frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Dead.Letter (CVE-2026-45185) – How XBOW found an unauthenticated RCE on Exim

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
21•fedek_•1h ago

Comments

aftbit•59m ago
Ok now do postfix
kees99•52m ago
Nah, go straight for qmail. Give it your best try.
rs_rs_rs_rs_rs•35m ago
The usable qmail got owned by AI already, the unusable one not yet!
tptacek•10m ago
Not by AI, but by humans awhile ago. I think Qualys weaponized a wontfix LP64 integer overflow in it just a couple years ago?
sys42590•9m ago
Many years ago I used Exim because it was default for my distro of choice back then. But after a few emergency patchings caused by yet another RCE in Exim I learned that switching to Postfix massively improved my sleep quality.
ofjcihen•53m ago
>What follows is, before anything else, a story. One of those old, well-worn ones.

Gag.

kro•25m ago
It says coordinated distro release today, and I've received a notice earlier today but that does not include the CVE number. That's confusing / does not seem very coordinated to release 2 separate security update notices in a day.

https://lists.debian.org/debian-security-announce/2026/msg00...

stackghost•16m ago
>The bug is a use-after-free triggered when a TLS connection is handled by GnuTLS

Color me surprised. The GNU ecosystem has had more than its fair share of CVEs over the years to the point that it's now a common trope:

https://soatok.blog/2020/07/08/gnu-a-heuristic-for-bad-crypt...

Googlebook

https://googlebook.google/
175•tambourine_man•1h ago•210 comments

CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
46•chizhik-pyzhik•51m ago•4 comments

Why senior developers fail to communicate their expertise

https://www.nair.sh/guides-and-opinions/communicating-your-expertise/why-senior-developers-fail-t...
121•nilirl•3h ago•49 comments

Rendering the Sky, Sunsets, and Planets

https://blog.maximeheckel.com/posts/on-rendering-the-sky-sunsets-and-planets/
313•ibobev•5h ago•26 comments

The Future of Obsidian Plugins

https://obsidian.md/blog/future-of-plugins/
140•xz18r•3h ago•62 comments

Reimagining the mouse pointer for the AI era

https://deepmind.google/blog/ai-pointer/
36•devhouse•1h ago•25 comments

Dead.Letter (CVE-2026-45185) – How XBOW found an unauthenticated RCE on Exim

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
22•fedek_•1h ago•8 comments

Instructure pays ransom to Canvas hackers

https://www.insidehighered.com/news/tech-innovation/administrative-tech/2026/05/11/instructure-pa...
139•Cider9986•16h ago•110 comments

Bambu Lab is abusing the open source social contract

https://www.jeffgeerling.com/blog/2026/bambu-lab-abusing-open-source-social-contract/
763•rubenbe•4h ago•268 comments

When life gives you lemons, write better error messages

https://wix-ux.com/when-life-gives-you-lemons-write-better-error-messages-46c5223e1a2f
47•luispa•3d ago•11 comments

Learning Software Architecture

https://matklad.github.io/2026/05/12/software-architecture.html
442•surprisetalk•9h ago•82 comments

Show HN: Agentic interface for mainframes and COBOL

https://www.hypercubic.ai/hopper
25•sai18•1h ago•6 comments

Screenshots of Old Desktop OSes

http://www.typewritten.org/Media/
575•adunk•13h ago•294 comments

Launch HN: Voker (YC S24) – Analytics for AI Agents

https://voker.ai
28•ttpost•3h ago•13 comments

Show HN: Needle: We Distilled Gemini Tool Calling into a 26M Model

https://github.com/cactus-compute/needle
5•HenryNdubuaku•1h ago•0 comments

The Moth Story Map

https://themoth.org/dispatches/story-map
7•jxmorris12•3d ago•0 comments

Postmortem: TanStack NPM supply-chain compromise

https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
1028•varunsharma07•21h ago•433 comments

Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare

https://www.eff.org/deeplinks/2026/05/canadas-bill-c-22-repackaged-version-last-years-surveillanc...
59•Brajeshwar•1h ago•20 comments

Show HN: Statewright – Visual state machines that make AI agents reliable

https://github.com/statewright/statewright
13•azurewraith•4h ago•5 comments

Text Blaze (YC W21) Is Hiring for a No-AI Summer Internship

https://www.ycombinator.com/companies/text-blaze/jobs/P4CCN62-the-blaze-no-ai-summer-internship
1•scottfr•7h ago

The Real Story of Troy

https://storica.club/blog/troy-was-real/
25•cemsakarya•2d ago•13 comments

Profiling.sampling – Statistical Profiler

https://docs.python.org/3.15/library/profiling.sampling.html#module-profiling.sampling
74•djoldman•2d ago•21 comments

The Surprisingly Long Life of the Vacuum Tube

https://www.construction-physics.com/p/the-surprisingly-long-life-of-the
45•surprisetalk•1d ago•26 comments

eBay Rejects GameStop's $56B Takeover as Not Credible

https://www.bloomberg.com/news/articles/2026-05-12/ebay-rejects-gamestop-s-56-billion-takeover-as...
178•voisin•3h ago•160 comments

They Live (1988) inspired Adblocker

https://github.com/davmlaw/they_live_adblocker
500•tokenburner•18h ago•159 comments

If AI writes your code, why use Python?

https://medium.com/@NMitchem/if-ai-writes-your-code-why-use-python-bf8c4ba1a055
809•indigodaddy•22h ago•846 comments

Testing UPS Output Waveforms

https://www.lttlabs.com/articles/2026/05/12/ups-exploration
18•LabsLucas•2h ago•7 comments

Amazon employees are "tokenmaxxing" due to pressure to use AI tools

https://arstechnica.com/ai/2026/05/amazon-employees-are-tokenmaxxing-due-to-pressure-to-use-ai-to...
169•Bender•2h ago•149 comments

Show HN: Gigacatalyst – Extend your SaaS with an embedded AI builder

20•namanyayg•2h ago•7 comments

EU to crack down on TikTok, Instagram's 'addictive design' targeting kids

https://www.cnbc.com/2026/05/12/tiktok-instagram-social-media-addictive-eu-crack-down.html
427•thm•8h ago•379 comments