news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Redesigned Claude Code Desktop app is now available

https://claude.com/blog/claude-code-desktop-redesign

1•adocomplete•1m ago•0 comments

The Internet's Most Powerful Archiving Tool Is in Peril

https://www.wired.com/story/the-internets-most-powerful-archiving-tool-is-in-mortal-peril/

1•throw0101d•3m ago•1 comments

Show HN: Visualizing OpenClaw runs to debug flaws and token spikes

https://github.com/epsilla-cloud/clawtrace

1•songrenchu•4m ago•0 comments

Downgrading Claude Code and changing one global setting fixes model reasoning

https://twitter.com/sthiven_r/status/2043992488109899849

1•giancarlostoro•5m ago•0 comments

Show HN: Ztlgr – a local-first PKM and notes tool for the terminal

https://github.com/bakudas/ztlgr

1•bakudas•6m ago•0 comments

Commitgenius – CLI that reads your Git diff and writes specific commit messages

https://github.com/Noumenon-ai/commitgenius

1•Noumenon_AI•6m ago•0 comments

200 Startups Are Waiting for EU Funding That Will Never Come

https://blog.mean.ceo/200-startups-are-waiting-for-money-that-will-never-come/

1•p4bl0•8m ago•0 comments

The Two Troublemakers in the EU Are Also the Two Poorest

https://pogatsa.substack.com/p/the-two-troublemakers-in-the-eu-are

1•kocsonya•9m ago•0 comments

Lightweight, responsive web reader for Iran-related news from various RSS feeds

https://news-reader-9h9o.onrender.com

1•sLaube•9m ago•1 comments

Show HN: Rust EDR Agent for Linux with eBPF and macOS

https://github.com/secureexec/secureexec-agent

1•irqlevel•9m ago•0 comments

Has Science Become a Dangerous Religion? – Alexandre Grothendieck

2•therisingsea•10m ago•0 comments

YouTube modder complete's their own Steam Machine

https://www.pcgamer.com/hardware/gaming-pcs/one-youtuber-has-built-their-own-usd950-steam-machine...

2•jkyrlach•10m ago•0 comments

Tell HN: Fiverr left customer files public and searchable

4•morpheuskafka•11m ago•0 comments

This post is published by just typing into Obsidian

https://blog.d11r.eu/obs/

1•dominicq•13m ago•0 comments

Challenges in Decompilation and Reverse Engineering of CUDA Kernels [video]

https://www.youtube.com/watch?v=ns5jFuEdeFg

1•nicolodev•13m ago•0 comments

One question tells you your EU AI Act risk tier (10 seconds)

https://for-loops.com/assess

1•mike_mullerr•14m ago•0 comments

How to Develop Good Taste (2022)

https://dieworkwear.com/2022/08/26/how-to-develop-good-taste-pt-1/

1•throw0101d•14m ago•0 comments

Laravel raised money and now injects ads directly into your agent

https://techstackups.com/articles/laravel-raised-money-and-now-injects-ads-directly-into-your-agent/

2•sixhobbits•14m ago•1 comments

Can LLMs generate a production workflow editor? We tested it

https://www.workflowbuilder.io/blog/workflow-builder-vs-llm-generated-code

1•maciek996•16m ago•0 comments

Context Rot: How Increasing Input Tokens Impacts LLM Performance

https://www.trychroma.com/research/context-rot

1•felineflock•17m ago•0 comments

Loop.frontiersin.org/People/3468257/Overview

https://loop.frontiersin.org/people/3468257/overview

1•openrockets•19m ago•0 comments

Write It First Then Let AI Drive

https://kennethreitz.org/essays/2026-04-12-write_it_first_then_let_ai_drive

1•jorzel•20m ago•1 comments

Misconfiguring Infinity Fabric to Break AMD SEV-SNP

https://fabricked-attack.github.io/

1•spooneybarger•21m ago•0 comments

People are pretending to be AI chatbots – for fun

https://www.npr.org/2026/04/14/nx-s1-5776842/ai-chatbot-comedy-ben-palmer-chatgpt

1•rolph•22m ago•0 comments

KDE: 30 years of the Linux desktop (video media.ccc.de)

https://media.ccc.de/v/glt26-691-kde-30-years-of-the-linux-desktop

3•simon04•22m ago•0 comments

New Accounts Let Teens Trade Stocks Without a Parent's Approval

https://www.wsj.com/personal-finance/new-accounts-let-teens-trade-stocks-without-a-parents-approv...

1•booleandilemma•22m ago•0 comments

C-Suite tried to replace every coder it ever met. Now AI replaces the C-Suite?

https://dhmventures.com/blog/do-we-need-c-suite-executives.html

1•dirk94018•23m ago•0 comments

Axios vulnerability with CVSS 10 over stated?

https://www.aikido.dev/blog/axios-cve-2026-40175-a-critical-bug-thats-not-exploitable

1•oofbey•23m ago•1 comments

A former homeless man remotely achieved the American Dream

https://www.lvivherald.com/post/oleh-a-true-life-story

1•Kizert•23m ago•0 comments

The inevitable need for an open model consortium

https://www.interconnects.ai/p/the-inevitable-need-for-an-open-model

1•gmays•26m ago•0 comments

Open in hackernews

hasp: A paranoid scanner and kernel-sandboxed step runner for GitHub Actions

https://github.com/electricapp/hasp

2•electricapps•3h ago

Comments

electricapps•3h ago

I worked on hasp after seeing the Trivy and LiteLLM PyPI-credential leak. It was clear that the failure there wasn't unique since any CI step can get compromised, and everything else in the job shares its secrets.

What started as a consistency check for immutable SHA pinning and version comment consistency grew into a larger project with token sandboxing and a suite of runtime checks. I drew some inspiration from zizmor, which focuses more on static analysis. Fundamentally, hasp does two things:

1. Scan: a paranoid audit of .github/workflows/ which verifies every `uses`: is pinned to an immutable SHA that actually exists, checks commit provenance, maps which secrets reach which actions, flags injection patterns and excessive permissions.

2. Exec: wraps any subprocess in Landlock (filesystem) + seccomp (syscalls) + BPF cgroup (network egress). Rather than injecting secrets into the env, they're served from a localhost proxy with a per-secret allowlist of destination domains. A compromised npm postinstall can't exfiltrate GITHUB_TOKEN to evil.com because the BPF program drops it.

Written in Rust, single musl binary, MIT License, and shipping now as-is in alpha. Run the binary in GHA or use the forthcoming GHA itself. See docs/TRUST.md to understand the bootstrap-able trust model.