frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

MacPaint Art from the Mid-80s Still Looks Great Today

https://blog.decryption.net.au/posts/macpaint.html
165•decryption•3h ago•35 comments

OpenAI’s Windsurf deal is off, and Windsurf’s CEO is going to Google

https://www.theverge.com/openai/705999/google-windsurf-ceo-openai
716•rcchen•14h ago•462 comments

New Date("wtf") – How well do you know JavaScript's Date class?

https://jsdate.wtf
96•OuterVale•3h ago•41 comments

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/
54•taubek•5h ago•10 comments

First malaria treatment for babies approved for use

https://www.bbc.com/news/articles/c89e872jdjxo
30•toomuchtodo•3d ago•4 comments

ETH Zurich and EPFL to release a LLM developed on public infrastructure

https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html
495•andy99•17h ago•77 comments

Faking a JPEG

https://www.ty-penguin.org.uk/~auj/blog/2025/03/25/fake-jpeg/
250•todsacerdoti•12h ago•56 comments

Preliminary report into Air India crash released

https://www.bbc.co.uk/news/live/cx20p2x9093t
285•cjr•15h ago•468 comments

OpenAI to release web browser in challenge to Google Chrome

https://www.cnbc.com/2025/07/09/openai-to-release-web-browser-in-challenge-to-google-chrome.html
28•mooreds•1h ago•35 comments

Replication of Quantum Factorisation Records with an 8-bit Home Computer [pdf]

https://eprint.iacr.org/2025/1237.pdf
89•sebgan•9h ago•9 comments

Upgrading an M4 Pro Mac mini's storage for half the price

https://www.jeffgeerling.com/blog/2025/upgrading-m4-pro-mac-minis-storage-half-price
368•speckx•21h ago•229 comments

jank is C++

https://jank-lang.org/blog/2025-07-11-jank-is-cpp/
251•Jeaye•18h ago•81 comments

Fundamentals of garbage collection (2023)

https://learn.microsoft.com/en-us/dotnet/standard/garbage-collection/fundamentals
56•b-man•3d ago•16 comments

ICANN fumes as AFRINIC offers no explanation for annulled election

https://www.theregister.com/2025/07/11/afrinic_election_annulled_why/
28•rntn•1h ago•4 comments

Bill Atkinson's psychedelic user interface

https://patternproject.substack.com/p/from-the-mac-to-the-mystical-bill
421•cainxinth•1d ago•250 comments

Leveraging Elixir's hot code loading capabilities to modularize a monolithic app

https://lucassifoni.info/blog/leveraging-hot-code-loading-for-fun-and-profit/
65•ronxjansen•4d ago•8 comments

Dict Unpacking in Python

https://github.com/asottile/dict-unpacking-at-home
98•_ZeD_•3d ago•29 comments

Andrew Ng: Building Faster with AI [video]

https://www.youtube.com/watch?v=RNJCfif1dPY
227•sandslash•1d ago•55 comments

Reverse proxy deep dive

https://medium.com/@mitendra_mahto/cross-posted-from-https-startwithawhy-com-reverseproxy-2024-01-15-reverseproxy-deep-dive-html-c3443dc3e0e5
34•miggy•4d ago•7 comments

What is Incus?

https://linuxcontainers.org/incus/
29•motorest•7h ago•8 comments

OpenAI delays launch of open-weight model

https://twitter.com/sama/status/1943837550369812814
147•martinald•10h ago•105 comments

Repasting a MacBook

https://christianselig.com/2025/07/repaste-macbook/
222•speckx•22h ago•111 comments

Rice rebels: Research reveals grain's brewing benefits

https://phys.org/news/2025-06-rice-rebels-reveals-grain-brewing.html
19•PaulHoule•2d ago•5 comments

Show HN: I built a toy music controller for my 5yo with a coding agent

https://github.com/jeffmccune/sonoserve
15•JeffMcCune•3d ago•3 comments

Bad Actors Are Grooming LLMs to Produce Falsehoods

https://americansunlight.substack.com/cp/168074209
124•nsoonhui•4h ago•147 comments

The First Year Out of Prison (2020)

https://www.marieclaire.com/politics/a32630854/prison-release-recidivism/
24•NaOH•3d ago•1 comments

A software conference that advocates for quality

https://bettersoftwareconference.com/
98•leoncaet•13h ago•85 comments

Monorail – Turn CSS animations into interactive SVG graphs

https://muffinman.io/monorail/
81•stanko•3d ago•8 comments

Introduction to Digital Filters (2024)

https://ccrma.stanford.edu/~jos/filters/
71•ofalkaed•16h ago•16 comments

Measuring power network frequency using junk you have in your closet

https://halcy.de/blog/2025/02/09/measuring-power-network-frequency-using-junk-you-have-in-your-closet/
50•zdw•13h ago•12 comments
Open in hackernews

Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/
54•taubek•5h ago

Comments

mpol•3h ago
Using a nonce before checking the form would have prevented much of the problems described. Or stated differently, it would suddenly require lots of manual labour.
jimjambw•1h ago
I’m from a technical background and so I understand this but being a Brit sentences like this are always funny to me
theglenn88_•1h ago
Not On Normal Courtyard Exercise
giingyui•2h ago
Should say what plugin it is.
Etheryte•2h ago
It's in the title? It's the official GravityForms plugin, supposedly version 2.9.13 fixes the issue, but the changelog [0] doesn't even mention the breach.

[0] https://docs.gravityforms.com/gravityforms-change-log/

giingyui•2h ago
The way it’s worded in the article it sounds like there are multiple plugins available in that domain.

> one of the plugins that they are trying to download from the official gravityforms.com domain

It’s common for certain plugins to have… plugins of their own. For example if you have a form created with gravityforms and you want to connect it to a CRM or something, there is a screen inside the plugin settings to install it. Which is why I asked. (I don’t know if that’s the case with gravityforms.)

redrove•1h ago
Honestly it still required a web search on my part to figure out it’s a WordPress plugin. That should be in the title.
autoexec•1h ago
Any time I read the words vulnerable and plugin I just assume WordPress is involved somehow. I'm convinced that the internet would be instantly more secure if the entire platform died off.
ChrisMarshallNY•33m ago
It would.

It also would be a lot less useful. A lot of content is published through WordPress.

I suspect an effective approach would be encouraging ways to make WP more secure, or publish a secure platform that can easily be transitioned from WP.

neomantra•6m ago
I really appreciate that this supply breach was discovered by a diligent system operator (tracking a slow HTTP request).

Similarly, the xz breach was uncovered by a diligent developer looking at quirky SSH login performance regressions.