frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Janet Jackson had the power to crash laptop computers (2022)

https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
161•montalbano•3h ago•67 comments

Nvidia's $20B Antitrust Loophole (Not an Acquisition)

https://ossa-ma.github.io/blog/groq
109•ossa-ma•2h ago•42 comments

Gpg.fail

https://gpg.fail
140•todsacerdoti•3h ago•56 comments

Floor796

https://floor796.com/
301•krtkush•7h ago•46 comments

We Lost Communication to Entertainment

https://ploum.net/2025-12-15-communication-entertainment.html
4•8organicbits•11m ago•0 comments

Windows 2 for the Apricot PC/Xi

https://www.ninakalinina.com/notes/win2apri/
24•todsacerdoti•2h ago•5 comments

Clock Synchronization Is a Nightmare

https://arpitbhayani.me/blogs/clock-sync-nightmare/
45•grep_it•4d ago•21 comments

OrangePi 6 Plus Review

https://boilingsteam.com/orange-pi-6-plus-review/
90•ekianjo•7h ago•68 comments

Show HN: Ez FFmpeg – Video editing in plain English

http://npmjs.com/package/ezff
293•josharsh•11h ago•136 comments

How uv got so fast

https://nesbitt.io/2025/12/26/how-uv-got-so-fast.html
1163•zdw•1d ago•397 comments

Ask HN: Resources to get better at outbound sales?

105•sieep•6d ago•31 comments

Show HN: Mysti – Claude, Codex, and Gemini debate your code, then synthesize

https://github.com/DeepMyst/Mysti
129•bahaAbunojaim•4d ago•106 comments

NMH BASIC

https://t3x.org/nmhbasic/index.html
29•AlexeyBrin•6h ago•1 comments

Scientists Edited Genes Inside a Living Person for First Time, Saved His Life

https://www.popularmechanics.com/science/health/a64815804/crispr-therapy/
43•QueensGambit•1h ago•5 comments

Mruby: Ruby for Embedded Systems

https://github.com/mruby/mruby
108•nateb2022•5d ago•29 comments

Splice a Fibre

https://react-networks-lib.rackout.net/fibre
71•matt-p•8h ago•33 comments

Intertapes – collection of found cassette tapes from different locations

https://intertapes.net/
82•wallflower•6d ago•7 comments

Exe.dev

https://exe.dev/
386•achairapart•20h ago•228 comments

Cleartext Signatures Considered Harmful

https://gnupg.org/blog/20251226-cleartext-signatures.html
26•derleyici•2h ago•1 comments

Pre-commit hooks are broken

https://jyn.dev/pre-commit-hooks-are-fundamentally-broken/
110•todsacerdoti•16h ago•93 comments

Detect memory leaks of C extensions with psutil and psleak

https://gmpy.dev/blog/2025/psutil-heap-introspection-apis
49•grodola•3d ago•8 comments

Always bet on text (2014)

https://graydon2.dreamwidth.org/193447.html
315•jesseduffield•21h ago•164 comments

QNX Self-Hosted Developer Desktop

https://devblog.qnx.com/qnx-self-hosted-developer-desktop-initial-release/
253•transpute•19h ago•139 comments

Some Junk Theorems in Lean

https://github.com/James-Hanson/junk-theorems-in-lean
70•saithound•4d ago•52 comments

Package managers keep using Git as a database, it never works out

https://nesbitt.io/2025/12/24/package-managers-keep-using-git-as-a-database.html
742•birdculture•1d ago•425 comments

Publishing your work increases your luck

https://github.com/readme/guides/publishing-your-work
252•magoghm•19h ago•94 comments

This PNG shows a different version when loaded in Chrome than in Safari

https://lr0.org/blog/p/pngchanges/
53•lr0•3h ago•34 comments

Langjam-Gamejam Devlog: Making a language, compiler, VM and 5 games in 52 hours

https://github.com/Syn-Nine/gar-lang/blob/main/DEVLOG.md
103•suioir•5d ago•10 comments

The best things and stuff of 2025

https://blog.fogus.me/2025/12/23/the-best-things-and-stuff-of-2025.html
356•adityaathalye•4d ago•73 comments

Faster practical modular inversion

https://purplesyringa.moe/blog/faster-practical-modular-inversion/
50•todsacerdoti•6d ago•3 comments
Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•7mo ago

Comments

steele•7mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•7mo ago
Lmao, gentrify cracked me up
neilv•7mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•7mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•7mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•7mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•7mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•7mo ago
May as well just release an executable tbh.
theamk•7mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•7mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•7mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."