Feed aggregator

Article URL: https://classicplaygames.com/

Comments URL: https://news.ycombinator.com/item?id=47273874

Points: 2

# Comments: 1

Article URL: https://ai.gopubby.com/level-up-your-ai-agent-with-skills-engineering-faf00958b617

Comments URL: https://news.ycombinator.com/item?id=47273870

Points: 1

# Comments: 0

Bishop replaces David McKeown, who will take on a role in the private sector after 40 years of government service. 

The post James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO appeared first on SecurityWeek.

Whether you're looking for an under-desk treadmill or walking pad, this is what you should consider before adding one to your cart.

Whether it's called Clawdbot, Moltbot or OpenClaw, this AI assistant has taken the tech industry by storm.

The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations.

The post Iranian APT Hacked US Airport, Bank, Software Company appeared first on SecurityWeek.

New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick.

Machine-readable indelible watermarking in content supply chain is among proposals that could protect copyrighted content

Article URL: https://gasprices.aaa.com/jump-at-the-pump-as-national-average-goes-up-nearly-27-cents/

Comments URL: https://news.ycombinator.com/item?id=47273542

Points: 1

# Comments: 0

Article URL: https://today.ucsd.edu/story/americans-dont-just-fear-driverless-cars-will-crashthey-fear-mass-job-loss

Comments URL: https://news.ycombinator.com/item?id=47273534

Points: 1

# Comments: 0

Article URL: https://loopmaster.xyz/tutorials/sound-synthesis-101

Comments URL: https://news.ycombinator.com/item?id=47273533

Points: 1

# Comments: 0

Article URL: https://www.newyorker.com/culture/the-new-yorker-documentary/has-taking-the-perfect-photo-ruined-tourism-in-the-spectacle

Comments URL: https://news.ycombinator.com/item?id=47273524

Points: 1

# Comments: 0

Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver infostealers and proxy malware instead of the AI assistant users were looking for.

OpenClaw is an open‑source, self‑hosted AI agent that runs locally on your machine with broad permissions: it can read and write files, run shell commands, interact with chat apps, email, calendars, and cloud services. In other words, if you wire it into your digital life, it may end up handling access to a lot of sensitive data.

And, as is often the case, popularity brings brand impersonation. According to researchers at Huntress, attackers created malicious GitHub repositories posing as OpenClaw Windows installers, including a repo called openclaw-installer. These were added on February 2 and stayed up until roughly February 10, when they were reported and removed.

Bing search results pointed victims to these GitHub repositories. But when the victim downloaded and ran the fake installer, it didn’t give them OpenClaw at all. The installer dropped Vidar, a well‑known information stealer, directly into memory. In some cases, the loader also deployed GhostSocks, effectively turning the victim’s system into a residential proxy node criminals could route their traffic through to hide their activities.

How to stay safe

The good news is that the campaign appears to have been short-lived, and there are clear indicators and mitigations you can use.

If you downloaded an OpenClaw installer recently from GitHub after searching “OpenClaw Windows” in Bing, especially in early February, you should assume your system is compromised until proven otherwise.

Vidar can steal browser credentials, crypto wallets, and data from applications like Telegram. GhostSocks silently turns your machine into a proxy node for other people’s traffic. That’s not just a privacy issue. It can drag you into abuse investigations when someone else’s attacks appear to come from your IP address.

If you suspect you ran a fake installer:

• Disconnect the machine from your network, then run a full system scan with a reputable, up‑to‑date anti‑malware solution.
• Change passwords for critical services (email, banking, cloud, developer accounts) and do that on a different, clean device.
• Review recent logins and sessions for unusual activity, and enable multi‑factor authentication (MFA) where you haven’t already.

If you’re still intent on using OpenClaw:

• Run OpenClaw (or similar agents) in a sandboxed VM or container on isolated hosts, with default‑deny egress and tightly scoped allow‑lists.
• Give the runtime its own non‑human service identities, least privilege, short token lifetimes, and no direct access to production secrets or sensitive data.
• Treat skill/extension installation as introducing new code into a privileged environment: restrict registries, validate provenance, and monitor for rare or newly seen skills.
• Log and periodically review agent memory/state and behavior for durable instruction changes, especially after ingesting untrusted content or shared feeds.
• Understand and provide for the event where you may need to nuke‑and‑pave: keep non‑sensitive state snapshots handy, document a rebuild and credential‑rotation playbook, and rehearse it.
• Run an up-to-date, real-time anti-malware solution that can detect information stealers and other malware.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Hi HN,

I’m building WiseLocals to solve the lack of transparency in international sourcing. Most businesses lose margins to opaque intermediaries or face high fraud risks when sourcing from major manufacturing hubs.

We’ve developed a platform that connects businesses directly with vetted local experts, moving away from the "middleman" model that often complicates the supply chain.

Key Technical/Process Focus: * Multi-tiered verification: A rigorous onboarding process to verify local agent identity and expertise. * Milestone-based payments: Funds are held and only released once both parties are satisfied with the service. * Performance Analytics: Using data-driven insights to track vendor reliability over time. * Direct Project Management: A dedicated interface for real-time communication and project tracking.

I’d love to hear your thoughts on how to further automate trust in cross-border B2B transactions!

Comments URL: https://news.ycombinator.com/item?id=47273502

Points: 2

# Comments: 0

Article URL: https://ezramiller.biz/

Comments URL: https://news.ycombinator.com/item?id=47273493

Points: 1

# Comments: 0

Article URL: https://techcrunch.com/2026/03/05/cluely-ceo-roy-lee-admits-to-publicly-lying-about-revenue-numbers-last-year/

Comments URL: https://news.ycombinator.com/item?id=47273489

Points: 1

# Comments: 0

Article URL: https://www.economist.com/insider/the-insider/zanny-minton-beddoes-interviews-anthropics-boss

Comments URL: https://news.ycombinator.com/item?id=47273483

Points: 1

# Comments: 0

Article URL: https://emergentskills.com/the-zones-calculator

Comments URL: https://news.ycombinator.com/item?id=47273470

Points: 1

# Comments: 1

Hey HN,

Just dropped v0.1.0 of OxiLean yesterday.

It's a full Interactive Theorem Prover written 100% in Rust (1.2 million lines across 11 crates). Inspired by Lean 4, implements Calculus of Inductive Constructions, universe polymorphism, dependent types, full tactic framework (intro/apply/simp/ring/omega etc.), and even LCNF-based codegen.

Key points that actually matter: - Kernel has literally zero external crates and zero unsafe. Memory-safe by design, no unwraps, explicit errors everywhere. - Runs in the browser via WASM (npm package @cooljapan/oxilean ready). - REPL works out of the box: cargo run --bin oxilean - No C/Fortran anywhere — unlike original Lean.

Repo: https://github.com/cool-japan/oxilean

WASM demo snippet in README if you want to play instantly.

On my machine I've already proven 99.24% of MathLib4's 179,668 declarations (aiming for 100% in 0.1.1 soon). Been grinding this because I got tired of C++/OCaml build hell in formal methods tools.

Curious what you think — especially if you're into formal verification in Rust or using Lean.

Comments URL: https://news.ycombinator.com/item?id=47273461

Points: 1

# Comments: 0

Author here. I'm a software engineer who started writing hard science fiction on the side. I built this tool because I wanted to write in plain Markdown and go straight to Amazon KDP without touching Word, InDesign, or Vellum.

The workflow: I write stories in .md files, one heading per chapter, --- for scene breaks. When I'm ready to publish, I run one command and get a paperback PDF, hardcover PDF, and Kindle EPUB with correct margins, typography, and scene breaks. The tool wraps Pandoc and XeLaTeX with a custom LaTeX template and a Lua filter that handles the scene break conversion. Commander.js is the only Node dependency.

I used this to publish my first novelette, a hard sci-fi story called "The Pull" about an astrophysicist mapping the Zone of Avoidance behind the Milky Way. The science in the story is grounded in real astrophysics (the Great Attractor, large scale cosmic flows, the Zone of Avoidance). I also built an author website at 'alanvoss.me' with Next.js and Payload CMS, deployed as a static site on Vercel, where you can read the first chapter and see the characters.

On AI use and Graphics: The story concept and science are mine. I used Claude Opus 4.6 to help with some character dialogue and for grammar and spelling checks. Character portraits on the website were generated with Midjourney and OpenAI image models. Book covers were made in Canva.

The tool itself is simple (~200 lines of JS), but it solved a real problem for me. The KDP margin requirements are fiddly, especially the difference between paperback and hardcover inner margins, and getting scene breaks to render correctly in both LaTeX and EPUB needed the Lua filter approach. Hopefully useful to other developers who write.

Please let me know if you have any questions about the tool, the publishing process, or KDP in general.

Comments URL: https://news.ycombinator.com/item?id=47273448

Points: 1

# Comments: 0