Kissaki

• CorridorKey-Engine on GitHub
• EZ-CorridorKey on GitHub
• CorridorKey-Runtime on GitHub, DaVinci Resolve plugin

Corridor Digital released an open-source greenscreen keyer/extractor, powered by AI, usable on consumer GPUs.

The video covers what happened after their initial release, community and professional responses, interviews with professionals about what can be improved, and finally a practical test/example in Davinci (Video Editor).

The Ergonomic, Safe and Familiar Evolution of C

C3 is a programming language that builds on the syntax and semantics of the C language, with the goal of evolving it while still retaining familiarity for C programmers.

Thanks to full ABI compatibility with C, it's possible to mix C and C3 in the same project with no effort. As a demonstration, vkQuake was compiled with a small portion of the code converted to C3 and compiled with the c3c compiler.

A simple and straightforward module system that doesn't get in the way, with defaults that makes sense.

EYG's type system builds upon a proven mathematical foundation by using row typing.

EYG programs are all independent of the machine they run on. Any interaction with the world outside your program is accomplished via an effect.

Any effect can be intercepted using a handler. This allows the response from the outside world to be replaced.

Other languages have the possiblity of closure serialisation, but EYG's runtime is designed to make them efficient.

Hot code reloading – If you change the code the behaviour will update immediatly if safe.

EYG has a prototyped strongly typed shell environment.

EYG is built to support multiple runtimes. […] In the future EYG will be available in many more places, e.g. arduino, CLI's and IPaaS. EYG makes this easy by having a carefully designed minimal AST.

Code example (from landing page):

let initial = 10
let handle = (state, message) -> !int_add(state, 1)
let render = (count) -> {
  let count = !int_to_string(count)
  !string_append("the total is ", count)
}
{render: render, handle: handle, init: initial}

GitHub Repository, Apache 2.0

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

Recent updates from the Trivy maintainers confirm that this attack was enabled by a compromised credential with write access to the repository. The incident is a continuation of the earlier March breach, during which credentials were exfiltrated from Trivy’s CI environment. Although secrets and tokens were rotated in response, the rotation process was not fully atomic, and the attacker may have retained access to newly issued credentials. This allowed the threat actor to perform authenticated operations, including force-updating tags, without needing to exploit GitHub itself. While the exact credential used in this phase has not been publicly specified, the root cause is now understood to be residual access from the earlier credential compromise.

trivy.dev:

[Trivy –] The All-in-One Security Scanner

Use Trivy to find vulnerabilities (CVE) & misconfigurations (IaC) across code repositories, binary artifacts, container images, and Kubernetes clusters.

Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS. Stolen data is encrypted with AES-256-CBC and a hardcoded RSA-4096 public key before exfiltration. The RSA key and operational patterns are identical to the litellm PyPI compromise, attributing this attack to TeamPCP with high confidence.

No PyPI trusted publisher (OIDC) is configured. Trusted publishers bind PyPI uploads to a specific GitHub repository and workflow, making stolen tokens useless outside that context. Without this protection, anyone with the API token can upload any version from any machine.

The most likely scenario is that the PYPI_TOKEN was obtained through a prior credential harvesting operation.

About Deno:

Deno is an open-source JavaScript runtime for the modern web. Built on web standards with zero-config TypeScript, unmatched security, and a complete built-in toolchain.

Uiua () is a general-purpose array-oriented programming language with a focus on simplicity, beauty, and tacit code.

Uiua lets you write code that is as short as possible while remaining readable, so you can focus on problems rather than ceremony.

The language is not yet stable, as its design space is still being explored. However, it is already quite powerful and fun to use!

Uiua uses special characters for built-in functions that remind you what they do!

⚂ # Random number
⇡8 # Range up to
⇌ 1_2_3_4 # Reverse

cross-posted from: https://programming.dev/post/46403010

Sample with fibonacci:

Commenter maegul writes on the Programming community post:

I tried to go through the tutorial a year or so ago.

I can’t recall when, but there’s a point at which doing something normal/trivial in an imperative language requires all sorts of weirdness in Uiua. But they try to sell it as especially logical while to me they came off as completely in a cult.

It’s this section, IIRC: https://www.uiua.org/tutorial/More%20Argument%20Manipulation#-planet-notation-

When they declare

And there you have it! A readable syntax juggling lots of values without any names!

For

×⊃(+⊙⋅⋅∘|-⊃⋅⋅∘(×⋅⊙⋅∘)) 1 2 3 4

Which, if you can’t tell, is equivalent to

f(a,b,c,x) = (a+x)(bx-c)

With arguments 1, 2, 3, 4.

I wanted to like this, and have always wanted to learn APL or J (clear influences). But I couldn’t take them seriously after that.

The reasons behind this rise of the latency is mainly that systems have become more and more complex and developers often don't know or don't understand each part that can impact the latency.

This website has been made to help developers and consumers better understand the latency issues and how to tackle them.

After working on my weird shooter game for 5 years, I realized I'm never going to be finishing this project. In this video I explain why I've decided to quit my game and what is next.

From the README:

What is KORE?

KORE is a self-hosting programming language that combines the best ideas from multiple paradigms:

Example

// Define a function with effect tracking
fn factorial(n: Int) -> Int with Pure:
    match n:
        0 => 1
        _ => n * factorial(n - 1)

// Actors for concurrency
actor Counter:
    var count: Int = 0

    on Increment(n: Int):
        count = count + n

    on GetCount -> Int:
        return count

fn main():
    let result = factorial(5)
    println("5! = " + str(result))