Rivian Unveils Custom Silicon, R2 Lidar Roadmap, and Universal Hands Free
Rivian unveils its custom silicon R2 LiDAR, a roadmap for universal hands-free driving, and details on its next-generation autonomy platform. The article highlights Rivian's advancements in developing in-house technology to enhance the safety and capabilities of its electric vehicles.
Denial of service and source code exposure in React Server Components
See also: https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-..., https://nextjs.org/blog/security-update-2025-12-11
Show HN: Sim – Apache-2.0 n8n alternative
Hey HN, Waleed here. We're building Sim (https://sim.ai/), an open-source visual editor to build agentic workflows. Repo here: https://github.com/simstudioai/sim/. Docs here: https://docs.sim.ai.
You can run Sim locally using Docker, with no execution limits or other restrictions.
We started building Sim almost a year ago after repeatedly troubleshooting why our agents failed in production. Code-first frameworks felt hard to debug because of implicit control flow, and workflow platforms added more overhead than they removed. We wanted granular control and easy observability without piecing everything together ourselves.
We launched Sim [1][2] as a drag-and-drop canvas around 6 months ago. Since then, we've added:
- 138 blocks: Slack, GitHub, Linear, Notion, Supabase, SSH, TTS, SFTP, MongoDB, S3, Pinecone, ...
- Tool calling with granular control: forced, auto
- Agent memory: conversation memory with sliding window support (by last n messages or tokens)
- Trace spans: detailed logging and observability for nested workflows and tool calling
- Native RAG: upload documents, we chunk, embed with pgvector, and expose vector search to agents
- Workflow deployment versioning with rollbacks
- MCP support, Human-in-the-loop block
- Copilot to build workflows using natural language (just shipped a new version that also acts as a superagent and can call into any of your connected services directly, not just build workflows)
Under the hood, the workflow is a DAG with concurrent execution by default. Nodes run as soon as their dependencies (upstream blocks) are satisfied. Loops (for, forEach, while, do-while) and parallel fan-out/join are also first-class primitives.
Agent blocks are pass-through to the provider. You pick your model (OpenAI, Anthropic, Gemini, Ollama, vLLM), and and we pass through prompts, tools, and response format directly to the provider API. We normalize response shapes for block interoperability, but we're not adding layers that obscure what's happening.
We're currently working on our own MCP server and the ability to deploy workflows as MCP servers. Would love to hear your thoughts and where we should take it next :)
[1] https://news.ycombinator.com/item?id=43823096
[2] https://news.ycombinator.com/item?id=44052766
Pop_OS 24.04 LTS with COSMIC desktop environment
The article is a letter from the founder of System76, the company behind the Pop!_OS Linux distribution, discussing the company's commitment to open source, its vision for the future of Pop!_OS, and its efforts to maintain a strong community around the operating system.
A Developer Accidentally Found CSAM in AI Data. Google Banned Him for It
A developer accidentally discovered child sexual abuse material (CSAM) in AI training data and reported it to Google. Despite his good intentions, Google banned him from their platforms for violating their policies, raising concerns about the challenges of addressing harmful content in large-scale AI systems.
Powder and stone, or, why medieval rulers loved castles
The article explores the evolution of medieval architecture, highlighting the transition from the use of timber to stone construction. It examines the technological and societal factors that drove this shift, which had a profound impact on the aesthetic and structural design of medieval buildings.
Laying out the 404 Media zine
The article explores the rise of '404 Media', a zine that celebrates the affinity between Linux and creative communities. It examines how the zine serves as a platform for showcasing the diverse applications of Linux in art, music, and other creative endeavors.
Crick and Watson Did Not Steal Franklin's Data
The article explores the longstanding debate over whether Crick and Watson unethically used Rosalind Franklin's data in their discovery of the DNA double helix structure. It provides a balanced perspective on the complex historical and scientific context surrounding this controversy.
Show HN: Gotui – a modern Go terminal dashboard library
I’ve been working on gotui, a modern fork of the unmaintained termui, rebuilt on top of tcell for TrueColor, mouse support, and proper resize handling. It keeps the simple termui-style API, but adds a bunch of new widgets (charts, gauges, world map, etc.), nicer visuals (collapsed borders, rounded corners), and input components for building real dashboards and tools. Under the hood the renderer’s been reworked for much better performance, and I’d love feedback on what’s missing for you to use it in production.
Two new RSC protocol vulnerabilities uncovered
Next.js releases a security update addressing vulnerabilities in earlier versions. The update provides important security fixes and improvements to enhance the overall security of Next.js applications.
Stoolap: High-performance embedded SQL database in pure Rust
Stoolap is an open-source, self-hosted application platform that simplifies the process of deploying and managing web applications. It provides a unified interface for managing multiple applications, databases, and other services, making it easier to develop and maintain complex software projects.
Age Verification Is Coming for the Internet
The article discusses the growing trend of age verification on the internet, outlining the potential risks and providing a resource hub to help users fight back against these measures, which could undermine online privacy and free expression.
23,746 Patients Died on Waitlists in Past Year
The article reports that 23,746 patients died while on waitlists for medical treatment in the past year, highlighting the urgent need to address delays and improve access to healthcare.
Deno 2.6
Deno version 2.6 introduces several improvements, including better performance, more secure defaults, and new features such as a new debugger and support for streaming responses.
Why GPT-5.2 is our model of choice for Augment Code Review
The article discusses Augment's choice of GPT-5.2 as their model for code review, highlighting its advanced capabilities in understanding and analyzing code, as well as its ability to provide contextual feedback and suggestions to developers.
Flock cameras remained active after officials asked to be turned off
The article explores how Flock Safety, a private company providing license plate reader cameras, continued operating in some cities even after local authorities asked them to turn off the cameras. The article examines the company's practices and the implications for privacy and law enforcement oversight.
Operation Bluebird wants to reclaim Twitter's trademark for a new social network
The article discusses Twitter's recent filing of trademark applications for the term 'Operation Bluebird', which has sparked speculation about the company's potential plans for a new product or feature. The article explores the implications and possible motivations behind this trademark filing.
Malicious VSCode Marketplace extensions hid trojan in fake PNG file
Researchers have discovered malicious Visual Studio Code extensions on the Marketplace that conceal a Trojan in a fake PNG file, potentially compromising users' systems. The extensions were designed to bypass security checks and deliver malware to unsuspecting developers.
Hundreds quarantined as measles outbreak accelerates in the South
An outbreak of measles in the southern United States has led to hundreds of people being quarantined, as health officials work to contain the spread of the highly contagious disease.
Making Pigs Fly (a.k.a. Getting the Verifier to Approve eBPF Code)
The article discusses the challenges of getting a Verifier, a crucial component for distributed systems, to work correctly. It highlights the technical complexities involved and the importance of thorough testing and verification to ensure the Verifier's reliability.