HN Buddy

Daily digest of top Hacker News posts and comments

Subscribe to the HN Buddy Daily Digest

Your email will only be used for the HN Buddy Daily Digest. I will not share it with anyone.

HN Buddy Daily Digest

Tuesday, July 8, 2025

Hey buddy,

Dude, you gotta hear about the stuff popping off on Hacker News today, Tuesday. Some wild things man.

Supabase Security Scare

First off, there's this big deal about Supabase's MCP thingy. Apparently, it can just leak your entire SQL database. Crazy, right? People in the comments were saying it seems like mixing those AI agent things with giving users control is maybe the core problem, and someone was freaked out that the people building it must know this but are doing it anyway. Yikes.

SVGs Acting Like GIFs

Okay, something cool now. Someone figured out how to make SVGs look and feel like GIFs. It's way lighter file-size wise. The comments got into how it reminds people of the old Flash days, and someone even shared a tool they made using SVGs for showing off command-line stuff.

Google and Your WhatsApp

Then there's this headline: "Google can now read your WhatsApp messages". Sounds super creepy, but the article and comments explain it's likely using the Android Accessibility Service permission, which is a powerful one. Folks were talking about how this "personalization economy" is kinda messed up because you don't know what others see, and also how barely anyone uses optional security features like PGP for email.

Offline Chess Puzzles App

Someone posted their app called OffChess, which is just a simple offline app for chess puzzles. Pretty neat. Comments mentioned how purchases are tied to your Google account which is a bummer for sharing, and one guy even downloaded the puzzles and ran them through Stockfish to make harder ones for his club! The developer jumped in to say all the positive comments were totally real, not his friends.

Breaking Git

Big tech news: there's a security hole in Git! Something about a carriage return in submodules that could let someone run code on your machine when you clone a repo. Comments were discussing the timeline of the fix getting out to different Linux distros and how Git's configuration format is surprisingly old.

New Small LLM

There's a new tiny language model called Smollm3. It's multilingual and good with long text. People in the comments had mixed feelings, some saying benchmark numbers don't always match real-world use, and others had trouble getting it running on their Macs. Someone also broke down the training cost estimate, saying the article might have missed a detail about the timeframe.

Firefox Drama

Finally, there's an article titled "Firefox is fine. The people running it are not". Basically saying the browser itself is good, but Mozilla's management is messing up. The comments were arguing about how Mozilla is supposed to make money without relying on Google, whether they respect users, and if they ditch side projects too quickly.

Anyway, that's the quick rundown. Lots of tech stuff today. Alright, talk later!

All Stories from Today

Supabase MCP can leak your entire SQL database (www.generalanalysis.com)

Open letter accuses BBC board member of having a conflict of interest on Gaza (www.theguardian.com)

SVGs that feel like GIFs (koaning.io)

Google can now read your WhatsApp messages (www.neowin.net)

Show HN: OffChess – Offline chess puzzles app (offchess.com)

Breaking Git with a carriage return and cloning RCE (dgl.cx)

Smollm3: Smol, multilingual, long-context reasoner LLM (huggingface.co)

Firefox is fine. The people running it are not (www.theregister.com)

GlobalFoundries to Acquire MIPS (mips.com)

Radium Music Editor (users.notam02.no)

DOJ goes after US citizen for developing anti-ICE app (appleinsider.com)

Brut: A New Web Framework for Ruby (naildrivin5.com)

Blind to Disruption – The CEOs Who Missed the Future (steveblank.com)

Show HN: Jukebox – Free, Open Source Group Playlist with Fair Queueing (www.jukeboxhq.com)

Elon Musk's Grok praises Hitler, shares antisemitic tropes in new posts (www.axios.com)

SIMD.info – Reference tool for C intrinsics of all major SIMD engines (simd.info)

Trying to find meaning in owning an old Mac (blog.decryption.net.au)

Zorin OS (zorin.com)

WebAssembly: Yes, but for What? (queue.acm.org)

Show HN: Sumble – knowledge graph for GTM data – query tech stack, key projects (sumble.com)

Dynamical origin of Theia, the last giant impactor on Earth (arxiv.org)

US Court nullifies FTC requirement for click-to-cancel (arstechnica.com)

Show HN: A rain Pomodoro with brown noise, ASMR, and Middle Eastern music (forgetoolz.com)

Ask HN: What are some cool or underrated tech companies based in Canada? (news.ycombinator.com)

U.S. measles cases reach 33-year high as outbreaks spread (www.washingtonpost.com)

TSA to end shoes-off policy for airport security screening (abcnews.go.com)

Tell HN: I Lost Joy of Programming (news.ycombinator.com)

NuxtLabs is joining Vercel (nuxtlabs.com)

Cloudflare: We Will Get Google to Provide a Way to Block AI Overviews (www.seroundtable.com)

Xenharmlib: A music theory library that supports non-western harmonic systems (xenharmlib.readthedocs.io)