hackernews

1. Malicious versions of Nx and some supporting plugins were published Total comment counts : 45 Summary An incident where malicious nx versions and related packages were published to npm, containing a postinstall script that scanned the user’s filesystem, collected credentials, and posted them to a GitHub repo tied to the user. The script also altered .zshrc/.bashrc to run a shutdown command. An npm publish token was compromised. After detection, npm removed the affected versions and tokens, and later all Nx packages were restricted to 2FA and switched to a Trusted Publisher mechanism that does not use npm tokens....

1. Claude for Chrome Total comment counts : 50 Summary Anthropic is piloting Claude for Chrome to work directly in browsers, starting with 1,000 Max plan users via a controlled test and a waitlist. They view browser-enabled AI as inevitable but require stronger safety safeguards. In red-team tests, prompt injection attacks—where malicious content manipulates actions—showed a 23.6% success rate without mitigations across 123 test cases and 29 scenarios; a malicious email could trigger mass deletion....

1. Google’s Liquid Cooling Total comment counts : 6 Summary Liquid cooling is expanding from PC enthusiasts to datacenters, driven by AI’s power demands. Google highlights a datacenter-scale water loop for TPUs: CDUs (Coolant Distribution Units) in racks, two non-mixing liquid circuits, heat transferred via split-flow cold plates; TPUv4 uses bare-die for higher heat transfer. Liquid cooling cuts cooling power consumption (pumps use <5% of air-based fan power). In datacenters, maintenance is managed with no downtime via extra CDUs, extensive leak testing, alerts, and scheduled checks....

1. Looking back at my transition from Windows to Linux in an anti-customer age Total comment counts : 2 Summary An IT professional recounts his switch from Windows to Linux, driven by Windows 11 policies and a broader shift to subscription software. After years of attempted Linux use, he now runs entirely on Linux for two years, despite persistent pain points, and questions continuing support for Windows. He cites OneDrive data moves, hostile design, and a feudal trend as reasons to reclaim ownership and control....

1. Static sites with Python, uv, Caddy, and Docker Total comment counts : 6 Summary The author uses uv to manage Python executables and builds multiple static sites (some Python-based) with a Docker multi-stage workflow, serving them via Caddy. Stage 1 uses an Astral/uv Debian image, sets /src, copies the repo, installs dependencies, and builds the site to /src/output using sus. Stage 2 switches to a Caddy image, copies the Caddyfile, and copies /src/output into /srv for serving....

1. Nitro: A tiny but flexible init system and process supervisor Total comment counts : 0 Summary Nitro is a tiny process supervisor that can run as pid 1 on Linux. It’s configured by a directory of scripts (default /etc/nitro). Each service dir can contain a run script; dirs ending with @ are ignored, but parametrized services can be addressed via symlinks or nitroctl. Lifecycle: up first runs SYS/setup, then brings up other services; on exit, services restart (with a possible 2s delay)....

1. AI tooling must be disclosed for contributions Total comment counts : 24 Summary The text emphasizes taking user feedback seriously while noting frequent loading errors. It discusses AI use in development: AI can help, but contributors should disclose AI involvement to help maintainers judge review effort; transparency is valued. The author supports AI tooling but urges responsible use and human review, even joking that a PR wasn’t AI-generated. It advocates PR templates with checklists (e....

1. Show HN: I was curious about spherical helix, ended up making this visualization Total comment counts : 58 Summary Summary: The article explains moving objects in 3D space using parametric equations—x(t), y(t), z(t)—to define position over time. It starts with simple oscillations along axes via cos and sin, producing shapes like a circle in the xy-plane, and then builds a spiral by letting the radius grow with time. A z component adds depth, producing a helix....

1. How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos Total comment counts : 29 Summary Kudelski Security’s blog details how researchers gained remote code execution on CodeRabbit’s production servers, leaked API tokens, accessed PostgreSQL, and obtained read/write access to about 1 million code repositories (including private ones). The write-up, released after Black Hat USA, explains how these vulnerabilities manifested and how CodeRabbit quickly remediated the issues in January 2025....

1. Show HN: Whispering – Open-source, local-first dictation you can trust Total comment counts : 18 Summary The text says feedback is read and taken seriously, directs users to documentation for available qualifiers, and notes repeated loading errors that require the page to be reloaded. Top 1 Comment Summary The writer is looking for a tool like this, has tried Whisprflow and Aqua Voice, wants to use their own API key and store more context locally, and asks how data is stored and how to access it....