An 18-year-old developer created RapidRAW, a high-performance, GPU-accelerated RAW image editor for Windows, macOS, and Linux in just 14 days using Rust and React, leveraging Google Gemini AI models. This lightweight (under 30MB) editor boasts AI-powered masking, generative editing capabilities, and a non-destructive workflow, making it a compelling alternative to Adobe Lightroom.
A vulnerability in Helm allows for local code execution through a carefully crafted Chart.yaml file and a symlinked Chart.lock file during dependency updates. Fields from Chart.yaml are written to Chart.lock during updates. If Chart.lock is symlinked to an executable file (e.g., bash.rc), updating dependencies writes the Chart.lock content to the symlinked file, leading to arbitrary code execution. Helm v3.18.4 patches this; upgrade and check for symlinked Chart.lock files.
A vulnerability in Git allows attackers to achieve remote code execution on Unix-like systems by crafting a malicious .gitmodules file. The vulnerability exploits inconsistencies in how carriage return (CR) and line feed (LF) characters are handled. By injecting CRLF, an attacker can modify submodule paths, causing the submodule to clone into an unexpected directory, enabling code execution. This has been patched; update Git and embedded Git versions.
Berry is a lightweight, fast, and powerful scripting language interpreter designed for microprocessors. It features a one-pass bytecode compiler and a register-based virtual machine, supporting imperative, object-oriented, and functional programming paradigms. Its simple and natural syntax, garbage collection, and easy-to-use FFI (Foreign Function Interface) make it developer-friendly. Compile-time object construction minimizes RAM usage by storing most constant objects in read-only code data segments. Its dynamic typing and flexibility make it ideal for embedding in applications, providing excellent dynamic scalability.
Apple's new Liquid Glass design language in iOS 26 beta 3 has undergone a significant change. Navigation bars, buttons, and tabs are now less transparent, addressing user complaints about readability issues in previous betas. While intended to improve usability, some users feel the change diminishes the distinctive glass-like aesthetic showcased at WWDC, deeming it a step backward. This developer beta suggests Apple is still fine-tuning the design before the public release in September.
epanet-js is a web application combining modern web maps with the EPANET hydraulic simulation algorithm. Built by Iterating using code from the open-source Placemark project, it offers a browser-based alternative to expensive, proprietary software. This innovative tool challenges the status quo, providing a powerful and accessible solution for water utility system planning and updates. The core library is open-sourced, showcasing the power of community contribution and open-source principles.
![Rust's `#[derive]` Macro Limitations and Workarounds](https://rgbcu.be/assets/icons/icon.webp){kind=icon}
Rust's `#[derive]` macro, when generating implementations for traits like `Clone`, requires all generic parameters to also implement `Clone`. This limits its applicability. The article analyzes two examples showing why this restriction prevents code from compiling. The author proposes two solutions: submitting an RFC to change compiler behavior, and writing a custom macro to circumvent the limitation. The author opts for the latter, planning to implement more flexible derive macros in the `derive_more` crate or a self-created crate to address this issue.
Lean 4.22 introduces an exciting new feature: a new verification infrastructure for proving properties of imperative programs. The post uses a simple example—determining if a list contains two integers that sum to zero—to demonstrate the feature's use and compares it to similar tools like Dafny and Verus. The new framework, Std.Do, leverages Hoare triples and combines the `mvcgen` and `grind` tactics to greatly simplify the verification process for imperative programs, even those with complex control flow like loops and early returns. Unlike automated systems relying on external SMT solvers, Lean's interactive proving approach offers greater reliability, easier debugging, and better maintainability, making it a compelling choice for real-world program verification tasks.
Ossia Score is an open-source sequencer designed for audio-visual artists to create interactive shows. It allows sequencing OSC, MIDI, DMX, sound, video, and more across multiple software and hardware. Create interactive intermedia scores, scripting and live-coding with JavaScript, ISF Shaders, Faust, PureData, or C++. Interact with joysticks, Wiimotes, Leap Motions, web APIs, and BLE sensors. Process visuals via Spout, Syphon, NDI, Shmdata, or Sh4lt; and sonify datasets with CSV and HDF5 support. Free, open-source, and runs on desktop, mobile, web, and embedded systems (even Raspberry Pi Zero 2).
The tinymcp project enables Large Language Models (LLMs) to control embedded devices via the Model Context Protocol (MCP). It leverages Golioth's LightDB state and Remote Procedure Calls (RPCs) to achieve this. Existing devices can expose RPCs without firmware modification by updating LightDB state. A simple blinky example demonstrates exposing LED control to an LLM via tinymcp. Users need to connect a device to the Golioth platform and run the tinymcp server locally. Tools like MCP Inspector and Claude Code are available for testing and interaction with tinymcp.
SUS HDL is a new hardware description language (HDL) aimed at simplifying the hardware design process. Unlike Verilog or VHDL, SUS features latency counting for easier timing and pipelining, a compiler that tracks and displays design aspects in the editor, and powerful metaprogramming capabilities for generating LUTs. Its core philosophy is a clean syntax for direct netlist generation, compatible with traditional synthesis tools. While it requires synchronous hardware, its ease of use and powerful features make it a promising alternative.
Soundslice's sheet music scanner started receiving tons of error logs: screenshots of ChatGPT sessions where users tried uploading ASCII guitar tab. The twist? ChatGPT was falsely claiming Soundslice supported this! To handle the influx of new users misled by this misinformation, Soundslice built an ASCII tab importer – a feature far from their 2025 roadmap. This raises the question: should companies develop features in response to AI-generated misinformation?
A $169 machine learning textbook, "Mastering Machine Learning," published by Springer Nature, has been accused of containing numerous fabricated citations. An investigation revealed that two-thirds of 18 checked citations either didn't exist or had significant errors. Several researchers cited confirmed the works were fake or the citations contained substantial inaccuracies. This raises concerns about the reliability of large language model (LLM)-generated content and the regulation of AI tools in academic publishing. The publisher is investigating, but the incident highlights the challenges to academic integrity posed by AI-assisted writing.
The author previously wrote a Sudoku solver using Poetry's dependency resolver and now attempts to solve Wordle using the more advanced uv. The article details how to translate the Wordle problem into a Python package dependency problem, cleverly using uv's dependency resolver to find the solution. By creating a series of packages representing letter positions and feedback, and setting dependencies between them, the author successfully solves Wordle using uv.
Inspired by Andrej Karpathy's Micrograd, Microjax is a library that replicates JAX functionality using only two classes and six functions. Unlike the popular PyTorch, Microjax adopts JAX's more functional programming style. This tutorial heavily borrows from Matthew J Johnson's excellent 2017 presentation on autograd, the predecessor to JAX, simplifying it and packaging it as a notebook.
arXivLabs is a framework for developing and sharing new arXiv features directly on the website, collaboratively. Participants must embrace arXiv's values of openness, community, excellence, and user data privacy. Got an idea to improve the arXiv community? Learn more about arXivLabs!
Deno 2.4 is here with exciting updates! The returned `deno bundle` command supports creating single-file JavaScript bundles, leveraging esbuild for tree-shaking and minification. The new `--unstable-raw-imports` flag allows direct import of text and byte data, simplifying the import of non-JavaScript files. Built-in OpenTelemetry support is now stable, removing the need for the `--unstable-otel` flag. Additionally, a new `--preload` flag lets you execute code before your main script, `deno update` simplifies dependency management, and `deno run --coverage` now collects coverage from subprocesses. Permission management is enhanced with support for subdomain wildcards and CIDR ranges. `package.json` support is improved, including better handling of conditional exports and local npm packages.
This article delves into a comprehensive compatibility test of various tar formats (v7, ustar, pax, GNU, etc.). The results reveal that POSIX ustar boasts the best compatibility, while GNU excels with long paths and large files. Pax, although feature-rich, suffers from poor compatibility. The author recommends prioritizing ustar, using GNU for long paths and large files when necessary, and exercising caution with pax's extended features to ensure maximum compatibility.
This article explores how AI could revolutionize chip design by enabling a 'full-stack' approach. Traditionally, front-end (RTL design) and back-end (GDS generation) teams work in isolation, leading to inefficiencies. The author argues that AI, particularly LLMs, can bridge this gap by creating knowledge bases, improving RTL generation, and enhancing documentation. This will shorten iteration cycles, potentially allowing single individuals or small teams to handle the entire chip design flow. This increased efficiency is crucial for navigating rising manufacturing and EDA tool costs, and will become a key competitive advantage for chip design companies.
This article unveils lesser-known Python techniques discovered while exploring widely-used libraries. The author highlights using `super()` in base classes for cooperative multiple inheritance, employing mixins for modular feature addition, leveraging relative imports for package-specific searches, and utilizing `__init__.py` beyond package declaration for API simplification and initialization. The article also reveals `conftest.py`'s role in pytest module recognition and the value of studying library design papers for deeper understanding.
Tired of wrestling with systemd unit files? systemd-lsp is a game-changer. This Rust-based Language Server Protocol (LSP) implementation provides syntax highlighting, diagnostics, autocompletion, documentation on hover, and formatting for your systemd unit files. Built with Rust for speed and safety, it's a single, self-contained binary with embedded documentation, compatible with all major LSP-enabled editors across Linux, macOS, and Windows. Installation is a breeze using Cargo. Try it today!
Backlog.md transforms any Git repository into a self-contained project board using plain Markdown files. This zero-config CLI tool offers a markdown-native task management system, a private offline experience, an instant terminal Kanban view, a modern web interface, AI-ready commands, and rich query capabilities. It's cross-platform, MIT-licensed, and perfect for managing tasks directly within your Git workflow.
This blog post details a unique programming interview question: implementing an asynchronous queue, `sendOnce`, ensuring a single-threaded client only sends one request to a faulty server at a time. The interview assesses candidates' ability to handle tricky flag logic, debug code, program in a single-threaded environment, and adapt to new requirements (like minimum delays, batch sending, cancellation mechanisms, retries, etc.). The author also discusses AI's role in interviews, arguing that while AI can assist with coding, candidates still need code review skills; efficient AI tool usage is a new evaluation criterion.
OpenCode is an open-source AI coding agent built for the terminal, similar to Claude Code but with key differences: it's fully open-source, supports OpenAI, Google, or local models, and prioritizes a Terminal User Interface (TUI). Its client/server architecture allows for remote access, such as via a mobile app. The team encourages users to propose new features on GitHub and provides installation instructions and details for local execution.
This book covers everything you need to understand complete systems like SSL/TLS: block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms. Learn by doing – exploit common cryptographic flaws, forge administrator cookies, recover passwords, and even backdoor your own random number generator.
In 1995, the author joined a struggling Apple, becoming a QuickDraw GX graphics engineer. After the project's failure, he was assigned to the ColorSync team to port the 68K-based color picker to the PowerPC architecture. He not only successfully completed the task but also developed extra features like HSV, HTML, and crayon color pickers based on personal preference. However, he included lines from T.S. Eliot's poem as an Easter egg, violating copyright and nearly costing him his job. Ultimately, he was reprimanded but kept his position, and this experience taught him the importance of professional conduct.
This article details the author's journey bootstrapping the Rust compiler using GCC instead of LLVM. The process was fraught with challenges, encountering three major bugs: the `#[inline(always)]` attribute on recursive functions, an incorrect implementation of the 128-bit SwitchInt terminator, and a misaligned memory access. Employing a 'lobotomy' debugging approach, the author progressively identified and fixed these issues, successfully achieving a Stage 2 build and progressing towards Stage 3. The article shares debugging techniques like using core dumps to analyze segfaults and explores the complexities of compiler optimizations.
BitChat is a secure, decentralized, peer-to-peer messaging app built on Bluetooth mesh networks. No internet, servers, or phone numbers are required; just pure encrypted communication using X25519 key exchange and AES-256-GCM. Features include room-based chats (with optional password protection), offline message storage and forwarding, and a strong focus on privacy (no accounts, phone numbers, or persistent identifiers). BitChat offers native support for iOS and macOS, incorporating performance optimizations like LZ4 compression and adaptive battery modes. The project is open-source and designed for cross-platform compatibility.
This article explores the concept of functions as infinite-dimensional vectors, demonstrating how the tools of linear algebra can be applied to a wide range of problems, from image and geometry processing to curve fitting, light transport, and machine learning. Starting with finite-dimensional vector spaces, it progresses to infinite dimensions, proving that functions form a vector space. The article then delves into linear operators, differentiation, the Laplacian operator, and the spectral theorem's application in function spaces, culminating in application examples such as Fourier series, image compression, and spherical harmonics.
A programmer, highly sensitive to latency, found a significant improvement after upgrading to a 240Hz monitor. However, switching USB ports for his wireless mouse introduced delays of around 10ms every few seconds. To precisely measure this, he developed a tool, found.as/l, that displays the delay between browser-rendered frames and pointer movements, along with pointer event batching and offsets. He also had to modify his xmit.toml to add CORS headers for high-precision timers. His observations were confirmed, leading him to avoid the problematic USB port.