frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory

https://mathstodon.xyz/@iblech/116769502749142438
246•IngoBlechschmid•3h ago•120 comments

PeerTube is a free, decentralized and federated video platform

https://github.com/Chocobozzz/PeerTube
242•doener•7h ago•72 comments

Launch HN: Manufact (YC S25) – MCP Cloud

https://manufact.com
74•pzullo•3h ago•45 comments

Android Developer Verification: Threat masquerading as protection

https://f-droid.org/2026/07/01/adv-malware.html
1409•drewfax•15h ago•583 comments

How to ask for help from people who don't know you

https://pradyuprasad.com/writings/how-to-ask-for-help/
176•FigurativeVoid•5h ago•26 comments

AI can't be listed as inventor on patent applications, Japan's top court rules

https://japannews.yomiuri.co.jp/science-nature/technology/20260306-314930/
256•mushstory•4h ago•131 comments

Spain Orders Blacklist of Palantir from Public and Private Companies

https://clashreport.com/world/articles/spain-orders-blacklist-of-us-tech-giant-palantir-from-publ...
193•mgh2•3h ago•26 comments

German button maker searched rivers of American Midwest for valuable shells

https://www.smithsonianmag.com/smithsonian-institution/how-one-german-button-maker-searched-the-r...
90•bookofjoe•4d ago•31 comments

Podman v6.0.0

https://blog.podman.io/2026/07/introducing-podman-v6-0-0/
35•soheilpro•4h ago•1 comments

Is One Layer Enough? A Single Transformer Layer Matches Full-Parameter RL Train

https://arxiv.org/abs/2607.01232
102•tcp_handshaker•6h ago•23 comments

Show HN: CLI tool for detecting non-exact code duplication with embedding models

https://github.com/rafal-qa/slopo
47•rkochanowski•4h ago•20 comments

Kimi K2.7 Code is generally available in GitHub Copilot

https://github.blog/changelog/2026-07-01-kimi-k2-7-is-now-available-in-github-copilot/
357•unliftedq•14h ago•149 comments

The Egg Bandits Made a Thousand Times the Fine They Just Paid for Price Fixing

https://www.thebignewsletter.com/p/crime-pays-the-egg-bandits-made-a
268•toomuchtodo•5h ago•117 comments

Show HN: Mail Memories – A desktop app to rescue photos from Gmail

https://mailmemories.com
84•ltiger•4h ago•32 comments

The primary purpose of code review is to find code that will be hard to maintain

https://mathstodon.xyz/@mjd/115096720350507897
253•ColinWright•6h ago•130 comments

Show HN: A graph paper generator that renders vector PDFs in the browser

https://freegraphpaper.net/
60•lam_hg94•5h ago•13 comments

Hazel (YC W24) Is Hiring for Our Largest Government Contract

https://www.ycombinator.com/companies/hazel-2/jobs/3epPWgu-full-stack-engineer-ts-sci
1•augustschen•5h ago

The fall of the theorem economy

https://davidbessis.substack.com/p/the-fall-of-the-theorem-economy
202•varjag•10h ago•89 comments

The US Government Is Now a Shareholder in 26 Companies

https://moeonmargin.substack.com/p/the-us-government-is-now-a-shareholder
71•measurablefunc•2h ago•64 comments

No LLM Code in Dependencies

https://joeyh.name/blog/entry/no_LLM_code_in_dependencies/
24•edward•4h ago•8 comments

WinPE as a stateless harness for Windows driver testing and fuzzing

https://bednars.me/blog/winpe-harness
69•piotrbednarsalt•3d ago•4 comments

Show HN: ZeroFS – A log-structured filesystem for S3

https://www.zerofs.net/
94•Eikon•4h ago•46 comments

CursorBench 3.1

https://cursor.com/evals
144•handfuloflight•13h ago•77 comments

Show HN: Claudoro, Pomodoro timer embedded in the Claude Code statusline

https://github.com/emson/claudoro
37•emson•1d ago•26 comments

Germany’s Infineon opens major chip plant as EU seeks tech autonomy

https://www.rfi.fr/en/international-news/20260702-germany-s-infineon-opens-major-chip-plant-as-eu...
152•giuliomagnifico•5h ago•46 comments

Vite+ Beta

https://voidzero.dev/posts/announcing-vite-plus-beta
197•Erenay09•7h ago•118 comments

Senior SWE-Bench: open-source benchmark that assesses agents as senior engineers

https://senior-swe-bench.snorkel.ai/
148•matt_d•15h ago•102 comments

How VictoriaLogs Stores Your Logs in a Columnar Layout

https://victoriametrics.com/blog/victorialogs-internals-columnar-storage-on-disk/index.html
10•eatonphil•4d ago•2 comments

My favorite keyboards

https://fabiensanglard.net/keyboards/index.html
112•tmach32•3d ago•109 comments

What Breaks a Cell's Ribs Can Make It Stronger

https://www.quantamagazine.org/what-breaks-a-cells-ribs-can-make-it-stronger-20260629/
9•jnord•2d ago•4 comments
Open in hackernews

NSA tries to weaken mlkem standardisation

https://nsa.2026.action.cr.yp.to
65•SuperSandro2000•6h ago

Comments

realxrobau•2h ago
I'm not sure this is as clear-cut as the article implies, but there is certainly a whiff of people behaving badly.

The latest post to the list, as of this post, is supporting the anti-ecdhe side, with the reasoning being that there is no code written for ecdhe, which is obviously stretching the truth beyond reasonable doubt.

advisedwang•2h ago
Clicking around I don't see any "nsa.gov" email addresses for the positions this site says are from the NSA. Have I just missed some things that are clearly from the NSA? If not, how would one know that these various academic and personal email addresses have some kind of NSA tie?
iAMkenough•1h ago
I don’t think the spy agency would use nsa.gov address to manipulate the technology trajectory.
advisedwang•1h ago
Of course, but is there any actual evidence that these accounts are NSA related? Or is it an assumption because they are supporting the proposal (which would be very circular logic)
mswphd•33m ago
this is literally what happened with previous NSA meddling though? Both DUAL_EC_DRBG and DES were done "officially" by the NSA.

Additionally, the main authors behind ML-KEM are all european. The design of ML-KEM is "very boring", in the sense that it's essentially the scheme that most (lattice) cryptographers would have suggested. There were 2 other NIST PQC schemes that went very far (New Hope and Saber) that were essentially the same scheme (there were minor technical differences, but it's really not that big).

iAMkenough•1m ago
2006's NSA is not 2026's NSA
axus•1h ago
The inexplicable behavior is indistinguishable from behavior that could be explained by a conspiracy.
mcpherrinm•56m ago
The underlying context is the US government only wants to buy systems which support pure post-quantum cryptography for use on top-secret networks, as part of the requirements of (via its Commercial National Security Algorithm Suite 2.0 standard).

So all the companies who want to sell anything using TLS to the government want to standardize this, so they can be CNSA2 compliant.

Everyone already supports this in major libraries; but some folks feel they need an IETF RFC specifying it.

(I don't have to comply with CNSA2 so I might have details slightly off)

mswphd•53m ago
DJB has for years claimed anyone who disagrees with him is affiliated with the NSA. See for example this post as part of the NIST-PQC competition

https://blog.cr.yp.to/20220805-nsa.html

> Some people seem to be unable to rationally consider the possibility that NSA is sabotaging post-quantum cryptography. I've heard people saying, for example, that submissions to the NIST Post-Quantum Cryptography Standardization Project (NISTPQC) were publicly designed and evaluated by top experts, and that NSA can't have bribed the submission teams. > > Let's look at the facts.

Note that the authors of ML-KEM are overwhelming European.

sharpshadow•2h ago
“Surveillance agency NSA and its partner GCHQ are trying to have standards-development organizations endorse weakening ECC+PQ down to just PQ.”[0]

That’s pretty weak just stripping down the hybrid approach.

0. https://blog.cr.yp.to/20251004-weakened.html

mswphd•50m ago
this is not an accurate picture of what is happening. Hybrid KEMs are already widely supported within the IETF, and are supported in an RFC with "recommended to implement = yes".

This is about a separate RFC with "recommended to implement = no".

If the IETF was trying to have these positions swapped, it would be consistent with DJBs post. It is not though. His post does not seem to be grounded in reality.

Ajedi32•1h ago
What exactly is the problem with the IETF publishing a standard that's theoretically weaker than another standard? They're not forcing anyone to use it, right?
kokonuts•1h ago
Why do they forcibly retire weak algorithms? I think it does matter if half of SaaS services you use could be forcibly using them for your data and in some cases you might be a serious target mixed in among less serious targets.
mswphd•1h ago
The IETF has published the russian TLS 1.2 standard (RFC 9189). This includes Kuznyechik, which is has a certain design choice consistent with it being backdoored.

https://en.wikipedia.org/wiki/Kuznyechik#Cryptanalysis

(the work by Perrin that is mentioned is what I'm referring to).

The (pure) mlkem standard is also marked "recommended to implement = No". people are interested in implementing it. The IETF can't change that. They can try to ensure such implementations are interoperable though.

downrightmike•58m ago
Its called downgrade attacks, they are very bad, and they are caused by weak standards still being used. 3DES shouldn't be used anymore, but it is in the list of an acceptable cipher, so there goes the security out the window.
jauntywundrkind•1h ago
Forming a (imo particularly rancid conspiracy brained) social media rage campaign to get a bunch of new people to inject themselves into cryptography space is... a move.

Maybe giving this thread more visibility here than it wants but ...

https://bsky.app/profile/filippo.abyssdomain.expert/post/3mp...

(Personally it seems so so unacceptable to me to accuse so many good hardworking people of such bitter conspiracy.)

phasmantistes•1h ago
This is not an unbiased article about the situation unfolding on the TLS Working Group mailing list; this is a call to action to join one specific side of the argument that has been ongoing for over a year now. It's an appeal to authority, an attempt to garner support for one side of the debate simply because DJB says so, as part of his effort to flood the zone with messages in opposition.

This tactic is explicitly called out in RFC 7282, and named as a "degenerate", "pathological", and "dysfunctional" state for the working group to be in. Shame on DJB for attempting to drive the working group into terminal dysfunction.

ryanisnan•42m ago
Is that what he's trying to do? I am no cryptographer, but when I read his post, his arguments about ECC+PQ make intuitive sense.

I'm out of fresh tin-foil hats as well, but it would not surprise me in the least if any government was actively engaged in weakening security and privacy protections.

Literally look at what they are all doing in almost every sphere. The current political zeitgeist is all about automated surveillance everywhere. The motivations are worn on their sleeves.

mswphd•35m ago
the NSA has a history of weakening cryptography in a very specific way, known as "NOBUS"

https://en.wikipedia.org/wiki/NOBUS

DES key-size weakening is consistent with NOBUS (given the computational dominance of the US at the time). DUAL_EC_DRBG is consistent with NOBUS. DES S-box strengthening (vs linear/differential cryptanalysis, I forget which) is also consistent with NOBUS.

There have been *no* proposed mechanism that would allow NSA to have a NOBUS-style attack against ML-KEM.

Separately, this RFC (pure ML-KEM) is marked "recommended to implement = N". It is highly likely all browsers etc will use hybrids. In certain areas (say hardware) it is not free to use a hybrid. You all of a sudden need both a SHA2 and SHA3 implementation, for example. Some organizations that view the threat of quantum computers as more credible may also not want to drag around the ECC component (which is known to be broken, once a CRQC appears. Google and the US government have publicly stated concerns this may occur within the next ~5 years after recent QC breakthroughs).

galadran•1h ago
This is garbage from start to finish.

There are already codepoints assigned for MLKEM 512/768/1024 (0x0200, 0x0201, 0x0202) and nearly every major library supports it already:

  - OpenSSL (ML-KEM-512/768/1024)
  - BoringSSL (ML-KEM-1024)
  - NSS (ML-KEM-1024)
  - AWS-LC (ML-KEM-512/768/1024)
  - Rustls (ML-KEM-768/1024)
  - s2n-tls (ML-KEM-1024)
  - Bouncy Castle (ML-KEM-512/768/1024)
  - Botan (ML-KEM-512/768/1024)
  - GnuTLS (ML-KEM-768/1024)
  - WolfSSL (ML-KEM-512/768/1024)
miloignis•1h ago
This has been discussed before, and I believe the general consensus is that djb's objections don't make sense. The Key Material blog addresses this in a very good larger ML-KEM mythbusting post: https://keymaterial.net/2025/11/27/ml-kem-mythbusting/#:~:te...
ebiederm•35m ago
What?

That post says very clearly at the beginning that hybrids are the preferred approach right now.

No one except the NSA actually wants a non-hybrid.

Which raises the question what is the NSA up to.

Especially since the NSA has a mission statement, a track record, and a billion dollar budget to subvert other peoples cryptography. When they aren't beyond transparent why should anyone give them the benefit of the doubt?

athrowaway3z•25m ago
The two opening arguments are rather weak.

- European group could not be infiltrated by a state-actor with 100billion/y budget and a history of doing so?

- NOBUS today would not be secret in the algorithm but a quantum algorithm/device. Just a month ago HN was getting flooded with "PQC is probably required by 2030".

mswphd•21m ago
quantum algorithm would make pure ML-KEM bad to support for the NSA. If the NSA has a quantum computer, they would want to delay proliferation of post-quantum schemes as long as possible, so they could get as much milage out of it as possible before people switch over.

Ironically, this (delaying PQC rollout/standardization) is arguably what DJB has been doing the ~decade, and what his current post is doing.

phyzome•56m ago
For those who don't know, djb is both highly regarded as a cryptographer and known to be something of a crank. (The former part is the only reason this is getting any attention.) Frankly, I don't know what's gotten into him.

The linked piece is not representative of the broader cryptography community. ML-KEM is fine.

ryanisnan•49m ago
What would you say about his critique that simply ditching double-encryption is a bad idea? That seems like a fair point embodying a belt and suspenders approach.
mswphd•29m ago
this RFC is marked "recommended to implement = N". It is not suggesting everyone should use pure ML-KEM. It is suggesting it should be an option, if hybrid encryption is not suitable for certain usecases. Think hardware, where hybrid encryption would require devoting chip area to both SHA2 and SHA3 for no real benefit.
ryanisnan•22m ago
That makes sense. Thanks for responding!

Someone elsewhere in the thread mentioned downgrade attacks. I presume if you wanted, on either the client or the server, you could disallow pure ML-KEM if you didn't trust it, preventing this vector.

I don't know much about the hardware space - what do you make of the author's post that there hasn't been an articulated need for pure PQ encryption, where the device couldn't afford ECC.

adrian_b•13m ago
He did not claim that ML-KEM is not fine.

The use of dual algorithms is without doubt the prudent decision for a transition period.

ML-KEM is still too new for anyone to be able to claim that no way to break it will be discovered in the next few years.

This is supported by the fact that one of the algorithms previously proposed for standardization has already been broken, which was a surprise.

Because ML-KEM is significantly more expensive than the current algorithm, using both does not increase much the cost.

The arguments of DJB are perfectly valid, which is why at the previous meeting most people have voted like him.

I know very well everything that DJB has published during the last 30 years, many of which have been important advances in cryptography. Some of his work has been very influential in the development of "post-quantum" cryptography and he was one of the main promoters of the idea that such cryptographic algorithms must be standardized ASAP.

Moreover, I have also run continuously on my servers, 24/7, for about a quarter of century, various programs written by DJB, which unlike the majority of the programs that I have ever seen, have done very well whatever they were intended to do, without ever needing any updates for security problems or other bugs. Very few programmers, even among the best, can present such a resume.

I do not believe that "crank" is the right word to describe DJB. It is true that he has distinguished himself by an unwillingness to accept compromises, even when he was for various reasons in opposition with the US government, but I do not think that this is crazy. On the contrary, I believe that the world is how it is right now precisely because most people go with the flow and they are eventually willing to accept almost anything when opposing that appears to be too difficult. Things would have been much better if there had been more such "cranks".

OutOfHere•47m ago
The NSA and NIST can never be trusted. They have sabotaged things before, and it is par for the course for them. The formation of standards and defaults should never be left to them.