frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Why AlphaTensor Failed at 3x3 Matrix Multiplication: The Anchor Barrier

https://zenodo.org/records/18514533
1•DarenWatson•37s ago•0 comments

Ask HN: How much of your token use is fixing the bugs Claude Code causes?

1•laurex•4m ago•0 comments

Show HN: Agents – Sync MCP Configs Across Claude, Cursor, Codex Automatically

https://github.com/amtiYo/agents
1•amtiyo•4m ago•0 comments

Hello

1•otrebladih•6m ago•0 comments

FSD helped save my father's life during a heart attack

https://twitter.com/JJackBrandt/status/2019852423980875794
2•blacktulip•8m ago•0 comments

Show HN: Writtte – Draft and publish articles without reformatting, anywhere

https://writtte.xyz
1•lasgawe•10m ago•0 comments

Portuguese icon (FROM A CAN) makes a simple meal (Canned Fish Files) [video]

https://www.youtube.com/watch?v=e9FUdOfp8ME
1•zeristor•12m ago•0 comments

Brookhaven Lab's RHIC Concludes 25-Year Run with Final Collisions

https://www.hpcwire.com/off-the-wire/brookhaven-labs-rhic-concludes-25-year-run-with-final-collis...
2•gnufx•14m ago•0 comments

Transcribe your aunts post cards with Gemini 3 Pro

https://leserli.ch/ocr/
1•nielstron•18m ago•0 comments

.72% Variance Lance

1•mav5431•19m ago•0 comments

ReKindle – web-based operating system designed specifically for E-ink devices

https://rekindle.ink
1•JSLegendDev•21m ago•0 comments

Encrypt It

https://encryptitalready.org/
1•u1hcw9nx•21m ago•1 comments

NextMatch – 5-minute video speed dating to reduce ghosting

https://nextmatchdating.netlify.app/
1•Halinani8•22m ago•1 comments

Personalizing esketamine treatment in TRD and TRBD

https://www.frontiersin.org/articles/10.3389/fpsyt.2025.1736114
1•PaulHoule•23m ago•0 comments

SpaceKit.xyz – a browser‑native VM for decentralized compute

https://spacekit.xyz
1•astorrivera•24m ago•0 comments

NotebookLM: The AI that only learns from you

https://byandrev.dev/en/blog/what-is-notebooklm
1•byandrev•24m ago•1 comments

Show HN: An open-source starter kit for developing with Postgres and ClickHouse

https://github.com/ClickHouse/postgres-clickhouse-stack
1•saisrirampur•25m ago•0 comments

Game Boy Advance d-pad capacitor measurements

https://gekkio.fi/blog/2026/game-boy-advance-d-pad-capacitor-measurements/
1•todsacerdoti•25m ago•0 comments

South Korean crypto firm accidentally sends $44B in bitcoins to users

https://www.reuters.com/world/asia-pacific/crypto-firm-accidentally-sends-44-billion-bitcoins-use...
2•layer8•26m ago•0 comments

Apache Poison Fountain

https://gist.github.com/jwakely/a511a5cab5eb36d088ecd1659fcee1d5
1•atomic128•28m ago•2 comments

Web.whatsapp.com appears to be having issues syncing and sending messages

http://web.whatsapp.com
1•sabujp•28m ago•2 comments

Google in Your Terminal

https://gogcli.sh/
1•johlo•29m ago•0 comments

Shannon: Claude Code for Pen Testing: #1 on Github today

https://github.com/KeygraphHQ/shannon
1•hendler•30m ago•0 comments

Anthropic: Latest Claude model finds more than 500 vulnerabilities

https://www.scworld.com/news/anthropic-latest-claude-model-finds-more-than-500-vulnerabilities
2•Bender•34m ago•0 comments

Brooklyn cemetery plans human composting option, stirring interest and debate

https://www.cbsnews.com/newyork/news/brooklyn-green-wood-cemetery-human-composting/
1•geox•34m ago•0 comments

Why the 'Strivers' Are Right

https://greyenlightenment.com/2026/02/03/the-strivers-were-right-all-along/
1•paulpauper•36m ago•0 comments

Brain Dumps as a Literary Form

https://davegriffith.substack.com/p/brain-dumps-as-a-literary-form
1•gmays•36m ago•0 comments

Agentic Coding and the Problem of Oracles

https://epkconsulting.substack.com/p/agentic-coding-and-the-problem-of
1•qingsworkshop•37m ago•0 comments

Malicious packages for dYdX cryptocurrency exchange empties user wallets

https://arstechnica.com/security/2026/02/malicious-packages-for-dydx-cryptocurrency-exchange-empt...
1•Bender•37m ago•0 comments

Show HN: I built a <400ms latency voice agent that runs on a 4gb vram GTX 1650"

https://github.com/pheonix-delta/axiom-voice-agent
1•shubham-coder•37m ago•0 comments
Open in hackernews

Detecting Malicious Unicode

https://daniel.haxx.se/blog/2025/05/16/detecting-malicious-unicode/
40•TangerineDream•8mo ago

Comments

graemep•8mo ago
Surely the fact that the change is in a domain name (and the diff shows this) is a red flag?
bombcar•8mo ago
That was an example- an attacker would slip it in an actual URL change to make it less noticeable- and a good attacker would have their domain work and redirect until the code was deployed in the wild.
fsflover•8mo ago
Qubes OS protects from such attacks by running all software in isolated VMs and not passing the unicode symbols to the host by default, https://www.qubes-os.org/news/2024/07/13/qubes-os-4-2-2-has-...
poincaredisk•8mo ago
You link says the opposite - the change was very annoying for people that use non-english languages (like me), and:

>By default, qvm-copy and similar tools will use this less restrictive service (qubes.Filecopy +allow-all-names) whenever they detect any files that would be have been blocked by the more restrictive service

Also it looks like this is just for filenames? I can't imagine filtering text like this, that would render the system useless for me.

fsflover•8mo ago
The defense of the host (dom0) from the websites comes from not showing the UTF-8 window titles (https://www.qubes-os.org/doc/config-files/#gui-and-audio-con...). Since all you see inside VMs is isolated, you can show any text inside them safely for dom0.

It gets a bit harder with transferring files between VMs as my original link shows, but you can be protected from that too at some cost.

rurban•8mo ago
I also rerported that to github some years ago and pointed them to use a library of mine to catch such confusables, libu8ident. No reaction whatsoever. Compilers and binutils didn't care neither. They don't care about strings, but even not about names.
crtasm•8mo ago
Some good news at the end of the post:

>Update. GitHub has told me they have raised this as a security issue internally and they are working on a fix.