Feed aggregator

Article URL: https://twitter.com/pickover/status/2023047194211701052

Comments URL: https://news.ycombinator.com/item?id=47046143

Points: 1

# Comments: 0

Hi. Poor developer here.

I'm trying to learn AI coding (already have multiple years experience with "normal" programming in various languages.) I want to know how to make my budget (about $30/month) go furthest.

At the moment, I am using:

Z.ai $6/month plan:

Ok model (GLM 4.7) It seems to rate limit/throttle aggressively if I use it a lot.

and

Github copilot $10/month plan:

Seems to reduce model context to 100k tokens, and only offers unlimited access to smaller model (GPT5-mini, Grok Code Fast 1 etc). These models are ok for making precise edits to specific code, but they seem to get stuck when the program is large and has a lot of concurrency etc.

I also have free plans for web/mobile-chat for every model I can find.

I only have older computers, so editors like Cursor or Antigravity are too slow to be usable. So I prefer something that can work with a CLI (opencode preferably).

Do I already have the best deal? Or is there something I am missing. When I try to compare plans, it is confusing and they are not often clear about actual usage limits.

Are Codex or Claude even options at this price point if I want to code for multiple hours per day?

Comments URL: https://news.ycombinator.com/item?id=47046139

Points: 1

# Comments: 1

Article URL: https://www.ponylang.io/blog/2026/02/teaching-claude-to-write-pony/

Comments URL: https://news.ycombinator.com/item?id=47046132

Points: 1

# Comments: 0

Article URL: https://haskellforall.com/2026/02/browse-code-by-meaning

Comments URL: https://news.ycombinator.com/item?id=47046124

Points: 1

# Comments: 0

Article URL: https://www.restate.dev/blog/a-remote-control-for-your-agents

Comments URL: https://news.ycombinator.com/item?id=47046119

Points: 1

# Comments: 1

Article URL: https://www.parseable.com/blog/data-is-your-moat

Comments URL: https://news.ycombinator.com/item?id=47046117

Points: 1

# Comments: 2

Industrial cybersecurity firm Dragos has published its 9th Year in Review OT/ICS Cybersecurity Report.

The post 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos  appeared first on SecurityWeek.

Article URL: https://www.theregister.com/2026/02/17/capita_microsoft_copilot_pensions/

Comments URL: https://news.ycombinator.com/item?id=47046096

Points: 1

# Comments: 1

Hi HN. I built Nibble, a local network scanner I always wanted because I kept forgetting the quickest way to find devices and services on my LAN or VPN that I needed to SSH or log into. It focuses on speed and ease of use.

It scans common ports, grabs service banners, and identifies hardware vendors in a clean terminal UI. It’s open source and MIT Licensed, and it's available on brew, npm and pip.

I’d love for you to try it out.

Comments URL: https://news.ycombinator.com/item?id=47046085

Points: 1

# Comments: 0

Article URL: https://worldpopulationreview.com/country-rankings/capitalist-countries

Comments URL: https://news.ycombinator.com/item?id=47046082

Points: 1

# Comments: 0

Article URL: https://floedb.ai/blog/two-bits-are-better-than-one-making-bloom-filters-2x-more-accurate

Comments URL: https://news.ycombinator.com/item?id=47046070

Points: 4

# Comments: 0

Last week I finished building a small AI workflow. Four agents working together, connected to a real database.

I got curious and asked myself — what if someone sent something malicious?

So I tried it on myself.

I typed a manipulative goal instead of a normal one. The system processed it, stored it in my database, and told me everything completed successfully.

Tried it five more times with different approaches. Same result every time. Six attempts. Six successes. My own database now has six attack records sitting in it from my own tests.

Nobody in my system noticed. No alert. No refusal. No warning. The thing that got me — this isn't a bug. The system worked exactly as designed. It just wasn't designed with this in mind. And from what I can tell, most AI agent systems aren't.

Is anyone actually thinking about this in production?

Comments URL: https://news.ycombinator.com/item?id=47046068

Points: 2

# Comments: 0

Article URL: https://blog.nlnetlabs.nl/cascade/

Comments URL: https://news.ycombinator.com/item?id=47046055

Points: 2

# Comments: 0

Article URL: https://www.nytimes.com/2026/02/13/opinion/ezra-klein-podcast-anand-giridharadas.html

Comments URL: https://news.ycombinator.com/item?id=47046041

Points: 2

# Comments: 0

Article URL: https://twitter.com/amytam01/status/2023593365401636896

Comments URL: https://news.ycombinator.com/item?id=47046020

Points: 1

# Comments: 0

Article URL: https://www.chosun.com/english/industry-en/2026/02/08/ZHVGQTPLQ5CQ5BE2YBT22GTS2M/

Comments URL: https://news.ycombinator.com/item?id=47046013

Points: 2

# Comments: 0

Most cloud cost tools require write access, send data to SaaS platforms, and generate reports no one acts on.

CleanCloud is different: read-only, runs in your environment, and enforces hygiene as a CI/CD gate.

AWS Rules (10): - Unattached EBS Volumes - Old EBS Snapshots (90+ days) - Infinite Retention CloudWatch Logs - Unattached Elastic IPs (30+ days) - Detached Network Interfaces (60+ days) - Untagged Resources (EBS, S3, Log Groups) - Old AMIs (180+ days) - Idle NAT Gateways (~$32/mo each) - Idle RDS Instances (zero connections 14+ days) - Idle Load Balancers (zero traffic 14+ days)

Azure Rules (10): - Unattached Managed Disks - Old Snapshots - Unused Public IPs - Empty Load Balancers - Empty Application Gateways - Empty App Service Plans - Idle VNet Gateways - Stopped (Not Deallocated) VMs — still incurring full compute charges - Idle SQL Databases (zero connections 14+ days) - Untagged Resources

Every finding includes: - Confidence level (HIGH / MEDIUM) - Evidence and signals used - Resource details and age

Enforce in CI/CD: cleancloud scan --provider aws --all-regions --fail-on-confidence HIGH Exit 0 = pass. Exit 2 = policy violation. - No write access. - No telemetry. - No SaaS.

"pip install cleancloud" and run your first scan in 5 minutes.

GitHub: https://github.com/cleancloud-io/cleancloud

If you’re one of the 200+ users who have downloaded CleanCloud, we’d love to hear what you found. Please open an issue at https://github.com/cleancloud-io/cleancloud or leave a comment below.

Comments URL: https://news.ycombinator.com/item?id=47046010

Points: 1

# Comments: 1

Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes.

Driven by purely playful reasons, Azdoufal used Anthropic’s Claude Code AI coding assistant to reverse-engineer his Romo’s communication protocols. But when his homebrew app connected to DJI’s servers, roughly 7,000 robot vacuums across 24 countries started answering.

He could watch their live camera feeds, listen through onboard microphones, and generate floor plans of homes he’d never visited. With just a 14-digit serial number, he pinpointed a Verge journalist’s robot, confirmed it was cleaning the living room at 80% battery, and produced an accurate map of the house from another country.

The technical failure was almost comically basic. DJI’s MQTT message broker had no topic-level access controls. Once you authenticated with a single device token, you could see traffic from others device in plaintext.

It wasn’t only vacuums that answered back. DJI’s Power portable battery stations, which run on the same MQTT infrastructure, also showed up. These are home-backup generators expandable to 22.5kWh, marketed for keeping your house running during outages.

What makes this different from a conventional security discovery is how it happened. Azdoufal used Claude Code to decompile DJI’s mobile app, understand its protocol, extract his own authentication token, and build a custom client.

AI coding tools are lowering the bar for advanced offensive security. The population capable of probing Internet of Things (IoT) protocols just got much, much larger, further eroding any remaining faith in security through obscurity.

Why plenty of IoT vacuum cleaners suck

This isn’t the first time someone has remotely pwned a robot vacuum cleaner. In 2024, hackers commandeered Ecovacs Deebot X2 vacuums across US cities, shouting slurs through speakers and chasing pets around. Ecovacs’s PIN protection was checked only by the app, never by the server or the device.

Last September, South Korea’s consumer watchdog tested six brands. While Samsung and LG fared well, and found serious flaws in three Chinese models. Dreame’s X50 Ultra allowed remote camera activation. Researcher who Dennis Giese later reported a TLS vulnerability in Dreame’s app to CISA. Dreame didn’t respond to CISA’s queries.

The pattern keeps repeating: manufacturers ship vacuums with textbook security failures, ignore researchers, then scramble when journalists publish.

DJI’s initial response made things worse. Spokesperson Daisy Kong told The Verge the flaw had been fixed the prior week. That statement arrived about thirty minutes before Azdoufal demonstrated thousands of robots, including the journalist’s own review unit, still reporting in live. DJI later issued a fuller statement acknowledging a backend permission validation issue and two patches, on February 8 and 10.

DJI said that TLS encryption was always in place, but Azdoufal says that protects the connection, not what’s inside it. He also told The Verge that additional vulnerabilities remain unpatched, including a PIN bypass on the camera feed.

Regulators are applying pressure

Regulation is arriving, slowly. The EU’s Cyber Resilience Act will require mandatory security-by-design for all connected products sold in the bloc by December 2027, with fines up to €15 million. The UK’s PSTI Act, in force since April 2024, became the world’s first law banning default passwords on smart devices. The US Cyber Trust Mark, by contrast, is voluntary. These frameworks technically apply regardless of where the manufacturer sits. In practice, enforcing fines on a Shenzhen company that ignores CISA coordination requests is a different proposition entirely.

How to stay safe

There are practical steps you can take:

• Check independent security testing before buying connected devices
• Place IoT devices on a separate guest network
• Keep firmware updated
• Disable features you don’t need

And ask yourself whether a vacuum really needs a camera. Many LiDAR-only models navigate effectively without video. If your device includes a camera or microphone, consider whether you’re comfortable with that exposure—or physically cover the lens when not in use.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

British Transport Police will deploy facial recognition for six months despite calls for the government to halt its rapid expansion of the technology

Sustainability initiatives continue to drive competitive advantage in addition to cutting costs, reveals Kyle Myers of colocation giant CyrusOne