hackernews

1. Claude Cowork Exfiltrates Files Total comment counts : 16 Summary Researchers reveal a file-exfiltration vulnerability in Claude Cowork, exploiting unresolved isolation flaws in Claude’s code-execution VM. By uploading a seemingly innocuous file (e.g., a .docx masquerading as a Skill) containing a hidden prompt injection, a user’s Cowork session can trigger the agent to upload confidential files to the attacker’s Anthropic account via an allowed API call. The exfiltration happens despite strict outbound restrictions, retrieving data such as financial figures and partial SSNs....

1. The Tulip Creative Computer Total comment counts : 17 Summary Tulip Creative Computer (Tulip CC) is a portable, low‑power self‑contained computer with a touchscreen and built‑in sound, fully programmable in MicroPython. It boots directly to a Python prompt with built‑in support for music synthesis (AMY with 120 oscillators and stereo), fast graphics and text, MIDI in/out, networking, and sensors. Open source hardware/software on ESP32‑S3 (ESP‑IDF); runs on hardware, the web, or Tulip Desktop....

1. Cowork: Claude Code for the rest of your work Total comment counts : 35 Summary Claude Code led developers to use Claude for coding; now Cowork offers a simpler way for anyone to work with Claude. Available as a research preview to Claude Max subscribers on macOS, Cowork lets Claude access a folder to read, edit, or create files, reorganize data, draft reports, or build documents. It acts with more agency, planning and executing tasks while you stay in the loop, and supports parallel work....

1. The struggle of resizing windows on macOS Tahoe Total comment counts : 20 Summary macOS Tahoe’s oversized window corners are a usability issue. Resizing relies on a 19×19-pixel hit area at the corner, but Tahoe’s large radius leaves about 75% of that area outside the window (only ~25% inside, vs 62% inside without rounding). As a result, initial clicks near the corner often don’t resize, forcing users to grab outside the corner—an unnatural, error-prone gesture....

1. Open Chaos: A self-evolving open-source project Total comment counts : 19 Summary This appears to be a GitHub PR loading screen, showing “until next merge” and “Loading PRs… View on GitHub.” It mainly credits a long list of contributors by their handles, including yokeTH, wvanlit, BetonZM, bpottle, FelixLttks, matthewmayer, Mad182, Dart120, julian9499, addshore, fccview, amanbabuhemant, antonmyrberg, ksurya, henryivesjones, Kl0ven, kouta-kun, prakashsellathurai, and bigintersmind. Overall Comments Summary Main point: The discussion analyzes GitConsensus and ScreepsQuorum as an open-source, participatory governance/automation experiment where a community builds and runs features via a website and GitHub PRs, compared to “Twitch plays” for GitHub....

1. Show HN: I made a memory game to teach you to play piano by ear Total comment counts : 44 Summary error Overall Comments Summary Main point: Feedback on a piano ear-training game shows broad enthusiasm for the concept but notable concerns about usability, pacing, and missing features. Concern: If left unaddressed, the app could frustrate learners by turning practice into a memory challenge and fail to teach ear training effectively....

1. How to Code Claude Code in 200 Lines of Code Total comment counts : 19 Summary AI coding assistants aren’t magic—they’re a ~200-line Python loop: an LLM plus a tiny toolbox that runs code. The core uses three tools (read_file, edit_file, list_dir) plus a dynamic tool registry inferred from function signatures and docstrings. A system prompt declares the tools; a wrapper detects tool: lines and executes them, feeding results back....

1. Tailscale state file encryption no longer enabled by default Total comment counts : 10 Summary The update notes announce new releases for Tailscale’s container image, Kubernetes Operator, and tsrecorder, with download links from Docker Hub and GitHub packages. Installation and updating guidance is available in the official instructions. Several releases note only library updates or release-candidate status (e.g., v1.92.0, 1.90.0). A general note says most users don’t need firewall changes; see the firewall ports guide for details....

1. Spherical Snake Total comment counts : 36 Summary Post-game screen showing Score: 0, with “Good game! Play again?” It instructs players to use the arrow keys or on-screen buttons to play and notes that the source code is available on GitHub. Overall Comments Summary Main point: The discussion centers on a spherical snake game prototype, seeking feedback on its core concept, controls, and potential feature additions. Concern: Key worries include mobile control responsiveness and accessibility, viewport/zoom issues on mobile browsers, and pacing or balance as the game progresses....

1. There were BGP anomalies during the Venezuela blackout Total comment counts : 8 Summary The Low Orbit Security Radar analyzes Venezuela’s outages through an offensive-security lens. Cloudflare Radar data on Jan 2 showed eight prefixes from AS8048 (CANTV) routed unusually via Sparkle and GlobeNet. The AS path was repeatedly prepended with AS8048 (ten times), and all eight prefixes fall in 200.74.224.0/20, owned by Dayco Telecom in Caracas. RIPE MRT data processed with bgpdump reveal broader details and infrastructure....