Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux
Dropbox Redesigns Compaction to Reclaim Space from Underfilled Storage Volumes
Dropbox recently explained how it improved storage efficiency in Magic Pocket, the company's internal immutable blob store for storing user files at scale, by redesigning compaction strategies to reclaim space from severely underfilled storage volumes. The system now periodically reorganizes valid data into new volumes, allowing old, partially used ones to be cleared and reused. By Renato Losio
Vercel Releases Open Agents to Support Background AI Coding Workflows
Vercel has launched Open Agents, an open-source app that enables the creation and execution of background coding agents. It provides a complete stack for developers to run independent coding workflows without relying on local machines. By Robert Krzaczyński
Inventions for battery reuse and recycling increase seven-fold in last decade
124 points, 6 comments on Hacker News
Amber-Lang 0.6.0 - New release, check what's new
As per title finally after more then 6 months we are releasing the new 0.6.0 release! In this release we put a lot of effort on looking on feedbacks after the Fosdem talks and reception we got on socials. This release brings multi-shell support (Bash, Zsh, Ksh, and even Bash 3.2), making it easier to deploy scripts across different UNIX environments. Key additions include recursive functions, union types, and public (pub) variables for better modularity. Including Debian/RPM packages, improved CI/CD with nightly builds, and better shellcheck integration. The standard library grows with helpers for filesystem, environment, and text manipulation. We are still a lot of stuff to do but we are proceeding faster as we are getting more contributors :-D Comments
Article: The DPoP Storage Paradox: Why Browser-Based Proof-of-Possession Remains an Unsolved Problem
DPoP closes a real gap in OAuth 2.0. Sender-constrained tokens are a meaningful upgrade over bearer tokens for any client that can implement them. But RFC 9449's silence on browser key storage creates the need for an architectural decision that each team must confront deliberately — there is no safe default that works everywhere. By Dhruv Agnihotri
Chasing a SharedKey signature mismatch: fix azurerm_storage_table_entity
4 points, 0 comments on Hacker News
March in Servo: keyboard navigation, better debugging, FreeBSD support, and more
Comments
Netflix Scales "Human Infrastructure" to Manage Global Live Operations
Netflix has introduced a "human infrastructure" layer to manage live broadcasts at scale. Using a low-latency "telemetry hot path" and a Live Operations Centre, the company now balances automated scaling with human oversight. This shift, which mirrors strategies at AWS and Disney+, focuses on maintaining reliability through expert intervention during high-concurrency global events. By Mark Silvester
A text editor as a user interface
Comments
DBmaestro MCP Server Puts Natural Language in Control of Database Pipelines
DBmaestro has launched an MCP server that connects AI agents and enterprise copilots to its database DevOps platform, allowing teams to issue natural language commands that trigger real, governed platform workflows. The MCP server, announced on 7 April 2026, allows DBAs to expose DBmaestro's release automation, source control, CI/CD orchestration, and compliance capabilities through MCP. By Matt Saunders
DataCenter.FM – background noise app featuring the sound of the AI bubble
Article URL: https://datacenter.fm/ Comments URL: https://news.ycombinator.com/item?id=47959513 Points: 20 # Comments: 5
Mozilla's opposition to Chrome's Prompt API
541 points, 203 comments on Hacker News
Mozilla's Opposition to Chrome's Prompt API
Article URL: https://github.com/mozilla/standards-positions/issues/1213 Comments URL: https://news.ycombinator.com/item?id=47959463 Points: 110 # Comments: 49
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,"
A Gopher Meets a Crab
39 points, 16 comments on Hacker News
Monad Tutorials Timeline
Article URL: https://wiki.haskell.org/Monad_tutorials_timeline Comments URL: https://news.ycombinator.com/item?id=47958106 Points: 42 # Comments: 15
Lessons from Building an OTel Normalizer for GenAI
Article URL: https://www.groundcover.com/blog/otel-normalizer-genai-part-1 Comments URL: https://news.ycombinator.com/item?id=47958081 Points: 4 # Comments: 0
Biology is a Burrito: A text- and visual-based journey through a living cell
Article URL: https://burrito.bio/essays/biology-is-a-burrito Comments URL: https://news.ycombinator.com/item?id=47957714 Points: 37 # Comments: 5
Where the goblins came from
Article URL: https://openai.com/index/where-the-goblins-came-from/ Comments URL: https://news.ycombinator.com/item?id=47957688 Points: 215 # Comments: 93
LFM2-24B-A2B: Scaling Up the LFM2 Architecture
39 points, 9 comments on Hacker News
Finetuning Activates Verbatim Recall of Copyrighted Books in LLMs
Article URL: https://github.com/cauchy221/Alignment-Whack-a-Mole-Code Comments URL: https://news.ycombinator.com/item?id=47957627 Points: 55 # Comments: 17
The Zig project's rationale for their firm anti-AI contribution policy
Article URL: https://simonwillison.net/2026/Apr/30/zig-anti-ai/ Comments URL: https://news.ycombinator.com/item?id=47957294 Points: 68 # Comments: 14
in which more paths are charted towards code independence
Comments
A Grounded Conceptual Model for Ownership Types in Rust
Article URL: https://cacm.acm.org/research-highlights/a-grounded-conceptual-model-for-ownership-types-in-rust/ Comments URL: https://news.ycombinator.com/item?id=47957116 Points: 18 # Comments: 0
Craig Venter has died
Article URL: https://www.jcvi.org/media-center/j-craig-venter-genomics-pioneer-and-founder-jcvi-and-diploid-genomics-inc-dies-79 Comments URL: https://news.ycombinator.com/item?id=47957101 Points: 151 # Comments: 32
Joby kicks off NYC electric air taxi demos with historic JFK flight
Article URL: https://www.flyingmag.com/joby-nyc-electric-air-taxi-jfk-airport/ Comments URL: https://news.ycombinator.com/item?id=47956781 Points: 34 # Comments: 73
Mike: open-source legal AI
Article URL: https://mikeoss.com/ Comments URL: https://news.ycombinator.com/item?id=47956739 Points: 40 # Comments: 13
GitHub is sinking
Comments
Your Clippy Config Should Be Stricter
Comments
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles