Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Show HN: Browser-based light pollution simulator using real photometric data
Hi HN — author here. iesna.eu is a browser-based ecosystem for working with photometric data: parsing standard luminaire files (LDT/EULUMDAT, IES LM-63, Oxytech, ATLA-S001), running design calculations against EN 13201 / ANSI/IES RP-8 / CJJ 45 / IES-IDA MLO, and (the part I most want to show off here) rendering real urban scenes in Bevy with the photometric data driving actual streetlight behavior, including sky-glow contribution. The Skyglow Analysis demo loads a real LDT file into a Bevy scene (Khronos Bistro test asset). The luminaire's intensity distribution drives the streetlight rendering directly — no fudging — and the sky-glow grade updates live as you adjust the uplight percentage. Swap to a full-cutoff fixture and the sky goes from F (Severe) back to A (Excellent). You can see the difference on the buildings as well as in the sky. Stack: Rust core (eulumdat-rs and friends, ~20 crates handling photometric formats), Bevy for the 3D rendering, WASM for browser deployment. No ba
Show HN: Filling PDF forms with AI using client-side tool calling
Hey HN! I built SimplePDF Copilot: an AI assistant that can interact with the PDF editor. It fills fields, answers questions, focuses on a specific field, adds fields, deletes pages, and so on. It's built on top of SimplePDF that I started 7 years ago, pioneering privacy-respecting client-side pdf editing, now used monthly by 200k+ people. As for the privacy model: the PDF itself never leaves the browser. Parsing, rendering, and field detection all run client-side. The text the model needs (and your messages) goes to whatever LLM you point at. By default that's our demo proxy (DeepSeek V4 Flash, rate-capped), but you can BYOK and point it at any cloud provider, or go fully local (I've been testing with LM Studio). Unlike the existing "Chat with PDF" tools that only retrieve the text/OCR layer, Copilot can act on the PDF: filling fields, adding fields (detected client-side using CommonForms by Joe Barrow [1], jbarrow on HN with some post-processing heuristics I added on top), focusing o
Show HN: Large Scale Article Extract of Newspapers 1730s-1960s
4 points, 1 comments on Hacker News
Dabbling in Erlang, part 2: A minimal introduction (2013)
20 points, 2 comments on Hacker News
Why are there both TMP and TEMP environment variables, and which one is right?
Article URL: https://devblogs.microsoft.com/oldnewthing/20150417-00/?p=44213 Comments URL: https://news.ycombinator.com/item?id=47984522 Points: 4 # Comments: 0
SKILL.make: Makefile Styled Skill File
Article URL: https://github.com/Teaonly/SKILL.make Comments URL: https://news.ycombinator.com/item?id=47984486 Points: 12 # Comments: 1
Open source ballistic simulator with NASA SRTM terrain masking (Python/C#)
Article URL: https://github.com/InsaneInfinity/Balistic Comments URL: https://news.ycombinator.com/item?id=47984291 Points: 3 # Comments: 1
DuckLake 1.0: Data Lake Format with SQL Catalog Metadata
DuckDB Labs recently released DuckLake 1.0, a data lake format that stores table metadata in a SQL database rather than across many files in object storage. The first implementation is available as a DuckDB extension and includes catalog-stored small updates, improved sorting and partitioning options, and compatibility with Iceberg-style data features. By Renato Losio
Trellix Confirms Source Code Breach With Unauthorized Repository Access
Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter immediately. It also said it has notified law enforcement of the matter. Trellix did not disclose the
I Do Not Recommend Bitwarden
Comments
stackless coroutines for gamedev in ~200 lines of C++
Comments
Show HN: Stop playing my matchstick puzzles, start building your own in seconds
Article URL: https://mathstick.github.io Comments URL: https://news.ycombinator.com/item?id=47983485 Points: 12 # Comments: 12
Why are neural networks and cryptographic ciphers so similar? (2025)
74 points, 25 comments on Hacker News
The Architect's Instinct
Comments
Reducing ML-KEM-768 encapsulation key sizes by 24 octets
Comments
CollectWise (YC F24) Is Hiring
Article URL: https://www.ycombinator.com/companies/collectwise/jobs/rEWfZ6R-senior-forward-deployed-engineer Comments URL: https://news.ycombinator.com/item?id=47983385 Points: 0 # Comments: 0
Why does it take so long to release black fan versions?
Article URL: https://www.noctua.at/en/expertise/blog/how-can-it-take-so-long-to-release-black-fan-versions Comments URL: https://news.ycombinator.com/item?id=47983352 Points: 235 # Comments: 107
Texico: Learn the principles of programming without even touching a computer
46 points, 1 comments on Hacker News
Ask.com has closed
Article URL: https://www.ask.com/ Comments URL: https://news.ycombinator.com/item?id=47983226 Points: 264 # Comments: 131
K3k: Kubernetes in Kubernetes
Article URL: https://github.com/rancher/k3k Comments URL: https://news.ycombinator.com/item?id=47983176 Points: 53 # Comments: 28
Create an MP4 video of a web page scrolling at a steady speed
Article URL: https://github.com/upenn/web-scroll-video Comments URL: https://news.ycombinator.com/item?id=47982763 Points: 30 # Comments: 11
I built the Playwright for desktop apps. 80% token savings
Article URL: https://github.com/lahfir/agent-desktop Comments URL: https://news.ycombinator.com/item?id=47982708 Points: 77 # Comments: 24
What Conferences are You Excited to Attend in the Next 12 Months?
I've let conference attendance slide in the last few years (last was ElixirConf 2023), and would like to get back in the habit. I value them from a professional development/community POV. I've even got a trip to Europe planned in the next year and could dovetail that--since I'm suspecting that the "good conferences" are happening more and more outside of the states.
Good developers learn to program. Most courses teach a language
Article URL: https://evilgeniuslabs.ca/blog/good-developers-learn-to-program-not-a-language Comments URL: https://news.ycombinator.com/item?id=47981995 Points: 72 # Comments: 46
A Physics Engine with Incremental Rollback for Multiplayer Games
11 points, 3 comments on Hacker News
A Report on Burnout in Open Source Software Communities (2025) [pdf]
Article URL: https://mirandaheath.website/static/oss_burnout_report_mh_25.pdf Comments URL: https://news.ycombinator.com/item?id=47981669 Points: 43 # Comments: 11
The Road to a Billion-Token Context
7 points, 2 comments on Hacker News
Finding a RCE in my old TP-Link router
Comments
Code Orange: Fail Small is complete. The result is a stronger Cloudflare network
We have completed a massive engineering effort to make our infrastructure more resilient. Through new tools like Snapstone and the Engineering Codex, we've implemented safer configuration changes and automated best practices to prevent future incidents.
Windows quality update: Progress we've made since March
41 points, 60 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles