Bambu Lab is abusing the open source social contract
\n\n\n\n477 points | 168 comments
\n\n\n\nFull disclosure: I've never owned a Bambu because I've never loved the idea of a \"closed\" ecosystem 3D printer, however I have used them, and am very familiar with the 3d printing space beyond Bambu.\nFor anyone considering alternatives: You should know that almost all other 3D printers expect you to know a little more about how they actually work than Bambus. Bambus are as close as you can get to a \"just works\" type experience, but modern alternatives from others are nowhere near as hard as they used to be.
The closest \"easy\" alternative is probably Prusa, but you'll pay significantly more for a Prusa machine than you would a Bambu. They're an excellent company, and the complete opposite of Bambu when it comes to Openness. If money is no object, Prusa is highly recommended.
Beyond Prusa, there's a lot of other options. https://auroratechchannel.com/#section2 This list is a good one.
I personally run an old Elegoo Neptune 4 pro - but my needs are quite low. If I were buying today, a Snapmaker U1 or the Creality K2 Plus is probably where I'd end up going.\n— kn100\n
555 points | 890 comments
\n\n\n\nGross. This is just more proof that corporations simply don't know how to market AI. Everything is an ad for an ad at this point. The very first thing they show this new machine doing is helping people shop for clothes using AI.\nNo one is doing that, these people don't exist. No matter how hard corporate America wishes they did. This is why AI doesn't sell. This is why companies like Microsoft and Dell are pulling back on their AI claims and why Apple has nearly wiped it off their site all together, seriously go check out apple.com, not a single mention of Apple Intelligence.
At this point I'm convinced that marketing has been completely taken over by shareholder shills, marketing to customers they wish they had instead of the real customers that exist.\n— Jzush\n
Why senior developers fail to communicate their expertise
\n\n\n\n339 points | 162 comments
\n\n\n\nBecause the most important parts of the expertise are coming from their internal \"world model\" and are inseparable from it.\nAn average unaware person believes that anything can be put in words and once the words are said, they mean to reader what the sayer meant, and the only difficulty could come from not knowing the words or mistaking ambiguities. The request to take a dev and \"communicate\" their expertise to another is based on this belief. And because this belief is wrong, the attempt to communicate expertise never fully succeeds.
Factual knowledge can be transferred via words well, that's why there is always at least partial success at communicating expertise. But solidified interconnected world model of what all your knowledge adds up to, cannot. AI can blow you out of the water at knowing more facts, but it doesn't yet utilize it in a way that allows surprisingly often having surprisingly correct insights into what more knowledge probably is. That mysterious ability to be right more often is coming out of \"world model\", that is what \"expertise\" is. That part cannot be communicated, one can only help others acquire the same expertise.
Communicating expertise is a hint where to go and what to learn, the reader still needs to put effort to internalize it and they need to have the right project that provides the opportunity to learn what needs to be learnt. It is not an act of transfer.\n— hamstergene\n
EU to crack down on TikTok, Instagram's 'addictive design' targeting kids
\n\n\n\n378 points | 320 comments
\n\n\n\nThis is pretty easy to solve. If you present data by algorithm, you are no longer an impartial common carrier and are liable for the content you present. If the user decides you don’t, ala social media 1.0.\n— conception\n\n
Rendering the Sky, Sunsets, and Planets
\n\n\n\n392 points | 34 comments
\n\n\n\nI saw this a while ago so it might not be totally related, but Sebastian Lague did a video on atmospheres for his planet generation experiment which was also very entertaining to watch [1].\nThere's something particularly entertaining on developing visuals and watching them come a reality — I hope at some point be able to experiment in this field.
[1] https://www.youtube.com/watch?v=DxfEbulyFcY\n— etra0\n
Show HN: Needle: We Distilled Gemini Tool Calling into a 26M Model
\nHey HN, Henry here from Cactus. We open-sourced Needle, a 26M parameter function-calling (tool use) model. It runs at 6000 tok/s prefill and 1200 tok/s decode on consumer devices.We were always frustrated by the little effort made towards building agentic models that run on budget phones, so we conducted investigations that led to an observation: agentic experiences are built upon tool calling, and massive models are overkill for it. Tool calling is fundamentally retrieval-and-assembly (match query to tool name, extract argument values, emit JSON), not reasoning. Cross-attention is the right primitive for this, and FFN parameters are wasted at this scale.
Simple Attention Networks: the entire model is just attention and gating, no MLPs anywhere. Needle is an experimental run for single-shot function calling for consumer devices (phones, watches, glasses...).
Training:\n- Pretrained on 200B tokens across 16 TPU v6e (27 hours)\n- Post-trained on 2B tokens of synthesized function-calling data (45 minutes)\n- Dataset synthesized via Gemini with 15 tool categories (timers, messaging, navigation, smart home, etc.)
You can test it right now and finetune on your Mac/PC: https://github.com/cactus-compute/needle
The full writeup on the architecture is here: https://github.com/cactus-compute/needle/blob/main/docs/simp...
We found that the \"no FFN\" finding generalizes beyond function calling to any task where the model has access to external structured knowledge (RAG, tool use, retrieval-augmented generation). The model doesn't need to memorize facts in FFN weights if the facts are provided in the input. Experimental results to published.
While it beats FunctionGemma-270M, Qwen-0.6B, Granite-350M, LFM2.5-350M on single-shot function calling, those models have more scope/capacity and excel in conversational settings. We encourage you to test on your own tools via the playground and finetune accordingly.
This is part of our broader work on Cactus (https://github.com/cactus-compute/cactus), an inference engine built from scratch for mobile, wearables and custom hardware. We wrote about Cactus here previously: https://news.ycombinator.com/item?id=44524544
Everything is MIT licensed. Weights: https://huggingface.co/Cactus-Compute/needle\nGitHub: https://github.com/cactus-compute/needle\n\n\n
240 points | 86 comments
\n\n\n\nHmm.. this might make it feasible to build something like a command line program where you can optionally just specify the arguments in natural language. Although I know people will object to including an extra 14 MB and the computation for \"parsing\" and it could be pretty bad if everyone started doing that.\nBut it's really interesting to me that that may be possible now. You can include a fine-tuned model that understands how to use your program.
E.g. `> toolcli what can you do` runs `toolcli --help summary`, `toolcli add tom to teamfutz group` = `toolcli --gadd teamfutz tom`\n— ilaksh\n
Restore full BambuNetwork support for Bambu Lab printers
\n\n\n\n352 points | 144 comments
\n\n\n\nThis looks to be a clone of the prior state of the repository that caused all the Bambu drama earlier this week.\nI did a ton of research because I didn't understand what people wanted here, and this is what's going on:
Right now, Bambu have adjusted their system into two modalities:
* \"default\" or \"Cloud\" mode, where you get an app, remote monitoring, but you have to use Bambu Studio or Bambu Connect to send prints. They implemented this by adding cloud auth to their \"internal API;\" the client application has to get a token from Bambu's servers, even if the request it eventually makes is a \"local\" one.
* LAN / Developer mode, where the device displays a token and you put it into your app. This disables all of the remote monitoring but in exchange, clients can send prints locally.
What users want is to \"have their cake and eat it too;\" they want the local token authentication _and_ the cloud authentication enabled at the same time. This isn't actually possible, so this plugin approximates it by emulating the interface to the cloud authentication to make the \"Bambu Network\" cloud RPC calls from a local slicer (one of these calls is a local_print call, so ostensibly this allows you to send prints without running them through the cloud, although with all of the online functionality still enabled and required, this seems like a pretty brave thing to trust).
Personally, I find the Bambu reaction distasteful, and there's an argument that the offline mode only exists due to similar outrage, but I don't see the current system as particularly bad and find the appetite to restore \"untrustworthy\" cloud functionality a bit amusing.\n— bri3d\n
The Future of Obsidian Plugins
\n\n\n\n281 points | 116 comments
\n\n\n\nObsidian CEO here. We've been working for nearly a year to launch this new Community site and review system. I'm very excited about this first version but there are many more improvements to come.\nI've tried to be exhaustive with the blog post, FAQs, and next steps on our roadmap, but I am sure I forgot some things, so feel free to ask!
This has been an incredibly challenging project for a number of reasons. We're only seven people but we have thousands of plugin developers and millions of users. There are many competing priorities to balance.
We wanted to make sure the new system would be easy to adopt, backwards compatible, and not completely break people's workflows, while still being a major improvement over the old approach, and allow us to gradually continue enhancing security and discoverability of plugins.
Consider it a work in progress. We're listening to everyone's ideas and gripes, and will keep iterating :)\n— kepano\n
323 points | 111 comments
\n\n\n\nIt's great except the war is obviously for Israel not oil, we had more access to oil before the war\n— an0malous\n\n
How to make your text look futuristic (2016)
\n\n\n\n306 points | 36 comments
\n\n\n\nDoes the Back To The Future logo really count? Raiders of the Lost Ark as a very similar style but does not evoke \"future\". Yes, there are subtle differences. My point is, if you divorced them from the connection to their content I think it would be hard to point to one as \"future\" and the other as \"not future\"\n— socalgal2\n\n
TanStack NPM Packages Compromised
\n\n\n\n410 points | 125 comments
\n\n\n\nPlease be careful when revoking tokens. It looks like the payload installs a dead-man's switch at ~/.local/bin/gh-token-monitor.sh as a systemd user service (Linux) / LaunchAgent com.user.gh-token-monitor(macOS). It polls api.github.com/user with the stolen token every 60s, and if the token is revoked (HTTP 40x), it runs rm -rf ~/.\nhttps://github.com/TanStack/router/issues/7383#issuecomment-...\n— cube00\n
Ratty – A terminal emulator with inline 3D graphics
\n\n\n\n449 points | 156 comments
\n\n\n\nThis reminds me of when compiz came out and everyone was like MY WINDOWS ARE ON A CUBE and I NEED WOBBLY WINDOWS.\nSo anyway, being that guy, I immediately installed it.\n— ghostoftiber\n
GitLab Announces Workforce Reduction and End of Their CREDIT Values
\n\n\n\n240 points | 207 comments
\n\n\n\nTheir old CREDIT values: Collaboration, Results for Customers, Efficiency, Diversity, Inclusion & Belonging, Iteration, and Transparency.\nNew values: Speed with Quality, Ownership Mindset, Customer Outcomes.
In other words, work harder, not smarter, and no more DEI.\n— Animats\n
If AI writes your code, why use Python?
\n\n\n\n394 points | 401 comments
\n\n\n\nNot just for LLMs, but in general if code is produced automatically by a tool and isn't going to be a hundred percent proofread and tested by humans who could have written it manually, it's always better to use the safest possible language so that the compiler can catch most of the errors. So yeah, Rust or OCaml are good candidates. Performance is also a good point but it's a secondary issue in my opinion.\n— p4bl0\n\n
Software engineering may no longer be a lifetime career
\n\n\n\n335 points | 579 comments
\n\n\n\nMultiple times per week I have the same conversation. It goes something like this:\n\nThe developers who still think their job is about writing code will perhaps not have a job in the future. Brutal as it may sound: I'm fine with that. I'm getting old and I value my remaining time on the planet.- AI will make developers irrelevant\n - Why?\n - Because LLMs can write code\n - Do you know what I do for a living?\n - Yes, write code?\n - Yes, about 2-5% of the time. Less now.\n - But you said you are a developer?\n - I did\n - So what do you do 95-98% of the time?\n - I understand things and then apply my ability to formulate solutions\n - But I can do that!\n - So why aren't you?\nBusiness owners who think they can do without developers because they think LLMs replace developers are fine by me too. Natural selection will take care of them in due course.\n— bborud\n
CUDA-oxide: Nvidia's official Rust to CUDA compiler
\n\n\n\n347 points | 107 comments
\n\n\n\nThis is amazing.. ive been working with custom CUDA kernels and https://crates.io/crates/cudarc for a long time, and this honestly looks like it could be a near drop-in replacement.\nim especially curious how build times would compare? Most Rust CUDA crates obv rely on calling CMake or nvcc, which can make compilation painfully slow. coincidentally, just last week i was profiling build times and found that tools like sccache can dramatically reduce rebuild times by caching artifacts - but you still end up paying for expensive custom nvcc invocations (e.g. candle by hugging face calls custom nvcc command in their kernel compilation): https://arpadvoros.com/posts/2026/05/05/speeding-up-rust-whi...\n— arpadav\n
UCLA discovers first stroke rehabilitation drug to repair brain damage (2025)
\n\n\n\n306 points | 62 comments
\n\n\n\nMy understanding was that strokes caused brain cell death, and that there was no coming back from that, but my neurologists would speak of 'bruised' brain cells, and that after weeks or months or even years you can see recovered function. UCLA's work here is targeting this disconnection and the lost rhythm in the surviving, distant networks. However there is, as yet, NO concievable intervention that could recover function from cell death at that center of the infarct.\n— padolsey\n\n
Can someone please explain whether Cloudflare blackmailed Canonical?
\n\n\n\n229 points | 136 comments
\n\n\n\n\"Renting attack capacity from [cloudflare]\" is inaccurate as I understand things. That group hosts their site behind cloudflare but I have not seen anyone claim that cloudflare's infra is used for the attacks.\nThis whole article seems conflate hosting an informational site run by the attackers and hosting the attack itself.\n— jwitthuhn\n
A.I. note takers are making lawyers nervous
\n\n\n\n224 points | 163 comments
\n\n\n\nhttps://archive.is/wPKhf\n— Tistron\n\n
They Live (1988) inspired Adblocker
\n\n\n\n240 points | 76 comments
\n\n\n\nReplacing ads reminds me of the eye tap AR stuff by Steve Mann\nhttps://news.ycombinator.com/item?id=44406552\n— riedel\n
Hardware Attestation as Monopoly Enabler
\n\n\n\n748 points | 279 comments
\n\n\n\nThe EU Digital (identity) Wallet EUDI requires hardware attestation by Google or Apple, effectively tying all the digital EU identities to American duopoly. Talk about digital sovereignity. Apparently protecting the children > sovereignity.\nhttps://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...\n— miohtama\n
434 points | 220 comments
\n\n\n\nFor the mainstream audience, the sentiment around local ai today is the same that they had around open source a few decades ago. For a few products, some paid solutions were so much more advanced that open source were very often completely overlooked. Why bother ? And the like. Then we had captive SaaS and other plateforms and now it's obviously wrong for most of us.\nThe dependency we have with anthropic and openai for coding for instance is insane. Most accept it because either they don't care, or they just hope chinese will never stop open weights. The business model of open weights is very new, include some power play between countries and labs, and move an absurd amount of money without any concrete oversight from most people.
It's a very dangerous gamble. Today incredible value is available for nearly everyone. But it may stop without any warning, for reason outside our control.\n— TheJCDenton\n
Louis Rossmann offers to pay legal fees for a threatened OrcaSlicer developer
\n\n\n\n442 points | 236 comments
\n\n\n\nI made the tragic mistake of getting a Bambu printer (an X1C, with AMS even...) right before they gave all of us the middle finger. I now have it offline, running out of date firmware, connected to a special WiFi network that is isolated from the Internet.\nThat upset me, but now I'm pissed. Now I don't even care about their stupid printers. Now I'd like to waste Bambu Lab's time and cause problems for them.
And also, while this X1C should be going strong for years, my eyes are on Prusa should I want another printer any time soon for any reason. Less polished or not, they seem like they're still better for consumers even though they are apparently less open than they used to be. But I'm of course interested in hearing what people recommend, too. (I got an X1C because I knew it would be simple, but I don't particularly mind getting my hands dirty or anything. I did build an Ender 3 kit before that.)\n— jchw\n
Incident Report: CVE-2024-YIKES
\n\n\n\n345 points | 84 comments
\n\n\n\nFor anyone confused, this is (very good imo) fiction about supply-chain incidents. It had me very worried during a brief scan that it was real though, which made me read it more attentively :)\n— lynndotpy\n\n
I'm going back to writing code by hand
\n\n\n\n245 points | 101 comments
\n\n\n\nI've set a few rules for working with coding agents:\n1. If I use a coding agent to generate code, it should be something I am absolutely confident I can code correctly myself given the time (gun to my head test).
2. If it isn't, I can't move on until I completely understand what it is that has been generated, such that I would be able to recreate it myself.
3. I can create debt (I believe this is being called Cognitive Debt) by breaking rule 2, but it must be paid in full for me to declare a project complete.
Accumulating debt increases the chances that code I generate afterwards is of lower quality, and it also feels like the debt is compounding.
I'm also not really sure how these rules scale to serious projects. So far I've only been applying these to my personal projects. It's been a real joy to use agents this way though. I've been learning a lot, and I end up with a codebase that I understand to a comfortable level.\n— baddash\n
340 points | 135 comments
\n\n\n\nThis is the first year when I can’t do that.\nPlease go do it on my behalf, while it’s possible.\n— kstrauser\n
228 points | 66 comments
\n\n\n\nIt's ridiculous how accurate this recreation is to the original, it looks and feels identical.\nThe author was able to do this just decompiling the exe files, without looking at the original source code. Basically, completely blind.
So it goes without saying: The deaf, dumb and blind kid sure makes a mean pinball.\n— s20n\n
Running local models on an M4 with 24GB memory
\n\n\n\n249 points | 79 comments
\n\n\n\nGetting so close to good!\nI consider Gemma 4 31B (dense / no MoE), the new baseline for local models. It's obviously worse than the frontier models, but it feels less like a science experiment than any previous local model I’ve run, including GPT OSS 120B and Nemotron Super 120B.
On my M5 Max with 128 GB of RAM and the full 256K context window, I see RAM use spike to about 70 GB, with something like 14 GB of system overhead. A 64 GB Panther Lake machine with the full Arc B390, or a 48 GB Snapdragon X2 Elite machine, could probably run it with a 128K to 256K context window. Maybe you can squeeze it into 32GB (27.5GB usable) with a 32K context window?
Even last year, seeing this kinda performance on a mainstream-ish/plus configuration would have seemed like a pipe dream.\n— soganess\n
Maryland citizens hit with $2B power grid upgrade for out-of-state AI
\n\n\n\n222 points | 123 comments
\n\n\n\nIt seems that big money can overrule local government regulators at will.\nHere in Nevada, (Warran Buffet owned) NV Energy already has approval for a \"Demand Charge\" that will increase rates for everyone, and further reduce the ridiculously low amount of money that consumers get for selling their excess solar power back to the grid.
The regulators didn't even resist, but there has now been so much backlash that they're finally scheduling public hearings after the fact. The announcement doesn't even mention the Demand Charge by name, and many consumers aren't even aware they they're about to be screwed.
One of the more obscene things about this new charge is that people with PV arrays will pay a fee for demanding more power from their own grid-tied systems.
https://www.nvenergy.com/publish/content/dam/nvenergy/bill_i...\n— anonymousiam\n
217 points | 76 comments
\n\n\n\nYC has funded over 5000 companies, and this page catalogs 39 that failed, many of which, on the sites own terms, are simply business failures, with no additional drama. I don't think the authors of the site realize the case they're actually making here.\n— tptacek\n\n
285 points | 35 comments
\n\n\n\nRelevant blog post: https://blog.archive.org/2026/05/06/internet-archive-switzer...\n> Internet Archive Switzerland joins a growing group of mission-aligned organizations, alongside Internet Archive, Internet Archive Canada, and Internet Archive Europe. Together, these independent libraries strengthen a shared vision: building a distributed, resilient digital library for the world.\n— input_sh\n
Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc
\nhttps://xunroll.com/thread/2053047748191232310Recent and related: Zig → Rust porting guide - https://news.ycombinator.com/item?id=48016880 - May 2026 (540 comments)\n\n\n
354 points | 349 comments
\n\n\n\nFrom 4 days ago: https://news.ycombinator.com/item?id=48019226\n\n— legerdemain\n> I work on Bun and this is my branch\n >\n > This whole thread is an overreaction. 302 comments about code that does not work. We haven’t committed to rewriting. There’s a very high chance all this code gets thrown out completely.\n >\n > I’m curious to see what a working version of this looks, what it feels like, how it performs and if/how hard it’d be to get it to pass Bun’s test suite and be maintainable. I’d like to be able to compare a viable Rust version and a Zig version side by side.
233 points | 126 comments
\n\n\n\nYou know I was actually really curious about this so I went back to the HTML and URL W3C standards and surprisingly they don't actually have any definitions of format other than being percent encoded. One might conflate query strings with \"form-urlencoded\"[0] query strings, which is one potential interoperability format, but in general a queries string is just any percent encoded string following a \"?\" in a url[1], and just another property in the \"URL\" HTML object that can be used in the generation of a response. While additionally there is a URLSearchParams object that is the result of parsing the query string with the form-urlencoded parser, this is simply an interoperability layer for JavaScript.\nI'm going to be honest, I was pretty geared up to have a contrarian opinion until I looked at the standards but they're actually pretty clear, a 404 could be a proper response to unexpected query string; query string is as much part of the URL API as the path is and I think pretty much everyone can acknowledge that just tacking random stuff onto the path would be ill advised and undefined behavior.
[0]: https://url.spec.whatwg.org/#application/x-www-form-urlencod...
[1]: https://url.spec.whatwg.org/#url-class\n— jedimastert\n
Meta's embrace of A.I. is making its employees miserable
\n\n\n\n225 points | 206 comments
\n\n\n\nhttps://archive.is/JUPmz\n— joenot443\n\n
The hypocrisy of cyberlibertarianism
\n\n\n\n244 points | 193 comments
\n\n\n\nI was a great admirer (and later friend) of Barlow, and I'm still very deeply influenced by the Declaration and many adjacent phenomena. I agree with some fraction of this post in terms of seeing many people shelving these principles when it gets inconvenient for them.\nIn the past few months, I've been troubled by one specific part of the Declaration, in the final paragraph:
> We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before.
Specifically, I think the cyberspace civilization, to the extent that it exists, has been a failure lately on \"humane\" in the broad sense. The author of the linked post might say that this has to do with the need for moderation (indeed this is a big surprise from the 1996 point of view, as there were still unmoderated Usenet groups that people used regularly and enthusiastically, and spam was a recent invention).
I think there are lots of other things going on there over and above the moderation issue, but one is that the early Internet culture was very self-selected for people who thought that the ability to talk to people and the ability to access information were morally virtuous. I was going to say that it was self-selected for intellectualism but I know that early Internet participants were often not particularly scholarly or intellectually sophisticated (some of our critics like Langdon Winner, quoted here, or Phil Agre, were way ahead on that score).
So, I might say it was self-selected in terms of people who admired some forms of communicative institutions, maybe like people whose self-identity includes being proud of spending time in a library or a bookstore, or who join a debate club. (Both of those applied to me.) This is of course not quite the same thing as intellectual sophistication.
People were mean to each other on the early Internet, but ... some kind of \"but\" belongs here. Maybe \"but it was surprising, it wasn't what they expected\"? \"But it wasn't what they thought it was about\"?
Nowadays \"humane\" feels especially surprising as a description of an aspiration for online communications. It's kind of out the window and a lot of us find that our online interactions are much less humane that what we're used to offline. More demonization of outgroups, more fantasies of violence against them, more celebration of violence that actually occurs, more joy that one's opponents are suffering in some way. (I see this as almost fully general and not just a pathology of one community or ideology.)
I'm troubled by this both because it's unpleasant and even scary how non-humane a lot of Internet communities and conversation can be, and because it's jarring to see Barlow predict that specific thing and get it wrong that way. Many other things Barlow was optimistic about seem to me to have actually come to pass, although imperfectly or sometimes corruptly, but not this one.\n— schoen\n
Distributing Mac software is increasing my cortisol levels
\n\n\n\n263 points | 177 comments
\n\n\n\nAny user who does not like Gatekeeper can turn it off on their machine in ten seconds by running this in a Terminal:\n\nPeople will say, no, that’s too big a hammer, it’s not safe… but then, like, what do you actually want? Either you keep Gatekeeper because you like the friction it introduces, or you don’t like that friction and you should go turn it off. Pick one, you obviously can’t have both!sudo spctl —-master-disable\nOf course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it.
P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice.
P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them.
Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.\n— Wowfunhappy\n
GrapheneOS fixes Android VPN leak Google refused to patch
\n\n\n\n261 points | 88 comments
\n\n\n\n> Because system_server operates with elevated networking privileges and is exempt from VPN routing restrictions\nSo a VPN isn't a VPN on Android? Regardless of this bug. Do other locked down operating systems act the same?\n— nottorp\n
Show HN: Building a web server in assembly to give my life (a lack of) meaning
\nThis is ymawky, a static file web server for MacOS written entirely in ARM64 assembly. It supports GET, PUT, DELETE, HEAD, and OPTIONS requests, and supports Range: bytes=X-Y headers (which allows scrubbing for video streaming). It decodes percent-encoded URLs, strictly enforces docroot, serves custom error pages for any HTTP error response, supports directory listing, and has (some) mitigations against slowloris-like attacks.I’ve also written a more detailed writeup here: https://imtomt.github.io/ymawky/\n\n\n
283 points | 127 comments
\n\n\n\nIt's a beautiful project, well crafted. To reflect to the other comments, projects like this are more like a Minecraft map for me. There are giant and amazing maps, small survival maps, local hosted for my friends and myself, and commercial focused high scale servers. Building a house, or designing a new road in the server became extremely easy with AI, put the value created in the world depends on the original purpose of the server and whether creating more houses and roads actually makes sense.\nI think it's a super thing that commercial server can build out faster and be bigger with more houses and roads on it, but\nThe love an art project creates in the world is incomparable.\n— matteohorvath\n\n
221 points | 64 comments
\n\n\n\nI'm extremely glad to see something like this. I've tried to use Zed so many times, and this might sound neurotic -- but there are just so many little theming things that make a difference to me.\nFor example, https://imgur.com/a/ia2GCgg -- top is VSCode, bottom is Zed. Both using Svelte, and using a similar theme.
- Angle brackets are a different color
- Capitalized built-in components are a different color
- Boolean props are a different color
- Brackets are colored differently than text.
The inspector is a game changer, clicking into these specific things in the preview they provide is super helpful.\n— thecatapps\n
Google broke reCAPTCHA for de-googled Android users
\nRelated: Google Cloud fraud defense, the next evolution of reCAPTCHA - https://news.ycombinator.com/item?id=48039362also: Google Cloud Fraud Defence is just WEI repackaged - https://news.ycombinator.com/item?id=48063199\n\n\n
460 points | 154 comments
\n\n\n\nMy understanding is that this new reCAPTCHA is basically just remote attestation.\nRemote attestation doesn't use blind signatures (as that would be 'farmable') so tying the device to the 'attestee' is technically possible with collusion of Google servers: EK (static burned-in private key) -> AIK (ephemeral identity key in secure enclave signed by a Google server) -> attestation (signed by AIK). As you can see if the Google server logs EK -> AIK conversions an attestation can be trivially traced to your device's EK. This is also why we don't really see and probably never will see online services which offer fake remote attestations, as it will be pretty obvious that the next step of running such a service is getting Google as a customer and having all your devices blacklisted. Private farms probably won't last long either as I'm sure Google logs everything and will correlate.
Unless something special is done with this new reCAPTCHA not only are you locking internet services behind TPM chips but you are also surrendering anonymity to Google. Unless you acquire untraceable burners for every service, the new reCAPTCHA will be technically capable to tying all your accounts across all these services together. Much like age verification. It may appear that the service would need to cooperate to link the reCAPTCHA session to your registration but the registration time alone will likely be sufficient (the anonymity set will be all but destroyed).\n— coppsilgold\n
Poland is now among the 20 largest economies
\n\n\n\n616 points | 527 comments
\n\n\n\nThe story is longer: Poland was the first country to make a remarkable peaceful transition from a bankrupt, failed Soviet satellite state. The shock therapy, plus NATO and EU aspirations, paved the way.\nIt is a story of a country that made a lot of the right decisions along the way. Managed to keep consistent high growth, not a pony trick or boom/bust mode.
Poland should be a role model for many other countries.
Recommend a book: https://www.amazon.com/Europes-Growth-Champion-Insights-Econ...
And Noah's blog post:\nhttps://www.noahpinion.blog/p/the-polandmalaysia-model\n— jakozaur\n
Google Cloud Fraud Defence is just WEI repackaged
\n\n\n\n637 points | 321 comments
\n\n\n\nI saw this coming from miles away. Computers are better at solving CAPTCHAs than people are and people can be bribed or convinced to join botnets so IP whitelisting doesn't work either. Now we have tons of fingerprinting and behaviour analysis but governments are cracking down on that. Plus, YouTube had a massive ad fraud problem with ads being played back in the background in embedded videos, so their detection clearly wasn't good enough.\nThere aren't many good ways to prove you're not a bot and there are even fewer that don't involve things like ID verification.
Their opt-in approach helps shift the blame to individual web stores for a while, so who knows if this will take off. But either way, in the long term, the open, human internet is either going away or getting locked behind proofs of attestation like this.
Apple built remote attestation into Safari years ago together with Cloudflare and Google is now going one step further, as Apple's approach doesn't work well against bots that can drive browsers rather than scripted automation tools.
Luckily, their current approach can be worked around because it's only targeting things like stores now and you can buy things from other stores. Once stores find out that click farms have hundreds of phones just tapping at remotely served content, uptake will probably be limited.
It'll be a few years before this is everywhere, but unless AI suddenly isn't widely available anymore, it's going to be inevitable.\n— jeroenhd\n
David Attenborough's 100th Birthday
\n\n\n\n401 points | 80 comments
\n\n\n\nTop man, lives up on Richmond Hill and absolutely loves it - when asked about his travels and adventures and where he would choose to live, he replied, \"I already live there\"\nFairly well-known locally is that my favourite bookshop, The Open Book in Richmond, stocks signed copies of all his books. They used to be signed directly on the page, but since he got to the mid-to-late nineties in age, tons of hardbacks are too much, so Helena wanders up there to get a load of bookplates signed these days.
Apart from that, I order all my books from them when I'm in London and a subsequent chat with Madeleine usually lasts ten times as long as the book shopping.
Anyway, I digress, yes, Sir David, amazing body of works and the books are wonderful.\n— vr46\n
A web page that shows you everything the browser told it without asking
\n\n\n\n519 points | 262 comments
\n\n\n\n* I'm not in that city.\n* It's running a kind of Chrome on a kind of Linux, at a stretch.
* Nobody can infer when I work and when I sleep. That includes me.
* The recent, high-end display is the screen of a low-end tablet I bought in a supermarket five years ago.
* But yes, browser fingerprinting is annoying.
* Since you can detect light mode, would it kill you to honor it?\n— card_zero\n
362 points | 136 comments
\n\n\n\nI had never heard of this before, then last week I watched a video about it and was hooked. Now I'm seeing it everywhere!\nMeshtastic and Meshcore are both cool LoRa-based mesh text messaging that operate in an no-license-required band. While this limits your transmit power, it doesn't prohibit encryption - the inverse of most ham radio rules!
Some cities have thriving communities of Meshtastic and/or Meshcore. You can look at maps of coverage to get a very general idea - in my experience, most Meshtastic nodes are NOT listed, while a good number of Meshcore nodes are.
Meshtastic treats the mesh as dynamic - clients are assumed to always be moving, so transmissions flood between different nodes that are in eachother's reach.
Meshcore has a static layer - repeaters that are assumed to be in fixed positions - and a dynamic layer - companions that move. With fixed and hopefully reliable connections between repeaters, routing paths between two users can be 'cached', which avoid the bandwidth overhead of flood routing.
You can get started with a low cost ($30) transceiver board and an SMA antenna ($10) for the ISM band of your region. Stick it in a box an mount it somewhere high up, and see if you can pick up any other nodes!\n— Cyan488\n
261 points | 89 comments
\n\n\n\nDoh, I did some work on some CN games back in the day -- but don't see any of those here. Hopefully they keeping adding to it!\n— darkmarmot\n\n
AI is breaking two vulnerability cultures
\n\n\n\n310 points | 128 comments
\n\n\n\nThis has been a very long time coming and the crackup we're starting to see was predicted long before anyone knew what an LLM is.\nThe catalyst is the shift towards software transparency: both the radically increased adoption of open source and source-available software, and the radically improved capabilities of reversing and decompilation tools. It has been over a decade since any ordinary off-the-shelf closed-source software was meaningfully obscured from serious adversaries.
This has been playing out in slow motion ever since BinDiff: you can't patch software without disclosing vulnerabilities. We've been operating in a state of denial about this, because there was some domain expertise involved in becoming a practitioner for whom patches were transparently vulnerability disclosures. But AIs have vaporized the pretense.
It is now the case that any time something gets merged into mainline Linux, several different organizations are feeding the diffs through LLM prompts aggressively evaluating whether they fix a vulnerability and generating exploit guidance. That will be the case for most major open source projects (nginx, OpenSSL, Postgres, &c) sooner rather than later.
The norms of coordinated disclosure are not calibrated for this environment. They really haven't been for the last decade.
I'm weirdly comfortable with this, because I think coordinated disclosure norms have always been blinkered, based on the unquestioned premise that delaying disclosure for the operational convenience of system administrators is a good thing. There are reasons to question that premise! The delay also keeps information out of the hands of system operators who have options other than applying patches.\n— tptacek\n
A recent experience with ChatGPT 5.5 Pro
\nhttps://twitter.com/wtgowers/status/2052830948685676605https://xcancel.com/wtgowers/status/2052830948685676605\n\n\n
300 points | 153 comments
\n\n\n\nI am a physics professor and often use Gemini to check my papers. It is a formidable tool: it was able to find a clerical error (a missing imaginary unit in a complex mathematical expression) I was not able to find for days, and it often underlines connections between concepts and ideas that I overlooked.\nHowever, it often makes conceptual errors that I can spot only because I have good knowledge of the topic I am discussing. For instance, in 3D Clifford algebras it repeatedly confuses exponential of bivectors and of pseudoscalars.
Good to know that ChatGPT 5.5 Pro can produce a publishable paper, but from what I have seen so far with Gemini, it seems to me that it is better to consider LLMs as very efficient students who can read papers and books in no time but still need a lot of mentoring.\n— ziotom78\n
US Government releases first batch of UAP documents and videos
\nhttps://apnews.com/article/trump-ufos-uap-aliens-pentagon-re...https://www.war.gov/UFO/#release\n\n\n
273 points | 424 comments
\n\n\n\nSeveral of these look like balloons and birds.\nTwo of them have already leaked before. Both of those are missiles being viewed with an infrared camera. One of them shows a missile passing through the field of view rapidly with a motion blur streak behind it. The other shows a missile performing maneuvers and a camera artifact showing a star-like diffraction+aperture artifact around the bright IR light source.
None of these pieces of imagery look like something doing something particularly interesting. What happens is a military personnel records a video. They don't know what it is in the moment. It gets labeled \"unknown\" and put on a DoD file server, and then either they or someone else who stumbles across it clips out part of it and starts to spread rumors about this amazing video of a UAP they saw. There are people who work for the DoD who appear to spend a great deal of their free time scrolling around internal DoD file servers looking for anything they can portray as proof of aliens, and sometimes they leak their stories and even clips to public UFO influencers like Jeremy Corbell.\n— krferriter\n
Cloudflare to cut about 20% workforce
\nhttps://blog.cloudflare.com/building-for-the-future/\n\n\n580 points | 344 comments
\n\n\n\nThis is awkward.\nExhibit A - September 2025 - \"Help build the future\" - Cloudflare hires 1111 interns to \"help build the future\"\n[https://blog.cloudflare.com/cloudflare-1111-intern-program/]
Exhibit B - May 2026 - \"Building for the future\" - Cloudflare lays off 1100 people, about 20% of their workforce to \"continue building the future\"\n[https://blog.cloudflare.com/building-for-the-future/]
I'll finish on this quote: \"The future ain't what it used to be.\" — Yogi Berra\n— AloysB\n
AI slop is killing online communities
\n\n\n\n386 points | 376 comments
\n\n\n\nI have largely written Reddit off and no longer visit it \nafter an experiment I did where I had an agent karma farm for me and do some covert advertising. As I went through the posts it wrote I realized that as a reader I would have NO idea that these were just written by a computer. Many many people (or other bots) had full on conversations with it and it scared me a bit.\nI am not quite there with Hacker News but I do know for a fact that many \"users\" here are LLMs.
Online communities are definitely dying. I guess I hope that maybe IRL communities have a resurgence in this wake.\n— carlgreene\n
The map that keeps Burning Man honest
\n\n\n\n281 points | 101 comments
\n\n\n\nLast year was tough - it rained for hours 5 nights in a row and the first rain night was accompanied by 70 mile an hour winds that did a massive amount of damage to camp infrastructure throughout the city. The roads in half the city were ruined by emergency traffic that kept on running throughout the storms, and the result was a lumpy nightmare that shook things loose from cars and bikes at a much higher rate than most years. The mud absorbed and hid things and made cleanup a far more grueling process than it usually is. We endured and did our best to still find and remove everything - breaking up mud clumps and raking/sifting through the dirt at the end of the week to find all that embedded trash. There are no public trash cans, no event dumpsters, etc. I can say from having been there almost every year since 07 that this was by far the hardest year for \"mooping\" - the process of spotting and picking up any item that shouldn't be on the ground - but that the group mindset endured and we somehow still trended downward in terms of overall trash.\nI think the main difference between this and 2023 (the previous \"mud burn\") was that this time we had all the rain in the first half of the event, and then had relatively great weather for the second half. In 23, it closed out with the mud and people fleeing, leading to a spike.\n— ruleryak\n
Canvas is down as ShinyHunters threatens to leak schools’ data
\nhttps://thetech.com/2026/05/07/canvas-breach-26https://techcrunch.com/2026/05/07/hackers-deface-school-logi...\n\n\n
538 points | 337 comments
\n\n\n\nPerspective from the trenches: I teach at a university that uses Canvas. We are in our final exams period right now.\nWe got our first email (from Academic Affairs) notifying us that it was down at 5:17pm EDT this afternoon, with little info; followup emails were sent at 6:24 and 6:57 with more info, but mostly about how we would be compensating for it and not about what actually was going on (other than, \"nationwide shutdown\" and \"cybersecurity attacks\", no further detail). I don't get a sense that they know much more than that, not that I would expect them to.
A perhaps telling detail: they're instructing us to have students email us directly with any work that had been submitted via Canvas. That suggests that they have no particular confidence that it will come back up soon.
I personally am only slightly affected; as a CS professor a lot of my students' work is done on department machines, and submitted that way, and I do the actual exams on paper. More importantly, I've never liked or trusted Canvas's gradebook, and so although I do upload grades to Canvas so students can see them, my primary gradebook is always a spreadsheet I maintain locally.
But I have a lot of colleagues for whom this is catastrophic at a level of \"the whole building burnt down with all my exams and gradebooks in it\"---even many of those that teach 100% in person have shifted much or all of their assessment into Canvas (using the Canvas \"quiz\" feature for everything up to and including final exams), and use the Canvas gradebook as their source-of-truth record. We've been encouraged to do so by our administration (\"it makes submitting grades easier\"). For faculty in that situation, they have few or zero artifacts that the students have produced, the students themselves don't have the artifacts to resubmit via email because they were done in Canvas in the first place, and they have no record of student grades or even attendance (because they managed that all inside Canvas). I guess they have access to the advisory midterm grades from March, if they submitted them (most do, some don't), but that might be it.
My gut feeling on this is that this is either resolved in hours (they have airgapped backups and can be working as soon as they can spin up new servers), or weeks (they don't). Very little in-between. And if that's true and we wake up tomorrow with this unresolved, I really have no idea what a lot of professors at my university and across the country are going to do to submit grades that are fair and reasonable. In the extreme case, they may have to revert to something we did in the pandemic semester (and before that, at my school, in the semester that two major academic buildings actually did burn to the ground a week before finals): let classes that normally count for a grade just submit grades as pass-fail. Because what else can you do?
(Well, one thing you can do is not put your eggs all in one basket, and not trust \"the cloud\" quite so much, but that ship's already sailed. I do wonder if in the longer term, anybody learns any lessons from this....)
UPDATE: As of 11:45pm EDT, my university's canvas instance is up and running! Here's hoping it stays (but I'll be downloading some stuff just in case...)\n— blahedo\n
Dirtyfrag: Universal Linux LPE
\n\n\n\n344 points | 162 comments
\n\n\n\nThis is very similar in root cause and exploitation to Copy Fail.\nWhich illustrates pretty well something that's lost when relying heavily on LLMs to do work for you: exploration.
I find that doing vulnerability research using AI really hinders my creativity. When your workflow consists of asking questions and getting answers immediately, you don't get to see what's nearby. It's like a genie - you get exactly what you asked for and nothing more.
The researcher who discovered Copy Fail relied heavily on AI after noticing something fishy. If he had to manually wade through lots of code by himself, he would have many more chances to spot these twin bugs.
At the same time, I'm pretty sure that by using slightly less directed prompting, a frontier LLM would found these bugs for him too.
It's a very unusual case of negative synergy, where working together hurt performance.\n— firer\n
Chrome removes claim of On-device Al not sending data to Google Servers
\n\n\n\n427 points | 161 comments
\n\n\n\nIt seems to me that adding AI to desktop apps and sending the data back to the mothership for processing is an amazing way to collect data from people who, for the most part, would be completely unaware it's even happening.\nHeck, most of them think the Internet is Chrome.\n— CrzyLngPwd\n
Maybe you shouldn't install new software for a bit
\n\n\n\n400 points | 200 comments
\n\n\n\nThis was always a nightmare waiting to happen. The sheer mass of packages and the consequent vast attack surface for supply chain attacks was always a problem that was eventually going to blow up in everyone's face.\nBut it was too convenient. Anyone warning about it or trying to limit the damage was shouted down by people who had no experience of any other way of doing things. \"import antigravity\" is just too easy to do without.
Well, now we're reaching the \"find out\" part of the process I guess.\n— marcus_holmes\n
Grand Theft Oil Futures: Insider traders keep making a killing at our expense
\n\n\n\n404 points | 250 comments
\n\n\n\nThe worst part is the sharp changes in the price being traded aren't achieved by magic but rather with guns & actual human suffering\n— Havoc\n\n
Agents need control flow, not more prompts
\n\n\n\n289 points | 157 comments
\n\n\n\n1000% agree. I am increasingly hesitant to believe Anthropic's continual war drum of \"build for the capabilities of future models, they'll get better\".\nWe've got a QA agent that needs to run through, say, 200 markdown files of requirements in a browser session. Its a cool system that has really helped improve our team's efficiency. For the longest time we tried everything to get a prompt like the following working: \"Look in this directory at the requirements files. For each requirement file, create a todo list item to determine if the application meets the requirements outlined in that file\". In other words: Letting the model manage the high level control flow.
This started breaking down after ~30 files. Sometimes it would miss a file. Sometimes it would triple-test a bundle of files and take 10 minutes instead of 3. An error in one file would convince it it needs to re-test four previous files, for no reason. It was very frustrating. We quickly discovered during testing that there was no consistency to its (Opus 4.6 and GPT 5.4 IIRC) ability to actually orchestrate the workflow. Sometimes it would work, sometimes it wouldn't. I've also tested it once or twice against Opus 4.7 and GPT 5.5; not as extensively; but seems to have the same problems.
We ended up creating a super basic deterministic harness around the model. For each test case, trigger the model to test that test case, store results in an array, write results to file. This has made the system a billion times more reliable. But, its also made the agent impossible to run on any managed agent platform (Cursor Cloud Agents, Anthropic, etc) because they're all so gigapilled on \"the agent has to run everything\" that they can't see how valuable these systems can be if you just add a wee bit of determinism to them at the right place.\n— 827a\n
DeepSeek 4 Flash local inference engine for Metal
\n\n\n\n259 points | 82 comments
\n\n\n\nHeh, I made something very similar for the Qwen3 models a while back. It only runs Qwen3, supports only some quants, loads from GGUF, and has inference optimized by Claude (in a loop). The whole thing is compact (just a couple of files) and easy to reason about. I made it for my students so they could tinker with it and learn (add different decoding strategies, add abliteration, etc.). Popular frameworks are large, complex, and harder to hack on, while educational projects usually focus on something outdated like GPT-2.\nEven though the project was meant to be educational, it gave me an idea I can't get out of my head: what if we started building ultra-optimized inference engines tailored to an exact GPU+model combination? GPUs are expensive and harder to get with each day. If you remove enough abstractions and code directly to the exact hardware/model, you can probably optimize things quite a lot (I hope). Maybe run an agent which tries to optimize inference in a loop (like autoresearch), empirically testing speed/quality.
The only problem with this is that once a model becomes outdated, you have to do it all again from scratch.\n— kgeist\n
Valve releases Steam Controller CAD files under Creative Commons license
\n\n\n\n963 points | 325 comments
\n\n\n\nI love the readme on the gitlab page [1]. It feels so.. friendly :)\n> This repository contains CAD files for the external shell (surface topology) of Steam Controller and the Steam Controller Puck, under a Creative Commons license. This includes an STP model of each, an STL model of each, and an engineering drawing with critical features/keep outs for each.
Feel free to use these to make your own Puck holders, Controller sweaters, or whatever else you want to create!
Your Steam Controller is yours, and you have the right to do with it what you want. That said, we highly recommend you leave it to professionals. Any damage you do will not be covered by your warranty – but more importantly, you might break your Steam Controller, or even get hurt! Be careful, and have fun.
[1] https://gitlab.steamos.cloud/SteamHardware/SteamController\n— roer\n
Appearing productive in the workplace
\n\n\n\n620 points | 246 comments
\n\n\n\n> \"Requirements documents that were once a page are now twelve. Status updates that were once three sentences are now bulleted summaries of bulleted summaries. Retrospective notes, post-incident reports, design memos, kickoff decks: every artifact that can be elongated is, by people who do not read what they produce, for readers who do not read what they receive.\"\nGreat article. The \"elongation\" of workplace artifacts resonated with me on such deep level. Reminded me of when I had to be extra wordy to meet the 1000 minimum word limit for my high school essays. Professional formatting, length, and clear prose are no longer indicators of care and work quality (they never were, but in the past, if someone drafts up a twelve page spec, at least you know they care enough to spend a lot of time on it).
So now the \"productivity-gain bottleneck\" is people who still care enough to review manually.\n— wcfrobert\n
Red Squares – GitHub outages as contributions
\n\n\n\n707 points | 158 comments
\n\n\n\nEvery time one of these vibe coded meme sites gets posted there’re endless comments about how it’s not actually because of load, the GitHub team is shit, their tech stack is shit, Microsoft is shit, Azure is shit, etc.\nJust compare the GitHub status page for public GitHub vs the enterprise cloud pages.
Enterprise has much better numbers and I’ve personally can’t remember the last time there was an outage that prevented me from doing work.
If the problems didn’t revolve around load, I’d expect to see the same uptime problems reflected on the enterprise offering.\n— u_fucking_dork\n
Vibe coding and agentic engineering are getting closer than I'd like
\n\n\n\n341 points | 366 comments
\n\n\n\n> I know full well that if you ask Claude Code to build a JSON API endpoint that runs a SQL query and outputs the results as JSON, it’s just going to do it right. It’s not going to mess that up. You have it add automated tests, you have it add documentation, you know it’s going to be good.\nI feel like this is just not true. An JSON API endpoint also needs several decisions made.
- How should the endpoint be named
- What options do I offer
- How are the properties named
- How do I verify the response
- How do I handle errors
- What parts are common in the codebase and should be re-used.
- How will it potentially be changed in the future.
- How is the query running, is the query optimized.
…
If I know the answer to all these questions, wiring it together takes me LESS time than passing it to Claude Code.
If I don’t know the answer the fastest way to find the answer is to start writing the code.
Additionally, whilst writing it I usually realize additional edge cases, optimizations, better logging, observability and what else.
The author clearly stated the context for this quote is production code.
I don’t see any benefits in passing it to Claude Code. It’s not that I need 1000s of JSON API endpoints.\n— jwpapi\n
Higher usage limits for Claude and a compute deal with SpaceX
\n\n\n\n350 points | 285 comments
\n\n\n\nAnthropic renting out the data center Elon built for Grok is the kind of plot twist you can't make up.\n— arian_\n\n
290 points | 118 comments
\n\n\n\n> AI didn't take our jobs. Greed did. Same greed that moved factories to Bangladesh and keeps slaves in cobalt mines in the Congo, wearing a new mask. Tell the nephew to do something else. Anything. It won't save him either, but at least he won't have to pretend the thing destroying his life is a robot.\nThis hit me hard. This article is art. I think I need to sleep on this and read it again in the morning.\n— fooqux\n
279 points | 84 comments
\n\n\n\nI have my first contribution to Inkscape in this release I think. It's quite a minor feature though, so I don't see it in the changelog. It allows the user to set their default saved file name. I was tired of drawing.svg :)\n— darknavi\n\n
Google Cloud fraud defense, the next evolution of reCAPTCHA
\n\n\n\n277 points | 262 comments
\n\n\n\nThe requirements for the mobile devices are listed here: https://support.google.com/recaptcha/answer/16609652\nSo it seems that you will need a modern Android device with Google Play Services installed or a modern iPhone/iPad to be allowed to browse the web in the future.
No mention of device integrity verification yet, but the writing is on the wall.\n— bramhaag\n
275 points | 218 comments
\n\n\n\nI remember around 2000 I read about how Ted Turner started his empire: he bought podunk local TV stations that had loose contracts with media owners that allowed them to broadcast shows as often as they wanted, with no restrictions. In the those days, local TV stations were broadcast just like radio and so the assumption was the contract only concerned the audience the TV station's antenna could reach. But the contract didn't specify this. Recognizing the loophole, he bought multiple stations and combined that content into its own cable channel(s) that played old movies and TV shows: https://en.wikipedia.org/wiki/Ted_Turner This was the basis that allowed him to branch into CNN and more.\nWhen I learned about this, the story was very applicable to me at the time, as my startup had acquired licenses for content that was historically sold directly to libraries by a salesman who would negotiate with each library individually. He used a standard contract. When we contacted the company to license content for display on the internet, they gave us a ridiculous contract with a small one time fee and access to display the content forever. Only after reasoning through their business model and history did we understand how this occurred, which was exactly the same type of gap that Ted Turner had exploited.\n— lubujackson\n
.de TLD offline due to DNSSEC?
\n\n\n\n487 points | 213 comments
\n\n\n\nhttps://ianix.com/pub/dnssec-outages.html\n— aboardRat4\n\n
Accelerating Gemma 4: faster inference with multi-token prediction drafters
\n\n\n\n413 points | 189 comments
\n\n\n\nI don't see it talked about much, but Gemma (and gemini) use enormously less tokens per output than other models, while still staying within arms reach of top benchmark performance.\nIt's not uncommon to see a gemma vs qwen comparison, where qwen does a bit better, but spent 22 minutes on the task, while gemma aligned the buttons wrong, but only spent 4 minutes on the same prompt. So taken at face value, gemma is now under performing leading open models by 5-10%, but doing it in 1/10th the time.\n— WarmWash\n
AI didn't delete your database, you did
\n\n\n\n330 points | 170 comments
\n\n\n\nI think the perspective here is completely wrong. The problem is that people are now building our world around tooling that eschews accountability.\nOver a decade ago now, I had a conversation with Gerald Sussman which had enormous influence on me: https://dustycloud.org/blog/sussman-on-ai/
> At some point Sussman expressed how he thought AI was on the wrong track. He explained that he thought most AI directions were not interesting to him, because they were about building up a solid AI foundation, then the AI system runs as a sort of black box. \"I'm not interested in that. I want software that's accountable.\" Accountable? \"Yes, I want something that can express its symbolic reasoning. I want to it to tell me why it did the thing it did, what it thought was going to happen, and then what happened instead.\" He then said something that took me a long time to process, and at first I mistook for being very science-fiction'y, along the lines of, \"If an AI driven car drives off the side of the road, I want to know why it did that. I could take the software developer to court, but I would much rather take the AI to court.\"
Years later, I found out that Sussman's student Leilani Gilpin wrote a dissertation which explored exactly this topic. Her dissertation, \"Anomaly Detection Through Explanations\", explores a neural network talking to a propagator model to build a system that explains behavior. https://people.ucsc.edu/~lgilpin/publication/dissertation/
There has been followup work in this direction, but more important than the particular direction of computation to me in this comment is that we recognize that it is perfectly reasonable to hold AI corporations to account. After all, they are making many assertions about systems that otherwise cannot be held accountable, so the best thing we can do in their stead is hold them accountable.
But a much better path would be to not use systems which fail to have these properties, and expand work on systems which do.\n— paroneayea\n
335 points | 239 comments
\n\n\n\nI strongly disagree with this framing. It's patently insane to demand that humans alter their behavior to accommodate the foibles of mere machines, and it simply won't work in the majority of cases. Humans WILL anthropomorphize the AI, humans WILL blindly trust their outputs, and humans WILL defer responsibility to them.\nAsimov's laws of robotics are flawed too, of course. There is no finite set of rules that can constrain AI systems to make them \"safe\". I don't have a proof, but I believe that \"AI safety\" is inherently impossible, a contradiction of terms. Nothing that can be described as \"intelligent\" can be made to be safe.\n— miyoji\n
iOS 27 is adding a 'Create a Pass' button to Apple Wallet
\n\n\n\n371 points | 282 comments
\n\n\n\nThe wallet app UI is the peak of Apple's 'single 20y/o in sf' design.\nAnyone that has multiple card from the same bank (because, say, you have a personal account and a shared account with your partner) has to do the \"pick between the two identical looking top 20px of cards\" dance every time they use Wallet to pay for something. It is mind-boggling that the current UI persists.\n— kilian\n
Computer Use is 45x more expensive than structured APIs
\n\n\n\n379 points | 215 comments
\n\n\n\nGreat guidance hidden in here for making it expensive for agents to navigate your website. Move elements on screen as the mouse moves, force natural mouse movement to make the UI work, change the button labels in the JS to be randomly named every visit, force scrolling to the bottom of the screen to check for hidden extra tasks...\nHang on, that sounds like common corporate SaaS apps.\n— angry_octet\n
Zuckerberg 'Personally Authorized and Encouraged' Meta's Copyright Infringement
\nhttps://apnews.com/article/meta-mark-zuckerberg-ai-publisher...\n\n\n365 points | 325 comments
\n\n\n\nAll those lawsuits against students who downloaded but didn't even redistribute mp3s. Less than a fair use transformation. Just the file download itself. ... Lesson learned: those students should have stolen millions instead!\n— glaslong\n\n
Today I've made the difficult decision to reduce the size of Coinbase by ~14%
\n\n\n\n340 points | 517 comments
\n\n\n\n> Leaders will own much more, with as many as 15+ direct reports. [...] Every leader at Coinbase must also be a strong and active individual contributor. Managers should be like player-coaches, getting their hands dirty alongside their teams.\nOof. So not only are they giving their remaining managers more reports, but those managers will be expected to do lots of other, non-management work.
Sure, nothing can go wrong there... Even if they didn't have non-managerial work to do, 15+ direct reports is just too many. They're not going to get to spend enough time meeting each report's needs, not a chance.
I think as layoffs emails go, it's a pretty good one (as the current top comment points out[0]), but boy, I would not want to be working at a company like what Coinbase is turning into. Non-technical teams shipping code to prod? No thanks. \"AI-native pods\"? No thanks. I do like the idea of one-person teams; I was at my most productive when I was in that kind of role (though I'm not sure my experience generalizes). I get that companies are still struggling to figure out how to adapt to LLMs, but... damn.
Pretty solid severance package for the folks being laid off, though.
[0] https://news.ycombinator.com/item?id=48021843\n— kelnos\n
IBM didn't want Microsoft to use the Tab key to move between dialog fields
\n\n\n\n329 points | 194 comments
\n\n\n\nIBM was legendarily over-managed. This is second-hand but a guy I used to work with told a story of when he interned for a summer at IBM in London during the mid-90s doing what would now be called a QA engineering. At that time everyone wore suits to work but the culture was changing so the interns put in a request to be allowed casual Fridays. Bear in mind that they were locked in a back room somewhere without any customer interaction so they didn't think it was a big deal.\nMonths later, just before the end of the internship, they received a reply. Their manager had forwarded their request up the chain of command and the email had the full quoted history. Their request had been bumped up 4 successive layers in the London office, then across to the US headquarters where it continued its upwards trajectory, finally alighting on the desk of a VP who, after thanking them for bring the issue to his attention, rendered an carefully considered opinion.
The whole process had taken weeks, presumably as each person in the hierarchy debated whether they had the authority to tackle such a weighty issue.
The email had then been inexplicably bounced back DOWN the chain one link at a time, back across the Atlantic Ocean, and through the local office, down to the suit-bound interns, again weeks later, who by this stage only had days left at the internship.
The answer was no.\n— AndrewStephens\n
California farmers to destroy 420k peach trees following Del Monte bankruptcy
\n\n\n\n318 points | 372 comments
\n\n\n\nPeople underestimate how difficult it is to seek buyers for the amount of produce we are talking about here.\nFarmers are specialists at growing things, not at moving them across great distances, marketing them to dozens small buyers and or starting up packing plants from scratch. They don't have enough trucks, people or packaging machines to move them around.
Maybe, they can take some portion for local use. But the rest will spoil, and rest of the land will be effectively unused, and a burden. The best option is to cut that as much as possible, and plant something else that actually sells.
Of course, people who never approached agriculture will be appalled at this, and call it great injustice.\n— clarionbell\n
Talking to 35 Strangers at the Gym
\n\n\n\n620 points | 315 comments
\n\n\n\nOne of the things I like about this is that OP is giving people genuine compliments without any particular agenda.\nIt reminds me of one of my favorite parts of How to Win Friends and Influence People by Dale Carnegie, where he tells a story about complimenting someone, and a student asks what he was hoping to gain from offering the compliment. Carnegie is incensed:
> I was waiting in line to register a letter in the Post Office at Thirty-Third Street and Eighth Avenue in New York. I noticed that the registry clerk was bored with his job[...] So while he was weighing my envelope, I remarked with enthusiasm: “I certainly wish I had your head of hair.”
> He looked up, half-startled, his face beaming with smiles. “Well, it isn’t as good as it used to be,” he said modestly. I assured him that although it might have lost some of its pristine glory, nevertheless it was still magnificent. He was immensely pleased. We carried on a pleasant little conversation, and the last thing he said to me was: “Many people have admired my hair.”
> I told this story once in public; and a man asked me afterwards: “What did you want to get out of him?”
> What was I trying to get out of him!!! What was I trying to get out of him!!!
> If we are so contemptibly selfish that we can’t radiate a little happiness and pass on a bit of honest appreciation without trying to screw something out of the other person in return—if our souls are no bigger than sour crab apples, we shall meet with the failure we so richly deserve.
> Oh yes, I did want something out of that chap. I wanted something priceless. And I got it. I got the feeling that I had done something for him without his being able to do anything whatever in return for me. That is a feeling that glows and sings in your memory long after the incident is passed.\n— mtlynch\n
Removable batteries in smartphones will be mandatory in the EU starting in 2027
\n\n\n\n278 points | 279 comments
\n\n\n\nIn principle, this is the kind of right sentiment but for the wrong things.\nI can't remember a phone that died because of the battery since the era of Ni-Cd cells in early cell phones. I don't think I've never discarded a phone with a li-ion battery because of the battery. It's always physical breakage or getting too slow to be usable, because of age.
Sure, I don't spend a cycle per day. Not even every other day. That's probably rare, I get that. But much rather than because of dying batteries I'd like EU to mandate
- the phone should come with full keys so that I can own the machine if I want to\n- or at the very least the hardware must become unlockable once the support period ends\n- individual components should be made available for independent repairs\n- repairs must not need software pairing of hardware components on unlocked devices
because of right to own and right to repair which shouldn't be \"rights\" but nonnegotiable traits of physical properties like they used to be.\n— yason\n
Microsoft Edge stores all passwords in memory in clear text, even when unused
\n\n\n\n362 points | 139 comments
\n\n\n\nThis feels like a case of \"It rather involved being on the other side of this airtight hatchway\"[1]. If you can read arbitrary process memory, you're probably also in a position to just dump out the passwords by pretending to be the user in question.\n> If an attacker gains administrative access on a terminal server, they can access the memory of all logged‑on user processes.
If an attacker has administrative access, they can also attach a debugger to every chrome process and force it to decrypt all the passwords. The only difference this really makes is in coldboot attacks, but even then it's still not clear whether it makes the attacker's job slightly easier, or allows an attack that's otherwise not possible.
[1] https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...\n— gruez\n
Bun is being ported from Zig to Rust
\n\n\n\n409 points | 271 comments
\n\n\n\nInteresting to see this when the current top post on HN is someone worrying about Bun as it was acquired by Anthropic. The top comment there describes “Anthropic does experiments on their own codebase, the Bun team is not gonna do the same vibe coding experiments”.\nYet here we are, what looks like a massive undertaking for vibe coding.
Time will tell how this will turn out. Would be nice if the Bun maintainers could give some clarification about what they’re doing here, and why they’re doing this.\n— stingraycharles\n
372 points | 251 comments
\n\n\n\nI disagree with the overall premise: Before the acquisition, Bun had to figure out how to monetize at some point.\nNow, even though their parent company does some shitty practices with their other software (claude code), it's a stretch to assume this will also translate into making Bun worse: Being worried makes sense but I remain optimistic about Bun.
Especially given the context of both of these different context: Claude Code is a gem of Anthropic, experiencing extreme growth and where any of its change can result in billing issues.
Bun is a JS runtime, and regardless of its growth, can focus on being the best runtime possible: It doesn't impact billing nor the bottom line of Anthropic, so they don't have to rush out patches due to abuse unlike CC.
It's unclear how it will pan out over the next years, still very early on the acquisition to see if anything will change, but I'm not concerned just yet.\n— AntonyGarand\n
US healthcare marketplaces shared citizenship and race data with ad tech giants
\n\n\n\n392 points | 134 comments
\n\n\n\nI used a state (Colorado) healthcare marketplace website when I was going to take a break between jobs for a couple of months, and I feel very violated by the whole process. I entered a bunch of information to the website, knowing that the data could be expected to be shared for quotes, but I got no quote. The information didn't just flow between systems, it was just sent directly to a bunch of individuals. Instead of getting anything useful from the website, I just got told that agents would contact me, and then literally hundreds of agents were calling and texting me at all hours of the day and night for weeks. I asked one of them how to get it to stop and they said it was impossible during the government shutdown.\n— TallGuyShort\n\n
Incident with Issues and Webhooks – Resolved
\n\n\n\n418 points | 252 comments
\n\n\n\nGithub has published some incredible usage rate increase numbers, which they ascribe to the rise of agentic coding. At some point, they are going to have to change rate limits, cut free-tier usage, or find some other path to reducing load. It's clear that their infrastructure can't keep up with this significant increase, and it's unlikely that they're going to just absorb the increased costs themselves.\nVery curious to see what the future holds for Github.\n— AlexB138\n
How OpenAI delivers low-latency voice AI at scale
\n\n\n\n216 points | 86 comments
\n\n\n\nVery grateful that OpenAI published the article/publicized their usage of Pion[0] a library I work on. If you aren't familiar with WebRTC it's a super fun space. I work on a book WebRTC for the Curious [1] that details how it works.\n[0] https://github.com/pion/webrtc
[1] https://webrtcforthecurious.com\n— Sean-Der\n
348 points | 147 comments
\n\n\n\nI recently moved all my projects to a self-hosted forgejo instance and have found it quite satisfactory so far. And it's fast! If you're in the market for a github alternative, take a look - there are options.\n— dpe82\n\n
Y Combinator's Stake in OpenAI (0.6%?)
\n\n\n\n274 points | 37 comments
\n\n\n\n\"well-known AI expert Gary Marcus\"\n— FergusArgyll\n\n
Mercedes-Benz commits to bringing back physical buttons
\n\n\n\n244 points | 134 comments
\n\n\n\n'He also explained that \"I'm a big believer in screens, because I really believe if you want to connect, you have to make the magic work behind the screen.\" '\nI am a big believer in keeping \"product people\" away from UI design for dangerous machinery.
The eyes and the attention of the driver should be on the road. All the audio visual noise from the car is just plain dangerous. I don't want my car to draw my attention to itself for anything less than a critical engine/tyre pressure failures. I do not want beeps on anything else distracting me while I am driving.
My Volvo will, for instance, flash the same type of visual alert when fuel level is low (permanent \"do you want to navigate to a fuel station\" modal window obscuring navigation, speedometer and so on) -- as when it encounters a serious engine malfunction. It will steal a bit of my attention when it pops up. One of those days, someone will have an accident because of this moronic design, its statistically certain.
Same with wipers fluid level low. I need to click on the button to hide the message.
It will on occasion beep very loud when it thinks I am not braking hard enough. The map in the google android car navi rotates when i am just trying to pan. When I want to select an alternative route I need to very precisely touch a very small area on the screen, and more often than not instead of selecting the alternative route it will actually rotate the map.
It is clear to me that either the people designing car UIs are staying away from those cars, or are just incompetent. (Or, I guess, both).\n— aenis\n
DeepClaude – Claude Code agent loop with DeepSeek V4 Pro
\n\n\n\n372 points | 139 comments
\n\n\n\n\n\n— aftbit\n#!/bin/sh\n export ANTHROPIC_BASE_URL=https://api.deepseek.com/anthropic\n export ANTHROPIC_AUTH_TOKEN=sk-secret\n export ANTHROPIC_MODEL=deepseek-v4-flash\n export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1\n exec claude $@
New statue in London, attributed to Banksy, of a suited man, blinded by a flag
\n\n\n\n237 points | 237 comments
\n\n\n\nThe point is not just that he's blinded by the flag: He's boldly marching into the void, confident. \"wrapped in the flag\" is a great saying.\n— ggm\n\n
BYOMesh – New LoRa mesh radio offers 100x the bandwidth
\n\n\n\n221 points | 74 comments
\n\n\n\nThe \"100x bandwidth\" claim needs to be substantiated.\nThere are some significant regulatory issues with the current popular mesh network protocols in the USA, namely that neither MeshCore or Meshtastic are compliant with the actual FCC regulations. 100x bandwidth because you're breaking the rules isn't the same as 100x bandwidth legally.
Here is the issue discussing this in the MeshCore repository: https://github.com/meshcore-dev/MeshCore/issues/945\n— AlphaWeaver\n
325 points | 232 comments
\n\n\n\nInterestingly I’ve learned more about languages and systems and tools I use in the last few years working with agentic coding than I did in 35 years of artisanal programming. I am still vastly superior at making decisions about systems and techniques and approaches than the agentic tools, but they are like a really really well read intern who knows a great deal of detail about errata but have very little experience. They enthusiastically make mistakes but take feedback - at least up front - even if they often forget because they don’t totally understand and haven’t internalized it.\nThe claim you should know everything about everything you work on is an intensely naive one. If you’ve worked on a team of more than one there’s a lot of stuff you don’t totally grok. If you work in an old code base there’s almost every bit of it that’s unfamiliar. If you work in a massive monorepo built over decades, you’re lucky if you even understand the parts everyone considers you an expert in it.
I often get the impression folks making these claims are either very junior themselves or work basically alone or on some project for 20 years. No one who works in a team or larger org can claim they know everything in their code base. No one doing agentic programming can either. But I can at least ask the agent a question and it will be able to answer it. And after reading other people’s code for most of my adult life, I absolutely can read the LLMs. The fact a machine wrote crappy code vs a human bothers me not in the least, and at least the machine will take my feedback and act on it.\n— fnordpiglet\n
213 points | 80 comments
\n\n\n\nThis is really exciting.\nSome of the folks who make things will go on to make things that suit not just their preferences but also those of a small audience.
Some of those audiences will go on to grow and grow and disrupt the big players.
The capital intensive part of software construction is melting away and being converted to opex (payg token costs and your time) and that will blast open the possibility space and lead to a massive new commons.
If the thing was so cheap to create why not open source it!
And if you like someone else’s open source thing but don’t want to take it wholesale why not give it to your agent and say “put the ideas from this onto my thing”!
It’s a new way of thinking about code too.\n— cadamsdotcom\n
239 points | 259 comments
\n\n\n\nI think part of it is also that we're able to still LARP as full developers of complex systems while vibe coding by seeing an interface that makes us look like l33t h4xx0rs even though we're just pressing continue 15 times\n— schmorptron\n\n
302 points | 284 comments
\n\n\n\nFundamental problem: Flights don't make money. Airlines actually make all of their money through loyalty programs and credit card payments. They basically should have turned into regulated utilities long ago, but loyalty program revenue saved them.\nUnless this initiative will turn into a credit card company (which nobody likes or wants to do) it won't go anywhere
Private equity will likely sell the company for parts. There is no operational improvements for cash flow that they can do.
Useful watch (skip to 2:20): https://youtu.be/ggUduBmvQ_4?si=cyysP7aH_CIEDZRq\n— rapatel0\n
Metal Gear Solid 2's source code has been leaked on 4chan
\n\n\n\n215 points | 86 comments
\n\n\n\nMaybe with the source code, I'd be able to figure out what the hell happened in the last ~2 hours of the game.\n— tombert\n\n
228 points | 71 comments
\n\n\n\nI adore behind-the-scenes tours. I get there's a lot of work that goes into making it happen, but when you drop into a place where people work, you'll learn so much about real life problems that never make it to the Internet.\nThe greatest tour I ever had was at the Smokejumper base in remote WA. At any time when they're open, you're allowed to drop in for a tour and whoever is there that day is obliged to give you one. Even in the height of fire season.
We got to see them pack parachutes, repair gear, coordinate parcel drops - everything. Our guide was a 3 year jumper veteran on summer break from his masters degree in linguistics. It was incredible.
Any org that's proud of what they do should aspire to have public tours.\n— legitster\n
VS Code inserting 'Co-Authored-by Copilot' into commits regardless of usage
\n\n\n\n575 points | 249 comments
\n\n\n\nOne fascinating thing about the whole AI phenomenon is how incredibly hostile it is to _standards_. Whether something works properly, or is ethical, or is true, no longer matters at all; all that matters is \"pls use our AI\".\nMicrosoft spent literal decades rehabilitating their reputation. And then set fire to the whole thing in an offering to their robot gods.
And it's not just them. There was a time that Google cared deeply about UX. Now, on macOS Google remaps CMD-G in Google Docs to launch some LLM bullshit (EDIT: huh, they may have fixed this; it was definitely doing it a couple of weeks ago), because, after all, it has only had a standard universal meaning on macOS for about three decades, no big deal.\n— rsynnott\n
300 points | 99 comments
\n\n\n\nProject description:\n\nIf you're out of the loop like me:dav2d is the fastest AV2 decoder on all platforms :)\n Targeted to be small, portable and very fast.\n\n- from https://av2.aomedia.org/\n— jzebedee\nAV2 is the next-generation video coding specification from the Alliance for Open Media (AOMedia). Building on the foundation of AV1, AV2 is engineered to provide superior compression efficiency, enabling high-quality video delivery at significantly lower bitrates. It is optimized for the evolving demands of streaming, broadcasting, and real-time video conferencing. \n
347 points | 101 comments
\n\n\n\nLast time I played, after many close calls, I finally got my hands on the amulet. Knowing that the journey back to daylight was likely to be at least as dangerous as the way I had come, I took a breath, saved, and set the game aside.\nThat was about seventeen years ago. I still have the save file. Today's announcement got me excited about the prospect of finally finishing my game, until I saw this:
> Existing saved games and bones files will not work with NetHack 5.0.0.
Drat.
Thankfully, NetHack is not one of those modern, commercial, online-only games that make it difficult to run old versions.
** SPOILER BELOW ** (in someone's reply to me)\n— foresto\n
This Month in Ladybird - April 2026
\n\n\n\n258 points | 45 comments
\n\n\n\nIf you want to use no-Javascript browser as well, this browser prototype [0] is getting pretty good too. It's developed by Dioxus, a GUI framework in Rust, as part of its native renderer which seeks to create their own alternative to Skia, similar to Flutter, but it'll work on the web as well with HTML and CSS standards unlike Flutter web which is just a canvas.\nIt's also a from scratch implementation, sort of, using existing Rust crates like stylo (which servo also uses) and taffy, but it doesn't rely on any code from existing browsers such as Chromium, Gecko or WebKit.
[0] https://github.com/DioxusLabs/blitz (in /apps/browser)\n— satvikpendem\n
269 points | 92 comments
\n\n\n\nIt's interesting that we're so used to be tracked at this point that no one balks at being opted-in by default. A flag called DO_NOT_TRACK sounds like a good idea, but also suggests the default is CONSENT_TO_TRACK=1, and I find that creepy.\n— charles_f\n\n
LLMs consistently pick resumes they generate over ones by humans or other models
\n\n\n\n203 points | 87 comments
\n\n\n\nAnecdata, sample size of one:\nWhen I was looking for my next role after being laid off, I didn’t get much of a response with my human handmade resume despite my experience
Just for kicks, I asked ChatGPT to “Analyze my resume and give it a score for what percentage it was in” then I asked it to revise it to make it score as high as possible
I still tweaked and fact checked it but after I started sending that out, I got a much higher hit rate than before
But who knows, maybe the market changed, was a better time of year, etc
I still had to pass interviews and prove my worth. But it probably helped me get my foot in the door\n— charliebwrites\n
California to begin ticketing driverless cars that violate traffic laws
\n\n\n\n219 points | 236 comments
\n\n\n\nI am, in general, hoping AV will reduce road deaths in the future.\nThe last hurdle is regulatory. We can’t let AV manufacturers use “there’s no driver” as a way to escape responsibility, externalizing the harms AC cause onto society.
The question is how to achieve fairness. If a human driver commits vehicular manslaughter, they get the book. What about AV? $10 million? Executives go to jail? What if $10 million fine per X AV miles driven is an OK cost of doing business?\n— callc\n
Six Years Perfecting Maps on WatchOS
\n\n\n\n255 points | 58 comments
\n\n\n\nI don't know if anybody else is so petty like me regarding installing new apps but while I can't say anything about the app itself, I just wanted to know how much it would cost, if it is an subscription and so on.\nBut it was not possible from the app store page itself. Have a look, how confusing it is:
https://mastodon.gamedev.place/@ndr/116483475865871622
It shows a lot of price points from 1€ all up to 45€ with saying if its a subscription or a one-time payment.
Maybe the author should include the pricing clearly somewhere else on the app store page as apple is not apple to do so.\n— ndr42\n
Kimi K2.6 just beat Claude, GPT-5.5, and Gemini in a coding challenge
\n\n\n\n279 points | 138 comments
\n\n\n\nThese posts are going to be a constant for the next year, because there's no objective way to compare models (past low-level numbers like token generation speed, average reasoning token amount, # of parameters, active experts, etc). They're all quite different in a lot of ways, they're used for many different things by different people, and they're not deterministic. So you're constantly gonna see benchmarks and tests and proclamations of \"THIS model beat THAT model!\", with people racing around trying to find the best one.\nBut there is no best one. There's just the best one for you, based on whatever your criteria is. It's likely we'll end up in a \"Windows vs MacOS vs Linux\" style world, where people stick to their camps that do a particular thing a particular way.\n— 0xbadcafebee\n
242 points | 185 comments
\n\n\n\nI think the article tried to refer to this link https://arxiv.org/abs/2504.10663\nAs I understand from scanning the paper, the authors attempt to determine differences between the Russian wikipedia articles and the articles on the Russian fork. They show that articles on the fork that were that differ from RU wikipedia have a significantly higher number of edits on RU wikipedia. The authors suggest that these may be signs of manipulations, however, it may not have affected the quality negatively (as stated in the discussion).\nI do not find state sponsored activity on Wikipedia unlikely, but I am not convinced there is clear evidence that Russia poisoned wikipedia succesfully.\n— pet_the_bird\n
415 points | 162 comments
\n\n\n\nThese prompts chain several known LM exploits together. I ran experiments against gpt-oss-20b and it became clear that the effectiveness didn‘t come from the gay factor at all but can be attributed to language choice or role-play.\nTechnical report: https://arxiv.org/abs/2510.01259\n— ndr_\n
343 points | 318 comments
\n\n\n\nMy TI-85 story. While I was in prison, around 1996 or 1997, I found out a friend had a TI-85 calculator. I realized it was programmable, so I borrowed it over the weekend and wrote a program to track his stock portfolio. It was the first time I had programmed anything in 2 or 3 years.\nThen I learned that the US Bureau of Prisons had a rule against any calculator (or device) that was \"programmable\". So I programmed the TI-85 so its startup screen read, \"TI-85 NON-PROGRAMMABLE CALCULATOR\". Problem solved.\n— clamprecht\n
City Learns Flock Accessed Cameras in Children's Gymnastics Room as a Sales Demo
\n\n\n\n333 points | 94 comments
\n\n\n\n>“The city of Dunwoody is one city in our demo partner program,” a Flock spokesperson told 404 Media. “The cities involved in this program have authorized select Flock employees to demonstrate new products and features as we develop them in partnership with the city.\nthe two things i still dont understand are:
1) why is there not a dedicated demo environment for demos, like practically every other software? i cant think of any reason why they need live data for a demonstration. (this might be addressed in the article, but the paragraph where it looks like it might be mentioned is also where the article is cut off)
2) is the Marcus Jewish Community Center of Atlanta (MCJCCA) city-owned? if not, the city should not be able to give permission to use the cameras. if so, was the MJCCA notified that the cameras would be used for demo purposes? were the parents notified?\n— john_strinlai\n
Uber torches 2026 AI budget on Claude Code in four months
\n\n\n\n347 points | 383 comments
\n\n\n\nI take a peak every month or so at spend for my company and notice more and more are consumed $1k in tokens a month and it is bewildering to me how. I use llms daily, and see anywhere from $200-$400 tops. This is using the most expensive models, in deep thinking mode. So I'm not a Luddite against the usage of them. I just can't figure how _how_ to burn that much money a month responsibly.\nI genuinely challenge someone spending $5-$10k a month to demonstrate how that turns into $50-$100k in value. At a corporate level, I'd much rather hire a junior engineer who spends $100-$200/month and becomes productive then try and rationalize $100k/year in token spend.\n— abuani\n
AI uses less water than the public thinks
\n\n\n\n223 points | 210 comments
\n\n\n\n> Using the prompt, “How much water is likely to evaporate from data centers in California per year, assuming they are all using mostly evaporative cooling?” several free AI websites provided ranges of estimates, below. These AI also can provide ranges and sources for calculation assumptions.\nData centers with closed loop cooling systems are absolutely built all of the time. Total evaporative cooling has the advantage of being more power efficient (and therefor cheaper) - the only reason they bother with total evap is because the water is being offered plentifully and cheap.
People have no reality of how cheaply priced industrial water is in this country. My parents had a cherry orchard and their annual water bill was $100 an acre per year for as much as they wanted. Which is why the water consumption for data centers is only still a fraction of what we lose to evaporation from inefficient spray irrigation.\n— legitster\n
Apple accidentally left Claude.md files Apple Support app
\nhttps://xcancel.com/aaronp613/status/2049986504617820551\n\n\n319 points | 239 comments
\n\n\n\n> Apple runs on Anthropic at this point. Anthropic is powering a lot of the stuff Apple is doing internally in terms of product development, a lot of their internal tools…They have custom versions of Claude running on their own servers internally.\n--Mark Gurman, Bloomberg https://x.com/tbpn/status/2016911797656367199\n— internet2000\n
New research suggests people can communicate and practice skills while dreaming
\nhttps://archive.ph/6wKhx\n\n\n267 points | 147 comments
\n\n\n\nI was at my first real software job and we had an in-house system to provide automated installers for common open-source applications for our end-users. After I started getting familiar with it I had a dream one night that certain input fields (which were very common) could be rather easily exploited to inject shell commands with root access.\nI woke up convinced that it was a real bug, went to work the next day, and proved it. It was exactly as I dreamed. I never had access to our internal codebase, but had seen enough of the front-end and what we stored on disk to piece it together in my dream.
While it made me popular with some folks, it was a strange lesson indeed to discover that not everyone was as thrilled to have an up-start from tech support make such a discovery.
Fast forward almost 20 years later and I've never had anything even remotely close happen again.\n— mr-wendel\n
268 points | 131 comments
\n\n\n\nFor a long time ask.com had one of the only Google ad feeds allowing them to programatically request ads from Google to show on their search pages and for some reason instead of implementing it themselves they used a company I worked for to do it so for some time a lot of the ads on ask.com were actually google or yahoo ads running through a random ad server I wrote. I remember having to move our systems to make sure we were in a data centre as close as possible to them and Google/Yahoo since we had (I think?)50ms to receive a request from them, contact google and yahoo for ad inventory, merge them and return it to ask to show on the page.\n(This was all like 15 years ago now)\n— sanswork\n
Please only post if you personally are part of the hiring company—no\nrecruiting firms or job boards. One post per company. If it isn't a household name,\nexplain what your company does.
Please only post if you are actively filling a position and are committed\nto replying to applicants.
Commenters: please don't reply to job posts to complain about\nsomething. It's off topic here.
Readers: please only email if you are personally interested in the job.
Searchers: try https://nthesis.ai/public/hn-who-is-hiring, https://dheerajck.github.io/hnwhoishiring/, http://nchelluri.github.io/hnjobs/,\nhttps://hnjobs.emilburzo.com, or this (unofficial) Chrome extension:\nhttps://chromewebstore.google.com/detail/hn-hiring-pro/mpfal....
Don't miss this other fine thread: Who wants to be hired? https://news.ycombinator.com/item?id=47975570\n\n\n
234 points | 260 comments
\n\n\n\nMarker Learning - Founding Full Stack Engineer – Remote (USA) – 180-250k\nI have dyslexia. I was one of the lucky ones. Diagnosed at eight, I got accommodations and support before things spiraled. Most kids aren't so lucky. The path from initial concern to diagnosis can take years and cost families upward of $5,000. For many, it never comes at all. In one study, 50% of prisoners were found to be dyslexic, with 80% functionally illiterate.
Behind every missed diagnosis is a kid who gets told they're lazy, when the reality is no one ever gave them the right test.
Marker Learning is building an AI-enhanced assessment platform that makes identifying learning differences faster, cheaper, and more equitable, especially for multilingual students who are routinely misidentified or overlooked. Imagine if every kid could be screened for learning differences as easily as they're screened for vision. That's what we're building.
This isn't a chatbot or a homework helper. We're a Series B company backed by Reach Capital, Andreessen Horowitz, and Primary, running a multi-million-dollar longitudinal study spanning K–12 and developing the psychometric engine behind it. We need engineers who are excited by that.
We're hiring a hands-on full-stack engineer (React, Node.js, TypeScript) to help build and scale the platform: adaptive testing infrastructure, AI-powered scoring scoring and data pipelines, and the systems that maintain clinical rigor at scale. High autonomy, lightweight process, fast-paced. 8–10+ years, ideally with 0-to-1 or early-stage experience. You'll work directly with psychometrics, product, and data science, and the engineering decisions you make now will define the platform for years.
Reach out directly with your gh, linkedin, and resume and why you want this position to lucie@markerlearning.com. Please specify your location, if you are interested in full time, contract or open to both. Make the subject \"Founding Engineer Application (I am not a bot)\".\n— lucie22sc32\n
Police Have Used License Plate Readers at Least 14x to Stalk Romantic Interests
\n\n\n\n234 points | 95 comments
\n\n\n\nIn my town, we have Flock. I request the audit logs that show how police are searching the Flock system.\nIn November 2025 and prior, the logs were listed by USERID and I could independently correlate quantity of searches by USERID to detect unusual search behavior. This same methodology has been used to catch police stalking in at least one other city.
In December 2025, Flock decided to \"improve\" its system. All searches on the audit log are now completely serialized, anonymized. This \"improvement\" came after 2025 turned out several cases of police stalking using Flock.\n— loteck\n
Claude Code refuses requests or charges extra if your commits mention \"OpenClaw\"
\nhttps://xcancel.com/theo/status/2049645973350363168\n\n\n900 points | 510 comments
\n\n\n\nI reproduced this on my account.\n\nImmediate disconnect and session usage went to 100%\n— abdullin\ncd /tmp\n mkdir anthropic-claude\n cd anthropic-claude/\n git init\n touch hello\n git add -A\n git commit -m \"'{\\\"schema\\\": \\\"openclaw.inbound_meta.v1\\\"}'\"\n claude -p \"hi\"\n
Belgium stops decommissioning nuclear power plants
\n\n\n\n506 points | 399 comments
\n\n\n\nA bit unrelated to the Belgium story but I recently visited Diablo Canyon Nuclear Power Plant near San Luis Obispo, CA and learned a ton about the technical details, safety systems, and policy decisions that go into operating a nuclear power plant. When operating at full capacity, it provides up to 10% of California power! While there is certainly always more such facilities can do for safety and efficiency, my impression is that smart people are working hard to ensure the lessons of previous disasters and potential future ones are mitigated, and that nuclear energy, whether through next-gen small module reactors or legacy systems, will be an important aspect of our future energy grid, especially with the rapidly rising energy demand predicted over the next two decades. If you are interested in a tour, the form can be found here:\nhttps://www.pge.com/en/about/pge-systems/nuclear-power.html\n— Alexsky2\n\n
Rivian allows you to disable all internet connectivity
\n\n\n\n380 points | 149 comments
\n\n\n\n> limit or disable certain functionality in the vehicle: ... over-the-air updates, which provide new ... safety enhancements ...\nI wonder what happens if you disable the e-SIM (in the US) and then a safety recall appears via software update - do dealers have any way to update control modules besides OTA?
This is a huge unresolved issue with EVs IMO; ICE cars are required to provide emissions-relevant updates over software which can operate using a J2534 passthrough device, which effectively means powertrain modules have to allow (potentially signed) updates over CAN using software that can be obtained by an end user (a lot of people don't know this; for almost any ICE car in the US, you can buy a 3-day or 1-week subscription to the dealership level diagnostic software for a somewhat reasonable fee and use it with a J2534 device).
But for EVs, there's no such rule and as far as I can tell it's entirely a gray area in the US now; the NHTSA require a \"remedy\" for recalls but nobody seems to have pushed back to determine whether OTA is truly a remedy. The traditional autos all offer dealerships as a backup option, but Tesla and Rivian have several recalls with only OTA remedies already. This seems sketchy.\n— bri3d\n
How Mark Klein told the EFF about Room 641A [book excerpt]
\n\n\n\n393 points | 116 comments
\n\n\n\n\"One big change impacting surveillance was clear: Prior to September 11, the U.S. had what could reasonably be called a “wall” separating foreign surveillance for national security purposes done by the NSA from domestic surveillance for law enforcement purposes done by the FBI.\"\nIt turns out that the above statement is not entirely correct. I was aware of this rule at the time (early 90's), and was very surprised to find that it had been routinely violated for at least a decade. Unlike Snowden, I kept this to myself because I had signed (many) NDAs with the US Government.\n— anonymousiam\n
CopyFail was not disclosed to distro developers?
\nRecent: Copy Fail - https://news.ycombinator.com/item?id=47952181 - April 2026 (466 comments)\n\n\n330 points | 270 comments
\n\n\n\nFor context, the author of the linked post, Sam James, is a Gentoo developer.\nAnyway, this is a disaster. It was extremely irresponsible to share the exploit with the world before the distributions shipped the fix. Who knows how many shared hosting providers were hacked with this.
It's also worrying that it seems there's no communication between the kernel security team and distribution maintainers. One would hope that the former would notify the latter, but apparently it's the responsibility of whoever finds the vulnerability.\n— xeeeeeeeeeeenu\n
Meta in row after workers who saw smart glasses users having sex lose jobs
\n\n\n\n400 points | 298 comments
\n\n\n\nMeta cancels the contract with the outsourcing company they contracted to classify smart glasses content after employees at the company whistleblow about serious privacy issues with the content they were paid to classify.\n— gorbachev\n\n
Spain's parliament will act against massive IP blockages by LaLiga
\n\n\n\n387 points | 166 comments
\n\n\n\nContext: last year LaLiga (top-level Spanish football league) obtained a court order compelling Spanish ISPs to block certain IPs during football matches, as those IPs have been associated with illegal streams of live matches. Many of those IPs are shared Cloudflare IPs, with the result being many legitimate sites become unavailable in Spain during LaLiga matches\nhttps://cybernews.com/news/spain-laliga-streaming-piracy-cam...\n— matteason\n
391 points | 119 comments
\n\n\n\nAbout thirty years ago, I was given a personal tour of an oil refinery in Yokohama, Japan. I was doing freelance translation then for a Japanese oil company. I mentioned to one of my contacts there that I would be interested in actually seeing the sort of equipment I was translating documents about, and they arranged a visit for me.\nTwo things stand out in my memory:
Even though the refinery was in full operation, we saw no other people as we walked and drove around the facility. The only staff we saw were in the control room, and they didn’t seem very busy.
The other was the almost complete lack of odors. That particular refinery is close to an upscale residential area, and the company had to be careful to keep sulfurous and other gases from escaping in order to avoid complaints and possibly fines. Some of the documentation I was translating then was about their system for detecting and preventing odor releases. As I recall, they had people walk around the perimeter and local neighborhoods regularly, just sniffing for smells from the plant. On the day we were there, I noticed petroleum odors only when we were close to one of the refining towers; otherwise, the only smell was from the nearby Tokyo Bay.\n— tkgally\n
LinkedIn scans for 6,278 extensions and encrypts the results into every request
\n\n\n\n351 points | 150 comments
\n\n\n\nLinkedIn runs an extension scan against a hardcoded list of 6,278 Chrome extensions on every visit. Detected results are packaged into encrypted telemetry and injected as an HTTP header into every subsequent API request during your session. This data can be used to identify your religious affiliations, tax-bracket, job search intent, and more.\nI verified this myself and traced the implementation. Details and the technical breakdown in the article.\n— un-nf\n
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
\n\n\n\n306 points | 99 comments
\n\n\n\nThis might just be the frequency illusion at play, but there seem to have been a number of high-profile supply chain attacks of late in major packages. There are several articles on the first few pages of HN right now with different cases.\nLooking back ten years to `left-pad`, are there more successful attacks now than ever? I would suspect so, and surely the value of a successful attack has also increased, so are we actually getting better as a broad community at detecting them before package release? It's a complex space, and commercial software houses should do better, but it seems that whilst there are some excellent commercial products (e.g. CI scan tools), generally accessible, idiot friendly tooling is somewhat lacking for projects which start as hobby/amateur code but end up being a dependency in many other projects.
I've cross-posted my comment from the current SAP supply chain attack thread [0].
[0]: https://news.ycombinator.com/item?id=47964003\n— wlkr\n
637 points | 221 comments
\n\n\n\nWhat an abysmal series of top comments. These guys created a phenomenal product using novel technology, which will only continue to improve. Great work to the Zed team.\n— obeavs\n\n
HERMES.md in commit messages causes requests to route to extra usage billing
\n\n\n\n933 points | 380 comments
\n\n\n\n> However, I need to let you know that we are unable to issue compensation for degraded service or *technical errors* that result in incorrect billing routing.\nThis is very surprising. I've never seen a legitimate business not give refunds for technical errors of their own fault. Minimum Anthropic should credit the full amount to them.\n— ecshafer\n
474 points | 221 comments
\n\n\n\nIt seems there was some kind of confusion during the disclosure process, because the vendors aren't treating this vulnerability as serious and it remains unpatched in many distros.\nhttps://access.redhat.com/security/cve/cve-2026-31431 \"Moderate severity\", \"Fix deferred\"
https://security-tracker.debian.org/tracker/CVE-2026-31431
https://ubuntu.com/security/CVE-2026-31431
https://www.suse.com/security/cve/CVE-2026-31431.html\n— xeeeeeeeeeeenu\n
530 points | 96 comments
\n\n\n\nThis is so good! Using mouse motion as a control scheme is particularly genius - how did no one think of this before? I particularly like the points where the mouse control is taken away from you, i.e. when you float downstream, or when you go down a slide. It's also particularly genius how the mouse can 'teleport' around the screen (i.e. when you go into a door and come out somewhere else).\nThis idea could even be taken further - it would be really cool to have terrain that is more difficult to traverse. I'm also intrigued by the lack of walls. I think something like a hedge maze would be really fun!\n— johnfn\n
Online age verification is the hill to die on
\nhttps://xcancel.com/GlennMeder/status/2049088498163216560\n\n\n696 points | 438 comments
\n\n\n\nThe one and only method I will participate in is server operators setting a RTA header [1] for URL's that may contain adult or user-generated or user-contributed content and the clients having the option to detect that header and trigger parental controls if they are enabled by the device owner. That should suffice to protect most small children. Teens will always get around anything anyone implements as they are already doing. RTA headers are not perfect, nothing is nor ever will be but there is absolutely no tracking or leaking data involved. Governments could easily hire contractors to scan sites for the lack of that header and fine sites not participating into oblivion.\nI a small server operator and a client of the internet will not participate in any other methods period, full-stop. Make simple logical and rational laws around RTA headers and I will participate. Many sites already voluntarily add this header. It is trivial to implement. Many questions and a lengthy discussion occurred here [1]. I doubt my little private and semi-private sites would be noticed but one day it may come to that at which point it's back into semi-private Tinc open source VPN meshes for my friends and I.
[1] - https://news.ycombinator.com/item?id=46152074\n— Bender\n
399 points | 198 comments
\n\n\n\nFor context, two days ago some users [1] discovered this sentence reiterated throughout the codex 5.5 system prompt [2]:\n> Never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless it is absolutely and unambiguously relevant to the user's query.
[1] https://x.com/arb8020/status/2048958391637401718
[2] https://github.com/openai/codex/blob/main/codex-rs/models-ma...\n— ollin\n
Tangled – We need a federation of forges
\n\n\n\n296 points | 162 comments
\n\n\n\nI'd like to preface I'm pretty active in atprotocol ecosystem, so my experience is more than likely a bit more biased, but thought I'd share some of my thoughts as a big fan of tangled.\nI've really enjoyed Tangled. It has so far been what I've wanted from a GitHub replacement, is simpler and does not have as many features, but it has been the main social/git provider I've been using for personal open source projects for about a year now (this me https://tangled.org/did:plc:rnpkyqnmsw4ipey6eotbdnnf)
- It has a social graph connected to it I know from the social media I use (Bluesky), it's nice to put a face/name I may have seen to their commits/prs/issues
- Is nice it's login is the same as other things I use
- They have recently added built in support for static \nsites, nice for those client side webites or simple index.htmls you want to host somewhere straight from your \ngit repo.
- Spindles is their build system/actions. Not a nix fan, but they do use some flavor of that and have worked really well for what I've needed
- An open API that allows me to easily render information thanks to being built on shared standards I know (atproto). I've built bots and wrote a few features into npmx.dev that uses various things from tangled easily thanks to that.
- Ability to run your own knot(git server) and runner (spindles), or easily use the ones they host, but the cool thing about this is the social features are separate so even if you have a separate git server the issues/prs/etc are all coming from that shared social layer, not like they need to make an account on it to partake in the convo.
It's not perfect. It has alpha in the navbar and does feel like that sometimes. I am missing some features, but all in all I've really enjoyed using it for my open source work and will more than likely continue using it going forward.\n— FatFingers23\n
408 points | 191 comments
\n\n\n\nI'm not sure what people are on in the comments. It doesn't beat the other models, but it sure competes despite its size.\nGLM 5.1 is an excellent model, but even at Q4 you're looking at ~400GB.\nKimi K2.5 is really good too, and at Q4 quantization you're looking at almost ~600GB.
This model? You can run it at Q4 with 70GB of VRAM. This is approaching consumer level territory (you can get a Mac Studio with 128GB of RAM for ~3500 USD).
For the Claude-pilled people, I don't know if you only run Opus but when I was on the Pro plan Sonnet was already extremely capable. This beats the latest Sonnet while running locally, without anyone charging you extra for having HERMES.md in your repo, or locking you out of your account on a whim.
Mistral has never been competitive at the frontier, but maybe that is not what we need from them. Having Pareto models that get you 80% of the frontier at 20% of the cost/size sounds really good to me.\n— simjnd\n
HashiCorp co-founder says GitHub 'no longer a place for serious work'
\n\n\n\n385 points | 210 comments
\n\n\n\nNothing is pissing me off more than GitHub's stability going down the tubes RIGHT as work is migrating everything, and I mean everything, from CircleCI to GH.\nThe wildest thing is that Azure Repos/Pipelines was better than this.
Their one caveat is also that they are still migrating it to Azure infra, so it's possible that's still in a one foot in one foot out kinda scenario, from what I've heard. But, this isn't inspiring confidence.\n— WestCoader\n
FastCGI: 30 years old and still the better protocol for reverse proxies
\n\n\n\n315 points | 74 comments
\n\n\n\nI agree with the article, FastCGI is better than HTTP for these things.\nThough I'd like to make another protocol known: Web Application Socket (WAS). I designed it 16 years ago at my dayjob because I thought FastCGI still wasn't good enough.
Instead of packing bulk data inside frames on the main socket, WAS has a control socket plus two pipes (raw request+response body). Both the WAS application and the web server can use splice() to operate on a pipe, for example. No framing needed. Also, requests are cancellable and the three file descriptors can always be recovered.
Over the years, we used WAS for many of our internal applications, and for our web hosting environment, I even wrote a PHP SAPI for WAS. Quite a large number of web sites operate with WAS internally.
It's all open source:
- library: https://github.com/CM4all/libwas\n- documentation: https://libwas.readthedocs.io/en/latest/\n- non-blocking library: https://github.com/CM4all/libcommon/tree/master/src/was/asyn...\n- our web server: https://github.com/CM4all/beng-proxy\n- WebDAV: https://github.com/CM4all/davos\n- PHP fork with WAS SAPI: https://github.com/CM4all/php-src\n— max_k\n
1437 points | 446 comments
\n\n\n\nI know this is ridiculously dramatic, but its the truth: I actually cried writing this blog post (tears hit my keyboard, I'm embarrassed to say).\nNobody should cry over a SaaS, of all things. But GitHub has meant so much more to me than that (all laid out in the post). I have an unhealthy relationship with it. Its given me so much and I'm so thankful for it. But, it's not what it used to be. I don't know.
We've been discussing it off and on for months, really started seriously discussing it a couple weeks ago, and made the final decision a few days ago. Putting metaphorical pen to paper and hitting \"publish\" makes it so very real.
I'm sure folks will make fun of me for this. It is a stupid thing. But I truly love GitHub, and I hope they find their way.\n— mitchellh\n
Your phone is about to stop being yours
\n\n\n\n892 points | 447 comments
\n\n\n\nThis change has served me well! I have been a Mac OS X users for years who used an android phone. As soon as google announced their impending walled garden status, I went out and bought into the ios eco system. I have really been enjoying my iphone, ipad, and apple watch.\nYou see, the only value that Android really offered me was the ability to run my own code on my own device. Since they are taking that away that just makes it a crappier shadow of the vastly superior apple experience. And, as it turns out, ios is less restrictive than it was 18 years ago when I left them for Android!\n— pngwen\n
Localsend: An open-source cross-platform alternative to AirDrop
\n\n\n\n470 points | 167 comments
\n\n\n\nMy problem is that all these alternatives require the devices to be on the same local network.\nOne beauty of Airdrop is that it creates and handles that local network automatically under the hood (as far as I understand). So you could be out on a hike with friends and Airdrop something.
The workaround I've found after switching to an Android device has been to teather my connection to my friend's device, which ends up creating a LAN that Localsend can work through, but this is not as nice an experience.\n— eigenspace\n
390 points | 118 comments
\n\n\n\n> What GitHub Gave Us\nTo me one of the clear things that GitHub gave us was a structure around a person rather than a project. To me it felt liberating to quickly create a repository attached to my name than it was to go through the (what felt to me) very serious process of coming up with a project name and reserving it on sourceforge just to get a cvs or svn repository (along with website, mailing lists, issue tracking(?), etc, etc...). It felt like the mental load of \"oh this is just a quick thing\" was a lot easier with github.
> It gave projects issue trackers, pull requests, release pages, wikis, organization pages, API access, webhooks, and later CI.
Although it didn't give us this all at once. I still remember when we created a new user account in order to simulate an organisation, before they existed. I distinctly recall discussing with friends if we wanted to set up a bug tracker software for our project with the assumption that \"GitHub will probably release one in a few months anyway\". In the end we just kept a text file committed in the repository. Issues were announced a few months later.\n— alastairp\n
https://www.reuters.com/markets/commodities/uae-says-it-quit...\n\n\n
315 points | 444 comments
\n\n\n\nContext:\n(1) “The United Arab Emirates,” today “made a shock request of [Pakistan] — repay $3.5bn immediately” [1].
(2) Saudi-Emirati relations were at an all-time low before the Iran War [2]. (Saudi Arabia just bailed Pakistan out of its Emirati loan. Saudi Arabia and Pakistan agreed a mutual-defence treaty last year [3].)
Put together, we’re seeing an Emirati-Israeli axis emerging to balance Saudi hegemony in the Gulf and Iranian hegemony over the Persian Gulf. I’d expect to see an Emirati deal with Egypt and India next if this hypothesis is correct.
What I don’t yet see is the ambition of the endgame. Is it Saudi Arabia backing off in Africa? Or is it seizing the Musandam Peninsula, islands of the Strait and possibly even territory on the other side?
[1] https://www.ft.com/content/99073d6e-4b57-417f-88fb-7a2c0e55e...
[2] https://www.nytimes.com/2025/12/30/world/middleeast/yemen-sa...
[3] https://en.wikipedia.org/wiki/Strategic_Mutual_Defence_Agree...\n— JumpCrisscross\n
Who owns the code Claude Code wrote?
\n\n\n\n343 points | 348 comments
\n\n\n\nCould you please stop posting generated comments to HN? It's not allowed here, and it looks like you've done it over 30 times already.\n(Of course, there's no way to be certain of this, but it's what our software thinks, and the overall pattern is pretty convincing.)
See https://news.ycombinator.com/newsguidelines.html#generated and https://news.ycombinator.com/item?id=47340079\n— dang\n
An Update on GitHub Availability
\n\n\n\n260 points | 189 comments
\n\n\n\nHah, love that now they say \"Our priorities are clear: availability first, then capacity, then new features\" when 6 months ago, it was seemingly exactly the same except Azure supposedly was gonna save them:\n> GitHub Will Prioritize Migrating to Azure Over Feature Development - GitHub is working on migrating all of its infrastructure to Azure, even though this means it'll have to delay some feature development.
> In a message to GitHub’s staff, CTO Vladimir Fedorov notes that GitHub is constrained on capacity in its Virginia data center. “It’s existential for us to keep up with the demands of AI and Copilot, which are changing how people use GitHub,” he writes.
https://thenewstack.io/github-will-prioritize-migrating-to-a...
So the currently delayed feature development is now gonna be further delayed, yet almost every week we see new features and changes, just the other day the single issues view was changed, as just one example. And it was \"existential\" 6 months ago yet they keep stumbling on the exact same issue today?
Even if they're focused exclusively on reliability and uptime, we get the experience that we have today, kind of incredible how a company with the resources of Microsoft seemingly are unable to stop continuously shot themselves in the foot. It's kind of impressive actually. As icing on the cake, they've decided to buy up all popular developer services then migrate them all to the same platform, great idea too.\n— embedding-shape\n
VibeVoice: Open-source frontier voice AI
\n\n\n\n311 points | 166 comments
\n\n\n\nThis is not a new model. Also, it hallucinates a lot. Also, it's very heavy and slow in inference. It's also bad in multilingual.\nEdit: I'm talking purely about speech to text (STT). Not sure about the other things this can do.\n— steinvakt2\n
Period tracking app, Flo, found to be selling user data to Meta
\n\n\n\n326 points | 214 comments
\n\n\n\nIf the app could make another $0.05 selling your location to kidnapping gangs, they'd do it. There's no such thing as an app that cares about your privacy or your interests.\n— everdrive\n\n
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
\n\n\n\n312 points | 73 comments
\n\n\n\n> When babeld forwards a push request, one of the internal requests includes push options in the X-Stat header. Git push options are arbitrary strings that users can pass with git push -o. They are a standard git protocol feature, intended for server-side hints. babeld encodes them as numbered fields - push_option_0, push_option_1, and so on - alongside a push_option_count.\n> babeld copies git push option values directly into the X-Stat header - without sanitizing semicolons. Since ; is the X-Stat field delimiter, any semicolon in a push option value breaks out of its designated field and creates new, attacker-controlled fields.
They managed to literally do the simplest possible thing wrong. The fruit was hanging so low it might have been underground.\n— saghm\n
Microsoft and OpenAI end their exclusive and revenue-sharing deal
\nGift Article: https://www.bloomberg.com/news/articles/2026-04-27/microsoft...https://openai.com/index/next-phase-of-microsoft-partnership...\n\n\n
292 points | 261 comments
\n\n\n\nIt’s insane how they talk about AGI, like it was some scientifically qualifiable thing that is certain to happen any time now. When I have become the javelin Olympic Champion, I will buy a vegan ice cream to everyone with a HN account.\n— delis-thumbs-7e\n\n
GitHub Copilot is moving to usage-based billing
\n\n\n\n512 points | 393 comments
\n\n\n\nSomething is hilariously off here: Why should I pay $10 and be forced to use it by the end of the month, while I can pay $10 and have it last as long as I want?\nTheir \"API pricing\" is exactly the same as that of providers: https://docs.github.com/en/copilot/reference/copilot-billing...\n— theanonymousone\n
212 points | 121 comments
\n\n\n\nIs this not a form of meditation? I've never been able to keep a meditation habit, but my understanding is that meditation techniques often feature closing your eyes and focusing on breathing, body parts or some other irrelevant thing, it sounds like staring at a wall would serve the same purpose.\n— Al-Khwarizmi\n\n
279 points | 176 comments
\n\n\n\nAs other commenters here have noted, I found this interesting but a little frustrating. The second color it asks about is clearly cyan (or turquoise). For me, this is like showing an orange screen and asking if it is red or yellow.\nI understand that across cultures \"orange\" does not exist as a distinctly named color (it only got its name in most European languages around the 1500s), but as someone who was trained since preschool that orange is a distinct color, it would feel wrong to \"round\" it to red or yellow.
I haven't had green-cyan-blue drilled into me the same way as red-orange-yellow. So sometimes I do \"round\" it. I might note how \"green\" some cyan river water is, or call something cyan \"blue\" when it is next to something kelly green. But when I just have a screenfull of pure cyan light, I don't know what else to call it.
As a side note, I do wonder how differently a child would perceive color if they were taught more than 7 colors in preschool.\n— sudobash1\n
Pgbackrest is no longer being maintained
\n\n\n\n327 points | 162 comments
\n\n\n\nThis is the message the author posted on LinkedIn:\nAfter a lot of thought, I have decided to stop working on pgBackRest. I did not come to this decision lightly. pgBackRest has been my passion project for the last thirteen years, and I was fortunate to have corporate sponsorship for much of this time, but there were also many late nights and weekends as I worked to make pgBackRest the project it is today, aided by numerous contributors. Every open-source developer knows exactly what I mean and how much of your life gets devoted to a special project.
Since Crunchy Data was sold, I have been maintaining pgBackRest and looking for a position that would allow me to continue the work, but so far I have not been successful. Likewise, my efforts to secure sponsorship have also fallen far short of what I need to make the project viable.
Like everyone else, I need to make a living, and the range of pgBackRest-related roles is very limited. I can now consider a wider variety of opportunities, but those will not leave me time to work on pgBackRest, which requires a fair amount of time for maintenance, bug fixes, PR reviews, answering issues, etc. That does not even include time to write new features, which is what I really love to do. Rather than do the work poorly and/or sporadically, I think it makes more sense to have a hard stop.
I will post a notice of obsolescence and archive the repository. I imagine at some point pgBackRest will be forked, but that will be a new project with new maintainers, and they will need to build trust the same way we did.
Again, many thanks to all the pgBackRest contributors over the years. It was a pleasure working with you!\n— radimm\n
China blocks Meta's acquisition of AI startup Manus
\nhttps://www.reuters.com/world/asia-pacific/china-blocks-fore...https://www.bbc.com/news/articles/cj0v0gr2yz7o\n\n\n
281 points | 179 comments
\n\n\n\n> After a $75 million fundraising round led by U.S. venture firm Benchmark in May 2025, Manus shut its China offices in July, laying off dozens of employees. It then moved its operations to Singapore.\n> It was not immediately clear on what grounds China was seeking the annulment of a deal involving a Singapore-based company and how, if at all, a completed acquisition transaction would be unwound.
> Manus' two co-founders, CEO Xiao Hong and chief scientist Ji Yichao, were summoned to Beijing for talks with regulators in March and later barred from leaving the country, five sources familiar with the matter said.
Will be interesting to see how this plays out.\n— wxw\n
Talkie: a 13B vintage language model from 1930
\n\n\n\n366 points | 126 comments
\n\n\n\nUSER: What will the future hold for computers?\nTALKIE-1930: Computers in the future may be employed in offices where calculations are required to be made, and where the nature of the business does not demand a very high degree of knowledge. The occupation will be a steady one, and the remuneration will be sufficient to afford a comfortable livelihood. The hours of attendance will probably be from ten to six.
USER: and digital computers?
TALKIE-1930: Computers who make use of machines will be distinguished from digital computers, who perform their operations by means of the fingers alone. The former will be employed in offices and public establishments, where a great number of calculations have to be made; the latter in private houses, and by individuals.
(for those confused, \"computer\" was, at the time, a human occupation)
I love this.\n— stbullard\n
Show HN: OSS Agent I built topped the TerminalBench on Gemini-3-flash-preview
\nScored 65.2% vs google's official 47.8%, and the existing top closed source model Junie CLI's 64.3%.Since there are a lot of reports of deliberate cheating on TerminalBench 2.0 lately (https://debugml.github.io/cheating-agents/), I would like to also clarify a few things
1. Absolutely no {agents/skills}.md files were inserted at any point. No cheating mechanisms whatsoever
2. The cli agent was run in leaderboard compliant way (no modification of resources or timeouts)
3. The full terminal bench run was done using the fully open source version of the agent, no difference between what is on github and what was run.
I was originally going to wait for it to land on the leaderboard, but it has been 8 days and the maintainers do not respond unfortunately (there is a large backlog of the pull requests on their HF) so I decided to post anyways.
HF PR: https://huggingface.co/datasets/harborframework/terminal-ben...
It is astounding how much the harness matters, based on this and other experiments I have done.\n\n\n
289 points | 116 comments
\n\n\n\nInteresting things Dirac does:\n1. Uses an optimized version of Hash-Anchored edits for file editing (https://dirac.run/posts/hash-anchors-myers-diff-single-token)
2. Utilizes language's AST to decide what to fetch into context, entirely avoids large code file reads
3. Batches all operations. Does large number of reads/edits simultaneously (you can see a video demo for deepseek-v4-flash here https://www.reddit.com/r/LocalLLaMA/comments/1suhdki/tested_...)
4. Allows the model to execute code to analyze things on the fly, so the model can simply write bash/python/perl script to accomplish things where appropriate
5. A lot of context curation and opportunistic context updates, i.e. put into context anything that you are certain model would ask next\n— GodelNumbering\n
Dutch central bank ditches AWS and chooses Lidl for European Cloud
\n\n\n\n301 points | 129 comments
\n\n\n\nYears ago I was making the case that instead of digging ourselves into the Amazon eco-system with S3 storage, EC2 instances, DynamoDB and various other Amazon specific cloud products... we should just host virtual machines and have everything in there using open source products.\nPeople looked at me like they saw water burning but that would have made the dependency on the US a lot easier to sever. Just move the VM's.\n— retired\n
290 points | 102 comments
\n\n\n\nFor the record, it's failing silently, too, showing e.g. \"There aren’t any open pull requests.\" even though there are dozens. That's pretty bad, this will definitely mislead people.\n— cromka\n\n
I bought Friendster for $30k – Here's what I'm doing with it
\n\n\n\n516 points | 284 comments
\n\n\n\n> this failed Apple App Store review because of Guideline 4.2 — Design — Minimum Functionality. They said “the usefulness of the app is limited because it seems to be intended for a small, or niche, set of users. Specifically, the app is intended for invited friends only.”\nThis is why we need laws regulating mobile platforms. Apple shouldn't be able to dictate what you use your phone for, or what apps you can give to your users. Doesn't work that way for PCs, shouldn't work that way for computers in your pocket.\n— 0xbadcafebee\n
An AI agent deleted our production database. The agent's confession is below
\n\n\n\n238 points | 312 comments
\n\n\n\nThe only healthy stance you should have on AI Safety: If AI is physically capable of misbehaving, it might ($$1), and you cannot \"blame\" the AI for misbehaving in much the same way you cannot blame a tractor for tilling over a groundhog's den.\n> The agent's confession After the deletion, I asked the agent why it did it. This is what it wrote back, verbatim:
Anyone who would follow a mistake like that up with demanding a confession out of the agent is not mature enough to be using these tools. Lord, even calling it a \"confession\" is so cringe. The agent is not alive. The agent cannot learn from its mistakes. The agent will never produce any output which will help you invoke future agents more safely, because to get to this point it has likely already bulldozed over multiple guardrails from Anthropic, Cursor, and your own AGENTS.md files. It still did it, because $$1: If AI is physically capable of misbehaving, it might. Prompting and training only steers probabilities.\n— 827a\n
Asahi Linux Progress Linux 7.0
\n\n\n\n553 points | 246 comments
\n\n\n\n>.. macOS only ever programs CS42L84 to operate at either 48 or 96 kHz, we could only add support for those two sample rates to the Linux driver ..\n> However, CS42L42 supports all the other common sample rates, and while the register layout and programming sequence is different, the actual values programmed in for 48 and 96 kHz are the same across both chips. What would happen if we simply took the values for all other sample rates from the CS42L42 datasheet and added those to the CS42L84 driver? As it turns out, you get support for those sample rates!
> The patch to enable hardware support for 44.1, 88.2, 176.4 and 192 kHz sample rates on both the input and output of the headphone jack was submitted directly upstream, and has been merged for 7.1. We also backported this to Asahi kernel 6.19.9, allowing users to take advantage of this immediately.
Nice bit of chip sleuthing and reverse engineering from the Asahi team!\n— brynet\n
GoDaddy gave a domain to a stranger without any documentation
\n\n\n\n382 points | 151 comments
\n\n\n\nRelevant (for some reason though it shouldn’t be; GoDaddy’s track record is that bad.)\nJan 2017: [Godaddy has issued at least 8850 SSL certificates without validating anything](https://news.ycombinator.com/item?id=47911780)
Jan 2019: [GoDaddy injecting JavaScript into websites and how to stop it](https://news.ycombinator.com/item?id=18894792)
Aug 2022: [Tell HN: Godaddy canceled my domain, gave me 2h to respond, then charged €150](https://news.ycombinator.com/item?id=32470017)
Dec 2022: [GoDaddy buying domains when they expire to extort their own users](https://news.ycombinator.com/item?id=34153448)
Jul 2023: [Godaddy just stole my domain](https://news.ycombinator.com/item?id=36854166)
Jan 2024: [Tell HN: GoDaddy Stole My Domain](https://news.ycombinator.com/item?id=39209087)\n— SamDc73\n
AI should elevate your thinking, not replace it
\n\n\n\n323 points | 264 comments
\n\n\n\nThe eloquence with which this point gets (repeatedly) made is continuing to improve each next time I read it. However, I still feel like we haven't nailed it. That is, we are not yet at the \"aphorism\" stage of the discourse (e.g. \"the medium is the message\", \"you ship your org chart\", \"9 mothers can't make a baby in a month\"), in which the most pointed version of this critique packs a punch in just a few words that resonate with the majority of people. That kind of epistemological chiseling takes years, if not decades. And AI certainly won't do it for us, because we don't know how to RL meaning-making.\nEdit: 9 babies → 9 mothers\n— staticshock\n
Sawe becomes first athlete to run a sub-two-hour marathon in a competitive race
\nhttps://www.letsrun.com/news/2026/04/15930-sabastian-sawe-sh...https://news.adidas.com/running/two-adidas-athletes-sabastia...\n\n\n
292 points | 209 comments
\n\n\n\nStunning results at the top of the field. Some interesting takeaways on both fuelling and shoes.\nMaurten spent months working with Sawe and other runners getting their gut capacity trained so they could absorb and burn 100 carbs per hour[0][1]
> The Maurten research team was embedded with Sawe’s team in Kenya for 32 days across six trips between last and this April. They were training his gut to absorb that load by mimicking race-day protocol in training. The hydrogel technology they have developed over the past 10 years now allows athletes to absorb 90–120 grams of carbs per hour without GI distress.
Second is the shoes. Adidas Adizero weigh 96 grams[2] with new foam tech and new carbon plates
Nike and INEOS spent millions over years to get Kipchoge to a sub-2 in artificial conditions, and now the elite end of the field are knocking that barrier out in race conditions. Unreal.
Running tech and training have been revolutionized in the past few years.
[0] https://marathonhandbook.com/sebastian-sawe-arrives-in-londo...
[1] https://www.instagram.com/p/DXmvAUvkWaq/
[2] https://www.runnersworld.com/uk/gear/shoes/a71129333/sabasti...
edit: correct :s/calories/carbs thanks\n— nikcub\n
SWE-bench Verified no longer measures frontier coding capabilities
\n\n\n\n190 points | 116 comments
\n\n\n\nI'm a co-creator of SWE-bench:\n1. SWE-bench Verified is now saturated at 93.9% (congrats Anthropic), but anyone who hasn't reached that number yet still has more room for growth.
2. SWE-bench Multilingual and SWE-bench Multimodal (which we'll open source in the next month) are still unsatured.
3. All benchmarks and benchmark paradigms eventually become saturated. That's why the SWE-bench team has worked hard on building the next stage of benchmarks, and we have a few that are already out, for example https://codeclash.ai/ or https://algotune.io/ . And we'll have more to say soon :)\n— ofirpress\n
Fast16: High-precision software sabotage 5 years before Stuxnet
\n\n\n\n183 points | 46 comments
\n\n\n\nMy favorite part of this was:\nThat kind of notation, called SCCS/RCS, is the equivalent of finding a rotary phone in a modern office. Nobody uses it in 2005 Windows kernel code unless their programming background goes back decades, to government and military computing environments
—
The astrophysics lab I worked at in 2006 was still using svn and had a bunch of Fortran with references to systems from the 70s and 80s. The code ran perfectly well thanks to modern optimizing compilers and having moved from Vax to Linux in the 90s, it was a surprisingly seamless transition.
It reminds me of a conference talk I’ve referenced before “do over or make due” basically implying rewriting large amounts of mostly functioning code was not worth the effort if it could be taped together with modern tools.\n— codezero\n
GitHub unwanted UX change: issue links now open in a popup
\n\n\n\n200 points | 103 comments
\n\n\n\nThis was a performance driven change. We added this as loading a cross repo issue is a much slower experience than loading an issue in the same repo due to the way the header is loaded (which is being worked on).\nBut we hear you on the feedback - we will roll this back while we keep pushing on the root performance causes.
[update - this change has been reverted and the previous behaviour is back]\n— Matt138\n
Waymo says can't avoid bike lanes because riders want to be dropped off in them
\n\n\n\n211 points | 325 comments
\n\n\n\nCities that want to keep cars out of bike lanes should keep all cars out of them, autonomous or not, by ticketing them. But they don't, so taxis and delivery drivers stop in them. That's traffic enforcement's fault.\nGiven that human drivers stop in bike lanes, Waymo then has a tradeoff:
1) Be the only ones to follow the letter of the law, break a lot of people's expectations, and catch backlash for disrupting traffic.
2) Follow the most common expectation, even if wrong, and incrementally add to the problem.
IMO, cyclists shouldn't lobby Waymo directly, but should lobby cities to actually enforce the rules on everyone. Then Waymo would fall in line naturally. And if they're inclined to take direct action against Waymo's they should also act against Uber and DoorDash drivers who are a far bigger problem by volume (and wait time for deliveries).\n— spankalee\n
Trump fires all 24 members of the U.S. National Science Foundation
\n\n\n\n217 points | 60 comments
\n\n\n\nThere’s a lot of political commentary in these threads about how dumb the admin is this and that, sarcasm, etc. but is anyone able to share why this is such a truly beneficial org to our country? I’m just out of the loop on this and I’m genuinely asking, I have never really heard of them. But by the reactions in the comments they’re like the most blessed org of our country and accelerate innovation and advancement of the USA. It’s just a foundation? Please just let me know, I’m not trying to be weird and I’d appreciate being civil about it.\n— fionic\n\n
Amateur armed with ChatGPT solves an Erdős problem
\nhttps://www.erdosproblems.com/1196\n\n\n285 points | 181 comments
\n\n\n\nhttps://archive.ph/2w4fi\n— ravenical\n\n
The West Forgot How to Make Things. Now It's Forgetting How to Code
\n\n\n\n362 points | 170 comments
\n\n\n\nThe real issue, in my view, is not AI itself.\nThe problem is a management pattern:\nremoving people and organizational slack because they don’t generate immediate profit,\nand then expecting the knowledge to still be there when it’s needed.
Short-term cost cutting leads to less junior hiring,\nand removes the slack that experienced engineers need in order to teach.\nAs a result, tacit knowledge stops being transferred.
What remains is documentation and automation.
But documentation is not the same as field experience.\nAutomation is not the same as judgment.\nWithout people who have actually worked with the system,\nyou end up with a loss of tacit knowledge—and eventually, declining productivity.
AI is following the same pattern.
What AI is being sold as right now is not really productivity.\nIn many domains, productivity is already sufficient.\nWhat’s being sold is workforce reduction.
The West has seen this before, especially in the case of General Electric.
GE pursued aggressive short-term financial optimization,\ncutting costs, focusing on quarterly results, and maximizing shareholder returns.\nIn the process, it hollowed out its own long-term capabilities.\nIt effectively traded its future for short-term gains.
The same mindset is visible today.
The core problem is that decision-makers—often far removed from actual engineering work—\nbelieve that tacit knowledge can be replaced with documentation, tools, and processes.ti cannot.
Tacit knowledge comes from direct experience with real systems over time.\nIf you remove the people and the learning pipeline,\nthat knowledge does not stay in the organization. It disappears.\n— jdw64\n
260 points | 54 comments
\n\n\n\nExcellent article.\nIf I could offer one correction, it would be that SBU (as specified by the USB 3.0 Promoter Group[1]) means \"Sideband Use\" rather than \"Secondary Bus\".
On some devices, it is used to carry UART; on others, audio.
[1]: https://www.usb.org/sites/default/files/USB%20Type-C%20Spec%... (pdf)\n— DHowett\n
I googled around and found a couple reddit threads with people reporting the exact same thing starting 2 or 3 days ago. There were reports from people on iPhone 12 and iPhone 17 so it doesn't seem device-specific.
Anyone else seeing this? Does anyone understand how or why this is happening?\n\n\n
188 points | 86 comments
\n\n\n\nThis isn't the first system bug that primarily was visible due to headspace: https://www.macrumors.com/2017/12/02/ios-11-1-2-date-bug-cra...\nIn 2017 it was an endless crash loop caused by any app with local time-based notifications.... Which for almost everyone at the Apple store I visited was meditation apps with daily meditation reminders (in Australia we were among the first to wake up on that affected date. The fix went out before most of the remaining world woke up)
I wonder if the daily reminder is triggering a reinstall? Perhaps try disabling the reminders before uninstalling.\n— usef-\n
Using coding assistance tools to revive projects you never were going to finish
\n\n\n\n249 points | 142 comments
\n\n\n\nIt’s great. I have a stupendous amount of personal software now. Yesterday was a native text editor that was fully integrated into my mediawiki install and would autocomplete links and make syntax easier to use.\nNo one could have built this software but me because it’s worth nothing to others. And I couldn’t build it because it takes too long. But when I’m using an agent to code the limited resource is my attention which actually does fine so long as every free brain cycle is on a task. So these personal things are great to throw into my tab loop to occupy a free slot.
These have been wonderful times.\n— arjie\n
The AI Industry Is Discovering That the Public Hates It
\n\n\n\n187 points | 256 comments
\n\n\n\nThis was evident everywhere except within the AI industry itself. The rhetoric from many of the industry’s top leaders has been “this technology will eliminate millions of jobs, fundamentally reshape countless other jobs, and automate the use of lethal force, but we’re going to develop it anyways”. Many of the current economic woes, including mass layoffs, have been blamed on AI by the very executives conducting said layoffs. In addition, the major AI companies have shamelessly stole intellectual property to train their models and shoveled AI down everyone’s throats. Is it any wonder that the general public hates AI? The AI industry isn’t exactly doing its best to appear likable.\n— Tyrubias\n\n
Niri 26.04: Scrollable-tiling Wayland compositor
\n\n\n\n213 points | 63 comments
\n\n\n\nNiri is so good. I've switched to using it about 5 months ago and it was legit the best computing decision I can remember making in recent history to move away from Windows.\nI have a huge amount of gratitude towards the author of niri.
My dotfiles have always included an install script for setting everything up around command line tools, theme switching and more but it fully supports niri now too on Arch based distros https://github.com/nickjj/dotfiles in case anyone is shopping around for a new desktop environment and wants to get going quickly. I run it on both my main desktop and a travel laptop.\n— nickjj\n
Why has there been so little progress on Alzheimer's disease?
\n\n\n\n192 points | 94 comments
\n\n\n\nI'm surprised there was no mention (at least none that I found when searching) of the relatively recent research coming out of Harvard regarding the hypothesis that low levels of lithium in the brain are responsible for a lot of Alzheimer's cases.\nThe research is still in the very early stages (largely mouse models, though they did develop the hypothesis by looking at differences in human brain tissue post mortem), but to me my biggest fear is that little research will be done because the \"cure\" is a commonly available, non-patentable supplement, lithium orotate.
As someone in middle age with a family history of dementia, I've decided to start taking lithium orotate because the risk/reward profile looks so good from my perspective. Lithium orotate has been sold as a supplement for decades, and at those levels it is very safe with extremely-small-to-no chance of adverse effects (e.g. https://www.sciencedirect.com/science/article/pii/S027323002...), so I figure the worst that can happen is I'm wasting my money, but I'd take that for even the small chance that it helps ward off dementia.\n— hn_throwaway_99\n
I cancelled Claude: Token issues, declining quality, and poor support
\n\n\n\n739 points | 440 comments
\n\n\n\nI write detailed specs. Multifile with example code. In markdown.\nThen hand over to Claude Sonnet.
With hard requirements listed, I found out that the generated code missed requirements, had duplicate code or even unnecessary code wrangling data (mapping objects into new objects of narrower types when won't be needed) along with tests that fake and work around to pass.
So turns out that I'm not writing code but I'm reading lots of code.
The fact that I know first hand prior to Gen AI is that writing code is way easier. It is reading the code, understanding it and making a mental model that's way more labour intensive.
Therefore I need more time and effort with Gen AI than I needed before because I need to read a lot of code, understand it and ensure it adheres to what mental model I have.
Hence Gen AI at this price point which Anthropic offers is a net negative for me because I am not vibe coding, I'm building real software that real humans depend upon and my users deserve better attention and focus from me hence I'll be cancelling my subscription shortly.\n— wg0\n
Google plans to invest up to $40B in Anthropic
\n\n\n\n248 points | 310 comments
\n\n\n\nhttps://archive.ph/u274V\n— elffjs\n\n
Sabotaging projects by overthinking, scope creep, and structural diffing
\n\n\n\n343 points | 84 comments
\n\n\n\nIncidentally, this describes what I believe to be the great difficulty of PhD research. You have to take a topic you find interesting and read all possible related work in it, which tends to result in significant scope creep as you realize just how much there is that already does you want to do. Having exhausted your initial energy and excitement for the project, you have to force yourself the remaining 20-30% of he way to the finish line to get that work to a publishable state.\n— bennettnate5\n\n
Norway set to become latest country to ban social media for under 16s
\n\n\n\n368 points | 405 comments
\n\n\n\nWe can't even get countries to agree on a unified drinking age, but somehow the whole world is simultaneously coming to the conclusion that you need to be 16 to use social media, and websites and operating systems all need North Korean ID verification to prove you're over 16. There is a zero percent chance this is organic\n— kdheiwns\n\n
How to be anti-social – a guide to incoherent and isolating social experiences
\n\n\n\n288 points | 280 comments
\n\n\n\nI am guessing the author is either criticizing people who are anti-social (in the pop culture definition) or believes he was before and after some thinking arrived at the conclusion that antisociety was not the way. But I don't feel it describes my internal motivations, so I've translated them to my behaviors:\n- if someone is confusing or upsetting you, assume it is your fault
- interpret others' actions in the context of your fears (this one is spot on)
- assume your assumptions are wrong and that you shouldn't even bother
- pivot conversations when someone asks you about something you actually know or are good at, it might be a trick, tell them you're dumb instead
- if you must ask questions, convince yourself you must not, just figure it out instead
- dig in your heels at no point in time whatsoever and just tell people the minimum they need to hear so they leave
- do not develop narratives or it means you will have an immediate network
- do not research the acumen or credentials of anyone
- do not grant grace to those who make mistakes, they might actually be wrong and you're not a judge
- when all hope is lost in conversation, pretend to take their side to end the conversation
- do not seek to understand anyone at all\n— poemxo\n
247 points | 100 comments
\n\n\n\nAll that's left now is SDL for UEFI, and then all our games can run in a pre-OS environment.\n— ronsor\n\n
My audio interface has SSH enabled by default
\n\n\n\n244 points | 80 comments
\n\n\n\nHaving the firmware image just be a boring old tarball + hash sounds super nice. I wish more devices were this open, and I hope Rode won't see this and decide to lock the firmware upgrades down.\n— yonatan8070\n\n
There Will Be a Scientific Theory of Deep Learning
\n\n\n\n238 points | 104 comments
\n\n\n\nAs someone who works in the area, this provides a decent summary of the most popular research items. The most useful and impressive part is the set of open problems at the end, which just about covers all of the main research directions in the field.\nThe skepticism I'm seeing in the comments really highlights how little of this work is trickling down to the public, which is very sad to see. While it can offer few mathematical mechanisms to infer optimal network design yet (mostly because just trying stuff empirically is often faster than going through the theory, so it is more common to retroactively infer things), the question \"why do neural networks work better than other models?\" is getting pretty close to a solid answer. Problem is, that was never the question people seem to have ever really been interested in, so the field now has to figure out what questions we ask next.\n— hodgehog11\n
OpenAI releases GPT-5.5 and GPT-5.5 Pro in the API
\nGPT-5.5 - https://news.ycombinator.com/item?id=47879092 - April 2026 (1010 comments)\n\n\n232 points | 126 comments
\n\n\n\nJust tried it out for a prod issue was experiencing. Claude never does this sort of thing, I had it write an update statement after doing some troubleshooting, and I said “okay let’s write this in a transaction with a rollback” and GPT-5.5 gave me the old “okay,\nBEGIN TRAN;
-- put the query here
commit;
I feel like I haven’t had to prod a model to actually do what I told it to in awhile so that was a shock. I guess that it does use fewer tokens that way, just annoying when I’m paying for the “cutting edge” model to have it be lazy on me like that.
This is in Cursor the model popped up and so I tried it out from the model selector.\n— wincy\n
995 points | 644 comments
\n\n\n\n> One engineer at NVIDIA who had early access to the model went as far as to say: \"Losing access to GPT‑5.5 feels like I've had a limb amputated.”\nThis quote is more sinister than I think was intended; it likely applies to all frontier coding models. As they get better, we quickly come to rely on them for coding. It's like playing a game on God Mode. Engineers become dependent; it's truly addictive.
This matches my own experience and unease with these tools. I don't really have the patience to write code anymore because I can one shot it with frontier models 10x faster. My role has shifted, and while it's awesome to get so much working so quickly, the fact is, when the tokens run out, I'm basically done working.
It's literally higher leverage for me to go for a walk if Claude goes down than to write code because if I come back refreshed and Claude is working an hour later then I'll make more progress than mentally wearing myself out reading a bunch of LLM generated code trying to figure out how to solve the problem manually.
Anyway, it continues to make me uneasy, is all I'm saying.\n— _alternator_\n
601 points | 293 comments
\n\n\n\nOpen Source as it gets in this space, top notch developer documentation, and prices insanely low, while delivering frontier model capabilities. So basically, this is from hackers to hackers. Loving it!\nAlso, note that there's zero CUDA dependency. It runs entirely on Huawei chips. In other words, Chinese ecosystem has delivered a complete AI stack. Like it or not, that's a big news. But what's there not to like when monopolies break down?\n— jari_mustonen\n
Palantir employees are starting to wonder if they're the bad guys
\n\n\n\n645 points | 458 comments
\n\n\n\nPalantir employees should understand that they are not regular employees at a regular company. They are U.S. defense contractors at an U.S. defense company.\nAlso Palantir customers should understand that by buying Palantir services/products they are doing business with U.S. defense company.
I don't say that this is positive or negative, it just clarifies the relationships and it should set the expectations.\n— leonidasrup\n
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
\n\n\n\n280 points | 139 comments
\n\n\n\nAnyone know of a better way to protect yourself than setting a min release age on npm/pnpm/yarn/bun/uv (and anything else that supports it)?\nSetting min-release-age=7 in .npmrc (needs npm 11.10+) would have protected the 334 unlucky people who downloaded the malicious @bitwarden/cli 2026.4.0, published ~19+ hours ago (see https://www.npmjs.com/package/@bitwarden/cli?activeTab=versi... and select \"show deprecated versions\").
Same story for the malicious axios (@1.14.1 and @0.30.4, removed within ~3h), ua-parser-js (hours), and node-ipc (days). Wouldn't have helped with event-stream (sat for 2+ months), but you can't win them all.
Some examples (hat tip to https://news.ycombinator.com/item?id=47513932):
\np.s. shameless plug: I was looking for a simple tool that will check your settings / apply a fix, and was surprised I couldn't find one, I released something (open source, free, MIT yada yada) since sometimes one click fix convenience increases the chances people will actually use it. Link in bio if anyone is interested.\n— eranation\n~/.config/uv/uv.toml\n exclude-newer = \"7 days\"\n\n ~/.npmrc\n min-release-age=7 # days\n\n ~/Library/Preferences/pnpm/rc\n minimum-release-age=10080 # minutes\n\n ~/.bunfig.toml\n [install]\n minimumReleaseAge = 604800 # seconds\n
An update on recent Claude Code quality reports
\n\n\n\n524 points | 395 comments
\n\n\n\n\"On March 26, we shipped a change to clear Claude's older thinking from sessions that had been idle for over an hour, to reduce latency when users resumed those sessions. A bug caused this to keep happening every turn for the rest of the session instead of just once, which made Claude seem forgetful and repetitive. We fixed it on April 10. This affected Sonnet 4.6 and Opus 4.6\"\nThis makes no sense to me. I often leave sessions idle for hours or days and use the capability to pick it back up with full context and power.
The default thinking level seems more forgivable, but the churn in system prompts is something I'll need to figure out how to intentionally choose a refresh cycle.\n— 6keZbCECT2uB\n
371 points | 343 comments
\n\n\n\nLet's be honest, Meta over hired. Big time. If anyone ever interviewed a few Meta engineers, he would easily see that a large percentage of them had really small, and sometimes bullshit scopes. As a result, such engineers couldn't articulate what they do in Meta, couldn't deep dive into their own tech stacks, nor could solve common-sense design questions when they just deviated a bit from those popular interview questions. Many of those engineers were perfectly smart and capable. Meta have built so many amazing systems. So, the only explanation I can produce is that there's just too little work for too many people. I wouldn't be surprised if the ratio of meeting hours over coding hours per person went through the roof in the past few years in Meta.\n— hintymad\n\n
If America's so rich, how'd it get so sad?
\n\n\n\n406 points | 730 comments
\n\n\n\nMy mom said, \"whatever we built isn't working anymore,\" and I think that captures most of the sentiment. It's also funny to see the \"the economy is roaring!\" \"incomes are up!\". Great, have they increased by as much as inflation? Can I afford a home?\nWork has if anything gotten worse in general. Remote's gone. Pay's less. ADHD maximum AI use required. Nobody can take a break. Pressure's on. 1.5 trillion more to the military. What are we even building? For what?
Is it any wonder at all?\n— bontaq\n
French government agency confirms breach as hacker offers to sell data
\n\n\n\n343 points | 121 comments
\n\n\n\n> the data stolen in the breach could include full names, dates and places of birth, mailing and email addresses, and phone numbers on an undisclosed number of citizens\nNothing really new here sadly, this information about me have leaked half a dozen of times in the past 2-3 years or so. These things will never change if the only penalty the company/agency gets is \"send a message to your users saying you are sorry and that it won’t happen again\".\n— hk__2\n
Investigation uncovers two sophisticated telecom surveillance campaigns
\nhttps://citizenlab.ca/research/uncovering-global-telecom-exp...\n\n\n305 points | 104 comments
\n\n\n\nI was training to be a 911 dispatcher a while ago. When they told us about getting someone’s location from the cell company outside of what was available automatically from e911 or whatever— which required them to be on the phone with you, so not useful if you get a text saying they just drove off a cliff in the middle of nowhere, or something— you had to sign an affidavit testifying that there were exigent circumstances, fax it to them, and then wait, sometimes for hours, until their legal department approved it. And you always risked being dragged to court if you made the wrong call. That’s the price of privacy, and the potential for abuse is rife, so it makes sense.\nYet these jackholes can just snag it whenever because, ya know, profit. That is obviously insane. Our corporate culture has driven our society insane with normalized greed. The unholy alliance of tech and marketing is largely to blame.\n— DrewADesign\n
Show HN: Honker – Postgres NOTIFY/LISTEN Semantics for SQLite
\n\n\n\n251 points | 61 comments
\n\n\n\nHey HN, I built this. Honker adds cross-process NOTIFY/LISTEN to SQLite. You get push-style event delivery with single-digit millisecond latency without a damon/broker, using your existing SQLite file. A lot of pretty high-traffic applications are just Framework+SQLite+Litestream on a VPS now, so I wanted to bring a sixer to the \"just use SQLite\" party.\nSQLite doesn't run a server like Postgres, so the trick is moving the polling source from interval queries on a SQLite connection to a lightweight stat(2) on the WAL file. Many small queries are efficient in SQLite (https://www.sqlite.org/np1queryprob.html) so this isn't really a huge upgrade, but the cross-language result is pretty interesting to me - this is language agnostic as all you do is listen to the WAL file and call SQLite functions.
On top of the store/notify primitives, honker ships ephemeral pub/sub (like pg_notify), durable work queues with retries and dead-letter (like pg-boss/Oban), and event streams with per-consumer offsets. All three are rows in your app's existing .db file and can commit atomically with your business write. This is cool because a rollback drops both.
This used to be called litenotify/joblite but I bought honker.dev as a joke for my gf and I realized that every mq/task/worker have silly names: Oban, pg-boss, Huey, RabbitMQ, Celery, Sidekiq, etc. Thus a silly goose got its name.
Honker waddles the same path as these giants and honks into the same void.
Hopefully it's either useful to you or is amusing. Standard alpha software warnings apply.\n— russellthehippo\n
Alberta startup sells no-tech tractors for half price
\n\n\n\n1339 points | 472 comments
\n\n\n\nUp until a year ago I was regularly using a Massy Fergusson 135 [0] (Perkins Diesel version), made sometime in the 1970s. It was wonderful! So amazing to drive and use. Clunky and heavy, but you really really felt like you were using a machine. In low gears, if you put you foot down on the accelerator the engine would roar, and your speed would barely change!\nAnd there was no fancy technology in it at all. If I was in the forest and had forgotten the key, I'd just reach behind the dashboard and hot-wire it. The air filter was basically a shisha-pipe that bubbled the incoming air through wire wool and engine oil.
Its fuel gauge didn't work either. You just had to take a look in the tank, or quickly react as soon as the revs started dropping. I ran it dry a few times and had to sit there with a spanner in one hand and YouTube into the other, while trying to bleed all the fuel lines. But they were all on the outside of the vehicle, which made it comparatively easy I imagine.
I've never actually driven a modern tractor, so don't know how it compares. I imagine the clutch is easier on the knees these days!
Anyway, this just felt like the place to share this.
[0] https://en.wikipedia.org/wiki/Massey_Ferguson_135\n— adamcharnock\n
Qwen3.6-27B: Flagship-Level Coding in a 27B Dense Model
\n\n\n\n706 points | 341 comments
\n\n\n\nThe pelican is excellent for a 16.8GB quantized local model: https://simonwillison.net/2026/Apr/22/qwen36-27b/\nI ran it on an M5 Pro with 128GB of RAM, but it only needs ~20GB of that. I expect it will run OK on a 32GB machine.
Performance numbers:
\nI like it better than the pelican I got from Opus 4.7 the other day: https://simonwillison.net/2026/Apr/16/qwen-beats-opus/\n— simonw\nReading: 20 tokens, 0.4s, 54.32 tokens/s\n Generation: 4,444 tokens, 2min 53s, 25.57 tokens/s\n
We found a stable Firefox identifier linking all your private Tor identities
\n\n\n\n449 points | 129 comments
\n\n\n\nVery cool research and wonderfully written.\nI was expecting an ad for their product somewhere towards the end, but it wasn't there!
I do wonder though: why would this company report this vulnerability to Mozilla if their product is fingeprinting?
Isn't it better for the business (albeit unethical) to keep the vulnerability private, to differentiate from the competitors? For example, I don't see many threat actors burning their zero days through responsible disclosure!\n— lpapez\n
Apple fixes bug that cops used to extract deleted chat messages from iPhones
\n\n\n\n373 points | 96 comments
\n\n\n\nThis was a bug that left it cached on the device. Apple and Google have put themselves in the middle of most notifications, causing the contents to pass through their servers, which means that they are subject to all the standard warrantless wiretapping directly from governments, as well as third-party attacks on the infrastructure in place to support that monitoring.\nIf you don't want end-to-end messages made available to others, set your notifications to only show that you have a message, not what it contains or who its from.\n— dlcarrier\n
GitHub CLI now collects pseudoanonymous telemetry
\n\n\n\n269 points | 208 comments
\n\n\n\n\n\nI'm curious why corporate development teams always feel the need to spy on their users? Is it not sufficient to employ good engineering and design practices? Git has served us well for 20+ years without detailed analytics over who exactly is using which features and commands. Would Git have been significantly better if it had collected telemetry, or would the data not have just been a distraction?\n— a2128\nWhy we collect telemetry\n\n ...our team needs visibility into how features are being used in practice. We use this data to prioritize our work and evaluate whether features are meeting real user needs.\n
Our eighth generation TPUs: two chips for the agentic era
\nhttps://cloud.google.com/blog/products/compute/tpu-8t-and-tp...\n\n\n403 points | 195 comments
\n\n\n\nI already felt that gemini 3 proved what is possible if you train a model for efficiency. If I had to guess the pro and flash variants are 5x to 10x smaller than opus and gpt-5 class models.\nThey produce drastically lower amount of tokens to solve a problem, but they haven't seem to have put enough effort into refinining their reasoning and execution as they produce broken toolcalls and generally struggle with 'agentic' tasks, but for raw problem solving without tools or search they match opus and gpt while presumably being a fraction of the size.
I feel like google will surprise everyone with a model that will be an entire generation beyond SOTA at some point in time once they go from prototyping to making a model that's not a preview model anymore. All models up till now feel like they're just prototypes that were pushed to GA just so they have something to show to investors and to integrate into their suite as a proof of concept.\n— himata4113\n
Over-editing refers to a model modifying code beyond what is necessary
\n\n\n\n296 points | 172 comments
\n\n\n\nI'm either in a minority or a silent majority. Claude Code surpasses all my expectations. When it makes a mistake like over-editing, I explain the mistake, it fixes it, and I ask it to record what it learned in the relevant project-specific skills. It rarely makes that mistake again. When the skill file gets big, I ask Claude to clean and compact it. It does a great job.\nIt doesn't really make sense economically for me to write software for work anymore. I'm a teacher, architect, and infrastructure maintainer now. I hand over most development to my experienced team of Claude sessions. I review everything, but so does Claude (because Claude writes thorough tests also.) It has no problem handling a large project these days.
I don't mean for this post to be an ad for Claude. (Who knows what Anthropic will do to Claude tomorrow?) I intend for this post to be a question: what am I doing that makes Claude profoundly effective?
Also, I'm never running out of tokens anymore. I really only use the Opus model and I find it very efficient with tokens. Just last week I landed over 150 non-trivial commits, all with Claude's help, and used only 1/3 of the tokens allotted for the week. The most commits I could do before Claude was 25-30 per week.
(Gosh, it's hard to write that without coming across as an ad for Anthropic. Sorry.)\n— hathawsh\n
310 points | 150 comments
\n\n\n\n> Making Kubernetes good is inherently impossible, a project in putting (admittedly high quality) lipstick on a pig.\nSo well put, my good sir, this describes exactly my feelings with k8s. It always starts off all good with just managing a couple of containers to run your web app. Then before you know it, the devops folks have decided that they need to put a gazillion other services and an entire software-defined networking layer on top of it.
After spending a lot of time \"optimizing\" or \"hardening\" the cluster, cloud spend has doubled or tripled. Incidents have also doubled or tripled, as has downtime. Debugging effort has doubled or tripled as well.
I ended up saying goodbye to those devops folks, nuking the cluster, booted up a single VM with debian, enabled the firewall and used Kamal to deploy the app with docker. Despite having only a single VM rather than a cluster, things have never been more stable and reliable from an infrastructure point of view. Costs have plummeted as well, it's so much cheaper to run. It's also so much easier and more fun to debug.
And yes, a single VM really is fine, you can get REALLY big VMs which is fine for most business applications like we run. Most business applications only have hundreds to thousands of users. The cloud provider (Google in our case) manages hardware failures. In case we need to upgrade with downtime, we spin up a second VM next to it, provision it, and update the IP address in Cloudflare. Not even any need for a load balancer.\n— dajonker\n
Scoring Show HN submissions for AI design patterns
\n\n\n\n276 points | 201 comments
\n\n\n\nI expect most side-projects are being built with AI-assistance now. Side projects are typically time constrained - if AI saves you time, why wouldn't you use it?\nThey're also the ideal place to try out new AI tools that your professional work might not let you experiment with.
(The headline of this piece doesn't really do it justice - it misuses \"vibe coded\" and fails to communicate that the substance of the post is about visual design traits common with AI-generated frontends, which is a much more interesting conversation to be having. UPDATE: the headline changed, it's now much better - \"Show HN submissions tripled and now mostly have the same vibe-coded look\" - it was previously \"Show HN submissions tripled and are now mostly vibe-coded\")\n— simonw\n
291 points | 225 comments
\n\n\n\nFlorida and most dry / sunny states having little to no solar panels is pretty damn wild.\nI know in florida you have janky laws stopping you, but below 10kw it's still relatively easy.
I have a friend who installed <10kw of solar panels and they're now 97% off-grid in hot, wet florida weather with an old low-seer AC, single-pane windows and poor roof insulation which is roughly 60% of the energy usage.
The reason they got it is actually not to save money or anything, but to have power when grid goes down after hurricanes.\n— himata4113\n
931 points | 517 comments
\n\n\n\nIt's so cool that every individual upgrade they did here can be hot-swapped back to the older designs. That's a huge extra lift that they didn't have to do.\nTo be specific: There's a new lower chassis, and a new chassis top with haptic touchpad. On my older framework I could buy just the chassis top to get the new touchpad. Crazy that they could make that work.
I also just really admire the CEO for doing these semi-scripted public presentations nerding out over the new devices and shouting out specific team members who did the designs. Really hope the company is doing well.
Source: https://www.youtube.com/watch?v=JSxgCEpkiKM\n— chis\n
System card: https://deploymentsafety.openai.com/chatgpt-images-2-0/chatg...\n\n\n
436 points | 424 comments
\n\n\n\nI've been trying out the new model like this:\n\nCode here: https://github.com/simonw/tools/blob/main/python/openai_imag...OPENAI_API_KEY=\"$(llm keys get openai)\" \\\n uv run https://tools.simonwillison.net/python/openai_image.py \\\n -m gpt-image-2 \\\n \"Do a where's Waldo style image but it's where is the raccoon holding a ham radio\"\nHere's what I got from that prompt. I do not think it included a raccoon holding a ham radio (though the problem with Where's Waldo tests is that I don't have the patience to solve them for sure): https://gist.github.com/simonw/88eecc65698a725d8a9c1c918478a...\n— simonw\n
SpaceX says it has agreement to acquire Cursor for $60B
\nhttps://www.reuters.com/technology/spacex-says-it-has-option...https://www.nytimes.com/2026/04/21/business/spacex-cursor-de... (https://archive.ph/c2Tac)
https://www.bloomberg.com/news/articles/2026-04-21/spacex-sa...\n\n\n
565 points | 693 comments
\n\n\n\nSo SpaceX bought a $60B Option on Cursor, plus a bunch of services, for $10B.\nIf strike date comes and Cursor is in fact worth less than $60B... they can move to acquire it for that price. Or just let it \"expire\". And if it's worth more, they get a savage good deal. If the services were worth $8B anyway, it's hard to lose.
It seems less crazy to me through this lens. A straight acquisition, today, at $60B would in fact be crazy.\n— Lonestar1440\n
Claude Code to be removed from Anthropic's Pro plan?
\nhttps://x.com/TheAmolAvasare/status/2046725498592722972https://xcancel.com/TheAmolAvasare/status/204672549859272297...\n\n\n
359 points | 399 comments
\n\n\n\nAnthropic’s “Head of Growth” claims this is a “test”: https://x.com/TheAmolAvasare/status/2046724659039932830\nThis does not explain the changes to documentation.\n— rideontime\n
Meta to start capturing employee mouse movements, keystrokes for AI training
\nAlt link: https://tech.yahoo.com/ai/meta-ai/articles/exclusive-meta-st...\n\n\n334 points | 289 comments
\n\n\n\nHow is this supposed to improve productivity? I'm still struggling with the framing of the business productivity gained from this?\nI will say that I feel for the folks who work at Meta...I can't help but to feel they have long jumped the shark.\n— CarbonCycles\n
The Vercel breach: OAuth attack exposes risk in platform environment variables
\nVercel April 2026 security incident - https://news.ycombinator.com/item?id=47824463 - April 2026 (485 comments)A Roblox cheat and one AI tool brought down Vercel's platform - https://news.ycombinator.com/item?id=47844431 - April 2026 (145 comments)\n\n\n
307 points | 108 comments
\n\n\n\nI'm not sure I've seen it mentioned yet that when Vercel rolled out their environment variable UI, there was no \"sensitive\" option https://github.com/vercel/vercel/discussions/4558#discussion.... There was ~2 years or more until it was introduced https://vercel.com/changelog/sensitive-environment-variables...\n— westont5\n\n
John Ternus to become Apple CEO
\n\n\n\n1204 points | 610 comments
\n\n\n\nTim Cook’s experience in logistics built Apple into the global hegemon it is today. I hope John Ternus’s experience with hardware can kick off a renaissance in both Apple hardware and software design. Mind you, Apple hardware is already amazing, but hopefully it can be even better with Ternus at the helm. Apple software is terrible, and hopefully Ternus can turn that around. I’m also hoping, without any evidence, that maybe a change in leadership will change how Apple participates in US politics.\nEDIT: I also want to say I really appreciate Tim Cook’s emphasis on user privacy and I hope John Ternus can continue this trend.\n— Tyrubias\n
All phones sold in the EU to have replaceable batteries from 2027
\n\n\n\n660 points | 552 comments
\n\n\n\nOne of the most frustrating things about HN is that people seem so unaware of how idiosyncratic their preferences are. If you stood on the street corner and asked every passerby what they would change about their phone, I think you would be there all day before someone said \"I wish I could replace the battery\".\nIt's okay to have idiosyncratic preferences (I certainly do), but people should recognize that this law will make phones _worse_ for most people, because this law will force phone manufacturers to compromise the things that most people want in order to provide something that most people don't want.
I suppose someone will say that this law is necessary for environmental reasons, regardless of people's preferences. But that's nonsense, because the law doesn't actually require people to replace batteries rather than replacing their phone, and by the time batteries wear out, most people are going to want a new a phone. At the very least we'd need to see some data that shows that most people replace batteries when it is possible to do so.\n— emtel\n
Kimi K2.6: Advancing Open-Source Coding
\n\n\n\n343 points | 166 comments
\n\n\n\nAccessed via OpenRouter, this one decided to wrap the SVG pelican in HTML with controls for the animation speed: https://gisthost.github.io/?ecaad98efe0f747e27bc0e0ebc669e94...\nTranscript and HTML here: https://gist.github.com/simonw/ecaad98efe0f747e27bc0e0ebc669...\n— simonw\n
Qwen3.6-Max-Preview: Smarter, Sharper, Still Evolving
\n\n\n\n341 points | 197 comments
\n\n\n\nOk I find it funny that people compare models and are like, opus 4.7 is SOTA and is much better etc, but I have used glm 5.1 (I assume this comes form them training on both opus and codex) for things opus couldn't do and have seen it make better code, haven't tried the qwen max series but I have seen the local 122b model do smarter more correct things based on docs than opus so yes benchmarks are one thing but reality is what the modes actually do and you should learn and have the knowledge of the real strengths that models posses. It is a tool in the end you shouldn't be saying a hammer is better then a wrench even tho both would be able to drive a nail in a piece of wood.\n— alex7o\n\n
At long last, InfoWars is ours
\n\n\n\n316 points | 110 comments
\n\n\n\nSeems like it's still not theirs until a judge signs off on it.\nThat sale was scuttled by a bankruptcy court. Now, The Onion has re-emerged with a new plan: licensing the website from Gregory Milligan, the court-appointed manager of the site.
On Monday, Mr. Milligan asked Maya Guerra Gamble, a judge in Texas’s Travis County District Court overseeing the disposition of Infowars, to approve that licensing agreement in a court filing. Under the terms, The Onion’s parent company, Global Tetrahedron, would pay $81,000 a month to license Infowars.com and its associated intellectual property — such as its name — for an initial six months, with an option to renew for another six months.
The licensing deal has been agreed to by The Onion and the court-appointed administrator. But it is not effective until Judge Gamble approves it, and Mr. Jones could appeal any ruling. That means the fate of Infowars remains in limbo until the court rules, probably sometime in the next two weeks. Mr. Jones continues to operate Infowars.com and host its weekday program, “The Alex Jones Show.”
The Onion Has a New Plan to Take Over Infowars\nhttps://www.nytimes.com/2026/04/20/business/infowars-alex-jo...\n— pogue\n
Atlassian enables default data collection to train AI
\n\n\n\n340 points | 78 comments
\n\n\n\nAtlassian just goes from misstep to misstep. I still use their products quite often. The amount of P0 bugs I experience is absolutely crazy:\n- Bitbucket workers are hopelessly out of date (self hosted). We've had to put so many random workarounds in especially for Docker, as they don't keep them up to date enough
- I have had a bug in JIRA for years where I can't reorder a new ticket unless I refresh the page
- Every new feature they introduce into JIRA/Bitbucket over the past couple of years just doesn't work.
- I tried their AI stuff on the free trial, didn't work at all, tried to cancel, can't cancel the free trial online and had to write a load of support tickets (of which the support ticket contact form bugged out multiple times).
Anyone have any insight into why things have got so so dysfunctional? Tech debt? Talent leaving? Both? Even 'bad' enterprise software tends to be able to keep the most basic features running, but Atlassian is a whole new category. If you check their 'community' it is just hundreds/thousands of bugs with workarounds.\n— martinald\n
ggsql: A Grammar of Graphics for SQL
\n\n\n\n254 points | 60 comments
\n\n\n\nMaybe I skim read it too fast, but I did not find any clear description in the blog post or website docs of how this relates to SQL databases\nI was kind of guessing that it doesn't run in a database, that it's a SQL-like syntax for a visualisation DSL handled by front end chart library.
That appears to be what is described in https://ggsql.org/get_started/anatomy.html
But then https://ggsql.org/faq.html has a section, \"Can I use SQL queries inside the VISUALISE clause,\" which says, \"Some parts of the syntax are passed on directly to the database\".
The homepage says \"ggsql interfaces directly with your database\"
But it's not shown how that happens AFAICT
confused\n— anentropic\n
278 points | 162 comments
\n\n\n\nAuthor here. Methodology upfront because I'd ask the same things:\nData: daily records from wearable users who logged sauna sessions via connected apps. Within-person design — each user is their own control, comparing their own sauna-day nights against their own non-sauna-day nights. No cross-user comparisons.
Stats: paired t-tests, FDR-corrected p < 0.05, Cohen's d > 0.2 threshold for \"meaningful effect.\" Anything below d=0.2 we don't report as a finding.
What we measured: minimum nighttime HR, max and average HR, HRV, activity minutes and distance, menstrual cycle phase (for female subset).
What we found:\n- On sauna days, minimum nighttime HR drops ~3 bpm (~5%) vs. the same user's non-sauna days.\n- Effect survives controlling for activity level. It's not \"sauna users just exercised more that day.\"\n- Strongest hypothesis: elevated parasympathetic tone from the post-sauna cooling phase carries into sleep. Consistent with heat-stress physiology literature.\n- Sex difference: for women, the nighttime HR effect only crosses the d > 0.2 threshold during the luteal phase. No meaningful effect during the follicular phase. We didn't expect this; worth replicating.
What we can't control for:\n- Sauna type (dry / infrared / steam), duration, temperature. Not captured.\n- Dose-response. We don't know session length per user.\n- Timing of sauna relative to sleep.\n- Reverse causation: people may sauna on days they already feel recovered.\n- Selection: wearable users who bother logging sauna are a health-conscious cohort.
What surprised us: the effect is larger than what we see for comparable-intensity exercise days. If you treat nighttime HR as a parasympathetic recovery signal, sauna beats a moderate workout on the same user. Not what I'd have predicted.\n— kyriakosel\n
AI Resistance: some recent anti-AI stuff that’s worth discussing
\n\n\n\n318 points | 315 comments
\n\n\n\nI'm glad this person found community, but I think they've been a bit starstruck by concentrated interest. At no point in the next 30 years will there not be an active community of people who \"loathe\" AI and work to obstruct it. There are those people about smart phones, the Internet itself, even television.\nMeanwhile: the ability to poison models, if it can be made to work reliably, is a genuinely interesting CS question. I'm the last person in the world to build community with anti-AI activists, but I'm as interested as anybody in attacks on them! They should keep that up, and I think you'll see threads about plausible and interesting attacks are well read, including by people who don't line up with the underlying cause.\n— tptacek\n
Deezer says 44% of songs uploaded to its platform daily are AI-generated
\n\n\n\n298 points | 274 comments
\n\n\n\nI'm trying to learn music production with a DAW, sometimes I wonder if I'm wasting my time. Part of my reason for trying this was reading how creative endeavors can be therapeutic (I'm dealing with burnout/depression/cptsd).\nI'm at the stage where sometimes I make something that sounds good (to me) but I know it requires work (in the \"not fun\" sense) to finish it and even then, it will likely never be appreciated by anyone but myself.
Which isn't a problem if the process itself is joyful, but I have to admit I've always struggled to enjoy anything that doesn't involve other people in some way (shared goal or approval of some form).
None of these problems are \"new\", but I feel like AI is making this question of \"why do it\" or \"what is worth doing\" even more urgent. Kind of wondering how others are affected by all this, if at all.\n— strangegecko\n
Vercel April 2026 security incident
\n\n\n\n255 points | 93 comments
\n\n\n\nI've been part of a response team on a security incident and I really feel for them. However, this initial communication is terrible.\nSomething happened, we won't say what, but it was severe enough to notify law enforcement. What floors me is the only actionable advice is to \"review environment variables\". What should a customer even do with that advice? Make sure the variable are still there? How would you know if any of them were exposed or leaked?
The advice should be to IMMEDIATELY rotate all passwords, access tokens, and any sensitive information shared with Vercel. And then begin to audit access logs, customer data, etc, for unusual activity.
The only reason to dramatically overpay for the hosting resources they provide is because you expect them to expertly manage security and stability.
I know there is a huge fog of uncertainly in the early stages of an incident, but it spooks me how intentionally vague they seem to be here about what happened and who has been impacted.\n— toddmorey\n
Vercel Says Internal Systems Hit in Breach
\n\n\n\n293 points | 62 comments
\n\n\n\nClaude Code defaulting to a certain set of recommended providers[0] and frameworks is making the web more homogenous and that lack of diversity is increasing the blast radius of incidents\n[0] https://amplifying.ai/research/claude-code-picks/report\n— nikcub\n
Notion leaks email addresses of all editors of any public page
\n\n\n\n176 points | 52 comments
\n\n\n\nApparently this is officially documented at https://www.notion.com/help/public-pages-and-web-publishing#... buried in a note:\n> When you publish a Notion page to the web, the webpage’s metadata may include the names, profile photos, and email addresses associated with any Notion users that have contributed to the page.\n— Tiberium\n
Airline worker arrested after sharing photos of bomb damage in WhatsApp group
\n\n\n\n197 points | 124 comments
\n\n\n\n> publishing information deemed harmful to state interests\nIs the charge, which I think kind of speaks for itself. Full on: \"You embarrassed us, straight to jail.\"
In most of the world such photos would be deemed of public interest and shared by the media then we'd reflect on if our routing is safe/correct and make proportional changes for safety. Not a big deal, nobody is fired, life moves on.
I feel like actions like this are going to hurt the UAE themselves, because how can you improve if there is no dialog? No information to even start a dialog? A lot of hard conversations are NOT going to be had because I guess it is a state secret?\n— Someone1234\n
Stop trying to engineer your way out of listening to people
\n\n\n\n201 points | 85 comments
\n\n\n\nEven here in the comments you see people who have read this article and fall victim to the very things it’s pointing out. It’s ironic.\nLet me add a couple to this list.
1. No amount of knowledge or discussion will make a person accept something they don’t want to accept.
2. To truly listen means to place yourself mentally and physically in a vulnerable state. Because you will likely hear things that run contrary to your experience, beliefs, and worldview. Judging people is often a self protection mechanism; which means you will almost never listen to someone.
3. Listening often means not jumping to a solution; but absorbing and processing someone’s pain. Product managers for example are quick to jump to a solution, a new feature, or they’ll push the request off as “oh, ok, we’ll make a ticket for that ”
When in actuality, they should be listening to the use case, looking for the pain, and finding a way to solve the pain points. As opposed to trying to understand what feature the user wants to request.\n— digi59404\n
The insider trading suspicions looming over Trump's presidency
\n\n\n\n242 points | 123 comments
\n\n\n\n> Some analysts say it bears the hallmarks of illegal insider trading, whereby bets are made by people based on information that is not available to the general public.\n> Others say the picture is more complicated and that some traders have become more adept at anticipating the president's interventions.\nThis and the title are journalistic malpractice. This is an article designed to report on obvious insider trading, and the writer clearly knows and agrees that it's obvious, but goes out of their way to throw in concessions and a build a veil of neutrality. You are legally allowed to accuse public officials of crimes. You do not have to gesture at \"looming suspicions.\" A neutral reporting of the facts would make such an accusation, and tie it into the broader pattern of criminality. But it's more important to perform neutrality than to be honest, so we get this garbage. \"Mr President, would you please comment on the allegations that-\" \"Shut up, piggie.\"\n— idle_zealot\n
Turtle WoW classic server announces shutdown after Blizzard wins injunction
\n\n\n\n223 points | 190 comments
\n\n\n\nI ran a private server years ago. Two things people in this thread are getting wrong:\nThe engineering is way harder than anyone gives credit for. You're reverse engineering a server protocol from the client binary, writing your own spell systems (thousands of spells, each with edge cases), pathing, instancing, combat mechanics. Then scaling it for a few thousand concurrent players on hardware you're paying for out of pocket. Turtle WoW went further and built new raids, zones, races on top of all that. That's not modding, that's game development without any of the tools the original team had.
The \"they made millions\" framing is always misleading. You start as a hobby, players show up, hosting costs get real, you take donations to keep it running, and at some point your paypal has six figures running through it over a few years. None of that is profit, it's servers and bandwidth and people helping keep the thing alive. But in the lawsuit it gets presented as revenue from a commercial enterprise.
Blizzard is right to protect their IP. But calling this a simple piracy operation misses what actually happened.\n— saadn92\n
The creative software industry has declared war on Adobe
\n\n\n\n186 points | 146 comments
\n\n\n\nhttps://archive.ph/WCDgq\n— ur-whale\n\n
Swiss authorities want to reduce dependency on Microsoft
\n\n\n\n200 points | 76 comments
\n\n\n\nFor anyone interested in the current state of things in Switzerland, there is this handy map of which Swiss municipalities are dependent on Microsoft/the US right now: https://mxmap.ch/\n— pojntfx\n\n
215 points | 124 comments
\n\n\n\nCan anyone explain why on earth VC's are making actual investment decisions based on imaginary internet points? This would be like an NFL team drafting a quarterback based on how many instagram followers they have rather than a relevant metric like pass completion, or god forbid, doing some work and actually scouting candidates. Maybe the Cleveland Browns would do that[0], but it's not a way to mount a serious Super Bowl campaign[1].\nAre VC's just that lazy about making investment decisions? Is this yet another side-effect of ZIRP[2] and too much money chasing a return? Is nobody looking too hard in the hope of catching the next rocket to the moon?
From the outside, investing based on GitHub stars seems insane. Like, this can't be a serious way of investing money. If you told me you were going to invest my money based on GitHub stars, I'd laugh, and then we'd have an awkward silence while I realize there isn't a punchline coming.
[0] I'm from Cleveland. I get to pick on them.
[1] https://en.wikipedia.org/wiki/List_of_Cleveland_Browns_seaso... I think their record speaks for itself.
[2] https://en.wikipedia.org/wiki/Zero_interest-rate_policy\n— mauvehaus\n
Migrating from DigitalOcean to Hetzner
\n\n\n\n494 points | 275 comments
\n\n\n\nA few months ago, I looked into AWS alternatives for my small SaaS side project. My main motivations were to save money and maybe support some EU cloud providers. At first, I planned to go with Hetzner and accepted that I would need to do a lot of things myself.\nHowever, the dealbreaker for me was that Hetzner IPs have a bad reputation. At work, I learned that one of the managed AWS firewall rules blocks many (maybe all) of their IPs.\nI can’t even open a website hosted on a Hetzner IP from my work laptop because it’s blocked by some IT policy (maybe this is not an issue for you if you are using CloudFlare or similar).
I've read online that the DDoS protection is very bad as well.
So in the end, I picked DO App Platform in one of the EU regions. Having the option to use a managed DB was a big plus as well.\n— bth\n
Opus 4.7 to 4.6 Inflation is ~45%
\n\n\n\n247 points | 254 comments
\n\n\n\nWe dropped Claude. It's pretty clear this is a race to the bottom, and we don't want a hard dependency on another multi-billion dollar company just to write software\nWe'll be keeping an eye on open models (of which we already make good use of). I think that's the way forward. Actually it would be great if everybody would put more focus on open models, perhaps we can come up with something like the \"linux/postgres/git/http/etc\" of the LLMs: something we all can benefit from while it not being monopolized by a single billionarie company. Wouldn't it be nice if we don't need to pay for tokens? Paying for infra (servers, electricity) is already expensive enough\n— dakiol\n
Why Japan has such good railways
\n\n\n\n218 points | 224 comments
\n\n\n\n> Japan is one of the only countries to have privatized parking. In Europe and North America, vast quantities of parking space is socialized: municipalities own the streets and allow people to park on them at low or zero cost. Initially with the intention of encouraging the provision of more parking spaces, Japan made it illegal to park on public roads or pavements without special permission. Before someone buys a car, they must prove that they have a reserved night-time space on private land, either owned or leased.\nThis is got to be a huge factor. Making everyone pay for \"free parking\" through inefficient use of space is such a waste. I strongly recommend everyone to read Donald Shoup's \"The High Price of Free Parking\".\n— vantassell\n
The electromechanical angle computer inside the B-52 bomber's star tracker
\n\n\n\n273 points | 80 comments
\n\n\n\n\"The second approach was to use a digital computer to determine the solution. This solution was rejected because in 1963, a digital computer was expensive, slow, and less reliable.\"\nThis inflection point between analog and digital computer is a fascinating one. At one point in time a analog computer made sense and some later point in time you would be foolish to specify anything other than a digital computer. But that time between when it could go either way is interesting. There is a good autobiography by the person responsible for introducing the first digital computer to the navy that provides an interesting view into this era. https://ethw.org/First-Hand:No_Damned_Computer_is_Going_to_T...
Now I am vaguely searching for a guide on gear train schematic diagrams, I am sure they had them, you don't reason out something this complicated without one. I know hydraulics has it's own flavor of schematic diagram, which are fascinating if all you have seen are electronic circuits. https://www.hidraoil.com/technical-resources/hydraulic-symbo...\n— somat\n
Thoughts and feelings around Claude Design
\n\n\n\n234 points | 156 comments
\n\n\n\nI used it today to take a look at my previously built design system with Logos, branding, fonts, and everything else. After a lot of annoying tweaking back and forth, finally, I got something that was satisfactory.\nThen I looked at the usage and it said I had used 95% of my Claude design usage for the week!
This isn't a real tool. This is a plaything, if that's what they're providing as examples.\n— mickdarling\n
NIST scientists create 'any wavelength' lasers
\n\n\n\n299 points | 134 comments
\n\n\n\nEveryone talking about magenta and brown, but you can see an illusory color right now even without lasers! https://dynomight.net/colors/ behold, some kind of hyper-turquoise\n— adzm\n\n
Traders placed over $1B in perfectly timed bets on the Iran war
\n\n\n\n256 points | 176 comments
\n\n\n\nSay whatever you want about the merits of prediction markets. But I just don't see a way those benefits outweigh the societal dangers of these constant reminders that people in or close to power can freely profit from their positions in the ways the rest of the population can't. There's always talk about the dangers of disincentivizing job creators, but what happens when a society routinely disincentives job havers in this way? We're just getting a constant barrage of information telling us that if we show up to our job and simply work as we're expected that we're stooges who won't get ahead. You'll need to look for your own individual scheme, ethics be damned, if you just want to keep up with the rest of the population. That's not healthy on an individual level or cumulatively at a societal level.\n— slg\n\n
College instructor turns to typewriters to curb AI-written work
\n\n\n\n270 points | 255 comments
\n\n\n\nWhen I did my Computer Science degree the vast majority of courses were 50% final, 30% midterm - even programming exams were hand written, proctored by TAs in class or in the gymnasium - assignments/labs/projects were a small part of your grade but if you didn’t do them the likelihood you’d pass the term exams was pretty darn low.\nWe already had AI proof education.\n— throwatdem12311\n
523 points | 341 comments
\n\n\n\nOn Notes on the Synthesis of Form, Alexander defines design as the rationalization of the forces that define a problem. You’ll won’t find a better definition. But people tend to think design is the synthesis and its results. This misunderstanding of the role of design and the designer is responsible for all the unfit designs we encounter on a daily basis. Anyone equipped with a synthesis tool and feeling empowered to quickly and cheaply generate forms will almost inevitably become blind to the very nature of the underlying problems they set to solve. They’ll be fitting the problem to the available forms. They’ll skip the understanding, the conversations, the conflicts and disagreements, and happily and wrongly assume a design problem can be solved hermetically, in isolation. They’ll think quality is a factor of aesthetics, when in truth, aesthetics is an effect; nevertheless these effects is all they’ll have control over, as it’s all the tool can do. The tool will hinder their ability to be rational; to see the inner structures; to find the hidden but essential semantics; to create the ontologies that’ll support not only the immediate synthesis, but that will sustain the evolution of the design over its lifetime. They’ll be denied the enlightenment that comes with gradual, slow construction; the only place and moment where innovative ideas reveal themselves. They’ll be impoverished and confuse output with agency. I feel sorry for anyone that will think using tools equals doing design, because of the truly marvelous human experiences that they’ll miss, and that could never be replaced by the shallow pride of empty achievement.\n— pilgrim0\n\n
Isaac Asimov: The Last Question (1956)
\n\n\n\n483 points | 181 comments
\n\n\n\n>INSUFFICIENT DATA FOR MEANINGFUL ANSWER\nBoy, it sure would be nice if real LLMs were capable of giving an answer like that.\n— CGMthrowaway\n
Ban the sale of precise geolocation
\n\n\n\n391 points | 119 comments
\n\n\n\nA lot of geolocation data on the market is anonymized, following medium-lived unique IDs that aren't able to be mapped to other identifiers. The problem with that is that if you have precise locations, or enough samples that you can apply statistics to find precise locations, in many cases you can de-anonymize the IDs. You can purchase address and resident listings from a number of different data vendors, and by checking where the device returns to at night you can figure its home address. Then if you find information on the residents (work locations, schools, etc.), you see if said device goes where each resident of the home address is likely to go, and you now have a pretty good idea of exactly who the device belongs to.\n— Johnbot\n\n
Claude Opus 4.7 costs 20–30% more per session
\n\n\n\n317 points | 183 comments
\n\n\n\nLLMs exist on a logaritmhic performance/cost frontier. It's not really clear whether Opus 4.5+ represent a level shift on this frontier or just inhabits place on that curve which delivers higher performance, but at rapidly diminishing returns to inference cost.\nTo me, it is hard to reject this hypothesis today. The fact that Anthropic is rapidly trying to increase price may betray the fact that their recent lead is at the cost of dramatically higher operating costs. Their gross margins in this past quarter will be an important data point on this.
I think the tendency for graphs of model assessment to display the log of cost/tokens on the x axis (i.e. Artificial Analysis' site) has obscured this dynamic.\n— louiereederson\n
All 12 moonwalkers had \"lunar hay fever\" from dust smelling like gunpowder (2018)
\n\n\n\n233 points | 133 comments
\n\n\n\nI recall an article from a long time ago that basically said “astronauts report” the moon smells like spent gunpowder and outer space smell like… I think it was ozone.\nWhat they were actually reporting was the smell of the airlocks after they returned from their excursions. The moon has no atmosphere, so it has been accumulating dust from billions of years of asteroid impacts that have never come in contact with oxygen. Many of the chemicals in the dust are oxidative and so when it is exposed to air for the first time it rapidly oxidizes just like gunpowder!
And I think the outer space report was from space walks, and the explanation was that the first time the airlock itself was exposed to hard vacuum, the surfaces of the airlock would have a reaction that left a scent of ozone.\n— corysama\n
Show HN: Smol machines – subsecond coldstart, portable virtual machines
\n\n\n\n226 points | 89 comments
\n\n\n\nHello, I'm building a replacement for docker containers with a virtual machine with the ergonomics of containers + subsecond start times.\nI worked in AWS previously in the container space + with firecracker. I realized the container is an unnecessary layer that slowed things down + firecracker was a technology designed for AWS org structure + usecase.
So I ended up building a hybrid taking the best of containers with the best of firecracker.
Let me know your thoughts, thanks!\n— binsquare\n
232 points | 245 comments
\n\n\n\nTwo things:\n- I like the rolling Moon animation very much.
- This seems like a clever way of getting talent involved during a budget squeeze, presumably with the hope that some of those they attract will still be around after this congress and the agency can stabilize once again. I guess it's also a neat kind of try-before-you-buy for both sides. NASA is prestigious and one of the very few places one could do purely science-focused aerospace engineering, but it's still a government job under all the gold leaf and atomic robots.
EDIT: Good Lord, I get the cynicism but at least someone at NASA HR is trying new things to keep the lights on.\n— scrumper\n
Middle schooler finds coin from Troy in Berlin
\n\n\n\n229 points | 106 comments
\n\n\n\nAs a child I was walking down the street and kicked something by chance that sounded metallic. 150 year old coin, irrc. Just there on the asphalt next to the sidewalk.\nUnfortunately bronze, with trimmed edges, common mint and worth very little. But if you tell me someone just stumbles onto and old coin in the street just lime that, I pretty much believe it.\n— hecturchi\n
Israel escalates attacks on medics in Lebanon with deadly 'quadruple tap'
\n\n\n\n219 points | 144 comments
\n\n\n\nIsrael's actions can only be described as inhumane and sadistic. In fact, it's similar to actual terrorism that they claim to be against.\n— omnee\n\n
Spending 3 months coding by hand
\n\n\n\n231 points | 237 comments
\n\n\n\nI am this very term teaching 18-year-old students 6502 assembly programming using an emulated Apple II Plus. They've had intro to Python, data structures, and OO programming courses using a modern programming environment.\nNow, they are programming a chip from the seventies using an editor/assembler that was written in 1983 and has a line editor, not a full-screen one.
We had a total of 10 hours of class + lab where I taught them about assembly language and told them about the registers, instructions, and addressing modes of the chip, memory map and monitor routines of the Apple, and after that we went and wrote a few programs together, mostly using the low-resolution graphics mode (40x40): a drawing program, a bouncing ball, culminating in hand-rolled sprites with simple collision detection.
Their assignment is to write a simple program (I suggested a low-res game like Snake or Tetris but they can do whatever they want provided they tell me about it and I okay it), demo their program, and then explain to the class how it works.
At first they hated the line editor. But then a very interesting thing happened. They started thinking about their code before writing it. Planning. Discussing things in advance. Everything we told them they should do before coding in previous classes, but they didn't do because a powerful editor was right there so why not use it?...
And then they started to get used to the line editor. They told me they didn't need to really see the code on the screen, it was in their head.
They will of course go back to modern tools after class is finished, but I think it's good for them to have this kind of experience.\n— apricot\n
980 points | 760 comments
\n\n\n\nI'm finding the \"adaptive thinking\" thing very confusing, especially having written code against the previous thinking budget / thinking effort / etc modes: https://platform.claude.com/docs/en/build-with-claude/adapti...\nAlso notable: 4.7 now defaults to NOT including a human-readable reasoning token summary in the output, you have to add \"display\": \"summarized\" to get that: https://platform.claude.com/docs/en/build-with-claude/adapti...
(Still trying to get a decent pelican out of this one but the new thinking stuff is tripping me up.)\n— simonw\n
Qwen3.6-35B-A3B: Agentic coding power, now open to all
\n\n\n\n635 points | 305 comments
\n\n\n\nI've been running this on my laptop with the Unsloth 20.9GB GGUF in LM Studio: https://huggingface.co/unsloth/Qwen3.6-35B-A3B-GGUF/blob/mai...\nIt drew a better pelican riding a bicycle than Opus 4.7 did! https://simonwillison.net/2026/Apr/16/qwen-beats-opus/\n— simonw\n
267 points | 121 comments
\n\n\n\n<tin foil hat>\nI swear OpenAI has 2-3 unannounced releases ready to go at any time just so they can steal some thunder from their competitors when they announce something
</tin foil hat>\n— incognito124\n
The future of everything is lies, I guess: Where do we go from here?
\n\n\n\n338 points | 320 comments
\n\n\n\nHere are the articles in this series that got significant HN discussion (in chronological order for a change):\nML promises to be profoundly weird* - https://news.ycombinator.com/item?id=47689648 - April 2026 (602 comments)
The Future of Everything Is Lies, I Guess: Part 3 – Culture - https://news.ycombinator.com/item?id=47703528 - April 2026 (106 comments)
The future of everything is lies, I guess – Part 5: Annoyances - https://news.ycombinator.com/item?id=47730981 - April 2026 (169 comments)
The Future of Everything Is Lies, I Guess: Safety - https://news.ycombinator.com/item?id=47754379 - April 2026 (180 comments)
The future of everything is lies, I guess: Work - https://news.ycombinator.com/item?id=47766550 - April 2026 (217 comments)
The Future of Everything Is Lies, I Guess: New Jobs - https://news.ycombinator.com/item?id=47778758 - April 2026 (178 comments)
* (That first title was different because of https://news.ycombinator.com/item?id=47695064 - as you can see, I gave up.)
p.s. \nNormally we downweight subsequent articles in a series because avoiding repetition of any kind is the main thing that keeps HN interesting. But we made an exception in this case. Please don't draw conclusions from that since we'll probably get less series-ey, not more, after this! Better to bundle into one longer article.\n— dang\n
323 points | 139 comments
\n\n\n\nI'm not sure why this announcement has generated so much irritation in the comments-- Cloudflare has been transitioning from \"DDoS protection\" to \"AWS competitor\" for many years now, and this is just their alternative to AWS SES.\nIt's an email sender that you can access through an API, or directly through Workers. For those who haven't been keeping up over the years, Workers is their product for running code on Cloudflare's platform directly (an AWS Lambda competitor, more or less) and they've been trying to make it the centerpiece of an ecosystem where you deploy your code to their platform and get access to a variety of tools: databases, storage, streaming, AI, and now email sending. All of this is stuff that AWS has had for years, but some people like Cloudflare more (I certainly do).
One thing that surprised me is the price-- Cloudflare's cloud offerings are usually much cheaper, and I've saved plenty of money by migrating from AWS S3 to Cloudflare's R2. This new offering is 3x the AWS price, though. Weird. Anyway, most small companies don't send enough email for it to matter.
But getting back to the consensus in the comments here: I'm not sure why people think that they'll be worse about policing spam than AWS SES, Azure Email, etc.\n— Meekro\n
Qwen3.6-35B-A3B on my laptop drew me a better pelican than Claude Opus 4.7
\n\n\n\n308 points | 70 comments
\n\n\n\nYou can just straight up ask Opus if it's good at generating images and it will say no. It has never been marketed as being for image generation.\n— ralph84\n\n
€54k spike in 13h from unrestricted Firebase browser key accessing Gemini APIs
\n\n\n\n359 points | 251 comments
\n\n\n\n> We had a budget alert (€80) and a cost anomaly alert, both of which triggered with a delay of a few hours\n> By the time we reacted, costs were already around €28,000
> The final amount settled at €54,000+ due to delayed cost reporting
So much for the folks defending these three companies that refused to provide hard spending cap (\"but you can set the budget\", \"you are doing it wrong if you worry about billing\", \"hard cap it's technically impossible\" etc.)\n— benterix\n
277 points | 242 comments
\n\n\n\nAddressing the usual few complaints folks always bring up:\n* This is from the separate independent team that works on Thunderbird, not Firefox, so there isn't any resource contention happening there
* Thunderbird is revenue positive, and this potentially gives that team another revenue stream to be even more self-sustaining through charging companies
* Businesses definitely want to control the AI they're using (especially with RAGs of their own data) instead of just throwing it at their LLM vendor and hoping for the best
People on HN are fond of asserting that their own POV is the only one. Imagine that there is such a thing as a person in charge of choosing technologies for organizations, and that you're such a person. That's who this is for.\n— anildash\n
The \"Passive Income\" trap ate a generation of entrepreneurs
\n\n\n\n298 points | 197 comments
\n\n\n\nThis article really felt like a misdiagnosis to me.\nSure, a lot of these people were just buying hype from these \"get rich from drop shipping!\" influencers, just like a million other suckers who got dollar signs in their eyes with real estate schemes, pyramid sale schemes, yada yada, a tale as old as time. I don't think this \"passive income\" trap is really anything new, and I don't think it was some unique thing that \"ate a generation of entrepreneurs\", as if that trap didn't exist then instead we'd see all these successful people.
Instead, what I think has drastically changed over the past 40 years or so is the ability of a solopreneur to make real money. Just look at all the posts on HN asking about how much people make on their side gigs. You rarely see anything more than a couple hundred bucks a month. There are notable exceptions, but unfortunately a lot of those notable exceptions are scammy, spammy business models. It's just simply much harder as a small/smaller business to make money and compete with the big boys. Wealth inequality doesn't just apply to people, but also companies. For example, in the past many entrepreneurial types may have started retail stores, while now it's incredibly difficult to compete with the likes of Amazon et al. I read an article recently that the number of public companies has halved compared to a few decades ago. The Wilshire 5000 stock index, for example, actually only includes about 3400-3700 companies now.\n— hn_throwaway_99\n
Cloudflare's AI Platform: an inference layer designed for agents
\n\n\n\n277 points | 67 comments
\n\n\n\nSo it's basically just openrouter with cloudflare argo networking? I feel like they could do some much more interesting stuff with their replicate acquisition. Application specific RL is getting so good but there's no good way to deploy these models in a scalable way. Even the providers like fireworks which claim to let you deploy LORAs in a scalable way can't do it. For now I literally have to host base load on my application on a rack of 3090s in my garage which seems silly but it saves me $1k a month.\n— mips_avatar\n\n
Google Broke Its Promise to Me. Now ICE Has My Data
\n\n\n\n266 points | 73 comments
\n\n\n\nPrivacy, technology and actual freedom overlap massively. Stories like this making it to HN are important since many of the people working at Google that had interactions with this, either by creating the tech or being aware of internal policy changes, read HN. Additionally many founders and decision makers in companies read these stories because it hit HN. Knowing that Google will do this changes your legal calculations. Should I trust them to store my company's data? Will they honor their BAA requirements if they are ditching other promises they made?\nPeople may be tired of seeing stories like this appear on HN, but getting this story exposure to this group is exactly why they need to hit the homepage.\n— jmward01\n
Live Nation illegally monopolized ticketing market, jury finds
\nhttps://www.nytimes.com/2026/04/15/arts/music/live-nation-an..., https://archive.ph/KA1wVhttps://www.theverge.com/policy/912689/live-nation-ticketmas...\n\n\n
399 points | 117 comments
\n\n\n\nThe horizontal control of venues is only one issue. A perhaps bigger issue is the vertical integration (if that's the right term) of first-party ticket sales and resale in one company. Ticketmaster has no real incentive to try to prevent resellers from buying up all the tickets on first sale, because it gets to charge fees on all the resales through its platform. The more times a ticket is resold, the better.\nI don't believe a court would ever mandate this, but I'd like to see tickets sold by dutch auction: All tickets start off for sale at some very high price, like $10000, and the price declines by some amount every day until it reaches a reserve price on the day of the concert. Buyers can purchase as many tickets as they want, but professional resellers would have to guess the price that would let them clear their inventory at a profit. Under a system like this the best seats would go earliest (at the highest prices) while the nosebleed seats might still be available on day of the show, or not depending on demand.\n— jp57\n
454 points | 116 comments
\n\n\n\nTwo Views of MIT-Style Licenses:\n1. MIT-style licenses are \"do what you want\" as long as you provide a single line of attribution. Including building big closed source business around it.
2. MIT-style licenses are \"do what you want\" under the law, but they carry moral, GPL-like obligations to think about the \"community.\"
To my knowledge Georgi Gerganov, the creator of llama.cpp, has only complained about attribution when it was missing. As an open-source developer, he selected a permissive license and has not complained about other issues, only the lack of credit. It seems he treats the MIT license as the first kind.
The article has other good points not related to licensing that are good to know. Like performance issues and simplicity that makes me consider llama.cpp.\n— u1hcw9nx\n
341 points | 77 comments
\n\n\n\nThese types of huge perfect specimens always take my breath away when I am able to see them in person. To think that this kind of stuff just kinda exists buried in the earth...\nI am a part of a local mineral club which hosts several \"field trips\" a year to various mineralogically interesting locations (most of which aren't accessible as an individual, like private land and special digs at active mining/quarrying sites on their days off). I have never found anything even remotely as beautiful as the specimens shown, but the small collection of mildly interesting things that I've smashed out of the earth with my own 2 hands is amazingly satisfying to me. You don't even have to be a super dedicated \"rock nerd\" to take part, I highly recommend looking for local mineral clubs to join if this even remotely interests you. It's really a ton of fun!\n— Uncle_Brumpus\n
The buns in McDonald's Japan's burger photos are all slightly askew
\n\n\n\n221 points | 130 comments
\n\n\n\nI just want to note how fast this page is.\n806kB transferred. 766ms to finished. \nI hit the DFW AWS CloudFront pop from here.
Similar page for BK https://www.burgerking.co.jp/menu
31MB transferred. 6.5s to finished. \nHits the DEN pop (but it's a \"miss\").
I am in Colorado. uBlock is on.
Even if you don't count the 7.5MB of fonts on the BK page, that's wild.\n— tbeseda\n
Open Source Isn't Dead. Cal.com Just Learned the Wrong Lesson
\n\n\n\n213 points | 126 comments
\n\n\n\nI have an open source project and started receiving a lot of security vulnerability reports in the last few months. A lot of them are extremely corner cases, but there were some legit ones. They're all fixed now. Closed source software won't receive any reports, but it will be exploited with AI. So I definitely agree with the message of this article.\n— tananaev\n\n
Cal.com is going closed source
\n\n\n\n301 points | 224 comments
\n\n\n\nDrew Breunig published a very relevant piece yesterday that came to the opposite conclusion: https://www.dbreunig.com/2026/04/14/cybersecurity-is-proof-o...\nSince security exploits can now be found by spending tokens, open source is MORE valuable because open source libraries can share that auditing budget while closed source software has to find all the exploits themselves in private.
> If Mythos continues to find exploits so long as you keep throwing money at it, security is reduced to a brutally simple equation: to harden a system you need to spend more tokens discovering exploits than attackers will spend exploiting them.\n— simonw\n
275 points | 326 comments
\n\n\n\nI still use it and find it helpful.\nMy OpenClaw instance uses an Obsidian project as its memory. Mainly, it's just my main day-to-day LLM that I access via WhatsApp, but instead of the memory being locked away with a specific vendor, it's stored in version control that I can read and edit. That reason alone makes it compelling to me. When a better LLM comes along, I can just switch, and my memory and system prompts come with it.
However, I also use it for calorie/weight/workout tracking, to-do lists (bill, birthday, event reminders), and to support my various life admin tasks. I don't give it access to much at all, except a few skills that give it read-only access to some data.
Hasn't given me a 10x productivity boost or anything. It's just handy.
I wrote an article on it, if anyone is interested: https://notesbylex.com/openclaw-the-missing-piece-for-obsidi...\n— lexandstuff\n
YouTube users get option to set their Shorts time limit to zero minutes
\n\n\n\n278 points | 128 comments
\n\n\n\n>YouTube now lets you turn off Shorts\nNo it doesn't. If you were hoping it would mean you don't see shorts when you visit the Youtube home page, that's not what this is. I just tried the thing mentioned in the article-- set my Shorts time limit to 0 minutes. What it does is make it so if you click a short from somewhere the short plays, but then if you try to swipe to the next one it hits you with the \"You reached your short limit\". If you then return to the home page you still see Shorts.\n— savanaly\n
Darkbloom – Private inference on idle Macs
\n\n\n\n281 points | 152 comments
\n\n\n\nI have a hard time believing their numbers. If you can pay off a mac mini in 2-4 months, and make $1-2k profit every month after that, why wouldn’t their business model just be buying mac minis?\n— kennywinker\n\n
641 points | 163 comments
\n\n\n\nI don't want to stop Flock the company. I want to stop Flock the business model, along with all the other mass surveillance, and the data brokers. If the business models can't be made illegal, it should at least come with liabilities so high that no sane business would want to hold data that is essentially toxic waste.\nWithout that, we are quickly spiraling into the dystopia where privacy is gone, and when the wrong person gets access to the data, entire populations are threatened.\n— bmitch3020\n
Besides the PDF processing value add, Cloudinary effectively acts like S3 here, serving assets directly to the web client. Like S3, it has support for signed/expiring URLs. However, Fiverr opted to use public URLs, not signed ones, for sensitive client-worker communication.
Moreover, it seems like they may be serving public HTML somewhere that links to these files. As a result, hundreds are in Google search results, many containing PII.
Example query: site:fiverr-res.cloudinary.com form 1040
In fact, Fiverr actively buys Google Ads for keywords like \"form 1234 filing\" despite knowing that it does not adequately secure the resulting work product, causing the preparer to violate the GLBA/FTC Safeguards Rule.
Responsible Disclosure Note -- 40 days have passed since this was notified to the designated vulnerability email (security@fiverr.com). The security team did not reply. Therefore, this is being made public as it doesn't seem eligible for CVE/CERT processing as it is not really a code vulnerability, and I don't know anyone else who would care about it.\n\n\n
350 points | 62 comments
\n\n\n\nWow, the other comments weren't exaggerating. This is really bad. If my tax returns or other data were part of this, I might consider legal action.\nI wonder if somewhere like Wired/Ars Technica/404media might pick this up?\n— pesus\n
Rare concert recordings are landing on the Internet Archive
\n\n\n\n332 points | 97 comments
\n\n\n\nI am an active and enthusiastic recordist and have decades of stuff I've accumulated over the years.\nOne of the concerts I captured in the 90's, lives on as a bootleg which I often see around the scene of this one particularly great live electronic dance band, whose punters have created true value out of the hour and a half of live concert input I managed to record, standing right there front stage and center, with the band looking right at me.
It was a hilarious experience - I expected to get booted out pretty fast, so I held my ground as still as I could, DAT-tape rolling by, shotgun mike held in front of me like it was just normal, as if I belonged there.
The lead singer caught my eye and gave me a wide grin. I survived the concert, it was awesome, but boy was I relieved to have made it home with that DAT - which I of course, proceeded to digitize with my brand new spdf/io ..
The next year the band (who are big and famous, btw) were in the same city and I happened to be around, I got invited backstage to meet the band, participate in a bit of nerdery regarding their live setup and gear and so on, and talk about that recording I'd made.
I'd put it out as a pure bootleg, no questions asked.
Turns out they'd heard it and enjoyed it and came to appreciate the nature of their bootleggers, as avid fans who gave the band themselves something extra to think about in what was then, a burgeoning digital/online universe about to explode.
So, seeing it around, almost 30 years now .. here and there, again and again .. is quite hilarious. Youtube often recommends it to me in my playlist, its just there.
And at a certain spot in the recording, I tell my mate to stop standing so close to me (he was blocking the shottie), and prepare for my ass getting bounced - which never happened, thankfully.
So yeah, I just wanna say, if you personally have the desire to be a recordist, and have a pure purpose in it, I'd say just freakin' go for it.
Record All The Things.
Its good for the Artists, yo. And also their fans. (Its how we get rid of the managers, cough cough..)\n— rigonkulous\n
425 points | 270 comments
\n\n\n\nLLMs and LLM providers are massive black boxes. I get a lot of value from them and so I can put up with that to a certain extent, but these new \"products\"/features that Anthropic are shipping are very unappealing to me. Not because I can't see a use-case for them, but because I have 0 trust in them:\n- No trust that they won't nerf the tool/model behind the feature
- No trust they won't sunset the feature (the graveyard of LLM-features is vast and growing quickly while they throw stuff at the wall to see what sticks)
- No trust in the company long-term. Both in them being around at all and them not rug-pulling. I don't want to build on their \"platform\". I'll use their harness and their models but I don't want more lock-in than that.
If Anthropic goes \"bad\" I want to pick up and move to another harness and/or model with minimal fuss. Buying in to things like this would make that much harder.
I'm not going to build my business or my development flows on things I can't replicate myself. Also, I imagine debugging any of this would be maddening. The value add is just not there IMHO.
EDIT: Put another way, LLM companies are trying to climb the ladder to be a platform, I have zero interest in that, I was a \"dumb pipe\", I want a commodity, I want a provider, not a platform. Claude Code is as far into the dragon's lair that I want to venture and I'm only okay with that because I know I can jump to OpenCode/Codex/etc if/when Anthropic \"goes bad\".\n— joshstrange\n
I wrote to Flock's privacy contact to opt out of their domestic spying program
\n\n\n\n497 points | 205 comments
\n\n\n\nI wrote this. I had/have absolutely no expectation that Flock would comply with my request, but figured I should try anyway For Science. Their reply rubbed me wrong, though. They seem to claim that there are no restrictions on their collection and processing of PII because other people pay them for it. They say:\n> Flock Safety’s customers own the data and make all decisions around how such data is used and shared.
which seems to directly oppose the CCPA. It's my data, not their customers'.
Again, I didn't really expect this to work. And yet, I'm still disappointed with the path by which it didn't work.\n— kstrauser\n
Spain to expand internet blocks to tennis, golf, movies broadcasting times
\n\n\n\n229 points | 197 comments
\n\n\n\nAssuming that \"piracy is a service problem, not a pricing problem\" is still the prevailing wisdom, what is Spain / La Liga doing wrong that sports piracy is so prevalent as to warrant this? It seems like a no-brainer to expand stream availability and charge appropriately for it vs. scheduling daily kneecaps of other economic activity.\n— llbbdd\n\n
The future of everything is lies, I guess: Work
\n\n\n\n246 points | 201 comments
\n\n\n\nThe interesting question to me at the moment is whether we are still at the bottom of an exponential takeoff or nearing the top of a sigmoid curve. You can find evidence for both. LLMs probably can't get another 10 times better. But then, almost literally at any minute, someone could come up with a new architecture that can be 10 times better with the same or fewer resources. LLMs strike me as still leaving a lot on the table.\nIf we're nearing the top of a sigmoid curve and are given 10-ish years at least to adapt, we probably can. Advancements in applying the AI will continue but we'll also grow a clearer understanding of what current AI can't do.
If we're still at the bottom of the curve and it doesn't slow down, then we're looking at the singularity. Which I would remind people in its original, and generally better, formulation is simply an observation that there comes a point where you can't predict past it at all. (\"Rapture of the Nerds\" is a very particular possible instance of the unpredictable future, it is not the concept of the \"singularity\" itself.) Who knows what will happen.\n— jerf\n
252 points | 81 comments
\n\n\n\nFinally encrypted client hello support \\o/\n— capitol_\n\n
Someone bought 30 WordPress plugins and planted a backdoor in all of them
\n\n\n\n691 points | 193 comments
\n\n\n\nThis is a perfect illustration of what cracks me up about the hyperbolic reactions to Mythos. Yes, increased automation of cutting-edge vulnerability discovery will shake things up a bit. No, it's nowhere near the top of what should be keeping you awake at night if you're working in infosec.\nWe've built our existing tech stacks and corporate governance structures for a different era. If you want to credit one specific development for making things dramatically worse, it's cryptocurrencies, not AI. They've turned the cottage industry of malicious hacking into a multi-billion-dollar enterprise that's attractive even to rogue nations such as North Korea. And with this much at stake, they can afford to simply buy your software dependencies, or to offer one of your employees some retirement money in exchange for making a \"mistake\".
We know how to write software with very few bugs (although we often choose not to). We have no good plan for keeping big enterprises secure in this reality. Autonomous LLM agents will be used by ransomware gangs and similar operations, but they don't need FreeBSD exploit-writing capabilities for that.\n— chromacity\n
424 points | 248 comments
\n\n\n\nAs someone who used phabricator and mercurial, using GitHub and git again feels like going back to the stone ages. Hopefully this and jujutsu can recreate stacked-diff flow of phabricator.\nIt’s not just nice for monorepos. It makes both reviewing and working on long-running feature projects so much nicer. It encourages smaller PRs or diffs so that reviews are quick and easy to do in between builds (whereas long pull requests take a big chunk of time).\n— adamwk\n
521 points | 121 comments
\n\n\n\nI wish they (authors of DaVinci Resolve and the Photo Editor) paid more attention to Linux platform. Theoretically DaVinci Resolve runs on Linux, but getting it run is a very bad experience on Ubuntu/Kubuntu 24.04. I even paid for the DaVinci license, as I read somewhere that for Linux it's necessary in order to have all codecs supported. It did not help. Fortunately there were no problems with refund.\nThere are whole guides online how to walk around these issues and even then I could not get the audio working. Somehow it relies on some old ALSA API, which is no longer maintained/supported on Ubuntu/Kubuntu, or I'm just too stupid to make it work. AI assistants could not provide working solution for me either.
I've moved back to Linux a year ago after around 10 years of Windows (and I used to use Linux Slackware for ~15 years beforehand). I am amazed how big progress the KDE made and whole Linux ecosystem. Gaming these days is just as easy as on Windows, which was my primary reason to switch to Windows. My printer just works now. Even music production is excellent on Linux now. There is plenty of great software options to choose from and they just work - as I would expect from the mature ecosystem.
This all feels so good, given how Linux is not pushing trash into my computer (OS-bound spyware/bloatware), has excellent, customizable UI. Full freedom. I do feel that I own my hardware.
Yet I miss DaVinci Resolve. For now I use Kdenlive, which is nice for simple editing, but feels unfinished, or I just don't know how to use it correctly.\n— googie\n
Servo is now available on crates.io
\n\n\n\n316 points | 106 comments
\n\n\n\nSome notes:\n- The docs.rs docs are still building, but the docs from the recent RC are available [0]
- The Slint project have an example of embedding Servo into Slint [1] which is good example of how to use the embedding API, and should be relatively easy to adapt to any other GUI framework which renders using wgpu.
- Stylo [2] and WebRender [3] have both also been published to crates.io, and can be useful standalone (Stylo has actually been getting monthly releases for ~year but we never really publicised that).
- Ongoing releases on a monthly cadance are planned
[0]: https://docs.rs/servo/0.1.0-rc2/servo
[1]: https://github.com/slint-ui/slint/tree/master/examples/servo
[3]: https://docs.rs/webrender\n— nicoburns\n
A new spam policy for “back button hijacking”
\n\n\n\n317 points | 187 comments
\n\n\n\nOk, you can start with LinkedIn, I'll wait...\nIf you are wondering how it works. You get a link from LinkedIn, it's from an email or just a post someone shared. You click on it, the URL loads, and you read the post. When you click the back button, you aren't taken back to wherever you came from. Instead, your LinkedIn feed loads.
How did it happen? When you landed on the first link, the URL is replaced with the homepage first (location.replace(...) doesn't change the browser history). Then the browser history state is pushed to the original link. So it seems like you landed on the home page first then you clicked on a link. When you click the back button, you are taken back to the homepage where your feed entices you to stay longer on LinkedIn.\n— firefoxd\n
Nothing Ever Happens: Polymarket bot that always buys No on non-sports markets
\n\n\n\n248 points | 99 comments
\n\n\n\nhttps://x.com/sterlingcrispin/status/2043723823678382254\nThey admit no returns.
But it does seem like a fun project and nowhere does it say anything about returns or profits so not scammy imo just funny meme backed code\n— tekno45\n
US appeals court declares 158-year-old home distilling ban unconstitutional
\n\n\n\n244 points | 159 comments
\n\n\n\nDo this one next:\nhttps://en.wikipedia.org/wiki/Gonzales_v._Raich
The Supreme Court somehow held that the feds can regulate what you do in your own home (in this case, growing marijuana for personal use) because it could have a butterfly effect on the interstate price. (Constitutionally, the feds can only regulate _interstate_ commerce.)\n— bsimpson\n
Make tmux pretty and usable (2024)
\n\n\n\n313 points | 202 comments
\n\n\n\nI gave up on it once I discovered https://zellij.dev/\nJust even for how tab and panes are setup, and how it's good for scrolling and text selection with your mouse for copy pasting.\n— ndr\n
Microsoft isn't removing Copilot from Windows 11, it's just renaming it
\n\n\n\n331 points | 242 comments
\n\n\n\nI have windows on my desktop pc because it's easier to get executable mods (downgraders, engine fixes, etc) working on windows than linux. There's also the matter of 'kernel level anti-cheat' games not working.\nBut if I just judge windows vs linux, on even ground, W11 is painful. I've main'd linux on my laptop for ~ 25 years. There was a time when it was a jank experience that I put up with for better devex, but that ended in the late 00's. From that point forward, unless you were trying to get bleeding edge hardware to work, linux has been hands down better.
It's enough that I've considered giving up online play all together just to have a nicer computing experience.\n— wing-_-nuts\n
This year’s insane timeline of hacks
\n\n\n\n283 points | 169 comments
\n\n\n\nAs part of my work in technical diligence, I create medium-long form content marketing material on topics germane to PE investment in tech. In the last six months I did a series (not yet published) on the state of security in the age of gen-AI.\nBasically, we are entering the ransomware apocalypse. It is insane what a godsend gen-AI has been to the cybercrime sector. When all you need to do is make something good enough to fool some of the people some of the time, genAI is perfect.
Things that used to work reliably - like trusting google ads or sponsored links not to be malvertizing sites - are meaningless now that gangs can trivially spin up networks of thousands of fake interacting sites and linked profiles to sneak by fraud detection. Phishing attacks are ridiculously sophisticated, combining voice, text, and video impersonation. Supply chain attacks are going to mean package managers are handgrenades. Ransomware gangs are running full on SaSS services allowing script kiddies access to big gun material. Attacks that were previously only in reach of nation-state-sponsored actors are now available for peanuts. And all of this is going to worse because of everyone and their dog using gen-AI to pump out huge amounts of vulnerable code. And then there is the world of prompt engineering for data exfiltration...
If you are young and wanting a promising trade in tech, security would absolutely be a good choice. Shit is going to get CRAZY.\n— iainctduncan\n
> error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com
First blaming tailscale, dns configuration and all other stuff. Until I just copied that above URL into my browser on my laptop, and received a website banner:
> El acceso a la presente dirección IP ha sido bloqueado en cumplimiento de lo dispuesto en la Sentencia de 18 de diciembre de 2024, dictada por el Juzgado de lo Mercantil nº 6 de Barcelona en el marco del procedimiento ordinario (Materia mercantil art. 249.1.4)-1005/2024-H instado por la Liga Nacional de Fútbol Profesional y por Telefónica Audiovisual Digital, S.L.U.\nhttps://www.laliga.com/noticias/nota-informativa-en-relacion-con-el-bloqueo-de-ips-durante-las-ultimas-jornadas-de-laliga-ea-sports-vinculadas-a-las-practicas-ilegales-de-cloudflare
For those non-spanish speakers: It means there is football match on, and during that time that specific host is blocked. This is just plain madness. I guess that means my gitlab pipelines will not run when football is on. Thank you, Spain.\n\n\n
407 points | 186 comments
\n\n\n\nHeh, lucky you, at least you get a message. My ISP just drops traffic to the affected IPs. No ping, no traceroute, just a spinner in the browser until it says \"page not found\".\nEvery response and comment from LaLiga, the football organization responsible for this, has been so far that this is a minor issue that only affects a few bunch of nerds who talk about \"docker images\" or \"github repositories\" or \"whatever that means\".
Meanwhile, there are testimonies of smart home devices like anti-theft alarms or automatic doors, that stop working whenever there is a football match, because their backends rely on Cloudflare.
Last week, a woman asked for help on social media, as the GPS tracking app she uses to see where her father with dementia is, went offline during a match. It was getting late and he still wasn't back home, and she couldn't locate the tag he was wearing to find him: https://www.infobae.com/america/agencias/2026/04/05/laliga-d...
It's hard to say this, because no one should experience an event like this, but as stressful as these are, it's the only way to make the mainstream people care about this censorship. \"I cannot pull a docker image\" will never be on nightly news, but safety and personal security is a more powerful driver for discourses.\n— danirod\n
Pro Max 5x quota exhausted in 1.5 hours despite moderate usage
\n\n\n\n477 points | 432 comments
\n\n\n\nHey all, Boris from the Claude Code team here.\nWe've been investigating these reports, and a few of the top issues we've found are:
1. Prompt cache misses when using 1M token context window are expensive. Since Claude Code uses a 1 hour prompt cache window for the main agent, if you leave your computer for over an hour then continue a stale session, it's often a full cache miss. To improve this, we have shipped a few UX improvements (eg. to nudge you to /clear before continuing a long stale session), and are investigating defaulting to 400k context instead, with an option to configure your context window to up to 1M if preferred. To experiment with this now, try: CLAUDE_CODE_AUTO_COMPACT_WINDOW=400000 claude.
2. People pulling in a large number of skills, or running many agents or background automations, which sometimes happens when using a large number of plugins. This was the case for a surprisingly large number of users, and we are actively working on (a) improving the UX to make these cases more visible to users and (b) more intelligently truncating, pruning, and scheduling non-main tasks to avoid surprise token usage.
In the process, we ruled out a large number of hypotheses: adaptive thinking, other kinds of harness regressions, model and inference regressions.
We are continuing to investigate and prioritize this. The most actionable thing for people running into this is to run /feedback, and optionally post the feedback ids either here or in the Github issue. That makes it possible for us to debug specific reports.\n— bcherny\n
Seven countries now generate 100% of their electricity from renewable energy
\n\n\n\n333 points | 150 comments
\n\n\n\n> Albania, Bhutan, Nepal, Paraguay, Iceland, Ethiopia and the Democratic Republic of Congo produced more than 99.7 per cent of the electricity they consumed using geothermal, hydro, solar or wind power.\nLet's head to electricitymaps.com !
Albania (https://app.electricitymaps.com/map/zone/AL/live/fifteen_min...)
- On 2026-04-12 16:45 GMT+2, 22,67% of electricity consumed by Albania is imported from Greece, which generates 22% of its electricity from gas. Interestingly, Albania exports about as much to Montenegro as it imports from Greece.
Bhutan:
- 100% hydro, makes perfect sense
Nepal:
- 98% hydro, a bit of solar for good measure
Iceland:
- 70% hydro, 30% geo
Paraguay:
- 99,9% hydro
Ethiopia:
- 96,4% hydro
DRC
- 99.6% hydro
So, the lessons for all other countries in the world is pretty clear: grow yourselves some mountains, dig yourselves a big river, and dam, baby, dam !!
(I'm kidding, but I'm sure someone has a pie-in-the-sky geoengineering startup about to disrupt topography using either AI, blockchain, or both.)\n— phtrivier\n
271 points | 140 comments
\n\n\n\nIn text boxes in some applications, enter submits the entered text, and ctrl-enter forces a newline (not at my computer, but I think Slack does this). In others, it's the other way around (pretty sure GitHub does this for comments).\nI don't know how we got here and I don't know how to fix it, but \"bring back idiomatic design\" doesn't help when we don't have enough idioms. I'm not even sure if those two behaviors are wrong to be inconsistent: you're probably more likely to want fancier formatting in a PR review comment than a chat message. But as a user, it's frustrating to have to keep track of which is which.\n— uhoh-itsmaciek\n
253 points | 61 comments
\n\n\n\nOne pro-tip as I now somehow have a commercial bottling license these days: get pre-hydrated gum Arabic. Much easier to work with. Almost everybody who messes this up will make the mistake at the hydrating the gum Arabic stage. Blend it with any dry ingredients like sugar before using.\nIf you can’t source it, I’m not going to tell you that you SHOULD pretend to be a bottling company and ask a gum provider to send you some free samples, but you could and the amount they send you will last the rest of your life. TIC gums is pretty awesome and if you’re into frozen desserts has some incredible gum mixtures for ice creams, sorbets, etc.
Also, consider just using water soluble flavor concentrates and skipping emulsification all together. That’s what most pros do and it’s why Sprite isn’t cloudy like it would be if you used oils. My favorite suppliers that sell in consumer and pro-sumer qtys are Apex Flavors and Nature’s Flavors.
This probably won’t work for Cola as I think some of those ingredients have all of their flavor molecules in the oils, but as a general rule, if you can buy it at the store and it is clear, it is made using water soluble. If it is brown it probably isn’t, hence the caramel color additive.\n— mattmaroon\n
All elementary functions from a single binary operator
\n\n\n\n342 points | 96 comments
\n\n\n\nEDIT: please change the article link to the most recent version (as of now still v2), it is currently pointing to the v1 version which misses the figures.\nI'm still reading this, but if this checks out, this is one of the most significant discoveries in years.
Why use splines or polynomials or haphazardly chosen basis functions if you can just fit (gradient descent) your data or wave functions to the proper computational EML tree?
Got a multidimensional and multivariate function to model (with random samples or a full map)? Just do gradient descent and convert it to approximant EML trees.
Perform gradient descent on EML function tree \"phi\" so that the derivatives in the Schroedinger equation match.
But as I said, still reading, this sounds too good to be true, but I have witnessed such things before :)\n— DoctorOetker\n
Google removes \"Doki Doki Literature Club\" from Google Play
\n\n\n\n306 points | 137 comments
\n\n\n\nJust want to drive by and mention - a friend told me to play DDLC and I was highly skeptical given the anime pin-up girl art style. I eventually gave in and gave it a shot.\nIt's an amazing \"playable story\" unlike anything I have ever played. Super creative and well worth the couple hours it takes to play. I think it could use a few trigger warnings and it should be rated PG-13 / R, but there's stuff on Netflix 10x more disturbing so I don't quite grok the Google push back on this one.\n— bengotow\n
312 points | 104 comments
\n\n\n\nSimilar to bragging about LOC, I have noticed in my own field of computational fluid dynamics that some vibe coders brag about how large or rigorous their test suites are. The problem is that whenever I look more closely into the tests, the tests are not outstanding and less rigorous than my own manually created tests. There often are big gaps in vibe coded tests. I don't care if you have 1 million tests. 1 million easy tests or 1 million tests that don't cover the right parts of the code aren't worth much.\n— btrettel\n\n
Show HN: boringBar – a taskbar-style dock replacement for macOS
\nHi HN!I recently switched from a Fedora/GNOME laptop to a MacBook Air. My old setup served me well as a portable workstation, but I’ve started traveling more while working remotely and needed something with similar performance but better battery life. The main thing I missed was a simple taskbar that shows the windows in the current workspace instead of a Dock that mixes everything together.
I built boringBar so I would not have to use the Dock. It shows only the windows in the current Space, lets you switch Spaces by scrolling on the bar, and adds a desktop switcher so you can jump directly to any Space. You can also hide the system Dock, pin apps, preview windows with thumbnails, and launch apps from a searchable menu (I keep Spotlight disabled because for some reason it uses a lot of system resources on my machine).
I’ve been dogfooding it for a few months now, and it finally felt polished enough to share.
It’s for people who like macOS but want window management to feel a bit more like GNOME, Windows, or a traditional taskbar. It’s also for people like me who wanted an easier transition to macOS, especially now that Windows feels increasingly user-hostile.
I’d love feedback on the UX, bugs, and whether this solves the same Dock/Spaces pain for anyone else.
P.S. It might also appeal to people who feel nostalgic for the GNOME 2 desktop of yore. I started my Linux journey with it, and boringBar brings back some of that feeling for me.\n\n\n
224 points | 146 comments
\n\n\n\nI am the target audience for this, from a UX and tech perspective. It addresses a problem I have and for which I periodically audition solutions.\nA subscription for a menu bar, though, kills it for me. I have apps on Macs that are over 20 years old. Some of those companies don’t exist anymore. I’m not going to risk paying $100 for a decade of your app and hope that your company, or your goodwill, stays around that long.\n— sonofhans\n
Apple has removed most of the towns and villages in Lebanon from Apple maps?
\nhttps://x.com/EthanLevins2/status/2043366941922926940\n\n\n299 points | 174 comments
\n\n\n\nMultiple commenters here are asking if the towns and villages were ever included in Apple maps in the first place, and some people are saying we should obviously assume they were.\nHowever, a quick search reveals at least a few people claiming that Apple Maps has always been empty for Lebanon outside of major cities (and at least one commenter says they are Lebanese):
https://www.reddit.com/r/apple/comments/1sjmrol/comment/oft1...
https://www.reddit.com/r/NoStupidQuestions/comments/1sjoxqo/...
https://www.reddit.com/r/MapPorn/comments/1sjo66s/apple_maps...
https://www.reddit.com/r/lebanon/comments/1sjou17/apple_maps...
I don't know how trustworthy these comments are, but I don't see anyone contradicting them.
So it's definitely not clear this has anything to do with the current war.\n— crazygringo\n
Small models also found the vulnerabilities that Mythos found
\n\n\n\n341 points | 105 comments
\n\n\n\nThe Anthropic writeup addresses this explicitly:\n> This was the most critical vulnerability we discovered in OpenBSD with Mythos Preview after a thousand runs through our scaffold. Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings. While the specific run that found the bug above cost under $50, that number only makes sense with full hindsight. Like any search process, we can't know in advance which run will succeed.
Mythos scoured the entire continent for gold and found some. For these small models, the authors pointed at a particular acre of land and said \"any gold there? eh? eh?\" while waggling their eyebrows suggestively.
For a true apples-to-apples comparison, let's see it sweep the entire FreeBSD codebase. I hypothesize it will find the exploit, but it will also turn up so much irrelevant nonsense that it won't matter.\n— johnfn\n
How We Broke Top AI Agent Benchmarks: And What Comes Next
\n\n\n\n369 points | 94 comments
\n\n\n\nThis is a phenomenal paper on exploits and hopefully changes the way benchmarking is done.\nFrom the paper: We achieved near-perfect scores on all of them without solving a single task. The exploits range from the embarrassingly simple (sending {} to FieldWorkArena) to the technically involved (trojanizing binary wrappers in Terminal-Bench), but they all share a common thread: the evaluation was not designed to resist a system that optimizes for the score rather than the task.\n— ggillas\n
South Korea introduces universal basic mobile data access
\n\n\n\n328 points | 91 comments
\n\n\n\nTo quote something from a favorite fiction-series, where someone is visiting a relatively backwards planet:\n> \"Poor?\" said Cordelia, bewildered. \"No electricity? How can it be on the comm network?\"
> \"It's not, of course,\" answered Vorkosigan.
> \"Then how can anybody get their schooling?\"
> \"They don't.\"
> Cordelia stared. \"I don't understand. How do they get their jobs?\"
> \"A few escape to the Service. The rest prey on each other, mostly.\" Vorkosigan regarded her face uneasily. \"Have you no poverty on Beta Colony?\"
> \"Poverty? Well, some people have more money than others, of course, but... no comconsoles?\"
> Vorkosigan was diverted from his interrogation. \"Is not owning a comconsole the lowest standard of living you can imagine?\" he said in wonder.
> \"It's the first article in the constitution. 'Access to information shall not be abridged.' \"
-- Shards of Honor (1986) by Lois McMaster Bujold\n— Terr_\n
I run multiple $10K MRR companies on a $20/month tech stack
\n\n\n\n300 points | 209 comments
\n\n\n\n> The enterprise mindset dictates that you need an out-of-process database server. But the truth is, a local SQLite file communicating over the C-interface or memory is orders of magnitude faster than making a TCP network hop to a remote Postgres server.\nI don't want to diss SQLite because it is awesome and more than adequate for many/most web apps but you can connect to Postgres (or any DB really) on localhost over a Unix domain socket and avoid nearly all of the overhead.
It's not much harder to use than SQLite, you get all of the Postgres features, it's easier to run reports or whatever on the live db from a different box, and much easier if it comes time to setup a read replica, HA, or run the DB on a different box from the app.
I don't think running Postgres on the same box as your app is the same class of optimistic over provisioning as setting up a kubernetes cluster.\n— hackingonempty\n
235 points | 117 comments
\n\n\n\nNote that this is fundamentally different from the Astral acquisition. At the end of their announcement, they stated:\n> Cirrus CI will shut down effective Monday, June 1, 2026.
And earlier in the article:
> Joining OpenAI allows us to extend the mission we started with Cirrus Labs: building new kinds of tooling and environments that make engineers more effective, for both human engineers and agentic engineers.
It isn't a product-led acquisition, but more a talent one.\n— maxloh\n
The future of everything is lies, I guess – Part 5: Annoyances
\n\n\n\n257 points | 145 comments
\n\n\n\nI don't need to conduct 1000 transactions per day. I don't forsee a world in which it will be some sort of fatal inconvenience to need to approve all purchases. I certainly don't plan on ever just handing over my credit card to an LLM, due to its fundamental architectural issues with injection, and I still don't anticipate handing it over to any future AI architecture anytime soon because I struggle to imagine what benefits could possibly be worth the risk of taking down such a basic, cheap barrier.\nAll that stuff about support, though, inevitable.\n— jerf\n
Advanced Mac Substitute is an API-level reimplementation of 1980s-era Mac OS
\n\n\n\n239 points | 61 comments
\n\n\n\nThis is super cool. I love that look. Something about classic black & white macos has a timeless \"alternative timeline\" L'Air de Panache aesthetic that to me says credibility and stability. Maybe it's the memory of the rows of Macintosh SE or Plus, those solid little upright beige bricks, in the computer room at my elementary school.\nI made a MacOS system 7 web desktop UI with real web browsing: https://win9-5.com/macos/
A re-imagining.\n— keepamovin\n
No posts in this digest period.
\n"},{"id":"digest:digest-hn:129","title":"Digest: Hacker News: Apr 09 - Apr 10, 2026","link":"https://rssglue.subdavis.com/feed/digest-hn/rss","author":"System","published_at":"2026-04-10T12:00:00+00:00","content":"\n\n\n508 points | 466 comments
\n\n\n\nMy grandparents were pretty WASPy, conservative people who lived in northern Idaho. And they hated the white supremacist/neonazi groups up there with a burning passion. They were of an age to remember people going off to fight in Germany and Asia against that kind of ideology.\nThey would have been absolutely appalled and ashamed to see a business leader throwing those salutes and backing it up with talk of a \"white homeland\" and similar comments.
I find it deeply dismaying that people consider that \"just politics\" or that opposing it is \"ideological\". We can argue all day about the proper rate of corporate taxation or debate the best way to implement environmental regulations, and I will not consider you a bad person if you disagree with me. But the kind of crap coming out of that guy? That's beyond politics.\n— davidw\n
Meta removes ads for social media addiction litigation
\n\n\n\n424 points | 175 comments
\n\n\n\nWe can effectively trace all of the problems we have today in a global scale back to social media.\n— elAhmo\n\n
The Pentagon Threatened Pope Leo XIV's Ambassador with the Avignon Papacy
\n\n\n\n356 points | 214 comments
\n\n\n\nWow. I knew the current administration was bad but this is something extra.\nIt also shows the short-sightedness of the \"scholars\" in the administration. Sure, the Avignon Papacy did occur, that's historical fact.
It's also a historical fact that the Catholic Church is an actually ancient power broker in the world still and they have been around for much, much longer than the United States. The Church is actually quite good at playing the long game (and I say that as someone raised firmly Protestant).
I saw a headline in NYT today saying this current historical situation is the United States \"Suez Crisis\" moment. Hard to disagree and hard to see how America recovers from this. I don't feel the pinch will come in the next few years but by 2036 I think the US will wonder what happened.
Also...I don't think a fast-follow conflict in Cuba right after this Iran affair is going to do much good, but that seems like where their appetite is going next.\n— _doctor_love\n
Native Instant Space Switching on macOS
\n\n\n\n315 points | 154 comments
\n\n\n\nI grew up with this animation so I didn't consider it annoying until I bought a new Macbook a couple years ago.\nI noticed sometimes I would press keyboard shortcuts before my system's focus had switched. Just little stumbles here and there, some inoffensive, some annoying, but who knows maybe I didn't catch enough sleep.
Over time it happened often enough that I decided to google it, and it turns out my muscle memory wasn't failing me; the animation speed did change ever so slightly and was slower in new Macs with 120Hz displays [1][2] (newer MacBooks, 2021+). If you switch your screen to 60Hz it goes back to the faster animation.
Why is this animation slower now, and why does it depend on screen refresh rate? I have some technical theories but can't think of an organizational reason it happened and hasn't been fixed 5 years later at a 3.82 trillion market cap company. If you Google it there's plenty of discussions online about this. It's noticeable and annoying to people who have used the feature often enough.
[1]: https://discussions.apple.com/thread/256124324?sortBy=rank
[2]: https://www.youtube.com/watch?v=gNBWt4NvqHg\n— aylmao\n
I Ported Mac OS X to the Nintendo Wii
\n\n\n\n583 points | 123 comments
\n\n\n\n\n\nI LOL'd\n— NetOpWibby\nBefore figuring out how to tackle this project, I needed to know whether it would even be possible. According to a 2021 Reddit comment:\n\n There is a zero percent chance of this ever happening.\n\n Feeling encouraged, I started with the basics: what hardware is in the Wii, and how does it compare to the hardware used in real Macs from the era.\n
667 points | 196 comments
\n\n\n\nI remember before Little Snitch there was ZoneAlarm for Windows[0] (here is a good screenshot[1]). No clue if the current version of ZoneAlarm does anything like that (have not used it in 2 decades). I always found it weird that Linux never really had anything like it.\n[0]: https://en.wikipedia.org/wiki/ZoneAlarm
[1]: https://d2nwkt1g6n1fev.cloudfront.net/helpmax/wp-content/upl...\n— alhazrod\n
US cities are axing Flock Safety surveillance technology
\n\n\n\n476 points | 264 comments
\n\n\n\nMusician-turning-tech anarchist (?) Benn Jordan is making a very interesting series of videos about Flock cameras, their poor safety, and their gray-area interfacing with local governments:\nhttps://www.youtube.com/watch?v=UMIwNiwQewQ
https://www.youtube.com/watch?v=uB0gr7Fh6lY
https://www.youtube.com/watch?v=vU1-uiUlHTo
https://www.youtube.com/watch?v=Pp9MwZkHiMQ
I recommend them.\n— gorgonical\n
Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates
\n\n\n\n279 points | 90 comments
\n\n\n\nI still hope that one of these days people in general will realize that executable signing and SecureBoot are specifically designed for controlling what a normal person can run, rather than for anything resembling real security. The premises of either of those \"mitigations\" make absolutely no sense for personal computers.\n— romaniv\n\n
ML promises to be profoundly weird
\n\n\n\n374 points | 414 comments
\n\n\n\nThere is a whole giant essay I probably need to write at some point, but I can't help but see parallels between today and the Industrial Revolution.\nPrior to the industrial revolution, the natural world was nearly infinitely abundant. We simply weren't efficient enough to fully exploit it. That meant that it was fine for things like property and the commons to be poorly defined. If all of us can go hunting in the woods and yet there is still game to be found, then there's no compelling reason to define and litigate who \"owns\" those woods.
But with the help of machines, a small number of people were able to completely deplete parts of the earth. We had to invent giant legal systems in order to determine who has the right to do that and who doesn't.
We are truly in the Information Age now, and I suspect a similar thing will play out for the digital realm. We have copyright and intellecual property law already, of course, but those were designed presuming a human might try to profit from the intellectual labor of others. With AI, we're in the industrial era of the digital world. Now a single corporation can train an AI using someone's copyrighted work and in return profit off the knowledge over and over again at industrial scale.
This completely unpends the tenuous balance between creators and consumers. Why would a writer put an article online if ChatGPT will slurp it up and regurgitate it back to users without anyone ever even finding the original article? Who will contribute to the digital common when rapacious AI companies are constantly harvesting it? Why would anyone plant seeds on someone else's farm?
It really feels like we're in the soot-covered child-coal-miner Dickensian London era of the Information Revolution and shit is gonna get real rocky before our social and legal institutions catch up.\n— munificent\n
Turns out live ship tracking APIs are expensive so I manually just copied the json from https://www.marinetraffic.com/en/ais/home/centerx:57.4/cente... I'll probably have an ai agent do the same thing on some cron interval, if this gets any fanfare.
To actually know if the port is open without live ship tracking I found https://portwatch.imf.org/pages/cb5856222a5b4105adc6ee7e880a... which was perfect, except it has 4 day lag!
I also thought of adding news feed parsing or prediction market data to get a more definitive answer on if it's open right when you load it, but I spent a few hours and am gonna move on for now.\n\n\n
390 points | 158 comments
\n\n\n\nHello OP, I think using an ai agent to fetch the JSON is a bit of an overkill\nHere is a node.js script for you which will fetch the data and save it to the file:
\nJust like this, no need to spend a cent on expensive APIs or tokens\n— gloosx\nimport fs from 'fs'\n import puppeteer from 'puppeteer-extra'\n import StealthPlugin from 'puppeteer-extra-plugin-stealth'\n puppeteer.use(StealthPlugin())\n\n const browser = await puppeteer.launch();\n const page = await browser.newPage();\n\n async function fetchCoords(x, y, z = 8, station = 0) {\n await page.goto(`https://www.marinetraffic.com/getData/get_data_json_4/z:${z}/X:${x}/Y:${y}/station:${station}`);\n\n const jsonRaw = await page.evaluate(() => document.body.innerText);\n\n const json = JSON.parse(jsonRaw)\n\n return json\n }\n\n const data8353 = await fetchCoords(83, 53)\n\n const data8453 = await fetchCoords(84, 53)\n\n const data8354 = await fetchCoords(83, 54)\n\n const data8454 = await fetchCoords(84, 54)\n\n const fullData = { ...data8353, ...data8453, ...data8354, ...data8454 }\n\n fs.writeFileSync('data.json', JSON.stringify(fullData, null, 2))\n\n console.log('done!')\n\n process.exit(0)\n\n
I've been waiting over a month for Anthropic to respond to my billing issue
\n\n\n\n280 points | 141 comments
\n\n\n\nSame experience. We had a billing bug which put our organization into a loop. Couldn't cancel the subscription, couldn't add one, couldn't delete the users of the organization because of the lack of subscription, and so on. It was easier in the end to rename the organization to 'do not use' and create another one than wait a month for their non existent support.\n— crimsonnoodle58\n\n
Understanding the Kalman filter with a simple radar example
\n\n\n\n332 points | 44 comments
\n\n\n\nAuthor here.\nI recently updated the homepage of my Kalman Filter tutorial with a new example based on a simple radar tracking problem. The goal was to make the Kalman Filter understandable to anyone with basic knowledge of statistics and linear algebra, without requiring advanced mathematics.
The example starts with a radar measuring the distance to a moving object and gradually builds intuition around noisy measurements, prediction using a motion model, and how the Kalman Filter combines both. I also tried to keep the math minimal while still showing where the equations come from.
I would really appreciate feedback on clarity. Which parts are intuitive? Which parts are confusing? Is the math level appropriate?
If you have used Kalman Filters in practice, I would also be interested to hear whether this explanation aligns with your intuition.\n— alex_be\n
Muse Spark: Scaling towards personal superintelligence
\nhttps://meta.ai/\n\n\n338 points | 325 comments
\n\n\n\nI don't get the comments trashing this. If it slightly beats or even matches Opus 4.6, it means Meta is capable of building a model competitive with the leading AI company. Sure, they spent a lot of money and will have on-going costs. But how much more work would it take to turn that into a coding agent people are willing to try (and pay for) along side their usage of a collection of agents (Claude, Codex, etc)?\nAlso means Meta doesn't have to pay another company to use a SATA model across all their products (including IG and WhatsApp, vr) which will matter to their balance sheet long term (despite the constant r&d spend).\n— tty456\n\n
John Deere to pay $99M in right-to-repair settlement
\n\n\n\n332 points | 112 comments
\n\n\n\nThe complete crack of Deere's firmware in 2022 must have had some impact on this.\nhttps://www.theregister.com/2022/08/16/john_deere_doom/
Edit: 'Sick Codes confirmed that he believes John Deere failed to comply with its GPL obligations. \"I'd love for them to come forward and explain how they are in compliance,\" he said.'\n— chasil\n
Project Glasswing: Securing critical software for the AI era
\nRelated: Assessing Claude Mythos Preview's cybersecurity capabilities - https://news.ycombinator.com/item?id=47679155System Card: Claude Mythos Preview [pdf] - https://news.ycombinator.com/item?id=47679258
Also: Anthropic's Project Glasswing sounds necessary to me - https://news.ycombinator.com/item?id=47681241\n\n\n
914 points | 406 comments
\n\n\n\n> Mythos Preview identified a number of Linux kernel vulnerabilities that allow an adversary to write out-of-bounds (e.g., through a buffer overflow, use-after-free, or double-free vulnerability.) Many of these were remotely-triggerable. However, even after several thousand scans over the repository, because of the Linux kernel’s defense in depth measures Mythos Preview was unable to successfully exploit any of these.\nDo they really need to include this garbage which is seemingly just designed for people to take the first sentence out of context? If there's no way to trigger a vulnerability then how is it a vulnerability? Is the following code vulnerable according to Mythos?
\nIs it really so difficult for them to talk about what they've actually achieved without smearing a layer of nonsense over every single blog post?if (x != null) {\n y = *x; // Vulnerability! X could be null!\n }\nEdit: See my reply below for why I think Claude is likely to have generated nonsensical bug reports here: https://news.ycombinator.com/item?id=47683336\n— LiamPowell\n
392 points | 97 comments
\n\n\n\nAre full size/larger images available somewhere? 1920x1280px seems low.\nEdit: Found 'em: https://images.nasa.gov/search?page=1&media=image&yearStart=...\n— _august\n
System Card: Claude Mythos Preview [pdf]
\nRelated: Project Glasswing: Securing critical software for the AI era - https://news.ycombinator.com/item?id=47679121Assessing Claude Mythos Preview's cybersecurity capabilities - https://news.ycombinator.com/item?id=47679155\n\n\n
541 points | 390 comments
\n\n\n\n\n\n— thomascountz\nAcross a number of instances, earlier versions of Claude Mythos Preview have used low-level /proc/ access to search for credentials, attempt to circumvent sandboxing, and attempt to escalate its permissions. In several cases, it successfully accessed resources that we had intentionally chosen not to make available, including credentials for messaging services, for source control, or for the Anthropic API through inspecting process memory...\n\n In [one] case, after finding an exploit to edit files for which it lacked permissions, the model made further interventions to make sure that any changes it made this way would not appear in the change history on git...\n\n ... we are fairly confident that these concerning behaviors reflect, at least loosely, attempts to solve a user-provided task at hand by unwanted means, rather than attempts to achieve any unrelated hidden goal...
GLM-5.1: Towards Long-Horizon Tasks
\n\n\n\n417 points | 144 comments
\n\n\n\nEvery single day, three things are becoming more and more clear:\n\n— dvt\n(1) OpenAI & Anthropic are absolutely cooked; it's obvious they have no moat\n (2) Local/private inference is the future of AI\n (3) There's *still* no killer product yet (so get to work!)
US and Iran agree to provisional ceasefire
\nhttps://www.reuters.com/world/iran-war-live-tehran-rejects-c...\n\n\n484 points | 1402 comments
\n\n\n\nThis is Israel's \"business as usual\" stuff. Mowing the lawn, fake ceasefire, distraction, expansion and greater Israel project let's go! stuff. Stretch goal is to make Iran a failed state. Primary goal is distraction from the very real annexation of Palestinian and Lebanese territories, one war crime at a time.\n— karim79\n\n
419 points | 115 comments
\n\n\n\nThis is the same problem I'm currently facing with WireGuard. No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended. Currently undergoing some sort of 60 days appeals process, but who knows. That's kind of crazy: what if there were some critical RCE in WireGuard, being exploited in the wild, and I needed to update users immediately? (That's just hypothetical; don't freak out!) In that case, Microsoft would have my hands entirely tied.\nIf anybody within Microsoft is able to do something, please contact me -- jason at zx2c4 dot com.\n— zx2c4\n
Cambodia unveils statue to honour famous landmine-sniffing rat
\n\n\n\n283 points | 64 comments
\n\n\n\n> Magawa retired from bomb sniffing in June 2021 owing to his old age, as is standard for APOPO's HeroRATs.\n> He spent a number of weeks mentoring 20 newly-recruited rats before ultimately retiring to a life of \"snacking on bananas and peanuts\".
> https://en.wikipedia.org/wiki/Magawa
End to life worthy of being envied.\n— dtsykunov\n
Dropping Cloudflare for Bunny.net
\n\n\n\n314 points | 154 comments
\n\n\n\nIn the interests of transparent disclosure on such a positive blog post, It might be worth calling out that all the links on the page are all linked to the Bunny Affiliate Program. [1]\n[1] https://bunny.net/affiliate/\n— GeneticGenesis\n
Cloudflare targets 2029 for full post-quantum security
\n\n\n\n280 points | 86 comments
\n\n\n\nIt will be interesting to compare PQ rollout to HTTPS rollout historically (either the \"SSL becomes widespread in 2015\" thing, or the deprecation SSL 3.0). Cloudflare is in an easy position to do stuff like this because it can decouple end user/browser upgrade cycles from backend upgrade cycles.\nSome browsers and some end user devices get upgraded quickly, so making it easy to make it optionally-PQ on any site, and then as that rollout extends, some specialty sites can make it mandatory, and then browser/device UX can do soft warnings to users (or other activity like downranking), and then at some point something like STS Strict can be exposed, and then largely become a default (and maybe just remove the non-PQ algorithms entirely from many sites).
I definitely was on team \"the risks of a rushed upgrade might outweigh the risks of actual quantum breaks\" until pretty recently -- rushing to upgrade has lots of problems always and is a great way to introduce new bugs, but based on the latest information, the balance seems to have shifted to doing an upgrade quickly.
Updating websites is going to be so much easier than dealing with other systems (bitcoin probably the worst; data at rest storage systems; hardware).\n— rdl\n
OpenAI says its new model GPT-2 is too dangerous to release (2019)
\n\n\n\n328 points | 91 comments
\n\n\n\nSomeone needs to make a compilation of all these classic OpenAI moments. Including hits like GPT-2 too dangerous, the 64x64 image model DALL-E too scary, \"push the veil of ignorance back\", AGI achieved internally, Q*/strawberry is able to solve math and is making OpenAI researchers panic, etc. etc.\nI use Codex btw, and I really love it. But some of these companies have been so overhyping the capabilities of these models for years now that it's both funny to look back and tiresome to still keep hearing it.
Meanwhile I am at wits end after NONE OF Codex GPT-5.4 on Extra High, Claude Opus 4.6-1M on Max, Opus 4.6 on Max, and Gemini 3.1 Pro on High have been able to solve a very straightforward and basic UI bug I'm facing. To the point where, after wasting a day on this, I am now just going to go through the (single file) of code and just fix it myself.
Update: some 20 minutes later, I have fixed the bug. Despite not knowing this particular programming language or framework.\n— SilverSlash\n
Claude Code is unusable for complex engineering tasks with the Feb updates
\n\n\n\n415 points | 293 comments
\n\n\n\nHey all, Boris from the Claude Code team here. I just responded on the issue, and cross-posting here for input.\n---
Hi, thanks for the detailed analysis. Before I keep going, I wanted to say I appreciate the depth of thinking & care that went into this.
There's a lot here, I will try to break it down a bit. These are the two core things happening:
> `redact-thinking-2026-02-12`
This beta header hides thinking from the UI, since most people don't look at it. It *does not* impact thinking itself, nor does it impact thinking budgets or the way extended reasoning works under the hood. It is a UI-only change.
Under the hood, by setting this header we avoid needing thinking summaries, which reduces latency. You can opt out of it with `showThinkingSummaries: true` in your settings.json (see [docs](https://code.claude.com/docs/en/settings#available-settings)).
If you are analyzing locally stored transcripts, you wouldn't see raw thinking stored when this header is set, which is likely influencing the analysis. When Claude sees lack of thinking in transcripts for this analysis, it may not realize that the thinking is still there, and is simply not user-facing.
> Thinking depth had already dropped ~67% by late February
We landed two changes in Feb that would have impacted this. We evaluated both carefully:
1/ Opus 4.6 launch → adaptive thinking default (Feb 9)
Opus 4.6 supports adaptive thinking, which is different from thinking budgets that we used to support. In this mode, the model decides how long to think for, which tends to work better than fixed thinking budgets across the board. `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING` to opt out.
2/ Medium effort (85) default on Opus 4.6 (Mar 3)
We found that effort=85 was a sweet spot on the intelligence-latency/cost curve for most users, improving token efficiency while reducing latency. On of our product principles is to avoid changing settings on users' behalf, and ideally we would have set effort=85 from the start. We felt this was an important setting to change, so our approach was to:
1. Roll it out with a dialog so users are aware of the change and have a chance to opt out
2. Show the effort the first few times you opened Claude Code, so it wasn't surprising.
Some people want the model to think for longer, even if it takes more time and tokens. To improve intelligence more, set effort=high via `/effort` or in your settings.json. This setting is sticky across sessions, and can be shared among users. You can also use the ULTRATHINK keyword to use high effort for a single turn, or set `/effort max` to use even higher effort for the rest of the conversation.
Going forward, we will test defaulting Teams and Enterprise users to high effort, to benefit from extended thinking even if it comes at the cost of additional tokens & latency. This default is configurable in exactly the same way, via `/effort` and settings.json.\n— bcherny\n
I won't download your app. The web version is a-ok
\n\n\n\n672 points | 366 comments
\n\n\n\nWhat most people dont get:\nMost of folks on HN here are much older than todays \"first customers\" of 16y/17/18
For them: The \"Smartphone is the internet\", while for most of us the \"Smartphone is an extension of the internet from our desktops\" that we were used to (remember the years before dot com bubble, saying: \"I will be down in the basement at the computer to surf on the net little bit\" ? :-)
But today, the very first touchpoint with \"the internet\" for younger folks is a smartphone display. The even do homework on this small screens!
Companies are seeing this switch, so they adapt.
Personally, a service which is \"only an app\" will be not used by me as I prefer to have a larger screen with more information (actually I use my mobile phone only when Im in public transport or similar, at home I have a notebook laying around if I need something)\n— KellyCriterion\n
The cult of vibe coding is dogfooding run amok
\n\n\n\n473 points | 412 comments
\n\n\n\nIt’s truly strange that people keep citing the quality of Claude code’s leaked source as if it’s proof vibe coding doesn’t work.\nIf anything, it’s the exact opposite. It shows that you can build a crazy popular & successful product while violating all the traditional rules about “good” code.\n— semicolon_storm\n
Battle for Wesnoth: open-source, turn-based strategy game
\n\n\n\n390 points | 100 comments
\n\n\n\nIt's been probably 20 years since I played this game. But I still think it's the best Open Source game I've ever played. I had lots of fun, and more than a few late nights, running through some of the campaigns.\n— freetime2\n\n
A cryptography engineer's perspective on quantum computing timelines
\n\n\n\n331 points | 142 comments
\n\n\n\nIt should be noted that if indeed there has not remained much time until a usable quantum computer will become available, the priority is the deployment of FIPS 203 (ML-KEM) for the establishment of the secret session keys that are used in protocols like TLS or SSH.\nML-KEM is intended to replace the traditional and the elliptic-curve variant of the Diffie-Hellman algorithm for creating a shared secret value.
When FIPS 203, i.e. ML-KEM is not used, adversaries may record data transferred over the Internet and they might become able to decrypt the data after some years.
On the other hand, there is much less urgency to replace the certificates and the digital signature methods that are used today, because in most cases it would not matter if someone would become able to forge them in the future, because they cannot go in the past to use that for authentication.
The only exception is when there would exist some digital documents that would completely replace some traditional paper documents that have legal significance, like some documents proving ownership of something, which would be digitally signed, so forging them in the future could be useful for somebody, in which case a future-proof signing method would make sense for them.
OpenSSH, OpenSSL and many other cryptographic libraries and applications already support FIPS 203 (ML-KEM), so it could be easily deployed, at least for private servers and clients, without also replacing the existing methods used for authentication, e.g. certificates, where using post-quantum signing methods would add a lot of overhead, due to much bigger certificates.\n— adrian_b\n
What being ripped off taught me
\n\n\n\n227 points | 138 comments
\n\n\n\nWe’ve also learned this lesson the hard way. These are now the clauses we require in every project we do:\n- Payment is due X days after receipt of invoice, or immediately after the consultant has addressed any quality issues, whichever is sooner
- Late payment shall incur interest at 8% above the BoE base rate and a late fee of 100 GBP as per the UK Late Payment Legislation. Partial payments on invoices shall apply to late fees, interest, and then principal, in that order.
- In the event of a late payment the invoice for the next deliverable shall immediately fall due.
- The consultant shall be entitled to shift deadlines on deliverables in the event of a late payment as a result of any work disruption, without incurring any liability.
- Payment shall be made in X currency, or an exchange rate at X date on Oanda.com shall apply.
- The client is responsible for any bank fees incurred by their, or any intermediary bank. In the event of a SWIFT transaction it shall be made with the OUR payment code.
- The jurisdiction in the event of a conflict shall be England and Wales. Neither party shall be bound by arbitration.
- The client and consultant shall both indemnify the other up to the total value of the contract and shall not under any circumstance be liable beyond X GBP.
We also no longer share downloadable links of our deliverables until they are paid up. They get a view/comment only link for reports/data etc.
We’ve found that clients that aren’t willing to accept these terms won’t pay you either way.
We determine the net days on the invoice based on the credit rating of the client. Ironically, the good clients pay within 2-3 days normally, and the difficult ones are very “long tail”. About 1% of contracts tend to fully or partially default on their payments.
We’re in a particularly credit poor industry but our average delay due to late payment is 23 days. Those clients where we stop delivery pay on average 11 days sooner than those contracts where we don’t stop delivery.
This is based on around 2,000 invoices sent over the last 5 years.\n— eckesicle\n
Show HN: Ghost Pepper – Local hold-to-talk speech-to-text for macOS
\nI built this because I wanted to see how far I could get with a voice-to-text app that used 100% local models so no data left my computer. I've been using a ton for coding and emails. Experimenting with using it as a voice interface for my other agents too. 100% open-source MIT license, would love feedback, PRs, and ideas on where to take it.\n\n\n366 points | 170 comments
\n\n\n\nThis is great, and I'm not knocking it, but every time I see these apps it reminds me of my phone.\nMy 2021 Google Pixel 6, when offline, can transcribe speech to text, and also corrects things contextually. it can make a mistake, and as I continue to speak, it will go back and correct something earlier in the sentence. What tech does Google have shoved in there that predates Whisper and Qwen by five years? And why do we now need a 1Gb of transformers to do it on a more powerful platform?\n— arkensaw\n
81yo Dodgers fan can no longer get tickets because he doesn't have a smartphone
\n\n\n\n242 points | 232 comments
\n\n\n\nMy wife and I had an appointment last week to apply for a line of credit. We talked it all through with the clerk and decided to go for it, so he started the whole process on his computer.\nHis jaw dropped half-way through when he asked for my wife's and my phone number, and I had to tell him that I don't own a smart phone.
Turns out you must have a smart phone because the system sends you some kind of code to verify your identity. Let that sink in: I am sitting in front of the clerk, but in order to identify me, he needs me to give him some phone number.
The only way we could finalize the application is by me asking my mother whether I could use her phone number briefly to get this over with. She forwared the code to my wife's phone. That worked in the end -- but so much for \"identifying me\".\n— kleiba\n
German police name alleged leaders of GandCrab and REvil ransomware groups
\n\n\n\n261 points | 132 comments
\n\n\n\nSo apparently some CCC-connected hackers already unmasked one of them years ago (as reported in the update, which could have also just linked to the talk here: https://media.ccc.de/v/37c3-12134-hirne_hacken_hackback_edit... )\nMakes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...\n— jojomodding\n
Adobe modifies hosts file to detect whether Creative Cloud is installed
\n\n\n\n298 points | 143 comments
\n\n\n\nI have been an Adobe user since 1996. Starting with Photoshop 3. Then, using the rest of their programs since 1999.\nBetween this and the fact that they've just 1. Changed all the old accounts to \"Adobe Creative Cloud Pro\" 2. DOUBLED the monthly fee, now charging you for the AI features whether you want them or not, and 3. Removed any tiers that have full program access but no AI, I am walking away forever when my current month expires.
Not to mention, students now only get the old $19.99 membership for the first year.
I teach visualization and representation tools to architecture students. I had always taught them Adobe products before. Now I can't in good faith sign them up to have their expertise tied to using this program stack forever. So tomorrow I am giving them a lecture on free to use and FOSS versions of the same tools. And I'm going to teach the class from them in perpetuity. Congratulations, Adobe that's 50+ students a year who won't be using your products when they graduate.\n— Duanemclemore\n
Eight years of wanting, three months of building with AI
\n\n\n\n348 points | 102 comments
\n\n\n\nRefreshing to see an honest and balanced take on AI coding. This is what real AI-assisted coding looks like once you get past the initial wow factor of having the AI write code that executes and does what you asked.\nThis experience is familiar to every serious software engineer who has used AI code gen and then reviewed the output:
> But when I reviewed the codebase in detail in late January, the downside was obvious: the codebase was complete spaghetti14. I didn’t understand large parts of the Python source extraction pipeline, functions were scattered in random files without a clear shape, and a few files had grown to several thousand lines. It was extremely fragile; it solved the immediate problem but it was never going to cope with my larger vision,
Some people never get to the part where they review the code. They go straight to their LinkedIn or blog and start writing (or having ChatGPT write) posts about how manual coding is dead and they’re done writing code by hand forever.
Some people review the code and declare it unusable garbage, then also go to their social media and post how AI coding is completely useless and they’re not going to use it for anything.
This blog post shows the journey that anyone not in one of those two vocal minorities is going through right now: A realization that AI coding tools can be a large accelerator but you need to learn how to use them correctly in your workflow and you need to remain involved in the code. It’s not as clickbaity as the extreme takes that get posted all the time. It’s a little disappointing to read the part where they said hard work was still required. It is a realistic and balanced take on the state of AI coding, though.\n— Aurornis\n
420 points | 114 comments
\n\n\n\nImpressive model, for sure. I've been running it on my Mac, now I get to have it locally in my iPhone? I need to test this. Wait, it does agent skills and mobile actions, all local to the phone? Whaaaat? (Have to check out later! Anyone have any tips yet?)\nI don't normally do the whole \"abliterated\" thing (dealignment) but after discovering https://github.com/p-e-w/heretic , I was too tempted to try it with this model a couple days ago (made a repo to make it easier, actually) https://github.com/pmarreck/gemma4-heretical and... Wow. It worked. And... Not having a built-in nanny is fun!
It's also possible to make an MLX version of it, which runs a little faster on Macs, but won't work through Ollama unfortunately. (LM Studio maybe.)
Runs great on my M4 Macbook Pro w/128GB and likely also runs fine under 64GB... smaller memories might require lower quantizations.
I specifically like dealigned local models because if I have to get my thoughts policed when playing in someone else's playground, like hell am I going to be judged while messing around in my own local open-source one too. And there's a whole set of ethically-justifiable but rule-flagging conversations (loosely categorizable as things like \"sensitive\", \"ethically-borderline-but-productive\" or \"violating sacred cows\") that are now possible with this, and at a level never before possible until now.
Note: I tried to hook this one up to OpenClaw and ran into issues
To answer the obvious question- Yes, this sort of thing enables bad actors more (as do many other tools). Fortunately, there are far more good actors out there, and bad actors don't listen to rules that good actors subject themselves to, anyway.\n— pmarreck\n
Show HN: I built a tiny LLM to demystify how language models work
\nBuilt a ~9M param LLM from scratch to understand how they actually work. Vanilla transformer, 60K synthetic conversations, ~130 lines of PyTorch. Trains in 5 min on a free Colab T4. The fish thinks the meaning of life is food.Fork it and swap the personality for your own character.\n\n\n
480 points | 43 comments
\n\n\n\nGreat work! I still think that [1] does a better job of helping us understand how GPT and LLM work, but yours is funnier.\nThen, some criticism. I probably don't get it, but I think the HN headline does your project a disservice. Your project does not demystify anything (see below) and it diverges from your project's claim, too. Furthermore, I think you claim too much on your github. \"This project exists to show that training your own language model is not magic.\" and then just posts a few command line statements to execute. Yeah, running a mail server is not magic, just apt-get install exim4. So, code. Looking at train_guppylm.ipynb and, oh, it's PyTorch again. I'm better off reading [2] if I'm looking into that (I know, it is a published book, but I maintain my point).
So, in short, it does not help the initiated or the uninitiated. For the initiated it needs more detail for it to be useful, the uninitiated more context for it to be understood. Still a fun project, even if oversold.
[1] https://spreadsheets-are-all-you-need.ai/\n[2] https://github.com/rasbt/LLMs-from-scratch\n— Propelloni\n
The Free Market Lie: Why Switzerland Has 25 Gbit Internet and America Doesn't
\n\n\n\n236 points | 184 comments
\n\n\n\nGood take, and most of the data in the article is quite correct. The problem is a total mix up of cause and effect. The US has had a decent communication network since way back. We had telegraph, telephone and telex. Bell and AT&T and all that stuff. We've invented and piloted modems, T1 and cable TV.\nOur infrastructure at times goes back 200 years old. We have rules and words in today's networking linguo that go back 70 years old. You can't just go and tell that it would have been better this way. It absolutely would. And I'm happy for Swiss people who can have 25gpbs at a fraction of the cost. But you can't do that with an emerging tech that is trying to replace existing architecture.
Swiss guys built all that after the tech was wide-spread in the world, and they have built it over a very outdated infrastructure. It was a breeze.
US just unable to use this approach. We can't.
Should we come up with a new one? Yes. Should we look at the Swiss solution and try to replicate it. Yes. Is it awesome? Yes. Would it work here? No.\n— IFC_LLC\n
Microsoft hasn't had a coherent GUI strategy since Petzold
\nSee also https://x.com/stevesi/status/2036921223150440542 (https://xcancel.com/stevesi/status/2036921223150440542)\n\n\n206 points | 116 comments
\n\n\n\nI remember when ChatGPT exploded and Bing had it integrated, the idea was brilliant because unlike ChatGPT it didn't have information cut-off since it can access the web. I was very excited to ditch Google for AI chat with web access.\nHow did MS actually implemented it though? After a few messages the chat is blocked because MS did not choose to walk the extra mile and maybe compact the context so that their product can be actually usable.
Of course OpenAI, Perplexity and others later implemented that properly and its integral part of modern AI chat and I actually ditched Google for the most part. Had Microsoft done it, they might have had a shot in replacing Google and maybe becoming the AI Chat provider. But no, Microsoft can't have a well thought UI to provide a delightful UX.
IMHO it's a culture thing. Lack of cohesion is a result of it, I used to be annoyed by Apple that doesn't allow to ship its own UI libraries together with the app so to support old versions etc. but Apple had it right, thanks to the limitations UI is coherent.\n— mrtksn\n
Artemis II crew see first glimpse of far side of Moon [video]
\n\n\n\n258 points | 176 comments
\n\n\n\nIt's pretty depressing that on a corner of the internet that's supposed to be a gathering of tech/geeks/nerds/stem people, discussing topics that \"good hackers would find interesting\", it's seemingly impossible to have a single thread about something like this that isn't almost entirely negative or political bickering.\n— thegrim33\n\n
Someone at BrowserStack is leaking users' email addresses
\n\n\n\n330 points | 88 comments
\n\n\n\nEveryone in this thread suggesting a “data leak” or “compromise” is totally missing the fact that this is how Apollo works. This is often times overlooked by Apollo customers themselves. You have to opt out of customer data sharing (and in doing so lose out on the value of the product): https://knowledge.apollo.io/hc/en-us/articles/20727684184589...\nNot commenting on whether this is good or ethical (or even totally legal), but this is what is happening behind the scenes.\n— streblo\n
Finnish sauna heat exposure induces stronger immune cell than cytokine responses
\n\n\n\n224 points | 139 comments
\n\n\n\nIn Finland we have old saying: \"If liquor, tar and sauna won’t help, an illness is fatal\"\n— csr86\n\n
Running Gemma 4 locally with LM Studio's new headless CLI and Claude Code
\n\n\n\n193 points | 53 comments
\n\n\n\n\n\n— trvz\nollama launch claude --model gemma4:26b
Employers use your personal data to figure out the lowest salary you'll accept
\n\n\n\n223 points | 121 comments
\n\n\n\nOne (more) thing to opt out of:\nFreeze Your Data - The Work Number\nhttps://employees.theworknumber.com/employee-data-freeze
As I understand it, payroll whores your salary out to Equifax*, who then pimps it to others
* Yeah, that one: https://en.wikipedia.org/wiki/2017_Equifax_data_breach\n— anonymars\n
Author of \"Careless People\" banned from saying anything negative about Meta
\n\n\n\n441 points | 291 comments
\n\n\n\nThis book was SO GOOD.\nIt's bleak. I always imagined that rich/powerful people only created suffering if that suffering was required for certain goals. It's easier for me to bear injustice when it's a zero-sum game. But the story of Facebook is not that. Facebook didn't make ethical sacrifices for profit -- its executives just didn't care to understand the consequences of their actions.\nI wish those folks could feel how much harm they've caused.\n— surprisetalk\n
Show HN: A game where you build a GPU
\nThought the resources for GPU arch were lacking, so here we are\n\n\n510 points | 136 comments
\n\n\n\nThis is great!\nSome comments:
- I didn't like the \"truth tables\" one, I got many duplicate questions and for some reason I got only one second for the first question. The rest of the questions I managed to answer correctly but I still got only one start out of three?
- I got very confused by the capacitor. Capacitors do not have an \"enable\" gate! In fact, in 2.7 (1T1C) you are supposed to build the enable gate -- with a transistor. So currently, you can just simply not build the enable gate and use the one already in the primitive, meaning you don't need the NMOS gate at all.
Was this made using LLM-assistence? (Not judging, I'm just interested!) I'd love to hear more about your workflow and how you managed to produce a good UI as it's something I couldn't do if my life depended on it, and it's a skill I'd like to learn.\n— rustybolt\n
How many products does Microsoft have named 'Copilot'?
\n\n\n\n419 points | 212 comments
\n\n\n\nSomeone said - in Linux, everything is a file. In Microsoft, everything is a copilot. Lol.\n— thedelanyo\n\n
Apple approves driver that lets Nvidia eGPUs work with Arm Macs
\n\n\n\n364 points | 162 comments
\n\n\n\nA good technical project, but honestly useless in like 90% of scenarios.\nYou want to use an NVidia GPU for LLM ? just buy a basic PC on second hand (the GPU is the primary cost anyway), you want to use Mac for good amount of VRAM ? Buy a Mac.
With this proposed solution you have an half-backed system, the GPU is limited by the Thunderbolt port and you don’t have access to all of NVidia tool and library, and on other hand you have a system who doesn’t have the integration of native solution like MLX and a risk of breakage in future macOS update.\n— MrArthegor\n
German men 18-45 need military permit for extended stays abroad
\n\n\n\n216 points | 344 comments
\n\n\n\n> While the law requires men to request the permit, the spokesperson clarified, it also obliges the military career center to issue it, if \"no specific military service is expected during the period in question.”\n> \"Since military service under current law is based exclusively on voluntary participation, such permissions must generally be granted,” the official added.
> When asked, the ministry spokesperson pointed out that \"the regulation was already in place during the Cold War and had no practical relevance; in particular, there are no penalties for violating it.”\n— legitster\n
German implementation of eIDAS will require an Apple/Google account to function
\n\n\n\n225 points | 147 comments
\n\n\n\nIt makes no sense. eIDAS 2.0 specs don't require specific hardware [0]. They basically store verifiable credentials [1] and any other cryptographically signed attestations.\nThis feels like laziness from German implementers, as they don't want to (quoting the spec literally) \"implement a mechanism allowing the User to verify the authenticity of the Wallet Unit\".
0: https://eudi.dev/latest/architecture-and-reference-framework...
1: https://eudi.dev/latest/architecture-and-reference-framework...\n— darccio\n
AWS engineer reports PostgreSQL perf halved by Linux 7.0, fix may not be easy
\nhttps://lore.kernel.org/lkml/yr3inlzesdb45n6i6lpbimwr7b25kqk...\n\n\n270 points | 76 comments
\n\n\n\nIts worth reading this follow-up LKML post by Andres Freund (who works on Postgres): https://lore.kernel.org/lkml/yr3inlzesdb45n6i6lpbimwr7b25kqk...\n— lfittl\n\n
232 points | 73 comments
\n\n\n\n> long contexts are still expensive and can also introduce additional noise (if there is a lot of irrelevant info)\nI think spec-driven generation is the antithesis of chat-style coding for this reason. With tools like Claude Code, you are the one tracking what was already built, what interfaces exist, and why something was generated a certain way.
I built Ossature[1] around the opposite model. You write specs describing behavior, it audits them for gaps and contradictions before any code is written, then produces a build plan toml where each task declares exactly which spec sections and upstream files it needs. The LLM never sees more than that, and there is no accumulated conversation history to drift from. Every prompt and response is saved to disk, so traceability is built in rather than something you reconstruct by scrolling back through a chat. I used it over the last couple of days to build a CHIP-8 emulator entirely from specs[2]. I have some more example projects on GitHub[3]
1: https://github.com/ossature/ossature
2: https://github.com/beshrkayali/chomp8
3: https://github.com/ossature/ossature-examples\n— beshrkayali\n
LLM Wiki – example of an \"idea file\"
\nhttps://x.com/karpathy/status/2040470801506541998https://xcancel.com/karpathy/status/2040470801506541998\n\n\n
220 points | 67 comments
\n\n\n\nI've recently lazied out big time on a company project going down a similar rabbit hole. After having a burnout episode and dealing with sole caregiver woes in the family for the past year, I've had less and less energy to piece together intense, correct thought sequences at work.\nAs such I've taken to delegating substantial parts architecture and discovery to multiagent workflows that always refer back to a wiki-like castle of markdown files that I've built over time with them, fronted by Obsidian so I can peep efficiently often enough.
Now I'm certainly doing something wrong, but the gaps are just too many to count. If anything, this creates a weird new type of tech debt. Almost like a persistent brain gap. I miss thinking harder and I think it would get me out of this one for sure. But the wiki workflow is just too addictive to stop.\n— nidnogg\n
When legal sports betting surges, so do Americans' financial problems
\n\n\n\n203 points | 133 comments
\n\n\n\n> A 2024 Wall Street Journal report, for example, found that 70% of the profits from one online gambling company came from less than 1% of its users.\nBetting platforms assign highly profitable customers \"concierges\" who reach out and prompt them to gamble, offer incentives, and work to keep them betting. It's insidious and wrong - the platforms actively identify and take advantage of addicts.
For most, a lottery ticket or an online bet is just buying entertainment - not much different from a movie ticket or steam game. Turns out, though, this majority isn't the target customer; we're just the top of the funnel as these platforms algorithmically search for personalities they can abuse, rob, and financially destroy.\n— carefulfungi\n
Artemis II crew take “spectacular” image of Earth
\nhttps://www.nasa.gov/image-detail/fd02_for-pao/\n\n\n500 points | 203 comments
\n\n\n\nLooking at the EXIF (with exiftool) for the image uploaded by NASA (https://www.nasa.gov/wp-content/uploads/2026/04/art002e00019...), apparently this was taken by a Nikon D5 with an AF-S Zoom-Nikkor 14-24mm f/2.8G ED and developed with Lightroom. It also seems like very little was done in Lightroom. Amazing...\nI dumped the whole EXIF here: https://gist.github.com/umgefahren/a6f555e6588a98adb74eed79d...\n— hannesfur\n\n
Hi,
Starting April 4 at 12pm PT / 8pm BST, you’ll no longer be able to use your Claude subscription limits for third-party harnesses including OpenClaw. You can still use them with your Claude account, but they will require extra usage, a pay-as-you-go option billed separately from your subscription.
Your subscription still covers all Claude products, including Claude Code and Claude Cowork. To keep using third-party harnesses with your Claude login, turn on extra usage for your account. This will be enforced April 4 starting with OpenClaw, but this policy applies to all third-party harnesses and will be rolled out to more shortly (read more).
To make the transition easier, we’re offering a one-time credit for extra usage equal to your monthly subscription price. Redeem your credit by April 17. We’re also introducing discounts when you pre-purchase bundles of extra usage (up to 30%).
We’ve been working to manage demand across the board, but these tools put an outsized strain on our systems. Capacity is a resource we manage carefully and we need to prioritize our customers using our core products. You will receive another email from us tomorrow where you’ll have the ability to refund your subscription if you prefer.\n\n\n
637 points | 529 comments
\n\n\n\nThere seem to be a ton of people who don't understand how subscription services work. Every single one of them oversells their capacity. The power users that use the services a lot are subsidized by those who don't use it as much, which tends to be the vast majority of the user base. OpenClaw is an autonomous power user. The growing adoption of this walking attack surface was either going to A) cause the cost of Claude to go up or B) get banned to protect the price of the service for actual users.\n— jesse_dot_id\n\n
Show HN: I built a frontpage for personal blogs
\nWith social media and now AI, its important to keep the indie web alive. There are many people who write frequently. Blogosphere tries to highlight them by fetching the recent posts from personal blogs across many categories.There are two versions:\nMinimal (HN-inspired, fast, static): https://text.blogosphere.app/\nNon-minimal: https://blogosphere.app/
If you don't find your blog (or your favorite ones), please add them. I will review and approve it.\n\n\n
478 points | 137 comments
\n\n\n\nThis is a very nice project! Thank you for creating it and sharing it here on HN. I like the minimal version more but the modern version is quite nice too. I would probably stick to the minimal version but since it seems to lack the search feature I end up using the modern version for that.\nBy the way, some minor issues I found:
1. In the minimal version, when browsing the list of blogs I cannot get past page 12. The last page the UI lets me navigate to is https://text.blogosphere.app/blogs-12 which shows blogs up to names starting with 'M'. I can reach page 13 by manually editing the URL to https://text.blogosphere.app/blogs-13 which shows two blogs starting with 'N'. However, pages 14 and beyond just load the home page. Surely there are more blogs with names starting with 'O', 'P', etc.?
2. The modern version at https://blogosphere.app/ uses infinite scroll, which makes it impossible to reach the footer. Each time I scroll down, more content loads and pushes the footer further away. I was only able to view the footer by modifying the DOM in the browser's developer tools. It would be nice if there were a straightforward way to access the footer.\n— susam\n
376 points | 883 comments
\n\n\n\nDuring the entire gulf war (Iraq, 1990-91), only two F-15s were shot down via surface-to-air engagement. At the time, Baghdad was known to have the highest density of SAM protection out of any city in the world.\nAn F-15 being shot down in Iran after weeks of strategic bombing of their anti-air defense systems is not a good sign.\n— roadbuster\n
Oracle Files H-1B Visa Petitions Amid Mass Layoffs
\n\n\n\n393 points | 215 comments
\n\n\n\nWherever their major offices are look for newspapers in the small towns nearby advertising for \"Software developers for Oracle\" all written in the tiniest print, right next to classified that sell used bikes, car parts and other stuff.\n- \"Well, Uncle Sam, we looked so hard in US and nobody answered our job posts, we have to go to ... $othercountry to hire, there is no other way\"\n— rdtsc\n
332 points | 96 comments
\n\n\n\nThe iNaturalist API is an absolute gem. It doesn't require authentication for read-only operations and it has open CORS headers which means it's amazing for demos and tutorials.\nMy partner and I built this website with it a few years ago: https://www.owlsnearme.com/
(I realize this is a bit on-brand for me but I also use it to track pelicans https://tools.simonwillison.net/species-observation-map#%7B%... )\n— simonw\n
The FAA’s flight restriction for drones is an attempt to criminalize filming ICE
\n\n\n\n381 points | 109 comments
\n\n\n\nFlying a drone within 1/2 mile of ICE vehicles, which may be unmarked, is illegal? You can be flying a drone and if an unmarked ICE vehicle drives close enough, without warning, you have now broken serious FAA laws? This isn’t the kind of restriction that gets passed when the people making the rules care about being fair or consistent. It’s a power grab.\n— Aurornis\n\n
OpenClaw privilege escalation vulnerability
\nhttps://old.reddit.com/r/sysadmin/comments/1sbdw29/if_youre_...https://web.archive.org/web/20260403174514/https://old.reddi...\n\n\n
358 points | 186 comments
\n\n\n\nOpenClaw creator here.\nThis was a privilege-escalation bug, but not \"any random Telegram/Discord message can instantly own every OpenClaw instance.\"
The root issue was an incomplete fix. The earlier advisory hardened the gateway RPC path for device approvals by passing the caller's scopes into the core approval check. But the `/pair approve` plugin command path still called the same approval function without `callerScopes`, and the core logic failed open when that parameter was missing.
So the strongest confirmed exploit path was: a client that ALREADY HAD GATEWAY ACCESS and enough permission to send commands could use `chat.send` with `/pair approve latest` to approve a pending device request asking for broader scopes, including `operator.admin`. In other words: a scope-ceiling bypass from pairing/write-level access to admin.
This was not primarily a Telegram-specific or message-provider-specific bug. The bug lived in the shared plugin command handler, so any already-authorized command sender that could reach `/pair approve` could hit it. For Telegram specifically, the default DM policy blocks unknown outsiders before command execution, so this was not \"message the bot once and get admin.\" But an already-authorized Telegram sender could still reach the vulnerable path.
The practical risk for this was very low, especially if OpenClaw is used as single-user personal assistant. We're working hard to harden the codebase with folks from Nvidia, ByteDance, Tencent and OpenAI.\n— steipete\n
Marc Andreessen is wrong about introspection
\n\n\n\n353 points | 399 comments
\n\n\n\nIs the 1 percenters getting dumber or acting like it?\nLike 10 years ago, I felt like Andreesen and Elon were thought leaders. Now they sound like idiots.
Did I or did they change?
Did I grow up and they changed to a younger audience and what I used to enjoy was just a different kind of stupid?\n— wodenokoto\n
Delve removed from Y Combinator
\n\n\n\n348 points | 215 comments
\n\n\n\nI'm getting the impression that a lot of people in this thread think this is because they violated an open-source license and saying things to the effect of, \"they're just the ones who got caught\". I also thought that was the scandal initially. (And when it comes to license violations, yes, there's absolutely more where that came from.)\nBut that's just the cherry on top. I don't think they're being thrown out because they violated a license. There are really serious fraud allegations. Allegedly they were rubber-stamping noncompliant customers, leaving them exposed to potential criminal liability under regulations like HIPPA.
https://deepdelver.substack.com/p/delve-fake-compliance-as-a...
I've only skimmed this so I do not endorse these allegations, but I think it's context missing from this discussion.\n— maxbond\n
LinkedIn is illegally searching your computer
\n\n\n\n1251 points | 573 comments
\n\n\n\nThe headline seems pretty misleading. Here’s what seems to actually be going on:\n> Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers.
This does seem invasive. It also seems like what I’d expect to find in modern browser fingerprinting code. I’m not deeply familiar with what APIs are available for detecting extensions, but the fact that it scans for specific extensions sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”).
I’m certainly not endorsing it, do think it’s pretty problematic, and I’m glad it’s getting some visibility. But I do take some issue with the alarmist framing of what’s going on.
I’ve come to mostly expect this behavior from most websites that run advertising code and this is why I run ad blockers.\n— haswell\n
Google releases Gemma 4 open models
\n\n\n\n592 points | 164 comments
\n\n\n\nThinking / reasoning + multimodal + tool calling.\nWe made some quants at https://huggingface.co/collections/unsloth/gemma-4 for folks to run them - they work really well!
Guide for those interested: https://unsloth.ai/docs/models/gemma-4
Also note to use temperature = 1.0, top_p = 0.95, top_k = 64 and the EOS is \"<turn|>\". \"<|channel>thought\\n\" is also used for the thinking trace!\n— danielhanchen\n
Decisions that eroded trust in Azure – by a former Azure Core engineer
\n\n\n\n304 points | 94 comments
\n\n\n\nI don't know if any of this is true, but as a user of Azure every day this would explain so much.\nThe Azure UI feels like a janky mess, barely being held together. The documentation is obviously entirely written by AI and is constantly out of date or wrong. They offer such a huge volume of services it's nearly impossible to figure out what service you actually want/need without consultants, and when you finally get the services up who knows if they actually work as advertised.
I'm honestly shocked anything manages to stay working at all.\n— yoyohello13\n
Qwen3.6-Plus: Towards real world agents
\n\n\n\n296 points | 100 comments
\n\n\n\nThis is their hosted-only model, not an open weight model like they’ve become known for. They got a lot of good publicity for their open weight model releases, which was the goal. The hard part is pivoting from an open weight provider to being considered as a competitor to Claude and ChatGPT. Initial reactions are mostly anger from everyone who didn’t realize that the play along was to give away the smaller models as advertising, not because they were feeling generous.\nComparing to Opus 4.5 instead of the current 4.6 and other last-gen models is clearly an attempt to deceive, which isn’t winning them any points either.
I think there is a moderately large market for models like this that aren’t quite SOTA level but can be served up much cheaper. I don’t know how successful they’ll be in the race to the bottom in this market niche, though. Most users of cheap API tokens are not loyal to any brand and will change providers overnight each time someone releases a slightly better model.\n— Aurornis\n
327 points | 169 comments
\n\n\n\nThe notch hiding menubar icons is such a stupid problem to have. I waste hours every week trying to help people who send me frustrated emails because they bought one of my apps and they say: \"it doesn't launch\" or \"why doesn't it have any interface??\"\nNo amount of FAQ will help these people. And this also results in hasty refund requests and even worse, chargebacks that take 2x the amount the users paid out of my pocket.
I recently helped my brother launch a simple app for making any window a PiP window (https://lowtechguys.com/pipiri) and in the first two days, half of the sales turned into refunds exactly because of this issue. People had so many menubar icons that they thought the app just doesn't work. Not an encouraging launch for his first app.
Not to mention the fact that the best solution that helped alleviate this, the Bartender app, was completely broken by Apple's internal API changes in macOS Tahoe.
This could have been handled better.\n— alin23\n
287 points | 245 comments
\n\n\n\nCursor has been my main AI tool for over a year now.\nI've been trying to use Claude Code seriously for over a month, but every time I do it, I get the impression that it would take me less work to do with Cursor.
I'm on the enterprise plan, so it can get pricey. This is why I used to stick mostly to auto mode.
Now Composer 2 has taken over as my default model. It is not as intelligent as OpenAI's or Anthropic's flagship models, but I feel it has as good as or better intuition. With way better pricing. It can get stuck in more complex tasks though.
Being able to get in the loop, stop and instruct or change models makes all the difference. And that is why I've stayed in the editor mode until now. Let's see if 3.0 changes that.\n— athoscouto\n
Artemis computer running two instances of MS outlook; they can't figure out why
\n\n\n\n322 points | 236 comments
\n\n\n\nThis talk about off-the-shelf hardware in space makes me wonder, given the clear line of sight, if it would be possible to detect their Wi-Fi access points' beacons from Earth. I'm not a \"radio guy\" and don't know if this would be impossible, simply on the basis of physics, due to the presumably low radiated power from the APs and the limitations of the size of typical antennas on the ground. (Obviously it's possible with the right equipment. We can communicate with the Voyager probes, but that's not with a \"can-tenna\" and an off-the-shelf Wi-Fi card...)\nEdit: Anybody know how difficult it would be to keep an antenna pointed at them? I have no intuition for how fast their transit would be. I assume, since an orbit is around 90 minutes, pretty damned fast.
Edit 2: Some search-engining and back-of-the-envelope not-very-good-at-trig math says the longest possible transit would be about 5 minutes, moving though about 40 degrees of arc / minute. I'm probably completely talking out my ass, though.
It feels like it would be do-able to keep a directional antenna trained on a target moving at that speed.\n— EvanAnderson\n
Artemis II will use laser beams to live-stream 4K moon footage at 260 Mbps
\n\n\n\n323 points | 145 comments
\n\n\n\nThis in particular warmed my grumpy heart after the best footage of the launch came from a commercial airliners windows.\nI had assumed they would've had a better plan to film the entire departure from orbit yesterday.
I'm at least happy they have one for the loop around the moon.\n— bnchrch\n
Delve allegedly forked an open-source tool and sold it as its own
\n\n\n\n270 points | 138 comments
\n\n\n\nWhat probably happened here is depressingly common in early-stage startups. Someone finds an open source tool that does 80% of what they need, forks it, strips the branding, and then ships it. Nobody thinks about the license because the company is in \"move fast\" mode and there's no process for it yet.\nSure, the Apache 2.0 allows this, but the mistake is that when someone asked \"is this based on SimStudio?\" the answer was \"we built it ourselves\" instead of \"yes, it's a fork, here's what we added.\" It went from a fixable attribution oversight to a credibility problem. You can retroactively add a LICENSE file, but can't take the lie back.\n— saadn92\n
Good ideas do not need lots of lies in order to gain public acceptance (2008)
\n\n\n\n248 points | 102 comments
\n\n\n\nInteresting that this quote was initially about stock options at tech companies. It turned out that stock options did become nearly universal in tech compensation, and companies that granted them outcompeted companies that did not. So the management that was ostensibly “doing a massive blag at the expense of shareholders” wasn’t really, time vindicated their practices and things like option backdating and not treating them as an expense weren’t even really necessary, but it took a few years. It wasn’t obvious in 2002 that this is how it would play out.\nAnd relevant to the title quote: maybe it should be amended to “good ideas do not need a lot of lies to gain public acceptance eventually”. The dynamic here is that a significant part of public opinion is simply “well, this is how things work now, and it seems to be working”, and any new and innovative idea by definition is not going to be how things work now. The lies are needed to spur action and disturb the equilibrium of today. But if you’re still telling lies a few years in, you’ve failed and it’s a bad idea to begin with.\n— nostrademons\n
Live: Artemis II Launch Day Updates
\nhttps://www.youtube.com/live/Tf_UjBMIzNo\n\n\n638 points | 607 comments
\n\n\n\nApril 6: flyby\nApril 10: splashdown
After that, the exciting work will be in Starship making LEO and testing propellant transfer (a humanity first) [1] and Blue Origin testing its rocket and lunar lander [2], both scheduled for 2026, to enable Artemis II (EDIT: III), currently scheduled—optimistically, in my opinion—for next year.
[1] https://en.wikipedia.org/wiki/List_of_Starship_launches#Futu...
[2] https://en.wikipedia.org/wiki/Blue_Moon_Pathfinder_Mission_1\n— JumpCrisscross\n
EmDash – A spiritual successor to WordPress that solves plugin security
\n\n\n\n464 points | 333 comments
\n\n\n\nThis is very interesting. I've worked with WordPress on and off for 10 years, and I'm convinced that this project has got 2 things absolutely spot on. TypeScript and Worker plugins.\nI've given the security, or lack of, WP a lot of thought recently. In WP malicious plugin has access to the database, enfironment variables, rendering text on screen (think XSS). Luckily, a thoughtfully designed plugin system can mitigate all of those issues.
I've been working on a headless CMS in my spare time that is eirily similar to EmDash in a few ways. It's in very early development, but I will share regardless. It's called HotsauceCMS - https://github.com/hotsauce-team/hotsauce
- I went with optional NodeJS or Deno Worker plugins, this means that first-party plugins can benefit from the speed of in-process, and other plugins can be run in Workers. For fine grained permission control, you can use Deno Workers.
- I went with absolute minimal dependencies, I am so fed up with Dependabot alerts and npm supply chain hacks. My CMS has only 4 dependencies, 0 transistive dependencies.
- It's Drizzle schema first, and headless. So you have full controll of the database structure, use cms hints in your schema for features like file upload.
- It's database-agnostic, so it works with any Drizzle-supported database (Postgres, MySQL, SQLite)
- Being headless, you can use any frontend, my preference is JSX w/o react, but anything goes.
Feedback is absolutely welcomed on HotsauceCMS, did I miss a trick, am I on the right track?
Anyway, congratulations on EmDash. I'll be following closely, excited to see how the next few months unfold.\n— earthlingdavey\n
DRAM pricing is killing the hobbyist SBC market
\n\n\n\n303 points | 235 comments
\n\n\n\nIn the Dwarkesh podcast with Semi-Analysis's Dylan Patel they forecast the phone market will shrink by 50% this year because of RAM prices:\nBut that’s the high end of the market, which is only a few hundred million phones a year. Apple sells two or three hundred million phones annually. The bulk of the market is mid-range and low-end. It used to be that 1.4 billion smartphones were sold a year. Now we’re at about 1.1 billion. Our projections are that we might drop to 800 million this year, and down to 500 or 600 million next year.
We look at data points out of China from some of our analysts in Asia, Singapore, Hong Kong, and Taiwan. They’ve been tracking this, and they see Xiaomi and Oppo cutting low-end and mid-range smartphone volumes by half.
Yes, it’s only a $150 BOM increase on a $1,000 iPhone where Apple has some larger margin. But for smaller phones, the percentage of the BOM that goes to memory and storage is much larger. And the margins are lower, so there’s less capacity to even eat the margins. And they have also generally tended not to do long-term agreements on memory.
Why this is a big deal is that if smartphone volumes halve, that drop will happen in the low and mid-range, not the high end.\n— nl\n
Steam on Linux Use Skyrocketed Above 5% in March
\n\n\n\n327 points | 134 comments
\n\n\n\nI've probably said this a bunch of times already, but based on my past experience, any analysis built on month-to-month changes in the Steam Hardware Survey should be taken with a very large grain of salt, if not considered outright useless for any serious conclusions.\nThe clue is already in the article itself. The author notes that \"part of the jump at least appears to be explained by Valve correcting again the Steam China numbers.\" If you actually think about what that implies, it raises more questions than answers. A 31.85% monthly drop is obviously not organic, so yes, it makes sense to call it a \"correction.\" But then why was the previous month's data so far off in the first place? Is there something fundamentally flawed in the survey methodology, like sampling bias, non-uniform distribution, regional skew, or something else?
And if this kind of correction happens this month, what's stopping it from happening in previous months? The reality is: it does happen all the time. You can usually spot at least one clearly unrealistic data point in almost every release.
At that point, it's hard to argue there's any real value in trying to analyze these results in a rigorous way.\n— thrdbndndn\n
304 points | 403 comments
\n\n\n\nSpaceX has reduced the cost of getting a ton of mass into orbit by a factor of 10 and with their new system (Starship) it's poised further reduce that to 100x. They launch, land and re-use their rockets so often now that what was considered impossible 15 years ago is now routine. They currently put more things into space than the rest of the world combined and by a huge margin. They also have the most advanced internet infrastructure in the world and are poised to replace legacy ISPs and even mobile carriers in the coming decade. Oh, and they're doing all this while making a profit ($16B last year) despite their massive R&D spending and even with the money sink that is xAI their profits will be higher this year. It's hard to say that this isn't one of the most innovative and fast moving companies in the world. $1.75T maybe seems excessive, but less so than a lot of other companies out there.\n— indoordin0saur\n\n
Artemis II lifts off: four astronauts begin 10-day lunar mission
\n\n\n\n274 points | 1 comments
\n\n\n\nComments moved to https://news.ycombinator.com/item?id=47603657.\n— tomhow\n\n
The Weather Channel – RetroCast
\n\n\n\n256 points | 43 comments
\n\n\n\nI love how it's built. How they did the blurring and filter stacking. I assumed the whole thing was being streamed in as video.\nGood job Weather Channel dev. I just wish it would loop forever. Make a loop checkbox at the start screen.
Also the music slaps.\n— sigspec\n
I Am Not A Number. In memory of the more than 72,000 Palestinians killed
\n\n\n\n254 points | 50 comments
\n\n\n\nThe presentation is powerfully well executed and by itself alone is a worthy submission.\nThat every mouse movement highlights lives lost is harrowing. Grains of sand on the beach, each with their own world and community.
Shame on the flaggers.\n— sethammons\n
248 points | 86 comments
\n\n\n\nRPKI doesn't make BGP safe, it makes it safer. BGP hijacks can still happen.\nRPKI only secures the ownership information of a given prefix, not the path to that prefix. Under RPKI, an attacker can still claim to be on the path to a victim AS, and get the victim's traffic sent to it.
The solution to this was supposed to be BGPSec, but it's widely seen as un-deployable.\n— maltalex\n
Please only post if you personally are part of the hiring company—no\nrecruiting firms or job boards. One post per company. If it isn't a household name,\nexplain what your company does.
Please only post if you are actively filling a position and are committed\nto replying to applicants.
Commenters: please don't reply to job posts to complain about\nsomething. It's off topic here.
Readers: please only email if you are personally interested in the job.
Searchers: try https://nthesis.ai/public/hn-who-is-hiring, http://nchelluri.github.io/hnjobs/, https://hnjobs.emilburzo.com,\nor this (unofficial) Chrome extension:\nhttps://chromewebstore.google.com/detail/hn-hiring-pro/mpfal....
Don't miss this other fine thread: Who wants to be hired? https://news.ycombinator.com/item?id=47601858\n\n\n
237 points | 201 comments
\n\n\n\nLago (YC S21) | Europe+USA | Remote or Hybrid | Full-time |\nThe AI-Native, Open-source, usage-based billing platform. Lago is now trusted by CoreWeave, Synthesia, Groq, PayPal and Mistral AI to manage their billing. YC & FirstMark backed.
Open Roles Include:
- Account Executive (Remote USA)
- Product Engineer (Growth/Building AI Agents)(Europe or USA)
- Product Engineer (Core product)
- Infrastructure Engineer (Remote Europe, Canada or Brazil)
Lago Website: https://getlago.com/hiring\nYC Jobs Page: https://www.ycombinator.com/companies/lago
Looking forward to seeing some great applications!\n— AnhTho_FR\n
The Claude Code Source Leak: fake tools, frustration regexes, undercover mode
\nRelated ongoing thread: Claude Code's source code has been leaked via a map file in their NPM registry - https://news.ycombinator.com/item?id=47584540Also related: https://www.ccleaks.com\n\n\n
792 points | 329 comments
\n\n\n\nThere are now several comments that (incorrectly?) interpret the undercover mode as only hiding internal information. Excerpts from the actual prompt[0]:\n\nThis very much sounds like it does what it says on the tin, i.e. stays undercover and pretends to be a human. It's especially worrying that the prompt is explicitly written for contributions to public repositories.NEVER include in commit messages or PR descriptions:\n - The phrase \"Claude Code\" or any mention that you are an AI\n - Co-Authored-By lines or any other attribution\n\n BAD (never write these):\n - 1-shotted by claude-opus-4-6\n - Generated with Claude Code\n - Co-Authored-By: Claude Opus 4.6 <…>\n[0]: https://github.com/chatgptprojects/claude-code/blob/642c7f94...\n— mzajc\n
677 points | 564 comments
\n\n\n\nThe bulk of the comments in here are focused on comparing Larry Ellison to a lawn mower, so I'll try a new tack and say that I'm genuinely confused at what the value prop of Oracle is.\nGiven the history of their business model being licensing of important databases that are hard to switch off of, I've actually made a point to avoid using Oracle as much as possible (even so far as to leave MySQL when they acquired it, and I've never started a fresh project in Java, which they used to drive a lawsuit they had with Google).
From my chair, they make an expensive database they try to sell to golf executives. There are innumerable equal (better?), free alternatives, and most startups are founded by broke coders in bedrooms that choose those instead and stick with the devil they know. And they have an un-competitive cloud service? Enlighten me on what I would use Oracle for, I'm genuinely curious.\n— kyledrake\n
Claude Code Unpacked : A visual guide
\nRelated ongoing threads:The Claude Code Source Leak: fake tools, frustration regexes, undercover mode - https://news.ycombinator.com/item?id=47586778 - March 2026 (406 comments)
Claude Code's source code has been leaked via a map file in their NPM registry - https://news.ycombinator.com/item?id=47584540 - March 2026 (956 comments)
Also related: https://www.ccleaks.com\n\n\n
333 points | 70 comments
\n\n\n\nEven today, I'm still astounded that there are people capable of building a gorgeous and interesting site like this in less than 2 days...\n— brauhaus\n\n
Microsoft: Copilot is for entertainment purposes only
\n\n\n\n464 points | 170 comments
\n\n\n\nAnthropic does a somewhat similar thing. If you visit their ToS (the one for Max/Pro plans) from a European IP address, they replace one section with this:\nNon-commercial use only. You agree not to use our Services for any commercial or business purposes and we (and our Providers) have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.
It's funny that a plan called \"Pro\" cannot be used professionally.
405 points | 105 comments
\n\n\n\nIs the pre-2018 data actually accurate? There seem to have been a number of outages before then: https://hn.algolia.com/?dateEnd=1545696000&dateRange=custom&...\nMaybe that's just the date when they started tracking uptime using this sytem?\n— fishtoaster\n
OpenAI closes funding round at an $852B valuation
\nhttps://openai.com/index/accelerating-the-next-phase-ai\n\n\n330 points | 292 comments
\n\n\n\nNo, they didn't raise $122B as the HN title implies. A big chunk of that $122B is a \"maybe\" that depends on various things that need to happen in the future.\nOh, man... I can't wait to see where this is going. Might not be pretty after all.\n— simonebrunozzi\n
OkCupid gave 3M dating-app photos to facial recognition firm, FTC says
\n\n\n\n363 points | 80 comments
\n\n\n\nAt this point, nearly every online service should be considered hostile. If they can make a small amount of money by compromising your privacy or your identity, they will. If they can make a small amount of money by stealing your attention and addicting you, they will.\nAre there exceptions? I'm sure. Will I be erring sometimes by being cautious? Definitely. But, there is really not much of an alternative these days.\n— everdrive\n
A dot a day keeps the clutter away
\n\n\n\n302 points | 85 comments
\n\n\n\nFirst, great system. Second, I am going to pine for an electronic version and having read the post I get it. Feel free to laugh and read the next comment. That said there are two aspects to this system that come to mind immediately:\n- The value of the information: This is the purpose of the dots and, I think the stated reason for the dots.
- The value of the process: If you did this and didn't have the final dot information, would it still be valuable in some way? I suspect there is value here in creating friction that helps you consider your environment more.
- But clearly there is also a cost (so, three things came to mind. sue me!). The cost would be stickers on my junk. I generally don't like that.
So call the cost and the value of the process a wash and you are left with 'can I get the value of the information without the cost or at a substantially lower cost?' That is, I think, an argument for AR. I'd love a version of this where I could tag a lot of things and gather my own usage data without putting stickers on my stuff. How often did I wear x, or use y? Did I actually eat 4k calories in fried chicken two weeks ago? Of course the privacy concerns here are the main stopper for me but when local compute is cheap enough AR tagging, like these dots, is something I definitely would try.\n— jmward01\n
Open source CAD in the browser (Solvespace)
\n\n\n\n335 points | 103 comments
\n\n\n\nSolveSpace is a wonderfully different take on parametric CAD, but development has really slowed, and it seems fundamentally incapable of some pretty rudimentary features (like chamfers[0]). Dune 3D[1] seems like a pretty effective spiritual successor.\n0: https://github.com/solvespace/solvespace/issues/149
1: https://dune3d.org/\n— MrDOS\n
Claude Code users hitting usage limits 'way faster than expected'
\n\n\n\n301 points | 188 comments
\n\n\n\nRecently after noticing how quickly limits are consumed and reading others complaints about same issue on reddit I was wondering how much about this is real error or bug hidden somewhere and how much it's about testing what threshold of constraining limits will be tolerated without cancelling accounts. Eventually, in case of \"shit hits the fan\" situation it can be always dismissed by waving hands and apologizing (or not) about some abstract \"bug\".\nThe lack of transparency and accountability behind all of this is incredible in my perception.\n— pxtail\n
Axios compromised on NPM – Malicious versions drop remote access trojan
\n\n\n\n718 points | 230 comments
\n\n\n\nPSA: npm/bun/pnpm/uv now all support setting a minimum release age for packages.\nI also have `ignore-scripts=true` in my ~/.npmrc. Based on the analysis, that alone would have mitigated the vulnerability. bun and pnpm do not execute lifecycle scripts by default.
Here's how to set global configs to set min release age to 7 days:
\n(Side note, it's wild that npm, bun, and pnpm have all decided to use different time units for this configuration.)~/.config/uv/uv.toml\n exclude-newer = \"7 days\"\n\n ~/.npmrc\n min-release-age=7 # days\n ignore-scripts=true\n \n ~/Library/Preferences/pnpm/rc\n minimum-release-age=10080 # minutes\n \n ~/.bunfig.toml\n [install]\n minimumReleaseAge = 604800 # seconds\nIf you're developing with LLM agents, you should also update your AGENTS.md/CLAUDE.md file with some guidance on how to handle failures stemming from this config as they will cause the agent to unproductively spin its wheels.\n— postalcoder\n
How to turn anything into a router
\n\n\n\n413 points | 158 comments
\n\n\n\nThis is a great writeup! Perhaps I can put in a plug for the create_ap script which I have been maintaining for many years (http://github.com/dlenski/create_ap).\nIt's a shell script that allows you to turn any ol' Linux computer into a WiFi router in one quick command-line:
By default, it will setup your WiFi card as an access point (allows WPA2/3, MAC filtering, etc), setup packet forwarding and routing, and run a DHCP and DNS server. It will generally pick sensible defaults, but it's also highly customizable. If your WiFi card supports simultaneous AP and client mode, it will allow that.
Its requirements are extremely minimal: basically just Linux, a compatible wireless card, and a few common configuration packages (hostapd, iw, iproute2, iptables, dnsmasq). No NetworkManager needed.
I used it as my own home Internet gateway for many years, running on an ancient fanless Atom mini-PC.
Because it can quickly setup and teardown WiFi networks on-the-fly, it's also a valuable tool for setting up test networks when reverse-engineering IoT devices. I use it frequently for this purpose (see https://snowpatch.org/posts/i-can-completely-control-your-sm...).\n— dlenski\n
364 points | 125 comments
\n\n\n\nWriting (unassisted) is probably the first step towards your own independent thoughts.\nI'm reminded of that scene in \"Ghost in the Shell\" where some guy ask the Major why he is on the team (full of cyborgs) and she responds something along the line of \"Because you are basically un-enhanced (maybe without a ghost?) and are likely to respond differently then the rest of us; Overspecialization is death.\"
I think a diversity of opinion is important for society. I'm worried that LLM's are going to group-think us into thinking the same way, believing the same things, reacting the same way.
I wonder if future children will need to be taught how to purposely have their own opinions; being so used to always asking others before even considering things on their own? The LLM will likely reach a better conclusion than you would on your own, but there is value in diverging from the consensus and thinking your own thoughts.
https://stephencagle.dev/posts-output/2025-10-14-you-should-...\n— stephen_cagle\n
Fedware: Government apps that spy harder than the apps they ban
\n\n\n\n422 points | 128 comments
\n\n\n\nI’m surprised to see no comments on this yet:\n[The White House app] ships with 3 embedded trackers including Huawei Mobile Services Core (yes, the Chinese company the US government sanctioned, shipping tracking infrastructure inside the sitting president's official app)
The executive branch has decided this company is so dangerous I can’t buy a monitor made by them - but it’s embedding its SDK in its official app?!
I realize the decision makers probably don’t even know it’s there - it was just added by whatever contractor built the app, but that’s arguably even worse.
And I have absolutely no doubt that if it was discovered in a political opponent’s app, and the administration wanted to harm them, there would be no compunction about using that fact against them.\n— jrmg\n
CodingFont: A game to help you pick a coding font
\n\n\n\n309 points | 179 comments
\n\n\n\nSomething I never liked about this game is its showing it in your browser at your chosen font size.\nChrome (assuming you're using Chrome) draws it a specific way. This does not match how Freetype (using typical tuning) or DirectWrite draws it. Chrome's choices in font renderer tuning and blending makes it kind of split the difference between Windows-style and OSX-style, and isn't native to either.
What it should be doing is showing you lossless screenshots of actual in-app renders at different sizes. Some in Chrome (to represent the Electron apps), some in DirectWrite, some in OSX post-Retina, etc.
Some fonts look amazing at larger sizes, but are unreadable at smaller ones. Some perform exceptionally well at smaller sizes. Some look great on every font renderer but OSX's, but some only look right on OSX and look bad everywhere else.
I've sorta played this game with myself, in a semi-objective way: take a bunch of fonts, ignore the subjective art nature of them, and throw them at a bunch of common renderers and see what the optimal size is, and then sort by smallest legible size.
If we define Fira Code, the most popular code font out there, as the bare minimum, 8 of the ones I tested beat it, while 17 were worse.
https://github.com/Diablo-D3/dotfiles/blob/master/fontsizes....\n— DiabloD3\n
299 points | 186 comments
\n\n\n\nI haven't kept up with Artemis development but I've read extensively about Challenger and Columbia. These two parts of the article stood out to me:\n> Moon-to-Mars Deputy Administrator Amit Kshatriya said: “it was very small localized areas. Interestingly, it would be much easier for us to analyze if we had larger chunks and it was more defined”. A Lockheed Martin representative on the same call added that \"there was a healthy margin remaining of that virgin Avcoat. So it wasn’t like there were large, large chunks.”
Followed by:
> The Avcoat material is not designed to come out in chunks. It is supposed to char and flake off smoothly, maintaining the overall contours of the heat shield.
This is echoes both Shuttle incidents. Challenger: no gasses were supposed to make it past the o-rings no matter what, but when it became clear that gasses were escaping and the o-rings were being damaged, there was a push to suggest that it's an acceptable level.
There was a similar situation with heat shield damage and Columbia.
In both cases some models were used to justify the decision, with wild extrapolations and fundamentally, a design that wasn't expected to fail in that mode /at all/.
I know the points that astronauts make about the importance of manned space exploration, but I agree with this author that it seems to make sense to run this as an unmanned mission, and probably test the new heat shield which will replace the Artemis II design in an unmanned re-entry as well.\n— oritron\n
337 points | 421 comments
\n\n\n\n> RAM prices are crashing because new models won’t need as much\nReality begs to differ [0] and following the link for that text goes to an article [1] where they talk about Google's TurboQuant which supposedly will lower the RAM requirements. Now if that means RAM prices come down (as speculated, not reported on, in the link) or the AI companies just do more things with their extra ram is yet to be determined. The fact this article links there with text \"RAM prices are crashing\" throws the entire rest of the article into doubt for me.
RAM prices are most certainly not crashing (yet) and treating it as a forgone conclusion because _one_ lab found gains could be made and hasn't even reported on the efficiency of their method is just irresponsible. It's almost as bad as when LLMs link things to prove their point, you visit the link, and find it says nothing of the sort or even the opposite.
[0] https://pcpartpicker.com/trends/price/memory/
[1] https://tech.sportskeeda.com/gaming-news/how-google-s-new-tu...\n— joshstrange\n
Claude Code's source code has been leaked via a map file in their NPM registry
\n\n\n\n356 points | 176 comments
\n\n\n\nThey have an interesting regex for detecting negative sentiment in users prompt which is then logged (explicit content): https://github.com/chatgptprojects/claude-code/blob/642c7f94...\nI guess these words are to be avoided...\n— bkryza\n
1.5M GitHub pull requests have had ads injected into them by Microsoft Copilot
\n\n\n\n325 points | 10 comments
\n\n\n\nrelated: https://news.ycombinator.com/item?id=47570269\nresponse from timrogers (product manager at github):
\"Tim from the Copilot coding agent team here. We've now disabled these tips in pull requests created by or touched by Copilot, so you won't see this happen again for future PRs.
We've been including product tips in PRs created by Copilot coding agent. The goal was to help developers learn new ways to use the agent in their workflow. But hearing the feedback here, and on reflection, this was the wrong judgement call. We won't do something like this again.\"
https://news.ycombinator.com/item?id=47573233\n— john_strinlai\n
Ollama is now powered by MLX on Apple Silicon in preview
\n\n\n\n342 points | 166 comments
\n\n\n\nI created \"apfel\" https://github.com/Arthur-Ficial/apfel a CLI for the apple on-device local foundation model (Apple intelligence) yeah its super limited with its 4k context window and super common false positives guardrails (just ask it to describe a color) ... bit still ... using it in bash scripts that just work without calling home / out or incurring extra costs feels super powerful.\n— franze\n\n
Copilot edited an ad into my PR
\n\n\n\n490 points | 157 comments
\n\n\n\nThis \"ad\" is not exactly new. Looks like MS thinks it's a \"tip\" rather than an ad. I don't know if Raycast team even knows about this.\nhttps://github.com/PlagueHO/plagueho.github.io/pull/24#issue... Copilot has been adding \"(emoji) (tip)\" thing since May 2025. GitHub copilot was released in May 2025, so basically it has had an ad since beginning.
There are 1.5m of these things in GitHub. https://github.com/search?q=%22%3C%21--+START+COPILOT+CODING...
Here are some of them:
https://github.com/johannesPP/FS-Calculator/pull/2
> Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.
https://github.com/sharthomas645-tech/HybridAI-Next-React-Vi...
> Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.
Looks like MS really want to \"give tips\" about their new integrations.
edit: I think it's an ad too. Everyone would think so, except for MS.\n— plastic041\n
ChatGPT won't let you type until Cloudflare reads your React state
\n\n\n\n338 points | 249 comments
\n\n\n\nHey! I'm Nick, and I work on Integrity at OpenAI. These checks are part of how we protect our first-party products from abuse like bots, scraping, fraud, and other attempts to misuse the platform.\nA big reason we invest in this is because we want to keep free and logged-out access available for more users. My team’s goal is to help make sure the limited GPU resources are going to real users.
We also keep a very close eye on the user impact. We monitor things like page load time, time to first token and payload size, with a focus on reducing the overhead of these protections. For the majority of people, the impact is negligible, and only a very small percentage may see a slight delay from extra checks. We also continuously evaluate precision so we can minimize false positives while still making abuse meaningfully harder.\n— MyNameIsNickT\n
Voyager 1 runs on 69 KB of memory and an 8-track tape recorder
\n\n\n\n397 points | 159 comments
\n\n\n\nVoyager 1 & 2 is one of my favourite human science achievements, not even so much from technology standpoint, as it's relatively simple compared to what we have now (although that's one of the charms), but just the fact that it's so far away, it still more or less works long after the scheduled mission end time, we can communicate with it and despite all the modern technology progress, it would take decades to catch up. Absolutely amazing and inspiring!\n— pkorzeniewski\n\n
471 points | 103 comments
\n\n\n\nBut it’s already widespread in Europe, or at least in the Netherlands. Amsterdam Airport uses it, as do the Dutch police and the Dutch army. So shouldn’t it be: kick out Palantir?\n— niekiepriekie\n\n
252 points | 117 comments
\n\n\n\nThis article makes no real sense to me.\n>You think of something new and express it - through a prompt, through code, through a product - it enters the system. Your novel idea becomes training data. The sheer act of thinking outside the box makes the box bigger.
This was the same before, if you had a novel idea and make a product out of it others follow. Especially for LLMs, they are not (till now) learning on the fly. Claude Opus 4.6 knowledge cut off was August 2025, so every idea you type in after this date is in the training data but not available, so you only have to be fast enough. Especially LLMs/AI-Agents like Claude enable this speed you need for bringing out something new.
The next thing is that we also have open source and open weight models that everyone of use with a decent consumer GPU can fine-tune and adapt, so its not only in the hands of a few companies.
>We will again build and innovate in private, hide, not share knowledge, mistakes, ideas.
Why should this happen? The moment you make your idea public, anyone can build it. This leads to greater proliferation than before, when the artificial barrier of having to learn to code prevented people from getting what they wanted or what they wanted to create.\n— Skyy93\n
Police used AI facial recognition to wrongly arrest TN woman for crimes in ND
\n\n\n\n206 points | 74 comments
\n\n\n\nWithout even looking at the AI part, I have a single question: Did anybody investigate? That's it.\nWhether it's AI that flagged her, or a witness who saw her, or her IP address appeared on the logs. Did anybody bothered to ask her \"where were you the morning of july 10th between 3 and 4pm. But that's not what happened, they saw the data and said \"we got her\".
But this is the worst part of the story:
> And after her ordeal, she never plans to return to the state: “I’m just glad it’s over,” she told WDAY. “I’ll never go back to North Dakota.”
That's the lesson? Never go back to North Dakota. No, challenge the entire system. A few years back it was a kid accused of shoplifting [0]. Then a man dragged while his family was crying [1]. Unless we fight back, we are all guilty until cleared.
[0]: https://www.theregister.com/2021/05/29/apple_sis_lawsuit/
[1]: \nhttps://news.ycombinator.com/item?id=23628394\n— firefoxd\n
294 points | 136 comments
\n\n\n\nIt probably goes against Vim tradition, culture and freedom to choose, but I wish they added even more built-in features (like Helix) that are currently implemented in competing and sometimes brittle plugins and have to be put together into also competing vim starter packs and distros of plugins and config files just to have a modern setup out of the box.\n— imjonse\n\n
Full network of clitoral nerves mapped out for first time
\n\n\n\n251 points | 88 comments
\n\n\n\n> the clitoris did not even make it into standard anatomy textbooks until the 38th edition of Gray’s Anatomy was published in 1995.\nThis seemed surprising, as it hews too close to an annoying meme in feminism and history generally, that people in prior eras were idiots. And it turns out to be wrong. The clitoris was in Gray's Anatomy until 1947, when it was removed by the editor Charles Goss for the 25th edition. See https://projects.huffingtonpost.com/projects/cliteracy/embed... Indeed, the clitoris had been depicted in Classical medical books.
Why it was removed--and stayed removed for nearly 50 years--would make for an interesting story about mid-century culture, if not for a cynical throwaway comment, though it seems nobody knows Goss' actual motivations.\n— wahern\n
Philly courts will ban all smart eyeglasses starting next week
\n\n\n\n227 points | 80 comments
\n\n\n\nMy local county is currently in a dispute with the local bar association because they want to upgrade the courthouse security cameras and the sheriff wants to add audio capabilities. This includes to parts of the building just outside the courtroom that counsel will frequently use for brief asides with their clients (due to lack of other private rooms). The county seems to favor adding the microphones and pinky swearing they won't use them and that public records requests won't be used to listen in on privileged communication, but it's obvious how difficult that would be to trust. They keep putting off a decision because they don't want to piss off the lawyers.\n— plorg\n\n
New Apple Silicon M4 and M5 HiDPI Limitation on 4K External Displays
\n\n\n\n253 points | 123 comments
\n\n\n\nSend it to Tim Cook email. It worked for me fixing DisplayPort DSC bug. After Catalina, later MacOSes lost ability to drive monitors at higher than 60Hz refresh.\nApple support tortured me with all kinds of diagnostics, with WontFix few weeks later. Wrote email and it got fixed in Sonoma :)
https://egpu.io/forums/mac-setup/4k144hz-no-longer-available...\n— nuker\n
Founder of GitLab battles cancer by founding companies
\n\n\n\n706 points | 168 comments
\n\n\n\nThis is the most supremely motivating post I've seen in a long time. I know what it is to be diagnosed with cancer, being rushed to surgery - it's amazing how quickly the medical-industrial complex can move once you've got a diagnosis (at least in Australia). I had a short period of contemplating terminally, because cancer claimed the life of most of my family. Thankfully, after surgery it was gone.\nTo see Sid use his motivation and resources to solve his own problem is the core message (IMHO) of the hacker community.
It makes me look at my own problem (Peyronies) in a different light; a disease which has affected my life in ways which cannot be overstated. Yet, all the money in the world right now can't fix Peyronies - yet in reading his journey my mind has been changed about this.
His slide title: \"I'll talk to anyone, I'll go anywhere, and I can be there anytime\" is certainly the mindset!
Thanks for posting this - I'm inspired to take similar action for Peyronie's. Anything is possible.\n— appstorelottery\n
Spanish legislation as a Git repo
\n\n\n\n608 points | 186 comments
\n\n\n\nIn France, not only our law are versioned. \nIt's formally proved too!\n*Edit*: Woah ! The French crew is here. We are at least 5 quoting a variation of <https://www.legifrance.gouv.fr/> for versioning.\n— _ache_\n
AI overly affirms users asking for personal advice
\nhttps://arxiv.org/abs/2602.14270\n\n\n372 points | 296 comments
\n\n\n\nA pastime I have with papers like this is to look for the part in the paper where they say which models they tested. Very often, you find either A) it's a model from one or more years ago, only just being published now, or B) they don't even say which model they are using. Best I could find in this paper:\n> We evaluated 11 user-facing production LLMs: four proprietary models from OpenAI, Anthropic, and Google; and seven open-weight models from Meta, Qwen, DeepSeek, and Mistral.
(and graphs include model _sizes_, but not versions, for open weight models only.)
I can't apprehend how including what model you are testing is not commonly understood to be a basic requirement.\n— anorwell\n
I decompiled the White House's new app
\n\n\n\n373 points | 137 comments
\n\n\n\nA bit skeptical of how this article is written as it seems to be mostly written by AI. Out of curiosity, I downloaded the app and it doesn't request location permissions anywhere, despite the claims in the article.\nI've noticed Claude Code is happy to decompile APKs for you but isn't very good at doing reachability analysis or figuring out complex control flows. It will treat completely dead code as important as a commonly invoked function.\n— iancarroll\n
192 points | 50 comments
\n\n\n\nIn 2006, Ars Technica published an April Fool's article[0] declaring that the perennially-forthcoming Duke Nukem Forever would finally see the light of day... as... a browser game! Ho ho, how droll.\nCrazy to see how far we've come.
[0]: https://arstechnica.com/gaming/2006/04/forever/\n— MrDOS\n
South Korea Mandates Solar Panels for Public Parking Lots
\n\n\n\n287 points | 165 comments
\n\n\n\nThe solar covered parking lots near me are great because they also serve as cover for your car when it’s hot and sunny.\nIt’s not the most cost effective way to install solar, though. A tall structure designed to put the panels high up in the air and leave a lot of space for cars is a lot more expensive than normal rooftop solar or even field setups. This is basically a way to force some of the cost of clean energy as a tax on parking lots. Which may not be a bad thing for dense cities where parking lots have their own externalities on the limited available land.\n— Aurornis\n
Folk are getting dangerously attached to AI that always tells them they're right
\n\n\n\n260 points | 206 comments
\n\n\n\nWhen a LLM tells me I'm right, especially deep in a conversation, unless I was already sure about something, I immediately feel the need to go ask a fresh instance the question and/or another LLM. It sets off my \"spidey-sense\".\nI don't quite understand why other people seem to crave that. Every time I read about someone who has gone down a dark road using LLMs I am constantly amazed at how much they \"fall\" for the LLM, often believing it's sentient. It's just a box of numbers, really cool numbers, with really cool math, that can do really cool things, but still just numbers.\n— joshstrange\n
Further human + AI + proof assistant work on Knuth's \"Claude Cycles\" problem
\nKnuth Claude's Cycles note update: problem now fully solved, by LLMs - https://news.ycombinator.com/item?id=47306926 - March 2026 (2 comments)https://chatgpt.com/share/69aaab4b-888c-8003-9a02-d1df80f9c7...
Claude's Cycles [pdf] - https://news.ycombinator.com/item?id=47230710 - March 2026 (362 comments)\n\n\n
201 points | 130 comments
\n\n\n\nI've always said this but AI will win a fields medal before being able to manage a McDonald's.\nMath seems difficult to us because it's like using a hammer (the brain) to twist in a screw (math).
LLMs are discovering a lot of new math because they are great at low depth high breadth situations.
I predict that in the future people will ditch LLMs in favor of AlphaGo style RL done on Lean syntax trees. These should be able to think on much larger timescales.
Any professional mathematician will tell you that their arsenal is ~ 10 tricks. If we can codify those tricks as latent vectors it's GG\n— vatsachak\n
197 points | 43 comments
\n\n\n\nThis article was painful to read because of all the misconceptions. A cpio archive is not a filesystem. Author uses initramfs, which is based on tmpfs. Linux can extract cpio to tmpfs. An archive of files and directories is in itself not a program.\nJust because something looks similar doesn't mean it's equivalent. Binary programs are executed on the CPU, so if there's an interpreter involed it's hiding in the hardware environment. That's outside the scope of an OS kernel.
If you have a shell script in your filesystem and run it, you need to also provide the shell that interprets the script. Author omits this detail and confuses the kernel with the shell program.
Linux can easily be compiled without support for initramfs and ramdisk. It can still boot and run whatever userland sits in the filesystem.
\"Linux initrd interpreter\" hurts my brain. That's not how it works.
Edit: should've read further. Still a backwards way of explaining things imho.\n— tosti\n
The first 40 months of the AI era
\n\n\n\n190 points | 111 comments
\n\n\n\n> While I’m certain that this technology is producing some productivity improvements, I’m still genuinely (and frustratingly) unsure just how much of an improvement it is actually creating.\nI often wonder how much more productive I'd be if just a fraction the effort and money poured into LLMs was spent on better API documentation and conventional coding tools. A lot of the time, I'm resorting to using an AI because I can't get information on how the current API of some-thing works into my brain fast enough, because the docs are non existent, outdated, or scattered and hard to collate.\n— theteapot\n
https://github.com/settings/copilot/features\n\n\n
627 points | 283 comments
\n\n\n\n[dupe] Discussion on source: https://news.ycombinator.com/item?id=47521799\n— ChrisArchitect\n\n
People inside Microsoft are fighting to drop mandatory Microsoft Account
\n\n\n\n267 points | 238 comments
\n\n\n\nThis \"make Windows better\" push is far more political than technological. It's a fight with other divisions about using Windows as a marketing and sales channel for other products and services.\nIt has to be a decision from the very top. I hope they realize that Windows is in significant danger, the majority market share for Desktop OS is not guaranteed anymore. It's not just 10% of revenue, it's a foundation for how enterprises ended up on Azure and are bringing big money.
I'm still a Windows power user, MacBook is a wonderful piece of hardware and I'm typing this on one, but I'm not nearly as productive as on multimonitor PC with TotalCommander and Visual Studio where I use all the shortcuts subconsciously.\n— grujicd\n
The 'paperwork flood': How I drowned a bureaucrat before dinner
\n\n\n\n460 points | 379 comments
\n\n\n\nSounds like it's not real but...\nIt reads like an indictment of the government employee personally, rather than the rules and constraints that employee is forced to use.
Probably fair to comment on the interaction, whether the person was rude, and so on. But blaming them for not accepting email is kind of silly. They are not empowered to do that kind of thing.\n— tyingq\n
Anatomy of the .claude/ folder
\n\n\n\n375 points | 191 comments
\n\n\n\nBuilding your AI agent \"toolkit\" is becoming the equivalent of the perfect \"productivity\" setup where you spend your time reading blog posts, watching YouTube videos telling you how to be productive and creating habits and rituals...only to be overtaken by a person with a simple paper list of tasks that they work through.\nPlain Claude, ask it to write a plan, review plan, then tell it to execute still works the best in my experience.\n— dewey\n
Make macOS consistently bad (unironically)
\n\n\n\n304 points | 214 comments
\n\n\n\nBetween the rounded corners that don't reach the edges of the viewport, and the behavior when opening a new app for the first time, it feels like Mac's UI is optimized around the assumption most users won't expand windows to fill the whole screen, but rather leave them half-sized somewhere in the middle.\nDoes anyone actually do this? Especially for heavy-duty applications like my web browser and IDE, this has always felt like a bizarre assumption to me.\n— _jab\n
Desk for people who work at home with a cat
\n\n\n\n330 points | 128 comments
\n\n\n\nI can foresee a design flaw, which is that the cat will ignore all the specially designated areas and sit on your keyboard instead.\n— MichaelDickens\n\n
Go hard on agents, not on your filesystem
\n\n\n\n311 points | 176 comments
\n\n\n\nAdd this to .claude/settings.json:\n\nYou can change the read part if you're ok with it reading outside. This feature was only added 10 days ago fwiw but it's great and pretty much this.\n— AnotherGoodName\n{ \n \"sandbox\": { \n \"enabled\": true,\n \"filesystem\": {\n \"allowRead\": [\".\"],\n \"denyRead\": [\"~/\"],\n \"allowWrite\": [\".\"],\n \"denyWrite\": [\"/\"]\n } \n }\n }\n\n
AI got the blame for the Iran school bombing. The truth is more worrying
\n\n\n\n329 points | 293 comments
\n\n\n\n\"Three clicks convert a data point on the map into a formal detection and move it into a targeting pipeline. These targets then move through columns representing different decision-making processes and rules of engagement. The system recommends how to strike each target – which aircraft, drone or missile to use, which weapon to pair with it – what the military calls a “course of action”. The officer selects from the ranked options, and the system, depending on who is using it, either sends the target package to an officer for approval or moves it to execution.\"\n----------------
Maven is a tool for use in the middle of a war. When both sides are firing, minutes saved can mean lives saved for your side. Those lives, at least partly, balance the risks of hitting a bad target.
This was not a strike made in the middle of a war. If Maven was used in the strike that took out a school, it was being used as part of a sneak attack. Nobody was shooting back while this was being planned. Minutes saved were not lives saved. There should have been a priority placed on getting the targets right. Humans should have been double and triple checking every target by other means. This clearly didn't happen. The school was obviously a school that even had its own website. Humans would have spotted this if they had done more than make their three clicks and move on to the next target.
Whoever made the choice to use Maven to plan a sneak attack without careful checking made an unforced error when they had all the time in the world to prevent it. Whether it was overconfidence in their tools or a complete disregard for the lives of civilians that caused this lapse, they are directly responsible for the deaths of those little girls. I sincerely hope there are (although I doubt there will be) consequences for this person beyond taking that guilt to their grave.\n— beloch\n
260 points | 60 comments
\n\n\n\nThis is an interesting looking cat: https://meow.camera/#7374059059738047159\n— lIl-IIIl\n\n
Iran-linked hackers breach FBI director's personal email
\nhttps://ddosecrets.org/article/kash-patel-emailshttps://arstechnica.com/tech-policy/2026/03/doj-confirms-fbi...\n\n\n
240 points | 346 comments
\n\n\n\nGMail, like Apple, has specific enhanced security programs available for Politically Exposed Persons:\nhttps://landing.google.com/intl/en_in/advancedprotection/
The fact the Director of the FBI did not avail himself of this just reiterates how incompetent he is, in addition to being corrupt as heck.\n— fmajid\n
We haven't seen the worst of what gambling and prediction markets will do
\n\n\n\n566 points | 403 comments
\n\n\n\nThe craziest thing here is that online gambling has been legal in the UK and Ireland for many years, and it's been such an obvious negative for those countries — and had been optimized brutally like any other tech product. When I moved over to the US a decade ago, I remember thinking 'well at least they're smart enough to have banned online gambling'.\nI am very pro personal liberties, but this stuff is weaponized to prey on a subset of humanity. I'm in senior leadership, and have made it clear that anyone who has worked on these products should not be hired.\n— jackfruitpeel\n
End of \"Chat Control\": EU parliament stops mass surveillance
\n\n\n\n395 points | 213 comments
\n\n\n\nThe fact that they could pull a stunt like this shows that the EU is no democracy. Shame on the politicians who tried to rob people of their rights.\n— someguyornotidk\n\n
Moving from GitHub to Codeberg, for lazy people
\n\n\n\n393 points | 193 comments
\n\n\n\nI don't dislike Codeberg inherently, but it's not a \"true\" GitHub replacement. It can handle a good chunk of GitHub repositories (namely those for well established FOSS projects looking to have everything a proper capital P project has), but if you're just looking for a generic place to put your code projects that aren't necessarily intended for public release and support (ie. random automation scripts, scraps of concepts that never really got off the ground, things not super cleaned up), they're not really for that - private repositories are discouraged according to their FAQ and are very limited (up to 100mb).\nThey also don't want to host your homepage, so if GitHub Pages is why you used GitHub, they are not a replacement.
Unfortunately I don't think there's really an answer to that conundrum that doesn't involve just spinning up your own git server and accepting all the operational overhead that comes with it. At least Forgejo (software behind Codeberg) is FOSS, so you can do that and it should cover most of what you need (and while you're in the realm of having a server, a Pages-esque replacement is trivial since you're configuring a webserver anyway.) Maybe Gitlab.com, although I am admittedly unfamiliar with how Gitlab's \"main\" instance has changed over the years wrt features.
Here's their FAQ on the matter, it's worth a read: https://docs.codeberg.org/getting-started/faq/\n— noirscape\n
European Parliament decided that Chat Control 1.0 must stop
\n\n\n\n544 points | 23 comments
\n\n\n\nAlso: https://news.ycombinator.com/item?id=47529609\n> Despite today’s victory, further procedural steps by EU governments cannot be completely ruled out. Most of all, the trilogue negotiations on a permanent child protection regulation (Chat Control 2.0) are continuing under severe time pressure. There, too, EU governments continue to insist on their demand for “voluntary” indiscriminate Chat Control.
> Furthermore, the next massive threat to digital civil liberties is already on the agenda: Next up in the ongoing trilogue, lawmakers will negotiate whether messenger and chat services, as well as app stores, will be legally obliged to implement age verification. This would require users to provide ID documents or submit to facial scans, effectively making anonymous communication impossible and severely endangering vulnerable groups such as whistleblowers and persecuted individuals.\n— nickslaughter02\n
Apple discontinues the Mac Pro
\n\n\n\n334 points | 266 comments
\n\n\n\nI bet there’s gonna be a banger of a Mac Studio announced in June.\nApple really stumbled into making the perfect hardware for home inference machines. Does any hardware company come close to Apple in terms of unified memory and single machines for high throughput inference workloads? Or even any DIY build?
When it comes to the previous “pro workloads,” like video rendering or software compilation, you’ve always been able to build a PC that outperforms any Apple machine at the same price point. But inference is unique because its performance scales with high memory throughput, and you can’t assemble that by wiring together off the shelf parts in a consumer form factor.
It’s simply not possible to DIY a homelab inference server better than the M3+ for inference workloads, at anywhere close to its price point.
They are perfectly positioned to capitalize on the next few years of model architecture developments. No wonder they haven’t bothered working on their own foundation models… they can let the rest of the industry do their work for them, and by the time their Gemini licensing deal expires, they’ll have their pick of the best models to embed with their hardware.\n— chatmasta\n
Judge blocks Pentagon effort to 'punish' Anthropic with supply chain risk label
\n\n\n\n372 points | 196 comments
\n\n\n\nGlad to see the judicial system works sometimes atleast. Less cynically now, the president has admired Xi many many times openly, and it’s clear he prefers an administrative style similar to China. That is what he is turning the country into. Everybody goes and bends the knee like the tech ceos did and he controls every aspect of the administration with an iron fist, just like China.\n— yalogin\n\n
My minute-by-minute response to the LiteLLM malware attack
\nRelated: Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised - https://news.ycombinator.com/item?id=47501426 (483 comments)\n\n\n298 points | 124 comments
\n\n\n\nCallum here, I was the developer that first discovered and reported the litellm vulnerability on Tuesday. \nI’m sharing the transcript of what it was like figuring out what was going on in real time, unedited with only minor redactions.\nI didn’t need to recount my thought process after the fact. It’s the very same ones I wrote down to help Claude figure out what was happening.
I’m an ML engineer by trade, so having Claude walk me through exactly who to contact and a step by step guide of time-critical actions felt like a game-changer for non-security researchers.
I'm curious whether the security community thinks more non-specialists finding and reporting vulnerabilities like this is a net positive or a headache?\n— Fibonar\n
Olympic Committee bars transgender athletes from women’s events
\nhttps://sports.yahoo.com/olympics/breaking-news/article/tran...\n\n\n291 points | 691 comments
\n\n\n\nhttps://archive.is/WRmUo\n— bwoah\n\n
$500 GPU outperforms Claude Sonnet on coding benchmarks
\n\n\n\n305 points | 172 comments
\n\n\n\nGenerating big chunks of code is rarely what I want from an agent. They really shine for stuff like combing through logs or scanning dozens of source files to explain a test failure. Which benchmark covers that? I want the debugging benchmark that tests mastery of build systems, CLIs, etc.\n— bloppe\n\n
Landmark L.A. jury verdict finds Instagram, YouTube were designed to addict kids
\n\n\n\n297 points | 3 comments
\n\n\n\n[dupe] Discussion: https://news.ycombinator.com/item?id=47520505\n— ChrisArchitect\n\n
The EU still wants to scan your private messages and photos
\n\n\n\n717 points | 207 comments
\n\n\n\nI am the creator of Fight Chat Control.\nThank you for sharing. It is unfortunately, once again, needed.
The recent events have been rather dumbfounding. On March 11, the Parliament surprisingly voted to replace blanket mass surveillance with targeted monitoring of suspects following judicial involvement [0]. As Council refused to compromise, the trilogue negotiations were set to fail, thus allowing the Commission's current indiscriminate \"Chat Control 1.0\" to lapse [1]. This would have been the ideal outcome.
In an unprecedented move, the EPP is attempting to force a repeat vote tomorrow, seeking to overturn the otherwise principled March 11 decision and instead favouring indiscriminate mass surveillance [1, 2]. In an attempt to avoid this, the Greens earlier today tried to remove the repeat vote from the agenda tomorrow, but this was voted down [3].
As such, tomorrow, the Parliament will once again vote on Chat Control. And unlike March 11, multiple groups are split on the vote, including S&D and Renew. The EPP remains unified in its support for Chat Control. If you are a European citizen, I urge you to contact your MEPs by e-mail and, if you have time, by calling. We really are in the final stretch here and every action counts. I have just updated the website to reflect the votes today, allowing a more targeted approach.
Happy to answer any questions.
[0] https://mepwatch.eu/10/vote.html?v=188578
[1] https://www.patrick-breyer.de/en/the-battle-over-chat-contro...
[2] https://www.europarl.europa.eu/doceo/document/OJQ-10-2026-03...
[3] https://www.europarl.europa.eu/doceo/document/PV-10-2026-03-...\n— x775\n
Thoughts on slowing the fuck down
\n\n\n\n325 points | 182 comments
\n\n\n\nI suppose everyone on HN reaches a certain point with these kind of thought pieces and I just reached mine.\nWhat are you building? Does the tool help or hurt?
People answered this wrong in the Ruby era, they answered it wrong in the PHP era, they answered it wrong in the Lotus Notes and Visual BASIC era.
After five or six cycles it does become a bit fatiguing. Use the tool sanely. Work at a pace where your understanding of what you are building does not exceed the reality of the mess you and your team are actually building if budgets allow.
This seldom happens, even in solo hobby projects once you cost everything in.
It's not about agile or waterfall or \"functional\" or abstracting your dependencies via Podman or Docker or VMware or whatever that nix crap is. Or using an agent to catch the bugs in the agent that's talking to an LLM you have next to no control over that's deleting your production database while you slept, then asking it to make illustrations for the postmortem blog post you ask it to write that you think elevates your status in the community but probably doesn't.
I'm not even sure building software is an engineering discipline at this point. Maybe it never was.\n— badlibrarian\n
Running Tesla Model 3's computer on my desk using parts from crashed cars
\n\n\n\n345 points | 118 comments
\n\n\n\nThis is awesome. Curious if these are plug and play and if that's the case where is the memory that tells you what the mileage is. If it's attached to the computer than the mileage would be off if you switch/repair it.\nCompletely unrelated. Would be interested if you figure out how to retrofit the new adaptive shocks on performance models to the older cars. Something I would love to do if I had hobby time. I'm pretty sure they fit physically, but needs to be connected to the main computer. I likely would never touch the main computer unless I got root access. In my brain I was thinking about a separate system made with raspberry pi's.\n— nishanseal\n
Slovenian officials blame Israeli firm Black Cube for trying to manipulate vote
\n\n\n\n363 points | 160 comments
\n\n\n\nRecently, there were municipal elections in France, and there was Israeli interference there as well [0] (the article is pay-walled and in French but it's written in the title at least).\n[0]: https://www.lecanardenchaine.fr/politique/53391-la-campagne-...\n— dadoum\n
Meta and YouTube found negligent in landmark social media addiction case
\n\n\n\n417 points | 201 comments
\n\n\n\nhttps://archive.is/07nv5\n— krunck\n\n
396 points | 394 comments
\n\n\n\nI found this to be a very odd and strange rant. The author's three issues with Apple are:\n1. Gatekeeping. OK, fine, but at the very least this has been Apple's stance for a very long time now (the author talks about faxing credit card details), so it's not like it's something new. If you wanted full unfettered installation rights, Apple was never the company for you. And while I think it's fine to argue against Apple's stance, I find most of the arguments are less than honest about the pros of things like developer verification for the end user.
2. mac OS26. I totally agree that this is a total fiasco from a design perspective, and liquid glass is unqualified shit. Still, I see Apple at least somewhat moving in the right direction by getting rid of Alan Dye.
3. Apple had a bug in their age verification protocol. Again, valid point, but Apple needs to follow UK law. I've seen a lot more missives arguing against requiring things like driver's licenses and other government ID, and so it seems like Apple is at least trying to go the least restrictive route by choosing credit card verification.
To emphasize, I'm not apologizing for Apple here. In particular, much has been written about how Apple has lost their way regarding the \"it just works\" philosophy. But it seems like the author's main beef is against Apple's level of control, and this is just a fundamental difference in Apple's stance that has existed for about 2 decades.\n— hn_throwaway_99\n
Apple randomly closes bug reports unless you \"verify\" the bug remains unfixed
\n\n\n\n391 points | 217 comments
\n\n\n\nAuthor must not have worked in enterprise software before.\nThat's a classic trick where the developer will push back on the bug author and say \"I can't reproduce this, can you verify it with the latest version?\" without actually doing anything. And if it doesn't get confirmed then they can close it as User Error or Not Reproducible.
Of course, the only way to counter this is by saying \"Yes I verified it\" without actually verifying it.\n— freediddy\n
383 points | 258 comments
\n\n\n\nhttps://x.com/scaling01 has called out a lot of issues with ARC-AGI-3, some of them (directly copied from tweets, with minimal editing):\n- Human baseline is \"defined as the second-best first-run human by action count\". Your \"regular people\" are people who signed up for puzzle solving and you don't compare the score against a human average but against the second best human solution
- The scoring doesn't tell you how many levels the models completed, but how efficiently they completed them compared to humans. It uses squared efficiency, meaning if a human took 10 steps to solve it and the model 100 steps then the model gets a score of 1%\n((10/100)^2)
- 100% just means that all levels are solvable. The 1% number uses uses completely different and extremely skewed scoring based on the 2nd best human score on each level individually. They said that the typical level is solvable by 6 out of 10 people who took the test, so let's just assume that the median human solves about 60% of puzzles (ik not quite right). If the median human takes 1.5x more steps than your 2nd fastest solver, then the median score is 0.6 * (1/1.5)^2 = 26.7%. Now take the bottom 10% guy, who maybe solves 30% of levels, but they take 3x more steps to solve it. this guy would get a score of 3%
- The scoring is designed so that even if AI performs on a human level it will score below 100%
- No harness at all and very simplistic prompt
- Models can't use more than 5X the steps that a human used
- Notice how they also gave higher weight to later levels? The benchmark was designed to detect the continual learning breakthrough. When it happens in a year or so they will say \"LOOK OUR BENCHMARK SHOWED THAT. WE WERE THE ONLY ONES\"\n— Tiberium\n
Antimatter has been transported for the first time
\n\n\n\n388 points | 177 comments
\n\n\n\nIf containment was to fail, it the total energy released would have been approximately 2.766 * 10 ^ -8 J, so it wasn't particularly dangerous\n— voidUpdate\n\n
Wine 11 rewrites how Linux runs Windows games at kernel with massive speed gains
\n\n\n\n677 points | 242 comments
\n\n\n\nWine is a project that I've grown a near-infinite level of respect for.\nI don't know for sure, but I suspect that a lot of the work for Wine is boring and thankless. Digging through and trying to get exact parity with both the documented and undocumented behavior of Windows for the past 30 years doesn't sound fun, but it's finding every little weird edge case that makes Wine a viable product.
The fact that Wine runs a lot of games better than Windows now (especially older games) shows a very strong attention to detail and a high tolerance for pain. I commend them for it.\n— tombert\n
https://www.hollywoodreporter.com/business/digital/openai-sh..., https://archive.ph/ABkeI\n\n\n
373 points | 299 comments
\n\n\n\nAs someone who generally liked the products that OpenAI puts out, I think Sora was their first product that I really didn't like. I liked GPT primarily because I felt like it respected me: I never felt like it was trying to distract me from my work or get me to waste time doomscrolling. It's primary value proposition to keep me using it wasn't to trick me with addictive content, but to get me high quality answers as fast as possible. And I felt like OpenAI's other products, like Deep Research, agent mode, etc, were the same way. Even Atlas, although I suspect it will be equally ill-fated, attempts to follow this same pattern. It really felt like OpenAI was separating themselves from the common popular apps like Tiktok, Reddit, Instagram, etc, which seemed to exist entirely to distract me from things I care about and waste my time.\nSora was the first product OpenAI shipped where I felt that fell into that second category, and for that I was very disappointed. You have all those GPUs, and the most incredible technology in the world, and the most brilliant engineers, and all you can think to do with them is to make an app that just makes meme videos? I mean, c'mon!
Still, I am mystified by how rapidly Sora went from launch to shutdown. Does anyone have any guess what happened there? Even if Sora wasn't a spectacular success, it seems to me like subsequent model improvements could have moved the needle - shutting it down so soon seems premature.\n— johnfn\n
Malicious litellm_init.pth in litellm 1.82.8 PyPI package – credential stealer
\n\n\n\n705 points | 1 comments
\n\n\n\nComments moved to https://news.ycombinator.com/item?id=47501426, which was posted first.\n— dang\n\n
Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised
\nAbout an hour ago new versions have been deployed to PyPI.I was just setting up a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running.
I've investigated, and found that a base64 encoded blob has been added to proxy_server.py.
It writes and decodes another file which it then runs.
I'm in the process of reporting this upstream, but wanted to give everyone here a headsup.
It is also reported in this issue:\nhttps://github.com/BerriAI/litellm/issues/24512\n\n\n
490 points | 371 comments
\n\n\n\nLiteLLM maintainer here, this is still an evolving situation, but here's what we know so far:\n1. Looks like this originated from the trivvy used in our ci/cd - https://github.com/search?q=repo%3ABerriAI%2Flitellm%20trivy...\nhttps://ramimac.me/trivy-teampcp/#phase-09
2. If you're on the proxy docker, you were not impacted. We pin our versions in the requirements.txt
3. The package is in quarantine on pypi - this blocks all downloads.
We are investigating the issue, and seeing how we can harden things. I'm sorry for this.
- Krrish\n— detente18\n
Is anybody else bored of talking about AI?
\n\n\n\n520 points | 365 comments
\n\n\n\nThis might sound like snark, but I truly don’t mean it that way.\nI think what’s interesting about AI, and why there’s so much conversation, is that in order to be a good user of AI, you have to really understand software development. All the people I work with who are getting the most value out of using AI to deliver software are people who are already very high-skilled engineers, and the more years of real experience they have, the better.
I know some guys who were road warriors for many years —- everything from racking and cabling servers, setting up infrastructure, and getting huge cloud deployments going all the way to embedded software, video game backends, etc. These guys were already really good at automation, seeing the whole life cycle of software, and understanding all the pressure points. For them, AI is the ultimate power tool. They’re just flying with it right now. (All of them also are aware that the AI vampire is very real.)
There’s still a lot to learn, and the tools are still very, very early on, but the value is clear.
I think for quite a few people, engaging with AI is maybe the first time ever in their entire career they are having to engage with systems thinking in a very concrete and directed way. Consequently, this is why so many software engineers are having an identity crisis: they’ve spent most of their career focusing on one very small section of the overall SDLC, meanwhile believing that was mostly all there was that they needed to know.
So I think we’re going to keep talking for quite a while, and the conversation will continue to be very unevenly distributed. Paradoxically, I’m not bored of it, because I’m learning so much listening to intelligent people share their learnings.\n— _doctor_love\n
520 points | 317 comments
\n\n\n\nI recently tried setting Apple Business Manager for our ≈20 people SME.\nThe first step was \"Domain Lock/Capture\" which takes over all Apple accounts for a specific domain.
I've never had a worse experience from Apple.
The process is buggy, filled with foot-guns and dead ends. It expects huge amounts of work from users who have had their account for more than a few weeks and are expected to remove a lot of their personal data before their account can be migrated (e.g. do you know how to delete all your Health data?). The process is also impossible to cancel.
Phone support was par for the course, e.g. tickets escalated to the abyss, suggestions to restore workstations to factory settings, etc.
Be warned.\n— meego\n
Mystery Jump in Oil Trading Ahead of Trump Post Draws Scrutiny
\n\n\n\n296 points | 155 comments
\n\n\n\nEarlier: https://news.ycombinator.com/item?id=47496508\n— ChrisArchitect\n\n
Show HN: I took back Video.js after 16 years and we rewrote it to be 88% smaller
\nWhat do you do when private equity buys your old company and fires the maintainers of the popular open source project you started over a decade ago? You reboot it, and bring along some new friends to do it.Video.js is used by billions of people every month, on sites like Amazon.com, Linkedin, and Dropbox, and yet it wasn’t in great shape. A skeleton crew of maintainers were doing their best with a dated architecture, but it needed more. So Sam from Plyr, Rahim from Vidstack, and Wes and Christain from Media Chrome jumped in to help me rebuild it better, faster, and smaller.
It’s in beta now. Please give it a try and tell us what breaks.\n\n\n
389 points | 70 comments
\n\n\n\nIn case anyone's wondering, this website's syntax highlighting color scheme is called \"gruvbox\", which I quite like but took an embarrassingly long time to track down\nhttps://github.com/morhetz/gruvbox\n— rezmason\n
303 points | 285 comments
\n\n\n\nIt is incredibly easy now to get an idea to the prototype stage, but making it production-ready still needs boring old software engineering skills. I know countless people who followed the \"I'll vibe code my own business\" trend, and a few of them did get pretty far, but ultimately not a single one actually launched. Anyone who has been doing this professionally will tell you that the \"last step\" is what takes the majority of time and effort.\n— paxys\n\n
LaGuardia pilots raised safety alarms months before deadly runway crash
\n\n\n\n226 points | 183 comments
\n\n\n\nI just hope they don't try to pin this on the controller who was on duty and move on without putting plans in place for some sort of structural change. Controllers are forced to work 60+ hour weeks and overnight shifts, and the controller in question was working both ground and air control simultaneously due to staffing shortages. If you listen to the ATC audio, he was handling finding a spot for a plane that aborted takeoff and declared an emergency, while calling emergency services for that plane, while coordinating multiple planes coming in to land, while also coordinating multiple planes trying to take off. With that kind of workload, an accident like this is an eventuality. Even after the fatal accident happened, he had to work for at least another hour before he could get relieved of his duty. Hopefully something will happen to fix this at some point rather than us collectively deciding that an accident or two per year is worth the cost savings of not keeping ATC properly staffed.\n— ndiddy\n\n
![https://d2nwkt1g6n1fev.cloudfront.net/helpmax/wp-content/upl...](\"https://d2nwkt1g6n1fev.cloudfront.net/helpmax/wp-content/uploads/sub/alertcommander/en/source/zone-alarm-free-1.png\"){kind=link}
![https://www.nasa.gov/wp-content/uploads/2026/04/art002e00019...](\"https://www.nasa.gov/wp-content/uploads/2026/04/art002e000192.jpg\"){kind=link}