HN Reader

Ask HN: Why hasn't x86 caught up with Apple M series?

334 points by stephenheron 19h ago 451 comments

High rate of LLM (GPT5) hallucinations in dense stats domains (cricket)

2 points by sp1982 24m ago 0 comments

Ask HN: What to Do with Old iPads?

15 points by owenmakes 4h ago 14 comments

Ask HN: How can I recover and run my old mobile game from the 2010s?

44 points by diasks2 1d ago 43 comments

429 Too Many Requests from registry.npmjs.org

2 points by mirekrusin 3h ago 2 comments

Ask HN: Why do people hate on Sabine Hossenfelder so much?

2 points by ieuanking 35m ago 4 comments

Stop squashing your commits. You're squashing your AI too

2 points by jannesblobel 7h ago 7 comments

How can a mutex in Wine be faster than a native one on Linux

3 points by lh_mouse 8h ago 1 comments

Ask HN: What is wrong with modern software development

5 points by fzeindl 9h ago 5 comments

Ask HN: Recommandation for an Ergonomic Keyboard?

7 points by cx42net 10h ago 15 comments

Ask HN: Someone has committed 20K+ LoC to a PR, exhausting my CI & AI workflows

3 points by zacian 10h ago 4 comments

Ask HN: Best codebases to study to learn software design?

100 points by pixelworm 2d ago 89 comments

Ask HN: Why does the US Visa application website do a port-scan of my network?

536 points by mbix77 6d ago 251 comments

Ask HN: How can I trace what user queries make AI bots crawl my site?

4 points by ATechGuy 18h ago 2 comments

Ask HN: Are AI filters becoming stricter than society itself?

29 points by tsevis 2d ago 16 comments

Ask HN: I just abandoned my PyCharm subscription, what should I use now?

21 points by jmward01 1d ago 21 comments

ASK HN: AI in high school. Will teachers and schools have to compensate?

2 points by qrsbrrr 22h ago 3 comments

Ask HN: What is your source for answers?

3 points by Haeuserschlucht 23h ago 5 comments

Ask HN: Devices to allow children to listen to podcasts on my local network?

2 points by jareds 1d ago 1 comments

DSPy GEPA Example: Listwise Reranker

3 points by CShorten 1d ago 0 comments

Ask HN: Best Marketplaces for Used Servers?

6 points by bloudermilk 1d ago 11 comments

Ask HN: No easy way for tvOS to display long documents (e.g., terms of service)?

6 points by amichail 1d ago 5 comments

Ask HN: What is the biggest problem LLMs solved in your life/work

16 points by mrs6969 2d ago 29 comments

Problem with Payment Gateways

12 points by tposter 2d ago 8 comments

Ask HN: How do you find early stage startups to join

43 points by gavino 4d ago 23 comments

Ask HN: Does using public transportation make you more creative than driving?

6 points by amichail 1d ago 11 comments

HeartWatch: A Proactive Child Safety System

4 points by Richard_Damge 1d ago 2 comments

Gemini in Gmail Is Pretty Well Useless

3 points by airbreather 2d ago 0 comments

Ask HN: Why is Apple so far behind with Siri?

10 points by davidajackson 3d ago 16 comments

Ask HN: What's Hacker News's vision for the future?

19 points by gooob 3d ago 19 comments

Can you recommend movies like The Social Network?

13 points by ismailsevik 3d ago 16 comments

Ask HN: Is it possible to do great things in STEM in a not so great country?

11 points by shivajikobardan 3d ago 10 comments

Ask HN: Non-Smart TV Recommendations?

19 points by behnamoh 4d ago 23 comments

AI App Dev Log: The Story of Our App Begins

5 points by monstergpt 2d ago 0 comments

Where is the exponential growth part of AI?

12 points by anon191928 5d ago 21 comments

Ask HN: Anyone have experience renting cloud GPUs?

5 points by chosewon 2d ago 4 comments

Ask HN: What can I do to fight internet censorship in Spain as a non-EU citizen?

8 points by PutaXavier 2d ago 6 comments

Ask HN: How do you deal with the fear of installing potentially risky tools?

1 easypancakes 1 8/26/2025, 12:44:14 PM
There are some open-source tools—popular and widely used—that I’m honestly a bit scared to run on my work laptop (since it has access to credentials, production servers, etc.). For example, I always feel a little nervous about installing something like k9s.

This all started after the xz backdoor incident. Since then, I can’t shake the thought that if I install the wrong thing, it could mess things up really badly. At the same time, these tools could make my life at work so much easier.

Emacs is another example. With or without packages, it installs a bunch of stuff I don’t really understand. Because of that, I usually just stick to the basics: VS Code, Terraform, kubectl—tools I feel safer with because they come from well-known sources.

So I’m curious: how do you deal with this? Do you ever worry about your work machine getting compromised because of an open-source tool you installed? Any advice is appreciated.

Comments (1)

0x3f · 4h ago
IMO it's up to the company to have a posture about this stuff. If the team expects you to use dependencies at the level of left-pad without any further scrutiny, then that's their risk appetite. Of course you can argue for or against this as part of the normal course of things.

In an average startup/mid-size (i.e. a place with no enforced controls) I really doubt the soft expectation would be for you as a random engineer to pre-empt something like the xz backdoor. Or be worried about something as well-used as k9s/emacs.

Of course, some companies are special cases with different expectations and requirements, ymmv.