frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Classical statues were not painted horribly

https://worksinprogress.co/issue/were-classical-statues-painted-horribly/
71•bensouthwood•1h ago•25 comments

Slowness is a virtue

https://blog.jakobschwichtenberg.com/p/slowness-is-a-virtue
106•jakobgreenfeld•3h ago•40 comments

Virtualizing Nvidia HGX B200 GPUs with Open Source

https://www.ubicloud.com/blog/virtualizing-nvidia-hgx-b200-gpus-with-open-source
6•ben_s•6m ago•0 comments

It's all about momentum

https://combo.cc/posts/its-all-about-momentum-innit/
56•sph•4h ago•18 comments

RCE via ND6 Router Advertisements in FreeBSD

https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc
69•weeha•5h ago•39 comments

After ruining a treasured water resource, Iran is drying up

https://e360.yale.edu/features/iran-water-drought-dams-qanats
181•YaleE360•3h ago•132 comments

Gemini 3 Flash: Frontier intelligence built for speed

https://blog.google/products/gemini/gemini-3-flash/
1033•meetpateltech•21h ago•545 comments

What is an elliptic curve? (2019)

https://www.johndcook.com/blog/2019/02/21/what-is-an-elliptic-curve/
97•tzury•7h ago•9 comments

Egyptian Hieroglyphs: Lesson 1

https://www.egyptianhieroglyphs.net/egyptian-hieroglyphs/lesson-1/
95•jameslk•8h ago•27 comments

Hightouch (YC S19) Is Hiring

https://hightouch.com/careers
1•joshwget•2h ago

Creating apps like Signal could be 'hostile activity' claims UK watchdog

https://www.techradar.com/vpn/vpn-privacy-security/creating-apps-like-signal-or-whatsapp-could-be...
123•donohoe•2h ago•101 comments

Most parked domains now serving malicious content

https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
36•bookofjoe•1h ago•11 comments

Online Textbook for Braid groups and knots and tangles

https://matthematics.com/redoak/redoak.html
25•marysminefnuf•4h ago•2 comments

Coursera to combine with Udemy

https://investor.coursera.com/news/news-details/2025/Coursera-to-Combine-with-Udemy-to-Empower-th...
544•throwaway019254•1d ago•324 comments

AI helps ship faster but it produces 1.7× more bugs

https://www.coderabbit.ai/blog/state-of-ai-vs-human-code-generation-report
32•birdculture•1h ago•26 comments

I got hacked: My Hetzner server started mining Monero

https://blog.jakesaunders.dev/my-server-started-mining-monero-this-morning/
487•jakelsaunders94•16h ago•310 comments

Working quickly is more important than it seems (2015)

https://jsomers.net/blog/speed-matters
205•bschne•3d ago•105 comments

From profiling to kernel patch: the journey to an eBPF performance fix

https://rovarma.com/articles/from-profiling-to-kernel-patch-the-journey-to-an-ebpf-performance-fix/
5•todsacerdoti•4d ago•1 comments

The Big City; Save the Flophouses (1996)

https://www.nytimes.com/1996/01/14/magazine/the-big-city-save-the-flophouses.html
6•ChadNauseam•3d ago•1 comments

Fluent: A Localization System for Natural-Sounding Translations

https://projectfluent.org/
10•stefankuehnel•4d ago•2 comments

Building a High-Performance OpenAPI Parser in Go

https://www.speakeasy.com/blog/building-speakeasy-openapi-go-library
25•subomi•3d ago•7 comments

Breaking Paragraphs into Lines [pdf] (1981)

https://gwern.net/doc/design/typography/tex/1981-knuth.pdf
21•Smaug123•6d ago•6 comments

A school locked down after AI flagged a gun. It was a clarinet

https://www.washingtonpost.com/nation/2025/12/17/ai-gun-school-detection/
60•reaperducer•2h ago•54 comments

Ask HN: Those making $500/month on side projects in 2025 – Show and tell

319•cvbox•12h ago•312 comments

Don MacKinnon: Why Simplicity Beats Cleverness in Software Design [audio]

https://maintainable.fm/episodes/don-mackinnon-why-simplicity-beats-cleverness-in-software-design
57•mooreds•2d ago•23 comments

How getting richer made teenagers less free

https://www.theargumentmag.com/p/how-getting-richer-made-teenagers
144•NavinF•4h ago•162 comments

AWS CEO says replacing junior devs with AI is 'one of the dumbest ideas'

https://www.finalroundai.com/blog/aws-ceo-ai-cannot-replace-junior-developers
984•birdculture•21h ago•494 comments

GitHub postponing the announced billing change for self-hosted GitHub Actions

https://twitter.com/jaredpalmer/status/2001373329811181846
86•coloneltcb•18h ago•101 comments

Gut bacteria from amphibians and reptiles achieve tumor elimination in mice

https://www.jaist.ac.jp/english/whatsnew/press/2025/12/17-1.html
444•Xunxi•14h ago•112 comments

Judge hints Vizio TV buyers may have rights to source code licensed under GPL

https://www.theregister.com/2025/12/05/vizio_gpl_source_code_ruling/
132•pabs3•9h ago•17 comments
Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•7mo ago

Comments

steele•7mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•7mo ago
Lmao, gentrify cracked me up
neilv•7mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•7mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•7mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•7mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•7mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•7mo ago
May as well just release an executable tbh.
theamk•7mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•7mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•7mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."