Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Can LLMs model real-world systems in TLA+?
48 points, 6 comments on Hacker News
Show HN: GETadb.com – every GET request creates a DB
Hey HN! We made GETadb.com, so it's easier to get agents to build you full stack apps. You don't need to give them any credentials. Just by loading a GET request, they get access to a database, a sync engine, and abstractions for auth, presence, and streams. To see what the agent sees, you can load https://getadb.com/new There's two fun things about how it's implemented: 1. If you curl the home page, it the agent content rather than human content. We do this by detecting the 'Sec-Fetch-Mode' header. It's not perfect, but gets the job done for Claude Code et al. 2. For an agent to spin up an app, they make _two_ fethes. (1) getadb.com/guide tells them to generate a uuid, and fetch (2) getadb.com/provision/. We did this, because just about half of the popular web-based app builders cache URLs globally, even if you return no-store headers. To get around this we just instruct the agent to generate unique URLs You may wonder: Why GET requests, rather than POST requests? It's because then yo
Lakebase architecture delivers faster Postgres writes
79 points, 21 comments on Hacker News
The `Sync` bound nobody asked for
Comments
Serving a Website on a Raspberry Pi Zero Running in RAM
Article URL: https://btxx.org/posts/memory/ Comments URL: https://news.ycombinator.com/item?id=48064312 Points: 32 # Comments: 7
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over
How researchers are using GitHub Innovation Graph data to reveal the “digital complexity” of nations
Researchers share in an interview how they used GitHub data to predict GDP, inequality, and emissions in ways that traditional economic data misses, along with our Q4 2025 data release. The post How researchers are using GitHub Innovation Graph data to reveal the “digital complexity” of nations appeared first on The GitHub Blog.
How GitHub Is Securing Agentic Workflows in Modern CI CD Systems
GitHub detailed a defense-in-depth security architecture for agentic workflows in CI/CD pipelines, focusing on isolation, constrained execution, and auditability. The design aims to safely integrate autonomous AI agents while mitigating risks like prompt injection, privilege escalation, and unintended actions, using sandboxed environments, restricted permissions, and full execution traceability. By Leela Kumili
Show HN: Git for AI Agents
hi guys. been working on something i think is fundamentally missing in today's workflow with ai agents. vcs. i find myself struggling with questions that agents can't answer like "why did you do it?", "when did u delete this folder? why?", etc. or trying to /rewind (after a /compact...) or basically `bisect` to find when and why something was done by the agent in the current / previous session. just like git did for code, i think we are the same core capabilities with ai agents so... i developed an open source solution for that (currently supporting claude code) would love to get feedback, contribution or maybe other ideas or solutions you find for those problems. Comments URL: https://news.ycombinator.com/item?id=48063548 Points: 21 # Comments: 12
PC Engine CPU
Article URL: https://jsgroth.dev/blog/posts/pc-engine-cpu/ Comments URL: https://news.ycombinator.com/item?id=48063521 Points: 45 # Comments: 5
Tesla is recalling its cheaper Cybertruck because the wheels might fall off
Article URL: https://www.theverge.com/transportation/926741/tesla-cybertruck-cheaper-recall Comments URL: https://news.ycombinator.com/item?id=48063240 Points: 131 # Comments: 125
Google Cloud Fraud Defence is just WEI repackaged
Article URL: https://privatecaptcha.com/blog/google-cloud-fraud-defence-wei/ Comments URL: https://news.ycombinator.com/item?id=48063199 Points: 54 # Comments: 15
The Boring Part of Bell Labs (2025)
6 points, 0 comments on Hacker News
Just Fucking Use Go
Comments
Presentation: Leadership in AI-Assisted Engineering
Justin Reock discusses the reality of AI’s impact on engineering, moving past anecdotes to hard data from DORA and DX research. He explains the "GenAI Divide" - where 95% of pilots fail - and shares how leaders can use the SPACE and Core 4 frameworks to measure true ROI. He explains how to balance speed with quality, reduce developer fear, and apply agentic solutions across the entire SDLC. By Justin Reock
A web page that shows you everything the browser told it without asking
Article URL: https://sinceyouarrived.world/taken Comments URL: https://news.ycombinator.com/item?id=48062178 Points: 99 # Comments: 58
Poland is now among the 20 largest economies. How it happened
Article URL: https://apnews.com/article/poland-economy-growth-g20-gdp-26fe06e120398410f8d773ba5661e7aa Comments URL: https://news.ycombinator.com/item?id=48062117 Points: 528 # Comments: 450
Running Codex safely at OpenAI
How OpenAI runs Codex securely with sandboxing, approvals, network policies, and agent-native telemetry to support safe and compliant coding agent adoption.
Hackers breach JDownloader's website to serve malware-laced downloads
Article URL: https://www.neowin.net/news/if-you-downloaded-this-popular-software-recently-you-might-have-installed-malware/ Comments URL: https://news.ycombinator.com/item?id=48062035 Points: 70 # Comments: 23
David Attenborough's 100th Birthday
315 points, 56 comments on Hacker News
Wii IP6 webserver
You have to add http:// to access the site it seems Comments
Cloudflare Launches “Artifacts” Beta, Introducing Git-Like Versioning for AI Agents
Cloudflare has announced the beta release of Artifacts, a new system designed to bring Git-style version control to AI agents, enabling developers to track, manage, and evolve agent-generated outputs with the same rigor as traditional code. By Craig Risi
Stop MITM on the first SSH connection, on any VPS or cloud provider
Comments
An Introduction to Meshtastic
Article URL: https://meshtastic.org/docs/introduction/ Comments URL: https://news.ycombinator.com/item?id=48061566 Points: 185 # Comments: 69
Eight More 8-bit Era Microprocessors (2024)
33 points, 7 comments on Hacker News
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. "QLNX targets developers and DevOps credentials across the software supply chain,"
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments. The dataset behind these findings includes 10 million monitored
building a web server in aarch64 assembly to give my life (a lack of) meaning
Comments
GeoJSON
Article URL: https://geojson.org/ Comments URL: https://news.ycombinator.com/item?id=48060918 Points: 93 # Comments: 43
What are you doing this weekend?
Feel free to tell what you plan on doing this weekend and even ask for help or feedback. Please keep in mind it’s more than OK to do nothing at all too!
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles