I use the plugin for Git, and the one for tasks. Hope those are safe!

You are safe. The way this hack works is that someone online would contact you, share a obsidian valut with you, you open the vault, you download & install a plugin the hacker tells you to install to open the vault. It's all described in the article if you would like to read it.

The obsidian vault is to already have the chosen plugin pre-selected and is part of the social engineering effort, that's not the main problem.

The issue is that this could happen to anyone who just searches the malicious plugin's name and installs it. Worse if it's a popular one that gets compromised.

No HN? :)

Of course that also HN

Slightly different but related topic - for people who work with people vibe coding, what is the easiest way to allow that for non tech users (and reducing risk)? AWS or something like vercel? Coolify?

I'm old and bitter about this, but you're not reducing risk by going with PaaS, you're just outsourcing it. That recent "My AI Agent deleted my prod DB" story was only possible because the PaaS they were using allowed for 1-click permanent delete. At least AWS has a "prevent accidental termination" checkbox.

Nobody wants to hear this, but as things stand, there's no escaping risk for vibe coders right now. Personally, I think AWS is still a good choice for the long run, but don't make the mistake of thinking current LLMs will actually be able to manage the environment on par with a decent infra engineer. That's one of their weaker areas right now. Good news is there are million managed service providers and AWS-competent humans still in existence. Also Premium Support is a good resource.

Whatever you do, make a lot of backups and store them on a different service somewhere. Then if you get to a situation where you need to do something with sensitive data, or need to raise money, engage with someone who can do a proper review.

Vercel and supabase seems to be the norm around here.

DX is simple, integrations between the two, and the stack is well understood by the LLM.

Lovable uses supabase, and is surprisingly easy to eject from too; I've done the lovable to Vercel + supabase a couple of times, even managing to keep it syncing via the Git integration. You can get proper scalable infra and minimal vendor lock in whilst the vibe coder gets to play with the pretty.

I have found I learn more when I talk to people who are really interested in a topic.

People still use ask.com? Don’t know if I have for a long time

They don’t. Hence why it’s shutting down.

Very cool, amazing!

What effects does marathon running have on the body long term?

Reading mode in your browser…?

> Normally I can just hit the button in my phone browser to read it in reader mode, but this site doesn’t support that either.

I would love to use reading mode in my browser if this site supported it. As I noted.

If you request the desktop site, reading mode will be available (that’s my experience anyway).

“Some bullet points are gated on process.env.USER_TYPE === 'ant' — Anthropic employees get stricter/more honest instructions than external use”

Interesting!

AI installing AI, it’s happening.. :-/

Slopception is coming.

Slop-squared