frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

OpenClaw Creator: Why 80% of Apps Will Disappear

https://www.youtube.com/watch?v=4uzGDAoNOZc
1•schwentkerr•3m ago•0 comments

What Happens When Technical Debt Vanishes?

https://ieeexplore.ieee.org/document/11316905
1•blenderob•4m ago•0 comments

AI Is Finally Eating Software's Total Market: Here's What's Next

https://vinvashishta.substack.com/p/ai-is-finally-eating-softwares-total
1•gmays•5m ago•0 comments

Computer Science from the Bottom Up

https://www.bottomupcs.com/
1•gurjeet•5m ago•0 comments

Show HN: I built a toy compiler as a young dev

https://vire-lang.web.app
1•xeouz•7m ago•0 comments

You don't need Mac mini to run OpenClaw

https://runclaw.sh
1•rutagandasalim•7m ago•0 comments

Learning to Reason in 13 Parameters

https://arxiv.org/abs/2602.04118
1•nicholascarolan•9m ago•0 comments

Convergent Discovery of Critical Phenomena Mathematics Across Disciplines

https://arxiv.org/abs/2601.22389
1•energyscholar•10m ago•1 comments

Ask HN: Will GPU and RAM prices ever go down?

1•alentred•10m ago•0 comments

From hunger to luxury: The story behind the most expensive rice (2025)

https://www.cnn.com/travel/japan-expensive-rice-kinmemai-premium-intl-hnk-dst
2•mooreds•11m ago•0 comments

Substack makes money from hosting Nazi newsletters

https://www.theguardian.com/media/2026/feb/07/revealed-how-substack-makes-money-from-hosting-nazi...
5•mindracer•12m ago•1 comments

A New Crypto Winter Is Here and Even the Biggest Bulls Aren't Certain Why

https://www.wsj.com/finance/currencies/a-new-crypto-winter-is-here-and-even-the-biggest-bulls-are...
1•thm•12m ago•0 comments

Moltbook was peak AI theater

https://www.technologyreview.com/2026/02/06/1132448/moltbook-was-peak-ai-theater/
1•Brajeshwar•13m ago•0 comments

Why Claude Cowork is a math problem Indian IT can't solve

https://restofworld.org/2026/indian-it-ai-stock-crash-claude-cowork/
1•Brajeshwar•13m ago•0 comments

Show HN: Built an space travel calculator with vanilla JavaScript v2

https://www.cosmicodometer.space/
2•captainnemo729•13m ago•0 comments

Why a 175-Year-Old Glassmaker Is Suddenly an AI Superstar

https://www.wsj.com/tech/corning-fiber-optics-ai-e045ba3b
1•Brajeshwar•13m ago•0 comments

Micro-Front Ends in 2026: Architecture Win or Enterprise Tax?

https://iocombats.com/blogs/micro-frontends-in-2026
1•ghazikhan205•15m ago•0 comments

These White-Collar Workers Actually Made the Switch to a Trade

https://www.wsj.com/lifestyle/careers/white-collar-mid-career-trades-caca4b5f
1•impish9208•16m ago•1 comments

The Wonder Drug That's Plaguing Sports

https://www.nytimes.com/2026/02/02/us/ostarine-olympics-doping.html
1•mooreds•16m ago•0 comments

Show HN: Which chef knife steels are good? Data from 540 Reddit tread

https://new.knife.day/blog/reddit-steel-sentiment-analysis
1•p-s-v•16m ago•0 comments

Federated Credential Management (FedCM)

https://ciamweekly.substack.com/p/federated-credential-management-fedcm
1•mooreds•17m ago•0 comments

Token-to-Credit Conversion: Avoiding Floating-Point Errors in AI Billing Systems

https://app.writtte.com/read/kZ8Kj6R
1•lasgawe•17m ago•1 comments

The Story of Heroku (2022)

https://leerob.com/heroku
1•tosh•17m ago•0 comments

Obey the Testing Goat

https://www.obeythetestinggoat.com/
1•mkl95•18m ago•0 comments

Claude Opus 4.6 extends LLM pareto frontier

https://michaelshi.me/pareto/
1•mikeshi42•19m ago•0 comments

Brute Force Colors (2022)

https://arnaud-carre.github.io/2022-12-30-amiga-ham/
1•erickhill•21m ago•0 comments

Google Translate apparently vulnerable to prompt injection

https://www.lesswrong.com/posts/tAh2keDNEEHMXvLvz/prompt-injection-in-google-translate-reveals-ba...
1•julkali•22m ago•0 comments

(Bsky thread) "This turns the maintainer into an unwitting vibe coder"

https://bsky.app/profile/fullmoon.id/post/3meadfaulhk2s
1•todsacerdoti•22m ago•0 comments

Software development is undergoing a Renaissance in front of our eyes

https://twitter.com/gdb/status/2019566641491963946
1•tosh•23m ago•0 comments

Can you beat ensloppification? I made a quiz for Wikipedia's Signs of AI Writing

https://tryward.app/aiquiz
1•bennydog224•24m ago•1 comments
Open in hackernews

Allowlisting some Bash commands is often the same as allowlisting all

https://www.joinformal.com/blog/allowlisting-some-bash-commands-is-often-the-same-as-allowlisting-all-with-claude-code/
37•drewgregory•1w ago

Comments

teddyh•1w ago
“…with Claude Code”
adastra22•1w ago
Are there any agent permission systems that do this correctly?
extraduder_ire•1w ago
The same caveats would apply to most kinds of restricted shell environments.
zufallsheld•1w ago
Same thing for allowing specific sudo-commands. Many tools (like vim or the tools mentioned in the article) would have the same problem when allowing them to be run with root privileges.
denysvitali•1w ago
=> https://gtfobins.org/
Terr_•5d ago
Now I feel a bit more justified for over-engineering my automatic restic backup to not run as root, but to instead use "capabilities" to read files it doesn't own.

Namely, CAP_DAC_READ_SEARCH [0] and related systemd settings. The only problem is that it inhibits using a convenience/wrapper script.

[0] https://www.man7.org/linux/man-pages/man7/capabilities.7.htm...

illusive4080•1w ago
Some at work want to let me run sudo vim only to edit my hosts file. This is silly for a variety of reasons, one of them being that vim can allow the user to exec arbitrary commands. If you give me root for vim, just save me the trouble and let me have unrestricted root so I can do my job.
bauruine•1w ago
I had the same few years ago. When I pointed out that I can get full root with most of the whitelisted commands they answered "We know. It's not about security but to prevent lusers from accidentally rm -rf /* the server. Feel free to spawn a root shell. You obviously know what you do"
CableNinja•1w ago
I deal with some regulated things and some users who usually wouldnt be allowed to see/work on a thing are granted special access to do so, with extreme limitations. Recently i was approached asking if we could strip down the users desktops to no gui, no sudo, for use as a jumpbox. I explained why users need sudo to do what they need, and was asked about limiting sudo.

Its really tough to tell someone who is all about security (not linux security but regulatory security and such) that basically granting any bit of sudo access can lead to full access.

There is a way that this can be handled, but its honestly sort of an afterthought functionality. facls. You can delegate multiple owners/groups and permissions for things, and it can work well, but you have to deal with facls on multiple fronts, setting them for basically the entire system. facls are great, in theory, but they feel like such an afterthought that they are often ignored.

bloppe•1w ago
You could provide decently meaningful and targeted sandboxing using mount namespaces and an overlay FS, while retaining sudo privileges for what you need to do.
sadnboxx•1w ago
Allowing a "command" (executable, I believe) that isn't a read-only absolute path is a fool's errand. I will modify PATH and run my own implementation of it.
pimlottc•1w ago
I know they’re just being through but the “go test” part is a bit “Pray, Mr Babbage”… Test code is just code. I know of no language where tests are sandboxed in any meaningful way.
bloppe•1w ago
They're sandboxed if you use bazel. Not as much as the nix people would like, but bazel tests get read-only access to the host filesystem except /tmp
pimlottc•1w ago
Right, I should have said there are conventions and libraries you can use to limit the scope of tests but that requires intention and diligence. But fundamentally , “go tests” could run anything a normal go program can.
eqvinox•1w ago
everything is a container these days, and yet somehow collective-we don't manage to have AI agents run in a container layer on top of our current work, so we can later commit or rollback?
Neywiny•1w ago
I feel like if I ever used an agentic AI that's how I'd need it to be done. Too many cases of AIs getting access to files that it shouldn't. But then then, how do I allow it to look things up online without sending all my code to some scammer that prompt injected on a tutorial? I don't think I'll ever trust it with anything proprietary or otherwise less than publicly available.
iberator•1w ago
What do you mean?! Where? I would claim otherwise: 99% of software is not in the containers. Like 100% windows or debian software
slipheen•5d ago
I don't know much about how windows software is packaged, but I find that a solid majority of desktop software I use is in flatpack and server software in OCI images
hbogert•1w ago
> I really thought `eval` would not be abused on non validated input

    - your colleague, or you 1 year before.
with•5d ago
True, you can do almost anything if find is allowlisted.

find / -exec sh -c 'whatever u wanna do' \;

bandrami•5d ago
I'm sorry but the idea of giving an AI agent a non-restricted shell is insane. If you don't want it to perform certain commands those commands should not be in its environment at all.
totetsu•5d ago
I remember when I was starting out, someone on my team showed me, that in the case where we were allowed to run vi and root on a machine there was noting stopping one from just starting a child shell from within vi with root privileges.
AllegedAlec•5d ago
Not entirely related to the content but man 'allowlisting' reads so badly. We should just out of ease of reading return to whitelisting.
slipheen•5d ago
I'm trying not to get nerdsniped, but in the realm of subjective pragmatics, I personally find `allowlisting` to be drastically more clear.
AllegedAlec•5d ago
My concern isn't really clarity of intention, but that 'allowlisting' just doesn't flow as well when reading as whitelisting does.