frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory

https://mathstodon.xyz/@iblech/116769502749142438
155•IngoBlechschmid•1h ago•63 comments

Launch HN: Manufact (YC S25) – MCP Cloud

https://manufact.com
55•pzullo•2h ago•40 comments

Android Developer Verification: Threat masquerading as protection

https://f-droid.org/2026/07/01/adv-malware.html
1329•drewfax•14h ago•550 comments

PeerTube is a free, decentralized and federated video platform

https://github.com/Chocobozzz/PeerTube
138•doener•5h ago•19 comments

How to ask for help from people who don't know you

https://pradyuprasad.com/writings/how-to-ask-for-help/
114•FigurativeVoid•3h ago•15 comments

AI can't be listed as inventor on patent applications, Japan's top court rules

https://japannews.yomiuri.co.jp/science-nature/technology/20260306-314930/
205•mushstory•3h ago•85 comments

Show HN: QUALITY.md – open format/specification, agent skill, and CLI

https://getquality.md
8•craigsmitham•39m ago•3 comments

Is One Layer Enough? A Single Transformer Layer Matches Full-Parameter RL Train

https://arxiv.org/abs/2607.01232
82•tcp_handshaker•5h ago•20 comments

Former Microsoft dev built a 2.5KB Notepad clone

https://theguptalog.blogspot.com/2026/07/former-microsoft-dev-built-25kb-notepad.html
11•sheelagay•46m ago•2 comments

German button maker searched rivers of American Midwest for valuable shells

https://www.smithsonianmag.com/smithsonian-institution/how-one-german-button-maker-searched-the-r...
68•bookofjoe•4d ago•23 comments

Show HN: Mail Memories – A desktop app to rescue photos from Gmail

https://mailmemories.com
72•ltiger•2h ago•20 comments

Show HN: CLI tool for detecting non-exact code duplication with embedding models

https://github.com/rafal-qa/slopo
32•rkochanowski•2h ago•10 comments

The Egg Bandits Made a Thousand Times the Fine They Just Paid for Price Fixing

https://www.thebignewsletter.com/p/crime-pays-the-egg-bandits-made-a
183•toomuchtodo•3h ago•58 comments

Hazel (YC W24) Is Hiring for Our Largest Government Contract

https://www.ycombinator.com/companies/hazel-2/jobs/3epPWgu-full-stack-engineer-ts-sci
1•augustschen•4h ago

Kimi K2.7 Code is generally available in GitHub Copilot

https://github.blog/changelog/2026-07-01-kimi-k2-7-is-now-available-in-github-copilot/
328•unliftedq•12h ago•136 comments

The primary purpose of code review is to find code that will be hard to maintain

https://mathstodon.xyz/@mjd/115096720350507897
214•ColinWright•5h ago•118 comments

The fall of the theorem economy

https://davidbessis.substack.com/p/the-fall-of-the-theorem-economy
186•varjag•9h ago•83 comments

Show HN: A graph paper generator that renders vector PDFs in the browser

https://freegraphpaper.net/
44•lam_hg94•3h ago•8 comments

Spain Orders Blacklist of Palantir from Public and Private Companies

https://clashreport.com/world/articles/spain-orders-blacklist-of-us-tech-giant-palantir-from-publ...
66•mgh2•2h ago•2 comments

NSA tries to weaken mlkem standardisation

https://nsa.2026.action.cr.yp.to
36•SuperSandro2000•4h ago•5 comments

CursorBench 3.1

https://cursor.com/evals
133•handfuloflight•11h ago•74 comments

Show HN: Claudoro, Pomodoro timer embedded in the Claude Code statusline

https://github.com/emson/claudoro
30•emson•1d ago•25 comments

Vite+ Beta

https://voidzero.dev/posts/announcing-vite-plus-beta
185•Erenay09•5h ago•104 comments

Show HN: ZeroFS – A log-structured filesystem for S3

https://www.zerofs.net/
84•Eikon•3h ago•40 comments

WinPE as a stateless harness for Windows driver testing and fuzzing

https://bednars.me/blog/winpe-harness
60•piotrbednarsalt•3d ago•3 comments

Comparing Fable and 10 other LLMs on refactoring a LangGraph god node

https://wtf.korridzy.com/twilight-of-the-gods/
34•Korridzy•3h ago•12 comments

Germany’s Infineon opens major chip plant as EU seeks tech autonomy

https://www.rfi.fr/en/international-news/20260702-germany-s-infineon-opens-major-chip-plant-as-eu...
116•giuliomagnifico•4h ago•32 comments

What Breaks a Cell's Ribs Can Make It Stronger

https://www.quantamagazine.org/what-breaks-a-cells-ribs-can-make-it-stronger-20260629/
5•jnord•2d ago•1 comments

Senior SWE-Bench: open-source benchmark that assesses agents as senior engineers

https://senior-swe-bench.snorkel.ai/
136•matt_d•14h ago•95 comments

Asymmetric Quantization: Near-Lossless Retrieval with 97% Storage Reduction

https://www.mixedbread.com/blog/asymmetric-quant
88•breadislove•2d ago•31 comments
Open in hackernews

Leeks and Leaks

https://daniel.haxx.se/blog/2025/05/16/leeks-and-leaks/
123•mrmanner•1y ago

Comments

Snawoot•1y ago
Side note: redirection of .onion domain to Tor proxy is how proxy routing with JS script illustrated by example in dumbproxy docs: https://github.com/SenseUnit/dumbproxy?tab=readme-ov-file#up...
immibis•1y ago
One of the things on my cool ideas list is AF_ONION. getaddrinfo should be able to translate a .onion DNS name into an AF_ONION address immediately, and then you should be able to open an AF_ONION socket to that address. Tor would instantly be compatible with every program that doesn't assume IPv4/6 (which is shockingly few, but automatic Tor support would be a good reason to fix that). Same with I2P.

Prior to that, .onion blocking in getaddrinfo would also make sense - it would apply to a large swath of apps - and could be overridden with nsswitch.conf, perhaps.

Props to Daniel for recognizing that the situation is impossible to solve in a way that pleases everyone. Some people would just change it to meet the demands of the last person who asked, without thinking deeper.

knome•1y ago
if they're going to be arbitrarily against env vars, like CURL_HOME, CURL_SSL_BACKEND, CURL_CA_BUNDLE, or the other dozen-ish variables curl already checks, an option in could .curlrc seem reasonable.

of course, having a CURL_ALLOW_ONION would allow the oniux program to set it, which would very easy and straight forward for both sides.

alternately, oniux could itself run a proxy and set the appropriate proxying environment variable, like HTTPS_PROXY. This would have the advantage of curl not having to do anything, but would add a rather ugly bit of complication to oniux.

seeing as the ability to run and inform curl of a proxy means oniux can already bypass the onion blocking with an envvar, adding one specifically to do that is convenient for callers, and does not expose the user to parent programs controlling onion exposure any more than it already does.

at best you could argue that requiring a full proxy makes it slightly harder for naive users to accidentally expose themselves since it would raise the bar for exposure from what curl knows, being the env var, to what curl has, in the form of an available proxy endpoint, but this isn't really a great excuse not to implement the CURL_ALLOW_ONION env var.

it's nice that curl is helpful for blocking by default, but having curl require the user to jump through hoops to unblock onion is a bit much.

remram•1y ago
This doesn't really fix the problem. Curl is not the only tool to have implemented this block, many tools have, this was the point of Tor requesting this mechanism via an RFC. Is oniux going to set hundreds of environment variables to deactivate the block in all programs they know about? And cause users to send bug reports to all programs complying with their RFC that their tool doesn't yet know the workaround for?

The fix is much simpler: have oniux set $http_proxy (and drop non-tor traffic). This is the mechanism that makes the more sense and is in line with their own RFC.

nytpu•1y ago
Almost like those existing env vars made it clear that they were mistakes that make behavior inconsistent (especially libcurl) and they want to avoid repeating it with additional env vars. Having almost contributed to Curl before, they repeatedly note for contributors that just because old code does something questionable doesn't mean your new code is allowed to do it—if anything, you're just highlighting the questionable piece of old code as being important for them to rewrite soon (of course they can't remove the current env vars for compatibility reasons).

And the article specifically notes that the current solution doesn't work, but it requires discussion on what the best solution is instead of just taking the literal first solution suggested by someone.

captainmuon•1y ago
I feel like most people only use Tor via the Tor browser or a socks proxy, and the developers in the ecosystem cater only to these users. But there are a bunch of other creative uses of Tor around.

A couple of years ago, I used the TransPort feature of Tor combined with an iptables rule to redirect certain applications over Tor, like a web browser. The goal was a poor man's VPN. Access some websites without your local network admin to know about it, and without the website to know who you are. Back then there was Java applets and Flash, and this worked to hide network requests from them, too, as opposed to other solutions. Later iptables removed the feature that allowed you to filter on PID and broke my workflow. I changed it to use a dedicated unix user for tor, but that broke at some point, too, and I just got a commercial VPN.

Tor discouraged my use case, and I guess if you are afraid of being tracked or recognized as a returning user, then you should stick to Tor browser. But everybody has their own use cases.

Joker_vD•1y ago
> redirect certain applications over Tor, like a web browser

I personally use a proxy.pac file (which all both Firefox/Chrome support) with roughly the following contents:

    function FindProxyForURL(url, host) {
        var httpProxy = "PROXY localhost:3128";
        var onionProxy = "SOCKS5 localhost:9050";

        if (host.endsWith(".onion")) {
            return onionProxy;
        }

        var proxiedDomains = [
              "example.com",
              ...
        ];

        for (var proxied of proxiedDomains) {
            if (shExpMatch(host, proxied) || shExpMatch(host, "*." + proxied)) {
                return httpProxy;
            }
        }

        return "DIRECT";
    }
The only inconvenient part is that Chrome for some stupid reason can't read this file from a file:// url, so I have to host it on my localhost; oh well.
geocar•1y ago
Take care with this. Some people are putting sneaky code in that detects if your regular non-proxied access will receive some other network path via a .onion domain. It is not clear to me what exactly they are doing with this knowledge.
amiga386•1y ago
I feel the new oniux command is doing both the right thing and the wrong thing:

- right thing: catch every network access and redirect to Tor

- wrong thing: create the user expectation that (if you remember to prepend "oniux") it'll catch every network access and redirect to Tor

It is essentially moral hazard. What happens when you accidentally forget "oniux"? Or think you've booted up a Tails environment but it's not? Or mistake the Tor Browser window for a Firefox window? You only have to resolve a DNS name _once_ for the world to know you're interested in accessing it.

I like the idea that oniux should not only intercept gethostbyname(), but also always set standard environment variables pointing to its SOCKS proxy. That way curl can do the right thing - refuse to pass .onion names to gethostbyname() - but support automatically passing them on to a proxy. If it's a non-Tor proxy, it should also do the right thing and refuse to resolve .onion addresses, leaving only safe ways forward, which is passing on name resolution to whichever proxy is configured, and the only proxy that will resolve .onion addresses is the Tor proxy.

0points•1y ago
oniux is completely new to me, but this is not at all a new idea.

torsocks has been available doing the same thing since 2008.

irelephant•1y ago
I'd say its advantage is being made officially by tor.
Ey7NFZ3P0nzAe•1y ago
Had not heard about oniux:

https://blog.torproject.org/introducing-oniux-tor-isolation-...

loa_in_•1y ago
That's anecdotal or is there something to confirm this?
iaaan•1y ago
Not the person you replied to, but theoretically, it's easy for me to imagine how that would work, so I'd definitely be wary of using a solution like this.
geocar•1y ago
Hi. I checked your profile and it says you like to be referred to as a "black hat hacker" who is being "pursued by multiple agencies".

Can you explain exactly what you hope to do with this knowledge?

Or is it not obvious when pointed out to you that you would have a different IP address accessing a .onion address and a .com address at roughly the same time?

irelephant•1y ago
It says "i wish" right under that.
fucker42069•1y ago
terrible idea since .onion websites can (and many do) load resources from non-.onion urls