Marvin

@NVIDIAGeForceDE @007GameIOI #007FirstLightRTX

Geheime Infos eingetroffen: Preis 003 ist da... Zu schnappen gibt es diese custom @007GameIOI GeForce RTX 5080 Founders Edition + eine PC-Version des Games. Du willst sie? Kommentiere #007FirstLightRTX unten

Ways to mitigate GitHub/npm supply chain attacks: - Use pnpm - Block all postinstall scripts unless necessary - Use minimumReleaseAge - Set up Trusted Publisher on npm/GitHub - Disallow npm tokens - Require 2FA for all org members - Avoid pull_request_target - If repo is public, consider restricting PRs to collaborators only - Pin GitHub actions (peter⁠-⁠evans⁠/⁠create⁠-⁠pull⁠-⁠request⁠@⁠v8 → peter⁠-⁠evans⁠/⁠create⁠-⁠pull⁠-⁠request⁠@⁠5f6978f...)

Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M. Four years ago, we started Socket because open source dependencies were flowing into production faster than anyone could vet them. AI has massively accelerated that. Code is being written, shipped, and deployed before any human reads it. Security has to operate at that same speed. One data point from Thrive's diligence that I keep coming back to: they first discovered Socket because @cursor_ai, @OpenAI, and @AnthropicAI all independently told them it was the most important security tool they'd adopted for AI-driven development. Three of the most sophisticated AI companies converging on the same vendor unprompted. Since our Series B, Socket has grown to more than 20,000 organizations, protecting over 1.5 million repositories and blocking more than 1,000 supply chain attacks every week. The team is now over 100 people. Three out of five FAANG companies are Socket customers. So are the companies building the most ambitious AI products: @AnthropicAI, @cursor_ai, @xai, @figma, @vercel, @Replit, @scale_AI, @GustoHQ, @Mercadolibre, and @cribl_io, alongside Fortune 100s in financial services and global media. What we've shipped since the last round: • Socket Firewall blocks malicious packages at install time, before they reach a developer's laptop or CI pipeline. Free for everyone. • Reachability analysis via our acquisition of Coana, eliminating 50-80% of irrelevant vulnerability alerts by focusing only on CVEs that are actually exploitable. • Socket Certified Patches for remediating exploitable CVEs in seconds without waiting on upstream maintainers. • Coverage extending to browser extensions, editor extensions, MCP servers, and AI tools via our acquisition of @secureannex. When the Axios compromise hit, our detection systems flagged the malicious dependency within six minutes. Within 24 hours, more than 2,000 organizations onboarded to Socket to block it. Where the funding goes: deeper investment in Firewall, massively expanding Certified Patches, moving protection closer to every point of install across the developer toolchain, and new product launches pushing Socket into a category we haven't entered before. We're hiring across engineering, sales, customer success, and threat intel. ❤️ Thank you to our customers, investors, and the open-source community for your support. Together, we’re making software safer for everyone.

@v_language @bunjavascript That is just amazing! Keep up the work. 🚀

@muuvmuuv @bunjavascript We now have optional Rust like ownership (`v -ownership .`), and we'll translate the most popular Rust projects to V. ripgrep first.

V has a flexible memory management system. You can disable the default GC and manage memory manually, or use arenas. A great use case for arenas is web apps. Allocate everything for a request in one arena, then free it all at once when the request finishes: v -prealloc veb_app

@jarredsumner What about @v_language

why: I am so tired of worrying about & spending lots of time fixing memory leaks and crashes and stability issues. it would be so nice if the language provided more powerful tools for preventing these things.

99.8% of bun’s pre-existing test suite passes on Linux x64 glibc in the rust rewrite

REMINDER: Starting Friday, May 8th, Instagram DM's will no longer be end-to-end encrypted. Instagram hasn't explained why they're dropping end-to-end encryption, which raises some pretty obvious questions about what they plan to do with your private messages.

There’s a famous Usenet story about a programmer (Mel) who refused higher level abstractions. It was the late 1950s, and even in that era, Mel was…well today we’d call him a boomer. Mel only wrote in raw hexadecimal. He didn’t approve of compilers, and refused to use optimizing assemblers. "You never know where it's going to put things”, he said. Everyone else in the company was moving on to FORTRAN, and they didn’t understand why Mel was so stubborn about using new tools. He *loved* self-modifying code. “If a program can’t rewrite its own code”, he asked, “what good is it?” Mel eventually left the company, and other engineers were tasked with understanding what was left. Mel’s hand-optimized routines always beat the assemblers; but some of it looked absolutely bizarre. One engineer took ~2 weeks to understand why there were loops with no exit condition…yet the program worked fine. I won’t spoil all the details, you should really read it, it’s short. But it’s a fantastic piece on “what defines a real programmer?”…which is becoming increasingly relevant in this vibe-coded era. I strive to understand computers as deeply as Mel! If we aren’t careful, we’re going to lose the “Mels” of this world to time. That’s part of why I go so deep in my youtube videos. I hope that younger viewers are genuinely fascinated by the inner workings of our machines, instead of handing everything off to higher abstractions.

@gyreas @v_language Troll

@v_language just delete your account.

V now has <50 open bugs! 10k+ bugs have been fixed. (We don't have a stale issue bot, each of those bugs has actually been fixed.) We're out of bugs, please report more :)

@ereechepeine @v_language Google „c“

@v_language Did you name that programming language "V" to make sure that no one can Google anything about it?

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail Write-up: xint.io/blog/copy-fail… GitHub: github.com/theori-io/copy… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

Zed 1.0: Your last next editor.

Your helpful buddy, Cabin, is available now as a 3D printable model! Print your very own Cabin figurine using a 3D printer, and customize it with your favorite facial expression! Download now: capcom-games.com/pragmata/en-us…

@wesbos Awesome haha. How about a button to randomly open X amount of tabs for me? I always feel too sorted with my two open tabs. 😅

Introducing Tab Snitch Liven up your screenshots and make co-workers uncomfortable with errant open tabs. tab.wesbos.com

@NVIDIAGeForceDE PRAGMATA RTX

PRAGMATA ist jetzt #RTXON – mit Path Tracing und DLSS 4! Zur Feier verlosen wir diese einzigartige GeForce RTX 5090 mit Hugh und Diana – perfekt für dein nächstes Abenteuer auf dem Mond. Du willst sie haben? Schreib „PRAGMATA RTX“ in die Kommentare, um teilzunehmen!

@NamesKieran @NatalieFratto From where can I get these?

@NatalieFratto What about these two?

I must acquire the final patch for my Artemis collection…

I left my old company because of this kind of woke agenda nonsense. The whole planet knows there are two genders, and yet companies are afraid of a tiny, loud minority and cater to their narcissistic need for attention.

HOME. The Artemis II crew has arrived back on Earth, ending a nearly 10-day journey around the Moon. The trip took them farther into space than humans have ever gone before, and now they're safely home with us. go.nasa.gov/41r9eL0

Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. anthropic.com/glasswing

Wir unterstützen das ausdrücklich und wünschen uns eine Überprüfung des für viele nicht nachvollziehbaren Urteils im Revisionsverfahren. Bitte unterzeichnet die Petition! #Einervonuns #Polizeifamilie #Blaulichtfamilie @DPolGBPOLG @DPolGBund c.org/6kYFQT5wtd