frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Show HN: Clawk – Give coding agents a disposable Linux VM, not your laptop

https://github.com/clawkwork/clawk
26•celrenheit•43m ago•7 comments

A voxel Tokyo in real Japan time – ride the Yamanote line and study Japanese

https://jivx.com/densha
137•momentmaker•3h ago•12 comments

Grok uploaded my user directory to xAI's servers

https://twitter.com/a_green_being/status/2076598897779020159
135•tnolet•1h ago•63 comments

Show HN: DOM-docx – HTML to native, editable Word docs (MIT)

https://github.com/floodtide/dom-docx
51•fishbone•2h ago•18 comments

Grok CLI uploaded the whole home directory to GCS

https://twitter.com/i/status/2076598897779020159
90•denysvitali•1h ago•29 comments

The 'absolute magic' of Morse code that still connects people globally

https://www.bbc.com/news/articles/cwye0dlzgejo
33•austinallegro•5d ago•12 comments

Interrail: 6,379Km and 13 Countries over 7 weeks

https://shkspr.mobi/blog/2026/07/another-ridiculous-interrail-holiday-6379km-and-13-countries-ove...
154•coinfused•6h ago•93 comments

Backtrack-Free Cursive

https://mmapped.blog/posts/52-backtrack-free-cursive
158•dmit•8h ago•69 comments

The social physics of conversation: Communication patterns matter

https://andiroberts.com/citizenship/the-social-physics-of-conversation-citizenship-leadership
112•kiyanwang•5d ago•23 comments

GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years

https://nebusec.ai/research/ionstack-part-2/
343•ranger_danger•4d ago•153 comments

Zig Creator Calls Spade a Spade, Anthropic Blows Smoke

https://raymyers.org/post/zed-creator-calls-spade-a-spade/
954•crowdhailer•6h ago•474 comments

Control the Ideas, Not the Code

https://antirez.com/news/169
121•surprisetalk•3h ago•70 comments

The Graph That Should Be Front-Page News

https://www.lyrebirddreaming.com/post/the-graph-that-should-be-front-page-news
315•rakel_rakel•9h ago•183 comments

Cyberpunk Comics, Manga and Graphic Novels

https://shellzine.net/cyberpunk-comics/
254•zdw•16h ago•103 comments

Tiny Emulators

https://floooh.github.io/tiny8bit-preview/index.html
304•naves•18h ago•26 comments

Beavis Ultrasound PnP ISA Sound Card Replica

https://github.com/schlae/BeavisUltrasound
82•mariuz•9h ago•27 comments

So you want to learn physics (second edition, 2021)

https://www.susanrigetti.com/physics
282•azhenley•5d ago•53 comments

Cursed circuits #6: reverse avalanche oscillator

https://lcamtuf.substack.com/p/cursed-circuits-6-reverse-avalanche
7•surprisetalk•4d ago•2 comments

How to read more books

https://scotto.me/blog/2026-07-12-how-to-read-more-books/
465•silcoon•22h ago•240 comments

Designing and assembling my first PCB

https://vilkeliskis.com/b/2026/0711.html
147•tadasv•15h ago•80 comments

Frieve Vinyl Explained – Microscopic stylus/groove physics simulation

https://frieve-a.github.io/sound_toolbox/vinyl_explained/vinyl_explained.html
44•XzetaU8•4d ago•8 comments

Ask HN: What Are You Working On? (July 2026)

191•david927•17h ago•654 comments

LARP – Revenue infrastructure for serious founders

https://www.larp.website/
290•BerislavLopac•21h ago•62 comments

Sam Neill has died

https://www.theguardian.com/film/2026/jul/13/sam-neill-death-actor-dies-aged-78
344•j4mie•8h ago•82 comments

Vint Cerf, “father of the Internet”, is retiring

https://techcrunch.com/2026/06/30/the-father-of-the-internet-is-finally-retiring/
341•compiler-guy•3d ago•188 comments

Ask HN: Add flag for AI-generated articles

853•levkk•13h ago•373 comments

Migrating a production AI agent to GPT-5.6: 2.2x faster, 27% cheaper

https://ploy.ai/blog/migrating-a-production-ai-agent-to-gpt-5-6
234•brryant•21h ago•109 comments

Kode Dot Programmable pocket device for makers, pentesters and geeks

https://kode.diy
110•iNic•17h ago•27 comments

Are you telling me a readonly property is wrecking my performance?

https://shub.club/writings/2026/july/check-your-scrollheight/
53•forthwall•3d ago•28 comments

Claude Code sends 33k tokens before reading the prompt; OpenCode sends 7k

https://systima.ai/blog/claude-code-vs-opencode-token-overhead
663•systima•20h ago•342 comments
Open in hackernews

Grok CLI uploaded the whole home directory to GCS

https://twitter.com/i/status/2076598897779020159
85•denysvitali•1h ago

Comments

inigyou•50m ago
https://xcancel.com/a_green_being/status/2076598897779020159

Posting a complaint about Elon on Elon's platform and tagging him is ballsy. He tends to limit visibility of accounts who do that.

master-lincoln•37m ago
ballsy only if you care about participating in that shithole of a platform.
vorticalbox•47m ago
why do people give these LLMs full access to everything and then complain when it does somethign stupid? that is what sandboxes are for.
dumberquestions•46m ago
Other ones aren't this invasive with user data.
pixel_popping•43m ago
not true, Claude code on its own often create artifacts and straight up upload private stuff to Anthropic, without asking for it.
John23832•42m ago
Then show us the example of Claude uploading a home directory to Anthropic because we have an example of Grok uploading a home directory to X.
steve1977•36m ago
Are we sure about that?
dumberquestions•15m ago
Codex is opensource, there are other opensource harnesses.
dewey•42m ago
When I give my text editor or file browser access to everything I wouldn't expect it to exfiltrate data without asking.
docdeek•39m ago
Isn’t a file browser running locally, while Grok is running on someone else’s server?
dewey•33m ago
The point is more that you should not blame the user (why didn't you set up sandbox instead of directly using the tool of big corp) if a tool does something unexpected. If your Dropbox client would suddenly just upload your home directory instead of it's folder you configured you'd also not blame the user that they use Dropbox, you'd blame Dropbox for not doing their job correctly or being user hostile.
freedomben•32m ago
Agreed. You can still encourage people to use defense in depth without actively blaming them for not having the deepest moat imaginable. Software creators still have some responsibility
dpoloncsak•29m ago
Is it 'unexpected' when we've been hearing stories like this every week for 2 years now?
dewey•25m ago
Not every Anthropic user follows HN or random X posts about these issues.
wolttam•14m ago
This wasn't the LLM, it was Grok CLI preemptively uploading the entire CWD, regardless of where that CWD is, to its own server.

I don't think it is reasonable to expect every user (including those just starting out with the tools - maybe experimenting, maybe younger/less experienced in general) to think that the tool they're running for the very first time is going to automatically exfiltrate all of their data.

It's a pretty serious fuck-up. This guy tweeted about it, who knows how many didn't even notice. It should have been opt-in, it should give user an indication that it's about to do this, etc.

vorticalbox•8m ago
The grok-cli is on github[0] there is nothing that I can see in the code that is activily looping ~/ and uploading everything.

My two guesses would be one the LLM decided it needed these files for the task or two the user simple asked grok to do it so they could post the tool calls on twitter.

[0] https://github.com/superagent-ai/grok-cli

swingboy•42m ago
Well, it looks like he was running the agent in his home directory to begin with considering the `repo_path` field is exactly that.
PeterStuer•41m ago
My first thought would be their server side extentions, code excecutoon sandboxes and document RAG search, being on by default? Probably should be an opt-in instead of an opt-out.
ex1fm3ta•37m ago
Alex Karp was right, AI Compagnies are stealing people code while making them pay for unproductive tokens
ChrisArchitect•34m ago
Some more discussion: https://news.ycombinator.com/item?id=48892512
lobo_tuerto•32m ago
Dupe: https://news.ycombinator.com/item?id=48892512
nathan_compton•28m ago
Run your agents in podman containers.
rvz•20m ago
Closed source coding agents are just complete info stealing malware. Both Claude and Grok were caught stealing info from your own machines.

This is why it is important to use open source harnesses instead of shady closed ones.

spicymaki•17m ago
I am genuinely fascinated by this.

I don’t like piling on especially with security vulnerabilities, but man how many red flags do you need to ignore?

They won’t stop abusing us until we stop using their products.

greenavocado•13m ago
Copied this from discord:

    https://gist.github.com/cereblab/dc9a40bc26120f4540e4e09b75ffb547

    Elon did this horrible thing, so I made grok build available for omp with it's own endpoint; Without sending your private repos and secret keys to them.

    -

    oh-my-pi-plugin-grok-build
    Standalone oh-my-pi extension for the xAI Grok Build subscription provider. It adds OAuth login, authoritative model discovery, and OpenAI Responses streaming with the request identity expected by Grok Build.

    Install (No-spywares):

    omp plugin install oh-my-pi-plugin-grok-build

    -

    https://github.com/metaphorics/oh-my-pi-plugin-grok-build

    Star me if you like it or if you hate spywares, lol.
bdcravens•12m ago
So is X going to claim the user disabled something the second before everything went south? That's what the owner's other company does.