HN Reader

Ask HN: The government of my country blocked VPN access. What should I use?

870 points by rickybule 13h ago 501 comments

Ask HN: What to learn for math for modeling?

24 points by shivajikobardan 1d ago 11 comments

Best up-to-date guides on Vibe Coding

2 points by grigy 2h ago 0 comments

Ask HN: What to do when you suspect your interview is with a state operative?

14 points by puppycodes 5h ago 0 comments

Staying up to date on the best AI dev workflow?

3 points by peapod91 4h ago 0 comments

Ask HN: Why hasn't x86 caught up with Apple M series?

432 points by stephenheron 3d ago 616 comments

Ask HN: How much better can the LLMs become assuming no AGI

2 points by yalogin 6h ago 2 comments

Ask HN: Services for Shutting Down a Startup?

2 points by Felicia_Juhn 8h ago 4 comments

Ask HN: Anyone working on bringing software back from US clouds?

8 points by sam_lowry_ 16h ago 5 comments

Ask HN: How can I recover and run my old mobile game from the 2010s?

56 points by diasks2 3d ago 46 comments

Ask HN: Where can I see a live octopus in Maine?

7 points by Octopus88 10h ago 1 comments

Ask HN: How to teach a 4 year old to code?

4 points by kamphey 6h ago 8 comments

CompactifAI Inference API

3 points by Compactifai 12h ago 0 comments

Ask HN: Did modern AI's coding abilities make you lose interest in programming?

30 points by amichail 1d ago 42 comments

Anthropick.com Redirects to ChatGPT

13 points by nerdcortex 1d ago 2 comments

Ask HN: What are the best Google alternatives in 2025?

15 points by eel 1d ago 4 comments

Petition to stop Google from restricting sideloading and FOSS apps

273 points by nativeforks 19h ago 181 comments

Ask HN: GitHub Copilot down?

58 points by thecopy 1d ago 21 comments

Ask HN: What to Do with Old iPads?

30 points by owenmakes 2d ago 19 comments

Ask HN: Best codebases to study to learn software design?

103 points by pixelworm 5d ago 90 comments

Units of Economics of LLMs. Reply to Ed Zitron's "AI Is a Money Trap"

6 points by tudorizer 1d ago 8 comments

Ask HN: Does sentience put stress on the brain?

7 points by trinsic2 2d ago 7 comments

Ask HN: Windows 11 Update Fail – Linux Distro Suggestions?

4 points by giardini 12h ago 7 comments

Ask HN: Is there a temp phone number like temp email?

9 points by piratesAndSons 2d ago 11 comments

Ask HN: How to Learn to Build Agentic AI Systems (Like Claude Code)

8 points by hhimanshu 1d ago 4 comments

Out of curiosity: what kind of people use this "forum" (I mean Hacker News)?

21 points by adinhitlore 2d ago 28 comments

Ask HN: Why are so many services rejecting Google Voice numbers for signups?

13 points by electric_muse 2d ago 19 comments

Ask HN: What measures are you taking to stop AI crawlers?

6 points by kjok 1d ago 14 comments

Ask HN: Is backlink trading still a problem worth solving?

3 points by sathishn 1d ago 2 comments

Ask HN: What should I use to run React Native tests on a device?

4 points by dboreham 2d ago 0 comments

Stop squashing your commits. You're squashing your AI too

4 points by jannesblobel 2d ago 10 comments

Ask HN: Are AI filters becoming stricter than society itself?

29 points by tsevis 5d ago 16 comments

Ask HN: Any experienced devs who use AI extensively in their work?

3 points by atleastoptimal 2d ago 4 comments

Ask HN: I just abandoned my PyCharm subscription, what should I use now?

23 points by jmward01 4d ago 23 comments

Tell HN: any reasonably used DB will likely outlast the programs using it

3 points by dvrp 1d ago 1 comments

Ask HN: How do you find early stage startups to join

44 points by gavino 6d ago 23 comments

Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May

25 speckx 1 8/28/2025, 7:38:24 PM doublepulsar.com ↗

Comments (1)

worik · 9h ago
> How? Calls are made to the Netscaler box to the endpoint /cgi/api/login, with a client supplied certificate. By sending hundreds of requests, you can overwrite chunks of memory in the hope of executing code.

> I would recommend, if logs exist, checking for web access requests to /cgi/api/login on your Netscaler devices. These will be large POST requests.

So hundreds of invalid certificates? Infeasibly large POST requests? Seems to me that this vulnerability depends on not having good defense in depth

"If logs exist"?! It blows my tiny little mind that keeping logs has gone out of fashion

Our industry is in deep long term shit. We have adopted awful practices because they are cheaper, and secure systems look the same as insecure systems, but cost more.

We can build reliable secure systems from unreliable fault prone parts, we know how, but nobody will let us

I am depressed