frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Los Alamos Primer

https://blog.szczepan.org/blog/los-alamos-primer/
1•alkyon•49s ago•0 comments

NewASM Virtual Machine

https://github.com/bracesoftware/newasm
1•DEntisT_•3m ago•0 comments

Terminal-Bench 2.0 Leaderboard

https://www.tbench.ai/leaderboard/terminal-bench/2.0
1•tosh•3m ago•0 comments

I vibe coded a BBS bank with a real working ledger

https://mini-ledger.exe.xyz/
1•simonvc•3m ago•1 comments

The Path to Mojo 1.0

https://www.modular.com/blog/the-path-to-mojo-1-0
1•tosh•6m ago•0 comments

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

https://github.com/voice-of-japan/Virtual-Protest-Protocol/blob/main/README.md
4•sakanakana00•9m ago•0 comments

Show HN: I built Divvy to split restaurant bills from a photo

https://divvyai.app/
3•pieterdy•12m ago•0 comments

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

https://codethoughts.io/posts/2026-02-07-rust-hot-reloading/
3•Tehnix•12m ago•1 comments

Skim – vibe review your PRs

https://github.com/Haizzz/skim
2•haizzz•14m ago•1 comments

Show HN: Open-source AI assistant for interview reasoning

https://github.com/evinjohnn/natively-cluely-ai-assistant
4•Nive11•14m ago•5 comments

Tech Edge: A Living Playbook for America's Technology Long Game

https://csis-website-prod.s3.amazonaws.com/s3fs-public/2026-01/260120_EST_Tech_Edge_0.pdf?Version...
2•hunglee2•18m ago•0 comments

Golden Cross vs. Death Cross: Crypto Trading Guide

https://chartscout.io/golden-cross-vs-death-cross-crypto-trading-guide
2•chartscout•20m ago•0 comments

Hoot: Scheme on WebAssembly

https://www.spritely.institute/hoot/
3•AlexeyBrin•23m ago•0 comments

What the longevity experts don't tell you

https://machielreyneke.com/blog/longevity-lessons/
2•machielrey•24m ago•1 comments

Monzo wrongly denied refunds to fraud and scam victims

https://www.theguardian.com/money/2026/feb/07/monzo-natwest-hsbc-refunds-fraud-scam-fos-ombudsman
3•tablets•29m ago•1 comments

They were drawn to Korea with dreams of K-pop stardom – but then let down

https://www.bbc.com/news/articles/cvgnq9rwyqno
2•breve•31m ago•0 comments

Show HN: AI-Powered Merchant Intelligence

https://nodee.co
1•jjkirsch•34m ago•0 comments

Bash parallel tasks and error handling

https://github.com/themattrix/bash-concurrent
2•pastage•34m ago•0 comments

Let's compile Quake like it's 1997

https://fabiensanglard.net/compile_like_1997/index.html
2•billiob•35m ago•0 comments

Reverse Engineering Medium.com's Editor: How Copy, Paste, and Images Work

https://app.writtte.com/read/gP0H6W5
2•birdculture•40m ago•0 comments

Go 1.22, SQLite, and Next.js: The "Boring" Back End

https://mohammedeabdelaziz.github.io/articles/go-next-pt-2
1•mohammede•46m ago•0 comments

Laibach the Whistleblowers [video]

https://www.youtube.com/watch?v=c6Mx2mxpaCY
1•KnuthIsGod•47m ago•1 comments

Slop News - The Front Page right now but it's only Slop

https://slop-news.pages.dev/slop-news
1•keepamovin•52m ago•1 comments

Economists vs. Technologists on AI

https://ideasindevelopment.substack.com/p/economists-vs-technologists-on-ai
1•econlmics•54m ago•0 comments

Life at the Edge

https://asadk.com/p/edge
4•tosh•1h ago•0 comments

RISC-V Vector Primer

https://github.com/simplex-micro/riscv-vector-primer/blob/main/index.md
4•oxxoxoxooo•1h ago•1 comments

Show HN: Invoxo – Invoicing with automatic EU VAT for cross-border services

2•InvoxoEU•1h ago•0 comments

A Tale of Two Standards, POSIX and Win32 (2005)

https://www.samba.org/samba/news/articles/low_point/tale_two_stds_os2.html
4•goranmoomin•1h ago•0 comments

Ask HN: Is the Downfall of SaaS Started?

4•throwaw12•1h ago•0 comments

Flirt: The Native Backend

https://blog.buenzli.dev/flirt-native-backend/
3•senekor•1h ago•0 comments
Open in hackernews

North Korean XORIndex malware hidden in 67 malicious NPM packages

https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/
31•Bogdanp•6mo ago

Comments

bn-l•6mo ago
It’s weird how an npm package can just do all this still, to this day.
Bridged7756•6mo ago
Given the size of the JavaScript ecosystem, it is indeed baffling how behind npm is. One npm i and a typo away from getting hacked.
owebmaster•6mo ago
I "got" hacked by a North Korean hacker. I was lucky the dumb virus was meant for Mac and Windows, not Linux. It got installed to my computer but attempted to steal credentials in places there did not exist in my computer, but it was a close call.

After that I never used npm again.

braebo•6mo ago
How did you know? Now I’m worried I’ve been hacked a billion times testing npm packages just today.
owebmaster•6mo ago
> How did you know?

A recruiter profile disappeared from my inbox in linkedin after I sent a PR to a github project for a an interview so I got suspicious and checked if there was any unrecognized open connection usng `lsof -nPi | grep ESTABLISHED` and there was one, found the script, read it to see what it did - tried to steal crypto and browser credentials.

To be sure it did not install other stuff I could not find I did a full reinstall of the OS. Now I don't use npm ever again.

hulitu•6mo ago
> How did you know?

He installed npm, pypy and cargo. /s

hollerith•6mo ago
Do you use apps built on Electron? The npm packages chosen for inclusion in the app are not sandboxed in any way IIUC (at least on Linux that is the case).

Some security people are warning against Electron (at least on Linux):

https://github.com/secureblue/secureblue/issues/193#issuecom...

owebmaster•6mo ago
Yeah. Only Codium (VSCode fork) tho and now that I thought about it, time to stop using it.
cyanydeez•6mo ago
North korea and others are likely going if not already, setup an uno reverso and get applicants to do screening tests that require downloading malicious packages.
leggomuhgreggo•6mo ago
It must be "sanctions renewal" season!

The vipers in the big nest need a bunch of trash cyber security media to premise renewal of sanctions against DPRK.

Bless our patriotic vipers, and their white hat hackers/influencers.