frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Half-Baked Product

https://weli.dev/blog/half-baked-product/
795•weli•7h ago•225 comments

It Still Can't Do My Job: Four Years of Moving Goalposts (2022–2026)

https://publicznyprofil.github.io/ai_cant_do_your_work/
20•mydreamof•34m ago•25 comments

PostgreSQL and the OOM Killer: Why We Use Strict Memory Overcommit

https://www.ubicloud.com/blog/postgresql-and-the-oom-killer-why-we-use-strict-memory-overcommit
64•furkansahin•2h ago•13 comments

Valve open source the Steam Machine e-ink screen so you can make your own

https://www.gamingonlinux.com/2026/07/valve-open-source-the-steam-machine-e-ink-screen-so-you-can...
191•ahlCVA•2h ago•27 comments

Jamesob's guide to running SOTA LLMs locally

https://github.com/jamesob/local-llm
4•livestyle•32m ago•0 comments

Wordgard: The new in-browser rich-text editor from the creator of ProseMirror

https://wordgard.net/
131•indy•6h ago•60 comments

The Fall and Rise of Screwworm

https://www.construction-physics.com/p/the-fall-and-rise-of-screwworm
27•crescit_eundo•2h ago•9 comments

Right to Local Intelligence

https://righttointelligence.org/
402•thoughtpeddler•15h ago•140 comments

Best Simple System for Now

https://dannorth.net/blog/best-simple-system-for-now/
3•daan-k•29m ago•0 comments

CarPlay Is Additive

https://www.caseyliss.com/2026/7/2/carplay-is-additive-you-dolts
455•sprawl_•14h ago•606 comments

How working with a blind client revealed invisible accessibility gaps

https://iinteractive.com/resources/blog/read-only
62•fortyseven•3d ago•47 comments

The Safari MCP server for web developers

https://webkit.org/blog/18136/introducing-the-safari-mcp-server-for-web-developers/
183•coloneltcb•13h ago•51 comments

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory

https://mathstodon.xyz/@iblech/116769502749142438
513•IngoBlechschmid•1d ago•217 comments

crustc: entirety of `rustc`, translated to C

https://github.com/FractalFir/crustc
342•Philpax•16h ago•67 comments

Commodore 64 Basic for PostgreSQL

https://thombrown.blogspot.com/2026/07/load-plcbmbasic81-commodore-64-basic.html
38•hans_castorp•6h ago•7 comments

Hunting a 16-year-old SQLite WAL bug with TLA+

https://ubuntu.com/blog/hunting-a-16-year-old-sqlite-bug-with-tla-is-dqlite-affected
14•peterparker204•3d ago•2 comments

Reality has a surprising amount of detail (2017)

https://johnsalvatier.org/blog/2017/reality-has-a-surprising-amount-of-detail
335•vinhnx•5d ago•119 comments

Podman v6.0.0

https://blog.podman.io/2026/07/introducing-podman-v6-0-0/
600•soheilpro•1d ago•237 comments

Local Reasoning for Global Properties

https://tratt.net/laurie/blog/2026/local_reasoning_for_global_properties.html
18•mpweiher•2d ago•2 comments

Quake in 13 Kilobytes (2021)

https://js13kgames.com/games/q1k3
93•mortenjorck•6d ago•13 comments

Immich 3.0

https://github.com/immich-app/immich/discussions/29439
546•hashier•1d ago•261 comments

Gemini Code Assist will be shut down on July 17

https://docs.cloud.google.com/gemini/docs/code-review/review-repo-code
37•ushakov•2h ago•20 comments

Program-as-Weights: A Programming Paradigm for Fuzzy Functions

https://arxiv.org/abs/2607.02512
11•simonpure•2h ago•0 comments

Alibaba to ban Claude Code in workplace over alleged backdoor risks, source says

https://www.reuters.com/world/china/alibaba-ban-claude-code-workplace-over-alleged-backdoor-risks...
247•nsoonhui•7h ago•197 comments

Show HN: Pieces – Social network for people

https://try.piecesof.me/
50•domo__knows•1d ago•53 comments

Hackers shoveled snow for company, were rewarded with network admin access

https://www.theregister.com/security/2026/07/02/hackers-shoveled-snow-for-company-were-rewarded-w...
35•ike_usawa•2h ago•11 comments

Exapunks (2018)

https://www.zachtronics.com/exapunks/
315•yu3zhou4•20h ago•108 comments

Zuckerberg 'Admits' Meta's Layoffs Were Ineffective

https://eshumarneedi.com/2026/07/03/zuckerberg-admits-metas-layoffs-were.html
156•ExMachina73•2h ago•144 comments

Underwater suit-wearing cyborg insect capable of diving and terra-aqua travel

https://www.nature.com/articles/s41467-026-74235-1
81•gscott•3d ago•35 comments

Virginia bans sale of precise geolocation data

https://www.hunton.com/privacy-and-cybersecurity-law-blog/virginia-bans-sale-of-geolocation-data
916•toomuchtodo•18h ago•135 comments
Open in hackernews

Hackers shoveled snow for company, were rewarded with network admin access

https://www.theregister.com/security/2026/07/02/hackers-shoveled-snow-for-company-were-rewarded-with-network-admin-access/5265240
35•ike_usawa•2h ago

Comments

mikestew•1h ago
”Finally, the company should have enforced a strong password policy that would have prevented our heroes from finding dozens of accounts with “winter2023!” as the password.”

Capitalize that “w”, and you’ve got a password that will pass most PWD policies. Why do they think it was “winter2023!” to begin with? In 90 days when the PWD expires, well, it will be spring of the next year, so…

The better idea is to require passwords with some real entropy, and get rid of expiring passwords. It’s not 1999 anymore.

Xeoncross•1h ago
1. Open a web browser and do a search

2. Read until you find a sentence that you like.

3. Use it as your password

ChrisRR•46m ago
I like the last line of your comment

My password is now password

hnthrow10282910•28m ago
Hacked
glitchc•39m ago
Not enough numbers or special characters usually.
chopin•13m ago
I loathe two things in password requirements: special characters and not allowing spaces. C'mon, it's 2026. Require 20 characters and call it a day.
raffraffraff•28m ago
How about mixing up band names? Take the end of "Florence and the machine" and mix it with the start of "Rage against the machine" and you now have the totally unguessable "Rage sharing the machine". It's a different machine see?! Nobody would know that!
samrus•28m ago
I swear if the ghouls running things had abit more decency and allowed people to actually access and controll their passkeys then that would be the future, everyone would adopt it. The experience is so nice with key pair exchange for ssh. Its just that there i have thr security of knowing exactly where my secret is and how i can manage it, its just a file and i can move it like a file

Nobody wants the risk of getting locked out because of apple and googles walled garden bullshit

delichon•57s ago
Years ago I learned that the safest password is Correct Horse Battery Staple, so I just use that.
lima•29m ago
The company also should have restricted network access to the port in the conference room so that an unknown device like a Raspberry Pi could not make an Ethernet connection from that spot

Bad take - the actual problem is that there was a trusted network in the first place. This kind of network access control is trivial to bypass, and trusted devices can get compromised.

z3ugma•17m ago
What always gets me about these red team attacks is the same thing that gets me about internal phishing test emails.

My company sent an internal phishing test last week. Several people immediately reported it to a cybersecurity engineer, posted about it in Slack, saying they were surprised that such a sophisticated phishing attack was happening.

I too was surprised - Google is usually much better about catching these kinds of things in the GMail filter before they get through. Oh well, sometimes one slips though. Reported it and moved on

Come to learn that the only reason it made it through is because we let it through _on purpose_.

By analogy to these red team attacks: _theoretically_ someone could rent a car, pose as an employee, and set up a Raspberry Pi in the network.

But who would go to all that trouble?

Theoretically, someone could craft a perfect phishing attack, but who would go to all that trouble? Spray-and-pray, low precision, high surface area, attacks are the ones I end up reading about.

The only reason this attack vector was open is because the red team stood to gain a massive benefit from succeeding in the attack. What real-world actor would go to the trouble and stand to benefit as much?