OpenAI Codex, 10k GitHub Trojan Repos, BGE-M3 Embeddings – Jun 19

openai/codex: terminal-based open-source coding agent

openai/codex

• ★ 92.1k
• ⮂ 13.6k

openai/codex is an open-source, Rust-based coding agent that operates directly in the terminal, built to assist developers with code-related tasks. The repository is written in Rust and released under the Apache-2.0 license, supporting installation on Mac or Linux via the Codex CLI. It currently holds 92,070 stars and 13,610 forks on GitHub.

all-MiniLM-L6-v2: compact sentence-embedding model for semantic search

sentence-transformers/all-MiniLM-L6-v2

• ♥ 4,974
• ⇣ 216.3M

all-MiniLM-L6-v2 is a sentence-transformers model that maps sentences and paragraphs into a 384-dimensional dense vector space, enabling tasks such as semantic search, clustering, and sentence similarity. Released under the Apache 2.0 license, it supports multiple runtime formats including PyTorch, TensorFlow, ONNX, and Safetensors. With 216,288,695 downloads and 4,974 likes, it is one of the most widely adopted embedding models on Hugging Face.

Tower Before Dusk: I Built a Puzzle Game for Humans and AI

• ♥ 39
• 💬 29

This is a submission for the June Solstice Game Jam It's interesting how the most exciting ideas… Context: Dev.to – AI/ML.

bge-m3: multilingual sentence embedding model from BAAI

BAAI/bge-m3

• ♥ 3,127
• ⇣ 27.8M

BGE-M3 is a sentence-similarity embedding model designed for multi-functionality, multi-linguality, and multi-granularity text representation. Built on XLM-RoBERTa and compatible with sentence-transformers, it supports feature extraction across many languages. The model is MIT-licensed and has accumulated 27,841,022 downloads and 3,127 likes on Hugging Face, indicating substantial adoption for retrieval and similarity tasks.

bert-base-uncased: Google's foundational English fill-mask language model

google-bert/bert-base-uncased

• ♥ 2,684
• ⇣ 45.3M

bert-base-uncased is Google's pretrained English language model that uses a masked language modeling objective to predict hidden words in text. It remains a widely used foundation model for NLP tasks like text classification and question answering. With over 45,272,769 downloads and 2,684 likes, it is one of the most adopted models on Hugging Face. The model is available under the Apache-2.0 license and supports PyTorch, TensorFlow, JAX, ONNX, and Rust runtimes.

anthropics/financial-services: reference AI agents for financial workflows

anthropics/financial-services

• ★ 31.9k
• ⮂ 4,571

An open-source Python repository from Anthropic providing reference agents, skills, and data connectors tailored to common financial-services workflows. It targets investment banking, equity research, private equity, and wealth management use cases, offering building blocks rather than finished products. The repo is Apache-2.0 licensed, has accumulated 31,908 stars and 4,571 forks, and currently shows 166 open issues.

Congrats to the Hermes Agent Challenge Winners!

• ♥ 17
• 💬 4

We are thrilled to announce the winners of the Hermes Agent Challenge! Over the past few weeks, the…

Kilo Code: open-source AI coding agent for VS Code, JetBrains, and CLI

Kilo-Org/kilocode

• ★ 22.4k
• ⮂ 2,712

Kilo Code is an open-source AI coding agent written in TypeScript and licensed under MIT, designed to assist developers directly within VS Code, JetBrains IDEs, and the command line. It functions as an agentic engineering platform that integrates with models like Claude and ChatGPT to automate coding tasks across multiple development environments. The repository has accumulated 22,376 stars and 2,712 forks on GitHub.

Zero-Touch OAuth for MCP

• ▲ 170
• 💬 64

The Enterprise-Managed Authorization extension to the Model Context Protocol is now stable, letting organizations provision MCP server access centrally through their existing identity provider. Users connect to servers on first login without per-app OAuth flows, reducing friction in enterprise deployments. The discussion drew 170 points and 64 comments on Hacker News, reflecting practitioner interest in simplifying MCP authentication.

I'm not a developer, but I built a calendar app to fix my most annoying work task

• ♥ 10

I’m not a developer! I’ve never coded anything in my life. As far as I’m concerned, a Cloudtop is… Context: Dev.to – AI/ML.

The Reliability Problem That Forced Us to Rethink AI Agents

• ♥ 6

A few months into building AI agents for client projects, we hit a pattern that should sound familiar… Context: Dev.to – AI/ML.

The Winner of the AI-Pocalypse? The Full-Stack Generalist (But Probably Later Instead of Sooner)

• ♥ 5
• 💬 10

We've been told since late 2022 that "within 6 months, we won't need software engineers anymore". I… Context: Dev.to – DevOps.

Flue: TypeScript sandbox agent framework from Astro

withastro/flue

• ★ 5,571
• ⮂ 308

Flue is an open-source TypeScript framework for building autonomous agents and AI workflows using a programmable sandbox harness. Developed under the withastro organization and licensed under Apache-2.0, it provides a programmatic approach to constructing agent-based systems in TypeScript. The repository has accumulated 5,571 stars and 308 forks, with 18 open issues on its main branch.

GLM-5: open-source agentic coding LLM from zai-org

zai-org/GLM-5

• ★ 4,253
• ⮂ 436

GLM-5 is an open-source large language model from zai-org, built for agentic engineering and long-horizon coding tasks. The repository presents GLM-5.2 as the flagship model, targeting use cases that span extended multi-step workflows rather than single-shot code generation. It is licensed under Apache-2.0 and has accumulated 4,253 stars and 436 forks on GitHub.

Building Tri-Fort: Why We Abandoned Pure Machine Learning and Built a Construction Intelligence Engine Instead

• ♥ 2

Introduction Over the last several months, I've been building Tri-Fort, an AI-powered… Context: Dev.to – Machinelearning.

Locofy: design-to-code agents

Go from designs to developer-friendly frontend code in a flash without changing your tech stack or workflows. Get responsive, interactive, and modular code that you can easily export or sync to GitHub/VS Code. Worth checking for automation claims, data-access patterns, and human-in-the-loop requirements.

Viktor for Microsoft Teams

Your AI tools answer questions. Viktor does the work. It lives in Slack and Microsoft Teams, connects to 3,200+ tools across your stack, and acts on its own. It watches how your team works, spots problems before anyone notices, and proposes automations built around how your company actually works. It manages campaigns… Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

Bernie Sanders wants to give every American $1000 a year from AI profits and the reasoning actually makes sense

An article discusses proposed legislation by Bernie Sanders that would distribute $1,000 annually to every American from AI industry profits, arguing that since AI models trained on the public's writing, art, and code, the resulting wealth should be shared with the people whose data built it. The Reddit thread on r/artificial references a $7 trillion figure tied to the proposal. The linked page itself did not load substantively, so details are drawn from the submission conte…

Gemini helped me get scammed

A Reddit post on r/artificial recounts a user being misled by Google's Gemini chatbot during a stressful airport situation involving flight delays. The user asked Gemini for assistance, received inaccurate information at face value, and was scammed as a result. The poster accepts personal responsibility for trusting the AI output without verification, highlighting ongoing concerns about LLM reliability for time-sensitive real-world tasks.

[OC] I mapped AI exposure and robotics risk for Japan's 70.5M workers and found two different automation waves

An original data analysis comparing AI exposure against robotics automation risk for Japan's 70.5 million workers, using ILO occupation classifications and a task-based AI exposure model. The author argues that examining AI exposure alone misses roughly half the picture, as AI and robotics risks follow distinct patterns across occupations, suggesting two separate automation waves rather than a single shift.

Only 16 percent of Americans think AI will have a positive impact on society, a new study shows | TechCrunch

A Pew Research study reports that only 16% of Americans believe AI will have a positive effect on society, highlighting a significant gap between the technology's economic dominance and public perception. The finding matters for practitioners because widespread skepticism may shape regulation, adoption, and investment decisions. TechCrunch's coverage emphasizes that despite a hot AI-driven IPO market, most Americans remain pessimistic about long-term societal impact.

RNNs vs Transformers vs SSMs: where should AI memory live for continual learning?

A community discussion reframes the comparison between RNNs, Transformers, and state-space models around where memory physically resides during continual learning rather than along the usual recurrence-versus-attention axis. RNNs store memory in a compact recurrent hidden state, Transformers accumulate a growing KV cache, and the post explores whether memory could instead live closer to the network itself. The framing matters because memory placement constrains how models le…

How to Tell a Good Speech Dataset for AI From a Bad One

An article discussing criteria for distinguishing high-quality speech datasets from poor ones for AI training. It covers evaluating model capability, data requirements, cost considerations, and operational limitations that practitioners should assess when selecting speech data. The post appeared in the r/artificial community as a community-sourced signal, though the linked page did not load substantive content beyond a verification notice.

Why did Google AI forget? Explain this phenomenon please

A Reddit r/artificial thread reports that Google AI's memory feature, which lets users ask the assistant to remember details across conversations for later follow-up, appeared to lose previously stored information mid-session. The poster found the assistant forgot a personal detail it had been told to retain, only recalling it after being reminded. The discussion explores why this happens, including possible session, context-window, or sync limitations.

I found 10k GitHub repositories distributing Trojan malware

• ▲ 751
• 💬 188

A security research report identifies approximately 10,000 GitHub repositories distributing Trojan malware, a finding now under active community discussion on Hacker News with 751 points and 188 comments. The report highlights a significant supply-chain risk for developers who clone or depend on public repositories without code review. The Hacker News thread serves as community signal rather than verified confirmation of the claims.

To study how chips work, MIT researchers built their own operating system

• ▲ 136
• 💬 12

MIT researchers developed "Fractal," a custom operating system kernel designed to give visibility into how computer chips work internally. They used Fractal to study the branch predictors inside Apple's M1 processor, where the system revealed a potential vulnerability to major speculative execution attacks. The work gives researchers a new tool for low-level hardware security analysis and microarchitectural investigation.

Verification: community signal; use the linked source as context, not final confirmation.

I Gave Claude Code the Keys. So Did a Worm.

• ♥ 1

Three vulnerabilities from the last few months, three different layers of the AI-coding-agent stack,… Context: Dev.to – DevOps.

Verification: community signal; use the linked source as context, not final confirmation.

CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability

CVE-2026-20253 is a missing authentication vulnerability affecting a critical function in Splunk Enterprise, and it has been confirmed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation. No specific affected versions, exploitation details, or mitigation steps are available from the provided context. The NVD entry page was fetched but yielded only generic government website notices rather than technical details.

CVE-2026-48907: Widget Factory Joomla Content Editor Improper Access Control Vulnerability

CVE-2026-48907 is an improper access control vulnerability affecting the Widget Factory Joomla Content Editor, and it has been confirmed in the CISA Known Exploited Vulnerabilities catalog, indicating active exploitation. No specific details on affected versions, CVSS score, or concrete exploitation methods are available from the provided context. Administrators should consult the primary NVD advisory and vendor guidance for mitigation steps.

CVE-2026-54420: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

CVE-2026-54420 is a UNIX symbolic link following vulnerability affecting the LiteSpeed cPanel Plugin, currently listed in CISA's Known Exploited Vulnerabilities catalog. Symlink-following flaws can allow an attacker to traverse or access files outside intended directories by following crafted symbolic links. Specific affected versions, exploitation details, and patch guidance are not available from the fetched NVD page, so the primary advisory should be consulted directly.

Verification: cisa kev confirmed.

Who Here Has Worked with Legacy? The Longer You Wait, the Worse It Gets

• ♥ 59
• 💬 27

I promised myself that starting this week I'd switch to lighter topics. But on Monday, my JSNation… Context: Dev.to – Javascript.

CS 6120: Advanced Compilers: The Self-Guided Online Course (2020)

• ▲ 352
• 💬 50

CS 6120 is Adrian Sampson's PhD-level Cornell course on programming language implementation, offered as a free self-guided online resource. The curriculum spans foundational compiler topics including intermediate representations, data-flow analysis, and classic optimizations, alongside research-oriented material on parallelization, just-in-time compilation, and garbage collection. An active Hacker News discussion with 352 points and 50 comments signals sustained practitioner…

We Added React Doctor to Our UI Kit Monorepo. Here's What It Found.

• ♥ 13

Maintaining a component library means living with a specific kind of anxiety. Not the obvious bugs —… Context: Dev.to – React.

Many Let's Encrypt renewals had errors today

• ▲ 119
• 💬 69

Let's Encrypt, the free certificate authority used by millions of websites, is experiencing an active incident causing errors with certificate renewals. The status page reports API degraded performance, indicating that automated renewal workflows relying on the ACME API may be failing. The issue is significant for operators who depend on uninterrupted HTTPS certificate rotation and need to monitor expiry windows closely.

Codewars did not teach me JavaScript. My job did.

• ♥ 4
• 💬 4

Why your brain learns faster by doing than by studying, and the neuroscience that explains… Context: Dev.to – Career.

Started maintaining a small library at work and now I genuinely understand why maintainers go quiet

A developer recounts becoming maintainer of a small internal utility they open-sourced roughly a year ago, expecting minimal adoption but accumulating a few hundred stars. The post describes how incoming issues revealed an unexpected maintenance burden, explaining why open-source maintainers often go quiet under sustained pressure from feature requests, bug reports, and user expectations that exceed available time.

Mastodon 4.6

Mastodon 4.6 is a major release of the open-source decentralized social media platform, introducing Collections as its headline feature for creating and sharing curated lists of profiles. The update also reworks profile pages and editing, adds institutional account features, and addresses numerous accessibility issues following months of development and user feedback testing.

The design of littlefs

littlefs is a fail-safe filesystem written in C and designed specifically for microcontrollers, where storage is limited and power loss is common. Its core design goal is power-loss resilience, ensuring data integrity even during random power failures. The project's DESIGN.md document walks through the engineering trade-offs and internal architecture behind these guarantees. The repository is BSD-3-Clause licensed and has 6,720 stars.

offset_of! slices

A blog post exploring techniques for computing the memory offset of slice fields within Rust structs, a task complicated by the indirection that slices introduce. The built-in offset_of! macro handles straightforward struct fields at compile time, but slice members require a workaround. The author describes a hacky approach to bridge this gap, motivated partly by use cases such as JIT-compiled scripting languages in Rust.

Plane: open-source project management alternative to Jira and Linear

makeplane/plane

• ★ 51.9k
• ⮂ 4,609

Plane is an open-source project management platform positioned as an alternative to Jira, Linear, Monday, and ClickUp. It lets teams track issues, run sprint cycles, manage product roadmaps, and handle triage and docs. Written in TypeScript with a Django backend, it is Docker-deployable and licensed under AGPL-3.0, with 51,924 stars and 4,609 forks on GitHub.

nautilus_trader: Rust-native algorithmic trading engine

nautechsystems/nautilus_trader

• ★ 24k
• ⮂ 3,031

Nautilus_trader is an open-source algorithmic trading platform written in Rust with Python bindings, designed for backtesting and live trading across crypto, equity, forex, and futures markets. Its deterministic event-driven architecture aims to produce identical results between backtests and live deployment. The repository holds 23,997 stars and 3,031 forks, is licensed under LGPL-3.0, and supports Linux, macOS, and Windows.

Cell-based architecture for resilient payment systems

• ▲ 117
• 💬 46

An American Express engineering article describes how the company uses cell-based architecture to achieve resilient, low-latency payment processing at global scale. The approach isolates payment system components into independent cells, limiting blast radius during failures and enabling horizontal scalability. The discussion drew 117 points and 46 comments on Hacker News, reflecting practitioner interest in practical distributed systems design for financial infrastructure.

Write your error states for a stranger three months from now, not for yourself today

• ♥ 2

Most error messages are written for the wrong reader. They're written for the person who's watching… Context: Dev.to – DevOps.

Tabstack Dev Tools

Tabstack is a web data and automation API that delivers reliable structured output. Pass a URL and a schema, get back JSON that matches every time. Run research in one call and get cited answers back. Automate browsers without running infrastructure. The intelligence is built into every API call. No scraper to build,… Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

The Future of the Con Is Already Here, It's Just Not Evenly Distributed

This is a blog essay linked from Lobste.rs that examines how scam operations function as distributed, industrialized ecosystems rather than isolated individual acts. The author argues that the infrastructure, labor, and techniques of cons are already widespread but unevenly concentrated across different regions and populations, drawing parallels to how technology adoption itself is unevenly distributed across society.

Is It Time for a New Embedded Linux Build System?

A practitioner essay from the Yoe Build project arguing that embedded Linux development has outgrown traditional cross-compilation workflows because edge devices increasingly behave like cloud systems. The author contends that a growing class of small teams needs a build system specifically shaped for that operational reality, though the page snippet does not detail the proposed system's implementation or benchmarks.

Honestly

Honestly is a social listening platform that aggregates and verifies brand-related conversations across TikTok, YouTube, Instagram, Reddit, and X. It analyzes posts relevant to a company's product, attempts to confirm which videos, comments, and transcripts are authentic, and surfaces actionable insights from the collected data. The tool targets marketing and product teams seeking real consumer feedback from social platforms.

Tiles: Map Your Adventures

Tiles turns Apple Health workouts, GPX, FIT, CSV, and photos into one local-first private exploration map. See everywhere your walks, runs, hikes, rides, and trips have taken you, spot the gaps you have not explored yet, and share milestones without creating an account. Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

Retool

The first enterprise AppGen platform that turns natural language into production-ready internal apps—built on your live data and deployed in your environment. Secure from day one. Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

Tine

Tine is a second cursor for your Mac that lives in the notch. Unlike chatbots boxed in a window, it sees your actual screen the active app, your selection, your last move so there's nothing to re-paste. Say the word and it drives the cursor across every app: posts to Slack, writes the note, runs the research, fills th… Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

DeskArcade

A native macOS menu-bar app that drops a transparent arcade of ten micro-games over your real desktop. Press ⌘⌥B, play for 90 seconds, press it againit's gone. Free, notarised, doesn't touch your real apps. Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

LayerProof Bristol

Bristol turns your materials into interactive, agentic reports. Just drop files or data, shape the report by chatting, publish a live web page in one click. Built for agencies, freelancers, and consultants who want their reports actually read. Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

InstantDelay

Streamers shouldn’t have to restart their stream just to change delay. InstantDelay lets OBS & Streamlabs streamers: Add, Remove, or Adjust stream delay while already live. Built for competitive streamers, tournaments, subathons, and multi-streaming, with Instant Mode, Overlay Mode, custom overlays, hotkeys, and Strea… Worth checking for pricing vs value, integrations, data ownership, and workflow fit.

Congrats to the Gemma 4 Challenge Winners!

• ♥ 48
• 💬 20

We are so excited to announce the winners of the Gemma 4 Challenge! This is officially our most…

Ubiquiti: Enterprise NAS, Built on ZFS

• ▲ 315
• 💬 271

Ubiquiti's ENAS is a new enterprise network-attached storage platform built natively on ZFS, designed to eliminate costly licensing and proprietary hardware. It offers secure UniFi management, scalable petabyte-class capacity, multi-site backups, and shared iSCSI storage. The Hacker News discussion drew 315 points and 271 comments, reflecting strong practitioner interest in license-free enterprise storage alternatives.

Hospitals and universities repurposing drugs at lower cost

• ▲ 302
• 💬 132

A King's College London news piece reports that universities and hospitals are conducting late-stage clinical trials to repurpose existing drugs at funded costs up to 90% lower than typical pharmaceutical industry trials. The approach leverages medications already approved for other conditions, reducing development expense and accelerating access to cheaper treatments. The Hacker News discussion drew 302 points and 132 comments, reflecting practitioner interest in cost-savin…

r4b1t_h0l3

• ♥ 11
• 💬 2

→ Try it: gnomeman4201.github.io/r4b1t It's a curated random link generator for security and OSINT… Context: Dev.to – Web Dev.

Anthropic CEO Dario Amodei goes completely candid on why he left OpenAI: "When you feel that you can't trust someone when you see disturbing patterns of behavior, dishonesty, that…

This is a community discussion on Reddit's r/artificial about Anthropic CEO Dario Amodei's explanation of why he left OpenAI. Amodei states he observed "disturbing patterns of behavior" and "dishonesty" that created a fundamental breakdown of trust, making it impossible for him to remain at the organization. The post links to a candid interview where Amodei discusses these issues openly, and the item is flagged as awaiting verification.

What are your Favorite Lobste.rs Comments?

A discussion thread on the Lobste.rs community forum where members share and surface notable comments from the site's history. Posted in the "ask programming" category, it invites practitioners to highlight insightful or useful remarks buried in older discussions. The thread has attracted 11 comments since being posted 13 hours ago, serving as a way to rediscover accumulated community knowledge.

Google workspace threatening to block firefox access

A blog post on Tales from Prod reports that Google Workspace is warning it may block Firefox browser access to its services. The article, dated 2026-06-18, describes a situation where users accessing Google Workspace products through Firefox face threats of restricted or denied entry. This matters to engineering teams that standardise on Firefox or support multi-browser policies, as it could disrupt workflows tied to Google's productivity and collaboration tools.

What was nice about the UI of Windows 2000

A blog post reflecting on the design qualities of Windows-era user interfaces from version 3.0 through 2000, using Windows 2000 as the primary example because it runs well in QEMU/KVM for easy screenshot capture. The author examines specific UI elements that made these interfaces pleasant to use, offering observations relevant to practitioners interested in interface design history and principles.

Vim Creator Bram Moolenaar's Forgotten Programming Language, Zimbu (2023)

Zimbu is a programming language designed by Bram Moolenaar, the creator of Vim, who passed away at age 62. The language remained a personal project known to relatively few people outside his core community. The article revisits Zimbu in the context of Moolenaar's broader legacy, examining a side of his engineering work that received far less attention than his iconic editor.

The Hidden Elegance of Gradient Noise

This is a technical blog post explaining how gradient noise algorithms work for generating procedural textures and visual effects. Written by Dmitri, the article walks through the mathematics and implementation of gradient noise to render scenes such as dark teal water lit from below with thousands of particles. It is aimed at developers interested in the underlying mechanics of procedural graphics generation.