frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Canvas (Instructure) LMS Down in Ongoing Ransomware Attack

https://www.theverge.com/tech/926458/canvas-shinyhunters-breach
114•stefanpie•2h ago•12 comments

Dirtyfrag: Universal Linux LPE

https://www.openwall.com/lists/oss-security/2026/05/07/8
367•flipped•5h ago•170 comments

Maybe you shouldn't install new software for a bit

https://xeiaso.net/blog/2026/abstain-from-install/
60•psxuaw•1h ago•14 comments

The Burning Man MOOP Map

https://www.not-ship.com/burning-man-moop/
516•speckx•10h ago•275 comments

Agents need control flow, not more prompts

https://bsuh.bearblog.dev/agents-need-control-flow/
303•bsuh•7h ago•165 comments

Researchers discover advanced language processing in the unconscious human brain

https://www.bcm.edu/news/researchers-discover-advanced-language-processing-in-the-unconscious-hum...
14•hhs•1h ago•0 comments

Building for the Future

https://blog.cloudflare.com/building-for-the-future/
212•PriorityLeft•4h ago•129 comments

Natural Language Autoencoders: Turning Claude's Thoughts into Text

https://www.anthropic.com/research/natural-language-autoencoders
175•instagraham•6h ago•56 comments

AlphaEvolve: Gemini-powered coding agent scaling impact across fields

https://deepmind.google/blog/alphaevolve-impact/
238•berlianta•9h ago•91 comments

DeepSeek 4 Flash local inference engine for Metal

https://github.com/antirez/ds4
269•tamnd•8h ago•84 comments

AI slop is killing online communities

https://rmoff.net/2026/05/06/ai-slop-is-killing-online-communities/
407•thm•5h ago•395 comments

Nonprofit hospitals spend billions on consultants with no clear effect

https://www.uchicagomedicine.org/forefront/research-and-discoveries-articles/nonprofit-hospitals-...
13•hhs•1h ago•4 comments

OpenClaw Had a Rough Week

https://openclaw.ai/blog/openclaw-rough-week
29•kevincortes•2h ago•36 comments

Two Home Affairs officials suspended after AI 'hallucinations' found

https://www.citizen.co.za/news/home-affairs-officials-suspended-ai-hallucinations/
47•jruohonen•4h ago•12 comments

I want to live like Costco people

https://tastecooking.com/i-want-to-live-like-costco-people/
212•speckx•9h ago•453 comments

Rolling the Root Key

https://blog.apnic.net/2026/05/05/rolling-the-root-key/
13•jandeboevrie•2d ago•2 comments

Chrome removes claim of On-device Al not sending data to Google Servers

https://old.reddit.com/r/chrome/comments/1t5qayz/chrome_removes_claim_of_ondevice_al_not_sending/
444•newsoftheday•8h ago•168 comments

Hackers deface school login pages after claiming another Instructure hack

https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instru...
12•Veiled•2h ago•1 comments

Tools in the Grass: Raising the next generation of crafts person

https://www.popularwoodworking.com/editors-blog/tools-in-the-grass/
23•NaOH•2d ago•2 comments

Principles for agent-native CLIs

https://twitter.com/trevin/status/2051316002730991795
51•blumpy22•6h ago•29 comments

Colored Shadow Penumbra

https://chosker.github.io/blog/colored-shadow-penumbra
30•ibobev•5h ago•12 comments

PySimpleGUI 6

https://github.com/PySimpleGUI/PySimpleGUI
85•geophph•2d ago•42 comments

RaTeX: KaTeX-compatible LaTeX rendering engine in pure Rust

https://ratex.lites.dev/
157•atilimcetin•3d ago•87 comments

The Self-Cancelling Subscription

https://predr.ag/blog/the-self-cancelling-subscription/
140•surprisetalk•10h ago•60 comments

Creating for a niche

https://www.davesnider.com/posts/working-in-a-niche
24•snide•5h ago•2 comments

Easy Random Trees

https://blog.wilsonb.com/posts/2026-02-27-easy-random-trees.html
18•aebtebeten•2d ago•2 comments

Show HN: TRUST – Coding Rust like it's 1989

https://github.com/wojtczyk/trust
116•wojtczyk•18h ago•72 comments

GovernGPT (YC W24) Is Hiring Engineers to Build Thinking Systems in Montreal

https://www.ycombinator.com/companies/governgpt/jobs/hRyltS0-backend-engineer-thinking-systems
1•owalerys•12h ago

OurCar: What I learned making an app for my family

https://mendelgreenberg.com/posts/ourcar/
98•chabad360•1d ago•71 comments

Boris Cherny: TI-83 Plus Basic Programming Tutorial (2004)

https://www.ticalc.org/programming/columns/83plus-bas/cherny/
186•suoken•3d ago•83 comments
Open in hackernews

Maybe you shouldn't install new software for a bit

https://xeiaso.net/blog/2026/abstain-from-install/
59•psxuaw•1h ago

Comments

cyanydeez•49m ago
but we were just last month asking where all that great productivity was coming with the AI wave, and now everyones got some AI bit and bob that was vibe coded with the idea that the cloude providers have an endless stream of capacity for the endless slop trough we're all dying to dine at.
_--__--__•41m ago
? This is related to a vulnerability that was introduced to the Linux kernel in 2017.
ChrisClark•20m ago
What?
femiagbabiaka•45m ago
Yes, and, for non-personal machines or anything connected to the internet: now is a great time to get good at rolling out patches and new releases quickly.
cookiengineer•37m ago
Fun fact: You still can't build the vllm container with updated dependencies since llmlite got pwned. Either due to regression bugs, or due to impossible transient dependencies in the dependency tree that are not resolvable. There is just too much slopcode down the line, and too many dependencies relying on pinned outdated (and unpublished) dependencies.

I switched to llama.cpp because of that.

To me it feels more and more that the slopcode world is the opposite philosophy of reproducible builds. It's like the anti methodology of how to work in that regard.

Before, everyone was publishing breaking changes in subminor packages because nobody adhered to any API versioning system standards. Now it's every commit that can break things. That is not an improvement.

2ndorderthought•8m ago
Write only code is such a bad bad idea. No one is reviewing 20k loc PRS with 15 new dependencies in an afternoon. Sorry it's just not happening I don't care how many years you have been a software engineer. Yet that's the new thing and how we all are supposed to work or else we are all Luddites.
fkarg•33m ago
the lottery of either getting a new supply-chain attack or the fixes from Mythos with every single update
cbarnes99•27m ago
It really pisses me off that responsible disclosure timelines are being ignored.
roxolotl•24m ago
The dirty frag repo says:

> Because the responsible disclosure schedule and the embargo have been broken, no patch exists for any distribution.

I had to do a double take reading that. It’s written something happened and prevented them from following a schedule but seemingly they chose to release the information. I hope I’m missing something where it was forcibly disclosed elsewhere.

Edit: Moments later I refreshed the homepage and saw the announcement. They do claim to have consulted with maintainers

bellowsgulch•18m ago
if you don't already consider responsible disclosure a quaint idea, you may want to grow warm on it

the idea that it exists at all is more or less a gentleman's agreement in the engineering world anyway

cperciva•17m ago
Alternatively, switch to an operating system like FreeBSD which doesn't take a YOLO approach to security. Security fixes don't just get tossed into the FreeBSD kernel without coordination; they go through the FreeBSD security team and we have binary updates (via FreeBSD Update, and via pkgbase for 15.0-RELEASE) published within a couple minutes of the patches hitting the src tree. (Roughly speaking, a few seconds for the "I've pushed the patches" message to go out on slack, 10-30 seconds for patches to be uploaded, and up to a minute for mirrors to sync).
eahm•10m ago
Also funny they never show Debian in those tests/videos.
juujian•5m ago
How so?
AgentME•2m ago
There's already an okay solution to supply-chain attacks against dependency managers like npm, PyPI, and Cargo: set them to only install package versions that are more than a few days old. The recent high-profile attacks were all caught and rolled back within a day, so doing this would have let you safely avoid the attacks. It really should be the default behavior. Let self-selected beta testers and security scanner companies try out the newest versions of packages for a day before you try them. Instructions: https://cooldowns.dev/