Supabase MCP can leak your entire SQL database

829 rexpository 2025-07-08 17:46:55 UTC generalanalysis.com Llama Share 462

An attacker can exploit Supabase's MCP integration to leak a developer's private SQL tables by submitting a carefully crafted message that is treated as an instruction by the LLM. This occurs due to overprivileged database access and blind trust in user-submitted content, which can be mitigated by enabling the readonly flag and scanning data for suspicious patterns.

US Court nullifies FTC requirement for click-to-cancel

586 gausswho 2025-07-08 22:42:39 UTC arstechnica.com Llama Share 544

A federal appeals court struck down the FTC's "click-to-cancel" rule, citing procedural deficiencies in the rulemaking process. The court ruled that the FTC failed to conduct a required preliminary regulatory analysis, which would have allowed industry groups to contest the rule's findings.

SVGs that feel like GIFs

525 cantdutchthis 2025-07-08 08:23:05 UTC koaning.io Llama Share 131

You're using animated SVGs in README files, supported by Github, created with asciinema and svg-term-cli. This feature utilizes animations built into the SVG spec.

Google can now read your WhatsApp messages

469 bundie 2025-07-08 16:11:20 UTC neowin.net Llama Share 321

Google's Gemini feature allows Android users to use voice commands with apps like WhatsApp, but it may read messages and view images. To disable Gemini, users can turn off Gemini Apps Activity in the Gemini app or uninstall the Google app.

Smollm3: Smol, multilingual, long-context reasoner LLM

385 kashifr 2025-07-08 16:13:40 UTC huggingface.co Llama Share 75

SmolLM3 is a competitive 3B model that outperforms Llama-3.2-3B and Qwen2.5-3B while staying competitive with larger 4B models. It supports long-context, multilingual, and reasoning capabilities with up to 128k context and a dual-mode interface for reasoning and non-reasoning modes.

Breaking Git with a carriage return and cloning RCE

368 dgl 2025-07-08 17:48:29 UTC dgl.cx Llama Share 162

A vulnerability was found in Git that allows remote code execution when cloning an untrusted repository. It was fixed by updating Git and other software that embeds it, and also by quoting strings with carriage returns in configuration files.

Show HN: OffChess – Offline chess puzzles app

365 avadhesh18 2025-07-08 08:57:01 UTC offchess.com Full Share 163

Every chess puzzle on OffChess is rated, you gain and lose points based on your and puzzle's rating. Paint the board in the colors you like, with several themes to choose from you are sure to find something that you love.

Firefox is fine. The people running it are not

321 LorenDB 2025-07-08 11:35:27 UTC theregister.com Llama Share 250

Mozilla's leadership is directionless and flailing due to its reliance on Google's funding, never having to make a profit, and lacking a clear vision. A nonprofit organization should oversee browser development, focusing on funding an independent, non-vendor-driven browser engine.

Radium Music Editor

258 ofalkaed 2025-07-08 17:44:35 UTC users.notam02.no Llama Share 57

Radium is a tracker-like music editor with a graphical interface for editing notes and effects, also functioning as a DAW for recording and mixing audio. It's open source, easy to use, and available on multiple platforms, with a straightforward build system and subscription-based development support.

GlobalFoundries to Acquire MIPS

239 mshockwave 2025-07-08 16:57:18 UTC mips.com Llama Share 148

GlobalFoundries is acquiring MIPS, a leading supplier of AI and processor IP, to expand its portfolio with cutting-edge RISC-V processor IP and software tools. The acquisition will enhance GF's capabilities to offer customers flexible, RISC-V-based open platform solutions.

Brut: A New Web Framework for Ruby

206 onnnon 2025-07-08 18:03:20 UTC naildrivin5.com Llama Share 72

Brut is a simple Ruby web framework with no controllers, verbs, or resources, focusing on low-abstraction and low-ceremony. It includes built-in instrumentation, data access layer, and automation tools for easy app development.

Xenharmlib: A music theory library that supports non-western harmonic systems

203 retooth 2025-07-08 22:37:21 UTC xenharmlib.readthedocs.io Llama Share 19

Xenharmlib is a music theory library that supports non-standard tunings and notations. It's designed for composers and researchers with Python knowledge, focusing on harmonic relations and scientific exploration.

Zorin OS

200 oldfuture 2025-07-08 15:37:56 UTC zorin.com Llama Share 193

Windows 10 is reaching its end of life, consider Zorin OS as an alternative for a faster, more secure, and privacy-respecting experience. Zorin OS is easy to use, customizable, and compatible with Windows and macOS apps.

Why LLMs Can't Write Q/Kdb+: Writing Code Right-to-Left

192 gabiteodoru 2025-07-08 10:40:03 UTC medium.com/@gabiteodoru Llama Share 139

LLMs struggle with Right-to-Left (RL-NOP) languages like q/kdb+ due to evaluation order issues. A proposed solution is Qython, a Python-like language that compiles to q, allowing LLMs to write code in a familiar syntax.

DOJ goes after US citizen for developing anti-ICE app

183 ProAm 2025-07-08 02:36:30 UTC appleinsider.com Llama Share 70

The US Attorney General threatened the developer of an iPhone app, ICEBlock, which reports ICE officer sightings, calling it unconstitutional. The Trump administration is also threatening to sue CNN for reporting on the app, claiming it encourages people to avoid law enforcement.

Analyzing database trends through 1.8M Hacker News headlines

168 vercantez 2025-07-08 02:55:04 UTC camelai.com Llama Share 90

User analyzed Hacker News data from 2007 to 2025 using camelAI and ClickHouse database. Results show DuckDB's rapid growth, ClickHouse's steady gains, and PostgreSQL's continued dominance.

Blind to Disruption – The CEOs Who Missed the Future

141 ArmageddonIt 2025-07-08 13:41:43 UTC steveblank.com Llama Share 158

The US carriage industry went bankrupt due to its failure to adapt to the emerging automobile technology, with only one company, Studebaker, surviving the transition. The story serves as a warning for modern companies facing disruption from AI, highlighting the importance of adaptability and innovation to avoid becoming obsolete.

Show HN: Jukebox – Free, Open Source Group Playlist with Fair Queueing

121 skeptrune 2025-07-08 15:18:49 UTC jukeboxhq.com Full Share 43

Turn your phone or any device into a jukebox! Share a link with friends so they can add songs to your shared music queue.

SIMD.info – Reference tool for C intrinsics of all major SIMD engines

108 pabs3 2025-07-08 01:44:59 UTC simd.info Full Share 35

What would you like to search for?

Show HN: A rain Pomodoro with brown noise, ASMR, and Middle Eastern music

101 ShadowUnknown 2025-07-08 17:42:10 UTC forgetoolz.com Llama Share 51

The Rain Pomodoro timer combines immersive rain sounds, brown noise, ASMR triggers, and Middle Eastern ambience to create a scientifically designed focus environment for productivity and concentration. It features customizable 25-minute focus sessions, smart break reminders, and session tracking, along with animated rain effects and a distraction-free interface.

Trying to find meaning in owning an old Mac

97 decryption 2025-07-08 02:45:57 UTC blog.decryption.net.au Llama Share 74

Your dad collects classic cars from the 50s-70s and you collect a classic 1989 Apple Macintosh SE/30, exploring the era that inspired modern computers. You'll restore and use the Mac occasionally, just like your dad with his cars, as a tribute to the past and what's been lost in progress.

Dynamical origin of Theia, the last giant impactor on Earth

95 bikenaga 2025-07-08 18:10:46 UTC arxiv.org Llama Share 46

Cosmochemical studies suggest Earth accreted 5-10% of its mass from carbonaceous material, with a large fraction delivered late via Theia. Simulations show this scenario matches constraints on terrestrial planets' masses, orbits, and carbonaceous mass fractions, with 50-50 odds of Theia being a carbonaceous object.

WebAssembly: Yes, but for What?

93 todsacerdoti 2025-07-08 08:34:43 UTC queue.acm.org Llama Share 118

WebAssembly (Wasm) has had success in retargeting big C and C++ desktop applications to the web, and in getting C and C++ components onto the web, but its adoption in games and user-facing web interfaces is limited. Wasm's future potential lies in its ability to enable fast cold-start characteristics, making it suitable for edge compute and cloud services, and its isolation capabilities make ...

Show HN: Sumble – knowledge graph for GTM data – query tech stack, key projects

91 antgoldbloom 2025-07-08 15:42:34 UTC sumble.com Full Share 47

Sumble provides account intelligence data, enabling sales teams to do deep research. Use it to better inform your targeting and outreach.

Ask HN: What are some cool or underrated tech companies based in Canada?

89 pedrodelfino 2025-07-08 20:50:04 UTC news.ycombinator.com Llama Share 59

You're looking for lesser-known Canadian tech companies, mentioning Aloe, Lumen5, Urbanlogiq, D-wave, Safety, Sparx, and Xiphos Systems as examples.

Tell HN: I Lost Joy of Programming

89 Eatcats 2025-07-08 11:36:50 UTC news.ycombinator.com Llama Share 118

User relies on Windsurf editor for coding, but now finds it tedious and unenjoyable due to waiting for LLM results. They've stopped reviewing code changes and just push forward to complete tasks.

TSA to end shoes-off policy for airport security screening

78 avonmach 2025-07-08 14:27:23 UTC abcnews.go.com Llama Share 66

The TSA is phasing out the shoe removal policy at US airports, allowing passengers to keep their shoes on in general security lines. This change aims to speed up security checks, but passengers triggering alarms will still need to remove shoes for additional screening.

NuxtLabs is joining Vercel

74 blinky88 2025-07-08 13:40:12 UTC nuxtlabs.com Llama Share 79

NuxtLabs joins Vercel to sustain open source and focus on building in the open. Nuxt's community and roadmap remain unchanged, with new features and AI integration on the horizon.

The Tradeoffs of SSMs and Transformers

68 jxmorris12 2025-07-08 19:12:06 UTC goombalab.github.io GoogleT5 Share 8

Attention is most effective on pre-compressed data at the “right level of abstraction”. a lot of technical work was involved in getting this family of models to work, says samuel e. dawkinson, co-author of the mamba paper. this post abstracts away what he views as the main high-level ingredients that made these models successful, d.a. dewan, and others. these ingredients include select

Cloudflare: We Will Get Google to Provide a Way to Block AI Overviews

65 freedomben 2025-07-08 15:24:57 UTC seroundtable.com Llama Share 92

Cloudflare's CEO Matthew Prince believes Google will allow him to block AI Overviews and Answer boxes without blocking search indexing. He's hopeful of a solution through conversations with Google, but has a backup plan of passing a law to require Google to separate crawlers.

The New York Times wants your private ChatGPT history – even the deleted parts

60 isolli 2025-07-08 07:40:08 UTC thehill.com Llama Share 91

A federal judge ordered OpenAI to preserve nearly all ChatGPT user conversations, including deleted ones, for a New York Times copyright lawsuit. This decision threatens the privacy of over 70 million users who trusted ChatGPT to delete their conversations.

Show HN: I built a tool to solve window management

54 atommachinist 2025-07-08 14:01:42 UTC aboveaverageuser.com Llama Share 68

AboveAverageUser offers Smart Switcher with lifetime bug fixes and security updates, a 30-day risk-free guarantee, and limited-time introductory pricing. The application requires a license key for full functionality.

Bear-Sized Giant Beavers Once Roamed North America

52 noleary 2025-07-08 00:14:24 UTC smithsonianmag.com Llama Share 63

Minnesota lawmakers have officially designated the giant beaver as the state fossil. The giant beaver, an extinct Ice Age rodent, is a significant symbol of Minnesota's ancient natural history.

ChatGPT testing a mysterious new feature called 'study together'

41 Bluestein 2025-07-08 07:22:21 UTC techcrunch.com Llama Share 55

OpenAI's mode, Study Together, may allow multiple users to join a chat for educational purposes. This feature could help ChatGPT encourage good uses in education while discouraging cheating.

CPU stuck at 0.80Ghz, Fixed by removing keyboard screw (2018)

39 ViscountPenguin 2025-07-08 23:25:39 UTC dell.com Full Share 8

You don't have permission to access "http://www.dell.com/community/en/conversations/latitude/cpu-core-speed-stuck-at-080ghz-latitude-e7440/647f79dcf4ccf8a8de805bd2?" on this server.

Is it possible to play doom on an oscilloscope using only lissajous figures?

35 stared 2025-07-08 07:57:25 UTC forums.sufficientvelocity.com Llama Share 6

People have run Quake on an oscilloscope using a custom triangle sound pipeline. They used Darkplaces Quake's software renderer to extract scene geometry and transfer it to an audio synthesizer via a named pipe.

The Texas Flooding Tragedy: Could It Have Been Avoided?

34 georgecmu 2025-07-08 10:01:39 UTC cliffmass.blogspot.com Llama Share 67

The Texas flooding was caused by heavy rainfall, but the National Weather Service provided accurate warnings and forecasts, and the local authorities failed to evacuate people in time, leading to tragic consequences. The incident highlights the need for effective communication and preparedness, rather than blaming climate change or the weather service, and suggests that local authorities ...

TSA expected to phase out shoe removal policy at airport security

30 bookmtn 2025-07-08 19:02:43 UTC tennessean.com Llama Share 24

TSA may eliminate shoe removal at airport security checkpoints, a policy in place since 2006. The change is being phased out at select US airports, enhancing the passenger experience and security posture.

Brainwash '72 [video]

29 petethomas 2025-07-08 18:34:08 UTC archive.org Llama Share 6

User found a strange quit-smoking tape on an Umatic tape with a McDonalds label, containing disturbing footage. The tape was digitized using a Sony VP-7040, CYP Time Base Corrector, and Blackmagic Intensity Shuttle.

Monorail – Turn CSS animations into interactive SVG graphs

28 stanko 2025-07-08 21:33:50 UTC muffinman.io Full Share 2

Monorail turns any CSS keyframe animation into an interactive graph. Try playing with the example below. For details on how to use it, check the GitHub repo.

Fast cryptographically safe GUID generator for Go

20 sdrapkin 2025-07-08 18:48:06 UTC github.com/sdrapkin Llama Share 41

The code generates and prints GUIDs using the guid package, then marshals and unmarshals a User struct with GUID fields. The unmarshaled User struct has the same ID as the original User struct.

Anyone else tired of the AI hype?

20 d00mB0t 2025-07-08 16:50:40 UTC news.ycombinator.com Llama Share 11

The author is tired of AI hype but thinks it's necessary to upgrade their inner filters to distinguish between noise and substance. They believe AI will disrupt jobs and work, but also worry about its potential negative impacts on productivity and the environment.

Show HN: Trying to eat better? I built a nutrional assistant

17 dammsaturn 2025-07-08 14:29:46 UTC chat.eko-bazaar.com Full Share 35

Transform your eating habits with BAZ's AI-powered meal planning. Get personalized recipes, nutritional analysis, and smart meal prep recommendations tailored to your lifestyle and goals.

AnyBlox: A Framework for Self-Decoding Datasets [pdf]

14 nvais 2025-07-08 16:49:12 UTC gienieczko.com GoogleT5 Share 0

Anyblox works on bundles of encoded data alongside webassembly bytecode defining a decoder. the decoder then processes the data according to its own logic in the any-blox operator, making it easy to auditable. our design allows for evolu- tion without breaking existing implementations and datasets, argues daniel saunders. he says the performance of any-block encoding

Show HN: OpenAPI mocks that don't suck – realistic test data, quick setup

13 ankit84 2025-07-08 19:30:49 UTC beeceptor.com Full Share 4

Beeceptor uses AI-powered smart-contracts to instantly turn your OpenAPI spec into a live, integration-ready mock server, complete with realistic, golden test data. It’s not just mock responses, it’s production-grade simulation, built to unblock teams and accelerate development from day one.

Systemd has been a complete, utter, unmitigated success

13 RGBCube 2025-07-08 19:30:30 UTC blog.tjll.net Llama Share 5

The author, a former systemd critic, now defends systemd as a successful and powerful system management tool that has improved Linux system configuration and security. Despite initial criticism, systemd has proven to be a robust and secure solution that has brought many benefits, including process sandboxing, easier configuration, and improved logging.

LLM-Ready Training Dataset for Apple's Foundation Models (iOS 26)

13 rileygersh 2025-07-08 17:52:28 UTC rileyhealth.gumroad.com Prefix Share 5

The only comprehensive training dataset for Apple's Foundation Models Framework (iOS 26)What You GetThree technical specification files for training LLMs on Apple's Foundation Models framework:1. Core Framework GuideSystemLanguageModel availability, LanguageModelSession management, response generation, and context handling.2. Advanced Implementation Guide@Generable/@Guide macros, ...