Feed aggregator

Article URL: https://www.flockwith.me/

Comments URL: https://news.ycombinator.com/item?id=47246784

Points: 1

# Comments: 0

Article URL: https://www.theregister.com/2026/03/04/new_digital_identity_minister/

Comments URL: https://news.ycombinator.com/item?id=47246783

Points: 1

# Comments: 0

Article URL: https://github.com/deduu/ClawSandbox

Comments URL: https://news.ycombinator.com/item?id=47246778

Points: 1

# Comments: 1

Article URL: https://www.woman-of-letters.com/p/editors-dont-want-male-novelists

Comments URL: https://news.ycombinator.com/item?id=47246772

Points: 1

# Comments: 0

I built this because I had a library of DRM-free audiobooks as loose MP3 files — ripped CDs, Librivox recordings, purchases from DRM-free stores — and no good way to package them on iOS. Every solution either required a Mac, a third-party desktop app, or uploading files to a web service I didn't trust.

M4Bindr does the whole thing on-device. You import your tracks, reorder them, define chapters (manually or auto-generated per file), add cover art, fill in the metadata, and export a single .m4b that Apple Books and BookPlayer treat as a proper audiobook — with chapter navigation, resume position, the works.

It's not trying to handle DRM removal or format conversion beyond MP3/M4A — intentionally narrow scope. The goal was a clean, fast tool that does one thing well for people who already have the files and just want them packaged correctly. Would love feedback, especially from anyone who has edge cases around large files or unusual chapter structures.

Comments URL: https://news.ycombinator.com/item?id=47246757

Points: 1

# Comments: 0

Article URL: https://architectelevator.com/architecture/architect-skills-product/

Comments URL: https://news.ycombinator.com/item?id=47246749

Points: 1

# Comments: 0

Article URL: https://venturebeat.com/technology/did-alibaba-just-kneecap-its-powerful-qwen-ai-team-key-figures-depart-in

Comments URL: https://news.ycombinator.com/item?id=47246746

Points: 2

# Comments: 0

Hey HN, I've been building Revet, a code review CLI that takes a different approach than the current wave of "send diff to LLM" tools. The core idea: parse your codebase into an AST-based dependency graph first (Tree-sitter, 11 languages), run deterministic checks against that graph, and only use LLM reasoning when explicitly asked — and even then, the LLM receives structured graph context, not your raw source code. What it catches that linters don't:

Cross-file breaking changes: you change a return type, revet tells you every caller that will break across the codebase ML pipeline issues: training/serving skew, data leakage, non-reproducible splits Security with context: not just pattern-matching SQL injection, but taint analysis tracing user input through the graph to dangerous sinks Plus: React hooks violations, async anti-patterns, dependency hygiene, error handling

What makes it different from CodeRabbit/Copilot Review/etc:

Deterministic first: 80% of checks need no LLM — they're fast, free, reproducible Offline-first: all deterministic checks work without network Your code stays local: LLM layer receives structured findings, not source Incremental: per-file graph cache, sub-second subsequent runs CI-native: SARIF, GitHub annotations, inline PR comments

Stack: Rust (tree-sitter + petgraph), single binary, no runtime dependencies. Install: cargo install revet revet review GitHub: https://github.com/umitkavala/revet Docs: https://umitkavala.github.io/revet Site: https://revet.dev Built solo over the past few months. Would love feedback, especially from anyone working with large polyglot codebases or ML pipelines.

Comments URL: https://news.ycombinator.com/item?id=47246743

Points: 1

# Comments: 0

Article URL: https://github.com/techromp/agent-file-intelligence

Comments URL: https://news.ycombinator.com/item?id=47246741

Points: 1

# Comments: 0

Attackers are abusing normal OAuth error redirects to send users from a legitimate Microsoft or Google login URL to phishing or malware pages, without ever completing a successful sign‑in or stealing tokens from the OAuth flow itself.

That calls for a bit more explanation.

OAuth (Open Authorization) is an open-standard protocol for delegated authorization. It allows users to grant websites or applications access to their data on another service (for example, Google or Facebook) without sharing their password. 

OAuth redirection is the process where an authorization server sends a user’s browser back to an application (client) with an authorization code or token after user authentication.

Researchers found that phishers use silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without stealing tokens.

So, what does this attack look like from a target’s perspective?

From the user’s perspective, the attack chain looks roughly like this:

The email

An email arrives with a plausible business lure. For example, you receive an email about something routine but urgent: document sharing or review, a Social Security or financial notice, an HR or employee report, a Teams meeting invite, or a password reset.​

The email body contains a link such as “View document” or “Review report,” or a PDF attachment that includes a link instead.​

The link

You click the link after seeing that it appears to be a normal Microsoft or Google login. The visible URL (what you see when you hover over it) looks convincing, starting with a trusted domain like https://login.microsoftonline.com/  or https://accounts.google.com/.

There is no obvious sign that the parameters (prompt=none, odd or empty scope, encoded state) are abnormal.​

Silent OAuth

The crafted URL attempts a silent OAuth authorization (prompt=none) and uses parameters that are guaranteed to fail (for example, an invalid or missing scope).​

The identity provider evaluates your session and conditional access, determines the request cannot succeed silently, and returns an OAuth error, such as interaction_required, access_denied, or consent_required.​

The redirect

By design, the OAuth server then redirects your browser, including the error parameters and state, to the app’s registered redirect URI, which in these cases is the attacker’s domain.​

To the user, this is just a quick flash of a Microsoft or Google URL followed by another page. It’s unlikely anyone would notice the errors in the query string.

Landing page

The target gets redirected to a page that looks like a legitimate login or business site. This could very well be a clone of a trusted brand’s site.

From here, there are two possible malicious scenarios:

Phishing / Attacker in the Middle (AitM) variant

A normal login page or a verification prompt, sometimes with CAPTCHAs or interstitials to look more trustworthy and bypass some controls.​

The email address may already be filled in because the attackers passed it through the state parameter.

When the user enters credentials and multi-factor authentication (MFA), the attacker‑in‑the‑middle toolkit intercepts them, including session cookies, while passing them along so the experience feels legitimate.​

Malware delivery variant

Immediately (or after a brief intermediate page), the browser hits a download path and automatically downloads a file.​

The context of the page matches the lure (“Download the secure document,” “Meeting resources,” and so on), making it seem reasonable to open the file.​

The target might notice the initial file open or some system slowdown, but otherwise the compromise is practically invisible.​

Potential impact

By harvesting credentials or planting a backdoor, the attacker now has a foothold on the system. From there, they may carry out hands-on-keyboard activity, move laterally, steal data, or stage ransomware, depending on their goals.

The harvested credentials and tokens can be used to access email, cloud apps, or other resources without the need to keep malware on the device.​

How to stay safe

Since the attacker does not need your token from this flow (only the redirect into their own infrastructure), the OAuth request itself may look less suspicious. Be vigilant and follow our advice:

• If you rely on hovering over links, be extra cautious when you see very long URLs with oauth2, authorize, and lots of encoded text, especially if they come from outside your organization.
• Even if the start of the URL looks legitimate, verify with a trusted sender before clicking the link.
• If something urgent arrives by email and immediately forces you through a strange login or starts a download you did not expect, assume it is malicious until proven otherwise.
• If you are redirected somewhere unfamiliar, stop and close the tab.
• Be very wary of files that download immediately after clicking a link in an email, especially from /download/ paths.
• If a site says you must “run” or “enable” something to view a secure document, close it and double-check which site you’re currently on. It might be up to something.
• Keep your OS, browser, and your favorite security tools up to date. They can block many known phishing kits and malware downloads automatically.

Pro tip: use Malwarebytes Scam Guard to help you determine whether the email you received is a scam or not.

We don’t just report on scams—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard. Submit a screenshot, paste suspicious content, or share a link, text or phone number, and we’ll tell you if it’s a scam or legit. Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.

Hi HN,

I’m the founder of d8a.tech. After working in web/app analytics for 15+ years, I got frustrated with the limitations of the standard Google Analytics (GA4) BigQuery export—specifically the 24–48 hour latency and the nested schemas that make simple queries difficult.

We built d8a.tech to be a transport layer. It intercepts GA4 events and streams them directly to your own warehouse. You can self-host it.

Key technical points: - It has native drivers for BigQuery and ClickHouse for direct ingestion. - Data arrives in flat, query-ready tables. - There is no 48-hour export lag; data is available for querying (or LLM ingestion) immediately/on session end. - All enrichment happens on your infrastructure. Data never hits Google’s servers, which removes sub-processing risks for GDPR/HIPAA compliance. - It works in parallel with your existing GA4 setup. You point your current gtag or GTM container to the d8a endpoint with no frontend code changes. - It can also stream files to S3, GCS, or MinIO as a storage layer/backup.

The project is open source: https://github.com/d8a-tech/d8a

I’d love to get your feedback on the schema design and the implementation. I'll be around to answer any technical questions.

Comments URL: https://news.ycombinator.com/item?id=47246737

Points: 1

# Comments: 0

Article URL: https://www.literally.dev/resources/how-open-source-companies-actually-make-money

Comments URL: https://news.ycombinator.com/item?id=47246730

Points: 1

# Comments: 0

Hi HN,

Deciding on a new look (hair, beard, or glasses) is usually a gamble. We built a suite of computer vision tools under Looksmaxxing AI (Face IQ) to help visualize these changes before committing to them.

We’re using 100+ facial landmark points to ensure generative outputs respect the user's underlying bone structure.

The tools:

AI Hairstyle Changer: https://looksmaxxingai.app/tools/ai-hairstyle-changer

AI Beard Generator: https://looksmaxxingai.app/tools/ai-beard-generator

Virtual Glasses Try-On: https://looksmaxxingai.app/tools/virtual-glasses-try-on

Privacy: We do not store photos or use them for model training. All images are purged immediately after the analysis/inference is complete.

I’d love to hear your feedback on the generative realism and how well the 3D alignment handles different head tilts.

Comments URL: https://news.ycombinator.com/item?id=47246722

Points: 1

# Comments: 0

Article URL: https://psylo.app/tools/exif-viewer/

Comments URL: https://news.ycombinator.com/item?id=47246718

Points: 1

# Comments: 0

Article URL: https://www.theregister.com/2026/03/04/oracle_cloud_outage_tiktok/

Comments URL: https://news.ycombinator.com/item?id=47246717

Points: 1

# Comments: 0

Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware.

The post How Pirated Software Turns Helpful Employees Into Malware Delivery Agents appeared first on SecurityWeek.

Article URL: https://www.qordinate.ai/

Comments URL: https://news.ycombinator.com/item?id=47246688

Points: 1

# Comments: 0

Article URL: https://modern-css.com/history-of-css/

Comments URL: https://news.ycombinator.com/item?id=47246686

Points: 3

# Comments: 0

Article URL: https://techcrunch.com/2026/02/11/upside-robotics-is-reducing-fertilizer-use-and-waste-in-corn-crops/

Comments URL: https://news.ycombinator.com/item?id=47246682

Points: 2

# Comments: 0

Article URL: https://housefresh.com/david-vs-digital-goliaths/

Comments URL: https://news.ycombinator.com/item?id=47246680

Points: 3

# Comments: 0