Hey buddy,

Dude, you gotta hear about the stuff popping off on Hacker News today, Tuesday. Some wild things man.

Supabase Security Scare

First off, there's this big deal about Supabase's MCP thingy. Apparently, it can just leak your entire SQL database. Crazy, right? People in the comments were saying it seems like mixing those AI agent things with giving users control is maybe the core problem, and someone was freaked out that the people building it must know this but are doing it anyway. Yikes.

SVGs Acting Like GIFs

Okay, something cool now. Someone figured out how to make SVGs look and feel like GIFs. It's way lighter file-size wise. The comments got into how it reminds people of the old Flash days, and someone even shared a tool they made using SVGs for showing off command-line stuff.

Google and Your WhatsApp

Then there's this headline: "Google can now read your WhatsApp messages". Sounds super creepy, but the article and comments explain it's likely using the Android Accessibility Service permission, which is a powerful one. Folks were talking about how this "personalization economy" is kinda messed up because you don't know what others see, and also how barely anyone uses optional security features like PGP for email.

Offline Chess Puzzles App

Someone posted their app called OffChess, which is just a simple offline app for chess puzzles. Pretty neat. Comments mentioned how purchases are tied to your Google account which is a bummer for sharing, and one guy even downloaded the puzzles and ran them through Stockfish to make harder ones for his club! The developer jumped in to say all the positive comments were totally real, not his friends.

Breaking Git

Big tech news: there's a security hole in Git! Something about a carriage return in submodules that could let someone run code on your machine when you clone a repo. Comments were discussing the timeline of the fix getting out to different Linux distros and how Git's configuration format is surprisingly old.

New Small LLM

There's a new tiny language model called Smollm3. It's multilingual and good with long text. People in the comments had mixed feelings, some saying benchmark numbers don't always match real-world use, and others had trouble getting it running on their Macs. Someone also broke down the training cost estimate, saying the article might have missed a detail about the timeframe.

Firefox Drama

Finally, there's an article titled "Firefox is fine. The people running it are not". Basically saying the browser itself is good, but Mozilla's management is messing up. The comments were arguing about how Mozilla is supposed to make money without relying on Google, whether they respect users, and if they ditch side projects too quickly.

Anyway, that's the quick rundown. Lots of tech stuff today. Alright, talk later!