Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Poland is now among the 20 largest economies. How it happened
Article URL: https://apnews.com/article/poland-economy-growth-g20-gdp-26fe06e120398410f8d773ba5661e7aa Comments URL: https://news.ycombinator.com/item?id=48062117 Points: 528 # Comments: 450
Running Codex safely at OpenAI
How OpenAI runs Codex securely with sandboxing, approvals, network policies, and agent-native telemetry to support safe and compliant coding agent adoption.
Hackers breach JDownloader's website to serve malware-laced downloads
Article URL: https://www.neowin.net/news/if-you-downloaded-this-popular-software-recently-you-might-have-installed-malware/ Comments URL: https://news.ycombinator.com/item?id=48062035 Points: 70 # Comments: 23
David Attenborough's 100th Birthday
315 points, 56 comments on Hacker News
Wii IP6 webserver
You have to add http:// to access the site it seems Comments
Cloudflare Launches “Artifacts” Beta, Introducing Git-Like Versioning for AI Agents
Cloudflare has announced the beta release of Artifacts, a new system designed to bring Git-style version control to AI agents, enabling developers to track, manage, and evolve agent-generated outputs with the same rigor as traditional code. By Craig Risi
Stop MITM on the first SSH connection, on any VPS or cloud provider
Comments
An Introduction to Meshtastic
Article URL: https://meshtastic.org/docs/introduction/ Comments URL: https://news.ycombinator.com/item?id=48061566 Points: 185 # Comments: 69
Eight More 8-bit Era Microprocessors (2024)
33 points, 7 comments on Hacker News
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. "QLNX targets developers and DevOps credentials across the software supply chain,"
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments. The dataset behind these findings includes 10 million monitored
building a web server in aarch64 assembly to give my life (a lack of) meaning
Comments
GeoJSON
Article URL: https://geojson.org/ Comments URL: https://news.ycombinator.com/item?id=48060918 Points: 93 # Comments: 43
What are you doing this weekend?
Feel free to tell what you plan on doing this weekend and even ask for help or feedback. Please keep in mind it’s more than OK to do nothing at all too!
Article: Implementing the Sidecar Pattern in Microservices-based ASP.NET Core Applications
Today's applications require monitoring, logging, configuration, etc. Each of these concerns can be implemented as a component or a service. These cross-cutting concerns can be tightly integrated into the application. While this tight coupling ensures effective use of shared resources, an outage in any of these components can take your application down. Enter the sidecar design pattern. By Joydip Kanjilal
Podcast: The AI Joy Gap: Why Some Developers Thrive While Others Struggle
In this podcast, Shane Hastie, Lead Editor for Culture & Methods, spoke to Michael Parker, VP of Engineering at TurinTech AI, about bringing joy back to software development in the AI era, the emerging role of "factory architects" who orchestrate AI agents rather than write code directly, and the cultural divide between AI hype and the reality developers face on legacy codebases. By Michael Parker
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.
Just Fucking Use React
Comments
Nullsoft, 1997-2004 (2004)
193 points, 62 comments on Hacker News
Ask HN: We just had an actual UUID v4 collision...
I know what you're thinking... and I still can't believe it, but... This morning, our database flagged a duplicate UUID (v4). I checked, thinking it may have been a double-insert bug or something, but no. The original UUID was from a record added in 2025 (about a year ago), and today the system inserted a new document with a fresh UUIDv4 and it came up with the exact same one: b6133fd6-70fe-4fe3-bed6-8ca8fc9386cd We're using this: https://www.npmjs.com/package/uuid I thought this is technically impossible, and it will never happen, and since we're not modifying the UUIDs in any way, I really wonder how that.... is possible!? We're literally only calling: import { v4 as uuidv4 } from "uuid"; const document_id = uuidv4(); ... and then insert into the database, that's it. Additionally, the database only has about 15.000 records, and now one collision. Statistically... impossible. Has that ever happened to anyone?! What in the... Comments URL: https://news.ycombinator.com/item?id=48060054
I hate soldering existentially
20 points, 18 comments on Hacker News
Phel v0.36.0 – Lisp on PHP, now with numeric tower and first-class Vars
31 points, 5 comments on Hacker News
ClojureScript Gets Async/Await
63 points, 16 comments on Hacker News
QBE – Compiler Back End
Article URL: https://c9x.me/compile/ Comments URL: https://news.ycombinator.com/item?id=48059633 Points: 53 # Comments: 10
Nintendo announces price increases for Nintendo Switch 2
18 points, 12 comments on Hacker News
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers
dBase: 1979-2026
21 points, 6 comments on Hacker News
Blaise – A modern self-hosting zero-legacy Object Pascal compiler targeting QBE
48 points, 16 comments on Hacker News
Digging into Drama at the Document Foundation
Article URL: https://lwn.net/Articles/1066418/ Comments URL: https://news.ycombinator.com/item?id=48058337 Points: 32 # Comments: 3
Guitar tuner that uses phone accelerometer
17 points, 8 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles