frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Internet Archive Switzerland

https://internetarchive.ch/
407•hggh•7h ago•57 comments

CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers

https://www.copahost.com/blog/cpanels-black-week-three-new-vulnerabilities-patched-after-ransomwa...
53•ggallas•2h ago•28 comments

Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc

https://twitter.com/jarredsumner/status/2053047748191232310
36•heldrida•9h ago•83 comments

I Will Not Add Query Strings to Your URLs

https://susam.net/no-query-strings.html
64•susam•3h ago•24 comments

Show HN: I wrote a flight simulator in my own programming language

https://github.com/navid-m/flightsim
50•pizza_man•2d ago•13 comments

Zed Editor Theme-Builder

https://zed.dev/theme-builder
46•cuechan•2h ago•19 comments

LLMs corrupt your documents when you delegate

https://arxiv.org/abs/2604.15597
267•rbanffy•10h ago•102 comments

Google broke reCAPTCHA for de-googled Android users

https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
1378•anonymousiam•1d ago•499 comments

PipeDream on the Acorn Archimedes

https://stonetools.ghost.io/pipedream-archimedes/
55•msephton•4h ago•18 comments

Distributing Mac software is increasing my cortisol levels

https://blog.kronis.dev/blog/apple-is-increasing-my-cortisol-levels
59•LorenDB•5h ago•32 comments

The hypocrisy of cyberlibertarianism

https://matduggan.com/the-intolerable-hypocrisy-of-cyberlibertarianism/
175•ColinWright•5h ago•127 comments

The ROKR wooden typewriter: a closer look

http://writingball.blogspot.com/2026/05/the-rokr-wooden-typewriter-closer-look.html
7•speckx•2d ago•0 comments

Using Claude Code: The unreasonable effectiveness of HTML

https://twitter.com/trq212/status/2052809885763747935
369•pretext•14h ago•223 comments

How LEDs are made (2014)

https://learn.sparkfun.com/tutorials/how-leds-are-made/all
104•smig0•2d ago•14 comments

Mythical Man Month

https://martinfowler.com/bliki/MythicalManMonth.html
306•ingve•2d ago•178 comments

A recent experience with ChatGPT 5.5 Pro

https://gowers.wordpress.com/2026/05/08/a-recent-experience-with-chatgpt-5-5-pro/
535•_alternator_•17h ago•395 comments

OpenAI’s WebRTC problem

https://moq.dev/blog/webrtc-is-the-problem/
436•atgctg•2d ago•137 comments

America's carpet capital: an empire and its toxic legacy

https://apnews.com/projects/pfas-forever-stained/
137•rawgabbit•3d ago•81 comments

GrapheneOS fixes Android VPN leak Google refused to patch

https://cyberinsider.com/grapheneos-fixes-android-vpn-leak-google-refused-to-patch/
163•Georgelemental•5h ago•49 comments

Introduction to Beaver Triples

https://stoffelmpc.com/stoffel-blog/beaver-triples-tuples
11•badcryptobitch•3h ago•5 comments

David Attenborough's 100th Birthday

https://www.bbc.com/news/articles/cp3pww9g0p5o
803•defrost•1d ago•154 comments

Building the TD4 4-Bit CPU

https://jayakody2000lk.blogspot.com/2026/05/building-td4-4-bit-cpu.html
39•zdw•2d ago•11 comments

Show HN: Create flashcards with Space CLI

https://getspace.app/cli
4•friebetill•5h ago•0 comments

Reviving the IBM Selectric Composer Fonts (2023)

https://www.kutilek.de/selectric/
58•tangus•3d ago•5 comments

What causes lightning? The answer keeps getting more interesting

https://www.quantamagazine.org/what-causes-lightning-the-answer-keeps-getting-more-interesting-20...
163•Tomte•3d ago•40 comments

Show HN: Mochi.js: bun-native high-fidelity browser automation library

https://mochijs.com/
16•ccheshirecat•5h ago•11 comments

Wi is Fi: Understanding Wi-Fi 4/5/6/6E/7/8 (802.11 n/AC/ax/be/bn)

https://www.wiisfi.com/
344•homebrewer•3d ago•91 comments

Meta's Embrace of A.I. Is Making Its Employees Miserable

https://www.nytimes.com/2026/05/08/technology/meta-ai-employees-miserable.html
14•JumpCrisscross•1h ago•1 comments

Killswitch: Per-function short-circuit mitigation primitive

https://lwn.net/ml/all/20260507070547.2268452-1-sashal@kernel.org/
71•signa11•10h ago•19 comments

AI is breaking two vulnerability cultures

https://www.jefftk.com/p/ai-is-breaking-two-vulnerability-cultures
402•speckx•1d ago•160 comments
Open in hackernews

CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers

https://www.copahost.com/blog/cpanels-black-week-three-new-vulnerabilities-patched-after-ransomware-attack-on-44000-servers/
49•ggallas•2h ago

Comments

operatingthetan•1h ago
People are still using cpanel?
kiritanpo•1h ago
Most shared hosting plans use cpanel. It's still widely used yes for a lot of smaller websites.
ilia-a•1h ago
I wonder how much shared hosting is there really left, I imagine much of it move to VPS or cheap cloud boxes.
omnimus•1h ago
I highly doubt that. It's giant market and with these custom small sites made by third parties you actually want to have client owned hosting and third parties who deploy to that hosting. Clients have learned to separate these otherwise the third party can have huge leverage (your business and all data is ours).
dawnerd•52m ago
And even if it doesn’t look like it chances are it still is with a fancier ui on top.
xp84•1h ago
There are a lot of things that have been up for decades. The ROI on moving a simple PHP or static website to new hosting situation hasn’t been that compelling… though that could change. Thing is, I suspect most users of shared hosting which is Cpanel’s bread and butter are not reading the latest cybersecurity news.
TZubiri•1h ago
The ROI has just increased by like 10x or 100x this week.
ramesh31•1h ago
CPanel on shared hosting running WordPress PHP is literally half of the entire internet still.
whatsupdog•1h ago
Half of the entire internet is Meta properties.
fmbb•1h ago
That’s the other half.

Coincidentally also PHP.

Shish2k•45m ago
Facebook started out PHP; but they ship-of-theseus'ed it into Hack by replacing the standard library, the language, and the runtime engine, so now it's a totally different thing with only a few superficial similarities (FWIW IMO Hack is much better than PHP, I'm sad that it never gained traction...)
ceejayoz•10m ago
Much of what was good in Hack just got rolled into PHP.
walrus01•7m ago
And if it's not cpanel, it's Plesk
anonzzzies•1h ago
CPanel and hosters who use them are in big trouble now; there are millions of servers running them, many of them for decades. Their clients can run code as an user without much sandboxing/guardrails at all.
breakingcups•1h ago
Such a different era.
omnimus•1h ago
If you look at the usage numbers, you could argue we are still in that era.
addedGone•47m ago
I miss this era, we overcomplicated everything
zuzululu•1h ago
Ages ago I used php-nuke to manage my forum and it got hacked and I thought it would get taken seriously

Seeing these CPanel hacks remind me how old these codebases are and how much more vulnerability remain

dainiusse•1h ago
I don't agree that "old" necessarily implies vulnerability.
pixl97•1h ago
I mostly disagree on your disagreement unless the entire project was based on top security practices and good code in the first place. The vast majority of these web panels are a security nightmare.
omnimus•1h ago
These PHP systems be it cPanel, wordpress or PHP itself are most likely the biggest target besides windows. It's incredibly uncool stack especially here but it is running most of the "independent" small web.

They cannot be that bad if they are managing to be ductape of the internet.

anamexis•1h ago
How does that follow?
cinntaile•44m ago
They have a big target on their back so the low hanging fruit is (mostly) gone.
hvb2•56m ago
> They cannot be that bad if they are managing to be ductape of the internet.

I think there are just a whole lot of tools written for them. So non devs can spin things up and click some things together.

Is that safe and secure? Maybe, if the devs did their work well. But I'm positive no one reads the docs on how to configure something securely.

I think the real reason is that it's very cheap to host, and always has been

ChocolateGod•47m ago
cPanel is Perl.
Meekro•25m ago
I've done PHP development for over 20 years, including some pretty large projects. I've never had a situation where a security flaw in PHP itself forced me to scramble to patch something before it got hacked.

On the other hand, for my Linux servers, I had to do that twice in the last month with CopyFail and DirtyFrag.

TZubiri•1h ago
The concept of a GUI wrapper on top of the Linux ecosystem is what's broken.

Not because of a fundamental limitation of that architecture, but because in practice the type of people that will use it do not want to learn or develop the necessary skills to administer it, and critical information like man pages and parameter lists are hidden.

You can't take shortcuts without consequences.

ricardonunez•36m ago
Of course is the architecture and the creator of such a thing, isn’t the point of a tool like that for users that don’t have the tech knowledge? I have only used those systems on shared hosting, host providers are the one maintaining and should be keeping them up to date and WHM/Cpnel have plenty of customers to worry too patch holes, if they can’t then who’s fault is it, Architecture, or provider? Hope is the customers fault?