Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Learning Software Architecture
Article URL: https://matklad.github.io/2026/05/12/software-architecture.html Comments URL: https://news.ycombinator.com/item?id=48106024 Points: 17 # Comments: 0
A Technical Guide to Compiling Emacs for Performance on Linux and Unix systems
Comments
Article: Time-Series Storage: Design Choices That Shape Cost and Performance
Every time-series database makes a set of storage design decisions: how to lay out rows, when to compress, what to partition on. These decisions determine cost and query performance more than the choice of database itself. This article works through those fundamentals from first principles, using widely available tools like PostgreSQL and Apache Parquet to make each trade-off measurable. By Nirmesh Khandelwal
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution
Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution
Two recent Linux kernel vulnerabilities have been disclosed: Copy Fail (CVE-2026-31431) on April 29, 2026, and Dirty Frag (CVE-2026-43284 and CVE-2026-43500) on May 7, 2026. Both allow local users to gain root access, affecting multiple Linux distributions. These vulnerabilities exploit flaws in the page cache via different subsystems, necessitating immediate patching by affected organizations. By Matt Saunders
The Problem of Pedagogy in Advanced Mathematics
Comments
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it "reached an agreement with the unauthorized actor involved in
Toxicity on Social Media – The Noisy Room
Article URL: https://thenoisyroom.com Comments URL: https://news.ycombinator.com/item?id=48105297 Points: 7 # Comments: 1
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across
CSS & vertical rhythm for text, images, and tables
Comments
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.
Screenshots of Old Desktop OSes
Article URL: http://www.typewritten.org/Media/ Comments URL: https://news.ycombinator.com/item?id=48104428 Points: 176 # Comments: 48
Extremely Low Frequencies
Article URL: https://computer.rip/2026-05-09-extremely-low-frequencies.html Comments URL: https://news.ycombinator.com/item?id=48104041 Points: 76 # Comments: 2
Popular Go library fsnotify raises supply chain alarms after maintainer access changes
Comments
Extraordinary Ordinals
Comments
Software Internals Book Club
18 points, 1 comments on Hacker News
Fake building: Claude wrote 3k lines instead of import pywikibot
36 points, 18 comments on Hacker News
Claude Platform on AWS
57 points, 29 comments on Hacker News
They Live (1988) inspired Adblocker
48 points, 4 comments on Hacker News
Show HN: Safe-install – safer NPM installs with trusted build dependencies
In light of the ongoing npm supply chain compromises, I built safe-install: https://www.npmjs.com/package/@gkiely/safe-install It brings a couple of protections I wanted from npm but are not built in. Similar to Bun’s trusted dependencies, it lets you disable install scripts by default and define a list of dependencies that are allowed to run build/install scripts: https://bun.com/docs/guides/install/trusted It also supports blocking exotic sub-dependencies, similar to pnpm’s `blockExoticSubdeps` setting: https://gajus.com/blog/3-pnpm-settings-to-protect-yourself-f... I was hoping npm would eventually add something like this, but it does not seem to be happening soon, so I made a small package for it. Comments URL: https://news.ycombinator.com/item?id=48102636 Points: 10 # Comments: 1
AutoScout24 scales engineering with AI-powered workflows
Learn how AutoScout24 Group uses Codex and ChatGPT to speed development cycles, improve code quality, and expand AI adoption.
What Parameter Golf taught us about AI-assisted research
Parameter Golf brought together 1,000+ participants and 2,000+ submissions to explore AI-assisted machine learning research, coding agents, quantization, and novel model design under strict constraints.
How NVIDIA engineers and researchers build with Codex
Teams use Codex with GPT-5.5 to ship production systems and turn research ideas into runnable experiments.
An annotated digest of the 12th International Workshop on Plan 9
Comments
Cangjie, a New Open-Source Compiled Language with Native Effect Handlers and Algebraic Data Types
Prof. Dan Ghica, who leads the Programming Languages Lab at Huawei’s Edinburgh Research Centre, recently presented Cangjie (CJ), a new application development language that features algebraic data types and effect handlers. The open-sourced language is positioned as a counterpart to Java, Kotlin, or Swift. Cangjie is taught by 80+ universities in China. By Bruno Couriol
Zig vs Rust in 2026
Comments
Griffin PowerMate driver for modern macOS
56 points, 19 comments on Hacker News
Through the looking glass of benchmark hacking
Article URL: https://poolside.ai/blog/through-the-looking-glass Comments URL: https://news.ycombinator.com/item?id=48100868 Points: 14 # Comments: 3
The Cathedral, the Bazaar and the Kitchen
Comments
Postmortem: TanStack npm supply-chain compromise
623 points, 235 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles