North korea and others are likely going if not already, setup an uno reverso and get applicants to do screening tests that require downloading malicious packages.

bn-l · 4h ago

It’s weird how an npm package can just do all this still, to this day.

owebmaster · 2h ago

I "got" hacked by a North Korean hacker. I was lucky the dumb virus was meant for Mac and Windows, not Linux. It got installed to my computer but attempted to steal credentials in places there did not exist in my computer, but it was a close call.

After that I never used npm again.

Thunderbird: Fluent Windows 11 Design (github.com)

Linux Reaches 5% Desktop Market Share in USA (ostechnix.com)

Shipping WebGPU on Windows in Firefox 141 (mozillagfx.wordpress.com)

cppyy: Automatic Python-C++ Bindings (cppyy.readthedocs.io)

Tilck: A Tiny Linux-Compatible Kernel (github.com)

Pascal's Scams (2012) (unenumerated.blogspot.com)

Cloudflare 1.1.1.1 Incident on July 14, 2025 (blog.cloudflare.com)

AWS open-sourced Postgres active-active replication extension (github.com)

MARS.EXE → COM (2021) (chaos.if.uj.edu.pl)

Gauntlet AI (YC S17): All expenses paid training in AI and $200k+job (crossover.com)

GPUHammer: Rowhammer attacks on GPU memories are practical (gpuhammer.com)

Show HN: DataRamen, a Fast SQL Explorer with Automatic Joins and Data Navigation (dataramen.xyz)

Six Years of Gemini (geminiprotocol.net)

Ukrainian hackers destroyed the IT infrastructure of Russian drone manufacturer (prm.ua)

LLM Daydreaming (gwern.net)

Show HN: Shoggoth Mini – A soft tentacle robot powered by GPT-4o and RL (matthieulc.com)

Reflections on OpenAI (calv.info)

NIST ion clock sets new record for most accurate clock (nist.gov)

Pixel Piranhas (rybakov.com)

Documenting what you're willing to support (and not) (rachelbythebay.com)

Where's Firefox going next? (connect.mozilla.org)

To be a better programmer, write little proofs in your head (the-nerve-blog.ghost.io)

Running a million-board chess MMO in a single process (eieio.games)

The FIPS 140-3 Go Cryptographic Module (go.dev)

My Family and the Flood (texasmonthly.com)

Algorithms for making interesting organic simulations (bleuje.com)

The beauty entrepreneur who made the Jheri curl a sensation (thehustle.co)

Nextflow: System for creating scalable, portable, reproducible workflows (github.com)

Mostly dead influential programming languages (2020) (hillelwayne.com)

The Story of Mel, A Real Programmer, Annotated (1996) (users.cs.utah.edu)

Congress moves to reject bulk of White House's proposed NASA cuts (arstechnica.com)

Designing for the Eye: Optical corrections in architecture and typography (nubero.ch)

Plasma Bigscreen rises from the dead with a better UI (neowin.net)

LLM Inevitabilism (tomrenner.com)

Mira Murati’s AI startup Thinking Machines valued at $12B in early-stage funding (reuters.com)

Voxtral – Frontier open source speech understanding models (mistral.ai)

Lorem Gibson (loremgibson.com)

Spain awards Huawei contracts to manage intelligence agency wiretaps (therecord.media)

Encrypting files with passkeys and age (words.filippo.io)

Amiga OS 3.1 Workbench (archive.org)

Show HN: I built this to talk Danish to my girlfriend – works with any language (menerdu.vercel.app)

Petabit-class transmission over > 1000 km using standard 19-core optical fiber (nict.go.jp)

Show HN: Beyond Z²+C, Plot Any Fractal (juliascope.com)

Tech oligarchs have turned against the system that made them (liberalcurrents.com)

What caused the 'baby boom'? What would it take to have another? (derekthompson.org)

Hierarchical Modeling (H-Nets) (cartesia.ai)

ICE may deport to 'third countries' without assurances they won't be tortured (nbcnews.com)

NASA's Webb Finds Possible 'Direct Collapse' Black Hole (science.nasa.gov)

Claude for Financial Services (anthropic.com)

Hazel: A live functional programming environment with typed holes (github.com)

North Korean XORIndex malware hidden in 67 malicious NPM packages

Comments (3)