HN Reader

Redis is open source again (antirez.com)

1881 points by antirez 4d ago 779 comments

Widespread power outage in Spain and Portugal (bbc.com)

1557 points by lleims 7d ago 1163 comments

Someone at YouTube needs glasses (jayd.ml)

1409 points by jaydenmilne 5d ago 690 comments

I'd rather read the prompt (claytonwramsey.com)

1293 points by claytonwramsey 1d ago 770 comments

Apple violated antitrust ruling, judge finds (wsj.com)

1160 points by shayneo 4d ago 596 comments

I use zip bombs to protect my server (idiallo.com)

1069 points by foxfired 6d ago 443 comments

Judge rules Apple executive lied under oath, makes criminal contempt referral (thebignewsletter.com)

1020 points by connor11528 4d ago 356 comments

Watching o3 guess a photo's location is surreal, dystopian and entertaining (simonwillison.net)

986 points by simonw 9d ago 433 comments

Show HN: I built a hardware processor that runs Python (runpyxl.com)

982 points by hwpythonner 7d ago 265 comments

Internet in a Box (internet-in-a-box.org)

895 points by homebrewer 8d ago 246 comments

Qwen3: Think deeper, act faster (qwenlm.github.io)

864 points by synthwave 7d ago 384 comments

LibreLingo – FOSS Alternative to Duolingo (librelingo.app)

800 points by hyperific 6d ago 361 comments

Firefox tab groups are here (blog.mozilla.org)

798 points by TangerineDream 6d ago 440 comments

Office is too slow, so Microsoft is making it load at Windows startup (pcworld.com)

796 points by airstrike 4d ago 1013 comments

An end to all this prostate trouble? (yarchive.net)

790 points by bondarchuk 9d ago 315 comments

Finland Bans Smartphones in Schools (yle.fi)

782 points by freetonik 5d ago 468 comments

Design for 3D-Printing (blog.rahix.de)

752 points by q3k 1d ago 184 comments

Show HN: Free, in-browser PDF editor (breezepdf.com)

752 points by philjohnson 2d ago 164 comments

ICE Deports 3 U.S. Citizen Children Held Incommunicado Prior to the Deportation (aclu.org)

741 points by mandmandam 9d ago 814 comments

Migrating away from Rust (deadmoney.gg)

730 points by rc00 7d ago 754 comments

Claude Integrations (anthropic.com)

722 points by bryanh 4d ago 256 comments

Port of Los Angeles says shipping volume will plummet 35% next week (cnbc.com)

718 points by perihelions 5d ago 642 comments

I created Perfect Wiki and reached $250k in annual revenue without investors (habr.com)

715 points by sochix 5d ago 399 comments

Try Switching to Kagi (daringfireball.net)

713 points by Ch00k 6d ago 464 comments

Only Teslas exempt from new auto tariffs thanks to 85% domestic content rule (fuelarc.com)

639 points by abduhl 5d ago 686 comments

All four major web browsers are about to lose 80% of their funding (danfabulich.medium.com)

633 points by dfabulich 6d ago 631 comments

Starting July 1, academic publishers can't paywall NIH-funded research (nih.gov)

630 points by m463 4d ago 107 comments

Accountability Sinks (250bpm.substack.com)

605 points by msustrik 2d ago 387 comments

Jepsen: Amazon RDS for PostgreSQL 17.4 (jepsen.io)

605 points by aphyr 6d ago 145 comments

Show HN: My self-written hobby OS is finally running on my vintage IBM ThinkPad (github.com)

573 points by joexbayer 9d ago 116 comments

How to live an intellectually rich life (utsavmamoria.substack.com)

571 points by TheLadyParadox 3d ago 316 comments

Sycophancy in GPT-4o (openai.com)

553 points by dsr12 5d ago 441 comments

Chain of Recursive Thoughts: Make AI think harder by making it argue with itself (github.com)

538 points by miles 6d ago 239 comments

The Friendship Recession: The lost art of connecting (happiness.hks.harvard.edu)

535 points by 47thpresident 9d ago 447 comments

Retailers will soon have only about 7 weeks of full inventories left (fortune.com)

527 points by andrewfromx 5d ago 987 comments

Cloth (cloudofoz.com)

518 points by memalign 9d ago 59 comments

Why did Windows 7 log on slower for months if you had a solid color background? (devblogs.microsoft.com)

504 points by zdw 6d ago 295 comments

A faster way to copy SQLite databases between computers (alexwlchan.net)

501 points by ingve 4d ago 195 comments

How a single line of code could brick your iPhone (rambo.codes)

501 points by sashk 8d ago 123 comments

We fell out of love with Next.js and back in love with Ruby on Rails (hardcover.app)

500 points by mike1o1 2d ago 487 comments

Show HN: I built a synthesizer based on 3D physics (anukari.com)

493 points by humbledrone 3d ago 122 comments

Xiaomi MiMo Reasoning Model (github.com)

479 points by thm 5d ago 190 comments

DuckDB is probably the most important geospatial software of the last decade (dbreunig.com)

475 points by dbreunig 2d ago 157 comments

Why Archers Didn't Volley Fire (acoup.blog)

475 points by StefanBatory 2d ago 272 comments

108B Pixel Scan of Johannes Vermeer's Girl with a Pearl Earring (hirox-europe.com)

474 points by twalichiewicz 4d ago 138 comments

How the US defense secretary circumvents official DoD communications equipment (electrospaces.net)

469 points by Harvesterify 4d ago 432 comments

Show HN: I made a web-based, free alternative to Screen Studio (screenrecorder.me)

462 points by johnwheeler 7d ago 116 comments

The Death of Daydreaming (afterbabel.com)

460 points by isolli 8h ago 187 comments

Apple App Store guidelines remove ban on encouraging external payments in US (developer.apple.com)

456 points by macguillicuddy 3d ago 342 comments

You Wouldn't Download a Hacker News (jasonthorsness.com)

456 points by jasonthorsness 5d ago 227 comments

Why Apple still lets malformed media files reach decoders – and how to stop it

2 jamweba 1 5/5/2025, 12:07:17 PM
Proposed: a memory-safe, pre-decoder validator layer for media inputs (MP4, MOV, etc) that Apple could deploy without changing existing decoders.

Eliminates a class of zero-click exploits. No format breakage. No patching.

https://jam2we5b3a.medium.com/this-is-the-future-apple-should-already-be-shipping-054c69d78e50

Comments (1)

jamweba · 8h ago
Most media decoders still process unvalidated files — which keeps zero-click attack surfaces wide open.

This write-up outlines a minimal architectural fix: a structural validator that intercepts files before decoding begins.

    It needs no decoder rewrites

    It's format-agnostic (MP4, MOV, PNG, etc.)

    It works with existing delivery paths (AirDrop, Mail, Safari)

    And it could be deployed today
Curious what others think: Why hasn’t this already been adopted? Would Apple (or anyone) ship it?