HN Reader

Nginx introduces native support for ACME protocol (blog.nginx.org)

253 points by phickey 3h ago 101 comments

OCaml as my primary language (xvw.lol)

57 points by nukifw 1h ago 21 comments

FFmpeg 8.0 adds Whisper support (code.ffmpeg.org)

651 points by rilawa 8h ago 247 comments

PYX: The next step in Python packaging (astral.sh)

20 points by the_mitsuhiko 28m ago 11 comments

Launch HN: Golpo (YC S25) – AI-generated explainer videos (video.golpoai.com)

24 points by skar01 1h ago 38 comments

Cross-Site Request Forgery (words.filippo.io)

26 points by tatersolid 1h ago 2 comments

So what's the difference between plotted and printed artwork? (lostpixels.io)

128 points by cosiiine 6h ago 46 comments

Pebble Time 2* Design Reveal (ericmigi.com)

85 points by WhyNotHugo 4h ago 41 comments

Coalton Playground: Type-Safe Lisp in the Browser (abacusnoir.com)

69 points by reikonomusha 4h ago 22 comments

ReadMe (YC W15) Is Hiring a Developer Experience PM (readme.com)

1 points by gkoberger 2h ago 0 comments

PCIe 8.0 Announced by the PCI-Sig Will Double Throughput Again – ServeTheHome (servethehome.com)

27 points by rbanffy 3d ago 11 comments

OpenIndiana: Community-Driven Illumos Distribution (openindiana.org)

52 points by doener 3h ago 41 comments

DoubleAgents: Fine-Tuning LLMs for Covert Malicious Tool Calls (pub.aimind.so)

55 points by grumblemumble 5h ago 17 comments

This website is for humans (localghost.dev)

325 points by charles_f 3h ago 162 comments

New treatment eliminates bladder cancer in 82% of patients (news.keckmedicine.org)

168 points by geox 3h ago 63 comments

The Mary Queen of Scots Channel Anamorphosis: A 3D Simulation (charlespetzold.com)

53 points by warrenm 5h ago 13 comments

We caught companies making it harder to delete your personal data online (themarkup.org)

198 points by amarcheschi 5h ago 48 comments

April Fools 2014: The *Real* Test Driven Development (2014) (testing.googleblog.com)

54 points by omot 1h ago 8 comments

29 years later, Settlers II gets Amiga release (gamingretro.co.uk)

40 points by doener 41m ago 7 comments

A case study in bad hiring practice and how to fix it (tomkranz.com)

61 points by prestelpirate 2h ago 55 comments

Man develops rare condition after ChatGPT query over stopping eating salt (theguardian.com)

21 points by vinni2 47m ago 34 comments

Claude says “You're absolutely right!” about everything (github.com)

513 points by pr337h4m 12h ago 400 comments

Honky-Tonk Tokyo (2020) (afar.com)

16 points by NaOH 3d ago 4 comments

Mesmerizing Hypnoloid, a Kinetic Desktop Sculpture (core77.com)

11 points by surprisetalk 3d ago 1 comments

Gartner's Grift Is About to Unravel (dx.tips)

70 points by mooreds 3h ago 38 comments

Claude Sonnet 4 now supports 1M tokens of context (anthropic.com)

1246 points by adocomplete 1d ago 661 comments

Bezier-rs – algorithms for Bézier segments and shapes (graphite.rs)

198 points by jarek-foksa 4d ago 39 comments

Google Play Store Bans Wallets That Don't Have Banking License (therage.co)

6 points by madars 24m ago 0 comments

Nearly 1 in 3 Starlink satellites detected within the SKA-Low frequency band (astrobites.org)

163 points by aragilar 10h ago 142 comments

Pebble Time 2 Design Reveal [video] (youtube.com)

128 points by net01 6h ago 53 comments

How Stock Options Work (web.stanford.edu)

38 points by jdcampolargo 1h ago 12 comments

F-Droid build servers can't build modern Android apps due to outdated CPUs

369 points by nativeforks 14h ago 243 comments

The Rock Art of Serrania De La Lindosa (earthasweknowit.com)

24 points by kkoncevicius 4d ago 2 comments

Supporting org.apache.xml.security in graalVM (guust.ysebie.be)

25 points by whizzx 6h ago 3 comments

Job Listing Site Highlighting H-1B Positions So Americans Can Apply (newsweek.com)

4 points by walterbell 18m ago 0 comments

Steam payment headaches grow as PayPal is no longer usable for much of the world (pcgamer.com)

12 points by mrkramer 1h ago 6 comments

Search all text in New York City (alltext.nyc)

530 points by Kortaggio 18h ago 102 comments

Fingerjigger (fingerjigger.com)

62 points by bookofjoe 4d ago 38 comments

Improving Geographical Resilience for Distributed Open Source Teams with Freon (soatok.blog)

28 points by zdw 3d ago 0 comments

US national debt reaches a record $37T, the Treasury Department reports (apnews.com)

9 points by atombender 40m ago 2 comments

Fennel libraries as single files (2023) (andreyor.st)

57 points by todsacerdoti 15h ago 15 comments

How Much Is Trump Profiting Off the Presidency? (newyorker.com)

26 points by gizzlon 1h ago 7 comments

The Incompleteness of Ethics (aeon.co)

6 points by lentoutcry 1h ago 0 comments

How Well Do Coding Agents Use Your Library? (stackbench.ai)

46 points by richardblythman 4h ago 42 comments

Visualizing quaternions: An explorable video series (2018) (eater.net)

72 points by uncircle 4d ago 7 comments

A gentle introduction to anchor positioning (webkit.org)

115 points by feross 20h ago 42 comments

From Here? (dirtyfeed.org)

56 points by hooboy 1d ago 9 comments

The Missing Protocol: Let Me Know (deanebarker.net)

133 points by deanebarker 22h ago 80 comments

A Comprehensive Survey of Self-Evolving AI Agents [pdf] (arxiv.org)

75 points by SerCe 16h ago 20 comments

Show HN: Building a web search engine from scratch with 3B neural embeddings (blog.wilsonl.in)

596 points by wilsonzlin 1d ago 101 comments

Cross-Site Request Forgery

26 tatersolid 2 8/13/2025, 5:31:08 PM words.filippo.io ↗

Comments (2)

nchmy · 45m ago
i just discovered the Sec-Fetch stuff recently, due to Go 1.25's changelog. Very excited to start using it in some applications where tokens are currently used - what a hassle to deal with those.
jerf · 28m ago
Cookies have been truly horrible. I check in on them every couple of years, because I don't do a lot of front-end but when I do it's often security-sensitive, and every single time I check in on them there's some new entry in "SameSite; NoSeriouslySecureHarder; WhoopsTheLastStandardWasNotGoodEnough=BeActuallySecure; AwwShitDidWeGetItRightLastTime=false" parade of attributes you need to send to get actually secure cookies.

No shade on the people implementing this stuff, I understand the backwards compatibility concerns, but I mean, keeping up with this stuff is harder than it should be. And thanks to backwards compatibility most of it still defaults open, though browsers have pecked at that as they can.