News Nug |
---|
Github Copilot auto-enabled itself on my private local workspaces without my consent Published: 2025-04-16 | Origin: /r/programming The feedback emphasizes the importance of user consent regarding the use of Copilot in private repositories. The user expressed concern that Copilot was enabled across all VSCode windows without their permission, potentially exposing sensitive information. They highlighted that they had only consented to use Copilot in two specific windows, while the rest should remain disabled, especially since some projects are for clients who have not approved sharing the code. The user urges for this issue to be resolved to ensure that GitHub Copilot respects workspace settings and |
How A Hacker Used My Staging Environment for Phishing Published: 2025-04-16 | Origin: /r/programming Abdu Taviq shares an experience of being a victim of a hacking attack while working on a self-hosted WordPress multi-tenancy solution. He deployed his project on a staging server with a long, obscure URL. Shortly after deployment, he received a notification from Google Search Console flagging his server for phishing activities, which he later discovered was due to a hacker exploiting it. Additionally, as a consequence, some of his YouTube videos were removed because they included the same domain used for testing |
Show HN: Plandex v2 – open source AI coding agent for large projects and tasks Published: 2025-04-16 | Origin: Hacker News Plandex is a terminal-based AI development tool designed for handling large coding projects and complex tasks. It supports up to 2 million tokens of context and can index projects with over 20 million tokens using tree-sitter project maps. Key features include a cumulative diff review sandbox that isolates AI-generated changes until they're ready to be integrated, robust support for multiple AI models (from Anthropic, OpenAI, Google, and others), and a high degree of flexibility for developers. Plandex can autonom |
Calling all Ruby enthusiasts – come build something fun with me! Published: 2025-04-16 | Origin: /r/ruby Failed to fetch content - HTTP Error - Failed to open TCP connection to :80 (Connection refused - connect(2) for nil port 80) |
Microsoft: Node.js Increasingly Used for Malware Delivery and Data Theft Published: 2025-04-16 | Origin: /r/programming CyberInsider reports on a surge in cyberattacks that exploit Node.js to deliver malware and compromise sensitive information. Microsoft's Defender Experts have identified several campaigns since October 2024 that use Node.js in innovative ways to evade detection, particularly in malvertising and phishing schemes. Attackers take advantage of Node.js's capabilities as an open-source JavaScript runtime, allowing them to execute code outside of traditional browser environments, making it easier to blend in with legitimate developer activities. One notable campaign involves deceptive cryptocurrency |
AI-Designed Antivenoms: New Proteins to Block Deadly Snake Toxins Published: 2025-04-16 | Origin: Hacker News In the January 23, 2025 edition of the newsletter "Plenty of Room," Marco Lolaico highlights the use of AI in designing proteins to address the serious public health issue of snakebites, which predominantly affect regions like sub-Saharan Africa, South Asia, and Latin America. The World Health Organization categorizes snakebite envenoming as a neglected tropical disease that impacts 2 million people annually, resulting in over 100,000 deaths and many disabilities. Traditional antivenom treatments |
OpenAI Codex CLI: Lightweight coding agent that runs in your terminal Published: 2025-04-16 | Origin: Hacker News The content discusses the Codex CLI, a lightweight coding agent that operates in the terminal and is currently in experimental development. Users can install it globally using the command `npm i -g @openai/codex` and should set their OpenAI API key as an environment variable for usage. The tool allows developers to run code, manipulate files, and manage their projects under version control, facilitating a chat-driven development experience. Codex CLI is designed for developers familiar with terminal environments and offers customizable levels |
CISA extends funding to ensure 'no lapse in critical CVE services' Published: 2025-04-16 | Origin: /r/programming The U.S. government has extended funding for MITRE to prevent any disruption to the crucial Common Vulnerabilities and Exposures (CVE) program, as confirmed by CISA. This extension, lasting 11 months, came after MITRE's Vice President warned that funding was set to expire, which could have led to significant issues in the cybersecurity sector. The CVE program, which is essential for standardizing discussions about security vulnerabilities, is maintained by MITRE with support from the U.S. |
Building High Performance Ruby REST APIs with Rage Published: 2025-04-16 | Origin: /r/ruby The article by Roman Samoilov, Tech Lead at SoftServe, introduces Rage, a Ruby web framework aimed at creating fast and developer-friendly APIs. Rage seeks to modernize the Ruby ecosystem by offering a syntax similar to Rails while emphasizing asynchronous I/O, performance, and easy OpenAPI documentation generation. The article outlines a tutorial for building a shared Todo list application using Rage. It covers the necessary steps, starting from project setup with SQLite, generating models and migration files, and defining data relationships. It |
Damn Vulnerable MCP Server Published: 2025-04-16 | Origin: Hacker News The content discusses the "Damn Vulnerable Model Context Protocol" (DVMCP), an educational project that intentionally presents vulnerabilities within the Model Context Protocol (MCP). It features 10 progressively challenging scenarios aimed at highlighting different security weaknesses and attack vectors relevant to MCP implementations. The project serves as a learning tool for security researchers, developers, and AI safety professionals. Additionally, it provides resources such as setup guides, challenge descriptions, and solution guides, encouraging users to first attempt the challenges independently before |
Fibonacci Hashing: The Optimization That the World Forgot Published: 2025-04-16 | Origin: /r/programming The author reflects on a recent blog post about hash tables and discovers a new technique called "Fibonacci Hashing" from a comment by Rich Geldreich. Despite their extensive experience with hash tables, the author realizes that Fibonacci Hashing is a significant improvement over traditional methods, which often use prime number sizes and integer modulo for slot mapping. They argue that Fibonacci Hashing is not widely adopted, leading to slower performance in large hash tables, including common implementations like std::unordered_map. The author notes that |
Dirty tricks 6502 programmers use Published: 2025-04-16 | Origin: /r/programming Janne Hellsten's post from August 18, 2019, summarizes a coding competition focused on creating a minimal C64 executable that draws two lines to form a specified image. Participants submitted their programs (PRG files) along with the byte-length and an MD5 hash, shared via Twitter replies and direct messages. The post provides a participant list with links to their source codes and highlights various coding tricks used in the submissions, especially those relevant to 6502 assembly language. The C64 |
IntelliJ IDEA 2025.1 Released Published: 2025-04-16 | Origin: /r/programming IntelliJ IDEA 2025.1 introduces comprehensive support for Java 24 and makes K2 mode the default for an enhanced Kotlin development experience. Key features include enhanced debugging capabilities, powerful code completion, and the integration of JetBrains AI, which now offers free access to various AI tools within the IDE under a streamlined subscription model. This version boosts productivity with smarter code completion and support for new cloud models, while also integrating stable tools like stream gatherers into the workflow. Overall, the update focuses |
Darwin's children drew all over the “On the Origin of Species” manuscript (2014) Published: 2025-04-16 | Origin: Hacker News On February 12, 2014, Darwin Day was celebrated, marking the 205th anniversary of Charles Darwin's birth. Much of his work is accessible online, including through platforms like Darwin Online and the Darwin Manuscripts Project at the American Museum of Natural History. This project features his personal notes and illustrations, including some remarkable nature drawings related to his seminal work, "On the Origin of Species." Among his manuscripts, there are intriguing drawings, some attributed to his children. One notable illustration, |
Fix N+1 Queries Without Eager Loading Using a SQL Subquery Published: 2025-04-16 | Origin: /r/ruby The post discusses how to use SQL subqueries in a Rails application to enhance performance by eliminating N+1 queries. It highlights the common task of fetching a single record from a has_many association, such as the latest comment, order, or activity, which can lead to performance issues when dealing with many associated records. While eager loading with `includes` can prevent N+1 queries, it often results in high memory usage since all associated records are loaded into memory. Instead, the post proposes a |
What Every Programmer Should Know about How CPUs Work • Matt Godbolt Published: 2025-04-16 | Origin: /r/programming Of course! Please provide the content you'd like summarized, and I'll be happy to help. |
Old Ruby and Rails on new hardware with dev containers Published: 2025-04-16 | Origin: /r/ruby The content discusses how to set up an older Ruby (2.1) and Rails (4.0) application on an Apple Silicon Mac using a Visual Studio Code development container. The author faced challenges with installing an older version of OpenSSL on a newer Ubuntu image and ensuring compatibility within an ARM Linux container, along with some complications related to RVM permissions. Despite these issues, the author successfully configured a .devcontainer/Dockerfile to run the application, which has also worked for a colleague. |
Pre-build a Secure Authentication Layer with Authentication Zero for Ruby on Rails Published: 2025-04-16 | Origin: /r/ruby Thomas Riboulet discusses the importance of authentication in web applications, specifically within the Ruby on Rails ecosystem, which lacks a built-in authentication layer. He highlights Devise as a popular solution due to its extensive features and plugins, but notes that it operates separately from applications. An alternative approach is presented through Authentication Zero, which offers configurable scaffolding for authentication that adheres to security best practices. This solution is preferred over building authentication from scratch due to potential security concerns. Authentication Zero simplifies key aspects like user |
Markov Chain Monte Carlo Without All the Bullshit (2015) Published: 2025-04-16 | Origin: Hacker News The author expresses frustration with the complicated terminology and writing style in statistics, particularly when it comes to Markov Chain Monte Carlo (MCMC) methods. They find the language used in descriptions, such as the abstract from the Encyclopedia of Biostatistics, to be unnecessarily jargon-filled and difficult to understand, even for someone who is familiar with the subject. The author believes that complex terminology is often not needed for basic explanations and aims to provide a simpler explanation of MCMC. They liken MCMC to |
CVE program faces swift end after DHS fails to renew contract Published: 2025-04-16 | Origin: Hacker News MITRE announced that its contract with the Department of Homeland Security (DHS) to maintain the Common Vulnerabilities and Exposures (CVE) database will expire on April 16, 2025. This decision has raised significant concerns among cybersecurity experts, including Sasha Romanosky from the Rand Corporation, who described the potential end of the CVE program as "tragic." Romanosky emphasized that the CVE system is essential for tracking software vulnerabilities and making informed decisions about security. Ben |