Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Local Git Remotes
Article URL: https://cblgh.org/posts/local-git-remotes/ Comments URL: https://news.ycombinator.com/item?id=48322389 Points: 54 # Comments: 40
Poll: How often do you check "newest"?
Comments URL: https://news.ycombinator.com/item?id=48322267 Points: 40 # Comments: 39
High Density Living, 2000 Years Ago: Inside the Roman Apartment Building
52 points, 11 comments on Hacker News
Show HN: Context-aware Japanese furigana using Sudachi and ModernBERT
Article URL: https://www.ezfurigana.com/ Comments URL: https://news.ycombinator.com/item?id=48322203 Points: 12 # Comments: 7
The UK Government's Low Value Purchase System Is a Waste of Time
104 points, 56 comments on Hacker News
We should be more tired than the model
Article URL: https://vickiboykis.com/2026/05/28/we-should-be-more-tired-than-the-model/ Comments URL: https://news.ycombinator.com/item?id=48322118 Points: 76 # Comments: 75
Cedana (YC S23) Is Hiring
1 points, 0 comments on Hacker News
Testing the WWI concrete ships and WWII concrete barges
17 points, 2 comments on Hacker News
AI-Assisted Migration Tool Helps Teams Move from ingress-nginx to Higress in Minutes
The Cloud Native Computing Foundation has highlighted a new AI-assisted migration approach that enabled engineers to migrate 60 ingress-nginx resources to Higress in roughly 30 minutes, demonstrating how artificial intelligence is increasingly being applied to modernize Kubernetes networking and gateway infrastructure. By Craig Risi
How Braintrust turns customer requests into code with Codex
How Braintrust engineers use Codex with GPT-5.5 to run experiments and code faster.
Boston Children’s uses AI to unlock new diagnoses
Boston Children’s Hospital uses OpenAI technology to improve patient care, reduce operational burden, and help diagnose more than 40 rare disease cases.
Presentation: Building Evals for AI Adoption: From Principles to Practice
Mallika Rao discusses the hidden risk of evaluation debt in production AI systems, drawing on her experience at Twitter, Walmart, and Netflix. She explains why traditional metrics fail modern architectures, breaks down a five-layer evaluation stack spanning infrastructure and UX, and shares a diagnostic maturity model to help engineering leaders eliminate silent semantic failures. By Mallika Rao
Tulip mania: when a single flower was worth more than a house (2025)
96 points, 82 comments on Hacker News
Linux/M68k
39 points, 13 comments on Hacker News
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to
Is AI causing a repeat of frontend’s lost decade?
245 points, 210 comments on Hacker News
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report (get it here), a
What are you doing this weekend?
Feel free to tell what you plan on doing this weekend and even ask for help or feedback. Please keep in mind it’s more than OK to do nothing at all too!
Fooling around with encrypted reasoning blobs
21 points, 2 comments on Hacker News
Security Envelope Pattern collection – S.E.C.R.E.T
58 points, 6 comments on Hacker News
Real-time LLM Inference on Standard GPUs: 3k tokens/s per request
124 points, 62 comments on Hacker News
Leaving performance on the table
Comments
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
You probably don't need Yocto, and that's fine
Comments
Cache Aware Scheduling Shows Nice Wins for AMD Zen 5 on PostgreSQL, Valkey
13 points, 0 comments on Hacker News
GitHub Slashes Agent Workflow Token Spend up to 62% with Daily Audits and MCP Pruning
GitHub reports cutting token costs in agentic CI workflows by up to 62% by pruning unused MCP tools, swapping some MCP calls for gh CLI, and running daily “auditor” and “optimizer” agents. A token-usage.jsonl artefact and an Effective Tokens metric help track spend across models and spot regressions. By Mark Silvester
Patching my guitar amp's firmware
Comments
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged
Show HN: Zot – Yet another coding agent harness
40 points, 51 comments on Hacker News
Volkswagen blocks Home Assistant by requiring client assertion
166 points, 84 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles