frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

My smart sleep mask broadcasts users' brainwaves to an open MQTT broker

https://aimilios.bearblog.dev/reverse-engineering-sleep-mask/
175•minimalthinker•3h ago•77 comments

Ooh.directory: a place to find good blogs that interest you

https://ooh.directory/
269•hisamafahri•5h ago•90 comments

Internet Increasingly Becoming Unarchivable

https://www.niemanlab.org/2026/01/news-publishers-limit-internet-archive-access-due-to-ai-scrapin...
5•ninjagoo•6m ago•1 comments

Amsterdam Compiler Kit

https://github.com/davidgiven/ack
22•andsoitis•2h ago•8 comments

Show HN: Sameshi – a ~1200 Elo chess engine that fits within 2KB

https://github.com/datavorous/sameshi
128•datavorous_•5h ago•39 comments

Zig – io_uring and Grand Central Dispatch std.Io implementations landed

https://ziglang.org/devlog/2026/#2026-02-13
293•Retro_Dev•10h ago•196 comments

Show HN: Arcmark – macOS bookmark manager that attaches to browser as sidebar

https://github.com/Geek-1001/arcmark
26•ahmed_sulajman•1h ago•0 comments

Vim 9.2 Released

https://www.vim.org/vim-9.2-released.php
162•tapanjk•3h ago•66 comments

Ask HN: How to get started with robotics as a hobbyist?

45•StefanBatory•6d ago•23 comments

Shades of Halftone

https://blog.maximeheckel.com/posts/shades-of-halftone/
70•surprisetalk•4d ago•2 comments

A Review of M Disc Archival Capability. With long term testing results

http://www.microscopy-uk.org.uk/mag/artsep16/mol-mdisc-review.html
24•1970-01-01•2h ago•15 comments

A header-only C vector database library

https://github.com/abdimoallim/vdb
4•abdimoalim•1h ago•0 comments

Show HN: I spent 3 years reverse-engineering a 40 yo stock market sim from 1986

https://www.wallstreetraider.com/story.html
624•benstopics•4d ago•212 comments

Show HN: SQL-tap – Real-time SQL traffic viewer for PostgreSQL and MySQL

https://github.com/mickamy/sql-tap
208•mickamy•14h ago•36 comments

Ars Technica makes up quotes from Matplotlib maintainer; pulls story

https://infosec.exchange/@mttaggart/116065340523529645
450•robin_reala•9h ago•185 comments

Fun with Algebraic Effects – From Toy Examples to Hardcaml Simulations

https://blog.janestreet.com/fun-with-algebraic-effects-hardcaml/
9•weinzierl•3d ago•0 comments

Babylon 5 is now free to watch on YouTube

https://cordcuttersnews.com/babylon-5-is-now-free-to-watch-on-youtube/
529•walterbell•1d ago•266 comments

7zip.com Is Serving Malware

https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-...
70•Alifatisk•3h ago•39 comments

Code Storage by the Pierre Computer Company

https://code.storage/
47•admp•4d ago•28 comments

What color are your bits? (2004)

https://ansuz.sooke.bc.ca/entry/23
30•tomodachi94•3d ago•8 comments

The Sling: Humanity's Forgotten Power

https://www.slinging.org/
83•jsattler•4d ago•20 comments

The mathematics of compression in database systems

https://www.bitsxpages.com/p/the-mathematics-of-compression-in
42•agavra•4d ago•7 comments

Understanding the Go Compiler: The Linker

https://internals-for-interns.com/posts/the-go-linker/
156•valyala•6d ago•42 comments

How the Little Guy Moved

https://animationobsessive.substack.com/p/how-the-little-guy-moved
106•zdw•5d ago•4 comments

Cogram (YC W22) – Hiring former technical founders

https://www.ycombinator.com/companies/cogram/jobs/LDTrViN-ex-technical-founder-product-engineer
1•ricwo•11h ago

How many registers does an x86-64 CPU have? (2020)

https://blog.yossarian.net/2020/11/30/How-many-registers-does-an-x86-64-cpu-have
62•tosh•5h ago•38 comments

The World of Harmonics – With a Coffee, Guitar and Synth

https://mynoise.net/vlog.php?ep=20260204
70•gregsadetsky•5d ago•14 comments

Show HN: Data Engineering Book – An open source, community-driven guide

https://github.com/datascale-ai/data_engineering_book/blob/main/README_en.md
221•xx123122•21h ago•26 comments

Sound and Practical Points-To Analysis for Incomplete C Programs [pdf]

https://www.sjalander.com/research/pdf/sjalander-cgo2026-pip.pdf
8•st_•5d ago•0 comments

Common Lisp Screenshots: today's CL applications in action

http://www.lisp-screenshots.org
151•_emacsomancer_•2d ago•47 comments
Open in hackernews

7zip.com Is Serving Malware

https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes
70•Alifatisk•3h ago

Comments

throawayonthe•2h ago
i'm increasingly convinced nothing good ever comes from youtube tutorials
whatwhaaaaat•1h ago
The recent openclaw videos are the best. “Ten openopenclaw skills that will change your life!” Ends up being useless YouTube metrics and a glorified egg drop.
NooneAtAll3•1h ago
remember when we could downvote the bad ones?
tokyobreakfast•1h ago
Does the 7-Zip author still refuse to digitally sign or even provide hashes of the official downloads? It's an extremely weird flex, he thinks it's a frivolous waste of time or something.
giancarlostoro•1h ago
Do people even double check installers are digitally signed? There's so much open source stuff out there that is not digitally signed, most people might not even notice.
tokyobreakfast•1h ago
Windows has displayed a big scary orange prompt for at least the last decade when it isn't. More like 15-20 years IIRC.

But I'm sure people blindly click through the "Unknown author" prompt just as they would ignore a certificate error.

giancarlostoro•1h ago
Like I said, theres a LOT of open source projects that show that prompt. Signing an MSI involves having a valid CA certificate, which AFAIK is not free, and goes beyond the budget of most projects.
tokyobreakfast•1h ago
It's not free but it's not expensive either. Most well known Windows open source projects have them; e.g. PuTTY, Wireguard, VLC, Rufus, etc.

Maybe it's high time for a free-as-in-beer CA for non-profit open source developers funded by donations?

Edit: I was wrong.

Prices on code signing certificates have skyrocketed to in excess of $500/year, due in part to continuing meddling by the CA/B forum which increased the requirements of standard certs to be the same as EV certs, and requiring the key to be stored in a hardware token—which must now be re-issued yearly.

This makes it near impossible to provide free or affordable certificates to developers. Thanks CA/B forum, lots of help as usual.

rustyhancock•1h ago
Orange? It's a blue warning isn't it? Is this how one of us finds out he's colour blind?
tokyobreakfast•1h ago
Blue when it has a valid signature.

Orange when it's missing or invalid.

fuzzy2•1h ago
The UAC dialog for unsigned software has an orange or yellow accent. You could be talking about the SmartScreen dialog. There's yet another dialog for executable files downloaded from the internet, which I think has a red shield for unsigned software.
ozim•23m ago
I use winget or homebrew, those tools do so for me and if something doesn't match they show an error.
jsheard•1h ago
He's always been an odd one, for a long time he refused to enable even basic hardening features like ASLR and DEP because they made the executables slightly larger. He eventually relented on some of those, but last I heard the more advanced mitigations like HE-ASLR, CFG and GS were still disabled.
reddalo•1h ago
I migrated from 7-Zip to NanaZip, a fork with modern Windows features that the original developer refuses to implement.

https://github.com/M2Team/NanaZip

baal80spam•1h ago
Whenever I see "modern Windows experience", it always turns to be worse than the original one.
deltastone•48m ago
I would agree normally, but this one is a nice change and upgrade, actually.
blibble•25m ago
modern windows features?

I imagine an electron rewrite, with DirectX 12 and Copilot buttons everywhere

Dwedit•1h ago
7zip.com has never been the official website of the project. It's been 7-zip.org
pibaker•1h ago
How can the average 7zip user know which one it is?

Search results can be gamed by SEO, there were also cases of malware developers buying ads so links to the malware download show up above legitimate ones. Wikipedia works only for projects prominent enough to have a Wikipedia page.

What are the other mechanisms for finding out the official website of a software?

antisthenes•58m ago
> How can the average 7zip user know which one it is?

I dunno, if you type "download 7zip" into Google, the top result is the official website.

Also, 7zip.com is nowhere on the first page, and the most common browsers show you explicitly it's a phishing website.

This is actually a pretty good case of the regular user being pretty safe from downloading malware.

sedatk•41m ago
> I dunno, if you type "download 7zip" into Google, the top result is the official website.

Until someone puts an ad above it.

pibaker•34m ago
I feel I need to clarify my earlier comment. I was asking how can a user tell, in general, what is the legitimate website of a software, not just how to know what 7zip.com is malicious.

Are the search removals and phishing warnings reactive or proactive? Because if it is the former then we don't really know how many users are already affected before security researchers got notified and took action.

Also, 7zip is not the only software to be affected by similar domain squatting "attacks." If you search for PuTTY, the unofficial putty.org website will be very high on the list (top place when I googled "download putty.") While it is not serving malware, yet, the fact that the more legitimate sounding domain is not controlled by the original author does leave the door open for future attacks.

n4bz0r•40m ago
There is normally a wiki page for every popular program which normally contains an official site URL. That's how I remember where to actually get PuTTY. Wiki can potentially be abused if it's a lesser known software, but, in general, it's a good indicator of legitimacy.
throwaway198846•27m ago
So wikipedia is now part of the supply chain (informally) which means there is another set of people who will try to hijack Wikipedia, as if we didn't had enough, just great.
jamespo•2m ago
What's your solution? If you search google for 7-zip the official website is the first hit.
rtcode_io•32m ago
1. Go to the wikipedia article on 7-Zip

2. Go the listed homepage

Markoff•9m ago
open About in the app?
imglorp•3m ago
Open source software will have a code repo with active development happening on it. That repo will usually link to official Web page and download places.
Meneth•1h ago
I compared https://7-zip.org/a/7z2600-x64.exe with https://7-zip.com/a/7z2600-x64.exe. They are byte-for-byte identical. If there's malware, it isn't obvious.
ezekiel68•1h ago
Seems this all comes down to the wrong domain (.org vs .com).
jsheard•1h ago
The OP refers to 7zip.com, no dash. Those dashed domains directly resolve to the same Hetzner server, but the undashed one heads off into Cloudflare.
high_na_euv•1h ago
It doesnt help that many services use a few domain names, bonus points if other ones look like from scam domain examples
throwaway150•1h ago
I tested with the 3 major browsers and all 3 block it as "Suspected Phishing". So looks like the system is working as designed.

Lookalike websites serving malware have always existed. So this isn't exactly news. But the browsers are blocking them like they should.

jas39•55m ago
I would not trust any sw from Russia. Could be a vector for the FSB. I'm sure they have thought about it.
jan_Sate•42m ago
The same could be said for software from the US. Could be a vector of CIA. For average US citizens, it might even be safer to use Russian software because FSB can't come after them.
n4bz0r•39m ago
Funny thing that it's exactly the same for Russian citizens - they'd rather use US government malware. Same goes for mail providers.
einpoklum•29m ago
It is not a bad rule, to use online services / software where you know that the malicious owners are likely not after you nor in cahoots with the government where you live. Or you can take the Swiss option with stuff like ProtonVPN, Signal etc. :-)
ale42•20m ago
Signal is not Swiss, though, although I'd like they to be ;-)
bloaf•13m ago
I've started using winget to install my apps for exactly this reason. I can't keep track of every url for every piece of software.