frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

The JavaScript execution model including the event loop

https://bsky.app/profile/sarahedo.bsky.social/post/3m2jm43hr4c2i
1•mooreds•38s ago•0 comments

Supreme Court, for Now, Rejects Google Bid to Block Changes to App Store

https://www.nytimes.com/2025/10/06/us/politics/supreme-court-google-fortnite.html
1•goplayoutside•1m ago•0 comments

Climate change could drastically reduce aquifer recharge in Brazil

https://phys.org/news/2025-09-climate-drastically-aquifer-recharge-brazil.html
1•PaulHoule•2m ago•0 comments

Mylinux an OS by Me

1•Mylinux-os•6m ago•0 comments

Show HN: 1-Bit Pixel Art Font Editor

https://www.moonbench.xyz/workshop/font_editor/font_editor.html
2•RpFLCL•7m ago•0 comments

The End of the Global Internet

https://sphericalcowconsulting.com/2025/10/07/the-end-of-the-global-internet/
1•mooreds•8m ago•0 comments

Tony Hoare's hints on programming language design [pdf]

http://i.stanford.edu/pub/cstr/reports/cs/tr/73/403/CS-TR-73-403.pdf
1•fanf2•8m ago•0 comments

Mylinux an OS by Me

1•Mylinux-os•9m ago•0 comments

Chargerless Ray Fitness Tracker

https://chargerless.xyz/technology/
1•Luc•10m ago•0 comments

Responsive Viewer Extension for Chrome and Firefox

https://superdevpro.com/responsive-viewer
1•mddanishyusuf•11m ago•0 comments

Disrupting malicious uses of AI: October 2025

https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/
1•wertyk•11m ago•0 comments

Google Confirms Non-ADB APK Installs Will Require Developer Registration

https://hackaday.com/2025/10/06/google-confirms-non-adb-apk-installs-will-require-developer-regis...
1•shaicoleman•13m ago•0 comments

Physics Nobel awarded to three scientists for work on quantum computing

https://www.bbc.co.uk/news/articles/c98d00nq47jo
2•alvis•14m ago•0 comments

Edward T. Blake, 80, Dies; Forensic Expert Sparked Innocence Movement

https://www.nytimes.com/2025/10/01/science/edward-t-blake-dead.html
3•bookofjoe•16m ago•1 comments

Writing FJRD by Farbrausch

https://github.com/LeStahL/tech-write-ups/blob/main/writeups%2Fmaking_of_fjrd_by_farbrausch%2Fwri...
1•z303•17m ago•0 comments

How to Get Your Kids into Stem Even When Its Future Is Uncertain

https://www.wired.com/story/the-importance-of-getting-kids-into-stem-when-its-future-is-uncertain/
1•Brajeshwar•17m ago•0 comments

Your creativity is benevolent, and you can always return to it

https://buttondown.com/ashsmash/archive/your-creativity-is-benevolent-and-you-can-always/
1•herbertl•22m ago•0 comments

In a Toxic World, Pets Could Be Vital Health Watchdogs

https://www.nytimes.com/2025/10/07/science/pets-health-pollution.html
1•Brajeshwar•23m ago•0 comments

The 'typhoon-proof' wind farms powering China's coast

https://www.bbc.com/future/article/20251006-the-typhoon-proof-wind-farms-powering-chinas-coast
1•Brajeshwar•27m ago•0 comments

Notes from the Git Contributor's Summit, 2025

https://lwn.net/ml/all/aOQVeVYY6zadPjln@nand.local/
1•chmaynard•28m ago•0 comments

Software for Hardware – Digitizing the Physical World

https://www.generalcatalyst.com/stories/software-for-hardware
1•pbd•29m ago•0 comments

Suspected Chinese operatives used ChatGPT to shape mass surveillance proposals

https://www.cnn.com/2025/10/07/politics/china-chatgpt-surveillance
1•breve•30m ago•0 comments

Dragon Hatchling: Neural Network That Thinks Like a Brain (and Runs on Your GPU)

https://medium.com/@FuturistAI/the-dragon-hatchling-a-neural-network-that-thinks-like-a-brain-and...
1•Kaibeezy•34m ago•0 comments

13-year-old level-10 bug in Redis could allow RCE

https://www.theregister.com/2025/10/06/perfect_10_redis_rce_lurking/
1•LorenDB•35m ago•0 comments

I am building an API that gives you bounding boxes for every answer

https://ninjadoc.ai
1•dbvitapps•36m ago•1 comments

ChatGPT Won't Replace Writers

https://substack.com/home/post/p-175510532
2•ignacioadiaz•37m ago•0 comments

Three CNN reporters on three continents wore chemical-tracking wristbands

https://www.cnn.com/2025/10/07/climate/chemicals-plastic-wristbands-phthalates-bisphenols
1•breve•38m ago•0 comments

U.S. vs. Google: What Each Side Argued For

https://www.nytimes.com/2025/10/06/technology/google-ad-tech-arguments.html
1•redm•38m ago•0 comments

Beginner's guide to making AI useful in production

https://medium.com/@akshitdayal99/the-missing-piece-that-makes-ai-actually-work-in-production-22e...
1•akrypt•39m ago•0 comments

Migrating from Jenkins to GitLab

1•steevivo•41m ago•0 comments
Open in hackernews

Redis CVE-2025-49844: Use-After-Free may lead to remote code execution

https://redis.io/blog/security-advisory-cve-2025-49844/
20•khaled_ismaeel•2h ago

Comments

normie3000•1h ago
How does it work?
jijji•1h ago
most people use redis on localhost (i hope)
johnbellone•1h ago
I’d imagine recent uptick in using services like Upstash may make it harder for people to know if they are vulnerable or not. Is this mitigated by disabling Lua script execution?
arnorhs•1h ago
I would guess it is.

Also:

> Exploitation of this vulnerability requires an attacker to first gain authenticated access to your Redis instance.

loloquwowndueo•59m ago
Upstash wouldn’t be vulnerable - Upstash doesn’t run upstream redis, it’s a protocol-compatible proprietary implementation.
NicolaiS•1h ago
Note that this requires an authenticated user, so most redis installations are not directly at risk.

The github issue has these workarounds: > An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

I guess most people doesn't use the lua engine, so this is probably a good advice to disable even if upgrading to a non-vuln version of Redis.

alserio•27m ago
I'd like to see stats about that. Lua scripts in Redis are one of its most useful feature
jacquesm•1h ago
This was here already earlier today:

https://news.ycombinator.com/item?id=45497027

Also: "As part of an ongoing effort by Redis and the Redis community to maintain Redis’ safety, security, and compliance posture, a security vulnerability in Redis has been identified and remediated in the versions indicated below." seems to be a bit strange given that this wasn't an effort led by Redis?

DarkNova6•1h ago
And this is why we need memory safety languages.
jacquesm•30s ago
Your last three comments are more or less exactly the same thing.