frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Claude Sonnet 4 now supports 1M tokens of context

https://www.anthropic.com/news/1m-context
813•adocomplete•7h ago•437 comments

Ashet Home Computer

https://ashet.computer/
167•todsacerdoti•4h ago•34 comments

Journaling using Nix, Vim and coreutils

https://tangled.sh/@oppi.li/journal
50•icy•9h ago•14 comments

The Missing Protocol: Let Me Know

https://deanebarker.net/tech/blog/let-me-know/
56•deanebarker•3h ago•34 comments

Show HN: Building a web search engine from scratch with 3B neural embeddings

https://blog.wilsonl.in/search-engine/
284•wilsonzlin•7h ago•49 comments

Show HN: Omnara – Run Claude Code from anywhere

https://github.com/omnara-ai/omnara
188•kmansm27•7h ago•79 comments

Training language models to be warm and empathetic makes them less reliable

https://arxiv.org/abs/2507.21919
182•Cynddl•10h ago•189 comments

A gentle introduction to anchor positioning

https://webkit.org/blog/17240/a-gentle-introduction-to-anchor-positioning/
15•feross•1h ago•4 comments

Multimodal WFH setup: flight SIM, EE lab, and music studio in 60sqft/5.5M²

https://www.sdo.group/study
161•brunohaid•3d ago•75 comments

Blender is Native on Windows 11 on Arm

https://www.thurrott.com/music-videos/324346/blender-is-native-on-windows-11-on-arm
86•thunderbong•3d ago•27 comments

WHY2025: How to become your own ISP [video]

https://media.ccc.de/v/why2025-9-how-to-become-your-own-isp
76•exiguus•6h ago•9 comments

Launch HN: Design Arena (YC S25) – Head-to-head AI benchmark for aesthetics

53•grace77•7h ago•23 comments

The Equality Delete Problem in Apache Iceberg

https://blog.dataengineerthings.org/the-equality-delete-problem-in-apache-iceberg-143dd451a974
38•dkgs•5h ago•12 comments

Debian GNU/Hurd 2025 released

https://lists.debian.org/debian-hurd/2025/08/msg00038.html
165•jrepinc•3d ago•74 comments

Why are there so many rationalist cults?

https://asteriskmag.com/issues/11/why-are-there-so-many-rationalist-cults
345•glenstein•8h ago•505 comments

How to safely escape JSON inside HTML SCRIPT elements

https://sirre.al/2025/08/06/safe-json-in-script-tags-how-not-to-break-a-site/
61•dmsnell•4d ago•38 comments

LLMs aren't world models

https://yosefk.com/blog/llms-arent-world-models.html
196•ingve•2d ago•96 comments

Dumb to managed switch conversion (2010)

https://spritesmods.com/?art=rtl8366sb&page=1
29•userbinator•3d ago•11 comments

Weave (YC W25) is hiring a founding AI engineer

https://www.ycombinator.com/companies/weave-3/jobs/SqFnIFE-founding-ai-engineer
1•adchurch•6h ago

Galileo’s telescopes: Seeing is believing (2010)

https://www.historytoday.com/archive/history-matters/galileos-telescopes-seeing-believing
11•hhs•2d ago•3 comments

RISC-V single-board computer for less than 40 euros

https://www.heise.de/en/news/RISC-V-single-board-computer-for-less-than-40-euros-10515044.html
118•doener•4d ago•64 comments

Go 1.25 Release Notes

https://go.dev/doc/go1.25
51•bitbasher•2h ago•6 comments

All-In on Omarchy at 37signals

https://world.hey.com/dhh/all-in-on-omarchy-at-37signals-68162450
22•dotcoma•3d ago•1 comments

Australian court finds Apple, Google guilty of being anticompetitive

https://www.ghacks.net/2025/08/12/australian-court-finds-apple-google-guilty-of-being-anticompetitive/
304•warrenm•10h ago•114 comments

Crypto founder Do Kwon pleads guilty to US fraud charges

https://www.ft.com/content/2e6fdc73-1083-48fb-b258-d22fc7ef8ad8
26•TechTechTech•2h ago•9 comments

Writing is power transfer technology

https://danco.substack.com/p/im-joining-a16z
33•jger15•6h ago•8 comments

Evaluating LLMs Playing Text Adventures

https://entropicthoughts.com/evaluating-llms-playing-text-adventures
86•todsacerdoti•8h ago•54 comments

Nexus: An Open-Source AI Router for Governance, Control and Observability

https://nexusrouter.com/blog/introducing-nexus-the-open-source-ai-router
72•mitchwainer•8h ago•19 comments

H-1B Visa Changes Approved by White House

https://www.newsweek.com/h-1b-visas-changes-approved-white-house-report-2112216
101•ivewonyoung•5h ago•154 comments

Monero appears to be in the midst of a successful 51% attack

https://twitter.com/p3b7_/status/1955173413992984988
438•treyd•11h ago•202 comments
Open in hackernews

High-severity WinRAR 0-day exploited for weeks by 2 groups

https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/
70•chrisjj•11h ago

Comments

smokel•10h ago
> WinRAR, a utility for compressing files, and has an installed base of about 500 million.

Yeah, right.

Edit: this figure is possibly taken from the WinRAR website [1]. It is more likely that there have been that many cumulative downloads, and even that seems to be a high number. Given that Windows has .zip file support built-in for quite some time, and the fact that nearly nobody downloads .zip files anymore, makes me very suspicious of this kind of statistic.

[1] https://www.win-rar.com/

sidewndr46•10h ago
While I know that WinRAR has some die-hard user bases, I have never been sure who their paying user base is. Are there some companies that are completely dependent on WinRAR for some internal processes?
RiverCrochet•10h ago
I remember RAR being popular in the early 00's but when 7-zip started becoming a thing I switched to that, and then I rarely saw .RAR's.

RAR seemed to handle large collections of files better on Windows than .zip back in the day, and it had a few features that .zip didn't, so it was something I typically installed on like Windows XP and such back then. But I'm not sure why anyone would use it over 7-zip today unless you have massive numbers of old .RAR files laying around.

I did work for a company that actually licensed WinZip because it was easier to use than the default Windows interface for .zip files.

johnmaguire•10h ago
> But I'm not sure why anyone would use it over 7-zip today unless you have massive numbers of old .RAR files laying around.

Even then, 7-zip supports extracting rar.

FirmwareBurner•10h ago
> Are there some companies that are completely dependent on WinRAR for some internal processes?

In aa world where 7zip exists, most likely not.

AlexandrB•10h ago
I'm one of their paying user base. To me WinRAR is like the VLC of archives. I can throw almost anything at it and it will work. Other compression tools, not so much. I'm also a fan of giving money to small, independent developers.
close04•10h ago
WinRAR's strong point is support for RAR archives, not ZIP which has been natively supported in Windows for years (since XP?).

I think Windows 11 got native RAR and 7Z support recently but I'm not sure what libraries it uses for this.

hatsuseno•10h ago
Sort of, the "zip folder" thing was introduced with the "98 Plus!" pack, but came natively with XP. That said, "natively supported in Windows" is one thing, but the usability was... well, not great. The entire "it's a compressed folder!" analogy seems reasonable, but the implementation wasn't. It ate memory like few other components, crashed often, and because it was treated like a folder only in file explorer the analogy quickly broke down when using a file picker anywhere else. WinZIP and WinRAR were basically requirements if you often worked with zip archives until 7zip came along and did everything just a tad better.
scrlk•9h ago
Windows 11 uses libarchive: https://en.wikipedia.org/wiki/Libarchive#Users
jeroenhd•10h ago
WinRAR is still very popular in my experience. I don't know why, but it definitely is. People still send me .rar files.
nerdjon•10h ago
I don't doubt the numbers.

Until very recently Windows could not natively unarchive .rar files and you needed to download WinRAR to be able to do this. I still find it not terribly uncommon to run into a random .rar file that previously would have meant I needed to install it, even if I only used it once.

> and the fact that nearly nobody downloads .zip files anymore

Citation needed? Why would people not be downloading .zip files anymore?

hnuser123456•10h ago
What I don't get is why people kept installing WinRAR when 7zip can do all the same things and doesn't beg for money.
TonyTrapp•9h ago
Subjective: WinRAR has nicer UI.

Objective: 7z (the format) doesn't have the same data recovery options as RAR. As it stands, RAR remains one of the best options for long-term archival of data for casual users thanks to its optional recovery records.

nerdjon•9h ago
Sure, but if you are a non technical user what are you likely going to search for first.

A lot of non technical people know "winrar" and even if they don't if you search "rar file" on Google the first result is winrar.

close04•9h ago
WinRAR in my experience has a better speed/compression ratio than 7Zip. If you need best compression 7z is probably best but it will cost you some extra time. The GUI and integration of 7Zip also aren't as polished as WinRAR's. I've been using both since their early versions and each have their individual strengths.
wongarsu•8h ago
7zip can't do all the same things. It's an incomplete WinRar clone that leaves out a lot of features and adds very little on its own, besides the 7zip format and being open source (both neat things, but that doesn't replace the long list of features it doesn't have or the worse UI)
sim7c00•6h ago
i have not seen anything relevant packaged in rar for at since the early 2000s
smokel•5h ago
You can't get a citation for this, and I must admit that this was a bit of a hyperbole.

Still, I sincerely believe that in a typical year, a typical user runs into zero or one .zip files. Of course there are exceptions, but these power users do not make up a large part of the population. Facebook and Instagram are not shipped in .zip format for a reason.

Here are some numbers to think about:

According to Microsoft, there are ~1.4 billion devices that run Windows 10 or Windows 11 [1]. Apparently, there are some 200 million additional devices that run older versions of Windows [2].

Now, I could hypothetically ask my mom and dad, and find out that only one of them knows what a .zip file is. The other has not heard of .rar. I don't think I myself am a typical user, but I do know .rar, and I do not even have WinRAR installed.

That leaves me to conclude that it is very, very, unlikely that 31% of all Windows users has WinRAR installed.

[1] https://blogs.windows.com/windowsexperience/2025/06/24/stay-...

[2] https://jitendra.co/how-many-windows-users-are-there-in-the-...

k_roy•5h ago
I know many people that still use it because it does all formats, it’s what they’ve been using forever, and the UI is so much better than using zip on Windows.

Of course, RAR usage nowadays is probably a bit more limited to things like usenet downloads, so the people caring enough to install an alternative decompressor is narrowing.

Larrikin•4h ago
Don't all email providers automatically zip attachments after a certain number and don't all the major OSes try to hide extensions and include zip handling? I'm not sure what your parents knowing about zip files indicates about its usage.
entelechy0•9h ago
winrar has been around since I was in high school...21+ years 500 million downloads isn't unreasonable during that time frame real question is: how many windows boxes are up right now and how many have winrar installed
bdcravens•9h ago
I haven't downloaded it in 10 years or more, but I know I've downloaded it (and WinZip) a few dozen times. Back in the day I even had a paid license.

I do reject the idea that "nearly nobody downloads .zip files anymore". It's still pretty common. Crafters using Cricuts and engravers regularly download zip files of fonts, etc. Fedex/UPS package up invoices of a certain size, or consolidated billing accounts, in zip files. Etc.

transcriptase•9h ago
Every game mod for every game ever.
HackerThemAll•3h ago
"nearly nobody downloads .zip files anymore"

At this point you lost my attention.

pityJuke•10h ago
> The exploit abused that feature to trigger a previously unknown path traversal flaw that caused WinRAR to plant malicious executables in attacker-chosen file paths %TEMP% and %LOCALAPPDATA%, which Windows normally makes off-limits because of their ability to execute code.

This seems... wrong? Isn't %LOCALAPPDATA% commonly used to store executables for programs that want to install for a single user and not the whole computer? An example of which includes Google Chrome?

jeroenhd•10h ago
ESET's story seems to make more sense: https://www.welivesecurity.com/en/eset-research/update-winra...

The exploit abuses ADSes with ..\ in the name to drop files on the system that aren't visible in the WinRAR file browser. It drops malware in the temp directory and then a .lnk in the Startup directory to activate an attack against COM, influencing the DLL that's being loaded by legitimate applications.

dataflow•9h ago
> This seems... wrong? Isn't %LOCALAPPDATA% commonly used to store executables for programs that want to install for a single user and not the whole computer? An example of which includes Google Chrome?

Maybe you're thinking of %AppData%?

gruez•9h ago
No, he's right.

>By default, VS Code is installed under C:\Users\{Username}\AppData\Local\Programs\Microsoft VS Code.

https://code.visualstudio.com/docs/setup/windows

%appdata% would be C:\Users\{Username}\AppData\Roaming

wongarsu•8h ago
%LocalAppData% is for files you wouldn't want to synchronize across multiple computers using the same account. Installed programs squarely fall into that category, even just based on size. %AppData% is also commonly used to install executables, but I'd consider that a bug. Just like putting your cache dir in %appdata% instead of %localappdata%
rkagerer•6h ago
The only reason publishers use those appdata paths for executables is so regular users can install their software without needing an administrator or a UAC prompt, since Microsoft locked down installing to the various Program Files directories.
wongarsu•5h ago
But %localappdata% has all the same advantages and permissions. Using %appdata% for executables is usually a mix of ignorance and indifference. Roaming user profiles are a rare setup nowadays and are even less common on developer machines. And it's not like it breaks in obvious ways, the is just more storage space used and login is slower because more data is transferred from the server, in a setup that devs and PMs don't use
philipwhiuk•9h ago
Can someone explain why you would ever want to compress a file into .rar?
exhilaration•9h ago
I bet it's Usenet users. WinRAR can split large files into chunks that are uploaded as separate Usenet messages.
JackeJR•9h ago
And also have parity built in for file recovery. The alternative will be to use par2 to create parity files.
qingcharles•7h ago
The parity files are the killer feature for me. Probably 95% of the downloads from Usenet end up needing them.
dmonitor•8h ago
7z also does this now FWIW

I'd still bet it's Usenet users that installed WinRAR way back when and have stuck to it ever since

kayson•7h ago
That's me. But now everything is done automagically by nzbget and I use nanazip on my Windows desktop.
DaSHacka•9h ago
Better compression over .zip and other older formats (like .gz).

Why people use it over .7z though? For that, I have no idea.

CJefferson•6h ago
rar is super popular in China, because for a long time (and still with many modern implementations) it is much better at preserving Chinese filenames in Windows than zip.
chrisjj•6h ago
Wider filename character support, for one.
JosephRedfern•9h ago
There's a really interesting article from Tavis Ormandy about the instruction set and virtual machine used in RAR: https://blog.cmpxchg8b.com/2012/09/fun-with-constrained-prog....

The docs for the toolchain he implemented (https://github.com/taviso/rarvmtools) allude to a number of bugs, but doesn't sound (??) like they're related to this vulnerability.

LegionMammal978•8h ago
The VM has long since been torn out of the RAR decompressor. These days, when it finds a file containing bytecode, it just hashes the bytecode and matches it against a few hardcoded routines that existed at the time.