Mystery Jump in Oil Trading Ahead of Trump Post Draws Scrutiny

296 points | 155 comments

Earlier: https://news.ycombinator.com/item?id=47496508 — ChrisArchitect

LaGuardia pilots raised safety alarms months before deadly runway crash

226 points | 183 comments

I just hope they don't try to pin this on the controller who was on duty and move on without putting plans in place for some sort of structural change. Controllers are forced to work 60+ hour weeks and overnight shifts, and the controller in question was working both ground and air control simultaneously due to staffing shortages. If you listen to the ATC audio, he was handling finding a spot for a plane that aborted takeoff and declared an emergency, while calling emergency services for that plane, while coordinating multiple planes coming in to land, while also coordinating multiple planes trying to take off. With that kind of workload, an accident like this is an eventuality. Even after the fatal accident happened, he had to work for at least another hour before he could get relieved of his duty. Hopefully something will happen to fix this at some point rather than us collectively deciding that an accident or two per year is worth the cost savings of not keeping ATC properly staffed. — ndiddy

The bridge to wealth is being pulled up with AI

242 points | 330 comments

The future (if we keep using money to allocate resources) is something akin to feudalism but worse. If you are born at the bottom you will never rise to the top. It's bleak. Even worse, your labor will not be needed, nor will your intellectual abilities. There will be a few well off people with capital. The data centers will be guarded by automatons and drones. Everyone else will essentially live in a parallel economy that is borderline biblical. Countries like this already exist in the form of countries with excess access to a single natural resource. See the https://en.wikipedia.org/wiki/Resource_curse — cglan

So where are all the AI apps?

303 points | 285 comments

It is incredibly easy now to get an idea to the prototype stage, but making it production-ready still needs boring old software engineering skills. I know countless people who followed the "I'll vibe code my own business" trend, and a few of them did get pretty far, but ultimately not a single one actually launched. Anyone who has been doing this professionally will tell you that the "last step" is what takes the majority of time and effort. — paxys

Malicious litellm_init.pth in litellm 1.82.8 PyPI package – credential stealer

705 points | 1 comments

Comments moved to https://news.ycombinator.com/item?id=47501426, which was posted first. — dang

Microsoft's "Fix" for Windows 11: Flowers After the Beating

225 points | 169 comments

It’s quite common for companies to work their way up to the line of the most user hostile version of their product that users will tolerate. Especially with software where they can just go flip a switch and turn off whatever feature did cross the line but keep everything they gained by inching up to the line, which seems to inevitably result in things like the condition of windows 11.

I think the only way this gets better for consumers is if customer response more often insisted further roll backs than just the last straw if a company crosses the line. The risk of losing other gains at the expense of the user should discourage companies from trying to go full on maximum extraction.

Sadly the only recent cases to achieve that level of success were the reactions to Unity’s install pricing and wizards new OGL. Mostly companies get away with “oh my bad, this final step was just an experiment, we’ve rolled it back for now” to try again later, or just toughing out the negative reception and hoping their competitors come along for the ride too so users have no choice — Macha

Ripgrep is faster than grep, ag, git grep, ucg, pt, sift (2016)

276 points | 114 comments

One of my favorite moments in HN history was watching the authors of the various search tools decide on a common ".ignore" file as opposed to each having their own: https://news.ycombinator.com/item?id=12568245 — craftkiller

Log File Viewer for the Terminal

277 points | 46 comments

Kinda neat but I had trouble using it. Not sure what it is doing or what it is even showing me. I'd recommend a more CUA-esque interface like turbo vision, the msedit of old, or micro if it had a menu.

If I have to read the manual, if it isn't blindingly obvious how to use, I'd rather just use journal or tail -f.

Also a nitpick but the colors are quite garish, perhaps 256 colors and muted or monochrome effects if possible. For some reason the colors on the site screenshot are less saturated than the one packaged in my distro, fedora, 0.12.4. — mixmastamyk

Epoch confirms GPT5.4 Pro solved a frontier math open problem

322 points | 314 comments

I am kind of amazed at how many commenters respond to this result by confidently asserting that LLMs will never generate 'truly novel' ideas or problem solutions.

> AI is a remixer; it remixes all known ideas together. It won't come up with new ideas

> it's not because the model is figuring out something new

> LLMs will NEVER be able to do that, because it doesn't exist

It's not enough to say 'it will never be able to do X because it's not in the training data,' because we have countless counterexamples to this statement (e.g. 167,383 * 426,397 = 71,371,609,051, or the above announcement). You need to say why it can do some novel tasks but could never do others. And it should be clear why this post or others like it don't contradict your argument.

If you have been making these kinds of arguments against LLMs and acknowledge that novelty lies on a continuum, I am really curious why you draw the line where you do. And most importantly, what evidence would change your mind? — qnleigh

Windows 3.1 tiled background .bmp archive

242 points | 66 comments

Here's someone's personal archive of weird miscellanea, including old Windows wallpapers which is what reminded me. I use unironically use the classic Packard Bell tile background on my computers because it reminds me of my grandmother's PC which is one of the first I ever used.

https://www.dvd3000.ca/wp/extra/pb.html — LetsGetTechnicl

Claude Code Cheat Sheet

373 points | 110 comments

I use Claude Code daily but kept forgetting commands, so I had Claude research every feature from the docs and GitHub, then generate a printable A4 landscape HTML page covering keyboard shortcuts, slash commands, workflows, skills system, memory/CLAUDE.md, MCP setup, CLI flags, and config files.

It's a single HTML file - Claude wrote it and I iterated on the layout. A daily cron job checks the changelog and updates the sheet automatically, tagging new features with a "NEW" badge.

Auto-detects Mac/Windows for the right shortcuts. Shows current Claude Code version and a dismissable changelog of recent changes at the top.

It will always be lightweight, free, no signup required: https://cc.storyfox.cz

Ctrl+P to print. Works on mobile too. — phasE89

FCC updates covered list to include foreign-made consumer routers

https://www.fcc.gov/document/fcc-adds-routers-produced-forei...

https://docs.fcc.gov/public/attachments/DA-26-278A1.pdf

https://www.bbc.com/news/articles/c74787w149zo

https://www.cnet.com/home/internet/fcc-bans-foreign-made-rou...

306 points | 205 comments

    The FCC maintains a list of equipment and services (Covered List) 
    that have been determined to “pose an unacceptable risk to the
    national security

    Recently, malicious state and non-state sponsored cyber attackers
    have increasingly leveraged the vulnerabilities in small and home
    office routers produced abroad to carry out direct attacks against
    American civilians in their homes.

Vulnerabilities have nothing to do with country of manufacture. They have always been due to manufacturers' crap security practices. Security experts have been trying to call attention to this problem for 2 decades.

Manufacturers have never had to care about security because no Gov agency would ever mandate secure firmware. This includes the FCC which license their devices and the FTC who (until recently) had the direct mandate to protect consumers.

Our most recent step backward was to gut those agencies of any ability to provide consumer oversight. All they they can do now is craft protectionist policies that favor campaign donors.

The US has a bazillion devices with crap security because we set ourselves up for this. — WarOnPrivacy

How I'm Productive with Claude Code

251 points | 156 comments

This is the "lines of code per week" metric from the 90s, repackaged. "I'm doing more PRs" is not evidence that AI is working, it's evidence that you are merging more. Whether thats good depends entirely on what you are merging. I use AI every day too. But treating throughput of code going to production as a success metric, without any mention of quality, bugs, or maintenance burden is exactly the kind of thinking developers used to push back on when management proposed it.

Turns out we weren't opposed to bad metrics! We were just opposed to being measured! Given the chance to pick our own, we jumped straight to the same nonsense. — aguimaraes1986

Autoresearch on an old research idea

273 points | 66 comments

Try this if the main link is not responsive - https://archive.is/6xLiU — the_arun

US and TotalEnergies reach 'nearly $1B' deal to end offshore wind projects

342 points | 249 comments

HN title (currently reads "US govt pays TotalEnergies nearly $1B to stop US offshore wind projects") is editorialized and it's unclear to me whether it's accurate. The article says:

> We're partnering with TotalEnergies to unleash nearly $1 billion that was tied up in a lease deposit that was directed towards the prior administration's subsidies

What's the deal with this lease deposit and how does "freeing it up" equate to the US govt "paying" TotalEnergies that amount?

Is this a situation where TotalEnergies put down a 1B deposit to lease the seashore from the government and the government is now canceling that agreement and giving them their money back? How does it relate to "subsidies"? — Ajedi32

An incoherent Rust

237 points | 148 comments

Tangent to the topic: One of the great things about Go is that the Go team goal is to have a great developer experience. As a result, they try to bundle common third party libraries (mux, zap) into the standard library. For example, they offered an http server, but due to lacking features community packages offered convenience. The Go team used those libraries as a reference to what people wanted, and addrd a performant and simple http routing in the standard library[1].

From that link:

> We made these changes as part of our continuing effort to make Go a great language for building production systems. We studied many third-party web frameworks, extracted what we felt were the most used features, and integrated them into net/http. Then we validated our choices and improved our design by collaborating with the community in a GitHub discussion and a proposal issue. Adding these features to the standard library means one fewer dependency for many projects. But third-party web frameworks remain a fine choice for current users or programs with advanced routing needs.

[1]: https://go.dev/blog/routing-enhancements — sanbor

If DSPy is so great, why isn't anyone using it?

218 points | 120 comments

I don't see it at all.

> Typed I/O for every LLM call. Use Pydantic. Define what goes in and out.

Sure, not related to DSPy though, and completely tablestakes. Also not sure why the whole article assumes the only language in the world is Python.

> Separate prompts from code. Forces you to think about prompts as distinct things.

There's really no reason prompts must live in a file with a .md or .json or .txt extension rather than .py/.ts/.go/.., except if you indeed work at a company that decided it's a good idea to let random people change prod runtime behavior. If someone can think of a scenario where this is actually a good idea, feel free to elighten me. I don't see how it's any more advisable than editing code in prod while it's running.

> Composable units. Every LLM call should be testable, mockable, chainable.

> Abstract model calls. Make swapping GPT-4 for Claude a one-line change.

And LiteLLM or `ai` (Vercel), the actually most used packages, aren't? You're comparing downloads with Langchain, probably the worst package to gain popularity of the last decade. It was just first to market, then after a short while most realized it's horrifically architected, and now it's just coasting on former name recognition while everyone who needs to get shit done uses something lighter like the above two.

> Eval infrastructure early. Day one. How will you know if a change helped?

Sure, to an extent. Outside of programming, most things where LLMs deliver actual value are very nondeterministic with no right answer. That's exactly what they offer. Plenty of which an LLM can't judge the quality of. Having basic evals is useful, but you can quickly run into their development taking more time than it's worth.

But above all.. the comments on this post immediately make clear that the biggest differentiator of DSPy is the prompt optimization. Yet this article doesn't mention that at all? Weird. — deaux

iPhone 17 Pro Demonstrated Running a 400B LLM

295 points | 171 comments

The heat problem is going to be the real constraint here. I've been running smaller models locally for some internal tooling at work and even those make my MacBook sound like a jet engine after twenty minutes. A 400B model on a phone seems like a great way to turn your pocket into a hand warmer, even with MoE routing. The unified memory is clever but physics still applies. — johnwhitman

Box of Secrets: Discreetly modding an apartment intercom to work with Apple Home

248 points | 105 comments

Legally and ethically extremely dubious, hooked up to the box in your apartment, I can understand it. Hooked to the shared door controller, handing out access "keys" to all your friends, not great. You seem to know this based on all your attempts to avoid discovery. — massimoto

Student beauty and grades under in-person and remote teaching

335 points | 409 comments

People that have used to be fat, and then lost a lot of weight, will know how brutally different people will treat you. Whereas you'd practically be a ghost before weight loss, random people will suddenly look you in your eyes, smile, even start conversations with you.

Some will of course argue that you losing weight will also make you more confident, and thus you become more approachable. I think there's a lot of bias against fat people, against "unattractive" people, etc.

This also shows in the classroom, work, etc.

Of course, actually being conventionally attractive will come with its own perks. People will go out of their way to help you, and to support you. Over time this could very well boost your ego to also become more confident and decisive. — TrackerFF

GitHub appears to be struggling with measly three nines availability

359 points | 188 comments

While GitHub obsess over shoving AI into everything, the rest of the platform is genuinely crumbling and its security flaws are being abused to cause massive damage. Last week Aqua Security was breached and a few repositories it owns were infected. The threat actors abused widespread use of mutable references in GitHub Actions, which the community has been screaming about for years, to infect potentially thousands of CI runs. They also abused an issue GitHub has acknowledged but refused to fix that allows smuggling malicious Action references into workflows that look harmless.

GHA can’t even be called Swiss cheese anymore, it’s so much worse than that. Major overhauls are needed. The best we’ve got is Immutable Releases which are opt in on a per-repository basis. — cedws

I built an AI receptionist for a mechanic shop

269 points | 279 comments

I used to work as a service advisor - or as the article says, receptionist. This system will not work as described for several reasons.

1. Unless you have a recent job that matches the exact same repair/service, you have incorrectly estimated the cost of the repair. In some states, this matters a lot and will cost the shop money. Unless your LLM only quotes for labor in sane amounts for diagnostic and nothing else, you’re only adding noise. This is a disservice to the client and the shop owner. The client now has an inaccurate quote for work and the shop will get a reputation for being inaccurate in quoting work.

2. Let’s say that you manage to get the exact same job twice. Your machine now needs to source parts. Parts may have been in stock yesterday. The might be out of stock now. If they are in stock, you need to retotal the price since prices are dynamic. Did you teach the agent how to source parts? What rules does it have for sourcing used parts?

3. New jobs can’t be quoted. Even if you taught the machine how to calculate book time and margins, it still has to find the right parts. If your shop does high end work, you know how much of a pain in the ass this is. Also remember that some work requires nonobvious parts - like fluids if you need to remove a part in the way of your goal.

4. The only area I see this being useful in is pickup. The shop can mark a car as done and the LLM can call to inform the client that they can come at a preset, unchanging time to get the vehicle. If the vehicle is staying overnight, the LLM can call with a progress update.

Finally, I’d like to note that this sort of dev work goes beyond hubris. It’s dangerous. The more we assume we know without verifying, the greater the risk. In this case, the dev is risking someone else’s livelihood. — throwaboat

Migrating to the EU

699 points | 562 comments

I can recommend:

* Hetzner.de for servers (I've been using their physical servers for many years now, incredible performance per € spent)

* Fernand as your CRM, it's smooth and nice and so much better and faster than all the zendesks and freshdesks it's not even funny. (https://getfernand.com/)

* AISLER if you design electronics and need to make PCBs (https://aisler.net/) — jwr

POSSE – Publish on your Own Site, Syndicate Elsewhere

372 points | 80 comments

I follow this religiously. The process of posting is manual but it works fairly well if your intention is good and you're not blog spamming in different forums.

But I intentionally haven't added a comment section to my blog [1]. Mostly because I don't get paid to write there and addressing the comments - even the good ones - requires a ton of energy.

Also, scaling the comment section is a pain. I had disqus integrated into my Hugo site but it became a mess when people started having actual discussion and the section got longer and longer.

If the write ups are any useful, it generally appears here or reddit and I often link back those discussions in the articles. That's good enough for me.

[1]: https://rednafi.com — rednafi

Two pilots dead after plane and ground vehicle collide at LaGuardia

346 points | 541 comments

In 2026, with how much money their is in aviation, it seems wild to not have digitized this ages ago. The runway should be essentially 'locked' when in use, if they don't want screens in every ground vehicle that may cross a runway, at least display it at runway entrances.

That ATC still takes place over radio just seems insane at this point. And there's pretty much no way to make ATC's job not stressful, its inherently stressful. Taking out how much of their job is held in the current operators mind versus being 'committed' seems like low hanging fruit 30 years ago.

The whole system's just begging for human error to occur. There's 1700+ runway incursions a year in the US alone, each one should be investigated as if an accident occurred and fixes proposed. Like when an accident occurs. — ApolloFortyNine

“Collaboration” is bullshit

309 points | 161 comments

What I see - and have seen since I started doing this 30+ years ago - is that the date is _always_ more important than the actual deliverable. Always. Meeting "the date" is the only thing that's tracked (but it also never happens). It's even justified through vague analogies like Joel Spolsky's admonition that "you wouldn't buy a pair of jeans without knowing how much they cost" without ever doing a slightly deeper dive into how developing software is different than selling a pair of jeans.

All of the collaboration artifice that the author is referring to seems to me to always be a futile attempt to meet "the date". That software development might itself be _inherently_ unpredictable is never even considered, even though there are a lot of reasons to suggest that it is: by definition, the software you're developing has never been developed before, or else you could just use the thing that already exists.

I had a glimmer of hope in the late 90's when the agile manifesto was published - everything about it seemed to me to read "software development activities can't be coordinated like a wedding banquet can, but you can at least make sure that everything is tracking toward a shared understanding". I guess I shouldn't have been surprised when "Agile" became "tell me exactly what you're going to do and how long each step will take" almost the instant of its inception. — commandlinefan

GrapheneOS will remain usable by anyone without requiring personal information

230 points | 58 comments

I have to wonder how this will impact their partnership with Motorola. Presumably, Motorola will have more difficulty if they're found not to be complying with relevant law...

I hope GrapheneOS isn't completely banking on their partnership succeeding. If Motorola devices ever became the only devices that GrapheneOS works on, and it's being done with Motorola's blessing, then it could be more easily legislated out of existence. — Sophira

The gold standard of optimization: A look under the hood of RollerCoaster Tycoon

192 points | 69 comments

> Imagine a programmer asking a game designer if they could change their formula to use an 8 instead of a 9.5 because it is a number that the CPU prefers to calculate with. There is a very good argument to be made that a game designer should never have to worry about the runtime performance characteristics of binary arithmetic in their life, that’s a fate reserved for programmers

Numeric characteristics are absolutely still a consideration for game designers even in 2026, one that influences what numbers they use in their game designs. The good ones, anyways. There are, of course, also countless bad developers/designers who ignore these things these days, but not because it is free to do so; rather, because they don't know better, and in many cases it is one of many silent contributing factors to a noticeable decrease in the quality of their game. — applfanboysbgon

PC Gamer recommends RSS readers in a 37mb article that just keeps downloading

325 points | 152 comments

It's not just "PC Gamer" but people making decisions behind as always. Three first people from their "Meet the Team" page [0]: Tim Clark — Brand Director (@timothydclark), Evan Lahti - Strategic Director (@elahti), Phil Savage — Global Editor-in-Chief (@Octaeder). Hopefully they can see this HN thread and people complains and do "something" about that.

[0] https://www.pcgamer.com/meet-the-team/ — __natty__

What young workers are doing to AI-proof themselves

220 points | 366 comments

https://archive.ph/NtVHd — cpach