on YouTube" / embed redirects use the correct timestamp and host. Playlist and channel parsing issues got fixed: outdated playlist parsing that hid all videos, paid course videos breaking imports, RSS feeds exposing private playlists without auth, broken author verification badges, and channel videos/playlists not loading from search. Thumbnail paths/pl_c//tvfilm_bannerare now supported, YouTube comments that were written in Japanese, Chinese, Korean and probably other languages do not longer swallows the last character when an emoji is present in the comment, and the search filters dropped the deprecated "sort by rating/date" options.Packaging moves Docker builds to the 84codes Crystal compiler image, updates OpenSSL to 3.6.2 and Crystal to 1.20.x in OCI, bumps Alpine to 3.24, and unifies the ARM64 and AMD64 Dockerfiles. Developers benefit from continued encapsulation of constants/helpers/translation/video-parser logic into dedicated modules, an
api/v1/channels.crlint pass, trailing-whitespace cleanup, and a sweep of dependency and GitHub Actions bumps.New features & important changes
For Users
- Searches can be submitted through
POSTrequests so queries stay out of URLs, server logs and browser history (#5551) - Invidious cookies are honoured across alternative configured domains (#5647)
- Embed and "Watch on YouTube" redirects use the correct
t/startparameter and thewww.youtube.comhost consistently (#5660, #5768) - The
referrerpolicy/noreferrerhandling was corrected now that YouTube requires referrers on embeds (#5642) - The listen button on the title updates its elapsed time, and the deprecated "sort by rating/date" search filter options were removed (#5625, #5629)
For instance owners
- Docker builds switched to the 84codes Crystal compiler container image, and OCI images were updated to Crystal 1.20.x with OpenSSL 3.6.2 (#5473, #5692)
- Alpine was bumped to 3.24 in the Docker image (#5778)
- ARM64 and AMD64 Dockerfiles were unified into a single workflow (#5700)
For developers
- Constants and functions were encapsulated into dedicated
I18n,Helpers,Invidious::Videos::ParserandInvidious::Videos::Clipmodules (#5637, #5639, #5745) api/v1/channels.crreceived a lint pass and trailing whitespaces were removed from the codebase (#5693, #5634)- CI bumped the Crystal version matrix and displayed compile progress/stats, and the
crystal-lang/install-crystalaction was updated (#5691, #5696, #5703, #5686)
Bugs fixed
User-side
- Playlists showed no videos because of outdated playlist parsing; this is fixed along with paid course videos breaking the importer (#5774, #5207)
- Private Invidious playlists were reachable through RSS feeds without authentication (#5776)
- Channel videos and playlists failed to load from search, and channel author verification was broken (#5736, #5751)
- A missing
collectionThumbnailViewModelhash key crashed channel browsing (#5725) - The
quality=mediumquery parameter was appended to videos about to premiere (#5755) - YouTube/Invidious links did not rewind their timestamp when playback position was rewound (#5601)
- The last character of a comment was lost when the comment contained emoji (#5587)
- Playlist RSS
watchURLs only joined params with&when params were present, and thumbnail paths/pl_cand/tvfilm_bannerare now supported (#5646, #5742)
For instance owners
- Docker/OCI builds keep current with Crystal 1.20.1, OpenSSL 3.6.2, Alpine 3.24 and the unified multi-arch Dockerfile (#5703, #5701, #5778, #5700)
For developers
- Dependency and GitHub Actions bumps kept CI current:
docker/login-action,build-push-action,metadata-action,setup-buildx-action,int128/docker-manifest-create-actionandcrystal-lang/install-crystal(#5705, #5766, #5721, #5686, #5661, #5662, #5663, #5664)
Full list of pull requests merged since the last release (newest first)
- fix: fix playlists not showing any videos due to outdated playlist parsing (#5774, by @Fijxu)
- chore(deps): bump alpine from 3.23 to 3.24 in /docker (#5778, by @dependabot[bot])
- fix: fix private invidious playlists on rss feeds from being fetched without authentication (#5776, by @Fijxu)
- Use "www.youtube.com" consistently (#5768, by @janmoesen)
- chore(deps): bump int128/docker-manifest-create-action from 2.21.0 to 2.22.0 (#5766, by @dependabot[bot])
- Add support for alternative domains for Invidious cookies (#5647, by @Fijxu)
- Only include '&' if params are present in
watchurls for playlist RSS (#5646, by @Fijxu) - Dockerfile: Switch to 84codes crystal compiler container image (#5473, by @Fijxu)
- fix: Do not append query params
quality=mediumto videos that are about to premiere (#5755, by @Fijxu) - Fix Youtube and Invidious links not rewinding their time when video playback position is rewound (#5601, by @Fijxu)
- feat: Add support for POST requests on searches for privacy (#5551, by @Fijxu)
- Fix last character disappearance if emoji are in comment (#5587, by @shiny-comic)
- Encapsulate videos parser and clip functions inside it's own
Invidious::Videos::ParserandInvidious::Videos::Clipmodule (#5745, by @Fijxu) - fix: fix author verification in channels (#5751, by @Fijxu)
- Add support for
/pl_cand/tvfilm_bannerpaths (thumbnails used in some playlists) (#5742, by @Fijxu) - fix: fix channel videos and playlists on searches (#5736, by @Fijxu)
- fix: fix
Missing hash key: "collectionThumbnailViewModel"(#5725, by @Fijxu) - chore(deps): bump int128/docker-manifest-create-action from 2.20.0 to 2.21.0 (#5721, by @dependabot[bot])
- chore: update openssl to 3.6.2 in OCI (#5701, by @Fijxu)
- Bump int128/docker-manifest-create-action from 2.19.0 to 2.20.0 (#5705, by @dependabot[bot])
- CI: Unify ARM64 and AMD64 Dockerfiles (#5700, by @Fijxu)
- CI: update Crystal 1.20.0 to 1.20.1 in ci.yml matrix (#5703, by @Fijxu)
- CI: display progress and stats when compiling Invidious in ci.yml matrix (#5696, by @Fijxu)
- CI: Bump Crystal version matrix (#5691, by @Fijxu)
- chore: update Crystal to 1.20.0 in OCI (#5692, by @Fijxu)
- player: Use correct time parameter for YouTube embed redirects (#5660, by @radmorecameron)
- chore: lint api/v1/channels.cr (#5693, by @Fijxu)
- Encapsulate helpers constants and functions inside it's own
Helpersmodule (#5639, by @Fijxu) - Encapsulate translation constants and functions inside it's own
I18nmodule (#5637, by @Fijxu) - Bump crystal-lang/install-crystal from 1.9.1 to 1.9.2 (#5686, by @dependabot[bot])
- Playlists: fix parsing error when some videos are paid for in a course (#5207, by @ChunkyProgrammer)
- Bump docker/login-action from 3 to 4 (#5661, by @dependabot[bot])
- Bump docker/build-push-action from 6 to 7 (#5662, by @dependabot[bot])
- Bump docker/metadata-action from 5 to 6 (#5663, by @dependabot[bot])
- Bump docker/setup-buildx-action from 3 to 4 (#5664, by @dependabot[bot])
- Remove noreferrer since youtube now requires referrers on embeds (#5642, by @ashleyirispuppy143)
- Remove trailing whitespaces from codebase (#5634, by @Fijxu)
- Add title listen button time updates (#5625, by @JeroenBoersma)
- Remove sort by rating and date in video search filters (#5629, by @Fijxu)
- Searches can be submitted through
-
π r/reverseengineering I Reverse Engineered An Undocumented Laptop's Embedded Controller rss
submitted by /u/feusx
[link] [comments] -
π r/reverseengineering I reverse engineered DeepSeek Chat into a free OpenAI compatible API (V4 & R1 models, no API key, no billing) rss
submitted by /u/whatisonearth
[link] [comments] -
π HexRaysSA/plugin-repository commits sync plugin-repository.json rss
sync plugin-repository.json No plugin changes detected -
π HexRaysSA/plugin-repository commits sync repo: +1 release rss
sync repo: +1 release ## New releases - [ida-settings-editor](https://github.com/williballenthin/ida-settings): 1.2.1 -
π r/reverseengineering GitHub - vichhka-git/renef-skills: Agent Skill (Claude Code + OpenCode) for operating renef.io β Android ARM64 dynamic instrumentation: hook native/Java, patch memory, trace syscalls, bypass SSL pinning/root detection; port Frida & GameGuardian scripts to renef Lua. rss
submitted by /u/ResponsiblePlant8874
[link] [comments]
-
- June 26, 2026
-
π IDA Plugin Updates IDA Plugin Updates on 2026-06-26 rss
IDA Plugin Updates on 2026-06-26
New Releases:
Activity:
- ida-settings
- e4f483c1: Merge pull request #25 from williballenthin/add-idc-show-function
- f674ad43: v3.5.1
- 03429519: v3.5.0
- 14ab204d: fix: resolve remaining ruff lint warnings
- e250c145: fix: ruff formatting
- 50156100: plugin: rename IDC function to ida_settings_show_plugin_settings
- 96edbffd: plugin: add ida_settings_show IDC function for cross-plugin integration
- ida-settings
-
π crosspoint-reader/crosspoint-reader v1.4.1 release
Improvements
- The web file manager's breadcrumbs have been updated to be cleaner and more consistent.
- Updated the Wireless Transfer section of the User Guide with clearer instructions.
- When toggling bookmarks, the icon now appears after the battery indicator (and X3 clock, if enabled) to reduce visual movement of icons.
- The X3 clock can now be set either on the left or right of the reader status bar.
Performance
- Optimized path normalization for faster file handling.
- Significantly improved bookmark rendering by removing unnecessary XPath lookups.
- Optimized dithered rectangle drawing (fillRectDither) using a byte-aligned rendering implementation, improving display performance on supported devices.
Bug Fixes
- Fixed a translation issue where the Inverted Orientation label was incorrectly combined with the Color Filter label.
- Fixed excessive ghosting on the X3 cover screen during sleep.
What's Changed
- feat: Allow statusbar clock to be on the left by @YouHusam in #2359
- fix: split inverted orientation label from color filter label by @uxjulia in #2421
- perf: optimise
normalisePathby @Uri-Tauber in #2162 - fix: small translation changes for german by @dasrecht in #2420
- fix: Optimize Bookmark Rendering by Removing XPath Lookup by @Uri-Tauber in #2417
- fix: X3 display ghosting on cover screen transitions by @itsthisjustin in #2422
- feat: move file manager breadcrumb into contents card header by @fain182 in #2430
- docs: update user guide wireless transfer section by @nnnkit in #2369
- perf: Optimize
fillRectDitherwith Byte-AlignedfillRectImplby @Uri-Tauber in #2270 - fix: keep status bar indicators stable when toggling bookmarks by @uxjulia in #2444
New Contributors
Full Changelog :
1.4.0...1.4.1 -
π backnotprop/plannotator v0.21.2 release
Follow @plannotator on X for updates
Missed recent releases? Release | Highlights
---|---
v0.21.1 | Annotate-last blank-page fix on multi-message sessions
v0.21.0 | Direct document editing in annotate mode, live git-status file tree, in-app agent terminal, open files in external apps, HTML renders as HTML
v0.20.3 | Annotations no longer lost when clicking away, off-screen indicator for open comments
v0.20.2 | Pierre CodeView all-files review, large-PR pipeline and instant-open checkout, unified agent engine selection, Pi programmatic plan mode
v0.20.1 | Pi extension install hotfix (pinned@pierre/diffsafter a broken upstream release)
v0.20.0 | Multi-repo workspace reviews, semantic diff overview, UI 2.0 themes and plan look chooser, leaner single-source skill install
v0.19.27 | Kiro CLI integration, Glimpse native window, annotate-last message picker
v0.19.26 | Amp plugin production fixes, Mermaid rendering fix, Settings flicker fix, update notification toast and shimmer
v0.19.24 | Amp integration, configurable data directory, Auto Mode permission option, Pi plan approval fix
v0.19.23 | Droid integration, Windows Pi AI fix, quieter update indicator
v0.19.22 | Safari copy fix in plan viewer, CLAUDE_CONFIG_DIR support for session logs
What's New in v0.21.2
Six PRs land in this release, with most of the work going into code review. You can now run your own Agent Skills as review profiles, and the review engine picker gains two new options β Cursor and OpenCode β alongside the existing Claude and Codex paths. A draft-persistence bug that resurrected deleted annotations is fixed, and Codex users get two improvements from a first-time contributor.
Custom Reviews as Agent Skills
Until now the code review engine ran a fixed review prompt. This release lets you point a review at any Agent Skill you already have installed. Enable a skill as a review profile and the agent runs that skill's instructions against your diff instead of the built-in prompt, so a security skill, a style-guide skill, or any review methodology you've written becomes a one-click review.
Findings also gained two new shapes. A review can now attach a finding to an entire file rather than a specific line, and it can raise a general finding that applies to the whole changeset instead of any single location. Whole-file and general findings render in their own sections and flow through to the exported feedback the agent receives, so nothing a reviewer raises gets dropped because it didn't map to a line.
PR #955, by @backnotprop. Requested by @gwynnnplaine in #897.
Cursor and OpenCode Review Engines
The review engine selection now includes Cursor and OpenCode in addition to Claude and Codex. Both run through a unified "marker" protocol: the agent runs its own CLI (
agentfor Cursor,opencode runfor OpenCode) against your changes and returns findings in a delimited block that Plannotator parses back into annotations. The engines are opt-in and only appear when their CLI is installed, and they share the same finding pipeline as the existing engines, so whole-file and general findings work across all four.PR #959, by @backnotprop.
Deleted Review Annotations Stay Deleted
In code review, deleting an annotation and then refreshing the page brought it back. The draft autosave kept the last saved copy, and a deletion wasn't being persisted as a real edit, so the next load restored the annotation the user had removed. This release records deletions with a generation tombstone so they survive a refresh and a late autosave can't revive them, while leaving genuine drafts intact.
PR #951 closing #948, reported by @alexanderkreidich.
Codex Ask AI Outside Git Repos
Ask AI on the Codex provider assumed it was running inside a git repository and failed when it wasn't. It now probes for a working tree and skips the git- repo check when there isn't one, so Ask AI works in plain directories that aren't under version control.
PR #965, by @ericclemmons.
Codex Desktop Review URL Surfacing
When Plannotator runs inside the Codex desktop app, the session URL wasn't easy to find. It now prints the review URL to the terminal when it detects the Codex desktop host, so the link is visible instead of buried.
PR #966, by @ericclemmons.
Additional Changes
- Landing page section order β the capabilities section now sits above the demos on the marketing site. PR #953, by @backnotprop.
Install / Update
macOS / Linux:
curl -fsSL https://plannotator.ai/install.sh | bashWindows:
irm https://plannotator.ai/install.ps1 | iexExtra skills (compound, setup-goal, visual-explainer), opt-in:
npx skills add backnotprop/plannotator/apps/skills/extraClaude Code Plugin: Run
/pluginin Claude Code, find plannotator , and click "Update now".OpenCode: Clear cache and restart:
rm -rf ~/.bun/install/cache/@plannotatorThen in
opencode.json:{ "plugin": ["@plannotator/opencode@latest"] }Pi: Install or update the extension:
pi install npm:@plannotator/pi-extensionDroid: Install via the plugin marketplace:
droid plugin marketplace add backnotprop/plannotator droid plugin install plannotator@plannotatorAmp: Install the CLI first, then copy the plugin:
mkdir -p ~/.config/amp/plugins curl -fsSL https://raw.githubusercontent.com/backnotprop/plannotator/main/apps/amp-plugin/plannotator.ts \ -o ~/.config/amp/plugins/plannotator.tsKiro CLI: The installer auto-detects Kiro and installs skills automatically. After installing the CLI, launch with:
kiro-cli chat --agent plannotatorUpgrading from before v0.20.0? Read the v0.20.0 release notes first; that release changed how skills install.
What's Changed
- fix(review): persist annotation deletions so they don't resurrect on refresh by @backnotprop in #951
- feat(marketing): restructure landing page section order by @backnotprop in #953
- feat(review): custom reviews as Agent Skills + whole-file/general findings by @backnotprop in #955
- feat(review): Cursor + OpenCode review engines (unified marker-review) by @backnotprop in #959
- Allow Codex Ask AI outside git repos by @ericclemmons in #965
- Improve Codex App review URL discoverability by @ericclemmons in #966
New Contributors
- @ericclemmons made their first contribution in #965
Contributors
@ericclemmons landed two Codex improvements in his first contributions to the project: making Ask AI work outside git repositories in #965, and surfacing the review URL when running inside the Codex desktop app in #966.
Thanks to @alexanderkreidich, who reported in #948 that deleted review annotations reappeared after a refresh β the bug this release fixes.
Full Changelog :
v0.21.1...v0.21.2 -
π r/reverseengineering Im Trying To Reverse GTAIV And Including Scripts, Here Is My Progress rss
submitted by /u/Glittering_World5725
[link] [comments] -
π r/reverseengineering Project IGI (1999) reverse engineering - partial docs, honest about gaps rss
submitted by /u/Inner-Combination177
[link] [comments] -
π Anton Zhiyanov Solod v0.2: Networking, new targets, friendlier interop rss
Solod (So) is a system-level language with Go syntax, zero runtime, and a familiar standard library. It's designed for two main audiences:
- Go developers who want low-level control and zero-cost C interop without having to learn Zig or Odin.
- C developers who like Go's style.
The previous version (v0.1) focused on porting core Go stdlib packages and providing convenient C interop. At the end of that post, I said the next release would focus on networking, concurrency, or both. Now, networking is here β the v0.2 release I'm sharing today includes support for TCP, UDP, and Unix domain sockets. Concurrency is still planned for the future, so for now, servers handle one connection at a time.
This release also lets you compile So to more targets, like 32-bit platforms, WebAssembly, and bare metal. And C interop even smoother!
Networking β’ TCP server β’ TCP client β’ Deadlines β’ IP addresses β’ Targets β’ Interop β’ Stdlib β’ Wrapping up
Networking
The main feature in v0.2 is the
netpackage. It's a simplified version of Go'snetpackage which supports the three most commonly used transports:- TCP (networks
tcp,tcp4,tcp6) viaResolveTCPAddr,DialTCP, andListenTCP, with theTCPConnandTCPListenertypes. - UDP (networks
udp,udp4,udp6) viaResolveUDPAddr,DialUDP(a connected socket), andListenUDP(an unconnected socket withReadFrom/WriteTo). - Unix domain sockets (
unixfor streams,unixgramfor datagrams) viaResolveUnixAddr,DialUnix,ListenUnix, andListenUnixgram.
The API mirrors Go closely, so most of it will feel familiar. The big difference is that So has no goroutines, so there's no concurrent server support β you accept and serve connections sequentially. More on that in a moment.
TCP server
Let's build a classic: an echo server that accepts a connection, reads a message, and sends it back.
package main import "solod.dev/so/net" func main() { // Resolve the local address to listen on. laddr, err := net.ResolveTCPAddr("tcp", "127.0.0.1:8080") if err != nil { panic(err) } // Start listening on the local address. ln, err := net.ListenTCP("tcp", &laddr) if err != nil { panic(err) } defer ln.Close() println("listening on", "127.0.0.1:8080") // Accept connections and serve them in a loop. for { conn, err := ln.Accept() if err != nil { panic(err) } serve(&conn) } } // serve reads one message from the connection, echoes it back, // and closes the connection. func serve(conn *net.TCPConn) { defer conn.Close() var buf [256]byte n, err := conn.Read(buf[:]) if err != nil { return } conn.Write(buf[:n]) } listening on 127.0.0.1:8080If you've written a TCP server in Go, this should look familiar β
ListenTCP, anAcceptloop, andRead/Writeon the connection. The only thing missing is ago serve(conn): without goroutines, each connection is handled to completion before moving on to the nextAccept.TCP client
The client starts the connection using
DialTCP, then usesWriteto send a request andReadto get the reply:package main import "solod.dev/so/net" func main() { // Resolve the server address. raddr, err := net.ResolveTCPAddr("tcp", "127.0.0.1:8080") if err != nil { panic(err) } // A nil laddr lets the system choose the local address. conn, err := net.DialTCP("tcp", nil, &raddr) if err != nil { panic(err) } defer conn.Close() // Send a request and read the reply. conn.Write([]byte("hello")) var buf [256]byte n, err := conn.Read(buf[:]) if err != nil { panic(err) } println(string(buf[:n])) } helloUDP and Unix domain sockets work in a similar way. For UDP, an unconnected
ListenUDPsocket usesReadFromto get data and the sender's address, andWriteToto send a reply. For Unix sockets, there areListenUnix(stream) andListenUnixgram(datagram).Deadlines
By default,
Accept,Read, andWriteare blocking. In Go, you'd typically use goroutines and contexts to prevent getting stuck forever. Since that's not available in So (yet), every connection and listener supports deadlines instead:// Give the client 5 seconds to send something. conn.SetReadDeadline(time.Now().Add(5 * time.Second)) n, err := conn.Read(buf[:]) if err == net.ErrTimeout { // The client went quiet; drop the connection. return }SetDeadline,SetReadDeadline, andSetWriteDeadlineare available onTCPConn,UDPConn,UnixConn, and listener types. When the deadline passes, any pending call fails withnet.ErrTimeout. If you don't set a deadline, a blocked call will wait forever. This isn't concurrency, but it's enough to keep a single-threaded server responsive.IP addresses
Along with
net, v0.2 ports Go'snet/netippackage, which provides small, allocation-free value types for IP addresses.Addrrepresents an IP address,AddrPortcombines an IP address with a port, andPrefixis an IP with a prefix length (a CIDR block):addr, err := netip.ParseAddr("192.168.1.10") if err != nil { panic(err) } println(addr.Is4()) // true ap := netip.AddrPortFrom(addr, 8080) println(ap.Port()) // 8080 prefix := netip.MustParsePrefix("192.168.1.0/24") println(prefix.Contains(addr)) // trueThese are simple value types that don't use any heap allocation, which fits well with So's explicit-memory approach. The
netpackage also providesSplitHostPortandJoinHostPortfunctions to help you work withhost:portstrings.New targets
Solod compiles to plain C, which (in theory) means it can target anything a C compiler can. Because of this, v0.2 adds new targets:
- 32-bit platforms. The compiler and stdlib now work correctly on 32-bit platforms, where
intand pointers are narrower. - WebAssembly (WASI). You can compile a So program to
wasm32-wasiand run it under any WASI runtime. - Freestanding mode. So programs can run on bare-metal systems without any C standard library. No libc means no malloc, but you can use
mem.Arenainstead.
Here's the complete toolchain you need to build a freestanding
wasm32binary usingzig cc:export CC="zig cc" export CFLAGS="-Oz --target=wasm32-freestanding -nostdlib -Wl,--no-entry -Wl,--export=main" so build -o main.wasm .A large part of the standard library (
bytes,strings,strconv,slices,maps,math,encoding/binary, and more) works just fine in freestanding mode. For more details, check out the freestanding guide.Friendlier interop
A bunch of smaller changes make Solod nicer to write.
Three new directives for low-level work, all documented in the interop guide:
//so:volatile var counter int // emits a C volatile //so:thread_local var perThread int // emits C11 _Thread_local //so:attr packed type header struct { // emits __attribute__((packed)) version byte length int }so:attrworks with variables, constants, types, and functions. You can use it on multiple lines, and the attributes will stack. For example,//so:attr aligned(16)will combine with//so:attr packed.Type aliases. So now supports Go-style type aliases:
type Byte = uint8Numeric C types. The
so/cpackage now includes named types for C's numeric types βInt,UInt,Long,Short,UChar,LongLong, and others. When you declare an extern function, you can use the actual C types in its signature instead of trying to guess the correct fixed-width Go type for your platform.Third-party packages. You can now add external So packages using
go installor by vendoring, and you can organize your own code into multiple modules. So doesn't have a real package ecosystem yet, but it's a good start.Better diagnostics. By default, panic messages report the C file and line. Pass
--track-sourceto report the original So source location instead:so run --track-source .There's also an optional
--check-nilflag that adds nil-pointer checks when accessing struct fields and calling interface methods. This way, if there's a bad dereference, the program will panic cleanly instead of causing a segmentation fault. Both options are off by default to keep the generated code more readable.More stdlib
Beyond
netandnet/netip, v0.2 adds a few more packages:encoding/hexβ hex encoding and decoding, includingDumpfor hexdump-style output.uuidβ generating and parsing UUIDs (v4 and v7), with random components from a cryptographically secure source.
And a small but handy update to memory management:
mem.Arena.Freenow reclaims the last allocation if you give it the matching pointer. It's a minor optimization, but it means a quick alloc/free pair on an arena no longer wastes space.Wrapping up
With v0.2, Solod has evolved from just "command-line tools and C glue" into something you can actually use on a network β like a TCP or UDP server, a small protocol client, or a Unix-socket daemon. The new targets (32-bit, WASM, freestanding) mean the same code can now run in more places, even down to bare metal.
The big thing that's still missing is concurrency. A server that handles requests one at a time works for some tasks, but a real network service needs to manage many connections at once. That's the obvious goal for v0.3 β adding some kind of concurrency, along with the stdlib packages that support it.
If you're interested, take a look at So's readme β it has everything you need to get started. Or try So online without installing anything.
-
π MetaBrainz Welcome Summer of Code 2026 contributors! rss
We are excited to announce the 7 GSOC participants working with us this summer on MetaBrainz projects!
Our apologies for not publishing this sooner, in this complicated first part of the year we simply forgot the announcement, but rest assured the work is progressing on all projects.As always, the selection process was incredibly tough. We received a great batch of proposals and had a limited number of slots.
We want to sincerely thank everyone who took the time to meet our community and submit a proposal with us!The whole list of selected proposals can be found on the GSOC website but here is a TL;DR breakdown:
ListenBrainz proposals:
Integrate MusicBrainz events into ListenBrainz
(Shirsak)
MusicBrainz has data about past and upcoming concerts that ListenBrainz users can't see yet. This project will bring live music events directly into ListenBrainz, allowing you to discover shows tailored to your favorite artists.
Compose Multiplatform Migration of ListenBrainz-Android
(Nirvan)
Currently, ListenBrainz has a native Android app but no iOS version. This project will migrate the app to a single, shared codebase using Kotlin Multiplatform. This means future features and bug fixes will launch on both Android and iOS at the same time.
Playlists Sorting and Organization
(Yateen)
Giving ListenBrainz playlists a massive user-experience upgrade. Users will soon be able to search through playlists, organize them using custom tags, sort tracks (by artist, title, or date added), and convert their MusicBrainz collections straight into playlists.
MusicBrainz proposals:
Modernize search storage format for the MusicBrainz database
(Junaid)
Cleaning up the under-the-hood engine that powers MusicBrainz search (Solr). By upgrading internal configurations and removing data redundancy, this project will optimize performance and make searching for music faster and more efficient.
GraphQL Server as a Musicbrainz API Alternative
(Sreehari)
Building a fast, modern alternative way for external developers to request MusicBrainz data. This makes it significantly easier and more efficient for third-party developers to build apps using our database.
BookBrainz proposals:
Set Up BookBrainz for Internationalization
(Garv)
Breaking down language barriers! BookBrainz is currently English-only. This project lays the technical groundwork to support multiple languages and sets up a BookBrainz project on translations.metabrainz.org where volunteer translators can start translating the site immediately.
Development of a new Calibre plugin for BookBrainz
(Waqib)
Connecting BookBrainz with Calibre (the popular e-book management software). This plugin will allow Calibre users to automatically pull book metadata and collections directly from BookBrainz to organize their personal digital libraries.
What if youβre not in GSoC 2026?
Reading this and feeling inspired for contributing to the code still? Volunteer contributors are very welcome all year round even though we might have slightly less time available to help you during the summer. It is also putting you in an ideal situation for applying to next yearβs GSoC. You can find some tips for applying to GSoC with us in one of our previous posts. When you are ready, join us on the MetaBrainz Matrix Channel and showcase your initiative and your skills!
-
π r/reverseengineering Reversed the game I grew up on, COD: BO2 Zombies and made a game cheat for it rss
submitted by /u/damnbruuh
[link] [comments]
-