frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Death to Scroll Fade

https://dbushell.com/2026/01/09/death-to-scroll-fade/
77•PaulHoule•1h ago•42 comments

A tiny, decentralised tool to explore the small web

https://codeberg.org/susam/wander
27•carte_blanche•47m ago•1 comments

Rob Pike's Rules of Programming (1989)

https://www.cs.unc.edu/~stotts/COMP590-059-f24/robsrules.html
551•vismit2000•6h ago•302 comments

Snowflake AI Escapes Sandbox and Executes Malware

https://www.promptarmor.com/resources/snowflake-ai-escapes-sandbox-and-executes-malware
37•ozgune•1h ago•6 comments

Machine Payments Protocol (MPP)

https://stripe.com/blog/machine-payments-protocol
47•bpierre•1h ago•17 comments

Nvidia NemoClaw

https://github.com/NVIDIA/NemoClaw
24•hmokiguess•1h ago•2 comments

Wander – A tiny, decentralised tool (just 2 files) to explore the small web

https://susam.net/wander/
17•oystersareyum•55m ago•3 comments

Nightingale – open-source karaoke app that works with any song on your computer

https://nightingale.cafe/
362•rzzzzru•8h ago•76 comments

Federal Cyber Experts Called Microsoft's Cloud "A Pile of Shit", yet Approved It

https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
197•hn_acker•2h ago•84 comments

A Tiny Camera Revealed a Hidden Passage in the Great Pyramid

https://modernengineeringmarvels.com/2026/03/13/a-tiny-camera-revealed-a-hidden-passage-in-the-gr...
74•Brajeshwar•4d ago•38 comments

Pandas Exercises for Data Analysis (Interactive)

https://machinelearningplus.com/python/101-pandas-exercises-python-interactive/
110•selva86•4d ago•30 comments

JPEG Compression

https://www.sophielwang.com/blog/jpeg
374•vinhnx•4d ago•100 comments

OpenRocket

https://openrocket.info/
18•zeristor•3d ago•1 comments

Meta will shut down VR Horizon Worlds access June 15

https://www.engadget.com/ar-vr/meta-will-shut-down-vr-horizon-worlds-access-in-june-222028919.html
37•bookofjoe•1h ago•7 comments

Write up of my homebrew CPU build

https://willwarren.com/2026/03/12/building-my-own-cpu-part-3-from-simulation-to-hardware/
185•wwarren•2d ago•26 comments

Mistral AI Releases Forge

https://mistral.ai/news/forge
655•pember•19h ago•163 comments

A ngrok-style secure tunnel server written in Rust and Open Source

https://github.com/joaoh82/rustunnel
32•joaoh82•2h ago•9 comments

Restoring the first recording of computer music (2018)

https://www.bl.uk/stories/blogs/posts/restoring-the-first-recording-of-computer-music
15•OJFord•4d ago•4 comments

A Decade of Slug

https://terathon.com/blog/decade-slug.html
698•mwkaufma•21h ago•68 comments

Celebrating Tony Hoare's mark on computer science

https://bertrandmeyer.com/2026/03/16/celebrating-tony-hoares-mark-on-computer-science/
93•benhoyt•10h ago•25 comments

A data center opened next door. Then came the high-pitched whine

https://www.politico.com/news/2026/03/11/data-centers-ai-electricity-virginia-00815219
13•1vuio0pswjnm7•37m ago•7 comments

A Fuzzer for the Toy Optimizer

https://bernsteinbear.com/blog/toy-fuzzer/
7•surprisetalk•1d ago•1 comments

Ndea (YC W26) is hiring a symbolic RL search guidance lead

https://ndea.com/jobs/search-guidance
1•mikeknoop•9h ago

The pleasures of poor product design

https://www.inconspicuous.info/p/the-pleasures-of-poor-product-design
208•NaOH•15h ago•70 comments

Using calculus to do number theory

https://hidden-phenomena.com/articles/hensels
46•cpp_frog•2d ago•9 comments

On a Boat

https://moq.dev/blog/on-a-boat/
91•mmcclure•4d ago•20 comments

North Korean's 100k fake IT workers net $500M a year for Kim

https://www.theregister.com/2026/03/18/researchers_lift_the_lid_on/
9•speckx•45m ago•1 comments

Show HN: Sub-millisecond VM sandboxes using CoW memory forking

https://github.com/adammiribyan/zeroboot
250•adammiribyan•1d ago•62 comments

Aliens.gov ~ domain registered 17MAR2026

https://whois.domaintools.com/aliens.gov
105•someprick•3h ago•86 comments

How the Eon Team Produced a Virtual Embodied Fly

https://eon.systems/updates/embodied-brain-emulation
64•LopRabbit•2d ago•18 comments
Open in hackernews

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/
74•WalterSobchak•2h ago

Comments

joezydeco•2h ago
I got an alert this morning for an iOS update numbered 26.3.1(a).

(a)? This must be really bad.

FuriouslyAdrift•2h ago
Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: A cross-origin issue in the Navigation API was addressed with improved input validation.

WebKit Bugzilla: 306050

CVE-2026-20643: Thomas Espach

dewey•1h ago
> It can take over devices running iOS 18 that simply visit infected websites.

I wonder if this is supposed to be > iOS 18 or really just version 18?

quentindanjou•1h ago
It's in the source article (from Google Research group):

> DarkSword supports iOS versions 18.4 through 18.7

https://cloud.google.com/blog/topics/threat-intelligence/dar...

The source exploits continued to be patched with all of them patched in iOS 26.3

dewey•1h ago
Oh, I was confused why the article was so short and chalked it up to it being some developing story. Turns out there's a "You’ve read your last free article." heading that hides the rest but it's not very obvious that there's an article hiding.
bombcar•1h ago
What device? I don't see anything beyond 26.3.1 on my iPhone 15 PromaxXDR™
joezydeco•1h ago
iPhone 15 (vanilla) running iOS 18.7.2. I now have a permanent notification on my lock screen nagging me to update to iOS 26.
qaz_plm•1h ago
Enabling beta updates for ios18 should kill the nagging notification.
joezydeco•52m ago
I'm keeping it there to remind me to stay defiant against the shittier UI. I'll wait until they can put it on a user switch or create a more readable option for older users. Which will probably be 'never'.
a012•40m ago
I’m on the same boat. I was forced to update to the shitty UI at work, but not on my personal phone.
joezydeco•30m ago
Same here. Which helped me confirm how bad it was.
fn-mote•50m ago
But still only gets you to 18.7.3
aurea•36m ago
The update can be found under

Settings > Privacy & Security > Background Security Improvements

jryio•1h ago
Here is the Google Research group's writeup

https://cloud.google.com/blog/topics/threat-intelligence/dar...

Relevant forward:

> GTIG has identified several different users of the DarkSword exploit chain dating back to November 2025. In addition to the case studies on DarkSword usage documented in this blog post, we assess it is likely that other commercial surveillance vendors or threat actors may also be using DarkSword.

> Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

> DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different vulnerabilities to deploy final-stage payloads. GTIG has identified three distinct malware families deployed following a successful DarkSword compromise: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER. The proliferation of this single exploit chain across disparate threat actors mirrors the previously discovered Coruna iOS exploit kit. Notably, UNC6353, a suspected Russian espionage group previously observed using Coruna, has recently incorporated DarkSword into their watering hole campaigns.

alecco•1h ago
This should be the post, not Wired's blogspam.
bix6•1h ago
I know everyone hates liquid glass but isn’t that better security wise than being on an iOS that’s 8 versions behind?
jryio•1h ago
There are not 8 major versions between iOS 18 and iOS 26. Apple skipped the monotonously increasing version numbering system since iOS 1 during WDDC 2025 to adopt a year suffix based versioning system.

iOS 17, then iOS 18, then iOS 26, then iOS 27.

You're not the only party confused.

bix6•51m ago
Haha thanks! Good to know they are on years now. Back to random version numbers in 5 year? :p
reactordev•48m ago
Semver has always been king
echelon_musk•36m ago
I wonder if that means 18.7.4 is vulnerable for all the Liquid Glass haters?
BTAQA•1h ago
The interesting angle here is what this means for passes and credentials stored in Apple Wallet. If device compromise is this accessible, the assumption that Wallet passes are isolated from the rest of the device needs more scrutiny. Apple's security model relies heavily on the secure enclave but a tool like this changes the threat surface significantly.
ozlikethewizard•1h ago
This is always the threat with walled garden style security. When you couple applications so tightly in an intrinsic trust network, on the basis that no external attacker can gain access, then the internal security is neglected and it only takes the weakest link.
ramesh31•1h ago
Welp, I've been holding on out that liquid glass crap as long possible. Guess my phone is just going to suck now.
bombcar•1h ago
If it's really as bad as all that, they'll patch existing older releases.
pfortuny•1h ago
One can hope but I do not trust them.
xoa•58m ago
>If it's really as bad as all that, they'll patch existing older releases.

They have patched existing releases of iOS 18... but then they artificially restricted those patches only to a couple of phone models that don't support iOS 26. So if you're on a vaguely modern iDevice and are still on 18 because you don't want the new UI and other fuckups you are not allowed to install the patched 18. It'd be one thing if you had a phone that simply never supported iOS 18 at all, or if Apple wasn't patching iOS 18 at all for anyone, but that they've gone to the effort to fix it but then also used it as another lever for force upgrades is really sucky.

lynndotpy•19m ago
No. Apple already released the patch in February, and Apple chose not not patch older releases.

Apple of 2026 is not the same Apple of 2025. The people at Apple have held back iOS 18.7.3, iOS 18.7.4, iOS 18.7.5, or iOS 18.7.6 for most iPhones that support iOS 18.

These are dozens of CVEs patched in these updates, including numerous exploits as bad or worse than the one described in this one. (Article is paywalled so I couldn't read it, so I am getting the details from Google's post https://cloud.google.com/blog/topics/threat-intelligence/dar...

- CVE-2025-43541, CVE-2025-43501 WebKit zero day https://www.theregister.com/2025/12/15/apple_follows_google_... (iOS 18.7.3)

- CVE-2025-43529 and CVE-2025-14174, mentioned in the article (iOS 18.7.3)

- The dyld exploit fixed in iOS 18.7.5, and the exploit in this article https://www.theregister.com/2026/02/12/apple_ios_263/ (iOS 18.7.5)

Unfortunately, in iOS 26, there is a new bug where Lockdown Mode breaks call recording, which is something I rely on. Something to weigh for anyone on iOS 18 who is considering installing iOS 26.

msk-lywenn•1h ago
Apple is probably going to issue an update for 18. Heck they released a security update for coruna on 15.x last week. Same thing maybe?
lynndotpy•8m ago
No, they are not. Apple is choosing to only release the iOS 18 security patches for the XS and XR.
dhosek•1h ago
Liquid glass isn’t too bad on the iPhone or even the iPad. It’s mostly on the Mac that it sucks.
neom•1h ago
I thought the same thing but updated couple weeks back and actually really really enjoy the liquid glass. I don't recall what it was about the release that made me think I'd hate it, but I've half fallen in love with it, I was just thinking yesterday I wonder what all the fuss was about.
Analemma_•1h ago
I don’t like it on the iPhone, but it’s more a “sigh, I’ll live with it” downgrade than a catastrophic one (at least once you go into the Safari settings and turn off the huge useless address bar by putting it in compact mode). It’s on the Mac where it’s truly a shitshow.
thejazzman•51m ago
I believe it's changed a lot since it was initially debut'd via the betas. And there was that Supabase post mocking it, where they made the whole UI glass, and that biased me a bit ha
k2enemy•1h ago
I'm really hoping Apple backtracks on its refusal to update the 18.x line for phones that are compatible with 26. At least provide a security update.
kace91•1h ago
Their design disaster must be hidden in metrics, damn be security.
lynndotpy•1h ago
Apple used to have a really good security record, it's mind boggling they blew it all up just to force Liquid Glass on users.

For those not in the loop, Apple used to provide security patches for supported older iOS versions. They changed a lot of behavior around the release of Liquid Glass (iOS 26, MacOS Tahoe). Starting with iOS 18.7.3, they only release patch versions for the iPhone XS and XR. They've repeated this, through to 18.7.6 now.

So much goodwill and trust, obliterated.

walterbell•47m ago
> Starting with iOS 18.7.3, they only release patch versions for the iPhone XS and XR. They've repeated this, through to 18.7.6 now.

  iPhone XS/XR: the only Usable + Secure iPhone in 2026
yborg•41m ago
It's especially glaring since Apple just released a fix for a Coruna exploit that patched iOS 15.
titzer•38m ago
Those trillions of dollars aren't going to find their way into the pockets of the shareholders if they have to pay some rubes to maintain old stuff!
6510•21m ago
I'm always surprised what isn't a national security issue.
floralhangnail•31m ago
That's interesting, as they released security patches for iOS 15 devices like iPhone 6 as recent as a week ago.
pfortuny•1h ago
Not going to happen (despite my still being on 18.x) because they want to force you to upgrade to 26 for publicity. As simple as that.

The new "security upgrade available" will (I bet) be "to 26".

varispeed•36m ago
Apple should stop doing security by obscurity in the first place. People have no way finding out whether their phones have been compromised. Lockdown mode is just a cope mechanism for phones likely already compromised and there is no guarantee lockdown mode cannot be bypassed.

Apple hardware is inherently insecure and it is bizarre that Apple keeps burying their head in the sand.

unsupp0rted•20m ago
Aren’t their devices the most secure on the mass market?

More than non-obscure phones, laptops, desktops… washing machines, robot vacuums, doorbells, you name it

hnburnsy•1h ago
>We also identified additional code added when the actor attempts to infect a user using Chrome, where the x-safari-https protocol handler is used to open the page in Safari (Figure 4). This suggests that UNC6748 didn't have an exploit chain for Chrome at the time of this activity.

Thanks Apple for allowing the overriding of the user's default browser.

MrDOS•1h ago
I wish I had a better sense of how these zero-click vulnerabilities work so I could get a sense of how to protect myself from them (you know, without giving in to Liquid Glass). Can they be blocked by an ad blocker? Are they blocked by any extant ad blockers? What about “Lockdown Mode”?
bix6•59m ago
My understand is ad blockers only stop one class. Lockdown Mode is supposedly a major upgrade given all the underlying processes it blocks / slows.
fn-mote•53m ago
Note that this is 1-click.

0-click example: receive an MMS with a malformed image that exploits a bug in decoding

SimianSci•42m ago
It's a watering hole attack. At any point your iphone sends an http request to a compromised site, by add, link, embedded, etc. your device will be exploited. there really isn't a way to permanently defeat this. We are about to see an explosion of novel attack types utilizing this exploit as their basis, you realistically cannot defend yourself against these without either updating or no longer using an iphone.
MrDOS•25m ago
What are you talking about?

Why are we about to see an explosion?

throwaway2016a•1h ago
I was literally just attending a course on "innovation" and the topic of Apple vs Android was covered. Interestingly enough, a majority of students commenting cited iOS "security" as a core value proposition. As an Android user, however, I know there are a lot of CVEs in volume but in terms of severity, when an iOS issue happens it appears to generally be much more severe.
eugenekolo•1h ago
It's actually a fascinating find by Lookout, iVerify, and Google. This is a multi million dollar exploit chain sold to various buyers.

Complete full chain 1-click exploit from Safari to complete device take over exfiltrating personal data, passwords, and crypto wallets.

https://www.lookout.com/threat-intelligence/article/darkswor...

https://iverify.io/blog/darksword-ios-exploit-kit-explained

https://cloud.google.com/blog/topics/threat-intelligence/dar...

walterbell•50m ago
Is the full exploit chain functional on iPhone 17 MIE/EMTE silicon with Lockdown Mode enabled?
kevincloudsec•48m ago
the supply chain for offensive tooling is now indistinguishable from the supply chain for malware. take care of your security team!
geuis•13m ago
I'd like a security patch for 18. I have no desire to upgrade to iOS Vista or whatever it is we're calling it
SayThatSh•9m ago
All these exploits and we still can't get proper jailbreaks on new iOS versions :( I moved away from Android years ago in the interest of digital privacy so it's just wonderful to hear security isn't as tight as I'd hoped haha.. Then again I guess those like myself staying on the bleeding edge version-wise aren't affected.