frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Why Apple still lets malformed media files reach decoders – and how to stop it

2•jamweba•4h ago
Proposed: a memory-safe, pre-decoder validator layer for media inputs (MP4, MOV, etc) that Apple could deploy without changing existing decoders.

Eliminates a class of zero-click exploits. No format breakage. No patching.

https://jam2we5b3a.medium.com/this-is-the-future-apple-should-already-be-shipping-054c69d78e50

Comments

jamweba•4h ago
Most media decoders still process unvalidated files — which keeps zero-click attack surfaces wide open.

This write-up outlines a minimal architectural fix: a structural validator that intercepts files before decoding begins.

    It needs no decoder rewrites

    It's format-agnostic (MP4, MOV, PNG, etc.)

    It works with existing delivery paths (AirDrop, Mail, Safari)

    And it could be deployed today
Curious what others think: Why hasn’t this already been adopted? Would Apple (or anyone) ship it?

Skills Rot at Machine Speed? AI Is Changing How Developers Learn and Think

https://www.forbes.com/councils/forbestechcouncil/2025/04/28/skills-rot-at-machine-speed-ai-is-changing-how-developers-learn-and-think/
1•thunderbong•29s ago•0 comments

Chat with an Uncensored LLM

https://speaksy.chat/yc
1•husky8•37s ago•1 comments

Bill Gates: rich countries 'owe it to the world' to get to net zero emissions

https://www.cnbc.com/2025/05/05/bill-gates-rich-countries-owe-it-to-the-world-to-achieve-net-zero.html
1•rntn•48s ago•0 comments

Show HN: I forget things when I date people, so I built a local AI memory stuff

https://github.com/niranjanorkat/eros
1•theniru•51s ago•0 comments

Spy vs. spy: Researchers work to secure messaging

https://techxplore.com/news/2025-05-spy-messaging.html
1•mdp2021•1m ago•0 comments

Show HN: OneUptime: Open-Source Incident.io Alternative

1•ndhandala•2m ago•0 comments

(ab?)using Node module hooks to speed up development

https://immaculata.dev/blog/hacking-nodejs-modules.html
1•sbjs•3m ago•0 comments

Show HN: I got ChatGPT (o4-mini) to break its own rules

https://anirudhkamath.substack.com/p/i-got-chatgpt-o4-mini-to-break-its
1•hackgician•3m ago•1 comments

Engineered extracellular vesicles facilitate delivery of advanced medicines

https://phys.org/news/2025-04-extracellular-vesicles-delivery-advanced-medicines.html
1•PaulHoule•4m ago•0 comments

Show HN: DistilKitPlus, a distillation framework between any LLMs

https://github.com/agokrani/distillKitPlus
2•ayushnangia16•4m ago•0 comments

Show HN: A free Chrome extension to see how much things cost in terms of time

https://github.com/virgildotcodes/lifeprice_extension
1•virgildotcodes•5m ago•0 comments

V8 JavaScript engine gets eager compilation hints, but will devs use sparingly

https://devclass.com/2025/05/02/v8-javascript-engine-gets-eager-compilation-hints-but-will-devs-use-sparingly-as-advised/
1•todsacerdoti•6m ago•0 comments

Kilo Code 4.20.0 Adds Cline's /Newtask Command for Context Preservation

https://blog.kilocode.ai/p/kilo-code-4200-released
1•boleary-gl•7m ago•0 comments

How will European consumers react to US tariffs?

https://www.ecb.europa.eu/press/blog/date/2025/html/ecb.blog20250430~a1b1668cda.en.html
1•JumpCrisscross•7m ago•1 comments

Tuning Canabalt (2010)

https://www.gamedeveloper.com/design/tuning-canabalt
1•Tomte•8m ago•0 comments

Train vs. Airplane Energy Efficiency (2010)

https://web.archive.org/web/20120504031238/http://www.lafn.org/~dave/trans/energy/rail_vs_airEE.html
1•Tomte•8m ago•0 comments

Ask HN: Given a sufficiently complex argument, people deduce anything they like

1•ricardo81•10m ago•0 comments

Quake's unseen collision hulls [video]

https://www.youtube.com/watch?v=3KjMjHJ3WQg
2•kipi•14m ago•0 comments

FastAPI Cloud: deploying FastAPI apps with just a single command

https://fastapicloud.com/blog/fastapi-cloud-by-the-same-team-behind-fastapi
8•kranthigv•16m ago•0 comments

A company wanted to make an AI clone of me. Here's what I said

https://jaredhenderson.substack.com/p/a-company-wanted-to-make-an-ai-clone
1•dakrone•16m ago•0 comments

End to End Encrypted Messaging in the News: An Editorial Usability Case Study

https://articles.59.ca/doku.php?id=em:sg
1•upofadown•17m ago•0 comments

Curl has banned the use of AI-generated submissions via HackerOne

https://mastodon.social/@LukaszOlejnik/114454277500230445
3•upofadown•18m ago•0 comments

CNCF and Synadia Reach an Agreement on NATS

https://thenewstack.io/cncf-and-synadia-reach-an-agreement-on-nats/
1•CrankyBear•19m ago•0 comments

Ask HN: Why AI code generators are rising?

1•_vicky_•21m ago•0 comments

How to Not Get Poisoned in America

https://buttondown.com/theswordandthesandwich/archive/how-to-not-get-poisoned-in-america/
2•leotravis10•22m ago•0 comments

Show HN: Klavis AI – Open-source MCP integration for AI applications

https://www.klavis.ai/
2•wirehack•23m ago•1 comments

AIOnPulse: AI News Aggregator

https://aionpulse.com/
6•go3721•25m ago•0 comments

Implementing a Struct of Arrays

https://brevzin.github.io/c++/2025/05/02/soa/
1•legobmw99•25m ago•1 comments

My Miserable Week in the 'Happiest Country on Earth'

https://www.nytimes.com/2025/05/02/magazine/finland-happiest-country.html
1•skadamat•26m ago•1 comments

Cline Memory Bank

https://docs.cline.bot/improving-your-prompting-skills/cline-memory-bank
1•piterrro•29m ago•0 comments