HN Reader

Personal care products disrupt the human oxidation field (science.org)

120 points by XzetaU8 2h ago 56 comments

Tools I love: mise(-en-place) (blog.vbang.dk)

53 points by micvbang 1h ago 20 comments

I made my VM think it has a CPU fan (wbenny.github.io)

277 points by todsacerdoti 5h ago 55 comments

Show HN: Octelium – FOSS Alternative to Teleport, Cloudflare, Tailscale, Ngrok (github.com)

203 points by geoctl 8h ago 72 comments

Unhooking from Amazon Ebooks (remysharp.com)

7 points by Timothee 38m ago 1 comments

4-10x faster in-process pub/sub for Go (github.com)

47 points by kelindar 4h ago 7 comments

Bloom Filters by Example (llimllib.github.io)

132 points by ibobev 7h ago 15 comments

Loss of key US satellite data could send hurricane forecasting back 'decades' (theguardian.com)

72 points by trauco 1h ago 34 comments

CEOs say AI is just a tool to help workers, but our jobs are already on the line (gizmodo.com)

10 points by rntn 14m ago 2 comments

Using the Internet without IPv4 connectivity (jamesmcm.github.io)

229 points by jmillikin 11h ago 101 comments

Web Numbers (ar.al)

19 points by surprisetalk 2d ago 17 comments

The Medley Interlisp Project: Reviving a Historical Software System [pdf] (interlisp.org)

50 points by pamoroso 4h ago 4 comments

America's Coming Smoke Epidemic (theatlantic.com)

37 points by JumpCrisscross 2h ago 3 comments

Tell HN: (dictionary|thesaurus).reference.com is now a spam site

16 points by akkartik 53m ago 1 comments

Show HN: A tool to benchmark LLM APIs (OpenAI, Claude, local/self-hosted) (llmapitest.com)

10 points by mrqjr 3h ago 2 comments

Why Go Rocks for Building a Lua Interpreter (zombiezen.com)

26 points by Bogdanp 3d ago 11 comments

Brad Woods Digital Garden (garden.bradwoods.io)

26 points by samuel246 2d ago 3 comments

Show HN: Sharpe Ratio Calculation Tool (fundratios.com)

3 points by navquant 1h ago 0 comments

More on Apple's Trust-Eroding 'F1 the Movie' Wallet Ad (daringfireball.net)

688 points by dotcoma 11h ago 449 comments

The Unsustainability of Moore's Law (bzolang.blog)

117 points by shadyboi 12h ago 81 comments

Solving `Passport Application` with Haskell (jameshaydon.github.io)

272 points by jameshh 20h ago 105 comments

Many ransomware strains will abort if they detect a Russian keyboard installed (krebsonsecurity.com)

15 points by air7 1h ago 0 comments

Most ints are not floats (johndcook.com)

8 points by zdw 2d ago 3 comments

Implementing fast TCP fingerprinting with eBPF (halb.it)

50 points by halb 8h ago 14 comments

Sequence and first differences together list all positive numbers exactly once (oeis.org)

63 points by andersource 4d ago 25 comments

The Asymmetry of Destruction (passingtime.substack.com)

4 points by 27153 11m ago 0 comments

The Death of the Middle-Class Musician (thewalrus.ca)

248 points by pseudolus 21h ago 533 comments

Scientists Retrace 30k-Year-Old Sea Voyage, in a Hollowed-Out Log (nytimes.com)

26 points by benbreen 3d ago 12 comments

Schizophrenia is the price we pay for minds poised near the edge of a cliff (psychiatrymargins.com)

195 points by Anon84 22h ago 299 comments

What LLMs Know About Their Users (schneier.com)

57 points by voxleone 4d ago 30 comments

Engineered Addictions (masonyarbrough.substack.com)

638 points by echollama 1d ago 394 comments

Improving River Simulation (undiscoveredworlds.blogspot.com)

61 points by Hooke 3d ago 1 comments

BusyBeaver(6) Is Quite Large (scottaaronson.blog)

257 points by bdr 1d ago 185 comments

JavaScript Trademark Update (deno.com)

847 points by thebeardisred 1d ago 311 comments

Magnetic Tape Storage Technology: usage, history, and future outlook (dl.acm.org)

37 points by matt_d 12h ago 16 comments

MCP: An (Accidentally) Universal Plugin System (worksonmymachine.substack.com)

732 points by Stwerner 1d ago 324 comments

An Indoor Beehive in My Bedroom Wall (keepingbackyardbees.com)

164 points by gscott 1d ago 87 comments

Europe approves first saliva-based contraceptive – no pill required (thenextweb.com)

15 points by surprisetalk 5h ago 8 comments

Europe's First Exascale Supercomputer Powers Up (spectrum.ieee.org)

11 points by Brajeshwar 3h ago 1 comments

Life of an inference request (vLLM V1): How LLMs are served efficiently at scale (ubicloud.com)

163 points by samaysharma 1d ago 18 comments

2025 ARRL Field Day (arrl.org)

127 points by rookderby 1d ago 37 comments

Is being bilingual good for your brain? (economist.com)

129 points by Anon84 1d ago 152 comments

Show HN: SmartStepper – Multi-Step Form Library with Config-Based Flow (github.com)

13 points by milad_shirian 5h ago 4 comments

Show HN: A different kind of AI Video generation

39 points by fcpguru 3d ago 12 comments

Sirius: A GPU-native SQL engine (github.com)

130 points by qianli_cs 1d ago 15 comments

Community Is Motivation on Tap (alanwu.xyz)

99 points by lunw 4d ago 40 comments

EDF anticipates immediate reduction in nuclear output amid heatwave (energynews.pro)

3 points by nebalee 2h ago 0 comments

The European wood pigeon helped me appreciate its omnipresent city cousins (nytimes.com)

39 points by Thevet 3d ago 2 comments

An Important New Study on Phones and Kids (calnewport.com)

13 points by paulmooreparks 9h ago 3 comments

We ran a Unix-like OS on our home-built CPU with a home-built C compiler (2020) (fuel.edby.coffee)

294 points by AlexeyBrin 1d ago 27 comments

Ask HN: HN: Why do we code review?

2 abhisek 2 6/24/2025, 4:43:17 PM
This is not a click bait but I am really curious about revisiting the most obvious activity in SDLC - code review.

IMHO we code review to ensure quality, security and other guardrails beyond automated tools. There are also people aspect like mentoring and grooming junior engineers into best practices & new team members into coding standards and other conventions.

Let’s ignore the people aspect for a while. Linux Foundation survey says 70-90% of modern software constitute open source code. We only look at popularity, maintenance, known vulnerabilities of direct dependencies while adopting an open source dependency in our code base. We implicitly trust all the code brought in by transitive dependencies. I can confidently say my production projects has 50% or more code from open sources that I have no idea about.

We somehow assume that some magical database (CVE) will have all vulnerabilities in OSS code and tools like Snyk or Dependabot will take care of it. Who is responsible for running even a linter or a static analysis tool on an open source project and spending the time and effort in responsible disclosure with CVE.

Given this, is code review of internal code enough to trust quality & security of what we ship? Does anyone ever realistically considered reviewing OSS code used in your projects?

Comments (2)

JohnFen · 5d ago
> Given this, is code review of internal code enough to trust quality & security of what we ship?

No single thing is enough for this. Code review is an important part, though (assuming it's properly done, which it isn't in the vast majority of cases, it seems).

> Does anyone ever realistically considered reviewing OSS code used in your projects?

In spots, yes. As a whole, no. Depending on the size of the codebase, the time and effort required to do so would often change the economics such that it would be better just to develop the code in-house.

As an unimportant aside, I am skeptical of this assertion:

> Linux Foundation survey says 70-90% of modern software constitute open source code.

solaire_oa · 5d ago
Revisiting code review in terms of how it functioned in 2020 seems antiquated.

Security and quality are a concern now that there's a flood of LLM barf that inexperienced engineers are liable to submit for code review. Code review has simultaneously never been more important and exhausting. If you (or anyone) suggest that we remove code review and accept the barf wave, I'd say FAFO.