How Russia's new elite hit squad was compromised
The article discusses the complex geopolitical situation in the South Caucasus, focusing on the recent clashes between Armenia and Azerbaijan over the Nagorno-Karabakh region. It examines the historical context, the involvement of Russia and Turkey, and the potential implications for regional stability.
Compress 100 images in batch to target size online
Bulkimagecompressor.online is a free online tool that allows users to compress multiple images at once, reducing file size without compromising quality. The service supports a variety of image formats and provides a simple interface for batch image optimization.
Court Dismisses DISH's $25M IPTV Piracy Lawsuit Against UK Hosting Provider
A U.S. court has dismissed a $25 million lawsuit filed by Dish Network against a UK hosting provider, ruling that the provider was not liable for the alleged copyright infringement of its customers using the provider's services for IPTV piracy.
SRT vs. MOQT: Low-Latency Video Transport Comparison
Flightplanner: Spec-driven E2E testing for the age of AI agents
Investigation: How Russian government assassin was undone by Google Translate
OpenViking – A Context DataBase for AI Agents
OpenViking is an artificial intelligence company that develops advanced language models and natural language processing solutions for enterprise and academic applications. The company focuses on pushing the boundaries of language AI technology to enable more natural and intelligent interactions between humans and machines.
Show HN: Mesa – A collaborative canvas IDE built for agent-first development
Hi HN - I'm Ryan a product designer who codes, and I built Mesa. Current IDEs feel wrong for the type of development being done now - the focus is still on files.
Mesa puts the focus on the full workflow: your agent, terminal, browser, and files all live as equal nodes on a canvas with full multiplayer support. (think figma but for code)
I was tired of the overhead of switching windows, tabs, and terminals across multiple projects. Inspired by TouchDesigner and Factorio, I wanted something more fluid and visual. Been using it as a total replacement for Cursor at work every day now. Being able to see multiple repos at once and control agents on each without navigating windows has freed up my headspace and increased productivity.
It's free to try — would love to know what you think!
Show HN: UberSKILLS – Open-source Workbench for building AI agent SKILLS
Agent Skills (SKILL.md files) are reusable instruction sets that teach code agents like Claude Code, GitHub Copilot, Cursor, and Windsurf how to perform specific tasks. Right now, creating them is entirely manual - you hand-write YAML frontmatter and markdown, with no way to preview, validate, or test before deploying.
uberSKILLS is an open-source web app that gives you an integrated authoring environment for Agent Skills:
- AI-assisted creation - describe what you want in plain English, get a complete SKILL.md draft - Structured editor - edit metadata, instructions, and file templates with real-time validation - Multi-model testing - test your skill against any model on OpenRouter (Claude, GPT-4, Gemini, Llama, etc.) with streaming responses and token metrics - One-click deploy - deploy to 8 agents: Antigravity, Claude Code, Codex, Cursor, Gemini CLI, GitHub Copilot, OpenCode, and Windsurf - Import/export - bulk-import existing skills from directories or zips, export as zip - Version history - every edit is versioned automatically
Get started with a single command, no setup required:
npx @uberskillsdev/uberskills
Tech stack: Next.js 15, TypeScript, SQLite + Drizzle ORM, Vercel AI SDK, shadcn/ui, Tailwind CSS v4. Everything runs locally your data stays on your machine, API keys are encrypted with AES-256-GCM, and there's no account or cloud dependency.
MIT licensed. Would love feedback on the editor UX and which agent integrations matter most to you.
Openreach trials 'pioneering' fibre-optic water leak detection
Openreach, the UK's largest broadband network provider, is conducting trials of a new fibre-optic technology that can detect water leaks in its underground infrastructure. This innovative system aims to improve the efficiency and responsiveness of Openreach's network maintenance, benefiting both the company and its customers.
Iran War Impact on Helium
Hunter Alpha – 1T parameter and 1M token context window AI model
OpenRouter's Hunter Alpha is a powerful and flexible home router that offers advanced networking capabilities, including support for mesh networking, VPN, and IoT device management. The article highlights the router's customizable firmware, security features, and integration with cloud-based services.
How to Build an ML Framework in Rust, from Scratch, in a Weekend
The article introduces Zml, a new programming language that aims to simplify the creation of modern web applications by providing a typed, reactive, and declarative approach to user interface development.
Show HN: A 3-line wrapper that enforces deterministic security for AI agents
If you are building AI agents with frameworks like browser-use, LangChain, or OpenClaw, you've likely hit the "blast radius" problem.
A misconfigured prompt or hallucination can cause an agent to navigate to a phishing domain, expose an API key, or confidently claim a task succeeded when it actually clicked a disabled button.
The standard fix right now is "LLM-as-a-judge"—taking a screenshot after the fact and asking GPT-4, "Did this work and is it safe?" That introduces massive latency, burns tokens, and is fundamentally probabilistic.
We built predicate-secure to fix this.
It’s a drop-in Python wrapper that adds a deterministic physics engine to your agent's execution loop.
In 3 to 5 lines of code, without rewriting your agent, it enforces a complete three-phase loop:
Pre-execution authorization:
Before the agent's action hits the OS or browser, it is intercepted and evaluated against a local, fail-closed YAML policy. (e.g., Allow browser.click on button#checkout, Deny fs.read on ~/.ssh/*).
Action execution:
The agent executes the raw Playwright/framework action.
Post-execution verification:
It mathematically diffs the "Before" and "After" states (DOM or system) to prove the action succeeded.
To avoid the "LLM-as-a-judge" trap, the execution of the verification is purely mathematical. We use a local, offline LLM (Qwen 2.5 7B Instruct) strictly to generate the verification predicates based on the state changes (e.g., asserting url_contains('example.com') or element_exists('#success')), and then the runtime evaluates those predicates deterministically in milliseconds.
The DX looks like this:
from predicate_secure import SecureAgent from browser_use import Agent
1. Your existing unverified agent
agent = Agent(task="Buy headphones on Amazon", llm=my_model)
2. Drop-in the Predicate wrapper
secure_agent = SecureAgent( agent=agent, policy="policies/shopping.yaml", mode="strict" )
3. Runs with full Pre- & Post-Execution Verification
secure_agent.run()
We have out-of-the-box adapters for browser-use, LangChain, PydanticAI, OpenClaw, and raw Playwright.
Because we know developers hate giving external SaaS tools access to their agent's context, the entire demo and verification loop runs 100% offline on your local machine (tested on Apple Silicon MPS and CUDA).
For enterprise/production fleets, the pre-execution gate can optionally be offloaded to our open-source Rust sidecar (predicate-authorityd) for <1ms policy evaluations.
The repo is open-source (MIT/Apache 2.0). We put together a complete, offline demo showing the wrapper blocking unauthorized navigation and verifying clicks locally using the Qwen 7B model.
Repo and Demo: https://github.com/PredicateSystems/predicate-secure
Another demo for securing your OpenClaw:
https://github.com/PredicateSystems/predicate-claw
Demo (GIF):
https://github.com/PredicateSystems/predicate-claw/blob/main...
I'd love to hear what the community thinks about deterministic verification vs. probabilistic LLM judges, or answer any questions about the architecture!
Meta Platforms: Lobbying, Dark Money, and the App Store Accountability Act
The article examines the phenomenon of meta-lobbying, where organizations influence policy decisions not through direct lobbying, but by shaping the broader public discourse and agenda. It also discusses other related findings on the dynamics of political influence and transparency in policymaking.
Base25 – Feedback, roadmap, and changelog in one place
Base25 is a web-based platform that allows users to create and manage their own API endpoints, providing a simple and flexible solution for developing custom web applications and integrations.
I built a real-time operating system from scratch
GIMP: The Movie (2026) – Official Trailer [video]
Show HN: Open-source CLIs for Procore and EagleView (construction software APIs)
Hi HN. We're OpsRev. We build AI operations agents for construction companies.
These two CLIs are what our agents use internally to talk to Procore (construction project management) and EagleView (aerial property measurements). We decided to open-source them because the developer tooling in construction software is rough and nobody should have to re-solve the same auth and pagination problems we did.
procore-cli - pulls projects, RFIs, submittals, daily logs, budgets, schedules, and directory data from the Procore API. Handles OAuth2, company/project scoping, and pagination.
https://github.com/opsrev/procore-cli
eagleview-cli - covers the full measurement ordering lifecycle: browse products, price orders, place orders, retrieve reports and PDFs. Has sandbox mode for safe testing.
https://github.com/opsrev/eagleview-cli
Both are TypeScript, MIT licensed, and output JSON on every command (errors too, on stderr). We designed them for AI agent consumption but they work just as well in scripts, pipelines, or just poking around an API from the terminal.
Construction is a $2T industry that still runs on a lot of manual data entry between systems. If you're building anything in this space, hopefully these save you some time. Happy to answer questions about the APIs or how we use these in our agent workflows.
AFIM: Academic Fraud Inclination Metric
This article provides a guide on how to use the ArXiv Metric tool, which is a web-based tool that allows users to analyze and visualize citation data for papers published on the arXiv preprint server. The tool offers various features, including paper-level and author-level metrics, as well as the ability to explore citation networks and trends.
Show HN: Gohpts-IPv4/IPv6/TCP/UDP Transparent Proxy with ARP/NDP/Rdnss Spoofing
GoHPTS got updated to v1.12.1 with support for IPv6 protocol and NDP spoffing support (RA/NA spoofing, RDNSS injections)
GoHPTS has in-built functionality to perform NDP spoofing in IPv6 networks with Router Advertisement (RA) and Neighbor Advertisement (NA) packets. It also includes RDNSS option in RA packets to put host as a IPv6 nameserver for affected clients. When combined with transparent proxy mode (TCP/UDP), NDP spoofing allows `gohpts` to proxy traffic for clients in the local networks. As is the case with [ARP spoofing](#arp-spoofing), you can set ndp spoof options with single `-ndpspoof` flag:
Example:
sudo env PATH=$PATH gohpts -d -T 8888 -M tproxy -sniff -body -auto -mark 100 -ndpspoof "ra true;na true;targets fe80::3a1c:7bff:fe22:91a4;fullduplex false;debug true"
For more information about ndpspoof options see `gohpts -h` and https://github.com/shadowy-pycoder/ndpspoof
Plese note that some options like `rdnss`, `gateway`, `interface` are set automatically by `gohpts` itself to properly function as a proxy.
Since `gohpts` proxies all connections via upstream SOCKS5 server, you need to have a working server with IPv4/IPv6 and TCP/UDP support. Obviously, a remote machine (e.g. VPS) should also have IPv6 connectivity working. Needless to say, the machine on which `gohpts` is installed should be part of network with IPv6 support.
Example setup for NDP spoofing to work correctly:
1. Connect to VPS
ssh remote@203.0.113.10
2. Install dependencies
GO_VERSION=$(curl 'https://go.dev/VERSION?m=text' | head -n1) cd ~/Downloads/ && wget https://go.dev/dl/$GO_VERSION.linux-amd64.tar.gz sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf $GO_VERSION.linux-amd64.tar.gz
3. Setup SOCKS5 server (make sure firewall rules do not block used ports)
git clone https://github.com/wzshiming/socks5.git && cd socks5 go build -o ./bin/socks5_server ./cmd/socks5/*.go ./bin/socks5_server -a :3000
4. Go back to your host machine and install `gohpts` installation
5. Run `gohtps`:
sudo env PATH=$PATH gohpts -s 203.0.113.10:3000 -T 8888 -Tu 8889 -M tproxy -sniff -body -auto -mark 100 -arpspoof "fullduplex true;debug true" -ndpspoof "ra true;debug true " -6 -d
6. Get another device (phone, tablet, etc) and connect it to the same network. Try to access Internet and check if some traffic appears on your host machine. Check public IP address with some online tools (it should match your VPS address `203.0.113.10` in this case or global IPv6 address)
7. Stop proxy by hitting Ctrl+C
8. Profit!
Links: https://github.com/shadowy-pycoder/go-http-proxy-to-socks) https://codeberg.org/shadowy-pycoder/go-http-proxy-to-socks)
https://github.com/shadowy-pycoder/ndpspoof https://codeberg.org/shadowy-pycoder/ndpspoof
https://github.com/shadowy-pycoder/arpspoof https://codeberg.org/shadowy-pycoder/arpspoof
Atomic Britain: UK plans regulatory reset to boost nuclear power
The UK government plans to push for a 'nuclear reset' by investing in new nuclear power plants and promoting the use of nuclear energy as a clean energy source to combat climate change. The article highlights the government's efforts to revive the country's nuclear industry and increase its role in the future energy mix.
What do agents like OpenClaw bring to the table?
Interpol cybercrime crackdown leads to 94 arrests, 45,000 IP takedowns
Interpol coordinated a global operation called Synergia, involving 194 countries, to combat transnational organized crime groups engaged in trafficking of drugs, weapons, and humans. The operation resulted in the arrest of thousands of suspects and the seizure of large quantities of illicit goods.
Users protest as Google Antigravity price floats upward
Show HN: Grab – A declarative stream processor for delimited text data
I built grab because I wanted a more readable way to handle delimited data (CSV, TSV, whitespace) than the usual mix of awk and cut. It replaces cryptic 'schema' like $11 with a declarative one.
The goal was to build something with just enough features to serve a better UX while staying fast enough to stay out of the way.
ps aux | grab -d whitespace -m user,pid,cpu,mem,_:4,start,time,command:gj --json --skip 1
# Result:
# {"user":"root","pid":"1","cpu":"0.0","mem":"0.0","start":"Mar10","time":"0:03","command":"/sbin/init"}
# ...
Key points:- Readable mappings: Define schemas like <name> to map columns to fields, with support for <name>:N for aggregating multiple columns into arrays, <name>:g for greedy mapping (into arrays), _ to skip columns and even <name>:Nj to join multiple columns into a single field.
- Performance: Zero-copy tokenization in Rust. It processes ~17.1M fields/sec. On my machine, it shapes a ps aux dump into JSON in about 13ms.
- Schema enforcement: By default, it tells you exactly which line failed and why on stderr, rather than silently producing garbled data.
- Small & static: Single 800KB binary, zero dependencies.
I’m sharing it now to see if this "schema-first" approach to shell piping feels as useful to others as it has been for me.
Repo: https://github.com/anwitars/grab
Crates.io: https://crates.io/crates/grab-cli
Scale Is Absolutely Broken
The article discusses the concept of scale in the context of modern software systems, highlighting the challenges and limitations of traditional scaling approaches. It suggests that the traditional notion of scale is no longer adequate and calls for a fundamental rethinking of how we design and architect scalable systems.
Canadian ISP must hand over names associated with IPs in torrent copyright case
Voice Typing – Curated list of open-source speech-to-text tools
This article showcases a curated list of open-source libraries and resources for voice typing and speech recognition, providing developers with tools to integrate voice functionality into their applications.