frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Resistance Infrastructure

https://www.profgalloway.com/resistance-infrastructure/
1•samizdis•1m ago•0 comments

Fire-juggling unicyclist caught performing on crossing

https://news.sky.com/story/fire-juggling-unicyclist-caught-performing-on-crossing-13504459
1•austinallegro•1m ago•0 comments

Restoring a lost 1981 Unix roguelike (protoHack) and preserving Hack 1.0.3

https://github.com/Critlist/protoHack
1•Critlist•3m ago•0 comments

GPS and Time Dilation – Special and General Relativity

https://philosophersview.com/gps-and-time-dilation/
1•mistyvales•6m ago•0 comments

Show HN: Witnessd – Prove human authorship via hardware-bound jitter seals

https://github.com/writerslogic/witnessd
1•davidcondrey•6m ago•1 comments

Show HN: I built a clawdbot that texts like your crush

https://14.israelfirew.co
1•IsruAlpha•8m ago•0 comments

Scientists reverse Alzheimer's in mice and restore memory (2025)

https://www.sciencedaily.com/releases/2025/12/251224032354.htm
1•walterbell•12m ago•0 comments

Compiling Prolog to Forth [pdf]

https://vfxforth.com/flag/jfar/vol4/no4/article4.pdf
1•todsacerdoti•13m ago•0 comments

Show HN: Cymatica – an experimental, meditative audiovisual app

https://apps.apple.com/us/app/cymatica-sounds-visualizer/id6748863721
1•_august•14m ago•0 comments

GitBlack: Tracing America's Foundation

https://gitblack.vercel.app/
2•martialg•14m ago•0 comments

Horizon-LM: A RAM-Centric Architecture for LLM Training

https://arxiv.org/abs/2602.04816
1•chrsw•15m ago•0 comments

We just ordered shawarma and fries from Cursor [video]

https://www.youtube.com/shorts/WALQOiugbWc
1•jeffreyjin•16m ago•1 comments

Correctio

https://rhetoric.byu.edu/Figures/C/correctio.htm
1•grantpitt•16m ago•0 comments

Trying to make an Automated Ecologist: A first pass through the Biotime dataset

https://chillphysicsenjoyer.substack.com/p/trying-to-make-an-automated-ecologist
1•crescit_eundo•20m ago•0 comments

Watch Ukraine's Minigun-Firing, Drone-Hunting Turboprop in Action

https://www.twz.com/air/watch-ukraines-minigun-firing-drone-hunting-turboprop-in-action
1•breve•21m ago•0 comments

Free Trial: AI Interviewer

https://ai-interviewer.nuvoice.ai/
1•sijain2•21m ago•0 comments

FDA intends to take action against non-FDA-approved GLP-1 drugs

https://www.fda.gov/news-events/press-announcements/fda-intends-take-action-against-non-fda-appro...
19•randycupertino•22m ago•6 comments

Supernote e-ink devices for writing like paper

https://supernote.eu/choose-your-product/
3•janandonly•24m ago•0 comments

We are QA Engineers now

https://serce.me/posts/2026-02-05-we-are-qa-engineers-now
1•SerCe•25m ago•0 comments

Show HN: Measuring how AI agent teams improve issue resolution on SWE-Verified

https://arxiv.org/abs/2602.01465
2•NBenkovich•25m ago•0 comments

Adversarial Reasoning: Multiagent World Models for Closing the Simulation Gap

https://www.latent.space/p/adversarial-reasoning
1•swyx•25m ago•0 comments

Show HN: Poddley.com – Follow people, not podcasts

https://poddley.com/guests/ana-kasparian/episodes
1•onesandofgrain•33m ago•0 comments

Layoffs Surge 118% in January – The Highest Since 2009

https://www.cnbc.com/2026/02/05/layoff-and-hiring-announcements-hit-their-worst-january-levels-si...
12•karakoram•33m ago•0 comments

Papyrus 114: Homer's Iliad

https://p114.homemade.systems/
1•mwenge•34m ago•1 comments

DicePit – Real-time multiplayer Knucklebones in the browser

https://dicepit.pages.dev/
1•r1z4•34m ago•1 comments

Turn-Based Structural Triggers: Prompt-Free Backdoors in Multi-Turn LLMs

https://arxiv.org/abs/2601.14340
2•PaulHoule•35m ago•0 comments

Show HN: AI Agent Tool That Keeps You in the Loop

https://github.com/dshearer/misatay
2•dshearer•37m ago•0 comments

Why Every R Package Wrapping External Tools Needs a Sitrep() Function

https://drmowinckels.io/blog/2026/sitrep-functions/
1•todsacerdoti•37m ago•0 comments

Achieving Ultra-Fast AI Chat Widgets

https://www.cjroth.com/blog/2026-02-06-chat-widgets
2•thoughtfulchris•39m ago•0 comments

Show HN: Runtime Fence – Kill switch for AI agents

https://github.com/RunTimeAdmin/ai-agent-killswitch
1•ccie14019•41m ago•1 comments
Open in hackernews

Slowing the flow of core-dump-related CVEs

https://lwn.net/SubscriberLink/1024160/f18b880c8cd1eef1/
87•jwilk•8mo ago

Comments

charcircuit•7mo ago
>For example, the core-dump handler is launched by the kernel as a user-mode helper, meaning that it runs fully privileged in the root namespace.

Why is it not run as a dedicated core dump user?

>the core-dump socket to a helper can be intercepted

There have been several vulnerabilities related to this feature of passing core files to a container. I question if this feature is actually worth it considering one probably wants to have shared infrastructure for crash reporting anyways.

rwmj•7mo ago
> Why is it not run as a dedicated core dump user?

You could imagine an API that sets the UID of this user, and the kernel could easily run the coredump handler as that user, but the kernel can't so easily automate the creation of a complicated namespace to contain that process (and the process can't do it itself because it could be exploited before it gets around to it). Look at the code in runc some time to see how complicated setting up a namespace has got.

> one probably wants to have shared infrastructure for crash reporting anyways

Not really on a single machine. coredumpctl actually works very well for solo development, I use it all the time.

nolist_policy•7mo ago
You're thinking to complicated. You can configure the coredump helper in a way that the kernel presents it with the coredump on stdin. So you drop privileges and self-sandbox at startup and only then start reading the coredump from stdin.

IIUC Ubuntu and systemd however choose to dump the process manually for some reason and for that you need to have same permission as the target process.

pkhuong•7mo ago
> start reading the coredump from stdin

How does that work with multi-TB mappings, as used by niche functionality like asan?

nolist_policy•7mo ago
The coredump is sparse in elf format.
charcircuit•7mo ago
>You could imagine an API that sets the UID of this user

No, I think there should be a dedicated user. People will configure it in insecure ways if you let them.

>easily automate the creation of a complicated namespace to contain that process

Why is this being done. The core dump has already been created.

>coredumpctl actually works

Coredumpctl would still be possible without forwarding.

bandrami•7mo ago
Wouldn't that user have to be able to access arbitrary kernel memory, meaning there's little point in it not being root?
charcircuit•7mo ago
Sharing a buffer or fd for the core file to a process running as a "core" user dies not require accessing arbitrary kernel memory.
mort96•7mo ago
I'm having a hard time parsing this because I don't understand what "****" is supposed to mean in "**** API". Is it a "shit API" or "crap API", indicating that the API has problems? Is it a "damn API", which just indicates that the author of the quote is annoyed but there's nothing wrong with the API itself?

I assume it's meant to be the first meaning, that the API is bad? But the censorship honestly makes me a bit unclear.

lionkor•7mo ago
4 star API

I'm not sure why people do this censoring; who are they trying to get into good relations with?

Either swear, or don't.

eru•7mo ago
I have sympathies for your view; but sometimes it's funnier to fake censor things. Though that's more of an artistic choice for comedy, than something to do in a technical piece.

Compare https://tvtropes.org/pmwiki/pmwiki.php/Main/CensoredForComed...

remram•7mo ago
This is not that, though.
eru•7mo ago
Yes, it's going off on a tangent and replying only to the 'Either swear, or don't.' bit.
majormajor•7mo ago
If it was an article posting a censored version of a quote, that would be pretty normal. Some publications care about different audiences than the people they are quoting might.

Seems weird when you click through the link and it's the original social media post where the author censored himself. Just say "super poor" or something then.

DeepYogurt•7mo ago
Good to see CVEs driving design change I guess
10000truths•7mo ago
The design of core dump handling in Linux leaves much to be desired. Among its several flaws, the biggest is that it is a global setting, accessible only by the root user. A proper design would either allow it to be isolated via namespace, or delegated to a reaper/subreaper process (in an opt-in fashion for back-compat). There has been discussion of the former idea [0] and even a submitted patch [1], but it seems like it never went anywhere.

[0]: https://groups.google.com/g/linux.kernel/c/hJLP3XcKKSY

[1]: https://mail-archive.com/linux-kernel@vger.kernel.org/msg107...

inopinatus•7mo ago
This flurry of effort reminds me of that time in the '90s when I had the privilege of exploiting a core dump mishandling for real after a friend of mine forget the root password for his ISP's nameserver.