frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Tech oligarchs are gambling our future on a fantasy

https://www.theguardian.com/commentisfree/2025/may/03/tech-oligarchs-musk
1•doener•4m ago•0 comments

Journal for the Philosophy of Planetary Computation

https://journal.antikythera.org/
1•namenumber•6m ago•0 comments

New concept drastically reduces manufacturing time for aircraft doors

https://techxplore.com/news/2025-04-concept-materials-production-drastically-aircraft.html
1•PaulHoule•7m ago•0 comments

National Hotel Disease (1857)

https://en.wikipedia.org/wiki/National_Hotel_disease
1•quuxplusone•9m ago•0 comments

From Ashes to Innovation: How Personal Tragedy Forged My Entrepreneurial Path

https://www.indiehackers.com/post/from-ashes-to-innovation-how-personal-tragedy-and-global-crisis-forged-my-entrepreneurial-path-0019cbffeb
1•buzzbyjool•10m ago•0 comments

Multiple Security Issues in Screen

https://security.opensuse.org/2025/05/12/screen-security-issues.html
2•_JamesA_•13m ago•0 comments

First white South Africans arrive in US as Trump claims they face discrimination

https://www.reuters.com/world/first-white-south-africans-fly-us-under-trump-refugee-plan-2025-05-12/
1•belter•14m ago•0 comments

Anthropic Cofounder: 'Manager Nerds' Will Be 'Incredibly Powerful'

https://www.businessinsider.com/anthropic-cofounder-jack-clark-ai-manager-nerds-2025-5
2•andrewfromx•14m ago•2 comments

Chinese researchers develop silicon-free transistor, claim efficient and fast

https://www.techradar.com/pro/chinese-researchers-develop-silicon-free-transistor-technology-claimed-to-be-fastest-and-most-efficient-ever-heres-what-we-know
1•gnabgib•14m ago•0 comments

Ninth Bridgewater Treatise

https://en.wikipedia.org/wiki/Ninth_Bridgewater_Treatise
1•benbreen•17m ago•0 comments

Coinbase set to join S&P 500

https://www.cnbc.com/2025/05/12/coinbase-joining-sp-500-replacing-discover-financial.html
1•mfiguiere•18m ago•0 comments

A Year Later: Getting Kicked Out of the Recurse Center

https://notebook.wesleyac.com/rc-reflection/
1•gaws•18m ago•0 comments

Reasoning LLMs Guide

https://docs.google.com/document/d/1AwylUdyciJhvYn-64ltpe79UL7_G-BmNwqs4NNt4oQ0/edit?usp=sharing
1•omarsar•19m ago•0 comments

FCC Seeks Comment on EchoStar Licenses of 2 GHz MSS Spectrum

https://docs.fcc.gov/public/attachments/DA-25-405A1.txt
1•impish9208•23m ago•0 comments

Self-hosting HyperDX for fun and profit

https://weberdominik.com/blog/self-host-hyperdx/
1•brendanashworth•24m ago•0 comments

Show HN: Launched Badges-showcase launches on HN, Reddit and more, not just PH

https://launched-badges.lovable.app/
1•sundaywong•26m ago•0 comments

ChatGPT could never get a PhD in geography

https://garymarcus.substack.com/p/chatgpt-blows-mapmaking-101
2•garymarcus•27m ago•3 comments

Why aren't more Windows programs written in JavaScript?

https://old.reddit.com/r/microsoft/comments/1kkzmmu/why_arent_more_windows_programs_written_in/
2•bundie•28m ago•0 comments

The DoD Is Looking for C-UAS Low-Cost Sensing Solutions

https://www.diu.mil/latest/diu-presents-c-uas-low-cost-sensing-challenge
1•josh_carterPDX•30m ago•1 comments

Show HN: Understand your current page at a glance – chrome extension

https://chromewebstore.google.com/detail/page-overview/linicdbaokahhhglapipfcadglghbadh
1•samiezkay•33m ago•0 comments

Why is Bella Ramsey the target of so much hate?

https://english.elpais.com/culture/2025-05-12/why-is-bella-ramsey-the-target-of-so-much-hate-the-last-of-us-star-sparks-the-fury-of-the-manosphere.html
5•geox•33m ago•2 comments

New obesity drugs are coming

https://www.nature.com/articles/d41586-025-00404-9
2•paulpauper•34m ago•0 comments

Zero-shot forecasting of chaotic systems

https://arxiv.org/abs/2409.15771
1•wil3•35m ago•0 comments

US-China Tariff Pause Spurs Stock Market Surge

https://www.nytimes.com/2025/05/11/business/us-china-trade-stock-market.html
1•paulpauper•35m ago•0 comments

What the hell are rare earth elements?

https://thehustle.co/originals/what-the-hell-are-rare-earth-elements?hubs_content=thehustle.co/&hubs_content-cta=What%20the%20hell%20are%20rare%20earth%20elements?
1•paulpauper•35m ago•1 comments

Hunting extreme microbes that redefine the limits of life

https://www.nature.com/articles/d41586-025-01464-7
1•gnabgib•35m ago•0 comments

AI-focused software engineering consulting for startups and dev teams

https://seconsultant.gumroad.com/l/soft
1•kalel314•36m ago•1 comments

MethaneSAT

https://www.methanesat.org/
1•simonebrunozzi•37m ago•0 comments

Observer Theory

https://writings.stephenwolfram.com/2023/12/observer-theory/
1•Anon84•41m ago•0 comments

Lavaforming

https://saparkitektar.is/PROJECTS
1•jonah•41m ago•0 comments
Open in hackernews

Can you trust that permission pop-up on macOS?

https://wts.dev/posts/tcc-who/
78•nmgycombinator•3h ago

Comments

sefrost•2h ago
My work Mac regularly pops up an alert box claiming that Slack is “trying to install a new helper tool”. I have no idea why or what it means. I asked IT how I could verify it was legit and they didn’t know.

I often wonder if this could also be exploited because it asks for a password and it keeps popping back up every time I click cancel.

nmgycombinator•1h ago
I'm not aware of the "helper tool" popup, but I would definitely be skeptical of it. Even if it is Slack, Slack is just a messaging application. I don't know what legitimate need it would have for a helper tool. I would ask Slack support, though (and hopefully you can get a real answer and explanation).
1oooqooq•1h ago
> Slack is just a messaging application

its sold more as a way to store and all conversations than the ability to be a messaging application.

the original pitch was to make all information, even private conversation of previous employees, searchable.

nmgycombinator•1h ago
Damn. That sounds pretty dystopian. But typical for American corporate life.
frollogaston•1h ago
I don't really expect my 1:1 conversations on the company chat to be invisible to the company.
nmgycombinator•1h ago
I don't either. But it's still a bit creepy regardless.
cyberax•54m ago
Why? Companies already have to retain the data (in case of lawsuits, etc.).

Slack is also used because it allows to create persistent channels that are searchable. So they often end up being a knowledge base for the company.

nmgycombinator•35m ago
I guess that's a fair point. It cuts both ways, but given that so many people use Slack as opposed to talking, the exact words people used and when are could be open to view. Whereas, before all of this, you may only just have the minutes of any official meetings. Any side chatter not in the meeting room and/or exact phrasings would be lost to time.
frollogaston•1h ago
It doesn't need special permissions on your Mac to do that.
dcrazy•1h ago
This dialog comes from the System Management framework [1]. Slack is probably installing a privileged helper tool (conceptually similar to a setuid root binary) so that it can update itself regardless of where it is installed or which user originally installed it.

[1]: https://developer.apple.com/documentation/servicemanagement/...

QuercusMax•1h ago
Seems like it should only need to do this once. I get this with almost every Slack and VSCode update. The correct solution for me is to quit Slack.app and let my company's management software do the update for me.
closeparen•1h ago
Maybe it's smart enough to require re-authorization when the binary changes?
ubercow13•1h ago
Why would the helper binary change that much? A setuid-ish binary should be ultra simple and not constantly changing I'd assume.
QuercusMax•1h ago
...and it should be able to replace itself.
nmgycombinator•1h ago
A software updater was going to be my best guess at what this was. I guess I understand the flexibility it brings, but it definitely does have some security trade-offs.
e40•1h ago
I installed Slack from the app store and never see this popup.
accrual•56m ago
Discord does this as well I believe. I often needed to enter the administrator password to install a helper after the system had been off for a couple days.
jonplackett•47m ago
And they are sooooo insistent. Just keep bugging you forever
nartho•21m ago
Discord, Slack and VS Code desktop apps are all built using Electron, so I'm guessing this is an Electron issue.
1shooner•1h ago
I get this from every Electron-based app that I have run as multiple OS users.
kccqzy•1h ago
That does sound like it could be exploited, but with only as much exploitability as some random app that requires your password (for analogy consider a Linux binary that refuses to run unless being run as root). Ultimately it's a matter of deciding whether you trust the developer of the app and whether you trust this app is really from that developer. The day Apple prevents users from giving root access to a third-app app is when the Mac fully becomes a walled garden, and you can expect pages of HN complaints.

Overall I think it's good paranoia to not grant root permissions to apps that do not clearly need them such as Slack.

aziaziazi•50m ago
Being paranoid, would it be possible that another app already installed (but not trusted enough to give privilege, let’s say a shady mouse driver or screenshot app) detect when slack (more trustfully) does launch to open a dialog at that precise time and deceive the user? Let’s say the shady app is named « SIack » or something close enough to be missed - but brand itself as innocents « screenshotPro4000 » in the app itself graphics so you’re not suspicious.
nmgycombinator•33m ago
> The day Apple prevents users from giving sudo access to a third-app app is when the Mac fully becomes a walled garden, and you can expect pages of HN complaints.

I can see this happening, but it probably won't anytime soon. macOS is still open enough, and with the assumption that sometimes processes need root (see third-party Launch Daemons).

It would probably break quite a lot. But I wouldn't be surprised if they eventually gradually move macOS in that direction.

haiku2077•59m ago
I get this popup all the time.

It contains no information that I can reasonably use to match a decision on whether or not to allow it, so I always click cancel on it.

jonplackett•54m ago
These types of ‘security’ blockers are so dumb because they train people to act dumb. Even if they’re real, the next time they may not be.

It’s like how my bank often calls and wants me to give them my personal info for ‘data protection’ before we can speak. These are legit bank calls, training people to give out personal info to strangers.

hbn•51m ago
As of the latest macOS update, every app is now asking every few days if it can have access to devices on your local network, or something to that tune. My theory right now is it's something in chromium that automatically asking for this and Electron apps will do this out of the box, but I can't remember which apps exactly have been doing this.

Regardless, yes it causes the exact issue you're talking about. I don't even read what the popups say anymore, I'm just blindly hitting an accept button.

jonplackett•40m ago
I’m surprised Apple have let this happen.

When you make an iOS app and requested permission for something - photo library or location etc. you MUST write out a sentence of what you’ll use it for which is shown to the user.

Why not the same for Mac apps?

beezlewax•33m ago
This is chrome for sure. There a bunch of threads if you search the actual error message you'll get hits on stackoverflow and in apple forums
codebje•50m ago
If someone cold calls me and asks me to verify myself, I refuse.

If it’s an expected call or they give me a good reason to, I’ll call their listed contact number back.

So far I have not missed out on anything of consequence by refusing to identify myself to someone who initiated contact with me.

jonplackett•44m ago
I likewise refuse the bank’s call and they’re always really confused why I’d do such a thing - so clearly they have successfully trained all their other customers to be morons - and then they will no doubt blame them when they get conned.
jq-r•35m ago
And it so annoying because it steals focus so as you're writting a message it suddenly stops taking your input and "helpfully" continues typing your text into the password box.
e40•1h ago
> The patch is released

I assume that is with 15.5...

nmgycombinator•1h ago
> which was patched in today's releases of macOS Sequoia 15.5 et al.

Correct.

commandersaki•1h ago
Love this guy's research, such good presentation!
nmgycombinator•1h ago
Thank you very much! Although I'm not a guy, just fyi! I'm just a person :)
JohnFen•1h ago
Honestly, I don't really trust any permissions popups on anything anymore. They are often porous enough to count as "security theater".
nmgycombinator•57m ago
I honestly think this is a good skepticism to have. I generally don't hit "Accept" (or "Allow" or whatever) on any permission pop-up unless I know exactly what it's doing and what I need it for.
silvestrov•54m ago
It took Apple a full year to release the fix. That is a very long time.

2024-05-04 I leave several additional update messages as I continue testing my PoC

2025-05-12 The patch is released

nmgycombinator•39m ago
Yeah. I'm guessing there must be some legitimate (internal?) use cases for the behavior I found and they spent all that time working out the kinks to allow those edge cases while also not allowing malicious ones. Or perhaps it wasn't as high on their priority list as it required a higher level of user interaction (the user had to click "Allow"). In any case, though, I do believe that a year is a shockingly long time for them to take.
zoomTo125•50m ago
Almost a year to release a patch. If Apple takes that long, there is no hope for other vendors.
nmgycombinator•45m ago
This is Apple-specific, though. So there aren't really any other vendors that are relevant to this specific scenario. I will say, they have been quicker with my other reports; taking just a few months as opposed to a full year.
EGreg•49m ago
I once sent an email to Steve Jobs back in 2009 or so

I told him that the MacOS permissions dialog could easily be spoofed, and that Macs should have a secret phrase or icon that you choose that they’d display inside these dialogs, and prevent their screen capture like what they had been doing with their recent DRM features.

Never heard back from him

And it never got implemented. Any program can still continue to spoof it and grab your system password.

nmgycombinator•41m ago
I mean, at that point and app could just put up a fake prompt using the UI framework. And I think users would be more hesitant to type a full password than just click a button. But if you're talking about a bug similar to mine where an attacker could use the OS's own code against it and make it show a prompt with misleading content, you might be able to report it to Apple Product Security and maybe get a bounty.