frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Same Surface, Different Weight

https://www.robpanico.com/articles/display/?entry_short=same-surface-different-weight
1•retrocog•1m ago•0 comments

The Rise of Spec Driven Development

https://www.dbreunig.com/2026/02/06/the-rise-of-spec-driven-development.html
1•Brajeshwar•6m ago•0 comments

The first good Raspberry Pi Laptop

https://www.jeffgeerling.com/blog/2026/the-first-good-raspberry-pi-laptop/
2•Brajeshwar•6m ago•0 comments

Seas to Rise Around the World – But Not in Greenland

https://e360.yale.edu/digest/greenland-sea-levels-fall
1•Brajeshwar•6m ago•0 comments

Will Future Generations Think We're Gross?

https://chillphysicsenjoyer.substack.com/p/will-future-generations-think-were
1•crescit_eundo•9m ago•0 comments

State Department will delete Xitter posts from before Trump returned to office

https://www.npr.org/2026/02/07/nx-s1-5704785/state-department-trump-posts-x
2•righthand•12m ago•0 comments

Show HN: Verifiable server roundtrip demo for a decision interruption system

https://github.com/veeduzyl-hue/decision-assistant-roundtrip-demo
1•veeduzyl•13m ago•0 comments

Impl Rust – Avro IDL Tool in Rust via Antlr

https://www.youtube.com/watch?v=vmKvw73V394
1•todsacerdoti•13m ago•0 comments

Stories from 25 Years of Software Development

https://susam.net/twenty-five-years-of-computing.html
2•vinhnx•14m ago•0 comments

minikeyvalue

https://github.com/commaai/minikeyvalue/tree/prod
3•tosh•19m ago•0 comments

Neomacs: GPU-accelerated Emacs with inline video, WebKit, and terminal via wgpu

https://github.com/eval-exec/neomacs
1•evalexec•24m ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/
2•ShinyaKoyano•28m ago•1 comments

How I grow my X presence?

https://www.reddit.com/r/GrowthHacking/s/UEc8pAl61b
2•m00dy•29m ago•0 comments

What's the cost of the most expensive Super Bowl ad slot?

https://ballparkguess.com/?id=5b98b1d3-5887-47b9-8a92-43be2ced674b
1•bkls•30m ago•0 comments

What if you just did a startup instead?

https://alexaraki.substack.com/p/what-if-you-just-did-a-startup
5•okaywriting•37m ago•0 comments

Hacking up your own shell completion (2020)

https://www.feltrac.co/environment/2020/01/18/build-your-own-shell-completion.html
2•todsacerdoti•39m ago•0 comments

Show HN: Gorse 0.5 – Open-source recommender system with visual workflow editor

https://github.com/gorse-io/gorse
1•zhenghaoz•40m ago•0 comments

GLM-OCR: Accurate × Fast × Comprehensive

https://github.com/zai-org/GLM-OCR
1•ms7892•41m ago•0 comments

Local Agent Bench: Test 11 small LLMs on tool-calling judgment, on CPU, no GPU

https://github.com/MikeVeerman/tool-calling-benchmark
1•MikeVeerman•42m ago•0 comments

Show HN: AboutMyProject – A public log for developer proof-of-work

https://aboutmyproject.com/
1•Raiplus•42m ago•0 comments

Expertise, AI and Work of Future [video]

https://www.youtube.com/watch?v=wsxWl9iT1XU
1•indiantinker•43m ago•0 comments

So Long to Cheap Books You Could Fit in Your Pocket

https://www.nytimes.com/2026/02/06/books/mass-market-paperback-books.html
3•pseudolus•43m ago•1 comments

PID Controller

https://en.wikipedia.org/wiki/Proportional%E2%80%93integral%E2%80%93derivative_controller
1•tosh•47m ago•0 comments

SpaceX Rocket Generates 100GW of Power, or 20% of US Electricity

https://twitter.com/AlecStapp/status/2019932764515234159
2•bkls•47m ago•0 comments

Kubernetes MCP Server

https://github.com/yindia/rootcause
1•yindia•48m ago•0 comments

I Built a Movie Recommendation Agent to Solve Movie Nights with My Wife

https://rokn.io/posts/building-movie-recommendation-agent
4•roknovosel•48m ago•0 comments

What were the first animals? The fierce sponge–jelly battle that just won't end

https://www.nature.com/articles/d41586-026-00238-z
2•beardyw•57m ago•0 comments

Sidestepping Evaluation Awareness and Anticipating Misalignment

https://alignment.openai.com/prod-evals/
1•taubek•57m ago•0 comments

OldMapsOnline

https://www.oldmapsonline.org/en
2•surprisetalk•59m ago•0 comments

What It's Like to Be a Worm

https://www.asimov.press/p/sentience
3•surprisetalk•59m ago•0 comments
Open in hackernews

Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot

https://streaming.media.ccc.de/39c3/relive/2149
141•aberoham•1mo ago

Comments

michaelt•1mo ago
Seems a bit of a strange feature to even want on a product targeting the education market. In a classroom setting you don't really want students to be able to set fuse bits so the device can't be re-programmed.

Presumably this is a sign RPi are deliberately aiming to straddle the hobby and light commercial markets?

rcxdude•1mo ago
They have absolutely been aiming at industrial customers already. It would be hard for them to justify the cost of a custom die without having some volume to businesses. (And the previous raspbarry pis have absolutely been popular in industry as well, I would be surprised if hobbyists and learners are even half of their volume)
Tharre•1mo ago
If that's a concern, you can lock the OTP either permanently or with a password, before you hand them out. Or just use the older RP2040.

But I don't think that "targeting the education market" is accurate in the first place. They certainly make sure to serve that market with their very nicely priced Pico boards but it hardly seems to be their only goal. You don't go through the effort of spinning up a new revision to fix security holes if there aren't at least some industry customers.

SequoiaHope•1mo ago
They have been serving enterprise markets for a long time. Back in 2020-2021 when there was a chip shortage, Raspberry Pi shorted their consumer availability to make sure enterprise customers could still get compute modules. The fusible bits on the RP2350 are very much an enterprise feature.
guenthert•1mo ago
Are you perhaps confusing the Raspberry Pi Foundation with the Raspberry Pi Holdings?
JayHLee77•1mo ago
Security is an essential feature for everyone, not just Enterprise. Can you trust the code your device is running? Can your device keep a secret? These capabilities are needed universally.

As to students being able to set the efuse so the device can't be reprogrammed, sure but they're $5 each so it's not like they're destroying a $500 Chromebook (which they do, look on YouTube). That risk is the cost of attempting to educate though (and it's worth it).

Retr0id•1mo ago
Seems like a small risk compared to students creating a trivial short-circuit and letting out the magic smoke, and at $1/part it's not a big deal even if they do.
londons_explore•1mo ago
Real security processors never give big bounties because when bugs are discovered all the buyers immediately cancel their orders of the 'faulty' secure chips.

They'd prefer to live in ignorance.

compsciphd•1mo ago
really big bounties would then be appropriate, as they would come with NDAs. Small bounties would just encourage others to make them public / sell them to more malicious actors.
Thorrez•1mo ago
What if multiple people discover the same vulnerability. What do you do?

Do you pay out to all of them? Do you make them sign an NDA without guaranteeing you'll pay them? Do you tell the 2nd etc discoverers to go away and hope they don't reveal it?

If you pay out to all of them, there's a strong incentive to leak info and collect multiple bounties for the same vulnerability.

londons_explore•1mo ago
You hire a salaried security researcher and forget the idea of bounties.
lll-o-lll•1mo ago
What an interesting talk, and an interesting concept also. Open source hardware security; get the security researchers interested and fix the security defects.

The “read the data out with a super expensive microscope” remained. Is there any way to defeat that attack I wonder? I suppose the hsm model of “destructive tamper detection” is one way.

regularfry•1mo ago
I patented something that had a countermeasure for this, which was a bit impractical but fun to think about. Basically you put the sensitive data in an eeprom layered with a chemical that emits UV when exposed to air or, optionally, visible light - chemically more entertaining, hard to manufacture. But it's a just an arms race at that point.
klysm•1mo ago
Cool idea, but seems pretty straightforward to bypass and definitely an arms race
michaelt•1mo ago
> The “read the data out with a super expensive microscope” remained. Is there any way to defeat that attack I wonder?

Get your chip made with the latest TSMC process and get features so small nobody else, even superpowers and trillion-dollar tech companies working together, can manipulate them :)

shash•1mo ago
A good scanning electron microscope costs at most a few million? And is pretty common in a decently funded lab pretty much anywhere? Resolutions of 5nm is not uncommon. A scanning tunnelling microscope can go much lower (single atom types) and isn’t all that much more expensive either (comparatively I mean).

I think it’s common knowledge by now that the smallest feature in a 5nm chip isn’t really 5nm. So that’s not (yet?) a viable strategy.

rcxdude•1mo ago
Manipulating features smaller than what TSMC manufacture is possible in many places (just at great expense), TSMC's special sauce is being able to manufacture it in quantity and economically. Ultimately it's always going to be difficult to completely protect storage at rest, because it is possible to take something apart atom by atom, but it does raise the cost of the attack substantially.
jnwatson•1mo ago
The current solution is obfuscation. They make the mapping from physical state to actual key complicated enough that you have to reverse engineer a lot of the logic.
avidiax•1mo ago
You can also bury the fuse array inside the chip. So in addition to the microscope, you will also have to non-destructively etch or mill the chip to expose the fuses. This also renders the chip non-functional, so if the secret is unique per chip, then the leaked secret can't be used to bootstrap to other secrets on the die.
IlikeKitties•1mo ago
There's a lot of people that believe that hardware remote attestation will be the end of computational freedom. I'm glad to see that bypasses are still quite possible.
lysace•1mo ago
I've had a bit of a difficulty of understanding the actual benefits of proper secure boot vs zero protection.

I've arrived at this understanding: secure boot sometimes allows you to recover a compromised fleet without recalls. Instruct the customer to disconnect the device, reboot it and then somehow reflash it before getting infected again? Seems fraught with errors though.

When I worked with IoT HW companies in Taiwan their understanding tended to be along the lines of: "it makes the device secure" or "it prevents the firmware from being used by clone devices".

(It's been a while since I worked in this area.)

avidiax•1mo ago
It also prevents "contempt of business model". Makes a SW or HW bypass for ink cartridge pairing or game piracy or monthly widget subscription difficult or impossible. May also make any vulnerability patchable.

If you depend on your firmware remaining secret, however, you have to contend with the black hat version of the presenters. They are expert at extracting firmware and cloning. Some applications choose FPGAs in part because the equivalent of their firmware (the bitstream) is itself nearly impossible to reverse engineer. That means that a one-for-one clone is possible, but you can't alter the design, and have to use the exact same part.