Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
At long last, InfoWars is ours
274 points, 73 comments on Hacker News
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code. SGLang is a high-performance, open-source serving
Bloom (YC P26) Is Hiring
1 points, 0 comments on Hacker News
The Theory of Interstellar Trade [pdf] (1978)
49 points, 12 comments on Hacker News
Highlights from Git 2.54
The open source Git project just released Git 2.54. Here is GitHub’s look at some of the most interesting features and changes introduced since last time. The post Highlights from Git 2.54 appeared first on The GitHub Blog.
Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys
114 points, 52 comments on Hacker News
We accepted surveillance as default
132 points, 51 comments on Hacker News
Effectful Recursion Schemes
Comments
PyTexas 2026 Recap
PyTexas 2026 ran April 17–19 in Austin. Friday was tutorials, Saturday and Sunday were talks with two keynotes and two lightning-talk blocks. A few themes kept coming back across unrelated talks: Sovereignty. The word came up in two different keynotes. Hynek Schlawack: “the domain model must be sovereign”. Design it first, translate at the edges. Dawn Wages: “sovereignty over your stack” as one of her three pillars for both model and career specialization. Agents should write code, not decide what to write. Peter Sobot’s Seven Stages of AI Grief ended on that line. Al Sweigart argued “agentic engineering” is vibe coding with better marketing, and that almost-right is worse than wrong. Maria Silvia Mielniczuk’s MCP talk built the same idea into an architecture: models suggest, only the server executes. Adam Gordon Bell’s running coach split deterministic work (plain Python) from interpretation (LLM). The Sunday opener framed it bluntly: when AI ships a bad PR, fix the process, not the m
Transpiling from Python into Lisp
Comments
Deezer says 44% of songs uploaded to its platform daily are AI-generated
146 points, 162 comments on Hacker News
A printing press for biological data
20 points, 0 comments on Hacker News
I'm never buying another Kindle
Article URL: https://www.androidauthority.com/amazon-kindle-2026-3657863/ Comments URL: https://news.ycombinator.com/item?id=47835775 Points: 134 # Comments: 108
Kimi K2.6: Advancing Open-Source Coding
328 points, 157 comments on Hacker News
My practitioner view of program analysis
26 points, 4 comments on Hacker News
Books are not too expensive
32 points, 31 comments on Hacker News
I prompted ChatGPT, Claude, Perplexity, and Gemini and watched my Nginx logs
104 points, 18 comments on Hacker News
Acetaminophen vs. ibuprofen
255 points, 104 comments on Hacker News
Show HN: Alien – Self-hosting with remote management (written in Rust)
Hi HN, I'm Alon, and I'm building Alien, an open-source platform for deploying your software into your customer's environment and keeping it fully managed. In my previous startup, I heard the same question from every single enterprise customer over and over again: "My data is sensitive. Can I deploy your product to my own cloud account?" Self-hosting is becoming very popular because it lets users keep their data private, local, and inside their own environment. Unfortunately, self-hosting breaks down when someone starts paying for your software. Especially if it's an enterprise customer. Customers usually don't actually know how to operate your software. They might change something small — Postgres version, environment variables, IAM, firewall rules — and things start failing. From their perspective, the product is broken. And even if the root cause is on their side, it doesn't matter... the customer is always right, you're still the one expected to fix it. But you can't. You don't hav
Show HN: Mediator.ai – Using Nash bargaining and LLMs to systematize fairness
Eight years ago, my then-fiancée and I decided to get a prenup, so we hired a local mediator. The meetings were useful, but I felt there was no systematic process to produce a final agreement. So I started to think about this problem, and after a bit of research, I discovered the Nash bargaining solution. Yet if John Nash had solved negotiation in the 1950s, why did it seem like nobody was using it today? The issue was that Nash's solution required that each party to the negotiation provide a "utility function", which could take a set of deal terms and produce a utility number. But even experts have trouble producing such functions for non-trivial negotiations. A few years passed and LLMs appeared, and about a year ago I realized that while LLMs aren’t good at directly producing utility estimates, they are good at doing comparisons, and this can be used to estimate utilities of draft agreements. This is the basis for Mediator.ai, which I soft-launched over the weekend. Be interviewed b
MNT Reform is an open hardware laptop, designed and assembled in Germany
105 points, 32 comments on Hacker News
Qwen3.6-Max-Preview: Smarter, Sharper, Still Evolving
329 points, 193 comments on Hacker News
Ask HN: How to solve the cold start problem for a two-sided marketplace?
I'm building a P2P crowdshipping marketplace, basically BlaBlaCar but for packages instead of passengers. Travelers going between cities/countries carry items for people who need to send stuff. About to launch the MVP and hitting the classic chicken-and-egg problem. Travelers won't sign up without packages to carry, senders won't post without travelers available. Every marketplace founder says "focus on one side first" but nobody gets specific about how they actually did it, especially when you can't fake supply like you can with a SaaS landing page. For those who've built P2P platforms or two-sided marketplaces: what actually worked for your first 50-100 transactions? Did you manually match people? Subsidize one side? Constrain to one route/city? Comments URL: https://news.ycombinator.com/item?id=47834213 Points: 98 # Comments: 101
All phones sold in the EU to have replaceable batteries from 2027
650 points, 539 comments on Hacker News
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run.
Sauna effect on heart rate
271 points, 160 comments on Hacker News
Forgejo v15.0 is available
Comments
The AI engineering stack we built internally — on the platform we ship
We built our internal AI engineering stack on the same products we ship. That means 20 million requests routed through AI Gateway, 241 billion tokens processed, and inference running on Workers AI, serving more than 3,683 internal users. Here's how we did it.
Building the agentic cloud: everything we launched during Agents Week 2026
Agents Week 2026 is a wrap. Let’s take a look at everything we announced, from compute and security to the agent toolbox, platform tools, and the emerging agentic web. Everything we shipped for the agentic cloud.
Orchestrating AI Code Review at scale
Learn about how we built a CI-native AI code reviewer using OpenCode that helps our engineers ship better, safer code.
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles