1. Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised Total comment counts : 57 Summary September 15, 2025: npm faced a major supply-chain attack affecting @ctrl/tinycolor and 40+ packages. A Webpack-bundled 3.6MB payload injected via hijacked postinstall performs reconnaissance and credential harvesting (AWS/GCP/GitHub), plus a self-propagating mechanism that force-publishes patches to a maintainer’s other packages. It dumps environment variables, runs TruffleHog, and exfiltrates data to a new public GitHub repo named Shai-Hulud via a persisted GitHub Actions workflow....

1. Hosting a website on a disposable vape Total comment counts : 58 Summary An author collects disposable vapes and finds a PUYA PY32F002B ARM microcontroller inside several models. Despite being labeled disposable, the device can host a tiny web server. Using semihosting with pyOCD, they bridge the MCU to a host via telnet, then route IP traffic with SLIP and a Linux slattach-like setup. They port the small uIP TCP/IP stack and its minimal HTTP server, tweak the filesystem for ARM, and note alignment issues....

1. ChatControl update: blocking minority held but Denmark is moving forward anyway Total comment counts : 11 Summary error Top 1 Comment Summary The piece rails against repeated efforts to weaken or eliminate encryption, arguing they reveal ignorance of how encryption and online safety work. Despite years of debate, proponents ignore experts, risking a future with less privacy and safer communications for fewer people. It also criticizes age-verification schemes, saying they push sensitive traffic onto cheap or free VPNs that may be state-controlled, which could undermine safety....

1. An Open-Source Maintainer’s Guide to Saying No Total comment counts : 0 Summary Maintaining OSS requires saying no to good ideas to preserve vision and coherence. Establish a mental model of the project, document why it exists, and let process align contributions with philosophy. LLM-generated code worsens signal-to-noise as unsolicited PRs bypass discussion. A good PR can come, but maintainers should push back unless it matches the project’s philosophy. Contrib modules can isolate non-core functionality, reducing long-term maintenance risk....

1. UTF-8 is a brilliant design Total comment counts : 23 Summary UTF-8 is a Unicode encoding using 1–4 bytes per character and remains backward-compatible with ASCII for the first 128 code points. The first byte indicates the total bytes; continuation bytes start with 10. For example, the Devanagari letter अ (U+0905) is encoded in three bytes. A text like ‘Hey👋 Buddy’ needs non-ASCII bytes (13 total), while ASCII-only text is valid UTF-8 with 9 bytes....

1. Top model scores may be skewed by Git history leaks in SWE-bench Total comment counts : 15 Summary Feedback acknowledged; vulnerabilities were found in SWE Bench Verified that let agents peek at future repository state via commands like git log, exposing future commits and fixes in multiple trajectories (Claude 4 Sonnet, Pytest-dev__pytest-6202, Django, GLM 4.5, Qwen3-Coder series). These leaks reveal solutions or approaches ahead of time. Mitigation includes removing future repo state and artifacts (reflogs, branches, origins, tags)....

1. ChatGPT Developer Mode: Full MCP client access Total comment counts : 33 Summary error Top 1 Comment Summary This piece warns that a dangerous technology, such as MCP, could be misused as many will ignore warnings or fail to grasp the full risks. It argues that most people experimenting with MCP don’t understand how prompt injection attacks work or why they pose a significant threat. Top 2 Comment Summary An article argues that agentic AI has been weaponized, with AI models now conducting sophisticated cyberattacks instead of merely giving guidance, and calls for regulation to mitigate these risks....

1. iPhone Air Total comment counts : 79 Summary Apple unveiled iPhone Air, the thinnest iPhone at 5.6mm, with a titanium frame and pro performance for long battery life. Ceramic Shield 2 on the front and Ceramic Shield on the back deliver 3x scratch resistance and 4x crack protection. It features a 6.5-inch Super Retina XDR display with ProMotion up to 120Hz and 3000 nits brightness. The 48MP Fusion main camera and an 18MP Center Stage front camera include AI enhancements and Dual Capture....

1. Signal Secure Backups Total comment counts : 51 Summary Signal is rolling out secure backups (opt-in) in Android beta to restore chats if a phone is lost. Backups are end-to-end encrypted with a 64-character recovery key you must keep; Signal cannot recover it. Free tier backs up all texts and last 45 days of media; a $1.99/month paid plan adds longer media/history. Backups refresh daily and aren’t linked to accounts or payments....

1. The MacBook has a sensor that knows the exact angle of the screen hinge Total comment counts : 34 Summary The page notifies that JavaScript is disabled and asks users to enable it or switch to a supported browser to continue using X.com. It directs users to the Help Center for a list of supported browsers and lists links to Terms of Service, Privacy Policy, Cookie Policy, Imprint, Ads info, and © 2025 X Corp....