Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Defense in Depth: A Practical Guide to Python Supply Chain Security
Layer your defenses and don’t trust any single control. Use Ruff with security rules to catch bugs in your code before they ship. Pin all your dependencies with cryptographic hashes using uv lock or uv pip compile --generate-hashes so nobody can swap out packages on you. Run pip-audit in CI to catch known CVEs before they hit production. Generate SBOMs with CycloneDX so when the next Ultralytics-style compromise drops, you can answer “are we affected?” in minutes instead of days. If you’re publishing packages, ditch the long-lived API tokens and switch to Trusted Publishing with OIDC. This generates attestations automatically via Sigstore, linking your packages back to source repos. Organizations running internal mirrors can add a 7-day delay to let the community be your canary - but only if you’ve got the infrastructure to maintain it. Nothing here is perfect. Hash pinning stops tampering but won’t save you from a malicious package you installed on day one. Scanning finds known CVEs b
Stupid RCU Tricks: Corner-Case RCU Implementations
Comments
C++26: Reflection, Memory Safety, Contracts, and a New Async Model
Article URL: https://www.infoq.com/news/2026/04/cpp-26-reflection-safety-async/ Comments URL: https://news.ycombinator.com/item?id=47827603 Points: 27 # Comments: 2
Stop trying to engineer your way out of listening to people
144 points, 49 comments on Hacker News
A. J. Ayer – ‘What I Saw When I Was Dead’ (1988)
https://web.archive.org/web/20190724072148/https://www.philo... https://archive.ph/is0by Comments URL: https://news.ycombinator.com/item?id=47827215 Points: 62 # Comments: 75
corpus: self-hosted listenbrainz and last.fm frontend
Works as a self-hosted proxy that fetches listening history from either Last.fm or MusicBrainz, adds metadata from MusicBrainz (falling back to Last.fm and Discogs) and caches cover images to an S3 bucket. Everything is stored in DuckDB (each user has their own database) and it's been humming along quite well even for larger profiles (200k scrobbles). I always worry that these services can disappear without a warning and with them also amazingly extensive listening histories. I used LLMs quite a lot as I was learning about Purescript and Elm on the fly on the weekends and this is one of the projects I have been thinking about for a long time since other alternatives just seemed a bit lackluster. Comments
I wrote a CHIP-8 emulator in my own programming language
36 points, 10 comments on Hacker News
10 years ago, someone wrote a test for Servo that included an expiry in 2026
120 points, 75 comments on Hacker News
Scientific datasets are riddled with copy-paste errors
24 points, 1 comments on Hacker News
Six Levels of Dark Mode
38 points, 10 comments on Hacker News
Introducing Glyph Protocol for Terminals
Comments
Show HN: Faceoff – A terminal UI for following NHL games
Faceoff is a TUI app written in Python to follow live NHL games and browse standings and stats. I got the inspiration from Playball, a similar TUI app for MLB games that was featured on HN. The app was mostly vibe-coded with Claude Code, but not one-shot. I added features and fixed bugs by using it, as I spent way too much time in the terminal over the last few months. Try it out with `uvx faceoff` (requires uv). Comments URL: https://news.ycombinator.com/item?id=47826104 Points: 15 # Comments: 3
The Bromine Chokepoint
138 points, 70 comments on Hacker News
Hot Wiring the Lisp Machine
Comments
543 Hours: What happens when AI runs while you sleep
5 points, 0 comments on Hacker News
Turtle WoW classic server announces shutdown after Blizzard wins injunction
Article URL: https://www.pcgamer.com/games/world-of-warcraft/turtle-wow-classic-server-announces-shutdown-after-blizzard-wins-injunction/ Comments URL: https://news.ycombinator.com/item?id=47825160 Points: 74 # Comments: 51
What we once had (at the height of the XMPP era of the Internet) (2023)
Comments
Vercel Says Internal Systems Hit in Breach
Article URL: https://decipher.sc/2026/04/19/vercel-says-internal-systems-hit-in-breach/ Comments URL: https://news.ycombinator.com/item?id=47824976 Points: 263 # Comments: 46
Vercel April 2026 security incident
some context: https://nitter.net/DiffeKey/status/2045813085408051670 Comments
Notion leaks email addresses of all editors of any public page
Article URL: https://twitter.com/weezerOSINT/status/2045849358462222720 Comments URL: https://news.ycombinator.com/item?id=47824945 Points: 164 # Comments: 42
5x5 Pixel font for tiny screens
117 points, 31 comments on Hacker News
Notes from the SF Peptide Scene
Article URL: https://12gramsofcarbon.com/p/notes-from-the-sf-peptide-scene Comments URL: https://news.ycombinator.com/item?id=47824681 Points: 90 # Comments: 68
postmarketOS Conference
Comments
When moving fast, talking is the first thing to break
Article URL: https://daverupert.com/2026/04/more-talk-less-grok/ Comments URL: https://news.ycombinator.com/item?id=47824611 Points: 70 # Comments: 32
Matt Mullenweg Overrules Core Committers; Puts Akismet on WP 7's Connector List
Article URL: https://www.therepository.email/matt-mullenweg-overrules-core-committers-to-put-akismet-on-wordpress-7-0s-connectors-screen Comments URL: https://news.ycombinator.com/item?id=47824531 Points: 48 # Comments: 37
waves & particles
Comments
Vercel April 2026 security incident
498 points, 298 comments on Hacker News
Plexus P/20 Emulator
8 points, 0 comments on Hacker News
Contact Lens Uses Microfluidics to Monitor and Treat Glaucoma
63 points, 2 comments on Hacker News
Show HN: Prompt-to-Excalidraw demo with Gemma 4 E2B in the browser (3.1GB)
Article URL: https://teamchong.github.io/turboquant-wasm/draw.html Comments URL: https://news.ycombinator.com/item?id=47823460 Points: 56 # Comments: 24
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles