Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024. "
Two Years of Valkey
Comments
Teardown of unreleased LG Rollable shows why rollable phones aren't a thing
40 points, 14 comments on Hacker News
Moving fast in hardware: lessons from lab to $100M ARR
Article URL: https://blog.zacka.io/p/simplify-then-add-lightness-bc4 Comments URL: https://news.ycombinator.com/item?id=47676557 Points: 71 # Comments: 19
Lunar Flyby
289 points, 71 comments on Hacker News
Mysteries of Dropbox: Testing of a Distributed Sync Service (2016) [pdf]
89 points, 19 comments on Hacker News
What text editor (cli or gui) are you using for writing non-code?
Papers, books, and notes. I’ve being using Trilium (not Next) but find writing simple markdown notes very enjoyable in CLI. Been trying Nano and now micro recently, both enjoyable.
Show HN: Finalrun – Spec-driven testing using English and vision for mobile apps
I wanted to test mobile apps in plain English instead of relying on brittle selectors like XPath or accessibility IDs. With a vision-based agent, that part actually works well. It can look at the screen, understand intent, and perform actions across Android and iOS. The bigger problem showed up around how tests are defined and maintained. When test flows are kept outside the codebase (written manually or generated from PRDs), they quickly go out of sync with the app. Keeping them updated becomes a lot of effort, and they lose reliability over time. I then tried generating tests directly from the codebase (via MCP). That improved sync, but introduced high token usage and slower generation. The shift for me was realizing test generation shouldn’t be a one-off step. Tests need to live alongside the codebase so they stay in sync and have more context. I kept the execution vision-based (no brittle selectors), but moved test generation closer to the repo. I’ve open sourced the core pieces: 1
Generative art over the years
95 points, 24 comments on Hacker News
A blind man made it possible for others with low vision to build Lego sets
47 points, 5 comments on Hacker News
Principles of Mechanical Sympathy
35 points, 4 comments on Hacker News
Cloudflare targets 2029 for full post-quantum security
Article URL: https://blog.cloudflare.com/post-quantum-roadmap/ Comments URL: https://news.ycombinator.com/item?id=47675625 Points: 170 # Comments: 51
Who was "Not Even Wrong" first? [2023]
3 points, 2 comments on Hacker News
Audio Reactive LED Strips Are Diabolically Hard
37 points, 6 comments on Hacker News
Happy Map
28 points, 4 comments on Hacker News
9 Mothers (YC P26) Is Hiring – Lead Robotics and More
Article URL: https://jobs.ashbyhq.com/9-mothers?utm_source=x8pZ4B3P3Q Comments URL: https://news.ycombinator.com/item?id=47675302 Points: 0 # Comments: 0
Google open-sources experimental agent orchestration testbed Scion
https://googlecloudplatform.github.io/scion/overview/ Comments URL: https://news.ycombinator.com/item?id=47675213 Points: 76 # Comments: 23
Dropping Cloudflare for Bunny.net
Article URL: https://jola.dev/posts/dropping-cloudflare Comments URL: https://news.ycombinator.com/item?id=47675013 Points: 305 # Comments: 150
The Miller Principle (2007)
46 points, 36 comments on Hacker News
Model-Based Testing for Dungeons & Dragons
49 points, 8 comments on Hacker News
Stewart Brand on how progress happens
18 points, 4 comments on Hacker News
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already
The Soul of an Old Machine
11 points, 3 comments on Hacker News
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These "dark
What is a property?
45 points, 14 comments on Hacker News
Show HN: A cartographer's attempt to realistically map Tolkien's world
11 points, 0 comments on Hacker News
Show HN: Pion/handoff – Move WebRTC out of browser and into Go
5 points, 1 comments on Hacker News
The Hidden Cost of Recurring Credential Incidents
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential
Plan 9 is a Uniquely Complete Operating System
Comments
LLM may be standardizing human expression – and subtly influencing how we think
Article URL: https://dornsife.usc.edu/news/stories/ai-may-be-making-us-think-and-write-more-alike/ Comments URL: https://news.ycombinator.com/item?id=47673541 Points: 49 # Comments: 29
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles