HN Reader

LLM Inevitabilism (tomrenner.com)

1691 points by SwoopsFromAbove 2d ago 1603 comments

Adding a feature because ChatGPT incorrectly thinks it exists (holovaty.com)

1293 points by adrianh 10d ago 423 comments

OpenAI’s Windsurf deal is off, and Windsurf’s CEO is going to Google (theverge.com)

1051 points by rcchen 6d ago 684 comments

MacPaint Art from the Mid-80s Still Looks Great Today (blog.decryption.net.au)

1043 points by decryption 5d ago 196 comments

Kiro: A new agentic IDE (kiro.dev)

1038 points by QuinnyPig 3d ago 451 comments

Bypassing Google's big anti-adblock update (0x44.xyz)

1038 points by deryilz 5d ago 911 comments

Bootstrapping a side project into a profitable seven-figure business (projectionlab.com)

994 points by jonkuipers 10d ago 257 comments

Nvidia won, we all lost (blog.sebin-nyshkim.net)

993 points by todsacerdoti 13d ago 571 comments

Linux Reaches 5% Desktop Market Share in USA (ostechnix.com)

949 points by marcodiego 1d ago 595 comments

My open source project was relicensed by a YC company [license updated] (twitter.com)

947 points by sohzm 14d ago 506 comments

Show HN: Ten years of running every day, visualized (nodaysoff.run)

936 points by friggeri 7d ago 481 comments

Local-first software (2019) (inkandswitch.com)

883 points by gasull 12d ago 297 comments

Introducing tmux-rs (richardscollin.github.io)

868 points by Jtsummers 14d ago 292 comments

Supabase MCP can leak your entire SQL database (generalanalysis.com)

845 points by rexpository 9d ago 468 comments

Let me pay for Firefox (discourse.mozilla.org)

803 points by csmantle 4d ago 615 comments

Bitchat – A decentralized messaging app that works over Bluetooth mesh networks (github.com)

793 points by ananddtyagi 11d ago 401 comments

Being too ambitious is a clever form of self-sabotage (maalvika.substack.com)

771 points by alihm 13d ago 210 comments

Measuring the impact of AI on experienced open-source developer productivity (metr.org)

766 points by dheerajvs 7d ago 484 comments

Grok: Searching X for "From:Elonmusk (Israel or Palestine or Hamas or Gaza)" (simonwillison.net)

729 points by simonw 7d ago 543 comments

Reflections on OpenAI (calv.info)

725 points by calvinfo 2d ago 413 comments

Are we the baddies? (geohot.github.io)

716 points by AndrewSwift 11d ago 523 comments

ETH Zurich and EPFL to release a LLM developed on public infrastructure (ethz.ch)

712 points by andy99 6d ago 98 comments

Supreme Court's ruling practically wipes out free speech for sex writing online (ellsberg.substack.com)

697 points by macawfish 5d ago 1030 comments

At Least 13 People Died by Suicide Amid U.K. Post Office Scandal, Report Says (nytimes.com)

671 points by xbryanx 6d ago 556 comments

Ukrainian hackers destroyed the IT infrastructure of Russian drone manufacturer (prm.ua)

650 points by doener 1d ago 457 comments

The Rise of Whatever (eev.ee)

643 points by cratermoon 13d ago 508 comments

US Court nullifies FTC requirement for click-to-cancel (arstechnica.com)

602 points by gausswho 9d ago 556 comments

Websites hosting major US climate reports taken down (apnews.com)

599 points by geox 15d ago 393 comments

Show HN: Shoggoth Mini – A soft tentacle robot powered by GPT-4o and RL (matthieulc.com)

585 points by cataPhil 2d ago 107 comments

Tree Borrows (plf.inf.ethz.ch)

584 points by zdw 8d ago 146 comments

How does a screen work? (makingsoftware.com)

578 points by chkhd 4d ago 108 comments

Mercury: Ultra-fast language models based on diffusion (arxiv.org)

576 points by PaulHoule 10d ago 242 comments

Oakland cops gave ICE license plate data; SFPD also illegally shared with feds (sfstandard.com)

573 points by danso 3d ago 523 comments

Happy 20th Birthday, Django (djangoproject.com)

573 points by davepeck 4d ago 181 comments

Postgres LISTEN/NOTIFY does not scale (recall.ai)

571 points by davidgu 10d ago 319 comments

Hidden interface controls that affect usability (interactions.acm.org)

565 points by cxr 12d ago 449 comments

Cloudflare 1.1.1.1 Incident on July 14, 2025 (blog.cloudflare.com)

554 points by nomaxx117 2d ago 378 comments

Linda Yaccarino is leaving X (nytimes.com)

552 points by donohoe 8d ago 1050 comments

Nobody has a personality anymore: we are products with labels (freyaindia.co.uk)

551 points by drankl 11d ago 498 comments

Apple's MLX adding CUDA support (github.com)

545 points by nsagent 3d ago 203 comments

I extracted the safety filters from Apple Intelligence models (github.com)

540 points by BlueFalconHD 11d ago 437 comments

Data brokers are selling flight information to CBP and ICE (eff.org)

536 points by exiguus 3d ago 286 comments

SVGs that feel like GIFs (koaning.io)

534 points by cantdutchthis 9d ago 131 comments

I used o3 to profile myself from my saved Pocket links (noperator.dev)

533 points by noperator 10d ago 204 comments

Open letter accuses BBC board member of having a conflict of interest on Gaza (theguardian.com)

527 points by mhga 10d ago 353 comments

Jane Street barred from Indian markets as regulator freezes $566M (cnbc.com)

521 points by bwfan123 11d ago 338 comments

Show HN: I wrote a "web OS" based on the Apple Lisa's UI, with 1-bit graphics (alpha.lisagui.com)

516 points by ayaros 11d ago 142 comments

Apple's Browser Engine Ban Persists, Even Under the DMA (open-web-advocacy.org)

513 points by yashghelani 3d ago 368 comments

ChatGPT agent: bridging research and action (openai.com)

510 points by Topfi 11h ago 364 comments

Cognition (Devin AI) to Acquire Windsurf (cognition.ai)

497 points by alazsengul 3d ago 432 comments

API Security in IAM: Architecture, Best Practices, and Threat Mitigation

1 guptadeepak 1 7/17/2025, 7:12:19 PM guptadeepak.com ↗

Comments (1)

guptadeepak · 8h ago
I wrote this article to highlight how tightly API security and IAM must be integrated at the architectural level for modern organizations. A few core points: -Implementing OAuth 2.0/OpenID Connect for token-based auth is now baseline, but RBAC/ABAC and API gateway-enforced policies are essential for granular authorization at scale -Key technical challenges include securing internal microservices APIs (not just public endpoints), applying uniform rate limits at both the user and endpoint levels, and establishing SIEM-integrated monitoring for real-time detection of anomalous API usage

For teams tackling these issues: what strategies have proven most effective for enforcing least privilege and dynamic access controls across heterogeneous API environments?