frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Mistral's Robostral Navigate: a state of the art robotics navigation model

https://mistral.ai/news/robostral-navigate/
113•ottomengis•1h ago•17 comments

Decoding the obfuscated bash script on a Uniqlo t-shirt

https://tris.sherliker.net/blog/obfuscated-self-evaluating-bash-script-by-cdn-akamai-being-suppli...
899•speerer•6h ago•162 comments

Chatto is now Open Source

https://www.hmans.dev/blog/chatto-is-open-source
20•speckx•25m ago•3 comments

Cloudflare Meerkat - Globally distributed consensus

https://blog.cloudflare.com/meerkat-introduction/
78•bobnamob•2h ago•8 comments

OpenBSD has a use-after-free allowing local privilege escalation to root

https://nvd.nist.gov/vuln/detail/cve-2026-57589
90•linggen•2h ago•27 comments

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/
379•ColinEberhardt•10h ago•152 comments

Show HN: Kastor – Terraform-style specs for AI agents

https://github.com/weirdGuy/kastor
4•weirdguy•19m ago•0 comments

Apple to increase spend with Broadcom to produce billions more U.S. chips

https://www.apple.com/newsroom/2026/07/apple-to-increase-spend-with-broadcom-to-produce-billions-...
182•soheilpro•4h ago•143 comments

EVE Online's Carbon engine is now open source: Fenris Creations explains why

https://www.gamesindustry.biz/eve-onlines-carbon-engine-is-now-open-source-fenris-creations-expla...
235•Stevvo•4d ago•77 comments

Show HN: Follow London Trains in 3D

https://ride.nexttrain.london/
32•mgranados•3d ago•12 comments

NoiseLang: Where N = 5 is a Dirac delta

https://manualmeida.dev/articles/noiselang/
62•manucorporat•2d ago•27 comments

How to Build a Minimal ZFS NAS Without Synology, QNAP, TrueNAS (2024)

https://neil.computer/notes/how-to-setup-minimal-zfs-nas-without-truenas/
274•4diii•11h ago•190 comments

Japan's Hayabusa2 probe to conduct flyby of Torifune asteroid

https://www3.nhk.or.jp/nhkworld/en/news/20260705_01/
77•dvh•3d ago•9 comments

Geosql: A Claude/Codex skill for geospatial data

https://github.com/dekart-xyz/geosql
78•rzk•7h ago•11 comments

Tenda firmware (multiple versions) contains hidden authentication backdoor

https://kb.cert.org/vuls/id/213560
294•miniBill•15h ago•100 comments

Chat Control 1.0 and 2.0 Explained

https://fightchatcontrol.eu/chat-control-overview
825•gasull•1d ago•311 comments

Copy That Floppy – Cambridge guide for preserving data from fragile floppy disks

https://www.digipres.org/the-floppy-guide/
137•whiteblossom•12h ago•48 comments

Structure and Interpretation of Computer Programs Video Lectures (1986)

https://ocw.mit.edu/courses/6-001-structure-and-interpretation-of-computer-programs-spring-2005/v...
267•gjvc•15h ago•35 comments

Ants: Who looks after the injured in a colony?

https://www.uni-wuerzburg.de/en/news-and-events/news/detail/news/ameisen-kolonie-verletzte-pflegt/
67•hhs•4d ago•31 comments

GAO: DOE Is Prematurely Excluding Less Expensive Options for Nuclear Cleanup

https://www.gao.gov/products/gao-26-108193
245•Jimmc414•17h ago•123 comments

Canada's only watchmaking school still ticking after 80 years

https://www.cbc.ca/news/canada/montreal/canada-s-only-watchmaking-school-9.7254211
192•throw0101a•3d ago•106 comments

Home made GPU escalated quickly [video]

https://www.youtube.com/watch?v=qMR3IXF2sWw
121•erichocean•3d ago•40 comments

Local, CPU-Friendly, High-Quality TTS (Text-to-Speech) with Kokoro

https://ariya.io/2026/03/local-cpu-friendly-high-quality-tts-text-to-speech-with-kokoro/
471•speckx•21h ago•88 comments

Every postcard tells a story

https://observer.co.uk/style/features/article/every-postcard-tells-a-story
14•NaOH•2d ago•10 comments

LineageOS Statistics

https://stats.lineageos.org
161•pentagrama•14h ago•89 comments

The difference between "today's task" and "accretive work"

https://pluralistic.net/2026/07/02/canonization/
108•hn_acker•6d ago•59 comments

Answering "why do you want to relocate?" during interviews

https://relocateme.substack.com/p/a-mistake-to-avoid-during-relocation
9•andrewstetsenko•28m ago•1 comments

It seems that the age of reading might be a short anomaly in human history

https://www.theatlantic.com/magazine/2026/08/reading-crisis-postliterate-age/687618/
58•0in•3h ago•121 comments

Herdr: One terminal to rule them all

https://herdr.dev/
356•handfuloflight•6d ago•149 comments

Automate Excel with Python: From manual grind to one-click workflow

https://nostarch.com/automate-excel-with-python
40•teleforce•3d ago•19 comments
Open in hackernews

OpenBSD has a use-after-free allowing local privilege escalation to root

https://nvd.nist.gov/vuln/detail/cve-2026-57589
90•linggen•2h ago

Comments

gjvc•51m ago
from the link:

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

iberator•48m ago
Blasphemy
znpy•33m ago
and yet...
Tiberium•47m ago
Seems to be found as a part of Patch The Planet [0] which is basically OpenAI giving model access and Trail of Bits using them to find vulnerabilities in OSS projects.

[0] https://openai.com/index/patch-the-planet/

john_strinlai•32m ago
neat, i'm a big fan of trail of bits but apparently missed this announcement. here's their post: https://blog.trailofbits.com/2026/06/22/introducing-patch-th... and a summary of week 1: https://gist.github.com/patch-the-planet/69fd1aa925c8e73edea...
uticus•44m ago
> Only two remote holes in the default install, in a heck of a long time!

https://www.openbsd.org/

https://en.wikipedia.org/wiki/OpenBSD#Security_record

anonym29•40m ago
LPE (to root) is serious, but it's not a remote hole.
Arubis•39m ago
OpenBSD's security stance being the stuff of legend, I'm curious how many vulns have been found over the last couple months while the big model companies are flaunting their ability to find exploits. It'd be super cool to see it remain tiny.
ectospheno•33m ago
The commit logs over the last few months have highlighted when an issue was found by a program. They usually name the submitter and the tool.
wahern•32m ago
According to https://openai.com/index/patch-the-planet/

Linux: 24 LPEs, plus many additional vulnerabilities.

OpenBSD: 1 LPE.

FreeBSD: 7 LPEs, plus many additional vulnerabilities.

Not sure what that says, though. Perhaps the models are more likely to find Linux issues because of the training.

dcrazy•7m ago
Or Linux development is significantly more active.
ori_b•4m ago
This is an external audit. Why would Linux activity make a difference here? Are you theorizing that the churn causes bugs?
_flux•3m ago
jsiepkes•38m ago
If this is a local privilege escalation to root, why can't I find anything on https://www.openbsd.org/security.html ?
justthehuman•17m ago
Best guess, from the commit message alone[0]: It was fixed as a bug, at the time they didn't have evidence it could lead to LPE

The AI security tool then, retroactively discovered that it could have been used for LPE.

Again, just my guess I could be wrong.

[0] https://github.com/openbsd/src/commit/1957873d2063db11dab780...

stackghost•14m ago
OpenBSD has a reputation for being... selective about what they admit is a security-relevant bug.
poly2it•31m ago
Would Rust have made this issue impossible by construction? I know Linus has spoken about Rust's promises about memory safety not being equivalently applicable in the kernel domain, so I would be curious to hear any kernel developer's perspectives.
rwaksmunski•14m ago
The Rust ownership model prevents use after free. This type of a bug would not compile.
_flux•47s ago
You might not be able to express the ownership in the way that can be checked statically, so quite possibly this would then be downgraded to a runtime error (that could be handled with a panic)—but not undefined behavior.
klodolph•12m ago
Rust is designed to make this type of issue impossible, but that assumes that you can correctly encode object lifetimes in the kernel in a way that allows the compiler to check them.

So I would say that any easy answer like “this would not compile” would just be a guess, because you would want to know more of the particulars in order to answer this question.

I know that this is kind of a non-answer, but if you want to write a kernel in Rust you have to figure out boundaries for where unsafe {} are. In a kernel, there are probably large chunks of unsafe {} and the Rust compiler prevents certain bugs outside unsafe {} assuming there aren’t bugs inside unsafe {} that would prevent the type checker from doing its job correctly.

skydhash•5m ago
I’m not an OS programmer and have been dabbling with OpenBSD’s code for fun. But the fact is that Rust kinda lacks flexibility. Most of the OS is dedicated to building a beautiful lie for programs to run happily, and that’s where C shine.

I shudder to think about the amount of work that it would take to convince the rust compiler that everything is all right. Most hardware interactions is “parse, don’t validate” which means you’ll be pinky-swearing to the compiler.

And for my cursory glances at the code, most structures are handled well, that it’s mostly logic bug (from bad data) instead of bad memory access (which can happen).

bitwize•24m ago
"'Nothing could have prevented this from happening,' say users of only language where this happens" comes to bite OpenBSD.
applfanboysbgon•12m ago
The OpenBSD project was started in 1995, with ancestry going back further than that. Should they have first invented Rust? Or at what point do you suppose the decades-old codebase should have been completely rewritten?
anoneng•7m ago
Tell us you know nothing about kernel programming and trust stacks while you are at it.
tiffanyh•11m ago
Can anyone find the mailing list thread on this topic (or does it not exist because @security are private mailing list)?

I did find another use-after-free bug from a couple months ago on the mailing list:

https://marc.info/?t=177581065500002&r=1&w=2

IveSeenItAll•10m ago
Oh, hey, a local-user-to-root exploit on OpenBSD. Cool! Those are rare, but not unheard of, unless you're talking about Windows or Linux, where you don't hear much about this bug class, just since it's common-as-rainfall.

Anyway... Does this mean OpenBSD is suddenly less interesting? Nope, it's still pretty much the best-understandable general-purpose OS, ready for your RiiR fork. So, still go for that! Burn a universe or two worth of tokens! For the planet!

Does this mean OpenBSD is suddenly less secure? Nah... Its practical security level was never that much higher than that of its nominal competitors, despite Theo's best attempts, the best of which were replicated elsewhere and majority of it went ignored. The first class counts as "innovations", the rest as "experiments" which, no matter what anyone thinks, is not the same as "failed innovations."

But I digress. Now, go and donate to OpenSSH (because I bet you typed ssh today, didn't you, you rascal?), publish your OxidizedBSD fork, or whatever. Just don't link to that "is OpenBSD secure?" site, because, well, gauche, dude(tte)!

I wonder how many of the Linux the LPEs are related to drivers, which I understand there are more of..
mmooss•3m ago
I think of it more as their attention to quality in their code:

Given the 'quality' of most code, especially under commercial pressure, it's no surprise that much more effective tools will find many more vulnerabilities. Did OpenBSDs quality approach work in this respect?