Feed aggregator

Article URL: https://forgecode.dev/blog/benchmarks-dont-matter/

Comments URL: https://news.ycombinator.com/item?id=47273441

Points: 2

# Comments: 0

If you're a cord-cutter, cord-never or aspiring to be either of these, this is for you.

Article URL: https://thoughts.jock.pl/p/local-llm-macbook-iphone-qwen-experiment

Comments URL: https://news.ycombinator.com/item?id=47273419

Points: 2

# Comments: 0

Article URL: https://www.youtube.com/watch?v=RJyPVLMyyuA

Comments URL: https://news.ycombinator.com/item?id=47273412

Points: 1

# Comments: 0

Article URL: https://github.com/mikigraf/AutoSellPlus

Comments URL: https://news.ycombinator.com/item?id=47273410

Points: 1

# Comments: 1

We just analyzed a fresh supply chain attack on npm that's pretty well-executed.

Package: pino-sdk-v2 Target: Impersonates pino (one of the most popular Node.js loggers, ~20M weekly downloads)

Reported to OSV too- https://osv.dev/vulnerability/MAL-2026-1259

What makes this one interesting: The attacker copied the entire pino source tree, kept the real author's name (Matteo Collina) in package.json, mirrored the README, docs, repository URL so everything looks legitimate on the npm page.

The only changes: - Renamed package to pino-sdk-v2 - Injected obfuscated code into lib/tools.js (300+ line file) - No install hooks whatsoever

The payload: Scans for .env, .env.local, .env.production, .env.development, .env.example files, extracts anything matching PRIVATE_KEY, SECRET_KEY, API_KEY, ACCESS_KEY, SECRET, or just KEY=, then POSTs it all to a Discord webhook as a formatted embed.

The malicious function is literally named log(). In a logging library. That's some next-level camouflage.

Why most scanners miss it: - No preinstall/postinstall hooks (most scanners focus on these) - Executes on require(), not during install - Obfuscated with hex variable names and string array rotation

Trusted metadata makes the npm page look legit

If you've installed it:

Remove immediately and rotate all secrets in your .env files. Treat it as full credential compromise.

Full technical analysis with deobfuscated payload and IOCs: https://safedep.io/malicious-npm-package-pino-sdk-v2-env-exfiltration/

Comments URL: https://news.ycombinator.com/item?id=47273407

Points: 1

# Comments: 0

Article URL: https://encore.dev/blog/last-year-of-terraform

Comments URL: https://news.ycombinator.com/item?id=47273397

Points: 3

# Comments: 0

Article URL: https://github.com/pranshuchittora/simvyn

Comments URL: https://news.ycombinator.com/item?id=47273375

Points: 1

# Comments: 1

Testing AI agents is painful. Every test run calls the LLM API, costs real money, takes minutes, and gives different results each time. CI? Forget about it.

Evalcraft fixes this with cassette-based capture and replay — think VCR for HTTP, but for LLM calls and tool use.

How it works:

1. Run your agent once with real API calls. Evalcraft records every LLM request, tool call, and response into a JSON cassette file.

2. In tests, replay from the cassette. Zero API calls, zero cost, deterministic output.

3. Assert on what matters: tool call sequences, output content, cost budgets, token counts.

run = replay("cassettes/support_agent.json") assert_tool_called(run, "lookup_order", with_args={"order_id": "ORD-1042"}) assert_tool_order(run, ["lookup_order", "search_knowledge_base"]) assert_cost_under(run, max_usd=0.01) It's pytest-native — fixtures, markers, CLI flags. Works with OpenAI, Anthropic, LangGraph, CrewAI, AutoGen, and LlamaIndex out of the box. Adapters auto-instrument your agent with zero code changes.

Also ships with golden-set management, regression detection, PII sanitization, and 16 CLI commands for inspecting/diffing cassettes.

555 tests, MIT licensed, `pip install evalcraft`.

Repo: https://github.com/beyhangl/evalcraft PyPI: https://pypi.org/project/evalcraft/ Docs: https://beyhangl.github.io/evalcraft/docs/

Would love feedback from anyone testing agents in CI.

Comments URL: https://news.ycombinator.com/item?id=47273374

Points: 1

# Comments: 0

Article URL: https://www.vibesing.me

Comments URL: https://news.ycombinator.com/item?id=47273371

Points: 1

# Comments: 1

Article URL: https://www.neowin.net/news/mozilla-is-working-on-a-big-firefox-redesign-here-is-what-it-looks-like/

Comments URL: https://news.ycombinator.com/item?id=47273116

Points: 1

# Comments: 0

Article URL: https://aws.amazon.com/blogs/aws/introducing-openclaw-on-amazon-lightsail-to-run-your-autonomous-private-ai-agents/

Comments URL: https://news.ycombinator.com/item?id=47273101

Points: 1

# Comments: 0

Article URL: https://www.sciencedaily.com/releases/2026/03/260303145705.htm

Comments URL: https://news.ycombinator.com/item?id=47273099

Points: 1

# Comments: 0

Article URL: https://www.youtube.com/watch?v=qht68vFaa1M

Comments URL: https://news.ycombinator.com/item?id=47273082

Points: 1

# Comments: 0

Article URL: https://bezoscalculator.com/

Comments URL: https://news.ycombinator.com/item?id=47273070

Points: 2

# Comments: 0

Article URL: https://www.reddit.com/r/germany/s/fbHf0kXsEE

Comments URL: https://news.ycombinator.com/item?id=47273067

Points: 1

# Comments: 0

I've been thinking about how AI will change advertising. Instead of static banners or landing pages, what if an ad was a conversation? I built a demo to explore this: a fictional luxury EV brand called Vela, with an AI sales consultant named Stella you can actually talk to. Ask her about range, pricing, comparisons to competitors — she knows the product inside out. Try it here: https://99helpers.com/tools/vela-chat The idea is simple: instead of cramming everything into a hero section and hoping someone scrolls, you let the customer ask what they actually care about. The AI handles objections, comparisons, and details on demand. Built with my own platform (99helpers.com) which lets you give an AI chatbot a knowledge base and embed it anywhere. This is one use case I hadn't fully considered until recently — using the chatbot not for support, but as the ad itself. Curious what HN thinks. Is conversational advertising compelling, or just a gimmick?

Comments URL: https://news.ycombinator.com/item?id=47273063

Points: 1

# Comments: 0

Article URL: https://www.plantbasededit.com/the-calm-energy-set-up/

Comments URL: https://news.ycombinator.com/item?id=47273054

Points: 1

# Comments: 0

Article URL: https://www.ayrshare.com/coding-with-multiple-ai-agents/

Comments URL: https://news.ycombinator.com/item?id=47273046

Points: 2

# Comments: 0