HN Reader

Public/protected/private is an unnecessary feature (catern.com)

1 points by todsacerdoti 2m ago 0 comments

Ask HN: Can you jailbreak my application? (swayblocks.com)

1 points by adi-io 4m ago 0 comments

Ask HN: How do startups create fancy websites?

1 points by ciwolex 5m ago 0 comments

Ask HN: Negotiating sale of property to a datacenter company

1 points by rhmw2b 6m ago 0 comments

Show HN: Expressio – AI-Automated Internationalization (github.com)

1 points by jvanveen 6m ago 0 comments

French lawmakers unanimously back posthumous promotion for Captain Dreyfus (lemonde.fr)

1 points by nabla9 9m ago 0 comments

Show HN: PostPal – AI-powered social media content scheduler with brand voice (postpal.live)

1 points by zadahmed 10m ago 0 comments

Open-Source TPDE Can Compile Code 10-20x Faster Than LLVM (phoronix.com)

1 points by truth_seeker 10m ago 0 comments

Updates to Windows for the Digital Markets Act (blogs.windows.com)

1 points by pentagrama 12m ago 0 comments

Ask HN: Where do you store SQL and does it cut down "can you pull this?" pings?

4 points by garrettwolfe 12m ago 0 comments

ChatGPT's Em Dash Habit: A Training Artifact or Design Choice? (community.openai.com)

3 points by latchkey 14m ago 0 comments

D3D12 Cooperative Vector (devblogs.microsoft.com)

1 points by ibobev 14m ago 0 comments

ZeroEntropy (zeroentropy.dev)

1 points by handfuloflight 15m ago 0 comments

Distributed Cache for AWS S3 (clickhouse.com)

1 points by zX41ZdbW 19m ago 0 comments

Ask HN: Is offering a one-time payment stupid?

3 points by bigscrankus 19m ago 4 comments

Automate your Ubuntu/Debian dev environment setup with auto conf (github.com)

1 points by mokulanis 19m ago 1 comments

Will AI Break the Economic Model We Know? (rishimodha.substack.com)

1 points by n9com 21m ago 0 comments

Snowflake to Buy Crunchy Data for $250M (wsj.com)

9 points by mfiguiere 22m ago 0 comments

The Twelve Orders of Soil Taxonomy (nrcs.usda.gov)

2 points by tusslewake 22m ago 1 comments

Ask HN: Should science ensure NDEs are pleasant without damaging the brain?

2 points by amichail 25m ago 3 comments

Steroids, Science, and $1M Payouts: Inside the Enhanced Games (huddleup.substack.com)

1 points by MarcoDewey 26m ago 0 comments

KaOS Linux 2025.05 Officially Qt5 Free (linux-magazine.com)

1 points by kristianp 29m ago 0 comments

Show HN: I build one absurd web project every month (absurd.website)

4 points by absurdwebsite 31m ago 3 comments

Insufficiently festive cookies and other stories of ridiculous micromanagement (askamanager.org)

1 points by MBCook 31m ago 0 comments

Reverse Engineering SA:MP's Packet Obfuscation (tarasyk.ca)

1 points by carlos-menezes 32m ago 0 comments

What Is a "Social Media Platform"?–NetChoice v. Uthmeier (blog.ericgoldman.org)

1 points by hn_acker 32m ago 0 comments

Typing 118 WPM Broke My Brain in the Right Ways (balaji-amg.surge.sh)

5 points by b0a04gl 35m ago 0 comments

Snowflake finance veep says big corps migrate at a glacial pace (theregister.com)

1 points by rntn 36m ago 0 comments

Ladybird Browser Update (May 2025) (youtube.com)

1 points by net01 39m ago 1 comments

Queer in the country: Why some LGBTQ Americans prefer rural life to urban (theconversation.com)

6 points by PaulHoule 41m ago 1 comments

Software Century (softwarecentury.com)

1 points by sdan 42m ago 0 comments

GoDaddy Issues Certificates That Don't Work in Safari (Again) (sslmate.com)

1 points by todsacerdoti 42m ago 0 comments

My Father's Seven Days (rei.com)

1 points by thehoff 45m ago 0 comments

2025 Stack Overflow Developer Survey (stackoverflow.az1.qualtrics.com)

2 points by joshdavham 45m ago 0 comments

Not Every Em Dash Comes from ChatGPT (iamvishnu.com)

2 points by vishnuharidas 46m ago 2 comments

They Were Diagnosed with Autism as Adults. It Has Changed Their Lives (wsj.com)

1 points by ViktorRay 48m ago 1 comments

Gangs of Los Angeles Google Map (google.com)

1 points by ydnaclementine 50m ago 0 comments

A new calculation for the first-ever nuclear test (2022) (lanl.gov)

1 points by LAsteNERD 50m ago 0 comments

Ford is recalling nearly 30000 F-150 Lightning EV pickups (electrek.co)

1 points by gnabgib 52m ago 0 comments

Shell injection in Arris and Motorola TV boxes (full-disclosure.eu)

2 points by ranger_121 53m ago 0 comments

Vaadin Brand Toolkit (brand.vaadin.com)

1 points by jojule 54m ago 1 comments

LLMs Are Cheap (snellman.net)

2 points by ingve 55m ago 0 comments

LLM Engine Advisor (modal.com)

3 points by pierremenard 55m ago 0 comments

Exhumation and Reburial of Richard III of England (en.wikipedia.org)

1 points by cpach 56m ago 0 comments

Your Cat Knows Your Scent (nytimes.com)

1 points by bookofjoe 1h ago 5 comments

Show HN: Transform Years of Content into a Conversational Knowledge Base (blog.marcolancini.it)

1 points by okram87 1h ago 0 comments

RSS 2.0 Specification (2009) (rssboard.org)

3 points by susam 1h ago 0 comments

Purchase power parity adjusted USD conversion rate, per country (imf.org)

2 points by o999 1h ago 0 comments

xAI plans $300M share sale to allow for new investors: report (msn.com)

2 points by StanAngeloff 1h ago 0 comments

Tailscale Coordination Server Outage (status.tailscale.com)

4 points by tosh 1h ago 1 comments

OneDrive File Picker Flaw Provides Apps Full Read Access Entire OneDrive

19 ano-ther 4 6/1/2025, 8:31:19 PM oasis.security ↗

Comments (4)

pawanjswal · 14h ago
It's hard to believe that the OneDrive File Picker still doesn't have fine grained OAuth scopes in 2025. Allowing read access to the whole drive just to upload one file goes against the principle of least privilege.
mchenier · 15h ago
One way to avoid this problem and considerably reduce the attack surface is to: 1- Create a dummy Onedrive account. 2- Share a folder on your main Onedrive to the dummy account. 3- In the dummy account, maps the shared link to a folder for easier access as if it was a normal folder. (May not be required for some apps). 4- Only lets third party apps access the dummy Onedrive account with its single folder.

This doesn’t give access to your main Onedrive account to any apps, just the files and folders under the shared folder you have shared with the dummy account.

ThePowerOfFuet · 12h ago
To summarize: "Avoid OneDrive."
type0 · 3h ago
> In response, Microsoft is considering future improvements

Who knows, maybe it works as intended, that's MS Windows in a nutshell