frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

https://github.com/localgpt-app/localgpt
190•yi_wang•6h ago•69 comments

Haskell for all: Beyond agentic coding

https://haskellforall.com/2026/02/beyond-agentic-coding
91•RebelPotato•6h ago•23 comments

SectorC: A C Compiler in 512 bytes (2023)

https://xorvoid.com/sectorc.html
280•valyala•14h ago•55 comments

Software factories and the agentic moment

https://factory.strongdm.ai/
220•mellosouls•17h ago•376 comments

LLMs as the new high level language

https://federicopereiro.com/llm-high/
89•swah•4d ago•164 comments

The Architecture of Open Source Applications (Volume 1) Berkeley DB

https://aosabook.org/en/v1/bdb.html
21•grep_it•5d ago•1 comments

Speed up responses with fast mode

https://code.claude.com/docs/en/fast-mode
177•surprisetalk•14h ago•174 comments

The world heard JD Vance being booed at the Olympics. Except for viewers in USA

https://www.theguardian.com/sport/2026/feb/07/jd-vance-boos-winter-olympics
125•treetalker•1h ago•32 comments

LineageOS 23.2

https://lineageos.org/Changelog-31/
27•pentagrama•2h ago•2 comments

Hoot: Scheme on WebAssembly

https://www.spritely.institute/hoot/
188•AlexeyBrin•20h ago•36 comments

Brookhaven Lab's RHIC concludes 25-year run with final collisions

https://www.hpcwire.com/off-the-wire/brookhaven-labs-rhic-concludes-25-year-run-with-final-collis...
79•gnufx•13h ago•61 comments

Stories from 25 Years of Software Development

https://susam.net/twenty-five-years-of-computing.html
186•vinhnx•17h ago•18 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
348•jesperordrup•1d ago•104 comments

Substack confirms data breach affects users’ email addresses and phone numbers

https://techcrunch.com/2026/02/05/substack-confirms-data-breach-affecting-email-addresses-and-pho...
43•witnessme•3h ago•12 comments

Wood Gas Vehicles: Firewood in the Fuel Tank (2010)

https://solar.lowtechmagazine.com/2010/01/wood-gas-vehicles-firewood-in-the-fuel-tank/
42•Rygian•2d ago•16 comments

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

https://github.com/Momciloo/fun-with-clip-path
95•momciloo•14h ago•22 comments

First Proof

https://arxiv.org/abs/2602.05192
141•samasblack•16h ago•82 comments

uLauncher

https://github.com/jrpie/launcher
15•dtj1123•4d ago•0 comments

Roger Ebert Reviews "The Shawshank Redemption"

https://www.rogerebert.com/reviews/great-movie-the-shawshank-redemption-1994
6•monero-xmr•2h ago•0 comments

Start all of your commands with a comma (2009)

https://rhodesmill.org/brandon/2009/commands-with-comma/
598•theblazehen•3d ago•216 comments

Vouch

https://twitter.com/mitchellh/status/2020252149117313349
95•chwtutha•5h ago•25 comments

Al Lowe on model trains, funny deaths and working with Disney

https://spillhistorie.no/2026/02/06/interview-with-sierra-veteran-al-lowe/
111•thelok•16h ago•24 comments

Show HN: A luma dependent chroma compression algorithm (image compression)

https://www.bitsnbites.eu/a-spatial-domain-variable-block-size-luma-dependent-chroma-compression-...
42•mbitsnbites•3d ago•6 comments

The AI boom is causing shortages everywhere else

https://www.washingtonpost.com/technology/2026/02/07/ai-spending-economy-shortages/
330•1vuio0pswjnm7•20h ago•537 comments

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

https://openciv3.org/
912•klaussilveira•1d ago•277 comments

The Scriptovision Super Micro Script video titler is almost a home computer

http://oldvcr.blogspot.com/2026/02/the-scriptovision-super-micro-script.html
8•todsacerdoti•6h ago•1 comments

FDA intends to take action against non-FDA-approved GLP-1 drugs

https://www.fda.gov/news-events/press-announcements/fda-intends-take-action-against-non-fda-appro...
121•randycupertino•9h ago•247 comments

Where did all the starships go?

https://www.datawrapper.de/blog/science-fiction-decline
171•speckx•4d ago•256 comments

Selection rather than prediction

https://voratiq.com/blog/selection-rather-than-prediction/
37•languid-photic•4d ago•19 comments

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

https://github.com/valdanylchuk/breezydemo
306•isitcontent•1d ago•39 comments
Open in hackernews

Cleartext signatures considered harmful

https://gnupg.org/blog/20251226-cleartext-signatures.html
40•derleyici•1mo ago

Comments

derleyici•1mo ago
Related: https://news.ycombinator.com/item?id=46403200
cge•1mo ago
The argument here seems to be that when GnuPG's implementation, or the original standard, has flaws, those flaws should be seen as inherent limitations of the use-case, rather than flaws in the implementation and standard. And with GnuPG, that argument seems to be used to justify having it behave the same way it always has, which leads to dangerous situations.

That PGP handles armor, escaping, and comments badly, and clients handle display of the signed text badly, do not seem like they mean that the concept of cleartext signatures are inherently flawed.

derleyici•1mo ago
Fair point. Calling the concept inherently flawed is doing a lot of work to excuse 30 years of implementation bugs.
comradesmith•1mo ago
> Cleartext signatures considered harmful

Really? To me it seems that what’s really harmful is assuming a long string of high entropy hex bytes is a valid signature.

Both detached signatures and cleartext need to be run through verify, so what gives?

Does gpg not error when the post-verification output file doesn’t match the cleartext? That sounds like a bug in gpg

cge•1mo ago
It appears that by default, gpg doesn't output the signed text at all when verifying a cleartext signature. It does not appear to check for or warn about extra content before or after the cleartext text and signature. It strictly interprets the start/end lines, and won't warn or fail for malicious ones. It does not appear to accept comment headers in the signed message, but does accept them in the signature, which means that a user might think an arbitrarily long message in the signature is actually signed.

These all seem like flaws in gpg and the standard.

Dwedit•1mo ago
Obligatory https://xkcd.com/1181/