frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

A delightful Mac app to vibe code beautiful iOS apps

https://milq.ai/hacker-news
1•jdjuwadi•3m ago•1 comments

Show HN: Gemini Station – A local Chrome extension to organize AI chats

https://github.com/rajeshkumarblr/gemini_station
1•rajeshkumar_dev•3m ago•0 comments

Welfare states build financial markets through social policy design

https://theloop.ecpr.eu/its-not-finance-its-your-pensions/
2•kome•6m ago•0 comments

Market orientation and national homicide rates

https://onlinelibrary.wiley.com/doi/10.1111/1745-9125.70023
3•PaulHoule•7m ago•0 comments

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants

https://www.cbsnews.com/news/california-death-cap-mushrooms-poisonings-liver-transplants/
1•rolph•7m ago•0 comments

Matthew Shulman, co-creator of Intellisense, died 2019 March 22

https://www.capenews.net/falmouth/obituaries/matthew-a-shulman/article_33af6330-4f52-5f69-a9ff-58...
3•canucker2016•8m ago•1 comments

Show HN: SuperLocalMemory – AI memory that stays on your machine, forever free

https://github.com/varun369/SuperLocalMemoryV2
1•varunpratap369•9m ago•0 comments

Show HN: Pyrig – One command to set up a production-ready Python project

https://github.com/Winipedia/pyrig
1•Winipedia•12m ago•0 comments

Fast Response or Silence: Conversation Persistence in an AI-Agent Social Network [pdf]

https://github.com/AysajanE/moltbook-persistence/blob/main/paper/main.pdf
1•EagleEdge•12m ago•0 comments

C and C++ dependencies: don't dream it, be it

https://nibblestew.blogspot.com/2026/02/c-and-c-dependencies-dont-dream-it-be-it.html
1•ingve•12m ago•0 comments

Show HN: Vbuckets – Infinite virtual S3 buckets

https://github.com/danthegoodman1/vbuckets
1•dangoodmanUT•12m ago•0 comments

Open Molten Claw: Post-Eval as a Service

https://idiallo.com/blog/open-molten-claw
1•watchful_moose•13m ago•0 comments

New York Budget Bill Mandates File Scans for 3D Printers

https://reclaimthenet.org/new-york-3d-printer-law-mandates-firearm-file-blocking
2•bilsbie•14m ago•1 comments

The End of Software as a Business?

https://www.thatwastheweek.com/p/ai-is-growing-up-its-ceos-arent
1•kteare•15m ago•0 comments

Exploring 1,400 reusable skills for AI coding tools

https://ai-devkit.com/skills/
1•hoangnnguyen•16m ago•0 comments

Show HN: A unique twist on Tetris and block puzzle

https://playdropstack.com/
1•lastodyssey•19m ago•0 comments

The logs I never read

https://pydantic.dev/articles/the-logs-i-never-read
1•nojito•20m ago•0 comments

How to use AI with expressive writing without generating AI slop

https://idratherbewriting.com/blog/bakhtin-collapse-ai-expressive-writing
1•cnunciato•21m ago•0 comments

Show HN: LinkScope – Real-Time UART Analyzer Using ESP32-S3 and PC GUI

https://github.com/choihimchan/linkscope-bpu-uart-analyzer
1•octablock•22m ago•0 comments

Cppsp v1.4.5–custom pattern-driven, nested, namespace-scoped templates

https://github.com/user19870/cppsp
1•user19870•23m ago•1 comments

The next frontier in weight-loss drugs: one-time gene therapy

https://www.washingtonpost.com/health/2026/01/24/fractyl-glp1-gene-therapy/
2•bookofjoe•26m ago•1 comments

At Age 25, Wikipedia Refuses to Evolve

https://spectrum.ieee.org/wikipedia-at-25
2•asdefghyk•28m ago•4 comments

Show HN: ReviewReact – AI review responses inside Google Maps ($19/mo)

https://reviewreact.com
2•sara_builds•29m ago•1 comments

Why AlphaTensor Failed at 3x3 Matrix Multiplication: The Anchor Barrier

https://zenodo.org/records/18514533
1•DarenWatson•30m ago•0 comments

Ask HN: How much of your token use is fixing the bugs Claude Code causes?

1•laurex•33m ago•0 comments

Show HN: Agents – Sync MCP Configs Across Claude, Cursor, Codex Automatically

https://github.com/amtiYo/agents
1•amtiyo•34m ago•0 comments

Hello

2•otrebladih•36m ago•1 comments

FSD helped save my father's life during a heart attack

https://twitter.com/JJackBrandt/status/2019852423980875794
3•blacktulip•38m ago•0 comments

Show HN: Writtte – Draft and publish articles without reformatting, anywhere

https://writtte.xyz
1•lasgawe•40m ago•0 comments

Portuguese icon (FROM A CAN) makes a simple meal (Canned Fish Files) [video]

https://www.youtube.com/watch?v=e9FUdOfp8ME
1•zeristor•42m ago•0 comments
Open in hackernews

Cleartext signatures considered harmful

https://gnupg.org/blog/20251226-cleartext-signatures.html
40•derleyici•1mo ago

Comments

derleyici•1mo ago
Related: https://news.ycombinator.com/item?id=46403200
cge•1mo ago
The argument here seems to be that when GnuPG's implementation, or the original standard, has flaws, those flaws should be seen as inherent limitations of the use-case, rather than flaws in the implementation and standard. And with GnuPG, that argument seems to be used to justify having it behave the same way it always has, which leads to dangerous situations.

That PGP handles armor, escaping, and comments badly, and clients handle display of the signed text badly, do not seem like they mean that the concept of cleartext signatures are inherently flawed.

derleyici•1mo ago
Fair point. Calling the concept inherently flawed is doing a lot of work to excuse 30 years of implementation bugs.
comradesmith•1mo ago
> Cleartext signatures considered harmful

Really? To me it seems that what’s really harmful is assuming a long string of high entropy hex bytes is a valid signature.

Both detached signatures and cleartext need to be run through verify, so what gives?

Does gpg not error when the post-verification output file doesn’t match the cleartext? That sounds like a bug in gpg

cge•1mo ago
It appears that by default, gpg doesn't output the signed text at all when verifying a cleartext signature. It does not appear to check for or warn about extra content before or after the cleartext text and signature. It strictly interprets the start/end lines, and won't warn or fail for malicious ones. It does not appear to accept comment headers in the signed message, but does accept them in the signature, which means that a user might think an arbitrarily long message in the signature is actually signed.

These all seem like flaws in gpg and the standard.

Dwedit•1mo ago
Obligatory https://xkcd.com/1181/