frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Matt's Script Archive: The Scripts That Reshaped the Web

https://tedium.co/2026/06/22/matts-script-archive-retrospective/
13•1317•2d ago

Comments

kristopolous•1h ago
I totally remember this site...there were a bunch of themed collection sites of various scripts back then. I'd definitely say this is on the same timeline as dockerhub, npm.org and pypi or at that time, cpan (which still exists of course).
Twirrim•1h ago
Working for an ISP in the mid 00s, the lack of security of those scripts was an absolute nightmare. It was a routine task to have to go clean up the mess they made, everything from simple "Being used to relay spam" on up.
kstrauser•1h ago
About once a week: "Why is our outbound bandwidth saturated? Oh, look! A new FormMail exploit!"

I think my all-time favorite was an SMTP injection. I don't remember the exact details, but it was pretty close to this:

* The script accepted a form POST and decoded it.

* It opened a pipe to sendmail.

* It wrote the expected SMTP headers to sendmail's stdin.

* Then it wrote the decoded POST body as-is into sendmail's stdin.

Thing is, that method used in-band signaling. This is the part I forget exactly, but you could send in the POST body:

  Blah blah
  
  .
  
  
  To: [1,000 email addresses]
  From: root@localhost
  Subject: LOL spam
  
  Haha suckers
That period on a line of its own, followed by two newlines, told sendmail "this message is done. Now listen for the next command." Then it sent the new SMTP headers with whatever damage the attacker wanted to do, and sendmail would obediently process it as though that were the original message.

We learned that one the fun way.

arscan•1h ago
I remember Matt’s Scripts Archive as an absolute gold mine for learning how to make web applications through example in the pre-PHP days, which was pretty challenging when all you had to work with is CGI and maybe SSI if your hosting provider was particularly advanced. It’s what got me started as a web application developer 30+ years ago. I guess I probably learned about security the hard way by following his examples. But it got me headed broadly in the right direction I think.

I remember being very proud of how I extended his forum software to support threaded messaging and pagination.

madrox•1h ago
This takes me back. In the 90s there wasn't exactly a lot of web app programming going on, and it was hard to find a web host willing to let you run scripts through CGI. This was my first introduction to perl and the idea of dynamically building web pages. I adapted WWWBoard into a web chat that was "real time" using html refresh tags. Really inspired the rest of my career. Was for lots of people.

Not sure how I feel about the author trying to use Matt's Script Archive's bugginess and popularity to make a point about vulnerabilities and vibe coding. The web was simply just a very different place back then. Even viruses were more about hackers showing off their skills than the industral malware complex we have today. Bots weren't scanning the whole web for wp-admin.php. No one was really entering credit cards on web pages. If your site got hacked, it got graffiti'd and it was embarrassing, but no one used it to hawk bitcoin.

Likening vibe apps to WWWBoard is simply ignoring the climate and times each are a part of.

tonyoconnell•49m ago
A blast from the past. I used his scripts for sending email from forms. The internet was a very nice place back then.
tgorgolione•3m ago
There should be a historic websites society, like the historic places societies we have that preserve and mark certain areas with information about them.

LuaJIT 3.0 proposed syntax extensions

https://github.com/LuaJIT/LuaJIT/issues/1475
81•phreddypharkus•2h ago•38 comments

OpenAI unveils its first custom chip, built by Broadcom

https://techcrunch.com/2026/06/24/openai-unveils-its-first-custom-chip-built-by-broadcom/
570•jamdesk•9h ago•343 comments

Anthropic says Alibaba illicitly extracted Claude AI model capabilities

https://www.reuters.com/world/china/anthropic-says-alibaba-illicitly-extracted-claude-ai-model-ca...
123•htrp•7h ago•214 comments

Blogging can just be stating the obvious

https://blog.jim-nielsen.com/2026/blogging-stating-the-obvious/
97•Curiositry•3h ago•41 comments

Ending All Respiratory Infections

https://blog.interceptfund.com/p/ending-respiratory-infections
52•EthanFantl•2h ago•19 comments

Dostoyevsky isn't difficult

https://www.autodidacts.io/dostoyevsky-isnt-difficult/
60•surprisetalk•2d ago•51 comments

Qualcomm to Acquire Modular

https://www.reuters.com/business/qualcomm-buy-ai-startup-modular-2026-06-24/
158•timmyd•13h ago•38 comments

Mixing Visual and Textual Code

https://arxiv.org/abs/2603.15855
16•doppioandante•2h ago•1 comments

Cloudflare launched self-managed OAuth for all

https://blog.cloudflare.com/oauth-for-all/
13•terryds•1h ago•2 comments

RubyLLM: A Ruby framework for all major AI providers

https://rubyllm.com/
356•doener•12h ago•57 comments

45°C cooling design cuts data center water use to near zero

https://blogs.nvidia.com/blog/liquid-cooling-ai-factories/
224•nitin_flanker•13h ago•161 comments

Exploring the internal representations of Pangram 3.3.2

https://www.pangram.com/pangram-space
13•krackers•1h ago•4 comments

GLM-5.2 is a step change for open agents

https://www.interconnects.ai/p/glm-52-is-the-step-change-for-open
143•vantareed•2d ago•86 comments

PR spam today looks like email spam in the early 2000s

https://www.greptile.com/blog/prs-on-openclaw
187•dakshgupta•12h ago•105 comments

Computer use in Gemini 3.5 Flash

https://blog.google/innovation-and-ai/models-and-research/gemini-models/introducing-computer-use-...
185•swolpers•10h ago•112 comments

Bible as RAG Database

https://www.crosscanon.com/
54•jacksonastone•1h ago•24 comments

What I'm Finding About LLM Code Style and Token Costs

https://www.jimmont.com/llm-style-token-costs
14•jimmont•2h ago•3 comments

15 sorting algorithms in 6 minutes (2013) [video]

https://www.youtube.com/watch?v=kPRA0W1kECg
6•akkartik•1d ago•0 comments

The Xteink X4 E-Ink Reader

https://blog.omgmog.net/post/xteink-x4-e-ink-reader/
187•felixdoerp•10h ago•111 comments

Crawling BitTorrent DHTs for Fun and Profit [pdf]

https://www.usenix.org/legacy/event/woot10/tech/full_papers/Wolchok.pdf
72•dgellow•3d ago•26 comments

Writers and Drugs

https://lithub.com/are-writers-intrinsically-vulnerable-to-alcohol-and-drugs/
7•dang•1h ago•4 comments

Elastic lays off 7% of employees

https://www.elastic.co/blog/ceo-ash-kulkarni-announcement-to-elastic-employees
152•dakrone•5h ago•141 comments

Show HN: Write SaaS apps where users control where their data is stored

https://github.com/wolfoo2931/linkedrecords/
3•WolfOliver•5d ago•0 comments

Show HN: Nub – A Bun-like all-in-one toolkit for Node.js

https://github.com/nubjs/nub
211•colinmcd•13h ago•62 comments

There are a few things that I look back on as my mistakes in the early days

https://twitter.com/ID_AA_Carmack/status/2069799283369345247
500•shadowtree•11h ago•247 comments

Show HN: Wordit – Change One Letter, Keep the Chain Going

https://victorribeiro.com/wordit/
11•atum47•1d ago•11 comments

A Practical Guide to SSH Tunnels: Local and Remote Port Forwarding

https://labs.iximiuz.com/tutorials/ssh-tunnels
290•signa11•4d ago•57 comments

Matt's Script Archive: The Scripts That Reshaped the Web

https://tedium.co/2026/06/22/matts-script-archive-retrospective/
13•1317•2d ago•7 comments

Krea 2: SOTA open-weights 12B image model

https://www.krea.ai/blog/krea-2-technical-report
351•mattnewton•1d ago•38 comments

I can haz smoller NixOS ISOs?

https://natkr.com/2026-06-19-nixos-but-smol/
84•logickkk1•5d ago•29 comments