frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Everyone is wrong about AI and Software Engineering

https://deadneurons.substack.com/p/everyone-is-wrong-about-ai-and-software
1•nr378•18s ago•0 comments

Video Games as Art – Gwern.net

https://gwern.net/video-game-art
1•Antibabelic•18s ago•0 comments

Allowlist for .gitignore

https://blog.izissise.net/posts/gitignoreallowlist/
1•chmaynard•20s ago•0 comments

SkyLaunch – open-source flight training tracker for student pilots

https://github.com/unshah/SkyLaunch.io
1•unshah•3m ago•1 comments

The World Is Hopeful for a Better 2026

https://www.statista.com/chart/28997/respondents-that-are-optimistic-that-next-year-will-be-bette...
1•RickJWagner•4m ago•0 comments

Show HN: Rtty-soda – CLI front end to NaCl (PyNaCl) for encrypting small files

https://github.com/theosaveliev/rtty-soda
1•nett_ef•5m ago•0 comments

ICE Using Palantir Tool That Feeds on Medicaid Data

https://www.eff.org/deeplinks/2026/01/report-ice-using-palantir-tool-feeds-medicaid-data
2•JKCalhoun•5m ago•0 comments

Pebblebed Ventures' AI tool analyzes 20 years of Linux bugs

https://thenewstack.io/hacker-jenny-qus-ai-tool-analyzes-20-years-of-linux-bugs/
1•MilnerRoute•7m ago•0 comments

Show HN: Django-safe-migrations v0.4.0 – Detect unsafe migrations

1•yassershkeir•7m ago•0 comments

From 10 Day Vacation Project to 100k Users: auto‑cpufreq v3 Story

https://foolcontrol.org/?p=5114
1•fooctrl•9m ago•1 comments

Firefox and Linux in 2025

https://mastransky.wordpress.com/2026/01/23/firefox-linux-in-2025/
3•montroser•12m ago•0 comments

Show HN: Kirin – Transparent AI Assistant, Real-Time OCR/AI Insight on Workflow

https://github.com/JoshuaChil/Kirin
1•CodingForFun•14m ago•0 comments

Show HN: Root – Privacy-preserving home security camera

https://rootprivacy.com/blog/building-your-own-security-camera
1•PaulPlay•14m ago•0 comments

39C3 – AI Agent, AI Spy

https://www.youtube.com/watch?v=0ANECpNdt-4
1•todsacerdoti•15m ago•0 comments

Airpark

https://en.wikipedia.org/wiki/Airpark
2•pr337h4m•17m ago•0 comments

FAA institutes nationwide drone no-fly zones around ICE operations

https://www.aerotime.aero/articles/faa-drone-no-fly-zone-ice-dhs
42•dayofthedaleks•17m ago•12 comments

The Game Boy Talk (33c3) [video]

https://www.youtube.com/watch?v=HyzD8pNlpwI
1•tosh•20m ago•0 comments

Will Your AI Teammate Bring Bagels to Standup?

https://redmonk.com/kholterhoff/2026/01/16/will-your-ai-teammate-bring-bagels-to-standup/
4•ohjeez•20m ago•1 comments

Earthquake-detecting seismometers can track falling debris from space

https://hub.jhu.edu/2026/01/22/tracking-falling-space-debris/
1•giuliomagnifico•20m ago•0 comments

Wabans Electronics – Open-Source MP3-Player Project Intro [video]

https://www.youtube.com/watch?v=oABOxNCVlU8
1•4ggr0•23m ago•0 comments

Anthropic keeps redesigning hiring tests as Claude gets smarter

https://www.perplexity.ai/discover/you/anthropic-redesigns-hiring-tes-vAhcrdgiQYiU3h3bssgmlQ
2•game_the0ry•23m ago•0 comments

The personal finance app for everyone (by everyone)

https://sure.am/
2•oktcho•32m ago•0 comments

Spectrum Slit to turn Wi-Fi signals into wall art

https://rootkid.me/works/spectrum-slit
2•Brajeshwar•32m ago•0 comments

The new forensic science of proving what's real

https://www.scientificamerican.com/article/how-digital-forensics-could-prove-whats-real-in-the-ag...
3•Brajeshwar•32m ago•0 comments

How bad is your stove for your health?

https://www.washingtonpost.com/climate-environment/interactive/2026/gas-stoves-no2-lookup/
3•dberhane•33m ago•1 comments

(Python)Darl: Incremental compute, scenarios, parallelize, code replay and more

https://github.com/mitstake/darl
2•mitstake•37m ago•1 comments

Show HN: TAUI – Structured Terminal Agent UI (Like Google A2UI)

https://github.com/TAUI-Standards/taui-ink-adpater
2•tariqshams•38m ago•1 comments

Ask HN: Is Gemini Getting Worse?

3•optimalsolver•39m ago•2 comments

Thronglets

https://thronglets.entropicsystems.net/manual.html
2•snorbleck•40m ago•0 comments

Taiwan unveils plan for disaster-proof satellite communication devices

https://www.taipeitimes.com/News/front/archives/2026/01/26/2003851214
3•giuliomagnifico•41m ago•0 comments
Open in hackernews

XSS –> RCE in Screeps, a programming game on Steam

https://outsidetheasylum.blog/screeps/
3•Tiberium•1h ago

Comments

Tiberium•1h ago
The developers have fixed it soon after the article was posted, although they seem to disagree with the article's framing:

https://github.com/screeps/screeps/issues/162#issuecomment-3...

armchairhacker•29m ago
The victim has to paste the command to trigger the XSS, it doesn’t happen if they connect to the server.

From the linked issue:

> if their code includes any console.log statement that references any game object someone else has any control over, such as logging the name of someone else's creep, that's all an attacker needs to gain access.

So the user can be tricked in a less obvious way than “here, run `console.log(“<script>hackMe()</script>”)` to make your creeps move faster”, but they still must be tricked. In response to this post, the developers added `logUnsafe`, which doesn’t prevent the trick but makes it more obvious.

Personally, I side with the developers here. I liked that the article mentioned Screeps and even the RCE, but I don’t like the ranty tone; I’d rather read (with details) “here’s Screeps, here’s how you can be tricked to run an RCE if you’re not careful, the developers made it harder but still possible, never run untrusted code even in a video game”.