Ask HN: How do you search the web programmatically these days?
2 by coreyp_1 | 2 comments on Hacker News.
For the first time in a long time, I need to query a search engine programmatically, and found that most of them block the use of curl, etc. So, my question is simple: how do you solve the problem? I've tried searxng with mediocre success, but it seems a bit heavy to have to be running a complete separate service for this one thing that I only need every once in a while. I haven't tried using a service that requires an API key, simply because I'm not sure which direction to go or who to go with. Just thought I would ask here first.
Hack Nux
Watch the number of websites being hacked today, one by one on a page, increasing in real time.
New ask Hacker News story: Gmail label bridge on Claude Cowork just broke
Gmail label bridge on Claude Cowork just broke
2 by mangoe | 2 comments on Hacker News.
Hello, a first time poster here - encountering an issue with my email triage system through claude after a connector update overnight. curious whether anyone else landed here? about a month ago i was trying to figure out a way to get intuitive ai filtering on my gmail without full labeling integration. with help from claude i worked out a system where claude can auto draft my email responses, and enter a little code for the appropriate label in the top of the draft..... then a Google Apps Script trigger runs every five minutes to read the code, apply the matching label to the parent thread, archive it and delete the draft. This system ran cleanly for weeks, but this morning an upgrade removed threadId from create_draft, so drafts now land as standalone messages rather than threaded replies. Did anyone on here have a similar workaround? any recommendations? i think im going to have to resort to a third party MCP, but would prefer not to as im being overly cautious of vulnerabilities right now. Thanks so much! - Robert
2 by mangoe | 2 comments on Hacker News.
Hello, a first time poster here - encountering an issue with my email triage system through claude after a connector update overnight. curious whether anyone else landed here? about a month ago i was trying to figure out a way to get intuitive ai filtering on my gmail without full labeling integration. with help from claude i worked out a system where claude can auto draft my email responses, and enter a little code for the appropriate label in the top of the draft..... then a Google Apps Script trigger runs every five minutes to read the code, apply the matching label to the parent thread, archive it and delete the draft. This system ran cleanly for weeks, but this morning an upgrade removed threadId from create_draft, so drafts now land as standalone messages rather than threaded replies. Did anyone on here have a similar workaround? any recommendations? i think im going to have to resort to a third party MCP, but would prefer not to as im being overly cautious of vulnerabilities right now. Thanks so much! - Robert
New Show Hacker News story: Show HN: Pyra – a Python toolchain experiment inspired by uv and Bun
Show HN: Pyra – a Python toolchain experiment inspired by uv and Bun
3 by trey-orr | 0 comments on Hacker News.
I’ve been working on Pyra for the past few months and wanted to start sharing it in public. Right now it’s focused on the core package/project management workflow: Python installs, init, add/remove, lockfiles, env sync, and running commands in the managed env. The bigger thing I’m exploring is whether Python could eventually support a more cohesive toolchain story overall, more in the direction of Bun: not just packaging, but maybe over time testing, tasks, notebooks, and other common workflow tools feeling like one system instead of a bunch of separate pieces. It’s still early, and I’m definitely not claiming it’s as mature as uv. I’m mostly sharing it now because I want honest feedback on whether the direction feels interesting or misguided.
3 by trey-orr | 0 comments on Hacker News.
I’ve been working on Pyra for the past few months and wanted to start sharing it in public. Right now it’s focused on the core package/project management workflow: Python installs, init, add/remove, lockfiles, env sync, and running commands in the managed env. The bigger thing I’m exploring is whether Python could eventually support a more cohesive toolchain story overall, more in the direction of Bun: not just packaging, but maybe over time testing, tasks, notebooks, and other common workflow tools feeling like one system instead of a bunch of separate pieces. It’s still early, and I’m definitely not claiming it’s as mature as uv. I’m mostly sharing it now because I want honest feedback on whether the direction feels interesting or misguided.
New ask Hacker News story: Tell HN: Security Incident at Porter (YC S20)
Tell HN: Security Incident at Porter (YC S20)
3 by leetrout | 1 comments on Hacker News.
Hug ops to the team. Justin is great and I know they have to be stressed from all of this. Email I got from Porter follows, trimmed for HN character limit. Full text at https://gist.github.com/leetrout/2d172d2b95e8d24af0f3de0d0b03561e --- What happened On April 13th, 2026, the Porter team detected unauthorized activity originating from a stale AWS access key in our infrastructure. Upon detection, we immediately revoked all affected credentials and engaged our incident response processes, which included a comprehensive investigation. Since April 13th, we have seen no further evidence of unauthorized activity within Porter networks and systems. Working closely with Cloudflare and Amazon, we have substantially completed the investigation of our environment and are continuing to prioritize supporting customers in their response efforts. We have determined that the threat actor operated between 03:23 UTC April 11, 2026 and 15:24 UTC April 13, 2026. During this window, the threat actor leveraged IAM role chaining from Porter's infrastructure to access 21 customer cloud accounts. A few customers within the targeted group confirmed successful retrieval of on-cluster secrets. For these users, we currently have no evidence that secrets were abused or that other actions were taken beyond secret retrieval through this role chain. In particular, there was no evidence of any unauthorized modification of customer infrastructure for any of these users. Via the same initial access, the threat actor accessed credentials for the Porter GitHub App. Working with the GitHub team, we learned that requests were made to GitHub API endpoints for some users. We have since received confirmation that three customer repositories were cloned. User-configured Helm overrides and credentials for Porter integrations, including Slack and AI integrations for a limited number of users, were also exposed. All users with such credentials were directly informed this week. [snip] In the days since, we have: Rotated all remaining Porter AWS access keys, including those not known to be affected Deployed additional logging and monitoring across all Porter AWS accounts Established endpoint detection and response, additional real-time alerting, an incident response retainer, and 24x7 monitoring with an outside security firm Further restricted ingress network traffic Engaged Cloudflare, Latacora, and AWS to audit our configurations We will cover the full scope of our ongoing remediation, including elimination of long-lived access keys, least-privilege enforcement, role chaining restrictions, and expanded threat detection in a detailed write-up to follow. What Porter customers should do We have communicated tailored action items to all customers based on their levels of exposure. The following general steps apply to everyone: Review GitHub activity logs [snip] Key events to look for: Unexpected repository clones ("git.clone" events) New deploy keys or SSH keys added to repositories OAuth application authorizations you don't recognize Changes to branch protection rules or webhook configurations Rotate third-party credentials Rotate credentials for any Porter integrations, including Slack, alerting services, and AI support, that have not been updated since April 14, 2026. Engage a security firm if needed [snip] What comes next The incident resulted from a stale, overprivileged access key. Our remediation is focused on eliminating the conditions that made this compromise possible, not just the specific vector that was exploited. We will share a detailed write-up in the coming weeks covering our remediation and ongoing efforts to harden our infrastructure. We also intend to establish regular transparency updates on our security posture moving forward. [snip]
3 by leetrout | 1 comments on Hacker News.
Hug ops to the team. Justin is great and I know they have to be stressed from all of this. Email I got from Porter follows, trimmed for HN character limit. Full text at https://gist.github.com/leetrout/2d172d2b95e8d24af0f3de0d0b03561e --- What happened On April 13th, 2026, the Porter team detected unauthorized activity originating from a stale AWS access key in our infrastructure. Upon detection, we immediately revoked all affected credentials and engaged our incident response processes, which included a comprehensive investigation. Since April 13th, we have seen no further evidence of unauthorized activity within Porter networks and systems. Working closely with Cloudflare and Amazon, we have substantially completed the investigation of our environment and are continuing to prioritize supporting customers in their response efforts. We have determined that the threat actor operated between 03:23 UTC April 11, 2026 and 15:24 UTC April 13, 2026. During this window, the threat actor leveraged IAM role chaining from Porter's infrastructure to access 21 customer cloud accounts. A few customers within the targeted group confirmed successful retrieval of on-cluster secrets. For these users, we currently have no evidence that secrets were abused or that other actions were taken beyond secret retrieval through this role chain. In particular, there was no evidence of any unauthorized modification of customer infrastructure for any of these users. Via the same initial access, the threat actor accessed credentials for the Porter GitHub App. Working with the GitHub team, we learned that requests were made to GitHub API endpoints for some users. We have since received confirmation that three customer repositories were cloned. User-configured Helm overrides and credentials for Porter integrations, including Slack and AI integrations for a limited number of users, were also exposed. All users with such credentials were directly informed this week. [snip] In the days since, we have: Rotated all remaining Porter AWS access keys, including those not known to be affected Deployed additional logging and monitoring across all Porter AWS accounts Established endpoint detection and response, additional real-time alerting, an incident response retainer, and 24x7 monitoring with an outside security firm Further restricted ingress network traffic Engaged Cloudflare, Latacora, and AWS to audit our configurations We will cover the full scope of our ongoing remediation, including elimination of long-lived access keys, least-privilege enforcement, role chaining restrictions, and expanded threat detection in a detailed write-up to follow. What Porter customers should do We have communicated tailored action items to all customers based on their levels of exposure. The following general steps apply to everyone: Review GitHub activity logs [snip] Key events to look for: Unexpected repository clones ("git.clone" events) New deploy keys or SSH keys added to repositories OAuth application authorizations you don't recognize Changes to branch protection rules or webhook configurations Rotate third-party credentials Rotate credentials for any Porter integrations, including Slack, alerting services, and AI support, that have not been updated since April 14, 2026. Engage a security firm if needed [snip] What comes next The incident resulted from a stale, overprivileged access key. Our remediation is focused on eliminating the conditions that made this compromise possible, not just the specific vector that was exploited. We will share a detailed write-up in the coming weeks covering our remediation and ongoing efforts to harden our infrastructure. We also intend to establish regular transparency updates on our security posture moving forward. [snip]
New Show Hacker News story: Show HN: Spice simulation → oscilloscope → verification with Claude Code
Show HN: Spice simulation → oscilloscope → verification with Claude Code
3 by _fizz_buzz_ | 1 comments on Hacker News.
I built MCP servers for my oscilloscope and SPICE simulator so Claude Code can close the loop between simulation and real hardware.
3 by _fizz_buzz_ | 1 comments on Hacker News.
I built MCP servers for my oscilloscope and SPICE simulator so Claude Code can close the loop between simulation and real hardware.
New ask Hacker News story: Aliens.gov Resolves – To a WordPress "Site Not Found" Error
Aliens.gov Resolves – To a WordPress "Site Not Found" Error
9 by ascarola | 2 comments on Hacker News.
After a month of "Stay tuned! " from White House Principal Deputy Press Secretary Anna Kelly, the U.S. government's long-awaited UFO disclosure portal has achieved a major milestone: it now returns what appears to be a WordPress multisite configuration error instead of nothing. Progress. The domain was registered by CISA on March 17th amid much fanfare following Trump's directive to release classified files on UAPs, extraterrestrial life, and "any and all other information connected to these highly complex but extremely interesting and important matters." The Pentagon got involved. Avi Loeb wrote a think piece. A cottage industry of fake mirror sites (aliens-gov.online, aliensgov.online, etc.) sprang up overnight. The actual government site? SITE_NOT_FOUND. To be fair, this is likely a CMS multisite DNS/mapping issue — the server is live, the content just hasn't been deployed yet. So disclosure is technically imminent, in the same way that a 90s GeoCities page was technically imminent once you bought the domain. The real question is whether the classified files revealing 70 years of extraterrestrial contact will be organized with Categories, Tags, and a sidebar widget showing Recent Posts. :)
9 by ascarola | 2 comments on Hacker News.
After a month of "Stay tuned! " from White House Principal Deputy Press Secretary Anna Kelly, the U.S. government's long-awaited UFO disclosure portal has achieved a major milestone: it now returns what appears to be a WordPress multisite configuration error instead of nothing. Progress. The domain was registered by CISA on March 17th amid much fanfare following Trump's directive to release classified files on UAPs, extraterrestrial life, and "any and all other information connected to these highly complex but extremely interesting and important matters." The Pentagon got involved. Avi Loeb wrote a think piece. A cottage industry of fake mirror sites (aliens-gov.online, aliensgov.online, etc.) sprang up overnight. The actual government site? SITE_NOT_FOUND. To be fair, this is likely a CMS multisite DNS/mapping issue — the server is live, the content just hasn't been deployed yet. So disclosure is technically imminent, in the same way that a 90s GeoCities page was technically imminent once you bought the domain. The real question is whether the classified files revealing 70 years of extraterrestrial contact will be organized with Categories, Tags, and a sidebar widget showing Recent Posts. :)
New Show Hacker News story: Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years
Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years
2 by bkls | 0 comments on Hacker News.
Interesting to see that the entrepreneurs from more recent years tend to be doing well relative to years prior. Some interesting future directions could be: - Expanding search to be global and include more competitions, like biology and chemistry - Improving search so less unknown results - Showing insights, like trends over the years Kudos to Perplexity Computer for making this
2 by bkls | 0 comments on Hacker News.
Interesting to see that the entrepreneurs from more recent years tend to be doing well relative to years prior. Some interesting future directions could be: - Expanding search to be global and include more competitions, like biology and chemistry - Improving search so less unknown results - Showing insights, like trends over the years Kudos to Perplexity Computer for making this