frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Thunderbird 140 "Eclipse"

https://blog.thunderbird.net/2025/07/welcome-to-thunderbird-140-eclipse/
38•TangerineDream•2d ago•14 comments

MCP-B: A Protocol for AI Browser Automation

https://mcp-b.ai/
227•bustodisgusto•10h ago•111 comments

Tree Borrows

https://plf.inf.ethz.ch/research/pldi25-tree-borrows.html
497•zdw•18h ago•126 comments

A Typology of Canadianisms

https://dchp.arts.ubc.ca/how-to-use
149•gnabgib•11h ago•149 comments

Generic interfaces

https://go.dev/blog/generic-interfaces
42•Merovius•2d ago•35 comments

Biomni: A General-Purpose Biomedical AI Agent

https://github.com/snap-stanford/Biomni
184•GavCo•14h ago•29 comments

Show HN: MCP server for searching and downloading documents from Anna's Archive

https://github.com/iosifache/annas-mcp
146•iosifache•12h ago•41 comments

Show HN: FlopperZiro – A DIY open-source Flipper Zero clone

https://github.com/lraton/FlopperZiro
267•iraton•16h ago•59 comments

The Origin of the Research University

https://asteriskmag.com/issues/10/the-origin-of-the-research-university
70•Petiver•3d ago•1 comments

The jank programming language

https://jank-lang.org/
312•akkad33•3d ago•83 comments

A fast 3D collision detection algorithm

https://cairno.substack.com/p/improvements-to-the-separating-axis
225•OlympicMarmoto•19h ago•27 comments

I made a parody of enterprise AI chatbots

https://github.com/muratcanozdemir/chatgpt-parody
6•moezd•3h ago•1 comments

Show HN: Petrichor – a free, open-source, offline music player for macOS

https://github.com/kushalpandya/Petrichor
107•kushalpandya•11h ago•49 comments

Evaluating the Effectiveness of Memory Safety Sanitizers

https://www.computer.org/csdl/proceedings-article/sp/2025/223600a088/21TfesaEHTy
23•signa11•2d ago•6 comments

Show HN: BreakerMachines – Modern Circuit Breaker for Rails with Async Support

https://github.com/seuros/breaker_machines
22•seuros•3d ago•6 comments

Solar power has begun to transform the world’s energy system

https://www.newyorker.com/news/annals-of-a-warming-planet/46-billion-years-on-the-sun-is-having-a-moment
138•dmazin•21h ago•194 comments

Cmdk – CD anywhere and open anything in your terminal

https://github.com/mieubrisse/cmdk
9•mieubrisse•2d ago•6 comments

Code and Trust: Vibrators to Pacemakers

https://punkx.org/jackdoe/code-and-trust.html
44•jackdoe•3d ago•28 comments

Matt Trout has died

https://www.shadowcat.co.uk/2025/07/09/ripples-they-cause-in-the-world/
46•todsacerdoti•2h ago•10 comments

Configuring Split Horizon DNS with Pi-Hole and Tailscale

https://www.bentasker.co.uk/posts/blog/general/configuring-pihole-to-serve-different-records-to-different-clients.html
98•gm678•16h ago•28 comments

Bootstrapping a side project into a profitable seven-figure business

https://projectionlab.com/blog/we-reached-1m-arr-with-zero-funding
842•jonkuipers•2d ago•228 comments

Archaeologists unveil 3,500-year-old city in Peru

https://www.bbc.co.uk/news/articles/c07dmx38kyeo
153•neversaydie•3d ago•56 comments

German court rules Meta tracking technology violates European privacy laws

https://therecord.media/german-court-meta-tracking-tech
274•bundie•4h ago•116 comments

Linda Yaccarino is leaving X

https://www.nytimes.com/2025/07/09/technology/linda-yaccarino-x-steps-down.html
449•donohoe•18h ago•746 comments

Xenharmlib: A music theory library that supports non-western harmonic systems

https://xenharmlib.readthedocs.io/en/latest/
175•retooth•1d ago•17 comments

Ruby 3.4 frozen string literals: What Rails developers need to know

https://www.prateekcodes.dev/ruby-34-frozen-string-literals-rails-upgrade-guide/
225•thomas_witt•3d ago•112 comments

Grok 4 Launch [video]

https://twitter.com/xai/status/1943158495588815072
169•meetpateltech•5h ago•110 comments

The most otherworldly, mysterious forms of lightning on Earth

https://www.nationalgeographic.com/science/article/lightning-sprites-transient-luminous-events-thunderstorms
100•Anon84•3d ago•32 comments

I used to prefer permissive licenses and now favor copyleft

https://vitalik.eth.limo/general/2025/07/07/copyleft.html
109•bpierre•10h ago•62 comments

HyAB k-means for color quantization

https://30fps.net/pages/hyab-kmeans/
38•ibobev•12h ago•10 comments
Open in hackernews

White Noise – secure and private messenger

https://www.whitenoise.chat/
95•onhacker•11h ago

Comments

SeriousM•10h ago
Austria's goverment agreed on spying messengers for the public safety. How does white noise protects itself from getting legally hacked?
shark_laser•7h ago
White Noise is open source, and built on Nostr, a decentralised and open protocol.

Run your own fork if you don't trust this one.

hiimkeks•10h ago
Congratulations on the release!

As someone who used to be in the Secure Scuttlebutt community an now works on OpenMLS, I wonder how they (you?) deal with concurrency of Commit messages. I spent quite some time thinking about ways to detect and resolve forks, and the current iteration of MLS doesn't really have good answers here.

miloignis•6h ago
I looked up the spec, and it seems like they just tiebreak on time and hash and throw away the losing commit:

https://github.com/nostr-protocol/nips/blob/001c516f72943081...

hiimkeks•2h ago
Huh, that would make it easy to provoke forks by just backdating a second commit.
heavyset_go•9h ago
> White Noise stands out by merging Nostr’s decentralized network with advanced encryption.

How does White Noise address criticisms surrounding Nostr's implementation[1]:

> While nostr offers the ability to send encrypted DMs to user pubkeys, the metadata of these messages are broadcast publicly via relays. This is the same as a bitcoin transaction being viewable on the public ledger. The contents of the direct message will be encrypted, but other metadata like the sender and recipient can be viewed by anyone.

Even assuming if metadata is encrypted, does WN's implementation broadcast messages across public relays?

If you can map out social networks based on publicly available data, can tell if one user messages another, or correlate when messages were sent to/from whom, I would not call that private.

[1] https://ron.stoner.com/nostr_Security_and_Privacy/

EGreg•7h ago
So you wouldn't call Signal private, right? Just wanted consistency.
collinmcnulty•7h ago
Signal has sealed sender. So you can tell that a phone number is a signal user but not who they message.
rendaw•5h ago
How does sealed sender work? I couldn't find details. The explanations I saw seemed to start from the assumption that Signal doesn't keep logs of messages moving through their system.
ikawe•4h ago
https://signal.org/blog/sealed-sender/

The short version is: Traditionally, Bob needed to “log in” to be able to send a message to Alice’s inbox.

With Sealed Sender, Alice gives Bob a credential that allows him to message her from now on without logging in.

Only Alice can tell that the message she received is from Bob.

There’s some subtlety around bootstrapping these credentials and preventing abuse which means that not every message can be sent as Sealed Sender, but the vast majority are. Read the blog post for the authoritative explanation.

There’s an option in the app settings to make visible which of your messages were sent without identifying your client to the server if you’re curious.

rendaw•3h ago
Ah thanks, okay, I'm not sure I'm missing anything in that case.

But if so, doesn't signal still know that alice and bob are communicating because it's transferring messages between them? Even if Bob doesn't log in IP B is still sending payloads that eventually get delivered to IP A, and if law enforcement later asks signal for logs they could be correlated.

happymellon•1h ago
Indeed, at some point in time a byte has to move from point A to point B, and unless you random VPN to a different location the source and destination IPs can be identified.

Even if they can't read it, a hostile government won't care.

There is only so much you can do against a really determined adversary thats well funded. I just want a Signal that doesn't tie everything back to a phone number.

heavyset_go•3h ago
No, if you're doing something sensitive that can get you or other people arrested, locked up, hurt or killed, you should not be using Signal for that. You should reconsider using a phone or computer at all. If you must, you must be desperate and I pity the situation you must be in, and I hope you really understand what your risk profile is, what technology can address actually it, and if that technology actually exists.

States can use metadata from Signal and ISPs to confirm that party A was in contact with party B and at what times, for example, in charges of criminal conspiracy. If one device on any end of the chats is compromised or confiscated, chats and identities are exposed. Once both devices are confiscated, messages are decrypted on both ends of the Signal app and authorities can grab the message content they used the metadata to get a warrant/subpoena/order for.

Similarly, Signal can be gag ordered to keep a record of phone numbers linked to identities if it already doesn't exist in their implementation. Signal and/or Google/Apple/ISPs/carriers can be compelled to follow wiretap laws and collect more data on specific users, push special updates to them, etc.

It's an app that forces the use of cell phone numbers linked to real identities in order to use it, clients have servers hardcoded, clients make direct connections to servers, etc. Just the first fact alone should be a red flag if your well-being depends on privacy.

hugs•7h ago
(fwiw, I'm not the creator of this, but am a casual user of Nostr...)

tl;dr: the answer you're looking for is probably in the explainer doc [1].

At its core, Nostr is simple: it's "just" JSON over WebSockets. But there are dozens of optional proposals to add additional functionality. And a few of those proposals are related to encrypted DMs, specifically, NIP-04 [2], and NIP-17 [3]. Most of the online criticism of encrypted DMs on Nostr is about NIP-04 (which is why it's deprecated.)

White Noise is using a different encryption standard: MLS (Messaging Layer Security) [4]. They explicitly say in their docs: "White Noise is an implementation of the NIP-EE spec." [5]. The NIP-EE proposal itself is on GitHub [6]. The explainer doc [1] I first mentioned is linked to from the proposal [6].

This is all to say: given all the links I posted here, an AI chatbot could probably give you a better answer using the prompt: "How is NIP-EE (Messaging Layer Security for Nostr) different or better than NIP-04 or NIP-17?"

(I'm a little surprised that wasn't already in the FAQ for the project.)

  [1]: https://github.com/nostr-protocol/nips/blob/001c516f7294308143515a494a35213fc45978df/EE.md
  [2]: https://github.com/nostr-protocol/nips/blob/master/04.md
  [3]: https://github.com/nostr-protocol/nips/blob/master/17.md
  [4]: https://www.rfc-editor.org/rfc/rfc9420.html
  [5]: https://github.com/parres-hq/whitenoise?tab=readme-ov-file#the-spec
  [6]: https://github.com/nostr-protocol/nips/pull/1427
shark_laser•7h ago
This criticism of Nostr is quite outdated.

I haven't looked into the White Noise code, but Gift Wrapping is just one way this issue was solved a long time ago: https://nips.nostr.com/59

rendaw•3h ago
How does gift wrapping address what GP brought up? I read through and AFAICT it obscures explicit metadata in the message, but not external stuff such as source/dest ip that logging any shared relay could give you.

AFAIK the only real ways to get metadata privacy are onion routing (increase the chance of a non-compromised node) and N-anonymity (decrease the value of a discovered connection).

jimmydoreornot•1h ago
As for nostr layer privacy, the giftwrap is written by an anonymous key, but sent to a person's public key. So you know they received something, but you don't know who from.

IP layer privacy is left to a lower layer. VPN or Tor or whatever. Trying to re-implement onion or garlic routing in nostr is IMHO not a great idea. Why tie such functionality together in the same layer?

SchemaLoad•5h ago
There was a project called Bitmessage which solved this problem by not having a recipient field. Your client would just try to decrypt everything, and when it succeeds, that means the message is for you.

The then immediate issue is routing becomes very inefficient since every node now needs to receive and attempt to decrypt every single message. Which they solved by having channels to split up the network and only require decrypting of every message on the same channel as your address.

bravesoul2•1h ago
That sounds easy to DoS.
heavensteeth•3h ago
That article reeks of AI generation. The "author" also uses an AI generated profile picture. I struggle to trust anything this page says.
heavyset_go•3h ago
It's a sentiment that's spread for years and I first heard it on Mastodon, but don't have a link to it in my history.

What I posted is just the first link I found on DDG that talks about it.

abhsag•2h ago
Lol, nostr metadata leak was a criticism of NIP-04 , which has long been considered obsolete NIP-17 messages addressed this long time ago, but it was not scalable to large groups. MLS solves this problem so we finally have, scalable, private, decentralized messeging on the internet, all these specs are public, the very fact that you did not understand this, means no one will be able to make you understand with a comment.
ktallett•9h ago
As much as I love the idea of these secure messaging apps, until I see how a company responds to government intimidation I am always wary of being too invested and trustworthy of the marketing.
sak5sk•3h ago
There is no company. It's open source software and data is stored on relays.
abhsag•2h ago
Yep, this is what makes THIS app special, it's a protocol not a company
patchtopic•9h ago
interesting but still very alpha. It doesn't have any desktop/PC clients yet, but I assume it will?
hackernudes•8h ago
Looks like a flutter app that can build for desktop Linux https://github.com/parres-hq/whitenoise_flutter .

I started my reply thinking it was still using Tauru but apparently things change fast!

globalnode•8h ago
i admit i havent looked at the app, but i assume is centrally run.

firstly: i think the only way secure p2p messaging can work is if its decentralised. no 3rd parties to communication, how this would be done i have no idea. maybe like email but without the server?

secondly: you'd need to ensure a secure os on each end that you can trust to not take screenshots and send to hq before transmission or after reception.

since its not possible to use the internet without a source ip. its almost provably insecure (in terms of privacy), no matter what protocols are dreamed up. a 3rd party will have to be trusted to distribute packets. and thats the weak point. (unless you force the source IP to be 0.0.0.0 or something before it goes out)

couldnt we just use dns to point to recipients, force zero the source ip and send udp packets directly?

what about pgp through a tor relay?

botanical76•8h ago
As I understand it, it's just a nostr client, so it uses nostr's decentralized network of relays.
shark_laser•7h ago
This is decentralised as it runs on Nostr.

Nostr can run over TOR.

abhsag•2h ago
It's not centrally run, that's the whole point.
esafak•7h ago
Apparently it uses a new protocol called https://en.wikipedia.org/wiki/Messaging_Layer_Security
skeptrune•6h ago
Wow, Nostr is back in vogue on the all time highs?
journal•6h ago
title: secure and private terms: we're not responsible
gblargg•4h ago
Software advertising itself as "A truly secure and private messenger" raises my skepticism. It might be truly secure. Its creators might believe it is and have zero doubt that they've made no errors and there are no flaws. Or it is neither and they want me to think it's those things. The only thing definite is that it claims to be truly secure.
sak5sk•3h ago
It's open source, others can audit it if you can't.
abhsag•2h ago
Don't trust, verify ;)
STELLANOVA•3h ago
How is this better than Session and how it compares?

https://arxiv.org/pdf/2002.04609

sak5sk•3h ago
Looks super interesting. I am waiting for the App Store release since TestFlight is full. I like the idea of not requiring a phone number - the only thing makes Signal lose some points in my eyes... well, I guess if the company goes down that might be another reason for open protocols over apps.
wrftaylor•3h ago
Heads up that you have a typo - "Unscensorable"
untitled2•1h ago
Oh, look, another one!