Prepare for takeoff. ✈️ Flight simulator is now available globally on web to all users. goo.gle/4fBYnWO We've recently added many our most powerful professional desktop features to web. Elevation profiles, new import types, but there's always been one other feature you've been asking us to add to the web version of Google Earth, just for fun... Where will you fly? Share your best maneuvers, views, and flyovers with us!

After years of slow development, aMule is back with version 3.0.0, bringing one of the biggest updates in the project’s history. The release modernizes the classic eD2k/Kad file-sharing client and delivers huge performance improvements. According to the developers, download speeds can be between 100x and 380x times faster than those in version 2.3.3 on the same hardware. Some of the biggest changes include: - Download speeds up to 380× faster than aMule 2.3.3. - Upload speeds up to 4.8× faster than eMule 0.70b in some tests. - Disk operations no longer block the main thread, making the client more responsive. - Upload and download speed limiters have been completely redesigned. - Better support for very large libraries with more than 100,000 shared files. - HTTPS support has been restored using modern TLS libraries. - The project now uses CMake instead of autotools, making development easier. - Native builds are available for Linux, Windows, and macOS, including ARM64 devices. - Shared folders are rescanned automatically, and overall UI responsiveness has been improved.

Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex. Blog post: blog.calif.io/p/codex-discov… PoCs: github.com/califio/publicati…

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

I extracted the gpt-image-2 watermark! testing it on different types of images now

Handling schema changes in Polars. Our latest blog post maps the four shapes of schema change (a new column appears, an expected one disappears, a type drifts, or one breaks) to the Polars solution that handles each, across CSV, multi-file Parquet, Delta Lake, and Apache Iceberg. Read the full breakdown here: pola.rs/posts/schema-evoluti…

On form validation

🆕 Today, we're releasing the public preview of Workflows, the orchestration layer for enterprise AI. 🌎 Enterprise teams have capable models. What they don't have is a way to run them reliably in production. That's the gap Workflows fills. It takes AI-powered business processes from prototype to production, with the durability, observability, and fault tolerance that production actually requires. Leading organisations like ASML, ABANCA, CMA-CGM, France Travail, La Banque Postale, Moeve, and many others are already using Workflows to automate critical processes.

🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯

Gemini Embedding 2 is now generally available in the Gemini API and Vertex AI! Start building with our first natively multimodal embedding model, now equipped with the stability and optimizations required for production apps.

Imagine every pixel on your screen, streamed live directly from a model. No HTML, no layout engine, no code. Just exactly what you want to see. @eddiejiao_obj, @drewocarr and I built a prototype to see how this could actually work, and set out to make it real. We're calling it Flipbook. (1/5)

Google Stitch introduced a new concept: DESIGN . md Like README . md but for design systems. A plain markdown file that LLMs read to generate consistent UI. An awesome collection of DESIGN . md files inspired by developer-focused websites like Stripe, Vercel, Linear, Notion, Figma and more. Drop one into your project. Your AI coding agent builds the rest.

say hello to free-code claude code source code fully recompiled, telemetry stripped, security guardrails prompts stripped, all working experimental features enabled including ultraplan mode - a new async agentic planning mode where claude starts a multi-agent research session in the browser lasting between 10 and 30 minutes since i know there are gonna be DMCA strikes on this i've uploaded it on the blockchain on IPFS

I know you're all getting mighty tired of seeing typography on your timeline today! But here's a pretext.js demo that (hopefully) isn't a crime against justification and indentation.

Imaginez : vous tombez sur une page web suspecte, vous la soumettez à votre assistant IA pour vérifier si c'est safe. Il analyse le contenu, puis vous certifie que tout est clean. Sauf que le texte qu'il a lu dans le HTML et ce que votre navigateur affiche à l'écran n'ont strictement rien à voir. Des chercheurs en sécurité ont monté une attaque qui repose sur deux ingrédients : une font custom et un peu de CSS. Le tout sans JavaScript, sans exploit, sans faille. Et vous savez quoi ? Aucun assistant IA du marché n'a détecté la supercherie. lesjoiesducode.fr/police-car…

My dear front-end developers (and anyone who’s interested in the future of interfaces): I have crawled through depths of hell to bring you, for the foreseeable years, one of the more important foundational pieces of UI engineering (if not in implementation then certainly at least in concept): Fast, accurate and comprehensive userland text measurement algorithm in pure TypeScript, usable for laying out entire web pages without CSS, bypassing DOM measurements and reflow

A critical 9.8 CVSS zero-click flaw (ZDI-CAN-30207) hits Telegram, affecting 1 billion users. No interaction needed for full system hijack. Patching now! #Telegram #CyberSecurity #ZeroClick #InfoSec #ZDI #Vulnerability #Privacy #ZeroDay #DigitalPrivacy securityonline.info/telegram…

Introducing TurboQuant: Our new compression algorithm that reduces LLM key-value cache memory by at least 6x and delivers up to 8x speedup, all with zero accuracy loss, redefining AI efficiency. Read the blog to learn how it achieves these results: goo.gle/4bsq2qI

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.