frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Einstein's relativity rules chemical bonds in heavy elements, new research shows

https://www.brown.edu/news/2026-07-09/chemical-bonds-relativity
208•hhs•9h ago•72 comments

QuadRF can spot drones and see WiFi through my wall

https://www.jeffgeerling.com/blog/2026/quadrf-can-spot-drones-and-see-wifi-through-my-wall/
544•speckx•16h ago•191 comments

Apple sues OpenAI, accuses ex-employees of stealing trade secrets

https://9to5mac.com/2026/07/10/apple-sues-openai-trade-secret-theft/
972•stock_toaster•11h ago•480 comments

What's the best way to do authentication in modern applications

https://neciudan.dev/most-secure-way-to-store-auth-token
30•freediver•1h ago•8 comments

The vintage beauty of Soviet control rooms (2018)

https://designyoutrust.com/2018/01/vintage-beauty-soviet-control-rooms/
50•mvdtnz•2h ago•17 comments

An iroh powered smart fan

https://www.iroh.computer/blog/an-iroh-powered-smart-fan
88•surprisetalk•3d ago•15 comments

An update on residential proxies and the scraper situation

https://lwn.net/SubscriberLink/1080822/990a8a5e2d379085/
178•chmaynard•12h ago•170 comments

Documentation is still in your Mum's filing cabinet

https://gerireid.com/blog/organising-documentation-for-humans-and-ai/
6•mooreds•3d ago•0 comments

SpaceX wants to launch 100k more Starlink satellites for 100x the bandwidth

https://www.zdnet.com/home-and-office/networking/spacex-wants-to-launch-100000-more-starlink-sate...
164•CrankyBear•14h ago•509 comments

AI 2040: Plan A

https://ai-2040.com/
235•kschaul•1d ago•243 comments

Good Tools Are Invisible

https://www.gingerbill.org/article/2026/07/10/good-tools-are-invisible/
407•theanonymousone•21h ago•192 comments

Combustion engine web-based simulator

https://combustionlab.net
161•mytuny•5d ago•65 comments

Silent speech with ultrasound

https://alephneuro.com/blog/silent-speech
41•chrwn•3d ago•11 comments

The tech of 'Terminator 2' – an oral history (2017)

https://vfxblog.com/2017/08/23/the-tech-of-terminator-2-an-oral-history/
210•markus_zhang•15h ago•74 comments

GPT-5.6 Sol Ultra produces proof of the Cycle Double Cover Conjecture [pdf]

https://cdn.openai.com/pdf/04d1d1e4-bc75-476a-97cf-49055cd98d31/cdc_proof.pdf
437•scrlk•13h ago•354 comments

Late Bronze Age Collapse

https://acoup.blog/2026/01/30/collections-the-late-bronze-age-collapse-a-very-brief-introduction/
362•dmonay•20h ago•246 comments

Inference Optimization for MiMo v2.5: Pushing Hybrid SWA Efficiency to the Limit

https://mimo.xiaomi.com/blog/mimo-v2-5-inference
69•theanonymousone•4d ago•28 comments

After 7 years in production, Scarf has reluctantly moved away from Haskell

https://avi.press/posts/2026-07-10-after-7-years-in-production-scarf-has-reluctantly-moved-away-f...
123•aviaviavi•18h ago•154 comments

The Lindy effect in software

https://www.clemsau.com/posts/the-lindy-effect-in-software/
14•ankitg12•3d ago•10 comments

New York City to ban deceptive subscription practices

https://www.theguardian.com/us-news/2026/jul/10/new-york-city-deceptive-subscriptions-ban
502•randycupertino•13h ago•250 comments

Alternate clock designs and time systems

https://serialc.github.io/altClocks/
134•ethanpil•4d ago•72 comments

Computation as a universal and fundamental concept

https://ergo.org/courses/computation-as-a-universal-and-fundamental-concept
125•simonpure•16h ago•87 comments

Snails' teeth beats spider silk as nature's strongest material (2015)

https://www.smithsonianmag.com/smart-news/spider-silk-loses-top-spot-natures-strongest-material-s...
182•simonebrunozzi•15h ago•143 comments

GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years

https://nebusec.ai/research/ionstack-part-2/
74•djfergus•11h ago•16 comments

A love letter to flashcards

https://lesleylai.info/en/flashcards/
150•surprisetalk•16h ago•94 comments

War Atlas: An interactive cartography of every named war in human history

https://waratlas.org
145•NaOH•14h ago•61 comments

Preemption is GC for memory reordering (2019)

https://pvk.ca/Blog/2019/01/09/preemption-is-gc-for-memory-reordering/
26•mpweiher•2d ago•6 comments

Moss (YC F25) Is Hiring

https://www.ycombinator.com/companies/moss/jobs/52LnqLQ-software-engineer-sdk
1•srimalireddi•10h ago

Lost city discovered beneath Egypt's desert with ancient church

https://www.dailymail.com/sciencetech/article-15956159/Incredible-lost-city-discovered-Egypts-des...
172•Bender•4d ago•104 comments

Show HN: Getting GLM 5.2 running on my slow computer

https://github.com/JustVugg/colibri
849•vforno•1d ago•210 comments
Open in hackernews

What's the best way to do authentication in modern applications

https://neciudan.dev/most-secure-way-to-store-auth-token
30•freediver•1h ago

Comments

padjo•50m ago
> So the boring 2005 design wins.

As an old guy reading this I had a lot of wtf moments during the setup. Then I laughed pretty hard when we eventually got to this line. Like there's a reason we invented cookies and all mature web frameworks use them for auth.

mschuster91•40m ago
> Like there's a reason we invented cookies and all mature web frameworks use them for auth.

Cookie stealers, issues with third-party cookies and tracking... it's not like the past was a paradise, in fact, quite the opposite. Hell I 'member times when we had to append ?PHPSESSID=... to URLs. Cookies were a stopgap...

haburka•45m ago
I struggle to underdress why this slop content gets to the front page. It’s likely close to 100% ai made.

I really want this era of AI generated writing that reads so poorly to end. Or at least society should be ashamed of publishing this content.

dprkh•2m ago
They use bots to promote their content to the front page and downvote any comments criticizing them. I observe this pattern consistently on this website.
stavros•44m ago
Don't use JWTs for session auth, and don't outsource your articles to Claude.
homebrewer•39m ago
Cookies can be encrypted and signed and contain whatever information you want, not just some random token that has to be looked up in the database to be actually useful.

This is what aspnet core does by default if you enable cookie-based authentication. Gives you the best of both worlds.

StrauXX•29m ago
localStorage is very much fine and arguably superior to cookies for authentication tokens. First of all, once you have achieved JS execution on a target origin, you can send requests, open up malicious "login" prompts and generally control everything the user sees and does. The article mentions this, but plays it down with no good arguments.

Much more importantly however, is that the cookie standards are a mess! The complexity of cookie default behaviour, their flags, scopes, differences in their SOP (cookies ignore ports for example, so https://example.com:443 and https://example.com:8443 share their cookies) are huge. Research papers have been written in this. And don't even get started on differentials between browsing engines.

This huge complexity of cookies opens up a whole class of authentication attacks where bad (or just weirdly) configured cookies can be stolen cross origin.

localStorage on the other hand is practically impossible to get wrong.

Lucasoato•4m ago
If I use short-lived JWTs and localstorage, am I such a bad person? Are you truly increasing the blast radius?

Is there someone in another part of the world that would like hacking you only if you’re not using httpOnly cookies, happy to know that you used localstorage?