news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

State Department will delete Xitter posts from before Trump returned to office

https://www.npr.org/2026/02/07/nx-s1-5704785/state-department-trump-posts-x

1•righthand•2m ago•0 comments

Show HN: Verifiable server roundtrip demo for a decision interruption system

https://github.com/veeduzyl-hue/decision-assistant-roundtrip-demo

1•veeduzyl•3m ago•0 comments

Impl Rust – Avro IDL Tool in Rust via Antlr

https://www.youtube.com/watch?v=vmKvw73V394

1•todsacerdoti•3m ago•0 comments

Stories from 25 Years of Software Development

https://susam.net/twenty-five-years-of-computing.html

1•vinhnx•4m ago•0 comments

minikeyvalue

https://github.com/commaai/minikeyvalue/tree/prod

2•tosh•9m ago•0 comments

Neomacs: GPU-accelerated Emacs with inline video, WebKit, and terminal via wgpu

https://github.com/eval-exec/neomacs

1•evalexec•14m ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/

2•ShinyaKoyano•18m ago•1 comments

How I grow my X presence?

https://www.reddit.com/r/GrowthHacking/s/UEc8pAl61b

2•m00dy•19m ago•0 comments

What's the cost of the most expensive Super Bowl ad slot?

https://ballparkguess.com/?id=5b98b1d3-5887-47b9-8a92-43be2ced674b

1•bkls•20m ago•0 comments

What if you just did a startup instead?

https://alexaraki.substack.com/p/what-if-you-just-did-a-startup

3•okaywriting•27m ago•0 comments

Hacking up your own shell completion (2020)

https://www.feltrac.co/environment/2020/01/18/build-your-own-shell-completion.html

2•todsacerdoti•29m ago•0 comments

Show HN: Gorse 0.5 – Open-source recommender system with visual workflow editor

https://github.com/gorse-io/gorse

1•zhenghaoz•30m ago•0 comments

GLM-OCR: Accurate × Fast × Comprehensive

https://github.com/zai-org/GLM-OCR

1•ms7892•31m ago•0 comments

Local Agent Bench: Test 11 small LLMs on tool-calling judgment, on CPU, no GPU

https://github.com/MikeVeerman/tool-calling-benchmark

1•MikeVeerman•32m ago•0 comments

Show HN: AboutMyProject – A public log for developer proof-of-work

https://aboutmyproject.com/

1•Raiplus•32m ago•0 comments

Expertise, AI and Work of Future [video]

https://www.youtube.com/watch?v=wsxWl9iT1XU

1•indiantinker•33m ago•0 comments

So Long to Cheap Books You Could Fit in Your Pocket

https://www.nytimes.com/2026/02/06/books/mass-market-paperback-books.html

3•pseudolus•33m ago•1 comments

PID Controller

https://en.wikipedia.org/wiki/Proportional%E2%80%93integral%E2%80%93derivative_controller

1•tosh•37m ago•0 comments

SpaceX Rocket Generates 100GW of Power, or 20% of US Electricity

https://twitter.com/AlecStapp/status/2019932764515234159

2•bkls•37m ago•0 comments

Kubernetes MCP Server

https://github.com/yindia/rootcause

1•yindia•38m ago•0 comments

I Built a Movie Recommendation Agent to Solve Movie Nights with My Wife

https://rokn.io/posts/building-movie-recommendation-agent

4•roknovosel•39m ago•0 comments

What were the first animals? The fierce sponge–jelly battle that just won't end

https://www.nature.com/articles/d41586-026-00238-z

2•beardyw•47m ago•0 comments

Sidestepping Evaluation Awareness and Anticipating Misalignment

https://alignment.openai.com/prod-evals/

1•taubek•47m ago•0 comments

OldMapsOnline

https://www.oldmapsonline.org/en

2•surprisetalk•49m ago•0 comments

What It's Like to Be a Worm

https://www.asimov.press/p/sentience

2•surprisetalk•49m ago•0 comments

Don't go to physics grad school and other cautionary tales

https://scottlocklin.wordpress.com/2025/12/19/dont-go-to-physics-grad-school-and-other-cautionary...

2•surprisetalk•49m ago•0 comments

Lawyer sets new standard for abuse of AI; judge tosses case

https://arstechnica.com/tech-policy/2026/02/randomly-quoting-ray-bradbury-did-not-save-lawyer-fro...

5•pseudolus•50m ago•0 comments

AI anxiety batters software execs, costing them combined $62B: report

https://nypost.com/2026/02/04/business/ai-anxiety-batters-software-execs-costing-them-62b-report/

1•1vuio0pswjnm7•50m ago•0 comments

Bogus Pipeline

https://en.wikipedia.org/wiki/Bogus_pipeline

1•doener•51m ago•0 comments

Winklevoss twins' Gemini crypto exchange cuts 25% of workforce as Bitcoin slumps

https://nypost.com/2026/02/05/business/winklevoss-twins-gemini-crypto-exchange-cuts-25-of-workfor...

2•1vuio0pswjnm7•52m ago•0 comments

Open in hackernews

XSS –> RCE in Screeps, a programming game on Steam

https://outsidetheasylum.blog/screeps/

4•Tiberium•1w ago

Comments

Tiberium•1w ago

The developers have fixed it soon after the article was posted, although they seem to disagree with the article's framing:

https://github.com/screeps/screeps/issues/162#issuecomment-3...

armchairhacker•1w ago

The victim has to paste the command to trigger the XSS, it doesn’t happen if they connect to the server.

From the linked issue:

> if their code includes any console.log statement that references any game object someone else has any control over, such as logging the name of someone else's creep, that's all an attacker needs to gain access.

So the user can be tricked in a less obvious way than “here, run `console.log(“<script>hackMe()</script>”)` to make your creeps move faster”, but they still must be tricked. In response to this post, the developers added `logUnsafe`, which doesn’t prevent the trick but makes it more obvious.

Personally, I side with the developers here. I liked that the article mentioned Screeps and even the RCE, but I don’t like the ranty tone; I’d rather read (with details) “here’s Screeps, here’s how you can be tricked to run an RCE if you’re not careful, the developers made it harder but still possible, never run untrusted code even in a video game”.

Snetry•1w ago

the issue isn't that a user can be convinced into running `console.log(“<script>hackMe()</script>”)` but that `console.log(creep.name)` may execute hackMe() without you expecting it.