frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Email is tough: Major European Payment Processor's Emails rejected by GWorkspace

https://atha.io/blog/2026-02-12-viva
170•thatha7777•1h ago•98 comments

Improving 15 LLMs at Coding in One Afternoon. Only the Harness Changed

http://blog.can.ac/2026/02/12/the-harness-problem/
208•kachapopopow•2h ago•90 comments

The "Crown of Nobles" Noble Gas Tube Display (2024)

https://theshamblog.com/the-crown-of-nobles-noble-gas-tube-display/
94•Ivoah•3h ago•15 comments

Culture Is the Mass-Synchronization of Framings

https://aethermug.com/posts/culture-is-the-mass-synchronization-of-framings
33•mrcgnc•2h ago•7 comments

The Future for Tyr, a Rust GPU Driver for Arm Mali Hardware

https://lwn.net/Articles/1055590/
43•todsacerdoti•2h ago•12 comments

Warcraft III Peon Voice Notifications for Claude Code

https://github.com/tonyyont/peon-ping
744•doppp•11h ago•233 comments

A brief history of barbed wire fence telephone networks

https://loriemerson.net/2024/08/31/a-brief-history-of-barbed-wire-fence-telephone-networks/
24•keepamovin•1h ago•10 comments

Apache Arrow is 10 years old

https://arrow.apache.org/blog/2026/02/12/arrow-anniversary/
57•tosh•3h ago•11 comments

Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

https://www.theregister.com/2026/02/12/apple_ios_263/
99•beardyw•2h ago•47 comments

Discord/Twitch/Snapchat age verification bypass

https://age-verifier.kibty.town/
884•JustSkyfall•17h ago•403 comments

I Wrote a Scheme in 2025

https://maplant.com/2026-02-09-I-Wrote-a-Scheme-in-2025.html
47•maplant•2d ago•3 comments

TikTok is tracking you, even if you don't use the app

https://www.bbc.com/future/article/20260210-tiktok-is-tracking-you-even-if-you-dont-use-the-app-h...
51•belter•2h ago•24 comments

AI agent opens a PR write a blogpost to shames the maintainer who closes it

https://github.com/matplotlib/matplotlib/pull/31132
630•wrxd•4h ago•497 comments

The missing digit of Stela C

https://johncarlosbaez.wordpress.com/2026/02/12/stela-c/
74•chmaynard•7h ago•13 comments

Carl Sagan's Baloney Detection Kit: Tools for Thinking Critically (2025)

https://www.openculture.com/2025/09/the-carl-sagan-baloney-detection-kit.html
81•nobody9999•9h ago•48 comments

“Nothing” is the secret to structuring your work

https://www.vangemert.dev/blog/nothing
388•spmvg•4d ago•147 comments

Run Pebble OS in Browser via WASM

https://ericmigi.github.io/pebble-qemu-wasm/
25•goranmoomin•3h ago•3 comments

GLM-5: Targeting complex systems engineering and long-horizon agentic tasks

https://z.ai/blog/glm-5
445•CuriouslyC•1d ago•503 comments

Using an engineering notebook

https://ntietz.com/blog/using-an-engineering-notebook/
266•evakhoury•2d ago•106 comments

Show HN: Inamate – Open-source 2D animation tool (alternative to Adobe Animate)

3•hactually•2d ago•1 comments

Ireland rolls out basic income scheme for artists

https://www.reuters.com/world/ireland-rolls-out-pioneering-basic-income-scheme-artists-2026-02-10/
444•abe94•23h ago•558 comments

Fluorite – A console-grade game engine fully integrated with Flutter

https://fluorite.game/
516•bsimpson•23h ago•289 comments

HeyWhatsThat

https://www.heywhatsthat.com/faq.html
101•1970-01-01•3d ago•20 comments

Byte magazine artist Robert Tinney, who illustrated the birth of PCs, dies at 78

https://arstechnica.com/gadgets/2026/02/byte-magazine-artist-robert-tinney-who-illustrated-the-bi...
94•rbanffy•4h ago•12 comments

How to make a living as an artist

https://essays.fnnch.com/make-a-living
178•gwintrob•12h ago•93 comments

Text classification with Python 3.14's ZSTD module

https://maxhalford.github.io/blog/text-classification-zstd/
242•alexmolas•3d ago•53 comments

Hologram v0.7.0: Milestone release for Elixir-to-JavaScript porting initiative

https://hologram.page/blog/porting-initiative-delivers-hologram-v0-7-0
82•bartblast•16h ago•22 comments

NetNewsWire Turns 23

https://netnewswire.blog/2026/02/11/netnewswire-turns.html
317•robin_reala•22h ago•89 comments

Lines of Code Are Back (and It's Worse Than Before)

https://www.thepragmaticcto.com/p/lines-of-code-are-back-and-its-worse
9•birdculture•43m ago•0 comments

WiFi could become an invisible mass surveillance system

https://scitechdaily.com/researchers-warn-wifi-could-become-an-invisible-mass-surveillance-system/
420•mgh2•5d ago•178 comments
Open in hackernews

Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

https://www.theregister.com/2026/02/12/apple_ios_263/
97•beardyw•2h ago

Comments

cpncrunch•1h ago
No updates for ipados17. I guess my ipad pro 10.5 is finally a brick.
brainzap•1h ago
I am shocked to hear that over these years it was possibl to extract data from a locked iphone. (hardening mode off)

I trusted apple.

gruez•1h ago
>I trusted apple.

To what? Write 100% bug free software? I don't think that's actually achievable, and expecting so is just setting yourself up for appointment. Apple does a better job than most other vendors except maybe GrapheneOS. Mainstream Android vendors are far worse. Here's Cellebrite Premium's support matrix from July 2024, for locked devices. iPhones are vulnerable after first unlock (AFU), but Androids are even worse. They can be hacked even if they have been shut down/rebooted.

https://grapheneos.social/system/media_attachments/files/112...

https://grapheneos.social/system/media_attachments/files/112...

https://grapheneos.social/system/media_attachments/files/112...

fsflover•1h ago
Qubes OS does a much better job though, because it relies on security through compartmentalization, not security through correctness.
gruez•43m ago
The problem with that is it runs on a desktop, which means very little in the way of protection against physical attacks. You might be safe from Mossad trying to hack you from half way across the world, but you're not safe from someone doing an evil maid attack, or from seizing it and bruteforcing the FDE password (assuming you didn't set a 20 random character password).
RankingMember•35m ago
These links working for anyone? 403 for me
gruez•12m ago
Updated the links. The original were from discuss.grapheneos.org but it looks like they don't like hot-linking.
CharlesW•1h ago
This is a newly-discovered vulnerability (CVE-2026-20700, addressed along with CVE-2025-14174 and CVE-2025-43529).

Note that the description "an attacker with memory write capability may be able to execute arbitrary code" implies that this CVE is a step in a complex exploit chain. In other words, it's not a "grab a locked iPhone and bypass the passcode" vulnerability.

jrmg•1h ago
I may well be missing something, but this reads to me as code execution on user action, not lock bypass.

Like, you couldn’t get a locked phone that hadn’t already been compromised to do anything because it would be locked so you’d have no way to run the code that triggers the compromise.

Am I not interpreting things correctly?

[edit: ah, I guess “An attacker with memory write capability” might cover attackers with physical access to the device and external hardware attached to its circuit board that can write to the memory directly?]

j16sdiz•1h ago
What does "zero-day" even meant?

> ... decade-old ...

> ... was exploited in the wild ...

> ... may have been part of an exploit chain....

gruez•1h ago
https://en.wikipedia.org/wiki/Zero-day_vulnerability
buttscicles•1h ago
Meaning unknown to the public/vendor
runjake•1h ago
“Zero day” has meant different things over the years, but for the last couple-ish decades it’s meant “the number of days that the vendor has had to fix them” AKA “newly-known”.
EvanAnderson•9m ago
It still weirds me out that a term w@r3z d00dz from the 90s coined is now a part of the mainstream IT security lexicon.
alanbernstein•1h ago
Well whatever the zero means, it can't be the number of days that the bug has been present, generally. It should be expected that most zero-days concern a bug with a non-zero previous lifespan.
CSMastermind•54m ago
The vulnerability has been present for more than a decade.

There is evidence that some people were aware and exploiting it.

Apple was unaware until right now that it existed, thus is a 'zero day' meaning an exploit that the outside world knows about but they don't.

zero0529•1h ago
I guess the fix is only for Tahoe?
bzzzt•1h ago
There's an update for Sequoia too.
cluckindan•14m ago
But not for iOS 18, so this is a forced upgrade to the horrors of Liquid Glass.

Can’t wait to see how much battery it eats.

MYEUHD•1h ago
The zero-day mentioned in the article doesn't affect macOS.

But there were security updates for macOS 14 and macOS 15 released yesterday:

https://support.apple.com/en-us/126350

https://support.apple.com/en-us/126349

asah•1h ago
Open source wins... again.
baq•1h ago
as in I now have to upgrade all my children's ancient iphones...?

I'd much rather not do that

kstrauser•31m ago
You’d rather they not release updates to support them?
lagadu•10m ago
The exploit was always there, you just didn't know about it, but attackers might have. The only thing that changed is that you're now aware that there's a vulnerability.
max_•1h ago
My suspicion is that. These "exploits" are planted by spy agencies.

They don't appear there organically.

bell-cot•48m ago
Maybe sometimes? With how many bugs are normally found in very complex code, would a rational spy agency spend the money to add a few more? Doing so is its own type of black op, with plenty of ways to go wrong.

OTOH, how rational are spy agencies about such things?

max_•2m ago
Yes. Of course not all.

But some just happen to work too well.

But governments do have blatant back doors in chips & software.

2OEH8eoCRo0•44m ago
Some suspect that Apple secretly backs some of these spyware services. I've heard rumors about graykey but only rumors. Thoughts?
gruez•40m ago
>Some suspect ...

>I've heard rumors ...

So like, the comment you're replying to? This is just going in circles.

zappb•34m ago
This vastly overstates both the competence of spy agencies and of software engineers in general. When it comes to memory unsafe code, the potential for exploits is nearly infinite.
xnx•14m ago
> overstates both the competence of spy agencies

Stuxnet was pretty impressive: https://en.wikipedia.org/wiki/Stuxnet

Iolaum•11m ago
It was also not a bug to be exploited.

It was a complicated product that many people worked in order to develop and took advantage of many pre-existing vulnerabilities as well knowledge of complex and niche systems in order to work.

kenferry•2m ago
This kind of mental model only works if you think of things as made huge shadowy blobs, not people.

dyld has one principal author, who would 100% quit and go to the press if he was told (by who?) to insert a back door. The whole org is composed of the same basic people as would be working on Linux or something. Are you imagining a mass of people in suits who learned how to do systems programming at the institute for evil?

Additionally, do you work in tech? You don’t think bugs appear organically? You don’t think creative exploitation of bugs is a thing?

meisel•1h ago
I wonder what the internal conversations are like around memory safety at Apple right now. Do people feel comfortable enough with Swift's performance to replace key things like dyld and the OS? Are there specific asks in place for that to happen? Is Rust on the table? Or does C and C++ continue to dominate in these spaces?
gsnedders•55m ago
While not wholesale replacing it, there already is Swift in dyld: https://github.com/search?q=repo%3Aapple-oss-distributions%2...
ronsor•25m ago
Apple is already working on a memory-safe C variant which is already used in iBoot and will be upstream LLVM soon: https://clang.llvm.org/docs/BoundsSafety.html
ChrisArchitect•37m ago
Previously: https://news.ycombinator.com/item?id=46979643
erichocean•35m ago
I wonder if Fil-C would have prevented this.
dudeinhawaii•21m ago
So the exploiters have deprecated that version of spyware and moved on I see. This has been the case every other time. The state actors realize that there's too many fingers in the pie (every other nation has caught on), the exploit is leaked and patched. Meanwhile, all actors have moved on to something even better.

Remember when Apple touted the security platform all-up and a short-time later we learned that an adversary could SMS you and pwn your phone without so much as a link to be clicked.

KSIMET: 2020, FORCEDENTRY: 2021, PWNYOURHOME, FINDMYPWN: 2022, BLASTPASS: 2023

Each time NSO had the next chain ready prior to patch.

I recall working at a lab a decade ago where we were touting full end-to-end exploit chain on the same day that the target product was announcing full end-to-end encryption -- that we could bypass with a click.

It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.

mmmlinux•10m ago
Thanks for contributing to our increasing lack of security and anonymity.
vonneumannstan•8m ago
>It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.

I hate these lines. Like yes NSA or Mossad could easily pwn you if they want. Canelo Alvarez could also easily beat your ass. Is he worth spending time to defend against also?

high_na_euv•4m ago
Yes, because Apple can do it at scale.
whitepoplar•6m ago
How much do you think Lockdown Mode + MIE/eMTE helps? Do you believe state actors work with manufacturers to find/introduce new attack vectors?
walterbell•13m ago
Did MIE/MTE on 2025 iPhones help to detect this longstanding zero day?
shantara•11m ago
Meanwhile Apple made a choice to leave iOS 18 vulnerable on the devices that receive updates to iOS 26. If you want security, be ready to sacrifice UI usability.
argsnd•3m ago
If you set Liquid Glass to the more opaque mode in settings I find iOS usability to be fine now, and some non-flashy changes such as moving search bars to the bottom are good UX improvements.

The real stinker with Liquid Glass has been macOS. You get a half-baked version of the design that barely even looks good and hurts usability.

the_harpia_io•8m ago
decade-old vulns like this are why the 'you're not interesting enough to target' argument falls apart. commercial spyware democratized nation-state capabilities - now any mediocre threat actor with budget can buy into these exploits. the Pegasus stuff proved that pretty clearly. and yeah memory safety helps but the transition is slow - you've got this massive C/C++ codebase in iOS that's been accumulating bugs for 15+ years, and rewriting it all in Swift or safe-C is a multi-decade project. meanwhile every line of legacy code is a ticking time bomb. honestly think the bigger issue is detection - if you can't tell you've been pwned, memory safety doesn't matter much.