frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Trump Vodka Becomes Available for Pre-Orders

https://www.forbes.com/sites/kirkogunrinde/2025/12/01/trump-vodka-becomes-available-for-pre-order...
1•stopbulying•1m ago•0 comments

Velocity of Money

https://en.wikipedia.org/wiki/Velocity_of_money
1•gurjeet•4m ago•0 comments

Stop building automations. Start running your business

https://www.fluxtopus.com/automate-your-business
1•valboa•8m ago•1 comments

You can't QA your way to the frontier

https://www.scorecard.io/blog/you-cant-qa-your-way-to-the-frontier
1•gk1•9m ago•0 comments

Show HN: PalettePoint – AI color palette generator from text or images

https://palettepoint.com
1•latentio•10m ago•0 comments

Robust and Interactable World Models in Computer Vision [video]

https://www.youtube.com/watch?v=9B4kkaGOozA
1•Anon84•14m ago•0 comments

Nestlé couldn't crack Japan's coffee market.Then they hired a child psychologist

https://twitter.com/BigBrainMkting/status/2019792335509541220
1•rmason•15m ago•0 comments

Notes for February 2-7

https://taoofmac.com/space/notes/2026/02/07/2000
2•rcarmo•16m ago•0 comments

Study confirms experience beats youthful enthusiasm

https://www.theregister.com/2026/02/07/boomers_vs_zoomers_workplace/
2•Willingham•23m ago•0 comments

The Big Hunger by Walter J Miller, Jr. (1952)

https://lauriepenny.substack.com/p/the-big-hunger
2•shervinafshar•25m ago•0 comments

The Genus Amanita

https://www.mushroomexpert.com/amanita.html
1•rolph•29m ago•0 comments

We have broken SHA-1 in practice

https://shattered.io/
9•mooreds•30m ago•2 comments

Ask HN: Was my first management job bad, or is this what management is like?

1•Buttons840•31m ago•0 comments

Ask HN: How to Reduce Time Spent Crimping?

2•pinkmuffinere•32m ago•0 comments

KV Cache Transform Coding for Compact Storage in LLM Inference

https://arxiv.org/abs/2511.01815
1•walterbell•37m ago•0 comments

A quantitative, multimodal wearable bioelectronic device for stress assessment

https://www.nature.com/articles/s41467-025-67747-9
1•PaulHoule•39m ago•0 comments

Why Big Tech Is Throwing Cash into India in Quest for AI Supremacy

https://www.wsj.com/world/india/why-big-tech-is-throwing-cash-into-india-in-quest-for-ai-supremac...
1•saikatsg•39m ago•0 comments

How to shoot yourself in the foot – 2026 edition

https://github.com/aweussom/HowToShootYourselfInTheFoot
1•aweussom•39m ago•0 comments

Eight More Months of Agents

https://crawshaw.io/blog/eight-more-months-of-agents
4•archb•41m ago•0 comments

From Human Thought to Machine Coordination

https://www.psychologytoday.com/us/blog/the-digital-self/202602/from-human-thought-to-machine-coo...
1•walterbell•42m ago•0 comments

The new X API pricing must be a joke

https://developer.x.com/
1•danver0•43m ago•0 comments

Show HN: RMA Dashboard fast SAST results for monorepos (SARIF and triage)

https://rma-dashboard.bukhari-kibuka7.workers.dev/
1•bumahkib7•43m ago•0 comments

Show HN: Source code graphRAG for Java/Kotlin development based on jQAssistant

https://github.com/2015xli/jqassistant-graph-rag
1•artigent•48m ago•0 comments

Python Only Has One Real Competitor

https://mccue.dev/pages/2-6-26-python-competitor
4•dragandj•49m ago•0 comments

Tmux to Zellij (and Back)

https://www.mauriciopoppe.com/notes/tmux-to-zellij/
1•maurizzzio•50m ago•1 comments

Ask HN: How are you using specialized agents to accelerate your work?

1•otterley•52m ago•0 comments

Passing user_id through 6 services? OTel Baggage fixes this

https://signoz.io/blog/otel-baggage/
1•pranay01•52m ago•0 comments

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

https://davmail.sourceforge.net/
1•todsacerdoti•53m ago•0 comments

Visual data modelling in the browser (open source)

https://github.com/sqlmodel/sqlmodel
1•Sean766•55m ago•0 comments

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

https://github.com/chinonsochikelue/tharos
1•fluantix•56m ago•0 comments
Open in hackernews

Ask HN: Why isn't HTTPS enough to protect your site?

1•01-_-•9mo ago

Comments

jsheard•9mo ago
Huh? You're gonna have to elaborate a bit.
01-_-•9mo ago
why do we have to sanitize the input fields? why do we have to configure more headers? why even if we have https configured do we still have to add many other security elements?
jsheard•9mo ago
Because the point of HTTPS is to prevent man in the middle attacks. It isn't supposed to do everything.
codingdave•9mo ago
Take a step back and think about what security is in the first place - it is reducing the risk of people engaging in behaviors that you do not want. The list of those behaviors is not consistent between apps, although there is a large base of common concerns. HTTPS resolves one of those common concerns. No more, no less. Expecting one solution to all concerns is not a reasonable expectation.
zahlman•9mo ago
The first lesson in cybersecurity (and I would imagine in real physical security as well) is that "protect your [asset]" is not well defined in a vacuum. You need to develop a threat model before you can sanely ask any questions about what actions you do or don't need to take.

HTTPS protects against one specific scenario: a third party is intercepting the communication. So it protects your users against those third parties (who might never forward the request to your site, and instead pretend to be your site; or they might spy on what they say to you or what you say back to them).

It does not protect against malicious users trying to hack your site directly, in any number of ways. Nor does it protect against people trying to hack into your server directly (bypassing the site entirely, although they might have the purpose of damaging your site). And it definitely doesn't protect against people trying to trick your users off-site, for example by sending them an email pretending to be from you.