Today
Yesterday
Twenty One Zero-Days in FFmpeg
depthfirst
Kimi K2.7-Code: open-source coding model with better token efficiency
We’re on a journey to advance and democratize artificial intelligence through open source and open science.
Swift at Apple: Migrating the TrueType hinting interpreter
TrueType is a widely used vector font standard for rendering text in web pages, PDFs, operating systems, and applications. Familiar fonts like Helvetica, Garamond, and Monaco are all built on TrueType outlines. The format specifies a hinting interpreter intended to help outlines rasterize faithfully on low-resolution displays. Modern high-resolution displays enable beautiful typography from outlines alone, but TrueType fonts that need hinting to render legibly remain in use and we continue to su
AUR packages compromised with Infostealer and Rootkit
Last Updated: 2026-06-12T18:14:29Z (UTC) What’s Happening It appears a new AUR package maintainer impersonating a trusted maintainer adopted and infected 408+ packages. The compromise was reported and other AUR maintai…
WASI 0.3
https://github.com/WebAssembly/WASI/releases/tag/v0.3.0
Adaptive PDFs
An idea for PDFs that render normally for humans while exposing clean markdown structure to extractors and LLMs in the same file.
Where Did Earth Get Its Oceans? Maybe It Made Them Itself
At first, scientists thought Earth’s water came from comets. Then, asteroids. Now, they wonder if Earth’s water is homegrown.
Tesla Full Self Driving uses bicycle lane in official Denmark approval video
Teslas PR-video for selvkørende biler i Danmark viser flere fejl i den københavnske trafik. Cyklistforbundet og FDM er bekymrede.
Looking Forward to Postgres 19: It's About Time
Postgres 19 brings native temporal table support. Shaun Thomas covers WITHOUT OVERLAPS, FOR PORTION OF, and temporal foreign keys - and what's still missing.
Introduction to UEFI HTTP(s) Boot with QEMU/OVMF
Yet another enthusiast blog!There is no great achievement without great challenges.About meGitHubIntroduction to UEFI HTTP(S) boot with Qemu/OVMFJun 12, 2026 #qemu #ovmf #boot The historic go-to solution for network booting is PXE. PXE is based on DHCP and TFTP. It is tricky to correctly configure, even trickier to make it highly available and good luck with the security with this clear-text unsigned protocol.The modern web has long standardized on HTTPS with TLS certific
AMD Stiffs Researcher $10k Bug Bounty
AMD's auto-updater downloaded software over insecure HTTP, letting attackers inject malware during updates before a 124-day delayed fix.
This Week
Show HN: Homebrew 6.0.0
Today, I’m proud to announce Homebrew 6.0.0. The most significant changes since 5.1.0 are a new tap trust security mechanism, the new faster, smaller, default internal Homebrew JSON API, sandboxing on Linux, better defaults informed by our user survey, many brew bundle improvements, improved performance and initial support for macOS 27 (Golden Gate).Happy to discuss any questions here!
Malware developers added nuclear and biological weapons text to to their spyware
https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-wor...
Claude Fable 5: mid-tier results on coding tasks
We benchmarked Claude Fable 5 on 200 real-world coding tasks for the Agent Security League.
Solar generates more energy in US than coal for first time
Solar supplied 12.8% of US electricity in May even as Trump boosts coal over clean energy
macOS Container Machines
A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon. - container/docs/container-machine.md at main · apple/container
AI agent runs amok in Fedora and elsewhere
Agentic AI systems can be used to do a variety of things autonomously on behalf of a human user [...]
The RCE that AMD wouldn't fix
See also https://www.youtube.com/watch?v=4HjWHNLRMB0Related: The RCE that AMD won't fix - https://news.ycombinator.com/item?id=46906947 - Feb 2026 (173 comments)
FCC wants to kill burner phones by forcing telecoms to get all customers' IDs
https://archive.is/ZobUQ
MiMo-v2.5-Pro-UltraSpeed: 1T model with 1000 tokens per second
MiMo, in collaboration with TileRT, releases the UltraSpeed mode of Xiaomi MiMo-V2.5-Pro — breaking 1000 tokens/s generation speed on a 1T-parameter model for the first time on commodity GPUs through extreme model-system codesign.
AWS Bedrock to require sharing data with Anthropic for Mythos and future models
> For Fable 5, Mythos 5, and future models on Bedrock with similar or higher capability levels, Anthropic will require 30-day retention for all traffic on Mythos-class models. Retaining data for a limited period allows Anthropic to detect patterns of misuse that are not visible from a single exchange. Once you opt into data retention, your data will leave AWS’s data and security boundary.From the announcement here: https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on...> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.From: https://support.claude.com/en/articles/15425996-data-retenti...
Fully autonomous drones have killed human soldiers for the first time
A senior figure in the Ukrainian defence industry told New Scientist that a test took place two years ago involving fully autonomous drones set to destroy anything in a given area, with confirmed casualties
Global population movements from 1990 to 2023
https://www.socsc.hku.hk/rhps/global-migration/
BYD is bringing its 5-min 'Flash' electric car charging to Canada
BYD is hiring to build its 1,500 kW Flash Charging network in Canada - 5-minute EV charging that works at -20C, a North American first.
Web Browsers on Video Game Consoles
A comprehensive history of web browsers on video game consoles. From the CD-i to modern systems, exploring the evolution of the web on consoles in detail. Covering bespoke iterations, releases by PlanetWeb and NetFront, contemporary engines across Sega, PlayStation, Nintendo, and Xbox platforms, and other details.
Older
OpenAI’s o1 correctly diagnosed 67% of ER patients vs. 50-55% by triage doctors
Researchers say results mark a really ‘profound change in technology that will reshape medicine’
Accelerating Gemma 4: faster inference with multi-token prediction drafters
An overview of how Multi-Token Prediction (MTP) drafters are making Gemma 4 models up to 3x faster at inference.
A couple million lines of Haskell: Production engineering at Mercury
What it takes to run 2 million lines of Haskell in production at a fintech company serving 300,000 businesses.
Using “underdrawings” for accurate text and numbers
A technique for accurate text and numbers in AI-generated images: generate the layout deterministically, then ask the image model to paint on top.
ProgramBench: Can language models rebuild programs from scratch?
Abstract page for arXiv paper 2605.03546: ProgramBench: Can Language Models Rebuild Programs From Scratch?
Should I run plain Docker Compose in production in 2026?
Yes, plain Docker Compose can still run production workloads in 2026—if you close the operational gaps it leaves: cleanup, healing, image pinning, socket security, and updates.
Computer Use is 45x more expensive than structured APIs
We benchmarked computer use against auto-generated API endpoints on the same admin panel. 53 steps and 551k tokens vs 8 calls and 12k tokens.
Bun is being ported from Zig to Rust
Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one - docs: add Phase-A porting guide · oven-sh/bun@46d3bc2
Does Employment Slow Cognitive Decline? Evidence from Labor Market Shocks
Founded in 1920, the NBER is a private, non-profit, non-partisan organization dedicated to conducting economic research and to disseminating research findings among academics, public policy makers, and business professionals.
Google Chrome silently installs a 4 GB AI model on your device without consent
Google Chrome is downloading a 4 GB Gemini Nano model onto users
ZAYA1-8B matches DeepSeek-R1 on math with less than 1B active parameters
Who should care If you work with math, science problems, or complex coding tasks and you're looking for something small enough to run locally or cheaply via API, this is worth serious evaluation. The benchmark numbers at 760M active parameters are not normal and the Markovian RSA boost means performance scales with compute budget rather than hitting a fixed ceiling. If you're building agent workflows that need reliable tool calling or multi-step instruction following, look elsewhere fo
Show HN: Apple's SHARP running in the browser via ONNX runtime web
Hi HN, author here. SHARP is Apple's recent single-image 3D Gaussian splatting model (https://arxiv.org/abs/2512.10685). Their reference code is PyTorch + a pretty heavy pipeline; I wanted to see if it could run in a browser with no server hop, so I exported the predictor to ONNX and ran it via onnxruntime-web with the WebGPU EP.What works: drop in an image, get a .ply you can download or preview live, all on your machine — your image never leaves the tab. The model is large (~2.4 GB sidecar) so first load is slow on a cold cache, but inference itself is a few seconds on a recent Mac.Caveats: SHARP's released weights are research-use only (Apple's model license, not the code's). I host the exported ONNX on R2 so thedemo "just works", but you can also export your own from the upstream Apple repo and upload locally.Happy to talk about it in the comments :)
Valve releases Steam Controller CAD files under Creative Commons license
Modders, start your engines.
Show HN: Tilde.run – Agent sandbox with a transactional, versioned filesystem
Tilde turns running AI agents and pipelines on real data into a transactional, auditable operation. Compose GitHub, S3, and Drive as one versioned filesystem. Roll back any run with one command. Every network call audited.
Text-to-CAD
An open source harness for generating CAD models. Contribute to earthtojake/text-to-cad development by creating an account on GitHub.
Removable batteries in smartphones will be mandatory in the EU starting in 2027
Starting in 2027, smartphone batteries will once again be replaceable in the EU. Learn all about the new regulation and what this means for users.
GLM-5V-Turbo: Toward a Native Foundation Model for Multimodal Agents
Abstract page for arXiv paper 2604.26752: GLM-5V-Turbo: Toward a Native Foundation Model for Multimodal Agents
DNSSEC disruption affecting .de domains – Resolved
Current system status. View active incidents or upcoming maintenance. Subscribe to receive status notifications.
RaTeX: KaTeX-compatible LaTeX rendering engine in pure Rust
Rust TeX-style math layout with KaTeX-aligned golden tests. Ready-to-use packages for Web (WASM), iOS, Android, Flutter, and React Native—same display list everywhere.
Changing how we develop Ladybird
Ladybird is changing how code enters the project as we prepare to ship a browser to real users.