frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Libpng 1.6.51: Four buffer overflow vulnerabilities fixed

https://www.openwall.com/lists/oss-security/2025/11/22/1
45•ledoge•2mo ago

Comments

applied_heat•2mo ago
Affects back to version 1.6.0 released Feb 14, 2013
lousken•2mo ago
rust rewrite when?
pornel•2mo ago
Chrome is already in the process of removing libpng.
zamadatix•2mo ago
For those curious on what to instead, it seems like they made an in house Skia module (using Rust) named SkPngRustDecoder (and Encoder).
tronical•2mo ago
…which appears to wrap the png crate. (Good, so not a rewrite)
pajko•2mo ago
https://www.cve.org/CVERecord/SearchResults?query=rust
ziotom78•2mo ago
It’s fantastic they were able to find these issues!

That four new CVEs (two high-severity!) were found in a mature and well-tested library like png reminds me how non-trivial and unforgiving software engineering can be.

Security flaws are often just waiting behind the corner: this should be humbling lesson for all of us.

kevincox•2mo ago
> All vulnerabilities require user interaction (processing a malicious PNG file)

What world is the author living in where PNGs aren't very frequently read and written with no user interaction. The web obviously displays PNGs with no prompt, sites can generate PNGs with canvas trivially and with no explicit permission. PNGs are also often displayed in notifications and may come from untrustworthy sources.

This feels like an irresponsible downplay of the severity.

lol768•2mo ago
I thought this initially too, but there's a comment on https://bugzilla.mozilla.org/show_bug.cgi?id=2001758#c5 that suggests a belief it doesn't affect Firefox at all. So I don't know if the surface for these is particularly obscure such that browsers are insulated?

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

https://openciv3.org/
543•klaussilveira•9h ago•152 comments

The Waymo World Model

https://waymo.com/blog/2026/02/the-waymo-world-model-a-new-frontier-for-autonomous-driving-simula...
869•xnx•15h ago•525 comments

How we made geo joins 400× faster with H3 indexes

https://floedb.ai/blog/how-we-made-geo-joins-400-faster-with-h3-indexes
74•matheusalmeida•1d ago•15 comments

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

https://github.com/valdanylchuk/breezydemo
186•isitcontent•10h ago•22 comments

Monty: A minimal, secure Python interpreter written in Rust for use by AI

https://github.com/pydantic/monty
187•dmpetrov•10h ago•82 comments

Unseen Footage of Atari Battlezone Arcade Cabinet Production

https://arcadeblogger.com/2026/02/02/unseen-footage-of-atari-battlezone-cabinet-production/
10•videotopia•3d ago•0 comments

Show HN: I spent 4 years building a UI design tool with only the features I use

https://vecti.com
297•vecti•12h ago•133 comments

Dark Alley Mathematics

https://blog.szczepan.org/blog/three-points/
72•quibono•4d ago•15 comments

Microsoft open-sources LiteBox, a security-focused library OS

https://github.com/microsoft/litebox
347•aktau•16h ago•168 comments

Sheldon Brown's Bicycle Technical Info

https://www.sheldonbrown.com/
343•ostacke•16h ago•90 comments

Hackers (1995) Animated Experience

https://hackers-1995.vercel.app/
440•todsacerdoti•17h ago•226 comments

Show HN: If you lose your memory, how to regain access to your computer?

https://eljojo.github.io/rememory/
241•eljojo•12h ago•147 comments

PC Floppy Copy Protection: Vault Prolok

https://martypc.blogspot.com/2024/09/pc-floppy-copy-protection-vault-prolok.html
44•kmm•4d ago•3 comments

Delimited Continuations vs. Lwt for Threads

https://mirageos.org/blog/delimcc-vs-lwt
15•romes•4d ago•2 comments

What Is Ruliology?

https://writings.stephenwolfram.com/2026/01/what-is-ruliology/
4•helloplanets•4d ago•1 comments

An Update on Heroku

https://www.heroku.com/blog/an-update-on-heroku/
378•lstoll•16h ago•253 comments

How to effectively write quality code with AI

https://heidenstedt.org/posts/2026/how-to-effectively-write-quality-code-with-ai/
222•i5heu•12h ago•167 comments

Show HN: ARM64 Android Dev Kit

https://github.com/denuoweb/ARM64-ADK
14•denuoweb•1d ago•2 comments

Why I Joined OpenAI

https://www.brendangregg.com/blog/2026-02-07/why-i-joined-openai.html
94•SerCe•5h ago•77 comments

Female Asian Elephant Calf Born at the Smithsonian National Zoo

https://www.si.edu/newsdesk/releases/female-asian-elephant-calf-born-smithsonians-national-zoo-an...
20•gmays•5h ago•2 comments

Show HN: R3forth, a ColorForth-inspired language with a tiny VM

https://github.com/phreda4/r3
63•phreda4•9h ago•11 comments

Learning from context is harder than we thought

https://hy.tencent.com/research/100025?langVersion=en
162•limoce•3d ago•83 comments

I spent 5 years in DevOps – Solutions engineering gave me what I was missing

https://infisical.com/blog/devops-to-solutions-engineering
128•vmatsiiako•14h ago•55 comments

Introducing the Developer Knowledge API and MCP Server

https://developers.googleblog.com/introducing-the-developer-knowledge-api-and-mcp-server/
39•gfortaine•7h ago•11 comments

Understanding Neural Network, Visually

https://visualrambling.space/neural-network/
261•surprisetalk•3d ago•35 comments

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

https://github.com/dmtrKovalenko/zlob
6•neogoose•2h ago•3 comments

I now assume that all ads on Apple news are scams

https://kirkville.com/i-now-assume-that-all-ads-on-apple-news-are-scams/
1030•cdrnsf•19h ago•428 comments

FORTH? Really!?

https://rescrv.net/w/2026/02/06/associative
56•rescrv•17h ago•19 comments

Show HN: Smooth CLI – Token-efficient browser for AI agents

https://docs.smooth.sh/cli/overview
85•antves•1d ago•60 comments

WebView performance significantly slower than PWA

https://issues.chromium.org/issues/40817676
20•denysonique•6h ago•3 comments