frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Art of Roads in Games

https://sandboxspirit.com/blog/art-of-roads-in-games/
375•linolevan•14h ago•119 comments

Is the author of pdf-lib okay?

https://github.com/Hopding/pdf-lib
19•shreddit•49m ago•2 comments

Show HN: Algorithmically Finding the Longest Line of Sight on Earth

https://alltheviews.world
26•tombh•1h ago•7 comments

Vouch

https://github.com/mitchellh/vouch
886•chwtutha•1d ago•397 comments

Offpunk 3.0

https://ploum.net/2026-02-09-offpunk3.html
15•todsacerdoti•1h ago•0 comments

LispE: Lisp Interpreter with Pattern Programming and Lazy Evaluation

https://github.com/naver/lispe
61•PaulHoule•4d ago•11 comments

Clean Coder: The Dark Path (2017)

https://blog.cleancoder.com/uncle-bob/2017/01/11/TheDarkPath.html
17•andrewjf•4d ago•30 comments

Tessellation Kit (2016)

https://sciencevsmagic.net/tes/#0.5.0.1.aaaaaaaaa
8•surprisetalk•4d ago•1 comments

Show HN: A custom font that displays Cistercian numerals using ligatures

https://bobbiec.github.io/cistercian-font.html
101•bobbiechen•13h ago•21 comments

Every book recommended on the Odd Lots Discord

https://odd-lots-books.netlify.app/
102•muggermuch•12h ago•41 comments

Show HN: I created a Mars colony RPG based on Kim Stanley Robinson’s Mars books

https://underhillgame.com/
227•ariaalam•18h ago•71 comments

Apple XNU: Clutch Scheduler

https://github.com/apple-oss-distributions/xnu/blob/main/doc/scheduler/sched_clutch_edge.md
145•tosh•15h ago•26 comments

More Mac malware from Google search

https://eclecticlight.co/2026/01/30/more-malware-from-google-search/
203•kristianp•14h ago•139 comments

Ask HN: What are you working on? (February 2026)

160•david927•16h ago•526 comments

Quartz crystals

https://www.pa3fwm.nl/technotes/tn13a.html
83•gtsnexp•1d ago•20 comments

Custom Firmware for the MZ-RH1 – Ready for Testing

https://sir68k.re/posts/rh1-firmware-available/
51•jimbauwens•4d ago•18 comments

Reverse Engineering the Prom for the SGI O2

https://mattst88.com/blog/2026/02/08/Reverse_Engineering_the_PROM_for_the_SGI_O2/
93•mattst88•13h ago•20 comments

The Little Bool of Doom (2025)

https://blog.svgames.pl/article/the-little-bool-of-doom
113•pocksuppet•17h ago•41 comments

Werewolf Vflex Adapter Review

https://hagensieker.com/2026/02/05/werewolf-vflex-adapter-review/
9•geerlingguy•3d ago•0 comments

Experts Have World Models. LLMs Have Word Models

https://www.latent.space/p/adversarial-reasoning
107•aaronng91•17h ago•123 comments

GitHub Agentic Workflows

https://github.github.io/gh-aw/
263•mooreds•22h ago•125 comments

Roundcube Webmail: SVG feImage bypasses image blocking to track email opens

https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/
148•nullcathedral•17h ago•53 comments

AI makes the easy part easier and the hard part harder

https://www.blundergoat.com/articles/ai-makes-the-easy-part-easier-and-the-hard-part-harder
356•weaksauce•12h ago•260 comments

Running Your Own As: BGP on FreeBSD with FRR, GRE Tunnels, and Policy Routing

https://blog.hofstede.it/running-your-own-as-bgp-on-freebsd-with-frr-gre-tunnels-and-policy-routing/
182•todsacerdoti•21h ago•72 comments

TSMC to make advanced AI semiconductors in Japan

https://apnews.com/article/semiconductors-tsmc-japan-taiwan-ai-11256f2bfde73ca23d08331ad138d6d5
180•dev_tty01•7h ago•128 comments

Toma (YC W24) Is Hiring Founding Engineers

https://www.ycombinator.com/companies/toma/jobs/oONUnCf-founding-engineer-ai-products
1•anthonykrivonos•13h ago

Claude’s C Compiler vs. GCC

https://harshanu.space/en/tech/ccc-vs-gcc/
281•unchar1•7h ago•240 comments

Show HN: Slack CLI for Agents

https://github.com/stablyai/agent-slack
85•nwparker•3d ago•25 comments

Dave Farber has died

https://lists.nanog.org/archives/list/nanog@lists.nanog.org/thread/TSNPJVFH4DKLINIKSMRIIVNHDG5XKJCM/
257•vitplister•1d ago•41 comments

Exploiting signed bootloaders to circumvent UEFI Secure Boot (2019)

https://habr.com/en/articles/446238/
126•todsacerdoti•21h ago•70 comments
Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•8mo ago

Comments

steele•8mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•8mo ago
Lmao, gentrify cracked me up
neilv•8mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•8mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•8mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•8mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•8mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•8mo ago
May as well just release an executable tbh.
theamk•8mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•8mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•8mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."