Feed aggregator

I've posed this in a couple comments, but want to get a bigger thread going.

There are some opinions that using LLMs to write code is just a new high level language we are dealing in as engineers. However, this leads to a disconnect come code-review time, in that the reviewed code is an artifact of the process that created it. If we are now expressing ourselves via natural language, (prompting, planning, writing, as the new "programming language"), but only putting the generated artifact (the actual code) up for review, how do we review it completely?

I struggle with what feels like a missing piece these days of lacking the context around how the change was produced, the plans, the prompting, to understand how an engineer came to this specific code change as a result. Did they one-shot this? did they still spend hours prompting/iterating/etc.? something in-between?

The summary in the PR often says what the change is, but doesn't contain the full dialog or how we arrived at this specific change (tradeoffs, alternatives, etc.)

How do you review PRs in your organization given this? Any rules/automation/etc. you institute?

Comments URL: https://news.ycombinator.com/item?id=47330747

Points: 1

# Comments: 0

Article URL: https://github.com/mutating/pristan

Comments URL: https://news.ycombinator.com/item?id=47330720

Points: 1

# Comments: 0

Article URL: https://jmcentire.github.io/pact/

Comments URL: https://news.ycombinator.com/item?id=47330717

Points: 1

# Comments: 1

Article URL: https://www.techradar.com/vpn/vpn-privacy-security/vpns-surge-in-australia-as-mandatory-age-verification-for-adult-content-begins

Comments URL: https://news.ycombinator.com/item?id=47330703

Points: 1

# Comments: 1

Article URL: https://www.cnbc.com/2026/03/10/elon-musk-xai-permit-for-mississippi-plant-despite-pollution-concerns.html

Comments URL: https://news.ycombinator.com/item?id=47330688

Points: 1

# Comments: 1

Article URL: https://sarahkendzior.substack.com/p/the-no-world-order

Comments URL: https://news.ycombinator.com/item?id=47330681

Points: 1

# Comments: 0

This project is still in alpha, but other, more mature, alternatives exist, such as Tunic:

https://github.com/mikeslattery/tunic

Comments URL: https://news.ycombinator.com/item?id=47330642

Points: 1

# Comments: 0

Article URL: https://ny1.com/nyc/all-boroughs/mornings-on-1/2026/03/10/city-council-considers-increasing-minimum-wage

Comments URL: https://news.ycombinator.com/item?id=47330627

Points: 2

# Comments: 0

I felt frustrated finding high-signal discussions on HN, and I started this project to better understand how this community actually works.

That led me to build readhn, an MCP server that helps with three things:

- Discover: find relevant stories/comments by keyword, score, and time window

- Trust: identify credible voices using EigenTrust-style propagation from seed experts

- Understand: show why each result is ranked, with explicit signals instead of a black-box score

It includes 6 tools: discover_stories, search, find_experts, expert_brief, story_brief, and thread_analysis.

I also added readhn setup so AI agents can auto-configure it (Claude Code, Codex, Cursor, and others) after pip install.

I’d love feedback on:

1) whether these ranking signals match how you evaluate HN quality,

2) trust-model tradeoffs,

3) what would make this useful in your daily workflow.

If this is useful to you, starring the repo helps others discover it: https://github.com/xodn348/readhn

Comments URL: https://news.ycombinator.com/item?id=47330623

Points: 1

# Comments: 0

Article URL: https://github.com/jimthunderbird/curlyprompt

Comments URL: https://news.ycombinator.com/item?id=47330608

Points: 2

# Comments: 0

Article URL: https://twitter.com/spagov/status/2031365339376660682

Comments URL: https://news.ycombinator.com/item?id=47330603

Points: 1

# Comments: 1

Article URL: https://www.newyorker.com/culture/the-lede/the-creator-of-wordle-tries-to-solve-the-cryptic-crossword

Comments URL: https://news.ycombinator.com/item?id=47330594

Points: 1

# Comments: 0

Article URL: https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/

Comments URL: https://news.ycombinator.com/item?id=47330585

Points: 1

# Comments: 0

Article URL: https://brittanyellich.com/embrace-the-uncertainty/

Comments URL: https://news.ycombinator.com/item?id=47330575

Points: 2

# Comments: 0

Article URL: https://xergioalex.com/blog/series/aeo-from-invisible-to-cited/

Comments URL: https://news.ycombinator.com/item?id=47330571

Points: 1

# Comments: 0

Article URL: https://github.com/dkeviv/datafly

Comments URL: https://news.ycombinator.com/item?id=47330546

Points: 1

# Comments: 1

Article URL: https://www.macrumors.com/2026/03/10/macbook-keyboard-change/

Comments URL: https://news.ycombinator.com/item?id=47330534

Points: 2

# Comments: 0

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday.

Image: Shutterstock, @nwz.

Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-21262 is a weakness that allows an attacker to elevate their privileges on SQL Server 2016 and later editions.

“This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network,” Rapid7’s Adam Barnett said. “The CVSS v3 base score of 8.8 is just below the threshold for critical severity, since low-level privileges are required. It would be a courageous defender who shrugged and deferred the patches for this one.”

The other publicly disclosed flaw is CVE-2026-26127, a vulnerability in applications running on .NET. Barnett said the immediate impact of exploitation is likely limited to denial of service by triggering a crash, with the potential for other types of attacks during a service reboot.

It would hardly be a proper Patch Tuesday without at least one critical Microsoft Office exploit, and this month doesn’t disappoint. CVE-2026-26113 and CVE-2026-26110 are both remote code execution flaws that can be triggered just by viewing a booby-trapped message in the Preview Pane.

Satnam Narang at Tenable notes that just over half (55%) of all Patch Tuesday CVEs this month are privilege escalation bugs, and of those, a half dozen were rated “exploitation more likely” — across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server and Winlogon. These include:

–CVE-2026-24291: Incorrect permission assignments within the Windows Accessibility Infrastructure to reach SYSTEM (CVSS 7.8)
–CVE-2026-24294: Improper authentication in the core SMB component (CVSS 7.8)
–CVE-2026-24289: High-severity memory corruption and race condition flaw (CVSS 7.8)
–CVE-2026-25187: Winlogon process weakness discovered by Google Project Zero (CVSS 7.8).

Ben McCarthy, lead cyber security engineer at Immersive, called attention to CVE-2026-21536, a critical remote code execution bug in a component called the Microsoft Devices Pricing Program. Microsoft has already resolved the issue on their end, and fixing it requires no action on the part of Windows users. But McCarthy says it’s notable as one of the first vulnerabilities identified by an AI agent and officially recognized with a CVE attributed to the Windows operating system. It was discovered by XBOW, a fully autonomous AI penetration testing agent.

XBOW has consistently ranked at or near the top of the Hacker One bug bounty leaderboard for the past year. McCarthy said CVE-2026-21536 demonstrates how AI agents can identify critical 9.8-rated vulnerabilities without access to source code.

“Although Microsoft has already patched and mitigated the vulnerability, it highlights a shift toward AI-driven discovery of complex vulnerabilities at increasing speed,” McCarthy said. “This development suggests AI-assisted vulnerability research will play a growing role in the security landscape.”

Microsoft earlier provided patches to address nine browser vulnerabilities, which are not included in the Patch Tuesday count above. In addition, Microsoft issued a crucial out-of-band (emergency) update on March 2 for Windows Server 2022 to address a certificate renewal issue with passwordless authentication technology Windows Hello for Business.

Separately, Adobe shipped updates to fix 80 vulnerabilities — some of them critical in severity — in a variety of products, including Acrobat and Adobe Commerce. Mozilla Firefox v. 148.0.2 resolves three high severity CVEs.

For a complete breakdown of all the patches Microsoft released today, check out the SANS Internet Storm Center’s Patch Tuesday post. Windows enterprise admins who wish to stay abreast of any news about problematic updates, AskWoody.com is always worth a visit. Please feel free to drop a comment below if you experience any issues apply this month’s patches.

Encoding software engineering principles like Outside-in TDD to achieve higher quality tests and implementation.

Comments URL: https://news.ycombinator.com/item?id=47330519

Points: 2

# Comments: 0

Article URL: https://www.australianmining.com.au/lynas-locks-japanese-rare-earths-deal/

Comments URL: https://news.ycombinator.com/item?id=47330481

Points: 1

# Comments: 2