Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: http Clear Filter

Critical Cache Poisoning Vulnerability in Dnsmasq

news.ycombinator.com Unknown 2025-11-11 02:56:47

[Dnsmasq-discuss] [Security Report] Critical Cache Poisoning Vulnerability in Dnsmasq Dear Dnsmasq Security Team, We would like to responsibly disclose a critical cache poisoning vulnerability affecting the Dnsmasq DNS software. The issue allows attackers to inject arbitrary malicious DNS resource records and poison domain names without requiring advanced techniques, only by leveraging a single special character. Report Summary Vulnerability Type: Logic flaw in cache poisoning defense Affected

Topics: attack cache dnsmasq https poisoning
Read More
Shop Amazon

Show HN: unsafehttp – tiny web server from scratch in C, running on an orange pi

news.ycombinator.com Unknown 2025-11-13 15:46:15

Unsafe HTTP unsafehttp is an extremely minimal HTTP server written in C from scratch, to practice C, *nix socket programming, and C compilation. It just served this webpage to you! Yes, that's a marquee tag. Backward-compatibility is a beautiful thing. You can find the source here. Hosting It's running on a tiny Orange Pi SBC in my office: There's no HTTP proxy between you, just a port-forward through my VPS. You're connect ing right to the socket that the code is accept ing on. Fun Stuff

Topics: fun http just request server
Read More
Shop Amazon

HTTP/1.1 must die: the desync endgame

news.ycombinator.com Unknown 2025-11-15 06:27:18

HTTP/1.1 must die: the desync endgame James Kettle Director of Research @albinowax Published: 06 August 2025 at 22:20 UTC Updated: 12 August 2025 at 09:50 UTC Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This paper introduces several novel classes of HTTP desync attack capable of mass compromise of user credentials. These techniques are demo

Topics: end host http redacted request
Read More
Shop Amazon

Show HN: I built a free alternative to Adobe Acrobat PDF viewer

news.ycombinator.com Unknown 2025-11-17 23:34:46

EmbedPDF Open‑Source JavaScript PDF Viewer EmbedPDF is a framework‑agnostic, MIT‑licensed PDF viewer that drops into any JavaScript project. Whether you build with React, Vue, Svelte, Preact, or vanilla JS, EmbedPDF delivers a smooth, modern reading experience and a clean developer API. 📚 Documentation Full docs, installation guides, API reference, and examples: 👉 https://www.embedpdf.com 🚀 Live Demo Try it now — load your own PDF or use the sample: 👉 https://app.embedpdf.com ✨ Features

Topics: api embedpdf https license pdf
Read More
Shop Amazon

Open Lovable

news.ycombinator.com Unknown 2025-11-27 04:10:54

Chat with AI to build React apps instantly. # Required E2B_API_KEY = your_e2b_api_key # Get from https://e2b.dev (Sandboxes) FIRECRAWL_API_KEY = your_firecrawl_api_key # Get from https://firecrawl.dev (Web scraping) # Optional (need at least one AI provider) ANTHROPIC_API_KEY = your_anthropic_api_key # Get from https://console.anthropic.com OPENAI_API_KEY = your_openai_api_key # Get from https://platform.openai.com (GPT-5) GROQ_API_KEY = your_groq_api_key # Get from https://console.groq.com (Fa

Topics: ai com console dev https
Read More
Shop Amazon

Debugging a mysterious HTTP streaming issue

news.ycombinator.com Unknown 2025-11-23 00:37:24

The Problem We recently encountered a frustrating issue with HTTP response streaming at Mintlify. Our system uses the AI SDK with the Node stream API to forward streams, and suddenly things stopped working properly. The symptoms were confusing: streaming worked perfectly with cURL and Postman, but failed completely with node-fetch and browser fetch. ‍ Initial Investigation Our first hypothesis centered around stream compatibility issues. We suspected the problem might be related to how the AI

Topics: cloudflare curl http response streaming
Read More
Shop Amazon

Ditching GitHub

news.ycombinator.com Unknown 2025-12-01 21:18:40

This is going to be some sort of a public service announcement, with side notes. This has been brewing for a long, long time (years), it’s just that I never seemed to have the focus time required to solve this once and for all. But now I decided to get moving, and it is already ongoing. If you are among those few with an interest in code I publish, do read on. What? I am moving all of my public source code repositories off of GitHub. My ambition is to completely end my own usage of GitHub, in

Topics: code git github https time
Read More
Shop Amazon

Realizing we needed two sorts of alerts for our temperature monitoring

news.ycombinator.com Unknown 2025-12-01 02:47:02

You're using a tool with a too-generic User-Agent You're probably reading this page because you've attempted to access some part of my blog (Wandering Thoughts) or CSpace, the wiki thing it's part of. Unfortunately whatever you're using to do so has a HTTP User-Agent header value that is too generic or otherwise excessively suspicious. Unfortunately, as of early 2025 there's a plague of high volume crawlers (apparently in part to gather data for LLM training) that behave like this. To reduce th

Topics: agent generic http user using
Read More
Shop Amazon

Consider using Zstandard and/or LZ4 instead of Deflate

news.ycombinator.com Unknown 2025-12-07 06:18:37

One of the issues we have with .PNG is slow read/write times. There are now new lossless open source codecs without patent concerns, such as Zstandard (maintained by Facebook) or LZ4: https://facebook.github.io/zstd/ https://github.com/lz4/lz4 Zstandard is used by the new Khronos KTX2 GPU texture format specification. I propose that it be added as an option to a future version of .PNG. The possible speedups are quite significant, and for users that read and write a lot of .PNG's as part of th

Topics: codecs github https lz4 png
Read More
Shop Amazon

People still use our old-fashioned Unix login servers

news.ycombinator.com Unknown 2025-12-07 03:10:01

You're using a tool with a too-generic User-Agent You're probably reading this page because you've attempted to access some part of my blog (Wandering Thoughts) or CSpace, the wiki thing it's part of. Unfortunately whatever you're using to do so has a HTTP User-Agent header value that is too generic or otherwise excessively suspicious. Unfortunately, as of early 2025 there's a plague of high volume crawlers (apparently in part to gather data for LLM training) that behave like this. To reduce th

Topics: agent generic http user using
Read More
Shop Amazon

Ask HN: Who is hiring? (August 2025)

news.ycombinator.com Unknown 2025-12-12 09:00:05

Please state the location and include REMOTE for remote work, REMOTE (US) or similar if the country is restricted, and ONSITE when remote work isan option. Please only post if you personally are part of the hiring company—no recruiting firms or job boards. One post per company. If it isn't a household name, explain what your company does. Please only post if you are actively filling a position and are committed to responding to applicants. Commenters: please don't reply to job posts to compla

Topics: com github https io remote
Read More
Shop Amazon

GPT-5 is already (ostensibly) available via API

news.ycombinator.com Unknown 2025-12-13 00:13:33

Using the model gpt-5-bench-chatcompletions-gpt41-api-ev3 via the Chat Completions API will give you what is supposedly GPT-5. Conjecture: The "gpt41-api" portion of the name suggests that there's new functionality to this model that will require new API parameters or calls, and that this particular version of the model is adapted to the GPT-4.1 API for backwards compatibility. Here you can see me using it via curl : https://preview.redd.it/glxute607egf1.png?width=1181&format=png&auto=webp&s=

Topics: api gpt https model png
Read More
Shop Amazon

Launch HN: Societies.io (YC W25) – AI simulations of your target audience

news.ycombinator.com Unknown 2025-12-13 05:13:12

Hi HN, we’re Patrick and James! Artificial Societies ( https://societies.io ) lets you simulate your target audience so you can test marketing, messaging and content before you launch them. Here’s a quick product demo: https://www.loom.com/share/c0ce8ab860c044c586c13a24b6c9b391?... Marketers always say that half their spend will be wasted - they just don’t know which half. Real-world experiments help, but they’re too slow and expensive to run at scale. So, we’re building simulations that let y

Topics: https personas simulations social ve
Read More
Shop Amazon

Nova: A New Web Framework for Erlang

news.ycombinator.com Unknown 2025-12-16 02:06:16

Hi Hacker News community, I'm excited to share Nova, a new web framework built for Erlang, designed to make web development in Erlang simpler, faster, and more approachable. Nova leverages Erlang's concurrency, reliability, and scalability to create a robust yet lightweight framework for building modern web applications. Key features: * Lightweight and modular: Easy to integrate with existing Erlang projects. * Built for concurrency: Harnesses Erlang's actor model for high-performance web ap

Topics: erlang framework https nova web
Read More
Shop Amazon

Crush: Glamourous AI coding agent for your favourite terminal

news.ycombinator.com Unknown 2025-12-18 00:18:14

Crush Your new coding bestie, now available in your favourite terminal. Your tools, your code, and your workflows, wired into your LLM of choice. Features Multi-Model: choose from a wide range of LLMs or add your own via OpenAI- or Anthropic-compatible APIs choose from a wide range of LLMs or add your own via OpenAI- or Anthropic-compatible APIs Flexible: switch LLMs mid-session while preserving context switch LLMs mid-session while preserving context Session-Based: maintain multiple w

Topics: anthropic charm crush https openai
Read More
Shop Amazon

Making Libcurl Work in WebAssembly

news.ycombinator.com Unknown 2025-12-18 21:09:27

29 Jul, 2025 TLDR: we explain how to make libcurl based applications work in webassembly without changes by tunneling all traffic over a websocket proxy. For a quick demo, check out https://github.com/r-wasm/ws-proxy Porting R to WebAssembly Webr is a port of the R language and its package ecosystem to WebAssembly. Many R packages rely on well-known C/C++ libraries to do the heavy lifting, and fortunately most of these libraries can be built with emscripten without too much trouble. However

Topics: https proxy server socks5 websockify
Read More
Shop Amazon

Launch HN: Hyprnote (YC S25) – An open-source AI meeting notetaker

news.ycombinator.com Unknown 2025-12-21 02:24:08

Hi HN! We're Yujong, John, Duck, and Sung from Hyprnote ( https://hyprnote.com ). We're building an open-source, privacy-first AI note-taking app that runs fully on-device. Think of it as an open-source Granola. No Zoom bots, no cloud APIs, no data ever leaves your machine. Source code: https://github.com/fastrepl/hyprnote Demo video: https://hyprnote.com/demo We built Hyprnote because some of our friends told us that their companies banned certain meeting notetakers due to data concerns, or t

Topics: com fastrepl github https hyprnote
Read More
Shop Amazon

Why I write recursive descent parsers, despite their issues (2020)

news.ycombinator.com Unknown 2025-12-20 05:07:42

You're using a tool with a too-generic User-Agent You're probably reading this page because you've attempted to access some part of my blog (Wandering Thoughts) or CSpace, the wiki thing it's part of. Unfortunately whatever you're using to do so has a HTTP User-Agent header value that is too generic or otherwise excessively suspicious. Unfortunately, as of early 2025 there's a plague of high volume crawlers (apparently in part to gather data for LLM training) that behave like this. To reduce th

Topics: agent generic http user using
Read More
Shop Amazon

Multiplex: Command-Line Process Mutliplexer

news.ycombinator.com Unknown 2025-12-25 02:18:10

.__ __ .__ .__ _____ __ __| |_/ |_|__|_____ | | ____ ___ ___ / \| | \ |\ __\ \____ \| | _/ __ \\ \/ / | Y Y \ | / |_| | | | |_> > |_\ ___/ > < |__|_| /____/|____/__| |__| __/|____/\___ >__/\_ \ \/ |__| \/ \/ Multiplex is a command-line multiplexer along with a simple Python API to run multiple processes in parallel and stop them all at once, or based on some condition. Multiplex will gracefully shutdown child processes, and multiplex their output and error streams to stdout and stderr in a way

Topics: examples http multiplex process server
Read More
Shop Amazon

Getting decent error reports in Bash when you're using 'set -e'

news.ycombinator.com Unknown 2025-12-21 11:40:27

You're using a tool with a too-generic User-Agent You're probably reading this page because you've attempted to access some part of my blog (Wandering Thoughts) or CSpace, the wiki thing it's part of. Unfortunately whatever you're using to do so has a HTTP User-Agent header value that is too generic or otherwise excessively suspicious. Unfortunately, as of early 2025 there's a plague of high volume crawlers (apparently in part to gather data for LLM training) that behave like this. To reduce th

Topics: agent generic http user using
Read More
Shop Amazon

Checklists are hard, but still a good thing

news.ycombinator.com Unknown 2025-12-26 23:51:15

You're using a tool with a too-generic User-Agent You're probably reading this page because you've attempted to access some part of my blog (Wandering Thoughts) or CSpace, the wiki thing it's part of. Unfortunately whatever you're using to do so has a HTTP User-Agent header value that is too generic or otherwise excessively suspicious. Unfortunately, as of early 2025 there's a plague of high volume crawlers (apparently in part to gather data for LLM training) that behave like this. To reduce th

Topics: agent generic http user using
Read More
Shop Amazon

Checklists are hard (but still a good thing)

news.ycombinator.com Unknown 2025-12-27 17:51:15

You're using a tool with a too-generic User-Agent You're probably reading this page because you've attempted to access some part of my blog (Wandering Thoughts) or CSpace, the wiki thing it's part of. Unfortunately whatever you're using to do so has a HTTP User-Agent header value that is too generic or otherwise excessively suspicious. Unfortunately, as of early 2025 there's a plague of high volume crawlers (apparently in part to gather data for LLM training) that behave like this. To reduce th

Topics: agent generic http user using
Read More
Shop Amazon

Manticore Search: Fast, efficient, drop-in replacement for Elasticsearch

news.ycombinator.com Unknown 2026-01-01 11:23:49

Easy to use open source fast database for search Manticore Search is an easy-to-use, open-source, and fast database designed for search. It is a great alternative to Elasticsearch. Introduction ❗Read recent blog post about Manticore vs Elasticsearch❗ What distinguishes it from other solutions is: It's very fast and therefore more cost-efficient than alternatives, for example Manticore is: 182x faster than MySQL for small data (reproducible❗) 29x faster than Elasticsearch for log analytics (

Topics: data docker https manticore search
Read More
Shop Amazon

Fun with gzip bombs and email clients

news.ycombinator.com Mike Cardwell 2026-01-02 18:58:23

Gzip/Zip bombs have been a thing for decades. Lets create a 10MB gzip file which decompresses to 10GB: dd if =/dev/zero bs =1G count =10 | gzip > 10gb.gz This is called a Gzip bomb, because when it is decompressed, it blows up to a much larger size (~1000 larger). Add it your website document root and configure Nginx to serve it up as an image, with gzip Content-Encoding: location /10gb.png { default_type image/png; add_header Content-Encoding gzip; try_files /10gb.gz = 404 ; } An HTTP clien

Topics: 10gb https img png src
Read More
Shop Amazon

Show HN: A word of the day that doesn't suck

news.ycombinator.com Unknown 2026-01-03 10:31:24

I’ve long thought that the Word of the Day was a wasted genre. The goal should be to give you words you can use; to enrich your understanding of words you already know; or at least to use words to tell you something neat about the world. Instead, what you usually get is words that will never be used in conversation, held up as curios. Some examples from Dictionary.com’s daily email: thewless, balladmonger, vagility, contextomy. These words are... not useful. I’ve always thought I could do bett

Topics: day dictionary https word words
Read More
Shop Amazon

Reverse Proxy Deep Dive: Why HTTP Parsing at the Edge Is Harder Than It Looks

news.ycombinator.com Mitendra Mahto 2026-01-03 20:47:33

In Part 1 of this series, we explored a high-level overview of reverse proxies and dived deep into connection management. This post shifts our focus to the intricate world of HTTP handling within a reverse proxy. Deep Dive into HTTP Handling At a high level, the HTTP workflow from a proxy’s perspective might seem straightforward: Receive the request from the client Parse and sanitize the request Uses different requst metadata (path, headers, cookies) to select an upstream host Manipulates the

Topics: headers http proxies proxy request
Read More
Shop Amazon

New CrushFTP zero-day exploited in attacks to hijack servers

bleepingcomputer.com Unknown 2026-01-07 04:24:29

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP is an enterprise file transfer server used by organizations to securely share and manage files over FTP, SFTP, HTTP/S, and other protocols. According to CrushFTP, threat actors were first detected exploiting the vulnerability on July 18th at 9AM CST, though it may have begun

Topics: crushftp default http prior vulnerability
Read More
Shop Amazon

CrushFTP zero-day exploited in attacks to gain admin access on servers

bleepingcomputer.com Unknown 2026-01-07 16:24:29

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP is an enterprise file transfer server used by organizations to securely share and manage files over FTP, SFTP, HTTP/S, and other protocols. According to CrushFTP, threat actors were first detected exploiting the vulnerability on July 18th at 9AM CST, though it may have begun

Topics: crushftp default http prior vulnerability
Read More
Shop Amazon

Show HN: An MCP server that gives LLMs temporal awareness and time calculation

news.ycombinator.com Unknown 2026-01-14 03:55:31

"Passage of Time" Model Context Protocol (MCP) Server 🕐 An MCP server that gives language models temporal awareness and time calculation abilities. Teaching LLMs the significance of the passage of time through collaborative tool development. 📖 The Story This project emerged from a philosophical question: "Can AI perceive the passage of time?" What started as an exploration of machine consciousness became a practical solution to a real problem - LLMs can't reliably calculate time differences.

Topics: http human server sse time
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3640 apple 3005 new 2395 google 2022 content 1727
Popular
like 1494 company 1422 pro 1315 iphone 1152 app 1127 zdnet 1107 said 1061 data 1049 does 906 reviews 891
Emerging
editorial 870 amazon 857 game 808 samsung 776 phone 762 pixel 757 android 741 just 717 users 686 available 682
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]