frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Decoding the obfuscated bash script on a Uniqlo t-shirt

https://tris.sherliker.net/blog/obfuscated-self-evaluating-bash-script-by-cdn-akamai-being-suppli...
382•speerer•3h ago•79 comments

Apple to increase spend with Broadcom to produce billions more U.S. chips

https://www.apple.com/newsroom/2026/07/apple-to-increase-spend-with-broadcom-to-produce-billions-...
32•soheilpro•34m ago•3 comments

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/
263•ColinEberhardt•6h ago•104 comments

How to Build a Minimal ZFS NAS Without Synology, QNAP, TrueNAS (2024)

https://neil.computer/notes/how-to-setup-minimal-zfs-nas-without-truenas/
220•4diii•8h ago•145 comments

Geosql: A Claude/Codex skill for geospatial data

https://github.com/dekart-xyz/geosql
33•rzk•3h ago•2 comments

EVE Online's Carbon engine is now open source: Fenris Creations explains why

https://www.gamesindustry.biz/eve-onlines-carbon-engine-is-now-open-source-fenris-creations-expla...
90•Stevvo•4d ago•14 comments

Tenda firmware (multiple versions) contains hidden authentication backdoor

https://kb.cert.org/vuls/id/213560
242•miniBill•11h ago•78 comments

Copy That Floppy – Cambridge guide for preserving data from fragile floppy disks

https://www.digipres.org/the-floppy-guide/
96•whiteblossom•8h ago•30 comments

List of European organizations that have banned personal messaging apps at work

https://www.birdy.chat/blog/the-growing-list-of-european-organisations-that-ban-personal-messagin...
19•rmesters•1h ago•12 comments

Chat Control 1.0 and 2.0 Explained

https://fightchatcontrol.eu/chat-control-overview
707•gasull•21h ago•285 comments

Structure and Interpretation of Computer Programs Video Lectures (1986)

https://ocw.mit.edu/courses/6-001-structure-and-interpretation-of-computer-programs-spring-2005/v...
204•gjvc•12h ago•23 comments

NoiseLang: Where N = 5 is a Dirac delta

https://manualmeida.dev/articles/noiselang/
12•manucorporat•1d ago•4 comments

GAO: DOE Is Prematurely Excluding Less Expensive Options for Nuclear Cleanup

https://www.gao.gov/products/gao-26-108193
216•Jimmc414•13h ago•102 comments

Canada's only watchmaking school still ticking after 80 years

https://www.cbc.ca/news/canada/montreal/canada-s-only-watchmaking-school-9.7254211
161•throw0101a•3d ago•82 comments

Local, CPU-Friendly, High-Quality TTS (Text-to-Speech) with Kokoro

https://ariya.io/2026/03/local-cpu-friendly-high-quality-tts-text-to-speech-with-kokoro/
435•speckx•17h ago•83 comments

We Got This Wrong. and We Are Fixing It

https://community.hubspot.com/t/we-got-this-wrong-and-we-are-fixing-it/152063
12•JumpCrisscross•59m ago•12 comments

Home made GPU escalated quickly [video]

https://www.youtube.com/watch?v=qMR3IXF2sWw
68•erichocean•2d ago•19 comments

Ants: Who looks after the injured in a colony?

https://www.uni-wuerzburg.de/en/news-and-events/news/detail/news/ameisen-kolonie-verletzte-pflegt/
28•hhs•4d ago•7 comments

30papers.com – Ilya's 30 essential ML papers, in a beginner friendly format

https://30papers.com/
551•notmcrowley•20h ago•85 comments

LineageOS Statistics

https://stats.lineageos.org
116•pentagrama•10h ago•67 comments

The difference between "today's task" and "accretive work"

https://pluralistic.net/2026/07/02/canonization/
62•hn_acker•5d ago•38 comments

Herdr: One terminal to rule them all

https://herdr.dev/
305•handfuloflight•6d ago•136 comments

Show HN: Davit, a Apple Containers UI

https://davit.app
322•xinit•17h ago•76 comments

Automate Excel with Python: From manual grind to one-click workflow

https://nostarch.com/automate-excel-with-python
18•teleforce•3d ago•9 comments

Show HN: Rowboat – Open-source, local-first alternative to Claude Desktop

https://github.com/rowboatlabs/rowboat
171•segmenta•19h ago•55 comments

l: A new runtime for k and q

https://lv1.sh/
151•skruger•17h ago•91 comments

IEEE Rolls Out Large Language Models Training Course

https://spectrum.ieee.org/large-language-models-ieee-course
84•JeanKage•1w ago•13 comments

Scheme Is a Hoot

https://gracefulliberty.com/notes/scheme-is-a-hoot/
88•signa11•2d ago•15 comments

Why we built yet another Postgres connection pooler

https://pgdog.dev/blog/why-yet-another-connection-pooler
206•levkk•20h ago•51 comments

Jim's TrueType QR Code Font

https://github.com/jimparis/qr-font
189•arantius•19h ago•24 comments
Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."