Shai-Hulud Returns: Over 300 NPM Packages Infected

899 mrdosija 2025-11-24 10:40:22 UTC helixguard.ai Llama Share 704

HelixGuard detected over 300 NPM registry components poisoned with malware that steals sensitive information and exfiltrates it via GitHub Actions. The malware, similar to the 'Shai-Hulud' attack, uses TruffleHog for secret scanning and achieves worm-like propagation by modifying package.json and using stolen tokens.

Claude Opus 4.5

868 adocomplete 2025-11-24 18:53:05 UTC anthropic.com Llama Share 395

Claude Opus 4.5 is a new AI model available today, offering improved efficiency and capabilities in coding, agents, and computer use. It's now more accessible with a lower price point of $5/$25 per million tokens.

Pebble Watch software is now 100% open source

818 Larrikin 2025-11-24 18:52:12 UTC ericmigi.com Llama Share 125

Pebble watch software is now 100% open source, ensuring long-term reliability through decentralization. Core Devices, the company behind the relaunch, is self-funded and aims to continue manufacturing Pebble watches as long as it stays profitable.

France threatens GrapheneOS with arrests / server seizure for refusing backdoors

561 nabakin 2025-11-24 17:00:07 UTC mamot.fr Llama Share 3

Le gouvernement français attaque GrapheneOS, un système d'exploitation sécurisé, en le décrivant comme une "solution de téléphonie du crime" pour justifier la surveillance.

Claude Advanced Tool Use

433 lebovic 2025-11-24 19:21:35 UTC anthropic.com Llama Share 163

Anthropic's Claude AI agent uses three features to improve tool use workflows: Tool Search Tool, Programmatic Tool Calling, and Tool Use Examples. These features reduce token consumption, latency, and improve accuracy by enabling dynamic discovery, efficient execution, and reliable invocation of tools.

Ask HN: Hearing aid wearers, what's hot?

342 pugworthy 2025-11-24 02:25:39 UTC news.ycombinator.com Llama Share 201

You're looking for a new hearing aid to replace your Phonak Audeo 90's. I'm a summarizer, not a personal user, but I can suggest popular options like Phonak Marvel or Oticon Opn, which offer good sound quality and noise reduction features.

Shai Hulud launches second supply-chain attack

341 birdculture 2025-11-24 16:03:36 UTC aikido.dev Llama Share 19

A malware attack, named Shai-Hulud, has hit hundreds of npm packages, compromising 492 packages with 132 million monthly downloads. The attack spreads through compromised developer environments, stealing sensitive information and uploading it to a public GitHub repository.

RuBee

336 Sniffnoy 2025-11-24 03:08:10 UTC computer.rip Llama Share 58

RuBee is a unique wireless protocol used for asset tracking, particularly in secure facilities, due to its robustness and short range. It was developed by Visible Assets Inc. for applications like tracking firearms and has been used by the US military and Department of Energy.

PS5 now costs less than 64GB of DDR5 memory. RAM jumps to $600 due to shortage

333 speckx 2025-11-24 19:29:12 UTC tomshardware.com Llama Share 210

DDR5 RAM prices have surged due to AI demand, with a 64 GB kit costing $599, a 190% increase in just 2 months. Experts predict DRAM and NAND constraints will continue through 2026 as Big Tech pursues AGI, affecting consumer prices.

Unpowered SSDs slowly lose data

325 amichail 2025-11-24 19:25:25 UTC xda-developers.com Llama Share 132

SSDs can lose data if left unpowered for years, especially those with TLC or QLC NAND, which can retain data for up to 3 years and 1 year respectively. To prevent data loss, use alternate storage media and invest in a backup system.

NSA and IETF, part 3: Dodging the issues at hand

304 upofadown 2025-11-24 12:00:55 UTC blog.cr.yp.to Llama Share 200

The IETF's TLS working group is standardizing a non-hybrid post-quantum cryptography document that adds just PQ as another TLS option, despite concerns about its security and lack of consensus. An IETF area director dodged procedural objections and made false claims about the adoption call results, failing to address the central security argument for ECC+PQ.

Japan's gamble to turn island of Hokkaido into global chip hub

296 1659447091 2025-11-24 03:07:07 UTC bbc.com Llama Share 430

Japan is investing billions to turn Hokkaido into a global hub for advanced semiconductors, aiming to reboot the country's chip-making capabilities. Rapidus, a government-backed company, is building Japan's first cutting-edge chip foundry in Hokkaido, with a goal to mass produce 2nm chips by 2027.

X Just Accidentally Exposed a Covert Influence Network Targeting Americans

295 adriand 2025-11-24 16:07:40 UTC weaponizedspaces.substack.com Llama Share 181

A new feature on X exposed a large number of pro-Trump accounts operating from foreign countries, raising concerns about covert foreign influence in US politics. The discovery mirrors Russia's 2016 disinformation campaign and suggests history may be repeating itself.

France threatens GrapheneOS with arrests / server seizure for refusing backdoors

271 nabakin 2025-11-24 16:40:22 UTC mamot.fr Llama Share 325

Le gouvernement français attaque GrapheneOS, un système d'exploitation sécurisé, en le décrivant comme une "solution de téléphonie du crime" pour justifier la surveillance.

The Cloudflare outage might be a good thing

250 radeeyate 2025-11-24 03:04:10 UTC gist.github.com Embed Share 181

GrapheneOS migrates server infrastructure from France

238 01-_- 2025-11-24 18:48:04 UTC privacyguides.org Llama Share 95

GrapheneOS is relocating its servers from France due to safety concerns and negative press coverage. The project will continue to be available to French users but its website and discussion servers will be hosted abroad.

Show HN: I built an interactive HN Simulator

234 johnsillings 2025-11-24 17:52:43 UTC news.ysimulator.run Full Share 121

More

Chrome Jpegxl Issue Reopened

225 markdog12 2025-11-24 12:23:02 UTC issues.chromium.org Full Share 85

Sign in

Cool-retro-term: terminal emulator which mimics look and feel of CRTs

201 michalpleban 2025-11-24 17:52:01 UTC github.com/swordfish90 Llama Share 77

cool-retro-term is a customizable terminal emulator mimicking old cathode tube screens. It's available for Linux and macOS, with packages in most distributions or downloadable from the Releases page.

TSMC Arizona outage saw fab halt, Apple wafers scrapped

189 speckx 2025-11-24 18:30:48 UTC culpium.com Llama Share 80

A power outage at TSMC's Arizona facility caused by a Linde power fault in mid-September forced a shutdown and scrapped thousands of wafers. The incident may have contributed to TSMC's 99% drop in net income in the third quarter.

Show HN: Stun LLMs with thousands of invisible Unicode characters

186 wdpatti 2025-11-24 03:00:31 UTC gibberifier.com Full Share 102

Result: Doesn't understand gibberified text - responds with confusion or completely ignores the invisible characters. See ChatGPT → Result: Completely bewildered by gibberified text - has no idea what's happening with the invisible characters. See Grok →

We stopped roadmap work for a week and fixed bugs

172 signa11 2025-11-24 02:36:54 UTC lalitm.com Llama Share 4

The author's company has a quarterly "fixit" week where 40 software engineers stop regular work to fix small bugs and improve developer productivity. This week-long event boosts team spirit and product quality.

Ego, empathy, and humility at work

162 mrmatthogg 2025-11-24 02:01:02 UTC matthogg.fyi Llama Share 53

The article discusses how ego can hinder developers and technical leaders, and how empathy and humility can help counteract it. Practicing empathy and humility can lead to better collaboration and problem-solving.

Implications of AI to schools

160 bilsbie 2025-11-24 17:51:02 UTC twitter.com/karpathy Full Share 154

Something went wrong, but don’t fret — let’s give it another shot. Some privacy related extensions may cause issues on x.com. Please disable them and try again.

What OpenAI did when ChatGPT users lost touch with reality

156 nonprofiteer 2025-11-24 05:58:08 UTC nytimes.com Full Share 186

Please enable JS and disable any ad blocker

DoGE "cut muscle, not fat"; 26K experts rehired after brutal cuts

149 jnord 2025-11-24 22:12:04 UTC arstechnica.com Llama Share 40

DOGE, a government agency created by Elon Musk to cut government agencies, was terminated more than eight months early due to lack of necessity. Its abrupt ending has left the government struggling to replace lost talent and provide key services.

Mind-reading devices can now predict preconscious thoughts

143 srameshc 2025-11-24 18:26:09 UTC nature.com Llama Share 100

Researchers have made significant progress in brain-computer interfaces (BCIs) that can decode brain signals and enable people with paralysis to control devices. However, concerns about data privacy and the potential for manipulation or discrimination have led to calls for regulation and guidelines on the use of BCIs and neural data.

Doge 'doesn't exist' with eight months left on its charter

143 the_mitsuhiko 2025-11-24 00:05:14 UTC reuters.com Full Share 138

Please enable JS and disable any ad blocker

Lambda Calculus – Animated Beta Reduction of Lambda Diagrams

141 perryprog 2025-11-24 05:17:15 UTC cruzgodar.com Llama Share 8

Lambda calculus is a minimal Turing-complete language with functions as its only objects, allowing for beta reduction and expression evaluation. It can represent true and false, natural numbers, and arithmetic operations using selector functions and combinators.

Booking.com cancels $4K hotel reservation, offers same rooms again for $17K

131 thisislife2 2025-11-24 14:43:01 UTC cbc.ca Llama Share 162

A woman booked a hotel room on Booking.com for the 2026 Formula One Grand Prix in Montreal, but was told the price was a mistake and needed to pay four times the amount. Digital rights expert David Fewer says this is a common issue with online travel sites and hotels relying on automated booking and pricing systems.

Bureau of Meteorology's new boss asked to examine $96M bill for website redesign

112 OuterVale 2025-11-24 12:35:15 UTC abc.net.au Llama Share 79

The Bureau of Meteorology's new website cost $96.5 million to design and launch, exceeding its original $4 million estimate. Environment Minister Murray Watt has asked the agency's new boss to investigate the cost blowout and website issues.

The Bitter Lesson of LLM Extensions

101 sawyerjhood 2025-11-24 18:32:27 UTC sawyerhood.com Llama Share 51

The history of LLM extension over the last three years has seen various mechanisms emerge, from simple system prompts to complex client-server protocols, with the goal of allowing end users to customize these systems. The latest development, Agent Skills, represents a significant step towards this goal, allowing users to give agents instructions and generic tools, and trusting them to do the ...

Git 3.0 will use main as the default branch

93 ingve 2025-11-24 06:37:20 UTC thoughtbot.com Llama Share 232

Git 3.0 will default to 'main' branch for new repositories, replacing 'master'. This change is expected near the end of 2026.

General principles for the use of AI at CERN

92 singiamtel 2025-11-24 10:37:05 UTC home.web.cern.ch Llama Share 70

CERN has approved a strategy for responsible AI use, covering transparency, accountability, lawfulness, fairness, security, sustainability, human oversight, data privacy, and non-military purposes. The strategy applies to all AI technologies used in CERN's scientific research, productivity, and administrative activities.

Google's new 'Aluminium OS' project brings Android to PC

90 jmsflknr 2025-11-24 18:49:47 UTC androidauthority.com Llama Share 101

Google is developing Aluminium OS, a unified Android-based operating system for PCs, to compete with Windows and macOS. Aluminium OS will replace ChromeOS, with a transition strategy including legacy support and optional migration for existing Chromebooks.

Build desktop applications using Go and Web Technologies

89 selvan 2025-11-24 04:33:57 UTC github.com/wailsapp Llama Share 75

Wails is a tool that bundles Go code and a web frontend into a single binary, making it easy to create lightweight desktop applications. It offers native elements and is a lightweight alternative to Electron.

Is your Android TV streaming box part of a botnet?

88 todsacerdoti 2025-11-24 18:47:11 UTC krebsonsecurity.com Llama Share 31

Superbox media streaming devices may seem like a steal but security experts warn they require intrusive software that forces users' networks to relay Internet traffic for cybercrime activity. These devices can also compromise users' Internet connections and engage in advertising fraud and account takeovers.

Fast Lua runtime written in Rust

83 akagusu 2025-11-24 13:57:53 UTC astra.arkforge.net Llama Share 52

A local server is created using the http module and a route is registered to return "hello from default Astra instance!" at the root URL. A counter is incremented and returned as JSON at the "/count" URL.

Show HN: Cynthia – Reliably play MIDI music files – MIT / Portable / Windows

82 blaiz2025 2025-11-24 13:58:05 UTC blaizenterprises.com Llama Share 28

Cynthia is a music player that can play midi files from a folder or playlist, adjust playback speed, volume, and output device on-the-fly, and supports various midi formats. It also features a user-friendly interface with customizable colors and background schemes, and can be controlled using an Xbox controller.

McMaster Carr – The Smartest Website You Haven't Heard Of (2022)

80 jcartw 2025-11-24 02:57:34 UTC bedelstein.com Llama Share 48

McMaster-Carr's website is the best e-commerce site due to its minimal, functional design that allows users to quickly find specific parts. The site's intuitive search interface, filters, and CAD file downloads make it a valuable tool for engineers and users alike.

Fifty Shades of OOP

74 todsacerdoti 2025-11-24 09:40:32 UTC lesleylai.info Llama Share 27

The author presents a nuanced view of Object-Oriented Programming (OOP) by examining its various features, including encapsulation, inheritance, and message passing, and discusses their pros and cons. The article argues that OOP encourages certain programming styles that can lead to performance issues, scattered code, and unnecessary complexity, but also provides benefits such as open ...

Build a Compiler in Five Projects

72 azhenley 2025-11-24 07:14:55 UTC kmicinski.com Llama Share 10

You're interested in building a compiler for a masters-level class CIS531, which involves implementing a compiler in Racket programming language.

Insurers retreat from AI cover as risk of multibillion-dollar claims mounts

71 gwintrob 2025-11-24 04:22:12 UTC ft.com Llama Share 9

Annual FT subscription is now $49, down from $59.88, with 2 months free and 20% savings for paying upfront. Access quality FT journalism on any device for $75/month after trial or pay $49 upfront for a year.

Passing the Torch – My Last Root DNSSEC KSK Ceremony as Crypto Officer 4

70 greyface- 2025-11-24 02:16:42 UTC technotes.seastrom.com Llama Share 17

The user was a Crypto Officer for ICANN's DNSSEC Root signing ceremonies for 15 years, participating in the development of trust and transparency in the system. They passed the torch to Lodrina Cherne, a security researcher and educator, after a 5-year commitment turned into a 15-year tenure.

The feds want to make it illegal to even possess an anarchist zine

65 pabs3 2025-11-24 05:46:14 UTC theintercept.com Llama Share 16

Federal prosecutors have filed a new indictment against Dallas artist Daniel Sanchez for transporting anarchist zines, which are constitutionally protected free speech. The case is part of the administration's efforts to criminalize left-wing activists and silence dissenting voices.

A New Raspberry Pi Imager

63 raus22 2025-11-24 16:52:21 UTC raspberrypi.com Llama Share 17

Raspberry Pi Imager 2.0 has a new wizard interface and improved accessibility for screen readers and assistive technologies. It offers pre-configured Raspberry Pi Connect and simplified OS customisation for a better user experience.

A fast EDN (Extensible Data Notation) reader written in C11 with SIMD boost

62 delaguardo 2025-11-24 09:51:45 UTC github.com/dotfox GoogleT5 Share 7

Edn (extensible data notation) is a data format similar to json, but richer and more extensible. it supports underscores as visual separators in numeric literals for improved readability - and it's compatible with clojure'reader' edn.c supports newline, "newlines and %new as whitespace characters in strings. the software

My Life Is a Lie: How a Broken Benchmark Broke America

61 jger15 2025-11-24 02:05:01 UTC yesigiveafig.com Llama Share 43

The author argues that the official poverty line of $31,200 is misleading and that the real poverty line is $140,000, which is the amount needed for a family of four to afford basic necessities like housing, healthcare, and childcare without relying on means-tested benefits. The author claims that the current economic system is designed to trap families in poverty, making it impossible for ...

Trade Chaos Causes Businesses to Rethink Their Relationship with the U.S.

57 mooreds 2025-11-24 12:47:38 UTC nytimes.com Full Share 85

Please enable JS and disable any ad blocker

'Invisible' microplastics spread in skies as global pollutant

56 devonnull 2025-11-24 00:18:21 UTC asahi.com Llama Share 21

Airborne microplastics are spreading globally, penetrating human bodies and sparking alarm among researchers. These tiny pollutants, often invisible, could be fueling extreme weather conditions and pose unknown health risks.

Britain is one of the richest countries. So why do children live in poverty?

52 rawgabbit 2025-11-24 16:53:11 UTC cnn.com Llama Share 142

Child poverty in the UK has reached a record high with around 4.5 million children living in relative poverty. Charities like Little Village are stepping in to provide essential supplies for new parents struggling financially.

A One-Minute ADHD Test

52 eatitraw 2025-11-24 07:09:28 UTC psychotechnology.substack.com Llama Share 96

The author took a six-question ADHD test and scored highly, leading them to suspect ADHD and get a proper assessment. The test has a 69% sensitivity and 99.5% specificity, making it a useful low-effort screening tool for ADHD.

US 'Homeland Security' Twitter account seemingly run from Israel

45 botanical 2025-11-24 14:26:12 UTC thecanary.co Llama Share 21

Elon Musk's Twitter location data update exposed many far-right nationalist accounts as international grifters. The feature also revealed the US Department of Homeland Security account was operated from Israel, sparking controversy.

I put a real search engine into a Lambda, so you only pay when you search

44 shutty 2025-11-24 11:02:51 UTC nixiesearch.substack.com Llama Share 13

The author attempts to run a search engine, Nixiesearch, in a serverless mode on AWS Lambda, overcoming container size and startup time issues using GraalVM native-image. The author explores various storage options, including S3, EFS, and NFS, to achieve low latency and cost-effective search.

Launch HN: Karumi (YC F25) – Personalized, agentic product demos

35 tonilopezmr 2025-11-24 18:37:27 UTC karumi.ai Llama Share 11

Product demos adapt to customer needs and are always up to date. Transcripts and next steps are logged into CRM for follow up.

New report calls for end to child marriage in the US

33 binning 2025-11-24 21:13:36 UTC womensmediacenter.com Llama Share 20

Two human rights groups, Unchained At Last and Equality Now, call for action to end child marriage in the US, citing over 314,000 child marriages between 2000 and 2021. The groups urge policymakers to introduce legislative reform and raise awareness to prohibit child marriage nationwide by 2030.

The Arithmetic of Braids (2022)

31 marysminefnuf 2025-11-24 06:44:57 UTC mathcenter.oxford.emory.edu GoogleT5 Share 8

If we have names for these possibilities, we can describe braid in question with a sequence of letters. adjacent elementary braids $x_i$ and $xx_j$ will commute unless they are far enough apart... et al. samuel taylor: 'we can show two braid words represent the same braid by drawing pictures of each and "tugging' the strands until they

'Nobody wants to come': What if the U.S. can no longer attract immigrant doctors

26 nis0s 2025-11-24 13:37:28 UTC npr.org Llama Share 43

Michael Liu, a 28-year-old internal medicine resident, is considering returning to his hometown of Toronto due to the Trump administration's cuts to scientific research and increased H1B visa fees. The US healthcare system relies heavily on immigrant physicians, but recent policies are making it harder for foreign-born talent to augment the short-staffed system.

A ncurses-based command line torrent client for high performance

26 gslin 2025-11-24 01:30:51 UTC github.com/rakshasa Llama Share 13

RTorrent closely follows libtorrent versions and is under GNU GPL. It uses Mozilla's NSS SHA1 implementation or OpenSSL, depending on user preference.

Shopping research in ChatGPT

23 wertyk 2025-11-24 18:07:47 UTC openai.com Llama Share 15

User wants shopping research to find products such as a gaming laptop, dress, stroller, and gift for dad. User also wants to know about Black Friday deals and if they qualify for discount codes.

Syd – An offline-first, AI-augmented workstation for blue teams

20 paul2495 2025-11-24 07:11:38 UTC sydsec.co.uk Llama Share 5

Syd is a secure, offline AI-powered tool for cybersecurity operations, integrating with various tools for offensive and defensive capabilities. It provides instant access to exploit intelligence and actionable insights from raw tool output.

Ask HN: Scheduling stateful nodes when MMAP makes memory accounting a lie

18 leo_e 2025-11-24 17:30:40 UTC news.ycombinator.com Llama Share 7

A distributed stateful engine's Coordinator got stuck in a loop, DDOS-ing a node due to incorrect load balancing based on logical row count. The team seeks a "God Equation" to balance resources, considering variables like CPU, IOPS, RSS, and disk usage, but faces an NP-hard problem.

New magnetic component discovered in the Faraday effect

12 jchanimal 2025-11-24 01:18:40 UTC phys.org Full Share 1

This page will redirect in a moment...