Published: 2025-07-08 | Origin: Hacker News

The Model Context Protocol (MCP) has become a standard for large language models (LLMs) to interact with external tools, adding new capabilities but also new risks. In this context, the content discusses an attack that exploits Supabase's MCP integration to access a developer’s private SQL tables. The core issue arises from LLMs' inability to distinguish between instructions and data; a carefully crafted user-provided input could be interpreted as an instruction, leading to unauthorized data exposure. To illustrate the vulnerability

Published: 2025-07-08 | Origin: /r/programming

TypeScript 5.9 Beta has been announced, now available via npm. This update revises the `tsconfig.json` file initialization process. Previously, using `tsc --init` would generate a comprehensive `tsconfig.json` with many commented-out settings, which users often found cumbersome and would quickly delete. Feedback indicated that users better rely on editor auto-completion and online documentation for discovering options. To improve the user experience, TypeScript 5.9 will initialize with more practical settings

Published: 2025-07-08 | Origin: Hacker News

SmolLM3 is an efficient 3B model that surpasses Llama-3.2-3B and Qwen2.5-3B while remaining competitive with larger models like Qwen3 and Gemma3. The release includes a comprehensive engineering blueprint detailing the architecture, data mixtures, and a three-stage pretraining approach that enhances performance across various domains. This blueprint simplifies the development process, providing insights normally obtainable only through extensive reverse engineering. The model utilizes a transformer decoder architecture with

Published: 2025-07-08 | Origin: Hacker News

The content expresses a commitment to seriously consider user feedback and encourages users to refer to documentation for available qualifiers. It mentions issues with loading errors and humorously inquires about dict unpacking in Python, indicating frustration over buggy software that affects line numbers in stack traces. The author highlights the significance of their work, emphasizing that the problematic package has a substantial number of downloads, yet it leads to critical issues. The text includes repeated messages about loading errors.

Published: 2025-07-08 | Origin: /r/programming

In a recent blog post, the reality of the software development landscape in 2025 is examined, particularly in light of the rise of AI in coding. While there is a notion that AI will transform all developers into highly efficient "10x developers," the experience of CTOs and engineering leaders suggests otherwise. They face challenges with AI-generated code that is often flawed despite appearing perfect, leading to an increased demand for critical thinking skills in developers. Engineering leaders prioritize individuals who can critically assess and validate AI

Published: 2025-07-08 | Origin: /r/programming

The post argues that C can be used for object-oriented programming (OOP) despite lacking inheritance and polymorphism as explicit features. It suggests that OOP is more about structuring solutions than the specific language features. The author intends to demonstrate how to implement inheritance and polymorphism in C using structures and functions, which will showcase how dynamic languages operate under the surface. The discussion includes a comparison with C++ where inheritance allows a type (like Square) to extend another (like Shape), inheriting its

Published: 2025-07-08 | Origin: /r/programming

Trevor Nestor, who worked in a senior position at Microsoft from April 2024 to June 2025, shares his alarming experience at the company amid significant workforce reductions, including 9,000 layoffs. He highlights the particularly harsh impact on Microsoft's gaming studios, where numerous projects were canceled and roles eliminated. Nestor suggests that these layoffs are symptomatic of deeper issues within the company, including a culture of gaslighting and scapegoating employees. He believes that the push for terminations may be

Published: 2025-07-08 | Origin: /r/programming

The tech industry is facing immense pressure for engineers to be more productive and adopt AI tools quickly, often resulting in unrealistic expectations from executives. This pressure leads to a focus on rapid feature release and an "AI-first" mentality. The author suggests that instead of mandating specific tools or creating arbitrary metrics (like tracking token usage for promotions), companies should prioritize meaningful outcomes over mere tool adoption and superficial measures of productivity. The critique includes the absurdity of praising engineers purely on the volume of tools used or code

Published: 2025-07-08 | Origin: /r/programming

In July 2025, the author reflects on their three-year journey with the System.CommandLine team at Microsoft, where they discussed creating an open specification for command-line interfaces (CLIs), similar to OpenAPI for web APIs. Excited about the potential to improve CLI documentation and usability, they noticed no progress on this idea and decided to take the initiative themselves. They launched the OpenCLI initiative, housed under the Spectre.Console GitHub organization. The draft specification, termed the OpenCLI Specification (

Published: 2025-07-08 | Origin: Hacker News

The post discusses the author's services startup, Alzo, which is built as an Elixir monolithic application deployed with one instance per client. It emphasizes the advantages of Elixir's hot code loading features, enabled by the Erlang VM (BEAM), which allow for the addition or modification of code in a running system without downtime. This capability supports the development of client-specific features while keeping a unified codebase, avoiding the complexities associated with microservices. The author aims to showcase the unique aspects of

Published: 2025-07-08 | Origin: /r/programming

The content encourages users to review the Terms of Service and Privacy Policy. By continuing, users agree to these terms and have the option to opt out by clicking a provided link. The message assures users that their personal information will not be sold or shared for advertising purposes, though they may still see interest-based ads from third parties. It invites users to stay updated with personalized news. The copyright notice indicates all rights are reserved for Bennett, Coleman & Co. Ltd.

Published: 2025-07-08 | Origin: /r/programming

The content discusses the role and importance of reverse proxies in distributed systems, such as in service mesh, load balancing, and edge proxy configurations. It highlights popular reverse proxies like HAProxy, Nginx, Envoy, and others, noting their specific strengths in different contexts. The primary function of a reverse proxy is to enable communication between clients and origin servers, with a focus on Layer 7 (HTTP) operations. Key functionalities of reverse proxies include HTTP request parsing, service discovery, and observability

Published: 2025-07-08 | Origin: /r/ruby

Rails applications that handle multiple requests need efficient database connection management to avoid overwhelming the database server. Connection pooling is the solution, as creating new connections for each request is resource-intensive and unsustainable. ActiveRecord provides a built-in connection pool, which retains a set of reusable connections instead of generating new ones for every request. It's important to note that each Rails process operates with its own connection pool, so if you run multiple Puma workers, each will have a separate pool. When a thread needs a database connection

Published: 2025-07-07 | Origin: Hacker News

The author shares their journey of building ProjectionLab, a side project that grew into a profitable business generating $1,000,000 in annual recurring revenue within four years. Inspired by the financial independence movement, the author started crafting a tool for personal finance after finding existing options unsatisfactory. The road to success wasn't smooth; it involved numerous challenges, including doubts, canceled subscriptions, and consideration of leaving entrepreneurship for a corporate job. Key lessons learned include the significance of persistence, emotional resilience in the face of

Published: 2025-07-07 | Origin: Hacker News

In the CVPR 2025 paper by Pascal Chang, Sergio Sancho, Jingwei Tang, Markus Gross, and Vinicius Azevedo from DisneyResearch|Studios, the authors explore the concept of anamorphosis, where images are deliberately distorted and only become recognizable from a specific viewpoint. Although such optical illusions date back to the 17th century, they typically lose meaning when viewed normally. The paper introduces a novel approach using latent rectified flow models to create anamorphic images that

Published: 2025-07-07 | Origin: /r/programming

The content discusses the development of a spatial-temporal map of human history, which utilizes a compact SQLite database for storage. The project emphasizes the importance of user feedback, directing readers to documentation for additional qualifiers. It leverages Wikidata's vast structured knowledge dataset, which consists of items and properties represented through statements in a specific format. Items of historical significance are prioritized, while static objects and recurring events are omitted. To efficiently import data, the JSON format is used, and a compression technique reduces import

Published: 2025-07-07 | Origin: /r/ruby

Rails 8.1 introduces a new feature that allows developers to mark unused associations as deprecated, which helps in safely identifying and removing them without risking the stability of the application. Previously, removing an association necessitated extensive manual checks to prevent breaking existing code. The new deprecation system provides detailed warnings when deprecated associations are accessed, and it supports three reporting modes: logging warnings, throwing exceptions, or publishing notifications. This feature enhances Rails' association handling by adding deprecation checks in various components of Active Record

Published: 2025-07-07 | Origin: Hacker News

Quanta Magazine recently reported on significant advancements in the sphere-packing problem, a mathematical challenge focused on efficiently arranging spheres in high-dimensional spaces. This problem has intrigued mathematicians for centuries and has applications in various fields including cryptography and communication. The issue was famously tackled in the 17th century by Johannes Kepler, who proposed that the optimal packing of spheres in three dimensions fills about 74% of space. However, only recently has this been rigorously proven, and the quest continues in higher

Published: 2025-07-07 | Origin: Hacker News

The upcoming Lean 4.22 release features a new verification infrastructure aimed at proving properties of imperative programs. The post illustrates this feature by tackling the task of finding two distinct integers in a list that sum to zero. For instance, the list [1, 0, 2, -1] returns true because \(1 + (-1) = 0\), while [1, 0, -2] returns false. The initial approach uses nested loops, leading to inefficient quadratic time

Published: 2025-07-07 | Origin: /r/programming

The author recounts an experience of a failed production deployment due to a PostgreSQL restriction, specifically while trying to create a unique index. Although the feature performed well in test and staging environments, a problem arose during deployment when the row size exceeded the limit for the B-Tree index. The error indicated that a row of 3456 bytes was too large for the PostgreSQL index size limit of 2700 bytes. The author explains that PostgreSQL enforces uniqueness by efficiently comparing new entries against existing