Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
I built Zenith: a live local-first fixed viewport planetarium
Article URL: https://smorgasb.org/zenith-tech/ Comments URL: https://news.ycombinator.com/item?id=48150097 Points: 3 # Comments: 0
Image-blaster: Creates 3D environments, SFX, and meshes from a single image
100 points, 21 comments on Hacker News
Additive Blending on the Nintendo 64
55 points, 6 comments on Hacker News
The SGI Buyer's Guide (2003)
7 points, 2 comments on Hacker News
Cloudflare Introduces Workflows V2 with Deterministic Execution and 50K Concurrent Workflows
Cloudflare introduces Workflows V2, a redesigned distributed workflow orchestration system with deterministic replayable execution, improved observability, and major scaling upgrades, including 50,000 concurrent instances and 2M queued workflows. It supports AI agents, data pipelines, and background processing with improved reliability across distributed systems. By Leela Kumili
ASCII by Jason Scott
https://web.archive.org/web/20260501220231/https://ascii.tex... Comments URL: https://news.ycombinator.com/item?id=48148726 Points: 46 # Comments: 7
Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program
We're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings. The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program appeared first on The GitHub Blog.
A 0-click exploit chain for the Pixel 10
Article URL: https://projectzero.google/2026/05/pixel-10-exploit.html Comments URL: https://news.ycombinator.com/item?id=48148460 Points: 103 # Comments: 41
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below -
We are retiring our bug bounty program
Article URL: https://turso.tech/blog/the-wonders-of-ai Comments URL: https://news.ycombinator.com/item?id=48148391 Points: 260 # Comments: 160
Amazon workers under pressure to up their AI usage are making up tasks
Article URL: https://www.fastcompany.com/91541586/amazon-workers-pressured-to-up-ai-use-extraneous-tasks Comments URL: https://news.ycombinator.com/item?id=48148337 Points: 103 # Comments: 70
High dimensional geometry is transforming the MRI industry(2017) [pdf]
Article URL: https://www.ams.org/government/DonohoPresentation06-28-17Final.pdf Comments URL: https://news.ycombinator.com/item?id=48148309 Points: 39 # Comments: 8
Trade Dollars with other startups. Book it as revenue
Article URL: https://www.revswap.ai/ Comments URL: https://news.ycombinator.com/item?id=48148084 Points: 103 # Comments: 63
Presentation: Using AI as a Thinking Partner for Large-Scale Engineering Systems
Julie Qiu explains how AI serves as a "thinking partner" for engineering leaders. She discusses five distinct roles - Archaeologist, Experimenter, Critic, Author, and Reviewer - to manage the cognitive load of 400+ repositories. She shares how AI provides the "RAM" needed to synthesize legacy context, pressure-test designs, and accelerate high-level architectural decisions. By Julie Qiu
Radicle: Sovereign {code forge} built on Git
Article URL: https://radicle.dev/ Comments URL: https://news.ycombinator.com/item?id=48147603 Points: 107 # Comments: 26
What are you doing this weekend?
Feel free to tell what you plan on doing this weekend and even ask for help or feedback. Please keep in mind it’s more than OK to do nothing at all too!
SigNoz (YC W21, open source Datadog) Is hiring for growth and engineering roles
Article URL: https://signoz.io/careers Comments URL: https://news.ycombinator.com/item?id=48147533 Points: 0 # Comments: 0
Discord Reveals How a Hidden Circular Dependency Triggered Its March Voice Outage
Discord has released a detailed postmortem on its March 25, 2026, voice outage, revealing that a previously undetected circular dependency in its voice infrastructure triggered a cascading failure that disrupted voice services across the platform. By Craig Risi
Mercurial, 20 years and counting: how are we still alive and kicking? [video]
122 points, 93 comments on Hacker News
Welcome to the Strip Mining Era of OSS Security
Article URL: https://www.metabase.com/blog/strip-mining-era-of-open-source-security Comments URL: https://news.ycombinator.com/item?id=48147339 Points: 75 # Comments: 56
The old world of tech is dying and the new cannot be born
Comments
Mini book: Architecting Autonomy: Decentralising Architecture Inside an Organization
As AI accelerates delivery cycles, traditional centralized architecture becomes a bottleneck. This eMag brings together practitioner insights on decentralizing decision-making and moving from approval chains to guardrails. Discover frameworks for rethinking the architect’s role, creating enabling platforms, and balancing edge autonomy with the strategic coherence needed to scale effectively. By InfoQ
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis
O(x)Caml in Space
Article URL: https://gazagnaire.org/blog/2026-05-14-borealis.html Comments URL: https://news.ycombinator.com/item?id=48147058 Points: 169 # Comments: 27
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to
The sigmoids won't save you
94 points, 130 comments on Hacker News
A new book on Steve Jobs at NeXT
Article URL: https://spectrum.ieee.org/steve-jobs-next-computer Comments URL: https://news.ycombinator.com/item?id=48146908 Points: 85 # Comments: 79
NanoTDB – Golang Append-Only Time Series DB
Article URL: https://github.com/aymanhs/nanotdb Comments URL: https://news.ycombinator.com/item?id=48146877 Points: 21 # Comments: 3
why use F# for scripting and automation?
Comments
Benchmarking AI Agents on Kubernetes
Brandon Foley published a benchmarking study on the CNCF blog showing that AI coding agents can find and fix isolated bugs. However, they often struggle to understand system-wide impacts. This challenges the idea that improved code retrieval is the main way to enhance automated bug fixing. By Claudio Masolo
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles