Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Kimi K2.6: Advancing Open-Source Coding
328 points, 157 comments on Hacker News
My practitioner view of program analysis
26 points, 4 comments on Hacker News
Books are not too expensive
32 points, 31 comments on Hacker News
I prompted ChatGPT, Claude, Perplexity, and Gemini and watched my Nginx logs
104 points, 18 comments on Hacker News
Acetaminophen vs. ibuprofen
255 points, 104 comments on Hacker News
Show HN: Alien – Self-hosting with remote management (written in Rust)
Hi HN, I'm Alon, and I'm building Alien, an open-source platform for deploying your software into your customer's environment and keeping it fully managed. In my previous startup, I heard the same question from every single enterprise customer over and over again: "My data is sensitive. Can I deploy your product to my own cloud account?" Self-hosting is becoming very popular because it lets users keep their data private, local, and inside their own environment. Unfortunately, self-hosting breaks down when someone starts paying for your software. Especially if it's an enterprise customer. Customers usually don't actually know how to operate your software. They might change something small — Postgres version, environment variables, IAM, firewall rules — and things start failing. From their perspective, the product is broken. And even if the root cause is on their side, it doesn't matter... the customer is always right, you're still the one expected to fix it. But you can't. You don't hav
Show HN: Mediator.ai – Using Nash bargaining and LLMs to systematize fairness
Eight years ago, my then-fiancée and I decided to get a prenup, so we hired a local mediator. The meetings were useful, but I felt there was no systematic process to produce a final agreement. So I started to think about this problem, and after a bit of research, I discovered the Nash bargaining solution. Yet if John Nash had solved negotiation in the 1950s, why did it seem like nobody was using it today? The issue was that Nash's solution required that each party to the negotiation provide a "utility function", which could take a set of deal terms and produce a utility number. But even experts have trouble producing such functions for non-trivial negotiations. A few years passed and LLMs appeared, and about a year ago I realized that while LLMs aren’t good at directly producing utility estimates, they are good at doing comparisons, and this can be used to estimate utilities of draft agreements. This is the basis for Mediator.ai, which I soft-launched over the weekend. Be interviewed b
MNT Reform is an open hardware laptop, designed and assembled in Germany
105 points, 32 comments on Hacker News
Qwen3.6-Max-Preview: Smarter, Sharper, Still Evolving
329 points, 193 comments on Hacker News
Ask HN: How to solve the cold start problem for a two-sided marketplace?
I'm building a P2P crowdshipping marketplace, basically BlaBlaCar but for packages instead of passengers. Travelers going between cities/countries carry items for people who need to send stuff. About to launch the MVP and hitting the classic chicken-and-egg problem. Travelers won't sign up without packages to carry, senders won't post without travelers available. Every marketplace founder says "focus on one side first" but nobody gets specific about how they actually did it, especially when you can't fake supply like you can with a SaaS landing page. For those who've built P2P platforms or two-sided marketplaces: what actually worked for your first 50-100 transactions? Did you manually match people? Subsidize one side? Constrain to one route/city? Comments URL: https://news.ycombinator.com/item?id=47834213 Points: 98 # Comments: 101
All phones sold in the EU to have replaceable batteries from 2027
650 points, 539 comments on Hacker News
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run.
Sauna effect on heart rate
271 points, 160 comments on Hacker News
Forgejo v15.0 is available
Comments
The AI engineering stack we built internally — on the platform we ship
We built our internal AI engineering stack on the same products we ship. That means 20 million requests routed through AI Gateway, 241 billion tokens processed, and inference running on Workers AI, serving more than 3,683 internal users. Here's how we did it.
Orchestrating AI Code Review at scale
Learn about how we built a CI-native AI code reviewer using OpenCode that helps our engineers ship better, safer code.
Building the agentic cloud: everything we launched during Agents Week 2026
Agents Week 2026 is a wrap. Let’s take a look at everything we announced, from compute and security to the agent toolbox, platform tools, and the emerging agentic web. Everything we shipped for the agentic cloud.
ggsql: A Grammar of Graphics for SQL
248 points, 58 comments on Hacker News
Creusot 0.11.0: VerifyThis winner
Comments
Atlassian enables default data collection to train AI
332 points, 78 comments on Hacker News
Tesla Hid Fatal Accidents to Continue Testing Autonomous Driving (French)
134 points, 17 comments on Hacker News
Why macOS27 won't be supporting Intel anymore
12 points, 8 comments on Hacker News
WebUSB Extension for Firefox
121 points, 97 comments on Hacker News
A Pascal's Wager for AI Doomers
Article URL: https://pluralistic.net/2026/04/16/pascals-wager/ Comments URL: https://news.ycombinator.com/item?id=47832887 Points: 9 # Comments: 2
Why Most AI Deployments Stall After the Demo
The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall because what worked in the demo doesn't survive contact with real operations. The gap between a
All your agents are going async
68 points, 43 comments on Hacker News
Your engineering team looks healthy. It probably isn't
Comments
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to
Figma's woes compound with Claude Design
48 points, 35 comments on Hacker News
M 7.4 earthquake – 100 km ENE of Miyako, Japan
69 points, 31 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles