frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Why We Don't Trust the Database with Authentication

https://blog.sturdystatistics.com/posts/api_keys/
17•kianN•3d ago

Comments

Rakua•3d ago
tl;dr: The author advocates for signing authentication data in the database. Even if an attacker gains write access to the DB and manipulates the auth data, the app can recognize this and prevent access.

I'd rather invest time in writing a proper DB abstraction layer for new systems or audit all parts where the DB is accessed in an existing system than implement the suggested measure.

preinheimer•53m ago
Great post. Anyone who talks, and actually implements, client key rotation gets a +1 from me.

Far too many systems don’t have a zero downtime key rotation.

cluckindan•48m ago
Or just salt the string with the username before hashing.
tybit•35m ago
That’s what they do, but the TPM pepper is also needed for HMACing in their threat model. Otherwise the attacker just adds the victim’s user id to their hashing process too.
LunaSea•10m ago
RBAC and proper prepared statements completely defeat all these scenarios.

GPT-5.6, Grok 4.5, Claude, and Muse Spark build the same 4 apps

https://www.tryai.dev/blog/gpt-5.6-build-off-12-models
98•hershyb_•1h ago•52 comments

QuadRF can spot drones and see WiFi through my wall

https://www.jeffgeerling.com/blog/2026/quadrf-can-spot-drones-and-see-wifi-through-my-wall/
369•speckx•6h ago•147 comments

Don't discontinue Gemini 2.5 Flash

https://discuss.ai.google.dev/t/please-dont-discontinue-gemini-2-5-flash/174246
65•NickDob•2h ago•40 comments

The tech of 'Terminator 2' – an oral history (2017)

https://vfxblog.com/2017/08/23/the-tech-of-terminator-2-an-oral-history/
127•markus_zhang•5h ago•52 comments

GPT-5.6 Sol Ultra produces proof of the Cycle Double Cover Conjecture [pdf]

https://cdn.openai.com/pdf/04d1d1e4-bc75-476a-97cf-49055cd98d31/cdc_proof.pdf
233•scrlk•3h ago•211 comments

War Atlas: An interactive cartography of every named war in human history

https://waratlas.org
82•NaOH•4h ago•33 comments

How the terrorist group Boko Haram uses frontier AI

https://casp.ac/reports/ai-enabled-terrorism
112•imustachyou•3h ago•95 comments

Moss (YC F25) Is Hiring

https://www.ycombinator.com/companies/moss/jobs/52LnqLQ-software-engineer-sdk
1•srimalireddi•1h ago

New York City to become first in US to ban deceptive subscription practices

https://www.theguardian.com/us-news/2026/jul/10/new-york-city-deceptive-subscriptions-ban
281•randycupertino•3h ago•158 comments

An Update on the scraper situation

https://lwn.net/SubscriberLink/1080822/990a8a5e2d379085/
36•chmaynard•2h ago•20 comments

Combustion Engine Web-Based Simulator

https://combustionlab.net
82•mytuny•5d ago•33 comments

Why We Don't Trust the Database with Authentication

https://blog.sturdystatistics.com/posts/api_keys/
18•kianN•3d ago•5 comments

Snails' teeth beats spider silk as nature's strongest material (2015)

https://www.smithsonianmag.com/smart-news/spider-silk-loses-top-spot-natures-strongest-material-s...
135•simonebrunozzi•5h ago•103 comments

Apple Sues OpenAI, Accusing It of Stealing Company Secrets

https://www.nytimes.com/2026/07/10/technology/apple-openai-lawsuit.html
59•jbegley•55m ago•8 comments

Show HN: Wyrm – Solve algebra by touch, built on an open-source soundness engine

https://github.com/dicroce/wyrm_math
34•dicroce•1d ago•3 comments

Computation as a universal and fundamental concept

https://ergo.org/courses/computation-as-a-universal-and-fundamental-concept
62•simonpure•6h ago•55 comments

Late Bronze Age Collapse

https://acoup.blog/2026/01/30/collections-the-late-bronze-age-collapse-a-very-brief-introduction/
290•dmonay•10h ago•199 comments

Good Tools Are Invisible

https://www.gingerbill.org/article/2026/07/10/good-tools-are-invisible/
304•theanonymousone•11h ago•143 comments

Inference Optimization for MiMo v2.5: Pushing Hybrid SWA Efficiency to the Limit

https://mimo.xiaomi.com/blog/mimo-v2-5-inference
6•theanonymousone•3d ago•0 comments

Prismata: Confining cross-site prompt injection in web agents

https://arxiv.org/abs/2607.08147
6•zhinit•1h ago•0 comments

Lost city discovered beneath Egypt's desert with ancient church

https://www.dailymail.com/sciencetech/article-15956159/Incredible-lost-city-discovered-Egypts-des...
130•Bender•4d ago•65 comments

Postgres locks do not scale

https://www.recall.ai/blog/postgres-locks-do-not-scale
5•timetoogo•1d ago•0 comments

Successful Companies Go Blind

https://ianreppel.org/how-successful-companies-go-blind/
171•speckx•8h ago•60 comments

The Clouds of Hiroshima

https://doomsdaymachines.net/p/the-clouds-of-hiroshima
24•handfuloflight•3d ago•15 comments

Write code like a human will maintain it

https://unstack.io/write-code-like-a-human-will-maintain-it
314•ScottWRobinson•8h ago•255 comments

Show HN: Frugon – Find which LLM calls a cheaper model could handle (local, MIT)

https://github.com/Rodiun/frugon
42•jarodrh•3d ago•10 comments

GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years

https://nebusec.ai/research/ionstack-part-2/
4•djfergus•1h ago•1 comments

Materials innovation has a scale-up problem, not discovery

https://www.atomscale.ai/updates/our-thesis-atom-to-scale
20•groznyj•3h ago•6 comments

Show HN: Reviving my 2001 college band with AI

https://www.fadingmaize.com
45•jacobgraf•1d ago•52 comments

Show HN: Reverse-engineering web apps into agent tools

77•pancomplex•1d ago•30 comments