HN Reader

I'm Peter Roberts, immigration attorney, who does work for YC and startups. AMA

162 points by proberts 7h ago 329 comments

Ask HN: Facing unemployment – what now?

34 points by octo888 4h ago 35 comments

Ask HN: Our only salesperson was working for a competitor. Advice?

8 points by betrayawayed555 3h ago 2 comments

What do people use for on-call these days?

4 points by skullum 3h ago 6 comments

Ask HN: Should Hacker News have a "prompts" section to AI code novel apps/games?

3 points by amichail 4h ago 6 comments

Ask HN: How do you store private keys?

5 points by max_ 5h ago 10 comments

Ask HN: How are you acquiring your first hundred users?

552 points by amanchanda 3d ago 350 comments

Ask HN: What will tech employment look like in 10 years?

75 points by ipnon 5d ago 100 comments

Ask HN: Email Provider for Main Account?

21 points by agent008t 1d ago 20 comments

Ask HN: What's your go-to message queue in 2025?

9 points by enether 1d ago 12 comments

Ask HN: Will We Rethink Calendars?

6 points by kamphey 12h ago 9 comments

Ask HN: Cursor or Windsurf?

305 points by skarat 4d ago 388 comments

Ask HN: How do you store the knowledge gained in a day?

62 points by dennisy 3d ago 89 comments

Symbolic Logic Based LLM

4 points by sandeeptshelvan 23h ago 0 comments

Ask HN: How are you cleaning and transforming data before imports/uploads?

36 points by dataflowmapper 2d ago 33 comments

Ask HN: How would you fund a tech cooperative owned by workers and users?

5 points by prrada 1d ago 6 comments

Ask HN: As a foreigner in the US, how do you find filing taxes here?

5 points by blackhaj7 8h ago 8 comments

Ask HN: Why is no one making FILE_ID.DIZ anymore?

10 points by reconnecting 1d ago 4 comments

MLX EXtended, Array Supercharged

3 points by flreifying 1d ago 0 comments

FlyLoop – AI Agent for Scheduling Meetings and Managing Your Calendar

18 points by localbuilder 3d ago 3 comments

Ask HN: What are your thoughts on LLMs and user privacy?

4 points by eniz 1d ago 8 comments

Ask HN: Is Slack Down?

68 points by abatilo 4d ago 29 comments

Why does macOS prefer using PDF files for icons or UI elements?

2 points by damiaozi 1d ago 2 comments

iOS app that analyzes link behavior like nutrition label, no cloud, open source

6 points by sigbyte 2d ago 2 comments

How Not to Be Overwhelmed

10 points by banrovegrie 2d ago 15 comments

Ask HN: Not sure about the future of tech

20 points by xblpob 4d ago 16 comments

Which AI Agent is your favorite?

3 points by jeyzolo 3d ago 6 comments

Ask HN: How do you like the Framework matte screen?

4 points by christophilus 3d ago 2 comments

Ask HN: Did GitHub UI become unbearably slow?

13 points by zaphodias 4d ago 10 comments

Ask HN: I burnt out, quit my job – any advice on moving to freelance/consulting?

9 points by gardennoise 4d ago 15 comments

Ask HN: What application or website would you use to teach a kid how to type?

3 points by VladVladikoff 2d ago 7 comments

Ask HN: How do you use the knowledge gained in a day?

5 points by mdoliwa 2d ago 5 comments

Ask HN: AI Model for Adult Chat?

3 points by gsky 2d ago 13 comments

Ask HN: Proven Passive Income Streams That Uses AI Agents?

7 points by johndavid9991 2d ago 3 comments

Ask HN: Who's building AI systems rooted in human presence, not performance?

3 points by liefde 2d ago 1 comments

Location-Based Gifting Apps

2 points by mrtranlyvu 2d ago 0 comments

All the games I could find for the Intellivision Home gaming console

6 points by jamesandthewolf 2d ago 2 comments

Ask HN: Should You Include a Certificate in a SAML AuthnRequest?

5 points by andy89 4d ago 2 comments

Detecting Malicious Unicode

29 TangerineDream 7 5/16/2025, 7:15:55 AM daniel.haxx.se ↗

Comments (7)

rurban · 6h ago
I also rerported that to github some years ago and pointed them to use a library of mine to catch such confusables, libu8ident. No reaction whatsoever. Compilers and binutils didn't care neither. They don't care about strings, but even not about names.
crtasm · 1h ago
Some good news at the end of the post:

>Update. GitHub has told me they have raised this as a security issue internally and they are working on a fix.

graemep · 13h ago
Surely the fact that the change is in a domain name (and the diff shows this) is a red flag?
bombcar · 12h ago
That was an example- an attacker would slip it in an actual URL change to make it less noticeable- and a good attacker would have their domain work and redirect until the code was deployed in the wild.
fsflover · 13h ago
Qubes OS protects from such attacks by running all software in isolated VMs and not passing the unicode symbols to the host by default, https://www.qubes-os.org/news/2024/07/13/qubes-os-4-2-2-has-...
poincaredisk · 11h ago
You link says the opposite - the change was very annoying for people that use non-english languages (like me), and:

>By default, qvm-copy and similar tools will use this less restrictive service (qubes.Filecopy +allow-all-names) whenever they detect any files that would be have been blocked by the more restrictive service

Also it looks like this is just for filenames? I can't imagine filtering text like this, that would render the system useless for me.

fsflover · 9h ago
The defense of the host (dom0) from the websites comes from not showing the UTF-8 window titles (https://www.qubes-os.org/doc/config-files/#gui-and-audio-con...). Since all you see inside VMs is isolated, you can show any text inside them safely for dom0.

It gets a bit harder with transferring files between VMs as my original link shows, but you can be protected from that too at some cost.