frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

TOSTracker – The AI Training Asymmetry

https://tostracker.app/analysis/ai-training
1•tldrthelaw•4m ago•0 comments

The Devil Inside GitHub

https://blog.melashri.net/micro/github-devil/
1•elashri•4m ago•0 comments

Show HN: Distill – Migrate LLM agents from expensive to cheap models

https://github.com/ricardomoratomateos/distill
1•ricardomorato•4m ago•0 comments

Show HN: Sigma Runtime – Maintaining 100% Fact Integrity over 120 LLM Cycles

https://github.com/sigmastratum/documentation/tree/main/sigma-runtime/SR-053
1•teugent•4m ago•0 comments

Make a local open-source AI chatbot with access to Fedora documentation

https://fedoramagazine.org/how-to-make-a-local-open-source-ai-chatbot-who-has-access-to-fedora-do...
1•jadedtuna•6m ago•0 comments

Introduce the Vouch/Denouncement Contribution Model by Mitchellh

https://github.com/ghostty-org/ghostty/pull/10559
1•samtrack2019•6m ago•0 comments

Software Factories and the Agentic Moment

https://factory.strongdm.ai/
1•mellosouls•6m ago•1 comments

The Neuroscience Behind Nutrition for Developers and Founders

https://comuniq.xyz/post?t=797
1•01-_-•6m ago•0 comments

Bang bang he murdered math {the musical } (2024)

https://taylor.town/bang-bang
1•surprisetalk•6m ago•0 comments

A Night Without the Nerds – Claude Opus 4.6, Field-Tested

https://konfuzio.com/en/a-night-without-the-nerds-claude-opus-4-6-in-the-field-test/
1•konfuzio•9m ago•0 comments

Could ionospheric disturbances influence earthquakes?

https://www.kyoto-u.ac.jp/en/research-news/2026-02-06-0
2•geox•10m ago•1 comments

SpaceX's next astronaut launch for NASA is officially on for Feb. 11 as FAA clea

https://www.space.com/space-exploration/launches-spacecraft/spacexs-next-astronaut-launch-for-nas...
1•bookmtn•12m ago•0 comments

Show HN: One-click AI employee with its own cloud desktop

https://cloudbot-ai.com
1•fainir•14m ago•0 comments

Show HN: Poddley – Search podcasts by who's speaking

https://poddley.com
1•onesandofgrain•15m ago•0 comments

Same Surface, Different Weight

https://www.robpanico.com/articles/display/?entry_short=same-surface-different-weight
1•retrocog•17m ago•0 comments

The Rise of Spec Driven Development

https://www.dbreunig.com/2026/02/06/the-rise-of-spec-driven-development.html
2•Brajeshwar•21m ago•0 comments

The first good Raspberry Pi Laptop

https://www.jeffgeerling.com/blog/2026/the-first-good-raspberry-pi-laptop/
3•Brajeshwar•22m ago•0 comments

Seas to Rise Around the World – But Not in Greenland

https://e360.yale.edu/digest/greenland-sea-levels-fall
2•Brajeshwar•22m ago•0 comments

Will Future Generations Think We're Gross?

https://chillphysicsenjoyer.substack.com/p/will-future-generations-think-were
1•crescit_eundo•25m ago•1 comments

State Department will delete Xitter posts from before Trump returned to office

https://www.npr.org/2026/02/07/nx-s1-5704785/state-department-trump-posts-x
2•righthand•28m ago•1 comments

Show HN: Verifiable server roundtrip demo for a decision interruption system

https://github.com/veeduzyl-hue/decision-assistant-roundtrip-demo
1•veeduzyl•29m ago•0 comments

Impl Rust – Avro IDL Tool in Rust via Antlr

https://www.youtube.com/watch?v=vmKvw73V394
1•todsacerdoti•29m ago•0 comments

Stories from 25 Years of Software Development

https://susam.net/twenty-five-years-of-computing.html
3•vinhnx•30m ago•0 comments

minikeyvalue

https://github.com/commaai/minikeyvalue/tree/prod
3•tosh•35m ago•0 comments

Neomacs: GPU-accelerated Emacs with inline video, WebKit, and terminal via wgpu

https://github.com/eval-exec/neomacs
1•evalexec•39m ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/
2•ShinyaKoyano•43m ago•1 comments

How I grow my X presence?

https://www.reddit.com/r/GrowthHacking/s/UEc8pAl61b
2•m00dy•45m ago•0 comments

What's the cost of the most expensive Super Bowl ad slot?

https://ballparkguess.com/?id=5b98b1d3-5887-47b9-8a92-43be2ced674b
1•bkls•46m ago•0 comments

What if you just did a startup instead?

https://alexaraki.substack.com/p/what-if-you-just-did-a-startup
5•okaywriting•52m ago•0 comments

Hacking up your own shell completion (2020)

https://www.feltrac.co/environment/2020/01/18/build-your-own-shell-completion.html
2•todsacerdoti•55m ago•0 comments
Open in hackernews

Mic-E-Mouse – Covert eavesdropping through computer mice

https://sites.google.com/view/mic-e-mouse
94•davekeck•4mo ago

Comments

rmunn•4mo ago
I've known that the correct pronunciation of "mic" was to sound like "mike" (because it's short for "microphone") for so long that the pun in the "Mic-E-Mouse" name escaped me until after I finished reading the article.

(If you also didn't notice the pun, it would sound like "Mickey Mouse" if you pronounced "mic" the way it's written instead of the correct way).

krackers•4mo ago
The "mickey" is also the unit used for mouse speed.
iamthejuan•4mo ago
Sounds like the old cartoon, Mighty Mouse.
pfexec•4mo ago
The author theorizes that games are an ideal malware delivery vehicle but... aren't games typically connected to a user's headset/mic regardless?

I'm a bit puzzled how "secure environment" has a direct connection to "data collection" and "adversary".

privatelypublic•4mo ago
Lets ignore the open source FUD in the diagram.
alterom•4mo ago
"Our delivery vehicle is FOSS"

Yeah right, FOSS is famous for just accepting pull requests with exploits from randos.

LGTM YOLO fuck it, ship it, move fast and break things — wait, that one isn't FOSS.

Anyway .

mdhb•4mo ago
This absolutely does however happen in practice.

It’s a bit ironic in the sense that the EXACT logic of what you’re saying here is precisely what makes it such an ideal thing to target.

I think sometimes people put way too much faith into the concept of open source as being some kind of meaningful shield against attacks like this. Like absolutely nobody in an intel background for example who does stuff like this for a living would agree with you.

It only ever needs to look plausible and I don’t think it’s all that complicated a problem to come up with a reason as to why you’re introducing some code that is suddenly very focused on reading mouse sensor data.

alterom•4mo ago
>It only ever needs to look plausible and I don’t think it’s all that complicated a problem to come up with a reason as to why you’re introducing some code that is suddenly very focused on reading mouse sensor data.

....and then what?

Reading the data alone does nothing.

Sending that data to your own servers would be a harder thing to obfuscate.

rmunn•4mo ago
Quote from the article (emphasis in original): "Our target for a suitable exploit delivery vehicle is open-source applications where the collection and distribution of high-frequency mouse data is not inherently suspicious. Therefore, creative software, video games, and other high performance, low latency software are an ideal targets for injecting our exploit."

My comments: yes, because exploits being injected into open-source software are famous for not being discovered. Obviously it can happen (look at xz, or the recent Shai-Hulud worm on NPM), and it's entirely possible that it has happened to other places that weren't discovered. But with xz the exploit was caught quickly enough that it didn't reach production, and with Shai-Hulud it was contained within days despite having the potential to spread to every package. I doubt that anyone trying to stick this kind of thing into open-source software would get away with it. Closed-source software, OTOH, would be a far more likely distribution vector. Just persuade some overworked dev that he should use this handy library that tracks high-precision mouse movement in his game, and you've injected your exploit.

7e•4mo ago
Heartbleed was in production for two years. Log4Shell was in the wild for 8. ShellShock for 20. The fact that some exploits are discovered quickly is not in any way a proof that nobody can get away with it. You may argue that these vulnerabilities are unintentional. I would say distinction without difference.
LorenzoGood•4mo ago
Yes but this is discussing deliberately injecting malware into an open source project, which differs from exploiting a vulnerability that exists in one.
charcircuit•4mo ago
It's easier to hide this in plain sight instead of being a secret. Take for example table top simulator, it has the ability to show where other people's cursors are so you can follow what other players are doing. If this streamed the mouse location at a high enough frequency, you now have the data needed being sent to everyone else in the same lobby. Synchronizing mouse cursors or player look vectors is a common feature and it may not be obvious that sensitive data is actually being streamed to the person doing the review.
dwroberts•4mo ago
The page is anonymized so the authors are unknown, the repository link is expired, and the drive link that does work only contains MICEMOUSE.zip and another archive with MNIST data.

A pretty good malware distribution method would be having people download a ‘demo’ of this, right?

lesuorac•4mo ago
Wouldn't an ad network be better for exfiltration than video games?

While I'm sure (by numbers) a lot of people play video games, I would bet percentage wise that a lot more people open webpages.