frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

All your OpenCodes belong to us

https://johncodes.com/archive/2026/01-18-all-your-opencodes/
25•jpmcb•3h ago

Comments

geoffmanning•1h ago
The one thing here confusing to me is the past tense used throughout. This CVE seems presented as both past and present, yet the present evidence isn't... Presented.
kachapopopow•1h ago
I don't know if I missed something, but this CVE isn't that major as it was suggested to be? For one it had to originate from app.opencode.com and even if it didn't most (good) browsers block websites from probing localhost. Yes it is still a pretty bad CVE, but not as critical as some might suggest.
rafram•57m ago
> For one it had to originate from app.opencode.com

No, that was the initial mitigation! Before the vulnerability was reported, the server was accessible to the entire world with a wide-open CORS policy.

https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32...

keyle•24m ago
Great write up.

These local agents that you spawn and give access to your drive are kind of insane to me.

It's at the level of

     /bin/bash -c "$(curl -fsSL https://somescriptofftheinternet
which you cannot inspect, and may be well different every time you interact with it!

As per usual, being at the forefront of the tech world is leaving behind privacy and security in the dust... until something bad happens.

add-sub-mul-div•13m ago
Historically at least there have been some established high trust projects for which curl | bash made sense. But with AI the scene is full of grifters and vibe coders so we can't have nice things.

Gaussian Splatting – A$AP Rocky "Helicopter" music video

https://radiancefields.com/a-ap-rocky-releases-helicopter-music-video-featuring-gaussian-splatting
543•ChrisArchitect•12h ago•173 comments

Provide agents with automated feedback

https://banay.me/dont-waste-your-backpressure/
73•ghuntley•1d ago•23 comments

Flux 2 Klein pure C inference

https://github.com/antirez/flux2.c
283•antirez•11h ago•112 comments

At least 21 killed in Spain after crash involving high-speed trains

https://www.bbc.com/news/articles/cedw6ylpynyo
62•akyuu•5h ago•35 comments

Dead Internet Theory

https://kudmitry.com/articles/dead-internet-theory/
172•skwee357•9h ago•226 comments

A Social Filesystem

https://overreacted.io/a-social-filesystem/
345•icy•21h ago•148 comments

The Code-Only Agent

https://rijnard.com/blog/the-code-only-agent
32•emersonmacro•3h ago•10 comments

Fil-Qt: A Qt Base build with Fil-C experience

https://git.qt.io/cradam/fil-qt
55•pjmlp•2d ago•33 comments

Gas Town Decoded

https://www.alilleybrinker.com/mini/gas-town-decoded/
97•alilleybrinker•4d ago•83 comments

AVX-512: First Impressions on Performance and Programmability

https://shihab-shahriar.github.io//blog/2026/AVX-512-First-Impressions-on-Performance-and-Program...
30•shihab•5d ago•9 comments

Show HN: I quit coding years ago. AI brought me back

https://calquio.com/finance/compound-interest
44•ivcatcher•5h ago•31 comments

Show HN: Dock – Slack minus the bloat, tax, and 90-day memory loss

https://getdock.io/
92•yadavrh•9h ago•73 comments

Poking holes into bytecode with peephole optimisations

https://xnacly.me/posts/2026/purple-garden-first-optimisations/
18•xnacly•4d ago•0 comments

Using proxies to hide secrets from Claude Code

https://www.joinformal.com/blog/using-proxies-to-hide-secrets-from-claude-code/
55•drewgregory•5d ago•24 comments

The space and motion of communicating agents (2008) [pdf]

https://www.cl.cam.ac.uk/archive/rm135/Bigraphs-draft.pdf
12•dhorthy•3d ago•1 comments

Astrophotography visibility plotting and planning tool

https://airmass.org/
11•NKosmatos•3d ago•2 comments

Command-line Tools can be 235x Faster than your Hadoop Cluster (2014)

https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html
338•tosh•20h ago•223 comments

Simulating the Ladybug Clock Puzzle

https://austinhenley.com/blog/ladybugclock.html
7•azhenley•1d ago•0 comments

Police Invested Millions in Shadowy Phone-Tracking Software Won't Say How Used

https://www.texasobserver.org/texas-police-invest-tangles-sheriff-surveillance/
284•nobody9999•8h ago•82 comments

The Cathedral, the Megachurch, and the Bazaar

https://opensourcesecurity.io/2026/01-cathedral-megachurch-bazaar/
146•todsacerdoti•5d ago•118 comments

Show HN: Lume 0.2 – Build and Run macOS VMs with unattended setup

https://cua.ai/docs/lume/guide/getting-started/introduction
108•frabonacci•12h ago•31 comments

Sins of the Children

https://asteriskmag.com/issues/07/sins-of-the-children
132•maxall4•12h ago•64 comments

Ultrathink is deprecated & How to enable 2x thinking tokens in Claude Code

https://decodeclaude.com/ultrathink-deprecated/
20•moona3k•7h ago•1 comments

Predicting OpenAI's ad strategy

https://ossa-ma.github.io/blog/openads
517•calcifer•15h ago•450 comments

Wine 11.0

https://gitlab.winehq.org/wine/wine/-/releases/wine-11.0
305•zdw•5d ago•60 comments

A free and open-source rootkit for Linux

https://lwn.net/SubscriberLink/1053099/19c2e8180aeb0438/
186•jwilk•20h ago•37 comments

Show HN: Beats, a web-based drum machine

https://beats.lasagna.pizza
54•kinduff•8h ago•13 comments

ASCII characters are not pixels: a deep dive into ASCII rendering

https://alexharri.com/blog/ascii-rendering
1215•alexharri•1d ago•131 comments

Stirling Cycle Machine Analysis

https://ohioopen.library.ohio.edu/opentextbooks/9/
29•akshatjiwan•9h ago•9 comments

Cardputer uLisp Machine (2024)

http://www.ulisp.com/show?52G4
43•tosh•3d ago•3 comments