frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Publish on your own site, syndicate elsewhere

https://indieweb.org/POSSE#
415•47thpresident•7h ago•98 comments

A Basic Just-In-Time Compiler (2015)

https://nullprogram.com/blog/2015/03/19/
25•ibobev•2h ago•2 comments

Daft Punk Easter Egg in the BPM Tempo of Harder, Better, Faster, Stronger?

https://www.madebywindmill.com/tempi/blog/hbfs-bpm/
280•simonw•6h ago•50 comments

2026 will be my year of the Linux desktop

https://xeiaso.net/notes/2026/year-linux-desktop/
292•todsacerdoti•3h ago•219 comments

Proving Liveness with TLA

https://roscidus.com/blog/blog/2026/01/01/tla-liveness/
14•ibobev•2h ago•0 comments

Clicks Communicator

https://www.clicksphone.com/en/communicator
275•microflash•10h ago•194 comments

Show HN: Website that plays the lottery every second

https://lotteryeverysecond.lffl.me/
57•Loeffelmann•3h ago•32 comments

IPv6 just turned 30 and still hasn't taken over the world

https://www.theregister.com/2025/12/31/ipv6_at_30/
281•Brajeshwar•12h ago•578 comments

FracturedJson

https://github.com/j-brooke/FracturedJson/wiki
522•PretzelFisch•14h ago•139 comments

Ask HN: Who is hiring? (January 2026)

258•whoishiring•11h ago•167 comments

Unix v4 (1973) – Live Terminal

https://unixv4.dev/
130•pjmlp•8h ago•57 comments

Microsoft kills official way to activate Windows 11/10 without internet

https://www.neowin.net/news/report-microsoft-quietly-kills-official-way-to-activate-windows-1110-...
145•josephcsible•3h ago•75 comments

Linux kernel security work

http://www.kroah.com/log/blog/2026/01/02/linux-kernel-security-work/
62•chmaynard•5h ago•29 comments

Fighting Fire with Fire: Scalable Oral Exams

https://www.behind-the-enemy-lines.com/2025/12/fighting-fire-with-fire-scalable-oral.html
127•sethbannon•9h ago•179 comments

Blob Opera, Community Edition

https://opera.addy.ie
17•padolsey•1w ago•2 comments

TinyTinyTPU: 2×2 systolic-array TPU-style matrix-multiply unit deployed on FPGA

https://github.com/Alanma23/tinytinyTPU-co
90•Xenograph•8h ago•39 comments

Global software engineering job postings outlook – 2026

https://jobswithgpt.com/blog/global_software-engineering_jobs_january_2026/
48•sp1982•5h ago•16 comments

The PGP Problem (2019)

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#the-answers
18•croemer•5d ago•21 comments

Chain Flinger

https://nealstephenson.substack.com/p/kdk-kinetik-der-kontinua-part-1-introduction
29•roomey•5d ago•7 comments

Jank Lang Hit Alpha

https://github.com/jank-lang/jank
123•makemethrowaway•7h ago•21 comments

What you need to know before touching a video file

https://gist.github.com/arch1t3cht/b5b9552633567fa7658deee5aec60453/
297•qbow883•6d ago•192 comments

Rope science, part 11 – practical syntax highlighting (2017)

https://xi-editor.io/docs/rope_science_11.html
5•PaulHoule•1w ago•0 comments

Punkt. Unveils MC03 Smartphone

https://www.punkt.ch/blogs/news/punkt-unveils-mc03
129•ChrisArchitect•11h ago•114 comments

Accounting for Computer Scientists (2011)

https://martin.kleppmann.com/2011/03/07/accounting-for-computer-scientists.html
78•tosh•9h ago•25 comments

Einstein Probe detects an X-ray flare from nearby star

https://phys.org/news/2025-12-einstein-probe-ray-flare-nearby.html
5•wglb•2h ago•1 comments

The rsync algorithm (1996) [pdf]

https://www.andrew.cmu.edu/course/15-749/READINGS/required/cas/tridgell96.pdf
96•vortex_ape•10h ago•8 comments

Uxn32: Uxn Emulator for Windows and Wine

https://github.com/randrew/uxn32
38•ibobev•5d ago•3 comments

Assorted less(1) tips

https://blog.thechases.com/posts/assorted-less-tips/
181•todsacerdoti•15h ago•42 comments

Blaze: A Dec VT420 (and More) Emulator

https://mmastrac.github.io/blaze/
9•doener•2h ago•3 comments

Ask HN: Who wants to be hired? (January 2026)

93•whoishiring•11h ago•173 comments
Open in hackernews

The PGP Problem (2019)

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#the-answers
18•croemer•5d ago

Comments

shakna•2h ago
Probably resurfacing, because we have some new attacks thanks to CCC. [0]

[0] https://news.ycombinator.com/item?id=46453461

shakna•1h ago
Worth noting: minisign and age were also affected by a couple things here.

GnuPG has decided a couple things are out of scope, fixed a couple others. Not all is in distro packages yet.

age didn't have the clearest way to report things - discord is apparently the point of contact. Which will probably improve soon.

minisign was affected by most everything GnuPG was, but had a faster turnaround to patching.

tptacek•26m ago
The minisign bug was much less severe than the (insane) GPG signing bugs, and the age bug wasn't a cryptographic thing at all, just a dumb path sanitization thing. Minisign was not in fact affected by most everything GPG was. The GnuPG team wontfixed one of the most significant bugs!
jairuhme•2h ago
Can the link be updated to not be to the end of the page?
felipelalli•2h ago
Even though I read so many posts criticizing PGP, it's still difficult for me to find an alternative. He states in the article that being a "Swiss Army Knife" is bad. I understand the argument, but this is precisely what makes GPG so powerful. The scheme of public keys, private keys, revoke, embedded WOT, files, texts, everything. They urgently need to make a "modern version" of GPG. He needs a replacement, otherwise he'll just be whining.
schoen•1h ago
There's a section in this post with proposed replacements:

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#th...

I was also frustrated with this criticism in the past, but there are definitely some concrete alternatives provided for many use cases there. (But not just with one tool.)

eddythompson80•1h ago
I’m still frustrated by the criticism because I internalized it a couple of years ago and tried to move to age+minisig because those are the only 2 scenarios I personally care about. The overall experience was annoying given that the problems with pgp/gpg are esoteric and abstract that unless I’m personally are worried about a targeted attack against me, they are fine-ish.

If someone scotch tapes age+minisig and convince git/GitHub/gitlab/codeberge to support it, I’ll be so game it’ll hurt. My biggest usage of pgp is asking people doing bug reports to send me logs and giving them my pgp keys if they are worried and don’t want to publicly post their log file. 99.9% of people don’t care, but I understand the 0.1% who do. The other use is to sign my commits and to encrypt my backups.

Ps: the fact that this post is recommending Tarsnap and magicwormhole shows how badly it has aged in 6 years IMO.

aniviacat•49m ago
> the fact that this post is recommending Tarsnap and magicwormhole shows how badly it has aged in 6 years

What's wrong with magic wormhole?

eddythompson80•34m ago
It’s just not the same thing. There is significant overlap, but it’s not enough to be a reasonable suggestion. You can’t suggest a service as a replacement for a local offline tool. It’s like saying “Why do you need VLC when you can just run peertube?”. Also since then, age is the real replacement for pgp in terms of sending encrypted files. Wormhole is a different use case.
nine_k•42m ago
Has Tarsnap become inadequate, security-wise? The service may be expensive for a standard backup. It had a serious bug in 2011, but hasn't it been adequate since then?
eddythompson80•16m ago
I don’t know anything that makes me think it’s inadequate per se, but it’s also been more than 10 years since I thought about it. Restic, gocryptfs, and/or age are far more flexible, generic and flat out better in managing encrypted files/backups depending on how you want to orchestrate it. Restic can do everything, gocryptfs+rclone can do more, etc.
maqp•1h ago
The biggest issue with PGP/gpg is the difficulty of getting rid of it. If you work on big distros, or know someone who works on big distros, please (start asking them to) add https://github.com/jedisct1/minisign to pre-installed packages to facilitate transition. It's almost a chicken egg problem but the sad thing is, no project wants to swap the signing tool to a better one until everyone can verify the new signatures.
singpolyma3•31m ago
Note that minisign was also vulnerable in the gpg.fail exposures
woodruffw•28m ago
Yes, but not nearly to the same extent. The GPG vulns are staggering in comparison.
bgwalter•59m ago
How does this help people who are not following this issue regularly? gpg protected Snowden, and this article promotes tools by one of the cryptographers who promoted non-hybrid encryption:

https://blog.cr.yp.to/20251004-weakened.html#agreement

So what to do? PGP by the way never claimed to prevent traffic analysis, mixmaster was the layer that somehow got dropped, unlike Tor.

tptacek•25m ago
You could also say Cryptocat protected Snowden; he used it to communicate with reporters. So, that's how well that argument holds up.
bgwalter•7m ago
https://en.wikipedia.org/wiki/Cryptocat#Reception_and_usage

"In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work."

So it was used when Snowden was already on the run, other software failed and the communication did not have to be confidential for the long term.

It would also be an indictment of messaging services as opposed to gpg. gpg has the advantage that there is no money in it, so there are unlikely to be industry or deep state shills.

brianjlogan•25m ago
Is anyone else unable to read the report on mobile? Completely broken styling for me.
nine_k•20m ago
Can't confirm, works fine for me (Android, Firefox).
nine_k•21m ago
I agree that age + minisign comprise a much neater stack that does basically everything I would need to use PGP for.

Neither of them supports hardware keys though, as much as I could see. OTOH ssh and GnuPG do support hardware keys, like smart cards or Yubikey-like devices. I suppose by the same token (not a pun, sadly) they don't support various software keychains provided by OSes, since they don't support any external PKCS11 providers (the way ssh does).

This may reduce the attack needed to steal a private key to a simple unprivileged infiltration, e.g. via code run during installation of a compromised npm package, or similar.

matted7505•16m ago
After reading the PyCon 2016 presentation about wormhole, and say my understanding of channels is correct (that is, each session on the same wireless network constitutes a session). What's stopping a hostile 3rd party, who wishes to stop a file transfer from happening, from spamming every channel with random codes?