Kissaki

EYG's type system builds upon a proven mathematical foundation by using row typing.

EYG programs are all independent of the machine they run on. Any interaction with the world outside your program is accomplished via an effect.

Any effect can be intercepted using a handler. This allows the response from the outside world to be replaced.

Other languages have the possiblity of closure serialisation, but EYG's runtime is designed to make them efficient.

Hot code reloading – If you change the code the behaviour will update immediatly if safe.

EYG has a prototyped strongly typed shell environment.

EYG is built to support multiple runtimes. […] In the future EYG will be available in many more places, e.g. arduino, CLI's and IPaaS. EYG makes this easy by having a carefully designed minimal AST.

Code example (from landing page):

let initial = 10
let handle = (state, message) -> !int_add(state, 1)
let render = (count) -> {
  let count = !int_to_string(count)
  !string_append("the total is ", count)
}
{render: render, handle: handle, init: initial}

GitHub Repository, Apache 2.0

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

Recent updates from the Trivy maintainers confirm that this attack was enabled by a compromised credential with write access to the repository. The incident is a continuation of the earlier March breach, during which credentials were exfiltrated from Trivy’s CI environment. Although secrets and tokens were rotated in response, the rotation process was not fully atomic, and the attacker may have retained access to newly issued credentials. This allowed the threat actor to perform authenticated operations, including force-updating tags, without needing to exploit GitHub itself. While the exact credential used in this phase has not been publicly specified, the root cause is now understood to be residual access from the earlier credential compromise.

trivy.dev:

[Trivy –] The All-in-One Security Scanner

Use Trivy to find vulnerabilities (CVE) & misconfigurations (IaC) across code repositories, binary artifacts, container images, and Kubernetes clusters.

Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS. Stolen data is encrypted with AES-256-CBC and a hardcoded RSA-4096 public key before exfiltration. The RSA key and operational patterns are identical to the litellm PyPI compromise, attributing this attack to TeamPCP with high confidence.

No PyPI trusted publisher (OIDC) is configured. Trusted publishers bind PyPI uploads to a specific GitHub repository and workflow, making stolen tokens useless outside that context. Without this protection, anyone with the API token can upload any version from any machine.

The most likely scenario is that the PYPI_TOKEN was obtained through a prior credential harvesting operation.

About Deno:

Deno is an open-source JavaScript runtime for the modern web. Built on web standards with zero-config TypeScript, unmatched security, and a complete built-in toolchain.

Uiua () is a general-purpose array-oriented programming language with a focus on simplicity, beauty, and tacit code.

Uiua lets you write code that is as short as possible while remaining readable, so you can focus on problems rather than ceremony.

The language is not yet stable, as its design space is still being explored. However, it is already quite powerful and fun to use!

Uiua uses special characters for built-in functions that remind you what they do!

⚂ # Random number
⇡8 # Range up to
⇌ 1_2_3_4 # Reverse

cross-posted from: https://programming.dev/post/46403010

Sample with fibonacci:

Commenter maegul writes on the Programming community post:

I tried to go through the tutorial a year or so ago.

I can’t recall when, but there’s a point at which doing something normal/trivial in an imperative language requires all sorts of weirdness in Uiua. But they try to sell it as especially logical while to me they came off as completely in a cult.

It’s this section, IIRC: https://www.uiua.org/tutorial/More%20Argument%20Manipulation#-planet-notation-

When they declare

And there you have it! A readable syntax juggling lots of values without any names!

For

×⊃(+⊙⋅⋅∘|-⊃⋅⋅∘(×⋅⊙⋅∘)) 1 2 3 4

Which, if you can’t tell, is equivalent to

f(a,b,c,x) = (a+x)(bx-c)

With arguments 1, 2, 3, 4.

I wanted to like this, and have always wanted to learn APL or J (clear influences). But I couldn’t take them seriously after that.

The reasons behind this rise of the latency is mainly that systems have become more and more complex and developers often don't know or don't understand each part that can impact the latency.

This website has been made to help developers and consumers better understand the latency issues and how to tackle them.

After working on my weird shooter game for 5 years, I realized I'm never going to be finishing this project. In this video I explain why I've decided to quit my game and what is next.

From the README:

What is KORE?

KORE is a self-hosting programming language that combines the best ideas from multiple paradigms:

Example

// Define a function with effect tracking
fn factorial(n: Int) -> Int with Pure:
    match n:
        0 => 1
        _ => n * factorial(n - 1)

// Actors for concurrency
actor Counter:
    var count: Int = 0

    on Increment(n: Int):
        count = count + n

    on GetCount -> Int:
        return count

fn main():
    let result = factorial(5)
    println("5! = " + str(result))

By streaming CSS updates/appends through an open HTTP connection

Girard's insight was that communities resolve internal conflict through scapegoating: the selection of a victim to bear collective guilt, whose expulsion or destruction restores social cohesion. The scapegoat need not be guilty of the crime attributed to it; it need only be acceptable as a target.

Some dangerous individuals, however, institutionalize such ritualistic practices into what I call Casus Belli Engineering: the use of perceived failure as pretext to replace established systems with one's preferred worldview. The broken feature is the crisis that demands resolution. The foundation becomes the scapegoat, selected not for its actual guilt but for its vulnerability and the convenience of its replacement. And in most cases, this unfolds organically, driven by genuine belief in the narrative.

The danger is not the scapegoating itself; humans will scapegoat. The danger lies in those who have learned to trigger the mechanism strategically, who can reliably convert any failure into an opportunity to destroy what exists and build what they prefer.

The linked article title is “Casus Belli Engineering: The Sacrificial Architecture”, which I didn't find particularly descriptive. I used the second headline, “The Scapegoat Mechanism”. It doesn't include the architecture or strategy aspects, but serves well as a descriptor and entry point in my eyes.