Leaving GitHub for Forgejo

360 points | 195 comments

Everyone seems to be leaving GitHub, and forgetting the entire spirit of what git is in my eyes. Git was always meant to be decentralized, the problem here is that all the tooling around git was centralized to GitHub because it was a cleaner experience, they scaled nicely, and were properly maintained. I would prefer to still see mirrors on GitHub that are auto-synched because I've seen projects for years either self-host or go somewhere niche, then the GitHub mirror dies or is removed, and said projects go poof to the sands of time for one reason or another, completely gone. Everyone seems to be picking some random git host alternative, and some of them are really simple to use.

Git is decentralized, GitHub is just another place you can host your code in, but you can push your code to multiple remote servers. — giancarlostoro

I moved my digital stack to Europe

640 points | 432 comments

For the past days I've been participating(albeit over Teams) in a conference relevant to my industry (intel), basically startups and established companies showcasing their products to a closed audience of EU gov. officials.

One thing I noticed right away, is that all companies were asked "Can we fully host this from within EU or our country" from the various people in audience. Every single one. Many of the startups had slides prepared for this.

Definitely a change, because it is not something I can recall being important just a couple of years ago. — TrackerFF

Deterministic Fully-Static Whole-Binary Translation Without Heuristics

266 points | 64 comments

> Elevator achieves performance on par with or better than QEMU's user-mode JIT emulation.

I am not sure what QEMU's JIT is doing (in its userspace wrapper), but I think it has a lot of room to improve.

In 2013 I wrote a x86-64 to aarch64 JIT engine that was able to run what was then Fedora beta aarch64 binaries and rebuild almost the entire aarch64 port of Fedora on a x86_64 Linux. I also made a reverse aarch64 to x86-64 JIT that worked in the same way, and for fun I also showed the two JITs managing to run each other in a loop back fashion: x86-64 -> aarch64 -> x86_64 in the same process.

The JIT I devised did a 1-to-many instruction and CPU state mapping with overhead that was somewhat 2x to 5x slower than what would be expected to native recompiled code. I later compared this with QEMU's JIT which seemed more in the range of 10x to 50x slower.

Unfortunately this was not under a open source license settings, so no code release to prove it.. :( — da-x

Starship V3

288 points | 508 comments

Quick update for the folks passionate about space things (since this thread is full of unrelated comments):

V3 is their first Starship family big upgrade, containing lots of learnings from previous tests, and the big engine upgrades. V3 engines are the first iteration of a production engine, with lots of sensors and auxiliary systems integrated into the engine itself. Besides the improvements in thrust, they've streamlined the production, moved a lot of stuff "inside" the engine (the first iterations looked like something out of the steampunk era), and they've simplified lots of fire/heat protection.

The Booster and Ship also got some major redesigns in the way they're handling fuel, the "thrust puck" (the area where the engines get mounted) and so on. It's also a bit taller, helped by the engine upgrades. TWR has also improved, with estimates at 1.6. This should be visibly faster to clear the tower and "jump" the launch.

They are also adding ~44tons of simlinks (starlink simulators, dumb payloads). So they seem to have improved the margins for orbital payload a lot. New this launch will be a few sats that have comms & cameras on them. Hopefully we'll get to see outside shots of Starship from these things, on orbit. They've filed FCC paperwork for this, and they'll likely use it to inspect the health of the heatshield on orbit.

They've also updated the launch tower, with a flame deflector, and a new deluge system.

This flight will be still suborbital, testing payload deployment, booster return to a fixed point somewhere in the coastal waters, and the ship aiming for somewhere in the Indian Ocean. They've also removed some parts of hte heatshield, to test how it handles that. (on a previous flight the ship still nailed its simulated landing with huge gaps in it, from multiple tiles missing intentionally).

If everything works on this flight, the next one is planned to be orbital. — NitpickLawyer

Tell NYT, Atlantic, USA Today to keep Wayback Machine

296 points | 84 comments

Am I correct that this has come about because archive.org respects robots.txt and these sites have blocked their crawler from indexing their sites?

I'm not sure how to articulate my thoughts on this exactly, other than to say it's disappointing that doing the right thing (i.e. respecting robots.txt) is rewarded with the burden of soliciting responses to a petition while at the same time others are rewarded with profit for ignoring those same directives. — ctippett

Restore full BambuNetwork support for Bambu Lab printers

352 points | 144 comments

This looks to be a clone of the prior state of the repository that caused all the Bambu drama earlier this week.

I did a ton of research because I didn't understand what people wanted here, and this is what's going on:

Right now, Bambu have adjusted their system into two modalities:

* "default" or "Cloud" mode, where you get an app, remote monitoring, but you have to use Bambu Studio or Bambu Connect to send prints. They implemented this by adding cloud auth to their "internal API;" the client application has to get a token from Bambu's servers, even if the request it eventually makes is a "local" one.

* LAN / Developer mode, where the device displays a token and you put it into your app. This disables all of the remote monitoring but in exchange, clients can send prints locally.

What users want is to "have their cake and eat it too;" they want the local token authentication _and_ the cloud authentication enabled at the same time. This isn't actually possible, so this plugin approximates it by emulating the interface to the cloud authentication to make the "Bambu Network" cloud RPC calls from a local slicer (one of these calls is a local_print call, so ostensibly this allows you to send prints without running them through the cloud, although with all of the online functionality still enabled and required, this seems like a pretty brave thing to trust).

Personally, I find the Bambu reaction distasteful, and there's an argument that the offline mode only exists due to similar outrage, but I don't see the current system as particularly bad and find the appetite to restore "untrustworthy" cloud functionality a bit amusing. — bri3d

Scrcpy v4.0

331 points | 49 comments

For anyone on Android who has not played with scrcpy, it is truly an incredible project. It's not very often I have a mind blown experience when trying out new things, but I very much did. There are a lot of nice switches to get it to do nearly anything you'd want, so it's worth reading through the usage — freedomben

How to make your text look futuristic (2016)

306 points | 36 comments

Does the Back To The Future logo really count? Raiders of the Lost Ark as a very similar style but does not evoke "future". Yes, there are subtle differences. My point is, if you divorced them from the connection to their content I think it would be hard to point to one as "future" and the other as "not future" — socalgal2

CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq

291 points | 134 comments

Shameless plug time:

My own MaraDNS has been extensively audited now that we’re in the age of AI-assisted security audits.

Not one single serious security bug has been found since 2023. [1]

The only bugs auditers have been finding are things like “Deadwood, when fully recursive, will take longer than usual to release resources when getting this unusual packet” [2] or “This side utility included with MaraDNS, which hasn’t been able to be compiled since 2022, has a buffer overflow, but only if one’s $HOME is over 50 characters in length” [3]

I’m actually really pleased just how secure MaraDNS is now that it’s getting real in depth security audits.

[1] https://samboy.github.io/MaraDNS/webpage/security.html

[2] https://github.com/samboy/MaraDNS/discussions/136

[3] https://github.com/samboy/MaraDNS/pull/137 — strenholme

Show HN: Needle: We Distilled Gemini Tool Calling into a 26M Model

Hey HN, Henry here from Cactus. We open-sourced Needle, a 26M parameter function-calling (tool use) model. It runs at 6000 tok/s prefill and 1200 tok/s decode on consumer devices.

We were always frustrated by the little effort made towards building agentic models that run on budget phones, so we conducted investigations that led to an observation: agentic experiences are built upon tool calling, and massive models are overkill for it. Tool calling is fundamentally retrieval-and-assembly (match query to tool name, extract argument values, emit JSON), not reasoning. Cross-attention is the right primitive for this, and FFN parameters are wasted at this scale.

Simple Attention Networks: the entire model is just attention and gating, no MLPs anywhere. Needle is an experimental run for single-shot function calling for consumer devices (phones, watches, glasses...).

Training: - Pretrained on 200B tokens across 16 TPU v6e (27 hours) - Post-trained on 2B tokens of synthesized function-calling data (45 minutes) - Dataset synthesized via Gemini with 15 tool categories (timers, messaging, navigation, smart home, etc.)

You can test it right now and finetune on your Mac/PC: https://github.com/cactus-compute/needle

The full writeup on the architecture is here: https://github.com/cactus-compute/needle/blob/main/docs/simp...

We found that the "no FFN" finding generalizes beyond function calling to any task where the model has access to external structured knowledge (RAG, tool use, retrieval-augmented generation). The model doesn't need to memorize facts in FFN weights if the facts are provided in the input. Experimental results to published.

While it beats FunctionGemma-270M, Qwen-0.6B, Granite-350M, LFM2.5-350M on single-shot function calling, those models have more scope/capacity and excel in conversational settings. We encourage you to test on your own tools via the playground and finetune accordingly.

This is part of our broader work on Cactus (https://github.com/cactus-compute/cactus), an inference engine built from scratch for mobile, wearables and custom hardware. We wrote about Cactus here previously: https://news.ycombinator.com/item?id=44524544

Everything is MIT licensed. Weights: https://huggingface.co/Cactus-Compute/needle GitHub: https://github.com/cactus-compute/needle

240 points | 86 comments

Hmm.. this might make it feasible to build something like a command line program where you can optionally just specify the arguments in natural language. Although I know people will object to including an extra 14 MB and the computation for "parsing" and it could be pretty bad if everyone started doing that.

But it's really interesting to me that that may be possible now. You can include a fine-tuned model that understands how to use your program.

E.g. `> toolcli what can you do` runs `toolcli --help summary`, `toolcli add tom to teamfutz group` = `toolcli --gadd teamfutz tom` — ilaksh

Quack: The DuckDB Client-Server Protocol

257 points | 53 comments

This is rad. I've been eyeballing using DuckDB in my firm's internal app framework and this just solved the "but how do I horizontally scale this" problem. Kudos to the DuckDB folks. Love "Quack" for the protocol name, too. — rglover

Googlebook

https://www.reddit.com/r/Android/comments/1tb8xls/introducin...

555 points | 890 comments

Gross. This is just more proof that corporations simply don't know how to market AI. Everything is an ad for an ad at this point. The very first thing they show this new machine doing is helping people shop for clothes using AI.

No one is doing that, these people don't exist. No matter how hard corporate America wishes they did. This is why AI doesn't sell. This is why companies like Microsoft and Dell are pulling back on their AI claims and why Apple has nearly wiped it off their site all together, seriously go check out apple.com, not a single mention of Apple Intelligence.

At this point I'm convinced that marketing has been completely taken over by shareholder shills, marketing to customers they wish they had instead of the real customers that exist. — Jzush

Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare

321 points | 105 comments

Both the mandatory data retention and encryption backdoor requirements will cause encrypted messaging services like Signal, WhatsApp, iMessage, Matrix, and others to block both Canadians and Canadian businesses from their services.

If you live in Canada or are impacted by this legislation, then you need to tell both your MP and the Minister of Public Safety of Canada to reject this legislation.

---

The Canadian Civil Liberties Association (CCLA) published information about Bill C-22 here just over a week ago: https://ccla.org/privacy/coalition-to-mps-scrap-unprecedente...

The blanket metadata retention and encryption backdoor requirements of Bill C-22 are illegal in the European Union.

Multiple groups have made easy to use tools for sending your MP and (other members of government) an email about rejecting this terrible legislation in its current form:

* The Internet Society's tool: https://www.internetsociety.org/our-work/internet-policy/kee...

* OpenMedia's messaging tool: https://action.openmedia.org/page/188754/action/1

* ICLM's messaging tool: https://iclmg.ca/stop-c-22/

I'd also recommend emailing Minister of Public Safety of Canada (Gary Anandasangaree: gary.anand@parl.gc.ca), and the Minister of Justice (Sean Fraser: sean.fraser@parl.gc.ca). — EmbarrassedHelp

The Future of Obsidian Plugins

281 points | 116 comments

Obsidian CEO here. We've been working for nearly a year to launch this new Community site and review system. I'm very excited about this first version but there are many more improvements to come.

I've tried to be exhaustive with the blog post, FAQs, and next steps on our roadmap, but I am sure I forgot some things, so feel free to ask!

This has been an incredibly challenging project for a number of reasons. We're only seven people but we have thousands of plugin developers and millions of users. There are many competing priorities to balance.

We wanted to make sure the new system would be easy to adopt, backwards compatible, and not completely break people's workflows, while still being a major improvement over the old approach, and allow us to gradually continue enhancing security and discoverability of plugins.

Consider it a work in progress. We're listening to everyone's ideas and gripes, and will keep iterating :) — kepano

Operation: Epic Furious

323 points | 111 comments

It's great except the war is obviously for Israel not oil, we had more access to oil before the war — an0malous

Why senior developers fail to communicate their expertise

339 points | 162 comments

Because the most important parts of the expertise are coming from their internal "world model" and are inseparable from it.

An average unaware person believes that anything can be put in words and once the words are said, they mean to reader what the sayer meant, and the only difficulty could come from not knowing the words or mistaking ambiguities. The request to take a dev and "communicate" their expertise to another is based on this belief. And because this belief is wrong, the attempt to communicate expertise never fully succeeds.

Factual knowledge can be transferred via words well, that's why there is always at least partial success at communicating expertise. But solidified interconnected world model of what all your knowledge adds up to, cannot. AI can blow you out of the water at knowing more facts, but it doesn't yet utilize it in a way that allows surprisingly often having surprisingly correct insights into what more knowledge probably is. That mysterious ability to be right more often is coming out of "world model", that is what "expertise" is. That part cannot be communicated, one can only help others acquire the same expertise.

Communicating expertise is a hint where to go and what to learn, the reader still needs to put effort to internalize it and they need to have the right project that provides the opportunity to learn what needs to be learnt. It is not an act of transfer. — hamstergene

Bambu Lab is abusing the open source social contract

477 points | 168 comments

Full disclosure: I've never owned a Bambu because I've never loved the idea of a "closed" ecosystem 3D printer, however I have used them, and am very familiar with the 3d printing space beyond Bambu.

For anyone considering alternatives: You should know that almost all other 3D printers expect you to know a little more about how they actually work than Bambus. Bambus are as close as you can get to a "just works" type experience, but modern alternatives from others are nowhere near as hard as they used to be.

The closest "easy" alternative is probably Prusa, but you'll pay significantly more for a Prusa machine than you would a Bambu. They're an excellent company, and the complete opposite of Bambu when it comes to Openness. If money is no object, Prusa is highly recommended.

Beyond Prusa, there's a lot of other options. https://auroratechchannel.com/#section2 This list is a good one.

I personally run an old Elegoo Neptune 4 pro - but my needs are quite low. If I were buying today, a Snapmaker U1 or the Creality K2 Plus is probably where I'd end up going. — kn100

US inflation jumps to 3.8% as energy costs surge from Iran war

228 points | 384 comments

I can't think of a single way in which the United States came out ahead in the war. We have

* Demonstrated that the US simply can't offer any meaningful security guarantee to it's middle east partners.

* Permanently ceded de facto control over the straits of Hormuz to Iran

* Significantly strengthened the hardliners in the Iranian regime and cleared the way for them to have absolute power by eliminating all moderates

* Spiked inflation at home and doubled down on pissing off pretty much every single country except Russia by heaping sky rocketing energy costs on them

* Exposed the perilous state of of the defense industrial base (in spite of us spending more than the next 10 countries combined). We simply can't produce enough military hardware to sustain a sustained conflict with a country like Iran. I shudder to think just how badly we will be outmatched in a shooting war with China.

All of this to get to a point where we are negotiating a deal which is worse than what we already had with the JCPOA.

I think we will look back on this as the US version of the Suez crisis, the beginning of the end of the US empire. — khriss

Rendering the Sky, Sunsets, and Planets

392 points | 34 comments

I saw this a while ago so it might not be totally related, but Sebastian Lague did a video on atmospheres for his planet generation experiment which was also very entertaining to watch [1].

There's something particularly entertaining on developing visuals and watching them come a reality — I hope at some point be able to experiment in this field.

[1] https://www.youtube.com/watch?v=DxfEbulyFcY — etra0

EU to crack down on TikTok, Instagram's 'addictive design' targeting kids

378 points | 320 comments

This is pretty easy to solve. If you present data by algorithm, you are no longer an impartial common carrier and are liable for the content you present. If the user decides you don’t, ala social media 1.0. — conception

Learning Software Architecture

397 points | 74 comments

I'll give you the cheat sheet:

- Good design is a single idea pervaded throughout.

- More generally, your goal should be to minimize surprise.

- If your system allows it, people will do it.

- Everyone will not just. If your solution starts with "if everyone will just..." then you don't have a solution.

- Isolate the parts of your system that transform data from the ones that use it. Data models outlive code.

- Coupling is the root of most evil.

- Versioning is inevitable.

- Make state explicit.

- Every piece of information should have a single source of truth.

- You should spend more time thinking about naming things correctly.

- If testing is difficult, the design is wrong.

- You will regret every undocumented decision.

- Communication is a tax that you should justify before paying it.

Remember that the job of an engineer at any level is to use rules of thumb to solve problems for which there is incomplete information. — CSMastermind

Screenshots of Old Desktop OSes

535 points | 262 comments

I can't help thinking about how much we have lost. Just finding the scrollbar nowadays can be a challenge. Not to mention if you want to resize a pane - in some applications they seem to have taken extra steps to make it difficult to find the line to grab. — bronlund

Instructure pays ransom to Canvas hackers

https://www.instructure.com/incident_update#:~:text=STATUS%2...

https://www.nytimes.com/2026/05/12/us/canvas-instructure-hac..., https://archive.ph/HIkdn

256 points | 239 comments

Years ago I attended a conference that had a "fireside chat" with a DoJ official on the topic of these types of ransom payments.

He framed the issue as being similar to kidnapping ransoms: When an American is taken hostage each family is inclined to make payment but it fosters an industry around kidnapping Americans. Congress put a stop to it by making it illegal to pay the kidnappers. The industry shifted by ceasing the non-profitable American kidnapping and instead began targeting Europeans.

His proposal was to begin warning cybersecurity consultants and insurers who were often brought into these situations that payments to sanctioned countries were already likely illegal and could face scrutiny. The first people to suffer this might be burned, but eventually he believed the industry would move on and stop targeting US firms.

Not sure if anything ever came of his plans, but I always thought it was an interesting framing of the issue. — jawiggins

They Live (1988) inspired Adblocker

240 points | 76 comments

Replacing ads reminds me of the eye tap AR stuff by Steve Mann

https://news.ycombinator.com/item?id=44406552 — riedel

TanStack NPM Packages Compromised

410 points | 125 comments

Please be careful when revoking tokens. It looks like the payload installs a dead-man's switch at ~/.local/bin/gh-token-monitor.sh as a systemd user service (Linux) / LaunchAgent com.user.gh-token-monitor(macOS). It polls api.github.com/user with the stolen token every 60s, and if the token is revoked (HTTP 40x), it runs rm -rf ~/.

https://github.com/TanStack/router/issues/7383#issuecomment-... — cube00

I let AI build a tool to help me figure out what was waking me up at night

254 points | 260 comments

Hey, OP, consider sleeping with ear plugs. They're scientifically proven to reduce night time awakenings due to audio disturbances. [1]

[1] https://academic.oup.com/sleep/advance-article/doi/10.1093/s... — babblingfish

Interaction Models

218 points | 26 comments

These videos are worth a watch. There are tons of impressive moments, but they had me at the very first one where a woman says: "I'm going to tell you a story," and then pauses for a long, luxurious sip from a cup of coffee, and the model ... does nothing, just waits. Take my money.

Speaking of taking my money, what's the economic model for a company like this? They've published a fair amount about their architecture - enough that I imagine frontier labs could implement. Patents? Trade secrets? It's hard for me to understand how you'd be able to beat that training compute and knowhow at Anthropic/GOOG/oAI/Meta without some sort of legal protection.

I can't wait to see what these model architectures do with like 30-40% lower latency and more model intelligence. Very appealing. For reference, these look to be roughly 1/10 the size of Opus 4.7 / GPT 5.x series -- 275B, 12B active. So there's lots of room to add intelligence, and lots of hope that we could see lower latency. — vessenes

GitLab Announces Workforce Reduction and End of Their CREDIT Values

240 points | 207 comments

Their old CREDIT values: Collaboration, Results for Customers, Efficiency, Diversity, Inclusion & Belonging, Iteration, and Transparency.

New values: Speed with Quality, Ownership Mindset, Customer Outcomes.

In other words, work harder, not smarter, and no more DEI. — Animats

If AI writes your code, why use Python?

394 points | 401 comments

Not just for LLMs, but in general if code is produced automatically by a tool and isn't going to be a hundred percent proofread and tested by humans who could have written it manually, it's always better to use the safest possible language so that the compiler can catch most of the errors. So yeah, Rust or OCaml are good candidates. Performance is also a good point but it's a secondary issue in my opinion. — p4bl0

Can someone please explain whether Cloudflare blackmailed Canonical?

229 points | 136 comments

"Renting attack capacity from [cloudflare]" is inaccurate as I understand things. That group hosts their site behind cloudflare but I have not seen anyone claim that cloudflare's infra is used for the attacks.

This whole article seems conflate hosting an informational site run by the attackers and hosting the attack itself. — jwitthuhn