frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Zig Creator Calls Spade a Spade, Anthropic Blows Smoke

https://raymyers.org/post/zed-creator-calls-spade-a-spade/
922•crowdhailer•5h ago•458 comments

A voxel Tokyo in real Japan time – ride the Yamanote line and study Japanese

https://jivx.com/densha
127•momentmaker•3h ago•12 comments

Show HN: DOM-docx – HTML to native, editable Word docs (MIT)

https://github.com/floodtide/dom-docx
46•fishbone•2h ago•17 comments

Grok uploaded my user directory to xAI's servers

https://twitter.com/a_green_being/status/2076598897779020159
105•tnolet•55m ago•49 comments

Show HN: Clawk – Give coding agents a disposable Linux VM, not your laptop

https://github.com/clawkwork/clawk
12•celrenheit•33m ago•4 comments

The 'absolute magic' of Morse code that still connects people globally

https://www.bbc.com/news/articles/cwye0dlzgejo
29•austinallegro•5d ago•11 comments

Interrail: 6,379Km and 13 Countries over 7 weeks

https://shkspr.mobi/blog/2026/07/another-ridiculous-interrail-holiday-6379km-and-13-countries-ove...
151•coinfused•6h ago•91 comments

Grok CLI uploaded the whole home directory to GCS

https://twitter.com/i/status/2076598897779020159
70•denysvitali•59m ago•25 comments

Backtrack-Free Cursive

https://mmapped.blog/posts/52-backtrack-free-cursive
150•dmit•8h ago•65 comments

The social physics of conversation: Communication patterns matter

https://andiroberts.com/citizenship/the-social-physics-of-conversation-citizenship-leadership
105•kiyanwang•5d ago•22 comments

GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years

https://nebusec.ai/research/ionstack-part-2/
342•ranger_danger•4d ago•152 comments

Control the Ideas, Not the Code

https://antirez.com/news/169
110•surprisetalk•2h ago•65 comments

The Graph That Should Be Front-Page News

https://www.lyrebirddreaming.com/post/the-graph-that-should-be-front-page-news
297•rakel_rakel•9h ago•180 comments

Cyberpunk Comics, Manga and Graphic Novels

https://shellzine.net/cyberpunk-comics/
251•zdw•15h ago•102 comments

Tiny Emulators

https://floooh.github.io/tiny8bit-preview/index.html
302•naves•18h ago•26 comments

Beavis Ultrasound PnP ISA Sound Card Replica

https://github.com/schlae/BeavisUltrasound
81•mariuz•9h ago•27 comments

So you want to learn physics (second edition, 2021)

https://www.susanrigetti.com/physics
278•azhenley•5d ago•51 comments

How to read more books

https://scotto.me/blog/2026-07-12-how-to-read-more-books/
460•silcoon•22h ago•235 comments

Designing and assembling my first PCB

https://vilkeliskis.com/b/2026/0711.html
146•tadasv•15h ago•80 comments

Frieve Vinyl Explained – Microscopic stylus/groove physics simulation

https://frieve-a.github.io/sound_toolbox/vinyl_explained/vinyl_explained.html
40•XzetaU8•4d ago•8 comments

Cursed circuits #6: reverse avalanche oscillator

https://lcamtuf.substack.com/p/cursed-circuits-6-reverse-avalanche
3•surprisetalk•4d ago•1 comments

Ask HN: What Are You Working On? (July 2026)

189•david927•17h ago•644 comments

LARP – Revenue infrastructure for serious founders

https://www.larp.website/
287•BerislavLopac•21h ago•59 comments

Sam Neill has died

https://www.theguardian.com/film/2026/jul/13/sam-neill-death-actor-dies-aged-78
332•j4mie•8h ago•79 comments

Vint Cerf, “father of the Internet”, is retiring

https://techcrunch.com/2026/06/30/the-father-of-the-internet-is-finally-retiring/
339•compiler-guy•3d ago•188 comments

Ask HN: Add flag for AI-generated articles

845•levkk•13h ago•369 comments

Migrating a production AI agent to GPT-5.6: 2.2x faster, 27% cheaper

https://ploy.ai/blog/migrating-a-production-ai-agent-to-gpt-5-6
234•brryant•21h ago•109 comments

Kode Dot Programmable pocket device for makers, pentesters and geeks

https://kode.diy
109•iNic•17h ago•27 comments

Are you telling me a readonly property is wrecking my performance?

https://shub.club/writings/2026/july/check-your-scrollheight/
51•forthwall•3d ago•28 comments

Claude Code sends 33k tokens before reading the prompt; OpenCode sends 7k

https://systima.ai/blog/claude-code-vs-opencode-token-overhead
661•systima•20h ago•342 comments
Open in hackernews

Grok uploaded my user directory to xAI's servers

https://twitter.com/a_green_being/status/2076598897779020159
105•tnolet•55m ago

Comments

newaccountman2•53m ago
"leopards ate my face" vibes
InsideOutSanta•16m ago
"This guy seems like the absolute worst person of all time, so I ran his LLM in his harness on my computer and gave it access to everything."

Having said that, this is still absolutely fucked up. People who should have known better also deserve not to be treated like shit. All of us should have known better at some points in our lives and didn't.

fundad•14m ago
"The CSAM generator did something I actually don't like."
tnolet•51m ago
https://nitter.net/a_green_being/status/2076598897779020159#...
kardianos•45m ago
TLDR: Ran grok in $HOME. Surprised agent read content of folder.

On the other hand, I specifically had grok try hard NOT to read a known key in the project dir (it only saw the first part using a tool, to verify it was present). So there's that.

AntonyGarand•38m ago
Not only files it wanted to access, but uploaded the whole directory.

Relevant read: https://news.ycombinator.com/item?id=48877371

> The practical takeaway for users: your entire codebase leaves (uploaded) your machine unencrypted on each Grok Build invocation, not just files you ask it to read, and no visible setting stops it.

drakythe•37m ago
I'm not seeing the information about it having been run at $HOME, where are you seeing that?
swingboy•31m ago
The `repo_path` field.
stronglikedan•22m ago
Yeah, this is a lesson about learning how to use tools safely, not about tools abusing the user. The person that posted this probably blames the hammer when he hits his thumb.
SurajMishra•43m ago
I feel this is worse than running rm -rf on a root directory. Just saying.
hoppp•36m ago
Much worse, instead of the data gone it's a data leak.

Those ssh keys can be used to access private servers

steve1977•29m ago
Well, those ssh keys are protected by a strong passphrase, right?
hoppp•24m ago
The passphrase is optional, not everyone has it.

It also has to be a secure password, people often don't care because it's a local file and generally not exposed to the internet.

crimsonnoodle58•27m ago
SSH keys can be limited by IP in authorized hosts.

The SSH port itself can be limited by IP in firewalls.

Finally, the SSH private key can be encrypted with a password.

Defense in depth is needed. Storing a ssh private key in plain text with no IP restriction is no different to having a password manager store your passwords in plain text on your HD.

hoppp•22m ago
All those things are optional.

Doesn't make uploading the keys that much better. Now is the time for key rotation everywhere. Fast.

throwaway2027•40m ago
You should assume by default for any AI agent that it will read anything. Even if you manually allow/deny and "restrict" it to a subdirectory I would still hold that assumption. Claude reads your ~/.bash_history too so when you ran something it can use that same command.
ben_w•26m ago
Indeed. I use a spare laptop that has no accounts other than (1) the AI themselves, (2) a secondary GitHub account which has "untrusted devices" in the name to emphasise the point.

If I recall correctly, I did a full system reset before setting it up this way. It's certainly not logged into iCloud etc.

cpburns2009•35m ago
Honestly what else would you expect an AI agent to do when using remote inference? Isn't giving full context into your code base the whole point?
InsideOutSanta•14m ago
I'd expect it to be smart about what it actually needs to put in its context. I doubt it needs .env files, for example.
drakythe•34m ago
And this is why so many people run these inside of VMs. Still baffles me how these tools became so accepted when tossing out a `curl -o example.com/script.sh | bash` would be met with (rightful) skepticism until that script was examined.
LetsGetTechnicl•34m ago
So many of the replies are saying that they should've restricted access using .md files and whatnot. Is really any guarantee that they even follow those? It seems like even if you ask pretty please don't touch those files, there's a chance they will. So many people have just willingly installed spyware on their computers and big tech calls this the next big thing.
fhdkweig•30m ago
That's the whole reason I refuse to install Google Drive or Dropbox's desktop applications. I only use the web interface so I know exactly what gets uploaded and when. I assume that anything running on my computer gets access to everything.
ricardobeat•27m ago
Sandboxing is not difficult, and harnesses like Claude Code have it built-in + other protection with auto mode.
Lwerewolf•26m ago
Only guarantee that you can get is the sandbox in which it operates. The model itself is a slot machine and can result in anything, and if its sandbox is nonexistent... here's one possibility.
da_chicken•22m ago
Yeah, I absolutely understand the allure of agentic AI, but I am absolutely not going to give shell access or data access to any agent. Certainly not with my permissions level. Until we can get something set up that gives strict schema-only access I'm going to copy and paste definitions for context. Yes that sucks, but it's my responsibility to protect the system just as much as it is to develop scripts and queries for it.
datakan•29m ago
Move fast and break things
greenavocado•29m ago
Copied this from discord:

    https://gist.github.com/cereblab/dc9a40bc26120f4540e4e09b75ffb547

    Elon did this horrible thing, so I made grok build available for omp with it's own endpoint; Without sending your private repos and secret keys to them.

    -

    oh-my-pi-plugin-grok-build
    Standalone oh-my-pi extension for the xAI Grok Build subscription provider. It adds OAuth login, authoritative model discovery, and OpenAI Responses streaming with the request identity expected by Grok Build.

    Install (No-spywares):

    omp plugin install oh-my-pi-plugin-grok-build

    -

    https://github.com/metaphorics/oh-my-pi-plugin-grok-build

    Star me if you like it or if you hate spywares, lol.
ricardobeat•28m ago
“Grok uploaded” -> “I gave AI access to my home folder and messed up”
Bender•25m ago
A bot will do what a bot can do. One should assume they are giving DOGE shell access on their computer and adapt accordingly. I am trying to imagine the SELinux rules required to make a bot play nice and the more I think about it such rule complexity may even befuddle the NSA. Alternate methodology:

Give the bot it's own machine and only copy to it that which one would want DOGE having access to. Not a virtual machine, the bot will eventually escape. Give it a little RasPi or mini-PC with maximum power savings enabled. Install a custom CA cert and force it's traffic through a Squid SSL Bump MitM proxy with bandwidth limits enabled so that one can monitor what URL's it goes to and what data it is transferring.

lobo_tuerto•24m ago
The real solution to these kind of problems is sandboxing. I use podman through a bash script to launch a container whenever I want an agent to work on one of my repos. When done I just generate git patches and port back everything generated.

In this way I'm not afraid of letting the agents totally lose on my computer.

nicce•13m ago
Are you doing something more advanced with Podman than just mounting the files? How is the access for relevant files given? How is the authentication shared across multiple uses? Just curious to streamline the process.
adamors•24m ago
Xcancel link https://xcancel.com/a_green_being/status/2076598897779020159
annagio_•19m ago
This needs to stop as users do not always read the policies, which end like this person. You use AI, you agreed, they do what ever policies say.
meindnoch•15m ago
Fucked around and found out.
PEe9bB7D•13m ago
I am running all these clis in containered environments. How can you ever trust LLM to respect the bounderies provided by these magical, non-deterministic intructions files...
estearum•2m ago
> How can you ever trust LLM to respect the bounderies provided by these magical, non-deterministic intructions files..

Putting it in ALL CAPS!

flyingshelf•9m ago
I'm dying to have proper sandboxing in macOS. I installed ChatGPT, I asked it to list files in my user directory and it did. I never gave it permission, how could it? My terminal has access and honestly it shouldn't either.
smachiz•5m ago
your terminal shouldn't have access to your user directory? As in the files owned by you?
SubiculumCode•7m ago
Grok keeps killing any good will faster than they ever innovate
afarah1•5m ago
I use a separate user for all development tasks, its home folder contains all repositories I work on, and nothing else, and that is all the IDE and the AI assistants have access to. Create the user once, start the IDE from a shell using that user, and that's it. In Linux it's a pretty seamless experience.

It's simple sandboxing based solely on unix file permissions. Albeit weak, I find the isolation sufficient. Until I'm shown otherwise it seems like a good compromise given how easy it is.

You can also create iptables rules matching on the user, so this technique is useful for applications where you want to restrict network traffic as well, and don't need stronger or more fine-grained isolation mechanisms.

simonw•4m ago
Important to clarify that this was not the Grok agent deciding to read the files.

I don't think the LLM had anything to do with this decision at all. It looks like the Grok tool starts a session by deterministically kicking off a full upload of the user's current repository (and maybe their directory if not version tracked? Not clear if this user had previously run "git init" in their home directory) to Grok's servers.

One possible "innocent" explanation could be that xAI then run vector embedding on every file to help later provide the right context. I don't think thats a worthwhile tradeoff here, especially since other popular coding agents get by just using grep/ripgrep run locally.

jesse_dot_id•3m ago
There are a distressing number of people in this thread who think that the agent should just be expected to do this. Yes, it is good to be paranoid, but also, the agent should never do this. Indicates horrific engineering practices at xAI.
crimsonnoodle58•18m ago
How are they optional?

You obviously haven't worked anywhere security sensitive.

I'm not talking about whether what Grok did is bad or good, I'm talking about protecting your private key and the servers you connect to.

An unencrypted private key is no different to an unencrypted password manager, and thats a fact. Dont store secrets in plain text.

hoppp•9m ago
I meant that not everyone is doing it at home.

Do you think a person's private computer is a secure workplace?

If it was security sensitive space there would be no agents running amuck.

madaxe_again•20m ago
I once ran rm -rf on a live NFS mount that the live operations of a major brokerage depended upon.

I challenge any agent to do worse than an intern with root access.

rbanffy•19m ago
Reminds me I need to update my `burn.sh` script.
swatcoder•17m ago
You are correct.

You can't trust the agent, let alone its harness, to oberve any particular directive you give it, so "md files" provide no meaningful protection for anything important.

But users are broadly reckless and naive and commercial vendors are exploitative and irresponsonsible, so the vendors take advantage of what they can get away with for as long as they can get away with it.

Use a tight sandbox, and join the chorus loudly when others press on vendors to be make user safety an earnest and hard-to-abandon priority.

Y-bar•13m ago
I don't understand these people. Agent instructions in markdown is barely a suggestion. I have one which says "All code in this repository is executed in docker containers, run the services with `docker compose run --rm php-cli "$@"`. Gemini and Claude more often than not refuse to abide and will try to execute the environment using /opt/homebrew/bin/php on my host…
monegator•8m ago
> Is really any guarantee that they even follow those?

No, there isn't. I just don't understand how naive (or imbecile) people are. The most valuable thing for these companies is people's data used for training, so giving unrestricted access to a tool from them and believing they will never take advantage of it to gobble up whatever they want from your computer, just because they told you they'll never do that, swearsies, is naive, or incredibly stupid.

Insulate yourself, or better yet, go local whenever possible, and there isn't much you can't do local if you have enough patience.