A backdoor in a LinkedIn job offer (Roman Imankulov)
A LinkedIn job offer repo contained a backdoor that executed automatically on npm install.
Commenters warn that npm install attacks are common and urge better security hygiene.
Hacker News. Daily summary. Top 20 stories.
A LinkedIn job offer repo contained a backdoor that executed automatically on npm install.
Commenters warn that npm install attacks are common and urge better security hygiene.
Iroh 1.0 lets applications dial by cryptographic key instead of IP address.
Commenters see iroh as a library-level alternative to Tailscale, with debate over its open-core business model.
A HN user asks if anyone has fully swapped Claude or GPT for a local model in daily coding work.
Local models are slower than cloud for coding, but expensive hardware setups can approach cloud speeds.
A browser-based sailing game with real wind physics where players battle enemy ships.
Players split on difficulty: easy after island capture, hard without it; controls and sound requested.
Curl will suspend vulnerability reports throughout July 2026 to give maintainers a planned break.
Strong approval for maintainer vacation; skeptics note attackers won't wait regardless.
Tech leaders have abandoned nerd values for attention-seeking self-promotion, liquidating decades of trust.
Commenters distinguish real nerd culture from VC-driven grift; actual nerds still thrive on non-mainstream platforms.
Hand-crank and pedal-powered local AI system that runs models on-device without cloud infrastructure or data transmission.
Technical feasibility confirmed; humans generate 120-160W sustainably, making local LLM inference viable but current cloud models impractical.
Hetzner raises prices for new dedicated server and cloud instances effective June 15, 2026.
Dominant reaction: steep price increases blamed on hardware cost spikes, but poor transparency frustrates long-term customers.
John Carmack calls Fabrice Bellard almost certainly a better overall programmer than himself.
Commenters split: Bellard as genius versus messy coder; Carmack as better engineer.
A hacker creates a banned-book library inside a Wi-Fi smart light bulb for covert digital dead drops.
Debate over whether 'banned books' is accurate, alongside praise for the project's cleverness.
Anthropic releases a Swift package integrating Claude into Apple's Foundation Models framework for iOS 27 and later.
Commenters split on whether Apple designed this for developer convenience or to facilitate monetization and lock-in when Apple's own models mature.
An x86 emulator team patched a fully unrolled 64KB stack-initialization loop to restore performance.
Commenters identified Alpha/Itanium emulation as the context and compared GPU-driver workarounds for buggy game code.
Article surveys lesser-known built-in Emacs features like dictionary tooltips, wildcard file operations, and comparison commands.
Dired's keybinding UX frustrates power users; vanilla Emacs stability versus framework-based instability divides adopters.
Fox Corp. is acquiring Roku in a massive $25 billion deal.
Longtime users fear the end of Roku's agnostic platform and worry about enshittification.
A homelabber uses OpenCode Web UI with Git access for AI-assisted Docker compose management and GitOps deployments.
Many commenters share similar setups, with a debate on whether using hosted models counts as a homelab.
A copper-based drug reduced toxic amyloid-beta and improved memory in Alzheimer's mice.
Skepticism dominates: mouse-model successes in Alzheimer's rarely translate to humans.
Salesforce acquires Fin, formerly Intercom, for $3.6 billion.
Low price tag debated given revenue and customer base; rebrand seen as prelude to sale.
Typst 0.15 adds variable fonts, MathML export, bundle output, and spot colors.
Widespread enthusiasm for Typst's speed, automation, and multiple-bibliography support.
Hetzner raised bare metal server prices 3-4x, following a 30% increase months earlier.
Thread points to earlier discussion; comments redirected.
A personal reflection on loving computers amid AI hype and corporate greed.
Commenters debate whether the 'snake oil' label fits AI, with camps for and against.