HN Reader

Show HN: Remixable MCP Server with ChatBotKit (chatbotkit.com)

1 points by _pdp_ 5m ago 0 comments

Yelp Is a Full Featured, Unhinged Boomer Social Media Platform (2024) (poorlyideated.com)

2 points by skramzy 6m ago 0 comments

Vibe coding some throwaway image manipulation scripts (github.com)

1 points by kwindla 7m ago 0 comments

New Religious Liberty Commission. Progress or Prophecy? (amazingfacts.org)

1 points by afaxwebgirl 8m ago 0 comments

Show HN: AI Language Tutor (only Spanish now) (enkitalki.com)

1 points by denieler 8m ago 0 comments

Viug: AI-Powered Video Generation Platform (Next.js, AWS, Stripe) (viug.ai)

1 points by johnnyChiv 8m ago 1 comments

Show HN: My progress in training dogs to vibe code B2B SaaS apps (dogomation.com)

1 points by jimhi 9m ago 0 comments

Transparent Metal (en.wikipedia.org)

1 points by prmph 11m ago 1 comments

China Just Made the Fastest Transistor and It Is Not Made of Silicon (zmescience.com)

4 points by sharjeelsayed 11m ago 0 comments

Respect the CSV (github.com)

1 points by aray07 12m ago 0 comments

Scaling our fleet through U.S. manufacturing (waymo.com)

2 points by xnx 12m ago 0 comments

How to Build High-Speed Rail on the Northeast Corridor (transitcosts.com)

1 points by ruddct 14m ago 0 comments

A Tor/Proxychains indicator for your terminal (github.com)

1 points by emamoah 17m ago 1 comments

Show HN: Redactifi: Browser extension that redacts sensitive info from AI prompt (redactifi.com)

1 points by spencerh21 19m ago 0 comments

Heart Disease Deaths Worldwide Linked to Chemical Widely Used in Plastics (nyulangone.org)

4 points by gmays 19m ago 0 comments

The Code Element (heydonworks.com)

1 points by ulrischa 21m ago 0 comments

Show HN: AutoSREAgent, a simple SRE Agent to go over your log files (github.com)

1 points by just-another-se 23m ago 0 comments

Jujutsu Docs (jj-vcs.github.io)

2 points by ulrischa 26m ago 0 comments

The Creative Power of Constraints (arun.is)

5 points by zhenpixels 27m ago 1 comments

As an experienced LLM user, I don't use generative LLMs often (minimaxir.com)

43 points by minimaxir 28m ago 8 comments

Show HN: Filmle – Wordle for Films/TV Shows (filmle.site)

1 points by Haris1245 28m ago 0 comments

The Em Dash Conspiracy: More and More of Reddit Is from LLMs (github.com)

1 points by nanfinitum 30m ago 0 comments

Fx: A (micro)blogging server that you can self-host (github.com)

3 points by thunderbong 31m ago 0 comments

Starlink Terms of Service (starlink.com)

4 points by Bluestein 32m ago 1 comments

Goodbye, Skype (blog.kaplich.me)

3 points by skaplich 34m ago 0 comments

Trump set to raise millions from crypto and meme coin this month (cnbc.com)

5 points by spenvo 38m ago 0 comments

Smaller, faster serialization for Ruby apps and beyond (oldmoe.blog)

1 points by todsacerdoti 38m ago 0 comments

Lessons from Agentforce Customer Conversations (salesforce.com)

1 points by fernly 38m ago 0 comments

Israel security cabinet approves plan to 'capture' Gaza, official says (bbc.com)

7 points by Jimmc414 40m ago 0 comments

Accessing subsystem logging configurations used by macOS unified logging (derflounder.wordpress.com)

1 points by chmaynard 42m ago 0 comments

Ask HN: Looking for prior HN post about author similarity

1 points by verdverm 43m ago 1 comments

If Your Commute Is a Nightmare, Blame Congress (bloomberg.com)

2 points by JumpCrisscross 43m ago 0 comments

Social media use in adolescents with and without mental health conditions (nature.com)

1 points by rntn 45m ago 0 comments

Zero to One: Learning Agentic Patterns (philschmid.de)

2 points by FourSigma 45m ago 0 comments

AI Agents Are Here. So Are the Threats (unit42.paloaltonetworks.com)

1 points by abhisek 47m ago 0 comments

"Social media" has always been oxymoronic (robhorning.substack.com)

1 points by rpgbr 47m ago 0 comments

M&S pauses recruitment amid ongoing cyber attack (news.sky.com)

2 points by 01-_- 49m ago 0 comments

Guide to Lower Mainland Arcades (1996) (mikesarcade.com)

2 points by corny 49m ago 1 comments

China Plans to Bring Back Samples of Venusian Clouds (spectrum.ieee.org)

3 points by perihelions 49m ago 0 comments

China's insider trading crackdown is backfiring. Experts explain why (phys.org)

2 points by PaulHoule 50m ago 0 comments

Claude and I write a utility program (blog.plover.com)

2 points by fernly 51m ago 0 comments

Show HN: TextQuery – Query CSV, JSON, XLSX Files with SQL (textquery.app)

26 points by shubhamjain 51m ago 12 comments

Datasets Are All You Need (LLM Learns to Prompt from Data) (github.com)

1 points by intellectronica 52m ago 0 comments

Google Plans to Roll Out Its A.I. Chatbot to Children Under 13 (nytimes.com)

2 points by asnyder 52m ago 0 comments

Distributed server for social and realtime games and apps (github.com)

2 points by icar 53m ago 0 comments

Flattening Rust's Learning Curve (corrode.dev)

1 points by mre 54m ago 0 comments

An Introduction to Futarchy (2014) (blog.ethereum.org)

1 points by Bluestein 56m ago 0 comments

Open Letter Against ProtectEU (tuta.com)

3 points by nickslaughter02 56m ago 0 comments

Converting a folder of ZIPs into Git history (op-co.de)

1 points by ge0rg 56m ago 0 comments

We're having sex inside Moby Dick! The wild architecture of Japan's love hotels (theguardian.com)

1 points by n1b0m 57m ago 0 comments

Why Apple still lets malformed media files reach decoders – and how to stop it

2 jamweba 1 5/5/2025, 12:07:17 PM
Proposed: a memory-safe, pre-decoder validator layer for media inputs (MP4, MOV, etc) that Apple could deploy without changing existing decoders.

Eliminates a class of zero-click exploits. No format breakage. No patching.

https://jam2we5b3a.medium.com/this-is-the-future-apple-should-already-be-shipping-054c69d78e50

Comments (1)

jamweba · 5h ago
Most media decoders still process unvalidated files — which keeps zero-click attack surfaces wide open.

This write-up outlines a minimal architectural fix: a structural validator that intercepts files before decoding begins.

    It needs no decoder rewrites

    It's format-agnostic (MP4, MOV, PNG, etc.)

    It works with existing delivery paths (AirDrop, Mail, Safari)

    And it could be deployed today
Curious what others think: Why hasn’t this already been adopted? Would Apple (or anyone) ship it?