news newest ask show jobs

Open Source @Github

fp.

Open in hackernews

CVE-2026-42530 – Nginx HTTP3/QUIC Use-After-Free

https://my.f5.com/manage/s/article/K000161616

3•kro•1h ago

Comments

cpburns2009•42m ago

I mentioned this in a previous post for this CVE. How much heavy lifting is the phrase "along with conditions beyond their control" doing for this exploit?

> When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream.

kro•23m ago

These commits [1] are related to the issue. I am not too familiar with the code, but it appears nginx manages/closes streams in a pool at times the attacker cannot control, and during short windows, it is vulnerable.

[1]:

https://github.com/nginx/nginx/commit/ceccdbd2ee799d020a371b...

https://github.com/nginx/nginx/commit/9e293766e73c469c015df5...

Fable 5 pushed Gemma 4 to 255 tok/s on WebGPU

https://xcancel.com/xenovacom/status/2067289897111638484

1•kirubakaran•1m ago•0 comments

I built a local SQLite viewer/editor with export and charts

https://github.com/oliverjessner/sqlite-hub

2•oliverjessner•2m ago•0 comments

Ads Evading Pi-hole with iOS 27

https://www.symphonious.net/2026/06/18/ads-evading-pi-hole-with-ios-27/

2•real_joschi•2m ago•0 comments

Show HN: Zedmail – transactional email API outside US jurisdiction (CASL/GDPR)

https://zedmail.io

2•amordecosmos•3m ago•0 comments

Converting Books into Visual Novels

https://github.com/JohnQPulp/PublicDomainPulp

2•JohnQPulp•7m ago•0 comments

The search for dark matter has been blown wide open

https://www.technologyreview.com/2026/06/18/1138755/search-for-dark-matter-blown-wide-open/

2•Brajeshwar•8m ago•0 comments

Poggle: Helping Engineering Teams Ship Better Software, Faster

https://www.poggle.ai/

2•Ghostcrawl3r•8m ago•0 comments

Show HN: Mantyx – Managed Agent Runtime

https://mantyx.io/

2•mantyx•9m ago•0 comments

I almost got hit by a car

https://manualdousuario.net/en/almost-hit-by-a-car/

2•rpgbr•12m ago•0 comments

When are TLS certificates renewed, and how often after expiration?

https://certobserver.com/blog/renewal-analysis

2•rellem•15m ago•0 comments

Show HN: Sudoku Word Search," hidden words required to solve letter-sudoku

https://www.sudokuwordsearch.com/

2•bahbahbahbah•15m ago•0 comments

clawmark: open-source CLAUDE.md A/B Testing CLI tool

https://github.com/emiliolugo/clawmark

2•emiliolugo•16m ago•1 comments

Ask HN: Best resources for learning how to build a forum back end?

2•jupr•17m ago•1 comments

Bulgaria Licensed Surveillance Exports to Rights Violators

https://www.hrw.org/news/2026/06/18/bulgaria-licensed-surveillance-exports-to-rights-violators

3•aa_is_op•18m ago•0 comments

Deegen: A JIT-Capable VM Generator for Dynamic Languages [pdf]

https://fredrikbk.com/publications/deegen.pdf

2•gjvc•18m ago•0 comments

The Sword Juggling Fallacy

https://hugotunius.se/2026/06/15/the-sword-juggling-fallacy.html

2•speckx•21m ago•0 comments

Memanto; open-source memory agent that remembers, recalls and answers

https://github.com/moorcheh-ai/memanto

6•majidfekri•21m ago•3 comments

Windows and Linux users: The deadline to update Secure Boot keys is near

https://arstechnica.com/security/2026/06/windows-and-linux-users-the-deadline-to-update-secure-bo...

2•everybodyknows•22m ago•0 comments

Ask HN: How do you decide what goes in a changelog vs. internal notes?

2•beratbozkurt0•22m ago•0 comments

Show HN: Cost-Xray – per-token cost attribution, by tool, skill, prompt and more

https://github.com/tigerless-labs/cost-xray

2•ruihanli•23m ago•0 comments

Social media menagement tool with API for AI agents

https://schedpilot.com/

2•schedpilot•25m ago•1 comments

Geriatric butterfly species lives nearly three times as long as their relatives

https://phys.org/news/2026-06-geriatric-butterfly-species.html

3•gmays•25m ago•0 comments

"The Age of the Car Is Over": Fewer and Fewer Private Cars in Berlin

https://www.morgenpost.de/berlin/article412306798/die-zeit-des-autos-ist-vorbei-berlin-bei-autobe...

5•doener•25m ago•2 comments

New VPN rules for UK households on table from July after government update

https://www.birminghammail.co.uk/news/midlands-news/new-vpn-rules-uk-households-34129495

2•rzk•26m ago•0 comments

Ask HN: Whats the best and small open source model?

2•hairymouse•26m ago•0 comments

Immortals

https://immortals.com/

3•simonebrunozzi•26m ago•2 comments

We Got Anthropic's Glasswing at Home (Who Needs Mythos 5 or Fable 5?)

https://blog.attacks.ai/we-got-glasswing-at-home

2•Seventeen18•27m ago•0 comments

Show HN

https://github.com/Saptarshi2001/AsyncLoad

3•Saptarshi_Dutta•27m ago•0 comments

China's EV Price War Was Built on Cars Sold at a Loss

https://www.autoblog.com/features/chinas-ev-price-war-was-built-on-cars-sold-at-a-loss

5•TMWNN•28m ago•0 comments

Grand Theft Auto VI: Official Cover Art Reveal [video]

https://www.youtube.com/watch?v=EiQEBYDox_k

2•mikhael•28m ago•1 comments