frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Separating signal from noise in coding evaluations

https://openai.com/index/separating-signal-from-noise-coding-evaluations/
102•sk4rekr0w•1h ago•42 comments

FAANG Simulator

https://www.abeyk.com/escape-the-rat-race/
118•nerdbiscuits•2h ago•48 comments

Chatto is now open source

https://www.hmans.dev/blog/chatto-is-open-source
615•speckx•7h ago•174 comments

Grok 4.5

https://x.ai/news/grok-4-5
384•BoumTAC•4h ago•312 comments

Decoding the obfuscated bash script on a Uniqlo t-shirt

https://tris.sherliker.net/blog/obfuscated-self-evaluating-bash-script-by-cdn-akamai-being-suppli...
1240•speerer•13h ago•199 comments

Mistral's Robostral Navigate: a state of the art robotics navigation model

https://mistral.ai/news/robostral-navigate/
375•ottomengis•8h ago•89 comments

Show HN: Microsoft releases Flint, a visualization language for AI agents

https://microsoft.github.io/flint-chart/#/
140•chenglong-hn•4h ago•61 comments

Cloudflare Drop

https://www.cloudflare.com/drop/
138•coloneltcb•3h ago•80 comments

Turning a pile of documents into a searchable useable knowledge base

https://github.com/linuxrebel/DocuBrowser
32•linuxrebe1•2h ago•6 comments

DKIM2 and DMARCbis Have Landed

https://stalw.art/blog/dkim2-dmarcbis/
36•StalwartLabs•2d ago•21 comments

GPT‑Live

https://openai.com/index/introducing-gpt-live/
535•logickkk1•5h ago•366 comments

A bug which affected only left handed users

https://shkspr.mobi/blog/2026/07/a-bug-which-only-affected-left-handed-users/
58•sixhobbits•9h ago•33 comments

OpenMandriva: Statement regarding attempted distribution sabotage

https://forum.openmandriva.org/t/statement-regarding-attempted-distribution-sabotage/8997
59•workethics•4h ago•9 comments

Show HN: Onboard-CLI, a LLM powered and AST-based tool to visualize codebase

https://github.com/animesh-94/Onboard-CLI
15•yr_animesh•2h ago•2 comments

The classifiers Anthropic puts in front of Fable are too zealous

https://combine-lab.github.io/blog/2026/07/07/fable-is-not-a-useful-model.html
157•karrot-kake•1h ago•139 comments

OpenBSD has a use-after-free allowing local privilege escalation to root

https://nvd.nist.gov/vuln/detail/cve-2026-57589
234•linggen•9h ago•110 comments

SWE-1.7 Reach Near GPT 5.5 and Opus Intelligence

https://cognition.com/blog/swe-1-7
237•mekpro•6h ago•120 comments

EU now one step away from reviving private message scanning rules

https://cyberinsider.com/eu-now-one-step-away-from-reviving-private-message-scanning-rules/
311•ggirelli•5h ago•124 comments

Cloudflare Meerkat - Globally distributed consensus

https://blog.cloudflare.com/meerkat-introduction/
195•bobnamob•9h ago•42 comments

I Built a Telegram Client for Pi

https://www.npmjs.com/package/@atharva-again/pi-tg
37•atharva-again•2d ago•19 comments

Understanding B-Tree Indexes in PostgreSQL: A Comprehensive Guide– Part 1

https://medium.com/@devli0/b-tree-indexes-in-postgresql-part-1-theory-eb2668c52520
35•corvus-cornix•3d ago•1 comments

Poison, redzones and shadows: inside KASAN

https://bootlin.com/blog/poison-redzones-and-shadows-inside-kasan/
5•rrampage•2d ago•0 comments

Almost Always Unsigned

https://graphitemaster.github.io/aau/
15•gavide•3h ago•5 comments

TypeScript 7

https://devblogs.microsoft.com/typescript/announcing-typescript-7-0/
399•DanRosenwasser•6h ago•147 comments

EVE Online's Carbon engine is now open source: Fenris Creations explains why

https://www.gamesindustry.biz/eve-onlines-carbon-engine-is-now-open-source-fenris-creations-expla...
367•Stevvo•5d ago•121 comments

Show HN: Agent Draw: An agent draws while you talk, built on TLDraw

https://techstackups.com/articles/tldraw-agent-draw/
25•jameswhitford•2d ago•2 comments

Agentic test processes, LLM benchmarks, and other notes on agentic coding fr

https://danluu.com/ai-coding/#llm-variance
10•lifeisstillgood•2h ago•1 comments

Open Source Barware: free, local-first bar inventory software (GPLv3)

https://opensourcebarware.com
3•RichBJamison•56m ago•0 comments

TabFont – guitar tabs rendered as you type

https://philatype.com/tabfont/
76•ChrisArchitect•3d ago•22 comments

Show HN: Follow London Trains in 3D

https://ride.nexttrain.london/
120•mgranados•4d ago•54 comments
Open in hackernews

DKIM2 and DMARCbis Have Landed

https://stalw.art/blog/dkim2-dmarcbis/
35•StalwartLabs•2d ago

Comments

meysamazad•2d ago
well done

you're among the first few who have done it:

https://github.com/mjl-/mox/issues/404#issuecomment-43627498...

jeroenhd•56m ago
First time I'm reading about this, I'm glad there's progress in this area.

The JSON DSL for rewriting emails feels like a spammer/exploit vector waiting to happen. Some product is going to spam filter before applying reconstruction rules, or get tricked into applying reconstruction rules when it shouldn't, and spammers and scammer are going to abuse it.

Until either Google or Microsoft will adopt these standards, they'll remain effectively meaningless most likely. But even so, it's good to know people haven't given up on fixing email's spam problem entirely.

qurren•52m ago
Aw hell. How many things do I have to set up just so that I can send e-mails from my own domain?

The effect of all this seems to be less "making e-mail secure" and more "making it so that only Google, Apple, and Microsoft can send e-mail successfully"

doubled112•45m ago
And sometimes if you do everything right, it still doesn’t work.

Recently I checked the IP against blacklists, waited a few months, did all of the other things, and then found out Microsoft bounces my entire VPS’s IP range. Appealing did not help.

They intermittently block Cloudflare email routing IPs too. All of these security measures and still it comes down to the IP address of your sender.

1over137•2m ago
Is it an el cheapo VPS?
braiamp•35m ago
Eh, I read the article, and at most you only have to wait for your MTA to update to add the required headers and update your DNS records and you are golden. It still uses the same key you generated as far I'm aware.
brightball•19m ago
DMARC isn't for sending email successfully, it's for preventing other people from impersonating your domain. Without it, there's nothing stopping anybody from sending an email saying it is from you@qurren.com. SPF tried. DKIM tried. Both of them had gaps.

When you use them together and have a DMARC policy that requires one of them or the other for successful delivery, it's the best current solution.

qurren•2m ago
Except I think I've had 1:1 personal e-mails from my domain go into a legitimate recipient's spam filter just because I didn't have DMARC set up and their mail server was flagging that "DMARC not set up == spammy domain"
lousken•46m ago
Anyone migrated from exchange to stalwart? Curious about results
bigbuppo•36m ago
Can someone distill this down to how it will be used by the big three email providers to make it impossible to use email except through them?
braiamp•34m ago
If anything, this moves it towards anyone having more access to everything. For example, reject isn't going to be treated anymore as a bounce. Now, provider policies still can and would be BS, but the standard doesn't tell them to do it certain way.
TacticalCoder•30m ago
> by the big three

Which big three?

Gmail has something like 1.8 billion users. iCloud mail around 1 billion.

Microsoft with 400 million users of its email is closer to Yahoo! Mail (225 million users) than to the big two.

braiamp•32m ago
Despite what everyone said, I'm excited specifically for DKIM2. As someone that had managed a mailing list, that one is probably the hardest thing to juggle around and DKIM2 layering seems to fix that issue neatly. I hope postfix has a guide proto.
dataflow•32m ago
I really don't understand what the original DKIM was not sufficient. Can someone ELI5? If you can verify that a message (including headers, which DKIK can sign) was signed by the outgoing server, then why isn't that the end of the story? Who cares how or why it got forwarded, or whatever else?
brightball•11m ago
There are a few gaps with DKIM.

1. You have to set it up on every sending server. It's easier today but it wasn't always

2. You have to periodically rotate each of the keys that you setup because they can be cracked/stolen. Soon as somebody steals your key, they can impersonate anyone sending email from your domain.

3. Receiving email servers have no way of knowing if a message they received without a DKIM signature is supposed to include a DKIM signature, so simply not including one creates a scenario where receiving mail servers have to guess if the message was really from you.

stefan_lec•29m ago
Sounds pretty cool! I wonder if it closes enough holes that we could finally stop using SPF at all?
peanut-walrus•19m ago
Missed opportunity to get rid of SPF. What I want to my DMARC policy to say: if someone is sending you an email that claims to be from my domain and it's not signed by one of the keys I have published under my domain, you should reject it, regardless where it came from.

And on the receiving side, the policy is similarly simple: if I receive any unsigned or unaligned email, I will reject it.

Edit: to clarify, I want there to be an option where I specify my DMARC policy to explicitly tell well-configured receiving servers "ignore whatever I have configured as my SPF record, only look at the signatures". There will no doubt be a long tail of mail servers where I will still need an SPF record for them to accept my mail.

AceJohnny2•13m ago
I suspect SPF is used because it's cheaper than performing cryptographic checks for each email. A (cached) DNS lookup and IP check on a connection is comparatively cheaper.
OneDeuxTriSeiGo•19m ago
DKIM2 and DMARCbis are actually the opposite of this. They are long awaited fixes of brittle and often broken systems that are designed to now make providing secure email easier rather than harder.

They both have fairly clean migration paths and resolve a lot of the annoying edge cases that currently exist with authenticating and verifying email.

AceJohnny2•18m ago
> Aw hell. How many things do I have to set up just so that I can send e-mails from my own domain?

... said every spammer.

I'm sorry for your pain, and I'm in the same boat.

But it's important to understand that any sufficiently large, distributed-agent system (like federated email), will see the rise of parasites that will pump resources and diminish the value of the system.

What we're seeing here is an "immune" response to those parasites. We all pay for it.

I think this is an important lesson for anyone designing a distributed-agent system [1]. How do you design it so as to keep the bad actors out, or at least so their impact is negligeable?

[1] imma make my own email system! With blackjack, and hookers! oh wait...

hinkley•11m ago
This sort of Regulatory Capture is quite old in the software field. People were already noticing it in the 90's.

Making a spec that contains a venn diagram of most of the features each of the signatories to the specification have implemented themselves ends up pulling the ladder up behind them. Each non-academic committee member discovers they're already more than 75% of the way to having completed the spec and any junior members or amateurs have years of work to do in order to catch up to Now. If any upstarts threaten to get within striking distance of an implementation you can always convene the committee again and discuss version 2 of the spec.

Mobile devices tamped this down just a little bit but mostly they lowered the slope of the line a hair and changed where the focus was a bit.