frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Ghostty is leaving GitHub

https://mitchellh.com/writing/ghostty-leaving-github
2561•WadeGrimridge•13h ago•750 comments

Bugs Rust won't catch

https://corrode.dev/blog/bugs-rust-wont-catch/
276•lwhsiao•7h ago•115 comments

Tell HN: An update from the new Tindie team

26•altairprime•1h ago•9 comments

HardenedBSD Is Now Officially on Radicle

https://hardenedbsd.org/article/shawn-webb/2026-04-26/hardenedbsd-officially-radicle
61•lftherios•2h ago•7 comments

Soft launch of open-source code platform for government

https://www.nldigitalgovernment.nl/news/soft-launch-for-government-open-source-code-platform/
5•e12e•16m ago•0 comments

How ChatGPT serves ads

https://www.buchodi.com/how-chatgpt-serves-ads-heres-the-full-attribution-loop/
333•lmbbuchodi•9h ago•225 comments

Before GitHub

https://lucumr.pocoo.org/2026/4/28/before-github/
464•mlex•12h ago•142 comments

Show HN: Rocky – Rust SQL engine with branches, replay, column lineage

https://github.com/rocky-data/rocky
54•hugocorreia90•18h ago•3 comments

Show HN: Auto-Architecture: Karpathy's Loop, pointed at a CPU

https://github.com/FeSens/auto-arch-tournament/blob/main/docs/auto-arch-tournament-blog-post.md
147•fesens•16h ago•31 comments

Withnail's Coat and I

https://ontherow.substack.com/p/withnails-coat-and-i
69•apollinaire•1d ago•3 comments

Low-Compilation-Cost Register Allocation in LLVM-Based Binary Translation

https://dl.acm.org/doi/abs/10.1145/3767295.3803591
26•matt_d•2h ago•0 comments

OpenAI models coming to Amazon Bedrock: Interview with OpenAI and AWS CEOs

https://stratechery.com/2026/an-interview-with-openai-ceo-sam-altman-and-aws-ceo-matt-garman-abou...
273•translocator•14h ago•88 comments

We still don't have a more precise value for "Big G"

https://arstechnica.com/science/2026/04/we-still-dont-have-a-more-precise-value-for-big-g/
64•rbanffy•1d ago•38 comments

I won a championship that doesn't exist

https://ron.stoner.com/How_I_Won_a_Championship_That_Doesnt_Exist/
170•SEJeff•12h ago•84 comments

Gallium oxide electronics withstand extreme cold

https://discovery.kaust.edu.sa/en/article/26858/gallium-oxide-electronics-withstand-extreme-cold/
44•giuliomagnifico•1d ago•1 comments

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
356•bo0tzz•17h ago•76 comments

Who owns the code Claude Code wrote?

https://legallayer.substack.com/p/who-owns-the-claude-code-wrote
403•senaevren•22h ago•379 comments

Regression: malware reminder on every read still causes subagent refusals

https://github.com/anthropics/claude-code/issues/49363
215•thomashobohm•9h ago•110 comments

Behavioral timescale synaptic plasticity rewires the brain after an experience

https://www.quantamagazine.org/a-new-type-of-neuroplasticity-rewires-the-brain-after-a-single-exp...
116•ibobev•1d ago•3 comments

Intel Arc Pro B70 Review

https://www.pugetsystems.com/labs/articles/intel-arc-pro-b70-review/
166•zdw•5d ago•100 comments

Your phone is about to stop being yours

https://keepandroidopen.org/en/
1365•doener•18h ago•617 comments

Talkie: a 13B vintage language model from 1930

https://talkie-lm.com/introducing-talkie
705•jekude•1d ago•281 comments

Apple CMF (Color-Matching Functions) 2026

https://www.lttlabs.com/articles/2026/04/11/apple-studio-display-xdr-display-testing-results
66•HeyMeco•9h ago•2 comments

Warp is now open-source

https://www.warp.dev/blog/warp-is-now-open-source
271•meetpateltech•17h ago•73 comments

When the Internet Was a Place

https://www.frontporchrepublic.com/2025/09/when-the-internet-was-a-place/
56•herbertl•7h ago•14 comments

Show HN: Drive any macOS app in the background without stealing the cursor

https://github.com/trycua/cua
130•frabonacci•17h ago•30 comments

Localsend: An open-source cross-platform alternative to AirDrop

https://github.com/localsend/localsend
847•bilsbie•21h ago•251 comments

An update on GitHub availability

https://github.blog/news-insights/company-news/an-update-on-github-availability/
393•salkahfi•23h ago•236 comments

I have officially retired from Emacs

https://nullprogram.com/blog/2026/04/26/
238•Fudgel•3d ago•154 comments

UAE to leave OPEC

https://www.ft.com/content/8c354f2d-3e66-47f1-aad4-9b4aa30e386d
430•bazzmt•20h ago•553 comments
Open in hackernews

Wire to Replace Signal as Standard in the Bundestag

https://www.heise.de/en/news/Digital-Sovereignty-Wire-to-Replace-Signal-as-Standard-in-the-Bundestag-11275755.html
43•raffael_de•2h ago

Comments

internet_points•1h ago
Wire seems fine, better than many alternatives, but ditching Signal because of the possibility for phishing seems very odd?
iugtmkbdfil834•1h ago
As an argument, it barely passes initial scrutiny suggesting the real reason is not that.
tosti•1h ago
My tin foil hat says it has something to do with chat control, i.e. being able to intercept messages or to siphon messages from Alice or Bob directly.
rrr_oh_man•43m ago
Ding ding ding
internet_points•41m ago
She's suggesting her own group of contacts should switch to something that makes it easier to intercept her own messages?
Grumbledour•55m ago
The bundestags president, Julia Klöckner, was recently a victim of phishing on signal. While there could be different motives behind her suggestion, I think they are just another facet of her not really understanding technology and security practices.

She thinks she was "hacked" on signal, and now wants to switch to something which is clearly better! Let's wait where she will want to go once she gets "hacked" there too...

While there are valid reasons for germans not to want their politicians to use private messenger apps on their private phones for official business, and american ones at that, this switch would of course change nothing about all of these problems. But at least they can claim they did something, right?

iugtmkbdfil834•26m ago
<< While there are valid reasons for germans not to want their politicians to use private messenger apps on their private phones for official business, and american ones at that,

Personally, I am starting to think we should ban politicians from using smartphones altogether possibly followed by other technological restrictions. It is part of my: "They Will Hate it: Good" portfolio of ideas to improve the world or at least make it a little more funny.

beeforpork•57m ago
Odd? No, it's normal politician behaviour. Julia Klöckner herself got hacked because she is not aware of phishing. To distract from her incompetence, she urges to switch to Wire to implicitly blame Signal. It's obvious what's going on, but people have so little knowledge about digital communication and security that she will get away with it. Poor woman got hacked by insecure Signal, people will remember.
eembees•1h ago
> The Bundestag administration actively provides Wire as an alternative to commercial platforms such as WhatsApp or Signal.

Any idea why Signal is deemed a "commercial platform" by DBT administration?

anthonj•1h ago
It's owned by an American no-prrofit with a dedicated subsidiary, so still a commercial product and (more relevant) usa-based with all the potential implications. Wire is for profit but german-swiss.
mr_mitm•1h ago
Wire is also a commercial product though
zarzavat•59m ago
It's a commercial entity that is within EU jurisdiction, whereas Signal is within US jurisdiction. The distinction is important if for example a hostile country were to invade the territory of an EU member state, let's say a large island...
dmos62•1h ago
Anybody care to give their take on which alternative messengers are better for everyday use? Alternative as in not owned by mega corps. Does Signal have the best UX for non-technical people or casual use? Would be nice to move some conversations over to such a messenger, but don't want to force the other parties to experiment too much.
jraph•1h ago
Are Wire, Signal, Telegram backed by mega corps though?
dmos62•1h ago
I meant that as some candidates that aren't backed by mega corps.
jraph•52m ago
Ah, okay. I see you rephrased.
dmos62•49m ago
Yeah, sorry for omitting an edit message.
boredishBoi•1h ago
Beeper is owned by Automattic (of Wordpress fame). They’re a corp but I wouldn’t call them mega and they use matrix which is an open federated protocol.

You can run your own matrix server but tbh it’s easier for someone else to do it.

Not to mention the obvious advantages of their bridges into the closed networks of WhatsApp/fb/x/instagram etc

fsflover•1h ago
https://matrix.org
throawayonthe•52m ago
signal 100% has the best UX for non-technical users out of messengers i'd actually consider reasonably secure

the best on ux is probably telegram, but i'm trying to move a few people off it anyway

Mashimo•44m ago
I have 70+ year old relatives who use Signal. It works quite nice. Similar to whatsapp.
Markoff•33m ago
the ones most of your contacts use, what's the point finding perfect messenger if nobody you know use it and you must move people over there and anyway keep installed other app for most of the contacts?

here you have chart comparison

https://www.messenger-matrix.de/messenger-matrix-en.html

and alternative

https://www.securemessagingapps.com

personally I like Element (Matrix) and Threema

edit: btw. signal best UX? do they finally show users how to force send unencrypted SMS or you still have figure it out with google? I remember their great UX when they were forcing PIN verification with nag screens taking half or whole screen, which was the last drop I moved with whole family away from that PoS, let alone how unreliable it was, whole network down because admin in US sleeping waiting hours until he fix it, their approach (aka hatred) to users reminds me Firefox devs, left Signal even before it became popular

hutattedonmyarm•14m ago
I'd say that Threema has better UX than Signal, but both are fine. Neither great, but fine
delis-thumbs-7e•1h ago
This site seems to demand cookie consent for access (is that legal in EU anyway?) so can somepne provode tl;dr?
victorbjorklund•1h ago
It is a grey zone. Some of the data protection authorities in EU have said that it's okay to do pay or consent while others have said it's not okay and it hasn't been tested by the EU court yet.
Grumbledour•52m ago
I think the law is actually pretty clear on that front, that it is not ok, but in the meantime, all the big publishers do it and make so much money, they actually don't care much about fines, especially given the chance they might get levied against a competitor first, at which point they can quickly change that behaviour.

As so often, the biggest GDPR problem is missing enforcement.

solarkraft•38m ago
It’s called “pay or okay” and condemned by noyb: https://noyb.eu/en/noybs-pay-or-okay-report-how-companies-ma...

But actual enforcement of GDPR has always been shoddy. First the “legitimate use” loophole, now this.

It’s a bit ironic that heise does this, since they probably have one of the most sensitive readerships to this.

fmajid•19m ago
The EU Data Protection Board, which unlike noyb is an official part of the EU, albeit not from the judicial branch, has also come out against pay-or-consent.
crimsoneer•1h ago
This seems silly. Signal is great, let's not all start spinning up our own dedicated, not interoperable national messenger applications.
dmos62•1h ago
Europe wants to use European infrastructure. Reasons given are politeness.
PeterSmit•59m ago
Which makes total sense given the current political situation.
otabdeveloper4•51m ago
Kumbaya?

Good idea, let's all live in peace and harmony. (But first we need to sanction and regime change all the bad countries.)

Grumbledour•48m ago
The problem though is, using undocummented communication channels on private phones by people not technically inclined. That Signal is an american company and subject to NSA scrutiny while the users a politicians of a foreign goverment only makes this worse.

So, national messengers, controlled by experts, that archive communication and run on trusted hardware, would be the best solution for the work of democratic goverments I would think.

Of course, the possibility of software quality and security experts in service of the goverment is probably just wishful thinking.

c0l0•51m ago
One of my most esteemed former co-workers used to say that whenever you succeed in making something idiot-proof, the universe will create a better idiot, undoing any progress you made.
vidarh•27m ago
I'm very curious where that saying comes from now. I haven't found anything conclusive, like [1]'s friend I thought it might have been Douglas Adams, but a few references refers to it as "Grave's Law". After a few searches, I can't find any references to that which I can date further back than '99. But variants of the saying is at least as old as '89 (Rick Cook's version in [1]), but it's the kind of thing that sounds like a sufficiently "obvious" extension of the far older view that human stupidity has no bounds that it feels surprising if it is that recent.

[1] https://www.samyoung.co.nz/2025/03/building-better-idiot.htm...

episodeiv•4m ago
The form I know is attributed to Douglas Adams[1]:

“A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.”

[1] https://www.goodreads.com/quotes/6711-a-common-mistake-that-...

arianvanp•51m ago
Working on the foundation of this (getting Wire deployed at and certified by the BSI) was my first job out of college 7 years ago and how I ended up in Berlin. And once you end up in Berlin you can never leave, it seems.

I was actually on site at the Bundeskanzleramt and they had requirements of being able to install the entire server stack airgapped. We ended up building quite a cool delivery method based on Nix to ship the whole closure of the system and the containers inside and spin up a Kubernetes cluster with it. I'm wondering if it is still being used.

Amazing to see it's still going strong :)

rrr_oh_man•44m ago

  > first job out of college 7 years ago
  > Amazing to see it's still going strong
Yup, sounds like a government project...
looperhacks•22m ago
The earliest doc I can find quickly shows that the BSI already recommended Wire in 2021 (at least; couldn't find anything earlier). The actual authorization seemed to have happened some time in 2024, but it's possible that just nobody asked for the formal approval before that.

What I'm saying is - just because the BSI authorizes something, doesn't mean that it has to reach the Bundestag ;)

raihansaputra•37m ago
What was the media for updates? Send them a CD or a flashdisk and they plug it in? I assume the PVC backing etc they handle on their own?
arianvanp•3m ago
Yes, updates were delivered using a flash drive.

> PVC backing

Yeh. But wire's storage is based on Cassandra which handles replication of storage. So you could deploy it on local nvme drives as well using a local storage CSI.

That's also how the wire.com cloud is/was run. Large Cassandra cluster on top of EC2 Instance Store as opposed to EBS.

Arathorn•43m ago
there is a definite irony in switching from being vendorlocked to Signal (open source but closed and locked to a US non-profit) to being vendorlocked to Wire (open source but closed and locked to a German/Swiss for-profit) - talk about jumping from the frying pan into the fire :)

Meanwhile the rest of Europe (and much of the rest of Germany) seems to have converged on Matrix as a genuine open standard with various different commercial vendors (Element, Rocket Chat, Famedly, connect2x etc), avoiding vendor lock and so giving actual digital sovereignty: https://element.io/matrix-in-europe

Havoc•38m ago
> often, the technology is not the weak point, but the human.

Also doesn’t help that the humans doing the legislating tend to be of the “I print out my emails” generation

looperhacks•5m ago
Now, I'm pretty confident to say that this is obviously just a red herring to distract from the fact that Frau Klöckner simply fell for a phishing attack. The usage of Signal wasn't the real problem (besides that it isn't formally approved for comms).

But since this whole ordeal started, I'm divided where to place the blame (besides the attacker, of course):

- Can we really victim-blame someone for falling for an attack? Sure, people in positions this important should know better, but I don't think we should put the blame on the victim. - Should we blame Signal for even providing the functionality that allowed the phishing in the first place? Signal announced changes that supposedly makes phishing harder, so apparently, something could've been improved before? - Should we blame the software-world entirely that having credentials that can be shared is even a thing? (Looking at passkeys) - Should we blame society that the knowledge about phishing attacks isn't ingrained into every person? (being a bit hyperbolic here) - Should we blame the administrative staff that allowed exposed politicians to even have apps that make phishing possible? It would be possible to make a super-secure messenger that needs much more verification than just "having the credentials". It's just super annoying and impractical for most people. Should we prevent exposed politicians from even having access to not super-secure messengers?

I feel like things could be improved to prevent phishing attacks in the future. I just don't know what is the most sensible point to start.