frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

The age of the Universe from a large sample of the oldest Galactic stars

https://arxiv.org/abs/2607.00764
1•root-parent•1m ago•0 comments

Brightspeed's Fiber Asset Bet Meets $11B Debt Test

https://www.wsj.com/pro/bankruptcy/brightspeeds-fiber-asset-bet-meets-11-billion-debt-test-33fe5260
1•petethomas•1m ago•0 comments

Running Gemma 4 26B at 5 tokens/SEC on a 13-year-old Xeon with no GPU

https://www.neomindlabs.com/2026/06/08/running-gemma-4-26b-at-5-tokens-sec-on-a-13-year-old-xeon-...
3•neomindryan•4m ago•0 comments

Android Phone Maker OnePlus to Cease Operations in US and Europe

https://www.bloomberg.com/news/articles/2026-07-15/oneplus-once-popular-with-tech-fans-to-pull-ou...
2•LaSombra•5m ago•0 comments

Ownership

https://registerspill.thorstenball.com/p/ownership
1•surprisetalk•5m ago•0 comments

Apply Claude Code on Screenwriting

https://untitled.movie
1•Meyborg•5m ago•1 comments

You have a strong password. Here's why your online accounts are still at risk

https://www.androidauthority.com/strong-password-not-enough-online-security-why-3686495/
1•Brajeshwar•8m ago•0 comments

Show HN: Zoable game. Solve it cheaply

https://zoable-game.com/?s=WDgdSiHyV67W_yEQTpWNUKB7HZF1xHI
1•damaru2•9m ago•0 comments

The Release of Crvja v2

https://blog.ptidej.net/the-release-of-crvja-v2/
1•sikandarejaz•9m ago•1 comments

Lobste.rs is now running on SQLite

https://lobste.rs/s/ko1ji1/lobste_rs_is_now_running_on_sqlite
2•ksec•11m ago•1 comments

George Lucas likens AI sceptics to luddites clinging to horses and carts

https://www.theguardian.com/film/2026/jul/15/george-lucas-likens-ai-sceptics-to-luddites-clinging...
3•bookofjoe•12m ago•0 comments

SendLang: A DSL for Email Automation

https://www.sendlang.com
4•ksajadi•14m ago•0 comments

Tools vs. Resources vs. Prompts: the MCP primitive you're misusing

https://prashamhtrivedi.in/mcp-primitive-youre-misusing/
1•speckx•18m ago•0 comments

AIs, a private notebook you search by your own tags

https://github.com/Anode1/ais
1•siberean•19m ago•0 comments

MentalHappy – a support group marketplace rebuilt by a solo founder using AI

https://www.mentalhappy.com/
1•MentalHappyInc•19m ago•0 comments

Generative AI Is an Engineering Disaster

https://www.theatlantic.com/technology/2026/07/generative-ai-engineering-disaster/687901/
3•poisonfountain•19m ago•1 comments

DEA to Temporarily Schedule 7-Oh and Related Substances to Protect Public Safety

https://www.dea.gov/press-releases/2026/07/01/dea-temporarily-schedule-7-oh-and-related-substance...
2•gnabgib•20m ago•0 comments

Valve Silently Discontinues Steam Deck LCD Spares at iFixit

https://www.techpowerup.com/350758/valve-silently-discontinues-steam-deck-lcd-spares-at-ifixit
4•nosecreek•21m ago•0 comments

I tested 11 AI detectors on my pre-ChatGPT writing and I'm as little as 5% human

https://originalseparation.substack.com/p/i-have-been-95-robotic-since-2019
4•BetterHalfAI•21m ago•0 comments

InviZible Pro – Android application for online privacy and security

https://github.com/Gedsh/InviZible
1•aniviacat•22m ago•1 comments

Museum of the Human Web

https://museum.parallel.ai/introduction?era=modern
1•ohjeez•22m ago•0 comments

OpenAI's first hardware device is reportedly a screenless speaker that can move

https://techcrunch.com/2026/07/14/openais-first-hardware-device-is-reportedly-a-screenless-speake...
1•Brajeshwar•22m ago•1 comments

Russ Tedrake launches Walden Robotics [video]

https://www.youtube.com/watch?v=fewvZrckA5c
1•raptortech•23m ago•0 comments

I built an app that checks if you're paying attention in boring meetings

https://play.google.com/store/apps/details?id=com.pelumi.focuspulse&hl=en_US
1•CatalystPz•24m ago•1 comments

Stanch – Dead man's switch that stops the bleeding when no one answers

https://github.com/getstanch/stanch
1•mboo2•26m ago•0 comments

Agent runtime reduces LLM turns by 80% with a higher success rate in DeepSWE

https://github.com/Tura-AI/tura
1•yohji1984•27m ago•1 comments

After Xbox layoffs, idSoftware says worker-owned studios "the only path forward"

https://www.gamesradar.com/games/after-incomprehensible-xbox-layoffs-id-software-producer-says-wo...
5•robtherobber•28m ago•0 comments

Florida student's historic 11.99 GPA triggers district policy overhaul

https://nypost.com/2026/07/14/us-news/florida-students-historic-11-99-gpa-triggers-district-polic...
1•nradov•29m ago•0 comments

The American E.V. Has Been Crushed. Will It Take the U.S. Auto Industry with It?

https://www.nytimes.com/2026/07/15/magazine/electric-cars-american-evs.html
2•ilamont•33m ago•0 comments

Federal Court Suspends Trump Immigration Policy Targeting Technology Researchers

https://knightcolumbia.org/content/federal-court-suspends-trump-immigration-policy-targeting-tech...
3•hn_acker•33m ago•0 comments
Open in hackernews

Why Intel Deprecated SGX?

https://hardenedvault.net/blog/2022-01-15-sgx-deprecated/
22•ricecat•1y ago

Comments

walterbell•1y ago
SGX may be a record holder for exploits, https://hn.algolia.com/?query=sgx
sublimefire•1y ago
Most of them require physical access so it is not the same as some log4j vuln.
walterbell•1y ago
Per article, physical access is within SGX threat model.
anonymousDan•1y ago
About 2 of those are actual exploits?
walterbell•1y ago
For some definition of 2?

  Intel SGX Fuse Key0, a.k.a. Root Provisioning Key Extracted by Researchers
  Plundervolt: Software-Based Fault Injection Attacks Against Intel SGX 
  SGX-Bomb: Locking Down the Processor via Rowhammer Attack
  Foreshadow: Extracting the Keys to the Intel SGX Kingdom
  ÆPIC Leak: SGX, Intel’s data fortress, has been breached yet again
  Intel SGX defeated yet again–this time thanks to on-chip power meter
  SGAxe and Crosstalk: Plundering of crypto keys from ultrasecure SGX 
  Spectre Attack on SGX PoC
anonymousDan•1y ago
Thanks - many of those didn't show up on your original link.
anonymousDan•1y ago
Pretty incoherent article. Not sure what point they are trying to make about the threat model of SGX. SGX was/is a groundbreaking attempt to solve a very difficult problem IMO. TEEs are still an active area of research that has benefited massively from the availability of an actual implementation in mainstream processors. And most other CPU manufacturers are also offering their own flavour of TEE, many of which have learned lessons from SGX.
AstralStorm•1y ago
The point about the threat model of SGX is that insulating an enclave with it does nothing to protect the code actually handling the data from the enclave. It really does not even protect against firmware side attacks. For that, TPM attestation is just as good.

At some point, somewhere, data processed by the SGX enclave has to pass through the usual VTd or such. Unless SGX enclave is used to feed data directly into hardware, in which case the weak point is the firmware and bus instead.

If it ensured no side channel attacks, it would be useful for some operations. But it does not therefore it isn't.

iforgotpassword•1y ago
It was touted as making cloud computing secure. How anyone could actually believe this is beyond me. The cloud provider has physical access to the host machine. For all I know it could all be smokes and mirrors, emulated on a C64, while all my data is getting exfiltrated. The only people who ever bought into this is cryptobro crackheads and government contractors doing it for compliance bullshit. Up to 0% of cloud customers went as far as to even try to verify the thing does what it says it does.

Case in point: TeleMessage. Supposedly E2E-Encrypted message archival turns out to be a plain text database on some servers. Surprised Pikachu face.

sublimefire•1y ago
This is some tinfoilhat stuff. An extreme suggestion that a cloud provider would physically open up machines and exfiltrate the keys so that they could then read the memory of a customer workload, for what reason? Remember that hardware is virtualised and makes it difficult to pin point which server is running what. Not using such tech makes it easier for the cloud provider to inspect memory so that is not a better approach.
underdeserver•1y ago
Should be (2022).
everfrustrated•1y ago
Headline is missing important context:

Intel is keeping SGX on servers and no longer offering it on non-server chips like workstations and laptops.

noname120•1y ago
From Wikipedia[1]:

> A pivot by Intel in 2021 resulted in the deprecation of SGX from the 11th and 12th generation Intel Core processors, but development continues on Intel Xeon for cloud and enterprise use.

[1] https://en.wikipedia.org/wiki/Software_Guard_Extensions#cite...

bjackman•1y ago
This never made any sense to me for consumers.

Enclaves and confidential compute are about the owner of the physical device giving up power and handing it to a remote entity.

In the case of SGX on consumer hardware that usually meant consumers giving up power to Netflix or whoever via DRM bullshit.

On the other hand, TDX on server devices is mostly about cloud providers giving up power to their users. This is a fundamentally better use case for TEEs. So overall this makes sense to me.

Kinda annoying that this stuff is so complicated that they have to leave it out of cheaper parts but that also makes sense, this must be incredibly invasive stuff that increases the cost in so many areas.

lostmsu•1y ago
It could have been used for a distributed cloud over consumer hardware.
bjackman•1y ago
That would be a neat usecase but it's not a slam dunk.

TEEs in theory eliminate the need for the user to trust the owner of the hardware. But for a cloud you need to eliminate the other direction too.

Cloud companies achieve this by... Spending a LOT of money on it. And the technical project of doing that is easier, because they control the whole host stack. I'm not sure it's technically feasible to achieve that in an environment where the host also needs to also support stuff like running Steam!

But still, maybe if you constrained the requirements enough it could be possible, it would have been a really cool thing to try!

bananapub•1y ago
because it kept getting owned, then fixed, then owned again
2bluesc•1y ago
> Chipworks offers $50-250k to fully extract the eFUSE of one Intel i5 processor, so the eFUSE content is encrypted by a master key (called “global wrapping logic key” in the patent).

I wonder how readily things like this are known within the HW security community?

rstuart4133•1y ago
Warning: the article is full of acronyms. Despite having section titles like "SGX Basics" unless you are familiar with terms like EPID, e-Fuse, iclsClient and many more, you aren't going to get much from it beyond "Intel dropped SGX for non-server CPU's in 2022".
iforgotpassword•1y ago
If you argue that you can trust the cloud provider not to be malicious, you also just argued that you don't need SGX at all. No tinfoil hat required.

And yes, not using that tech is not a better approach then, but not worse either. But better in the way that Intel doesn't need to build convoluted shit into their cpus that might actually worsen security through exploits.

mike_hearn•1y ago
SGX is very useful. Source: I built a product that made it easier to use and we explored a lot of use cases as part of that.

Firstly yes SGX is designed to block firmware attacks. That's a part of the threat model indeed.

Secondly, you can't feed data from SGX enclaves directly to hardware devices. It's encrypted data in, encrypted data out. Of course, data must pass through the untrusted host OS and hypervisor, but that is no problem, it's how it's designed to work. That's why the clients of the enclave handshake with it using remote attestation.

You can block side channel attacks with SGX if you are careful. The enclave transitions do clear uarch state in the ways needed, the rest is app-level stuff (but it has to be).

I used to see a lot of confusion about stuff like SGX because some people don't realize it's only intended to be used with remote attestation. If you don't have a smart client that's remotely attesting the enclave over a network, it isn't going to get you anything. That requires changes to app architectures.