frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Rotten Dot Com

https://www.theparisreview.org/blog/2026/05/06/rotten-dot-com/
47•lordgrenville•1h ago•27 comments

Show HN: Building a web server in assembly to give my life (a lack of) meaning

https://github.com/imtomt/ymawky
278•imtomt•6h ago•122 comments

Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc

https://twitter.com/jarredsumner/status/2053047748191232310
550•heldrida•23h ago•515 comments

The One Dollar Counterfeiter

https://www.amusingplanet.com/2026/05/emerich-juettner-one-dollar.html
118•cainxinth•2d ago•32 comments

Gemini API File Search is now multimodal

https://blog.google/innovation-and-ai/technology/developers-tools/expanded-gemini-api-file-search...
90•gmays•6h ago•12 comments

Idempotency Is Easy Until the Second Request Is Different

https://blog.dochia.dev/blog/idempotency/
13•ludovicianul•2d ago•1 comments

We see something that works, and then we understand it

https://lemire.me/blog/2025/12/04/we-see-something-that-works-and-then-we-understand-it/
89•surprisetalk•3d ago•31 comments

Casio S100X Japanese Lacquer Edition (JP Page Only)

https://www.casio.com/jp/basic-calculators/premium/en-s100x-jc1-u/
129•dr_kiszonka•2d ago•41 comments

Internet Archive Switzerland

https://blog.archive.org/2026/05/06/internet-archive-switzerland-expanding-a-global-mission-to-pr...
609•hggh•21h ago•97 comments

I’ve banned query strings

https://chrismorgan.info/no-query-strings
405•susam•17h ago•217 comments

Debian must ship reproducible packages

https://lists.debian.org/debian-devel-announce/2026/05/msg00001.html
129•robalni•4h ago•23 comments

Local privilege escalation via execve()

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:13.exec.asc
147•Deeg9rie9usi•13h ago•78 comments

Zed Editor Theme-Builder

https://zed.dev/theme-builder
218•cuechan•16h ago•64 comments

Show HN: I made a Clojure-like language in Go, boots in 7ms

https://github.com/nooga/let-go
169•marcingas•15h ago•43 comments

I'm writing a history of Visual Basic, Chapter 1 is up

https://evilgeniuslabs.ca/blog/visual-basic-history-chapter-1-launch
106•speckx•3d ago•39 comments

A recent experience with ChatGPT 5.5 Pro

https://gowers.wordpress.com/2026/05/08/a-recent-experience-with-chatgpt-5-5-pro/
631•_alternator_•1d ago•463 comments

Scouting's Real Crisis Is Not Marketing. It Is Decades of Neglect.

https://www.untendedfire.org/2026/05/09/scoutings-real-crisis-is-not-marketing-it-is-decades-of-n...
14•AuthorizedCust•4h ago•11 comments

Making your own programming language is easier than you think (but also harder)

https://lisyarus.github.io/blog/posts/making-your-own-programming-language.html
98•ibobev•2d ago•49 comments

LLMs corrupt your documents when you delegate

https://arxiv.org/abs/2604.15597
410•rbanffy•1d ago•163 comments

Distributing Mac software is increasing my cortisol levels

https://blog.kronis.dev/blog/apple-is-increasing-my-cortisol-levels
289•LorenDB•19h ago•192 comments

EU Parliamentary Research Service calls VPNs "a loophole that needs closing"

https://cyberinsider.com/eu-calls-vpns-a-loophole-that-needs-closing-in-age-verification-push/
546•muse900•1d ago•376 comments

Show HN: Rust but Lisp

https://github.com/ThatXliner/rust-but-lisp
132•thatxliner•11h ago•66 comments

Sparse Cholesky Elimination Tree

https://www.reidatcheson.com/sparse/linear/cholesky/2026/04/09/etree.html
30•selimthegrim•7h ago•0 comments

The hypocrisy of cyberlibertarianism

https://matduggan.com/the-intolerable-hypocrisy-of-cyberlibertarianism/
331•ColinWright•19h ago•293 comments

The first microcomputer: The transfluxor-powered Arma Micro Computer from 1962

https://www.righto.com/2024/02/the-first-microcomputer-transfluxor.html
58•rsecora•3d ago•2 comments

CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers

https://www.copahost.com/blog/cpanels-black-week-three-new-vulnerabilities-patched-after-ransomwa...
126•ggallas•16h ago•71 comments

Surfel-based global illumination on the web

https://juretriglav.si/surfel-based-global-illumination-on-the-web/
57•vmg12•14h ago•6 comments

Using Claude Code: The unreasonable effectiveness of HTML

https://twitter.com/trq212/status/2052809885763747935
460•pretext•1d ago•258 comments

The Serial TTL connector we deserve

https://kohlschuetter.github.io/blog/posts/2026/05/07/serial-ttl-connector/
87•kohlschuetter•2d ago•61 comments

Production engineering when trading billions of dollars a day [video]

https://www.youtube.com/watch?v=zR9PpXWsKFQ
126•abstrus•1d ago•38 comments
Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•11mo ago

Comments

steele•11mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•11mo ago
Lmao, gentrify cracked me up
neilv•11mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•11mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•11mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•11mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•11mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•11mo ago
May as well just release an executable tbh.
theamk•11mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•11mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•11mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."