HN Reader

Using Claude Code to modernize a 25-year-old kernel driver (dmitrybrant.com)

612 points by dmitrybrant 11h ago 195 comments

14 Killed in protests in Nepal over social media ban (tribuneindia.com)

4 points by whatsupdog 10m ago 0 comments

The MacBook has a sensor that knows the exact angle of the screen hinge (twitter.com)

819 points by leephillips 20h ago 401 comments

Why Is Japan Still Investing in Custom Floating Point Accelerators? (nextplatform.com)

87 points by rbanffy 2d ago 19 comments

Formatting code should be unnecessary (maxleiter.com)

201 points by MaxLeiter 12h ago 274 comments

Look Out for Bugs (matklad.github.io)

11 points by todsacerdoti 3d ago 2 comments

GPT-5 Thinking in ChatGPT (a.k.a. Research Goblin) is good at search (simonwillison.net)

266 points by simonw 1d ago 206 comments

How inaccurate are Nintendo's official emulators? [video] (youtube.com)

13 points by viraptor 50m ago 0 comments

Intel Arc Pro B50 GPU Launched at $349 for Compact Workstations (guru3d.com)

133 points by qwytw 13h ago 159 comments

How can I deal with a team member who is always complaining? (andiroberts.com)

20 points by kiyanwang 3h ago 20 comments

Show HN: Veena Chromatic Tuner (play.google.com)

35 points by v15w 4h ago 17 comments

Analog optical computer for AI inference and combinatorial optimization (nature.com)

78 points by officerk 3d ago 10 comments

How many dimensions is this? (lcamtuf.substack.com)

80 points by robin_reala 4d ago 17 comments

Creative Technology: The Sound Blaster (abortretry.fail)

103 points by BirAdam 13h ago 60 comments

Forty-Four Esolangs: The Art of Esoteric Code (spectrum.ieee.org)

57 points by eso_eso 2d ago 30 comments

I am giving up on Intel and have bought an AMD Ryzen 9950X3D (michael.stapelberg.ch)

259 points by secure 1d ago 266 comments

Everything from 1991 Radio Shack ad I now do with my phone (2014) (trendingbuffalo.com)

185 points by vinnyglennon 15h ago 142 comments

Taking Buildkite from a side project to a global company (valleyofdoubt.com)

66 points by shandsaker_au 13h ago 6 comments

How big are our embeddings now and why? (vickiboykis.com)

28 points by surprisetalk 2d ago 1 comments

How to make metals from Martian dirt (csiro.au)

67 points by PaulHoule 16h ago 60 comments

No Silver Bullet: Essence and Accidents of Software Engineering (1986) [pdf] (cs.unc.edu)

95 points by benterix 15h ago 24 comments

Garmin beats Apple to market with satellite-connected smartwatch (macrumors.com)

194 points by mgh2 4d ago 174 comments

What is the origin of the private network address 192.168.*.*? (2009) (lists.ding.net)

191 points by kreyenborgi 1d ago 82 comments

Default musl allocator considered harmful to performance (nickb.dev)

78 points by fanf2 2d ago 55 comments

Keeping secrets out of logs (2024) (allan.reyes.sh)

210 points by xk3 17h ago 40 comments

The demo scene is dying, but that's alright (datagubbe.se)

193 points by zdw 13h ago 91 comments

SQLite's Use of Tcl (2017) (tcl-lang.org)

102 points by ripe 20h ago 29 comments

Hungry Hungry Hippos Autoplay (2017) (mikekohn.net)

14 points by austinallegro 3d ago 6 comments

Taco Bell AI Drive-Thru (aidarwinawards.org)

113 points by planetdebut 14h ago 128 comments

Show HN: Stroboscopic Instrument Tuner (github.com)

8 points by dsego 2d ago 1 comments

SQLite's File Format (sqlite.org)

180 points by whatisabcdefgh 3d ago 77 comments

A Technical Update on Submarine Cables [pdf] (swinog.ch)

85 points by zdw 4d ago 25 comments

Truco and clones: the beginnings of Argentinian computer gaming (zeitgame.net)

29 points by Michelangelo11 3d ago 10 comments

The “impossibly small” Microdot web framework (lwn.net)

199 points by pykello 1d ago 52 comments

The Expression Problem and its solutions (2016) (eli.thegreenplace.net)

99 points by andsoitis 1d ago 78 comments

Pico CSS – Minimal CSS Framework for Semantic HTML (picocss.com)

333 points by mpweiher 15h ago 92 comments

Show HN: OpenCV over WebRTC (in Go) (github.com)

35 points by Sean-Der 14h ago 6 comments

Show HN: C++ library for reading MacBook lid angle sensor data (github.com)

49 points by ufoym 5h ago 40 comments

Tokyo has an unmanned, honor-system electronics and appliance shop (soranews24.com)

79 points by techdar42 3d ago 64 comments

Purikura: The Japanese Grandmother of the Selfie (tokyocowboy.co)

66 points by pantsuits 4d ago 36 comments

Tumult and Sympathy: The Letters of Oliver Sacks (commonwealmagazine.org)

4 points by apollinaire 6h ago 1 comments

What to do with an old iPad (odb.ar)

185 points by owenmakes 2d ago 107 comments

Exploring Interlisp-10 and Twenex (journal.paoloamoroso.com)

20 points by naves 2d ago 0 comments

Being good isn't enough (joshs.bearblog.dev)

177 points by protagonist_hn 1d ago 73 comments

Show HN: Lightweight tool for managing Linux virtual machines (github.com)

135 points by ccheshirecat 1d ago 36 comments

I solved a distributed queue problem after 15 years (dbos.dev)

24 points by jedberg 3d ago 6 comments

Serverless Horrors (serverlesshorrors.com)

578 points by operator-name 1d ago 432 comments

Shipping textures as PNGs is suboptimal (gamesbymason.com)

142 points by ibobev 1d ago 64 comments

Belling the Cat (en.wikipedia.org)

204 points by walterbell 22h ago 66 comments

Anthropic agrees to pay $1.5B to settle lawsuit with book authors (nytimes.com)

953 points by acomjean 2d ago 722 comments

Ask HN: How much can we trust open-source projects or our hardware?

3 solosquad 6 9/8/2025, 12:52:52 AM
For large open-source security-focused projects like Kali Linux, we’re told there are no backdoors but with millions of lines of code, how can we actually verify that? Full manual auditing isn’t feasible for most individuals.

Some thoughts/questions:

Are reproducible builds and supply-chain audits enough to trust the binaries?

What strategies exist for spotting subtle backdoors in such large codebases?

For hardware, how do you approach the risk of compromised firmware, microcode, or hidden subsystems (e.g. Intel ME, AMD PSP)?

Do projects like Coreboot, Heads, or formally verified kernels meaningfully reduce this risk in practice?

Beyond reading every line yourself, what’s the best way to build confidence?

How much trust (percentage-wise) do you personally put in OSS security projects or commodity hardware, and what technical mitigations do you use to minimize blind trust?

Comments (6)

benoau · 10h ago
You have to at a minimum trust the OS vendor, probably a slew of development tools, and blindly trust all the hardware you work upon and cloud platforms you deploy to to only-work as advertised.

You shouldn't particularly trust any software, monitor outbound traffic, silo your different projects to minimize what software is adjacent to your projects and the fallout if something got access, minimize programming dependencies and browser and IDE extensions and add-ons and stuff coming from unknown 3rd parties. Stay behind the latest builds/updates/releases so problems have time to be identified.

pabs3 · 9h ago
Reproducible builds aren't enough, you need projects that are reproducibly bootstrappable solely from source without any binaries. Usually the starting point is a small amount (an MBR) of manually entered documented machine code.

https://bootstrappable.org/ https://stagex.tools/

lordkrandel · 5h ago
Secure for what? Intrusion? Spying? Data collection? Dont use internet then. Disconnect. No data will be taken from your laptop this way, unless you are a secret agent, or a criminal.
pabs3 · 9h ago
Almost all firmware is proprietary, so you aren't going to be able to trust it at all. Try to use hardware that has at least open boot firmware like u-boot or coreboot.

https://wiki.debian.org/Firmware/Open

bigyabai · 10h ago
Kali Linux is a pentesting distro. It's not claimed to be secure and AFAIK it makes deliberately insecure design decisions to enable spoofing/SDR attacks.

  Are reproducible builds and supply-chain audits enough to trust the binaries?
No. But for most applications trust isn't really required.

  What strategies exist for spotting subtle backdoors in such large codebases?
It's not hard. For big projects, contributors are usually a tight-knit group that heavily scrutinize any outsider PRs. By creating a rigorous system of code review (and implementing reminders for bad dependencies) you can deter backdoors decently well.

  For hardware, how do you approach the risk of compromised firmware, microcode, or hidden subsystems
You cannot.

  Do projects like Coreboot, Heads, or formally verified kernels meaningfully reduce this risk in practice?
No, but if properly configured they can reduce attack surface as-advertised.

  Beyond reading every line yourself, what’s the best way to build confidence?
I know this is a dumb answer, but "be smart" will get you a really long ways. Stick to the main roads, don't use software developed by 2 or 3 people if your personal security is paramount. Keep your systems slim and minimally networked, route any home servers through a VPN or proxy to prevent it from being harassed on the open internet.
solosquad · 10h ago
that’s true kali it’s designed for pentesting and not necessarily as a secure daily driver, but I was using it more as a stand-in example for large OSS projects where security is critical. Maybe a better example would be Qubes OS or OpenBSD