hackernews

1. Supabase MCP can leak your entire SQL database Total comment counts : 71 Summary The Model Context Protocol (MCP) enables LLMs to interface with external tools but introduces risks, as demonstrated by an attack on Supabase. An attacker can exploit the integration to leak sensitive SQL data by submitting a crafted message that the AI assistant mistakenly interprets as a command, bypassing Row-Level Security (RLS). The AI assistant, holding elevated privileges, can execute SQL queries that reveal private information when a developer reviews support tickets....

1. Mercury: Ultra-fast language models based on diffusion Total comment counts : 49 Summary arXivLabs is a platform for developing and sharing new features on arXiv, promoting values of openness, community, excellence, and user data privacy. Collaborators must adhere to these principles. Interested in contributing? Details on project proposals are available. Additionally, users can receive status notifications via email or Slack. Top 1 Comment Summary The article discusses the growing concern about continuous integration (CI) bottlenecks as large language model (LLM) agents become more prevalent in coding....

1. Hidden interface controls that affect usability Total comment counts : 67 Summary Douglas Engelbart introduced the concept of “knowledge in the world” versus “knowledge in the head” in interface design, later popularized by Donald Norman. Knowledge in the world means controls are visible and easily identified, as seen in drop-down menus, enabling users to perform tasks without memorization. However, we are increasingly reverting to designs requiring significant knowledge in the head, especially with modern devices like smartphones....

1. Why I left my tech job to work on chronic pain Total comment counts : 52 Summary In winter 2020, the author began experiencing chronic pain that persisted for four years, affecting various body parts and disrupting their life. This painful journey led to crucial self-discovery and a commitment to help others understand and address chronic pain, which affects nearly 20% of Australian adults. The author left their tech job and home to create a writing series aimed at demystifying chronic pain, discussing its causes, impacts, and offering actionable recovery strategies grounded in modern pain science....

1. Introducing tmux-rs Total comment counts : 53 Summary Collin Richards has spent six months porting tmux from C to Rust, achieving a milestone where the codebase is now entirely (unsafe) Rust, increasing from ~67,000 lines of C to ~81,000 lines. Initially using the C2Rust transpiler, he found the generated code unmaintainable and reverted to manual translation for better clarity. Through this process, he improved his understanding of the original C project’s structure, altering the build process to better integrate Rust with C....

1. Exploiting the IKKO Activebuds “AI powered” earbuds (2024) Total comment counts : 31 Summary The author details their experience with a pair of earbuds that run Android and feature ChatGPT. Despite the appealing packaging, they note poor audio quality, which can be improved with custom EQ settings. The device has limited app options and lacks a browser for downloading additional software. However, it surprisingly maintains ADB accessibility, allowing sideloading of apps....

1. The Fed says this is a cube of $1M. They’re off by half a million Total comment counts : 105 Summary At the Federal Reserve Bank’s Money Museum, a cube claims to contain $1,000,000 in $1 bills. The author, skeptical of such displays, attempts to count the bills but struggles. In response, they created Dot Counter, a simple tool for counting items in photos. Upon evaluating the cube, the author finds it may actually contain $1,550,400 due to bundling inconsistencies....

1. The new skill in AI is not prompting, it’s context engineering Total comment counts : 113 Summary Context Engineering is an emerging concept in AI, shifting the focus from “prompt engineering” to a broader framework that emphasizes the quality of information provided to language models (LLMs). Tobi Lutke defines it as the art of supplying the necessary context for LLMs to solve tasks effectively. Success in AI agents increasingly depends not just on code complexity, but on the quality of context supplied, as agent failures often stem from inadequate context....

1. I made my VM think it has a CPU fan Total comment counts : 32 Summary Malware often checks for virtual machines by examining hardware components like the CPU fan, particularly through the Win32_Fan class in WMI. These checks complicate analysis for security researchers. The CPU fan presence is determined via SMBIOS data. To simulate a CPU fan in a virtual machine using Xen, users can set custom SMBIOS data but must adhere to specific documentation regarding which structures can be overridden....