frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Creating and Hosting a Static Website on Cloudflare for Free

https://benjaminsmallwood.com/blog/creating-and-hosting-a-static-website-on-cloudflare-for-free/
1•bensmallwood•1m ago•1 comments

"The Stanford scam proves America is becoming a nation of grifters"

https://www.thetimes.com/us/news-today/article/students-stanford-grifters-ivy-league-w2g5z768z
1•cwwc•6m ago•0 comments

Elon Musk on Space GPUs, AI, Optimus, and His Manufacturing Method

https://cheekypint.substack.com/p/elon-musk-on-space-gpus-ai-optimus
2•simonebrunozzi•14m ago•0 comments

X (Twitter) is back with a new X API Pay-Per-Use model

https://developer.x.com/
2•eeko_systems•21m ago•0 comments

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

https://github.com/dmtrKovalenko/zlob
1•neogoose•24m ago•1 comments

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

https://github.com/mabrucker85-prog/Project_Lance_Core
1•mav5431•25m ago•1 comments

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

https://phys.org/news/2026-02-scientists-levitating-crystals.html
2•sizzle•25m ago•0 comments

When Michelangelo Met Titian

https://www.wsj.com/arts-culture/books/michelangelo-titian-review-the-renaissances-odd-couple-e34...
1•keiferski•26m ago•0 comments

Solving NYT Pips with DLX

https://github.com/DonoG/NYTPips4Processing
1•impossiblecode•26m ago•1 comments

Baldur's Gate to be turned into TV series – without the game's developers

https://www.bbc.com/news/articles/c24g457y534o
2•vunderba•27m ago•0 comments

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

https://www.youtube.com/watch?v=40SnEd1RWUU
1•dangtony98•32m ago•0 comments

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

https://github.com/bowang-lab/EchoJEPA
1•euvin•40m ago•0 comments

Disablling Go Telemetry

https://go.dev/doc/telemetry
1•1vuio0pswjnm7•42m ago•0 comments

Effective Nihilism

https://www.effectivenihilism.org/
1•abetusk•45m ago•1 comments

The UK government didn't want you to see this report on ecosystem collapse

https://www.theguardian.com/commentisfree/2026/jan/27/uk-government-report-ecosystem-collapse-foi...
3•pabs3•47m ago•0 comments

No 10 blocks report on impact of rainforest collapse on food prices

https://www.thetimes.com/uk/environment/article/no-10-blocks-report-on-impact-of-rainforest-colla...
2•pabs3•47m ago•0 comments

Seedance 2.0 Is Coming

https://seedance-2.app/
1•Jenny249•49m ago•0 comments

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

https://apps.apple.com/us/app/fitspire-5-minute-workout/id6758784938
1•devavinoth12•49m ago•0 comments

Dexterous robotic hands: 2009 – 2014 – 2025

https://old.reddit.com/r/robotics/comments/1qp7z15/dexterous_robotic_hands_2009_2014_2025/
1•gmays•53m ago•0 comments

Interop 2025: A Year of Convergence

https://webkit.org/blog/17808/interop-2025-review/
1•ksec•1h ago•1 comments

JobArena – Human Intuition vs. Artificial Intelligence

https://www.jobarena.ai/
1•84634E1A607A•1h ago•0 comments

Concept Artists Say Generative AI References Only Make Their Jobs Harder

https://thisweekinvideogames.com/feature/concept-artists-in-games-say-generative-ai-references-on...
1•KittenInABox•1h ago•0 comments

Show HN: PaySentry – Open-source control plane for AI agent payments

https://github.com/mkmkkkkk/paysentry
2•mkyang•1h ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/
2•ShinyaKoyano•1h ago•1 comments

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

https://twitter.com/nicbstme/status/2019149771706102022
1•SubiculumCode•1h ago•0 comments

Pax Historia – User and AI powered gaming platform

https://www.ycombinator.com/launches/PMu-pax-historia-user-ai-powered-gaming-platform
2•Osiris30•1h ago•0 comments

Show HN: I built a RAG engine to search Singaporean laws

https://github.com/adityaprasad-sudo/Explore-Singapore
3•ambitious_potat•1h ago•4 comments

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

https://blog.afrowallet.co/en_GB/tiers-app/scams-fraud-and-fake-apps-in-africa
1•jonatask•1h ago•0 comments

Porting Doom to My WebAssembly VM

https://irreducible.io/blog/porting-doom-to-wasm/
2•irreducible•1h ago•0 comments

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

https://www.mdpi.com/2075-5309/15/16/2968
1•rbanffy•1h ago•0 comments
Open in hackernews

Collins Aerospace: Sending text messages to the cockpit with test:test

https://www.ccc.de/en/disclosure/collins-aerospace-mit-test-test-textnachrichten-bis-ins-cockpit-senden
99•hacka22•3mo ago

Comments

constantcrying•3mo ago
Well, this is just standard Aerospace grade software. I would be surprised if you could find a single controller in an airplane without some trivial login credentials.

Exposing software like that to the internet is of course a completely insane step.

Jtsummers•3mo ago
> Well, this is just standard Aerospace grade software.

This is a groundside problem, and perhaps it is insane to have it exposed to the open internet but it's not on the aircraft. It needs to be exposed to some network because the intent is that fleet controllers (airlines, or in this case Navy) use it to reach out to their aircraft wherever they may be.

That said, it absolutely fits the quality I've come to expect from IT systems developed by aerospace and defense companies.

2OEH8eoCRo0•3mo ago
It meets all requirements! /s
zppln•3mo ago
Aerospace have been dealing with /safety/ for a long time, /security/ is another matter...
deepsun•3mo ago
Nowadays it's actually hard to not connect anything to internet. Better (and easier) to assume it's connected.
sumnole•3mo ago
> Well, this is just standard Aerospace grade software

Can't be further from the truth. DOD software is given huge budgets where it's not surprising to see 3 separate teams performing QA for one software milestone. It's one of the few sectors that still plan software upfront waterfall style and implement strict procedures for traceability, change management, etc. Who else is using formal methods or safety critical stacks like ADA/Spark?

Jtsummers•3mo ago
> Who else is using formal methods or safety critical stacks like ADA/Spark?

This is not actually as common as many people seem to believe. The mandate died almost two decades ago. DOD aircraft fly on Fortran, JOVIAL, C, and C++ more than Ada. And DOD IT systems are a clusterfuck.

> It's one of the few sectors that still plan software upfront waterfall style

That's not the good thing you seem to think it is.

Also, why do you call it ADA? It's not an acronym. Amusingly, SPARK is, or was, and you write it as "Spark". It originally stood for "SPADE Ada Kernel" and the language continues to be stylized as SPARK.

sumnole•3mo ago
Pedantics aside, not much reasoning against quality. Perhaps I've lucked out, but I've worked in many sectors and do not at all agree with sentiment here about DOD software quality. There is significant formal investment/research in DOD to improve operations, including taking the best of practices in commercial. In my experience, the worst of software is written by teams with little experience improvising under Agile and taking on tech debt with no time/resources to get things done the right way.
Jtsummers•3mo ago
Can you point to a successful Waterfall project? A multi-million or billion dollar, 3+ year software development effort where a team figured out all the requirements correctly before writing a single line of code. Where they wrote every line of code correctly before testing it. And where testing was so spectacularly successful that they didn't have to go back and renegotiate the project requirements or dates to get extensions or reduced project scope.

If you can do this, then I might believe you about Waterfall being the best approach out there.

Right now your counter example is "teams with little experience" which is not much of an argument. Teams with little experience fail all the time, because they are inexperienced. Give them a $100 million Waterfall project to plan and execute over 3+ years and their failure would be even more spectacular.

ghc•3mo ago
I just attended a DoD "Scrum of Scrums" meeting.

> In my experience, the worst of software is written by teams with little experience improvising under Agile and taking on tech debt with no time/resources to get things done the right way.

Sounds like every DoD software project I've worked on for the past 5 years.

constantcrying•3mo ago
You have to be kidding! Have you worked on any of these projects?

I wrote DO-178 Software, literally every single project I ever worked on has trivial login credentials.

>DOD software is given huge budgets where it's not surprising to see 3 separate teams performing QA for one software milestone. It's one of the few sectors that still plan software upfront waterfall style and implement strict procedures for traceability, change management, etc. Who else is using formal methods or safety critical stacks like ADA/Spark?

None of this matters or contradicts what I said. You will be able to get into it with user:root password:root or some variation. In all likelihood you will even find a requirement for this, which is of course verified.

If you apply the methodology practiced to a web application, the OP is exactly what you will get.

ghc•3mo ago
LOL
Jtsummers•3mo ago
You know, maybe you're right. It's possible that entire comment was meant as a joke. Poe's Law strikes again?
ghc•3mo ago
As someone who lives the DoD software delivery process on a day-to-day basis, it's too on the nose to not be satire. Everything is _exactly_ wrong, even the waterfall part (everything's "agile" now!).

Edit: Never mind! I just saw their other comment and it seems more like they are blissfully ignorant of the reality on the ground.

downrightmike•3mo ago
root:root
cactacea•3mo ago
Interesting choice of tail number and date... https://www.faa.gov/lessons_learned/transport_airplane/accid...
netsharc•3mo ago
Looks like the PDF is just to show what the messaging interface looks like, and what they've found as a publicly available screenshot is from the crash report involving that plane.

If they logged in, took a screenshot, and published that (even if lots of things are blurred), there's probably more attack surface for some three-letter-agency to bust down their doors and disappear them...

psunavy03•3mo ago
I'll take "things that happen in movies a lot more than in real life" for $600 please.
avs733•3mo ago
I would guess it limits their ability to be accused of anythign to pick a plane, flight, and time that meets at least three criteria:

1) no passengers on board - you can't be accussed of endangering passengers

2) long past - you can't be accused of anything that happened recently

3) the plan literally no longer exists - you can't be accussed of damaging a plane

tantalor•3mo ago
> RTX did not respond to our vulnerability report

I guess they mean you should sell the vulnerability to highest bidder instead of reporting? Weird choice.

tjr•3mo ago
Unfortunately, RTX did not respond to our vulnerability report. The account was disabled.

Some sort of acknowledgement of the report certainly would have been good here, but at least they did disable the account. I presume the reported vulnerability no longer exists.

noir_lord•3mo ago
> but at least they did disable the account.

Probably added test2:test2.

Not worked in aerospace only enterprise but sometimes I worry I'm too cynical and then I remember the things I've seen and think I'm not cynical enough.

That said nothing I work on is aerospace level critical, could cost a lot of money if it's out but no one would ever have died.

deepsun•3mo ago
They will respond after a year or two with a lawsuit and SWAT busting doors.
0_____0•3mo ago
They're not in the US. I'm not familiar with German law enforcement practices but I wouldn't be surprised if they had a process that was a little less door-kicky.
BoredPositron•3mo ago
Cybercrime is pretty door-kicky in germany and they usually keep all your gear for two years even if you are found not guilty...
stronglikedan•3mo ago
According to my German friends, it's worse over there.
_trampeltier•3mo ago
In germany linux dev get swated while live streaming.

https://news.ycombinator.com/item?id=41532098

rwmj•3mo ago
Collins Aerospace, the same company responsible days of outages at airport check-in kiosks https://www.bbc.co.uk/news/articles/c3drpgv33pxo
kayfox•3mo ago
They were also involved in the Boeing MCAS thing as the company responsible for the computers and who presumably wrote the code.
Animats•3mo ago
(2009)
pierrec•3mo ago
No, this seems to be quite recent. At least the discovery, disclosure, and post are recent, as always, who knows how long the vulnerability has existed... I'll admit I was also confused because their "screenshots" is an old official document containing screenshots of the application in question, but it's just used to illustrate what the application is and does.
throwaway1c3vw•3mo ago
Security vulerability text or a report is the basis for a CV.

Yes, Collins Aerospace is subsidiary of RTX, which is the distributor for a relational database for plane ticket credentials.