frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Waymo in Portland

https://waymo.com/blog/shorts/waymo-in-portland/
76•xnx•54m ago•41 comments

Localsend: An open-source cross-platform alternative to AirDrop

https://github.com/localsend/localsend
613•bilsbie•7h ago•205 comments

Bankruptcies Increase 11.9 Percent

https://www.uscourts.gov/data-news/judiciary-news/2026/04/23/bankruptcies-increase-119-percent
13•jaredwiener•16m ago•1 comments

Microsoft VibeVoice: Open-Source Frontier Voice AI

https://github.com/microsoft/VibeVoice
259•tosh•7h ago•154 comments

AISLE Discovers 38 CVEs in OpenEMR Healthcare Software

https://aisle.com/blog/aisle-discovers-38-critical-security-vulnerabilities-in-healthcare-softwar...
138•mmsc•2h ago•86 comments

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
59•bo0tzz•2h ago•24 comments

Laguna XS.2 and M.1

https://poolside.ai/blog/laguna-a-deeper-dive
65•tosh•2h ago•25 comments

Show HN: Live Sun and Moon Dashboard with NASA Footage

https://www.lumara-space.app/
121•beeswaxpat•5h ago•40 comments

Who owns the code Claude Code wrote?

https://legallayer.substack.com/p/who-owns-the-claude-code-wrote
144•senaevren•7h ago•147 comments

Infisical (YC W23) Is Hiring Full Stack Software Engineers (Remote)

https://jobs.ashbyhq.com/infisical/782b9da8-20e1-48b2-919e-6c5430c58628
1•vmatsiiako•2h ago

I have officially retired from Emacs

https://nullprogram.com/blog/2026/04/26/
94•Fudgel•2d ago•53 comments

Things C++26 define_static_array can't do

https://quuxplusone.github.io/blog/2026/04/24/define-static-array/
23•jandeboevrie•2d ago•3 comments

FCC Funding Application Notes Paramount Will Be 49.5% Foreign-Owned Post-Merger

https://deadline.com/2026/04/paramount-fcc-request-wbd-merger-middle-east-1236873732/
142•throw0101c•3h ago•83 comments

GitHub Actions is the weakest link

https://nesbitt.io/2026/04/28/github-actions-is-the-weakest-link.html
137•dochtman•7h ago•31 comments

Talkie: a 13B vintage language model from 1930

https://talkie-lm.com/introducing-talkie
586•jekude•21h ago•237 comments

Deep under Antarctic ice, a long-predicted cosmic whisper breaks through

https://phys.org/news/2026-04-deep-antarctic-ice-cosmic-strange.html
90•rbanffy•1d ago•36 comments

ASML became the chokepoint for cutting-edge chips

https://worksinprogress.co/issue/the-worlds-most-complex-machine/
275•mellosouls•3d ago•165 comments

GitHub Copilot code review will start consuming GitHub Actions minutes

https://github.blog/changelog/2026-04-27-github-copilot-code-review-will-start-consuming-github-a...
179•whtsky•10h ago•130 comments

Google and Pentagon reportedly agree on deal for 'any lawful' use of AI

https://www.theverge.com/ai-artificial-intelligence/919494/google-pentagon-classified-ai-deal
198•granzymes•3h ago•198 comments

Claude.ai is unavailable

https://status.claude.com/incidents/9l93x2ht4s5w
133•shorsher•1h ago•100 comments

Anthropic Joins the Blender Development Fund as Corporate Patron

https://www.blender.org/press/anthropic-joins-the-blender-development-fund-as-corporate-patron/
194•Philpax•2h ago•158 comments

Can You Find the Comet?

https://apod.nasa.gov/apod/ap260427.html
125•ColinWright•1d ago•78 comments

UAE Leaves OPEC and OPEC+

https://www.reuters.com/markets/commodities/uae-says-it-quits-opec-opec-statement-2026-04-28/
283•TechTechTech•5h ago•149 comments

PyWry: Cross-Platform Rendering Engine in Python

https://deeleeramone.github.io/PyWry/
24•filipovic•1d ago•10 comments

AI's Economics Don't Make Sense

https://www.wheresyoured.at/ais-economics-dont-make-sense/
130•spking•2h ago•86 comments

I Spent My Sabbatical Building a Power Meter for Sledgehammers

https://leblancfg.com/intensity-pad-founder-story.html
72•alin23•1d ago•50 comments

Voice Modems

https://computer.rip/2026-04-26-voice-modems.html
61•K7PJP•1d ago•7 comments

Cybersec is a thankless job: expanding workload and shrinking pay packet

https://www.theregister.com/2026/04/27/from_a_massive_skills_gap/
53•rustoo•2h ago•29 comments

After Spain's blackout, its shift to renewables and grid evolution power on

https://www.theguardian.com/world/2026/apr/28/blackout-spain-renewable-energy-grid-solar-wind
52•lentil_soup•3h ago•13 comments

BookStack Moves from GitHub to Codeberg

https://github.com/BookStackApp/BookStack/issues/4551
57•RadiozRadioz•1h ago•10 comments
Open in hackernews

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
55•bo0tzz•2h ago

Comments

latchkey•2h ago
People keep wanting to replace GitHub, but with what?

If GH is getting RCE's this late in the game who wants to take the chance something else won't?

gtech1•1h ago
GitLab ?
latchkey•58m ago
The people who suggest gitlab, haven't used it. But I guess I could be tempted to try again...

https://status.gitlab.com/pages/history/5b36dc6502d06804c083...

chucky_z•1h ago
.... git?

replace it with git.

if you want a whole ui you can use something like forgejo which has far fewer features likely leading to less issues.

latchkey•58m ago
i want what github offers.
heliumtera•55m ago
Enjoy your experience, there will certainly be no end to it.
latchkey•52m ago
I've had my account since 2008. ¯\_(ツ)_/¯

updated: changed the date to 2008.

my account shows 2001, but that's probably from projects I moved over... proof: https://github.com/lookfirst

necubi•45m ago
GitHub launched in 2008, so that seems unlikely?
debugnik•41m ago
You probably meant Forgejo. Codeberg is a Forgejo instance exclusive for FOSS projects.
Caligatio•38m ago
I am personally now drawing a clear delineation between projects for my internal consumption (e.g. ansible scripts) and projects that have potential use for the general populace. For the prior, I now host a private Forgejo instance. For the latter, I'll put it on GitHub but mirror it to my Forgejo instance.

I was pleasantly shocked that Forgejo is literally a single binary with a relatively easy config. All my internal services reference my Forgejo instance so, if I need to bail on GitHub, it's low friction for me.

skrrtww•29m ago
A "reasonable" answer is probably a primary self-hosted Forgejo instance as the canonical forge, while using GitHub as a mirror solely to take advantage of its free CI, while that lasts, while hosting secrets with a dedicated secret-hosting provider (I don't know what the provider du jour for this is these days).
latchkey•23m ago
Replace a whole 24/7 team of devops people with myself?

As much as I'd like to believe that I'm worthy, I'm not.

skrrtww•18m ago
If the primary forge's only job is to host the actual Git infrastructure (the code, the MRs, the issues, maybe a wiki), it's a lot more simple than GitHub, and probably more within the scope of what people can reasonably administer themselves.
embedding-shape•5m ago
[delayed]
willworktill4pm•1h ago
GitHub case will be thought in schools how to screw up almost monopolistic position in the market in couple years. This is beyond bonkers.
hnlmorg•37m ago
Only if they take Skype off the syllabus first.
bananapub•1h ago
> April 28, 2026

> GitHub Enterprise Server customers should upgrade immediately - at the time of this writing, our data indicates that 88% of instances are still vulnerable

> Upgrade to GHES version 3.19.3 or later

https://docs.github.com/en/enterprise-server@3.19/admin/rele... :

> Enterprise Server 3.19.3 - March 10, 2026

88% of on-prem customers haven't applied a critical security fix from 7 weeks ago, that seems ... bad.

pixl97•1h ago
Question is how fragile the upgrade process is in large installations. In other enterprise software messing around with large amounts of data I've seen the smallest things break the install and leaving the OPs team rolling back. Was like SharePoint in the past, you were rolling a dice when upgrading it.
chucky_z•1h ago
It's incredibly fragile. It breaks a vast majority of the time and takes multiple rounds of support on-call to upgrade typically.
formerly_proven•13m ago
Unsurprising for a fourth tier on-prem created by cutting a continuously deployed application into releases.
bombcar•25m ago
If you're in the enterprise you can update something outside of the normal schedule and guarantee blow up everything (and be blamed) or you can stick with the schedule and hope for the best.

Guess which is usually picked ...

brianmcnulty•17m ago
I assume a fair amount of these on-prem customers restrict access to their GHES instance to be behind corporate VPN or something similar and are planning a date to upgrade their instance that won't affect operations.

Any public instance should update immediately though, it's not very hard to put together how to repro the vulnerability on your own from what they provide in the article and the fact that GitHub Enterprise source is publicly available.

WASDx•8m ago
I was impressed enough by AI finding vulnerabilities in source code, but doing it in binary executables is just amazing. This has so much potential, good and bad.

And yet another lesson to not treat data as instructions. Sanitize all user input!