frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Are we offloading too much of our thinking to AI?

https://www.artfish.ai/p/offloading-thinking-to-ai
44•yenniejun111•34m ago•22 comments

Show HN: Opening lines of famous literary works

https://www.verbaprima.com/
20•plicerin•27m ago•6 comments

Agnes Callard’s theory of the uni-context

https://www.derekthompson.org/p/a-philosophers-one-word-theory-to
52•FinnLobsien•1h ago•35 comments

Your 'app' could have been a webpage (so I fixed it for you)

https://danq.me/2026/07/09/your-app-could-have-been-a-webpage/
242•MrVandemar•3d ago•206 comments

Beautiful Type Erasure with C++26 Reflection

https://ryanjk5.github.io/posts/rjk-duck/
63•RyanJK5•3h ago•25 comments

Show HN: Juggler – an open-source GUI coding agent, by the creator of JUCE

https://github.com/juggler-ai/juggler
47•julesrms•1d ago•23 comments

New York becomes the first state to impose a data center moratorium

https://www.reuters.com/world/new-york-becomes-first-state-impose-data-center-moratorium-2026-07-14/
83•granfalloon•1h ago•52 comments

Paxos Made Simple (2001)[pdf]

https://lamport.azurewebsites.net/pubs/paxos-simple.pdf
19•grep_it•4d ago•2 comments

How to stop Claude from saying load-bearing

https://jola.dev/posts/how-to-stop-claude-from-saying-load-bearing
70•shintoist•4h ago•127 comments

Punch yourself in the face with reality

https://adi.bio/reality
95•AdityaAnand1•4h ago•48 comments

Demis Hassabis has a plan to harness AI safely

https://twitter.com/demishassabis/status/2076957440109625718
69•asiergoni•6h ago•66 comments

How the FSF sysadmins block botnets with reaction

https://www.fsf.org/blogs/community/blocking-botnets-with-reaction
84•pseudolus•2d ago•10 comments

Show HN: I RL-trained an agent that trains models with RL (for –$1.3k)

https://github.com/Danau5tin/ai-trains-ai
46•Danau5tin•3h ago•18 comments

Differentiable Fortran with LFortran and Enzyme

https://docs.pasteurlabs.ai/projects/tesseract-core/latest/blog/2026-07-09-enzyme-lfortran-autodi...
31•dionhaefner•3h ago•7 comments

A tiny cell that broke a big rule of biology

https://grist.org/science/nitrogen-cycle-cell-discovery-nitroplast-science-fertilizer-algae-bacte...
10•gumby•5d ago•1 comments

Alternative(s) to run CUDA on non-Nvidia hardware

https://www.hpcwire.com/2026/07/09/spectral-compute-aims-to-set-cuda-free-will-it-succeed/
100•alok-g•7h ago•47 comments

Coding agents think ahead of time

https://arxiv.org/abs/2607.05188
67•andre15silva•3h ago•53 comments

Australian energy retailers must provide three hours of free daytime electricity

https://lenergy.com.au/free-daytime-electricity-is-coming-heres-how-it-actually-works/
197•i2oc•11h ago•296 comments

European "age verification" "app" forcing everyone to use Android or iOS

https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/discussions/19
162•roundabout-host•7h ago•123 comments

Germany set to restrict its Freedom of Information Act

https://www.dw.com/en/germany-freedom-of-information-act/a-77939695
182•robtherobber•4h ago•115 comments

Tensor Is the Might

https://zserge.com/posts/tensor/
30•eatonphil•2h ago•14 comments

Our Amish Language

https://www.thedial.world/articles/news/amish-pennsylvania-dutch
68•NaOH•13h ago•54 comments

Codex starts encrypting sub-agent prompts

https://github.com/openai/codex/issues/28058
354•embedding-shape•4h ago•217 comments

A metallurgist's doubts about self-replicating probes

https://www.centauri-dreams.org/2026/07/10/a-metallurgists-doubts-about-self-replicating-probes/
90•EA-3167•1d ago•9 comments

No Spanish reading crisis?

https://www.commonreader.co.uk/p/no-spanish-reading-crisis
43•jruohonen•4h ago•68 comments

Indian scientists produce most detailed 3D atlas of the human brainstem

https://www.bbc.com/news/articles/cg53l737v1qo
140•BaudouinVH•9h ago•17 comments

Actegories

https://bartoszmilewski.com/2026/06/30/actegories/
35•ibobev•4h ago•6 comments

Proof of care in the age of AI

https://jacobfilipp.com/care/
131•jfil•2h ago•85 comments

What did SFFA vs. Harvard reveal about admissions?

https://sorting-machine.pages.dev/
41•StrageMusik•15h ago•69 comments

Satellite Tracker – Live Map of Starlink and 30k Satellites

https://satellitemap.space/
136•rolph•13h ago•69 comments
Open in hackernews

OpenAI mandates hardware-backed passkeys for Trusted Access Cyber members

https://www.yubico.com/blog/openai-mandates-hardware-backed-passkeys-for-trusted-access-cyber-members-to-log-into-chatgpt-accounts/
41•speckx•1h ago

Comments

rahidz•1h ago
Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?
Zenul_Abidin•49m ago
This is what I want to know too. I already gave them my ID, and I won't be happy if they put more barriers to my usage
nicce•1h ago
I hope that at some point this is not developing to remote attestation when only "permitted" devices can use the models.
gustavus•1h ago
We all know that's where they are going with this.
inigyou•1h ago
No, that would almost certainly defeat the point of selling the models.

Hardware 2FA is not a new concept and is recommended by many people for many purposes. Only the authentication token is attested, and that is the purpose of an authentication token.

nicce•1h ago
> No, that would almost certainly defeat the point of selling the models.

If the best models are so anticipated that people do anything to get them, seems like remote attestation fits perfectly here. There is no need to use it for lower quality models which are used by masses. Instead, it even works for marketing narrative where they do everything they can that their great models are used only those devices they allow, and no <name your country> can't easily use them. Maybe even helps setting higher price.

inigyou•43m ago
If they're not useful they can't sell them. If Mythos only runs on iPhone, what good is it for cyber security research?
3form•1h ago
If it will, it will be with smartphones. YubiKeys don't quite have the properties sought here.
nicce•38m ago
It could be the first step. Suddenly remote attestation "solves" the UX problem with YubiKeys as you don't need to plug them in anymore.
UltraSane•49m ago
Or even only letting the model be used via remote desktop style access.
random3•1h ago
It’s an advertisement by Yubikey - the hardware key manufacturer
jeroenhd•1h ago
I tried enabling their "advanced security" programme on my account and it's currently refusing to continue without at least 2 keys configured.

The first "hardware key" is actually my Bitwarden faking a hardware key (I'm sure they'll start blocking BW because of this in the future) but it doesn't let me add a second one unfortunately.

netruk44•50m ago
It’s a security feature, Apple does the same when you register a security key. You must register two.

If you’re using real yubikeys, it’s protection against losing one. If you had two from the start, you’re not at risk of losing your only way into your account when one goes missing or is stolen.

jmole•1h ago
Cobranded YubiKeys? Weird flex but ok.

Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.

kirab•57m ago
> Cobranded YubiKeys

More interesting than that even, a tier of YubiKeys that does not exist outside of this cooperation.

The supported features sit between a YubiKey 5C and a Security Key C and I did not find any other way to purchase this tier.

jallmann•41m ago
> want without a PR process that requires hardware authentication or proof of presence

Just curious, what do you use for this?

I built OTP Guard [1] a few years ago for exactly this problem, although I haven't seen any alternatives in the space. Does GitHub have something built-in now?

The original framing was more "local malware compromising your GitHub account" ... it never occurred to me that the malware could be a LLM. I really should update the page.

[1] https://otpguard.com

jmole•21m ago
My simple process is:

0) agent gets its own separate git user and ssh key, separate from mine

1) branch protection rules on main, only I can approve merges into main

2) any other ssh key uses (interactive login, direct git access, etc.) are ed25519-sk keys and require a touch on yubikey.

TBH, the biggest hole is that it can be unclear exactly what process is requesting a touch on the yubikey. Apple has a head start here because they can lock down the TouchID UX relatively well, but unfortunately they don’t seem to care about building a polished developer experience for 2FA on sensitive tasks.

They are probably waiting for someone else to build the right solution and then copy/steal it.

UltraSane•50m ago
I was actually thinking they would have to do this. Having to mail a physical token to a valid address is a extremely powerful access control method.
alberth•43m ago
Dumb question: is using the built in passkey support on my iPhone not considered “hardware-backed”, since iPhone is using device biometrics?