Digest of Hacker News - Best

https://www.theverge.com/news/823750/european-union-ai-act-gdpr-changes

By ksec ⬆️ 670 💬 679 [comments]

Top comment by rckt:

I get that too many regulations is a bad thing. But when we talk privacy and personal data there should be no gray zone. It has to be black and white. When I see a stupid cookie banner I search for "Reject all". There's no some data that companies can collect and process without my consent, they just shouldn't be able to collect anything without me actively opting in. Business never respects anything, but profits. Seeing news about relaxing these laws with the "AI" going after this leaves a bitter taste. And with them also trying to push the Chat Control thing, it gets even worse.

https://www.aclu.org/news/free-speech/app-store-oligopoly

By pabs3 ⬆️ 442 💬 222 [comments]

Top comment by mark_l_watson:

I get some push back from a few tech friends because I avoid using apps (except for things like Chess game apps). I can’t say for sure that preferring web versions of services helps with censorship, but it can’t hurt.

Using web versions, not apps, is important because companies keep user device statistics and if enough people insist in using web versions, the the web will continue to be at least partially supported by big tech.

https://ai.meta.com/sam3/

By lukeinator42 ⬆️ 427 💬 87 [comments]

Top comment by cebert:

I’m thankful that Meta still contributes to open source and shares models like this. I know there’s several reasons to not like the company, but actions like this are much appreciated and benefit everyone.

https://www.linkedin.com/posts/adafruit_opensource-privacy-techpolicy-activity-7396903362237054976-r14H

By ChuckMcM ⬆️ 405 💬 197 [comments]

Top comment by ahepp:

> users are now explicitly forbidden from reverse-engineering or even attempting to understand how the platform works unless Arduino gives permission.

I briefly looked at their IDE and CLI repos and GitHub claims they're AGPL and GPL 3 respectively. I didn't see a CLA when I looked at their contribution guide.

Am I missing something here? What basis do they have to restrict users' rights to reverse engineer the software?

https://blog.thunderbird.net/2025/11/thunderbird-adds-native-microsoft-exchange-email-support/

By babolivier ⬆️ 404 💬 120 [comments]

Top comment by bnchrch:

While its been a long time since Ive used Thunderbird, I just wanted to take the time to publicly say thank you.

Many HNers probably wont (or cant) remember the world of desktop mail clients but basically during the height of MSFT dominance there was only one real mail client: Outlook. Which Microsoft was starting to monetize heavily, ignore UX, and keep it windows only (cant blame them for that).

Then Thunderbird arrived on the scene, an OSS mail client that beat the pants off of Outlook in features, spam detection, IMAP support and a bunch of other things.

And it was free.

And you could use it on any machine.

This was a huge moment for OSS.

We owe a lot of credit to Mozilla and Thunderbird for rescuing us from a closed source world.

https://www.eff.org/deeplinks/2025/11/patent-office-about-make-bad-patents-untouchable

By iamnothere ⬆️ 397 💬 44 [comments]

Top comment by kregasaurusrex:

Before I discovered HN (of which I'm on daily), I was a frequent reader of Groklaw[0]- a site primarily devoted to covering the fragile intersection of the technology sector and legal system; where the two are often at odds with one another. We're more than a decade beyond it's voluntary closure after the Snowden revelations and it's left a large void on substantive coverage of these issues. The site was the blog of an anonymous tech reporter named Pamela Jones that did detailed deep-dives into the parties & issues involved in high-profile lawsuits between tech companies, like Apple vs. Samsung on the issue of design patents for rounded corners, over what have often been patents containing broad language that resulted in hindrances to innovation ranging from being unwilling to license to extortion of revenue streams for entire product lines. Part of why I find the technology industry to be continually interesting is its desire to innovate instead of litigate- there needs to be a check on bad faith actors whose goal is capture of a niche through regulatory means instead of fair competition; else we get these cases relegated to the infamous eastern district of Texas which has historically played favor towards non-practicing patent trolls. I'll be submitting my comment and suggest others do the same.

[0] https://en.wikipedia.org/wiki/Groklaw

https://openai.com/index/gpt-5-1-codex-max/

By hansonw ⬆️ 397 💬 230 [comments]

Top comment by johnfn:

I've been using a lot of Claude and Codex recently.

One huge difference I notice between Codex and Claude code is that, while Claude basically disregards your instructions (CLAUDE.md) entirely, Codex is extremely, painfully, doggedly persistent in following every last character of them - to the point that i've seen it work for 30 minutes to convolute some solution that was only convoluted because of some sentence I threw in the instructions I had completely forgotten about.

I imagine Codex as the "literal genie" - it'll give you exactly what you asked for. EXACTLY. If you ask Claude to fix a test that accidentally says assert(1 + 1 === 3), it'll say "this is clearly a typo" and just rewrite the test. Codex will rewrite the entire V8 engine to break arithmetic.

Both these tools have their uses, and I don't think one approach is universally better. Because Claude just hacks its way to a solution, it is really fast, so I like using it for iterate web work, where I need to tweak some styles and I need a fast iterative loop. Codex is much worse at that because it takes like 5 minutes to validate everything is correct. Codex is much better for longer, harder tasks that have to be correct -- I can just write some script to verify that what it did work, and let it spin for 30-40 minutes.

https://www.theverge.com/tech/823337/switching-linux-gaming-desktop-cachyos

By throwaway270925 ⬆️ 356 💬 251 [comments]

Top comment by vinkelhake:

I recently had my Framework Desktop delivered. I didn't plan on using it for gaming, but I figured I should at least try. My experience thus far:

    * I installed Fedora 43 and it (totally unsurprisingly) worked great.
    * I installed Steam from Fedora's software app, and that worked great as well.
    * I installed Cyberpunk 2077 from Steam, and it just... worked.

Big thanks to Valve for making this as smooth as it was. I was able to go from no operating system to Cyberpunk running with zero terminals open or configs tweaked.

I later got a hankering to play Deus Ex: Mankind Divided. This time, the game would not work and Steam wasn't really forthcoming with showing logs. I figured out how to see the logs, and then did what you do these days - I showed the logs to an AI. The problem, slightly ironically, with MD is that it has a Linux build and Steam was trying to run that thing by default. The Linux build (totally unsurprisingly) had all kinds of version issues with libraries. The resolution there was just to tell Steam to run the Windows build instead and that worked great.

https://www.ntsb.gov:443/news/press-releases/Pages/NR20251118.aspx

By DamnInteresting ⬆️ 322 💬 123 [comments]

Top comment by crote:

I strongly recommend watching/reading the entire report, or the summary by Sal Mercogliano of What's Going On In Shipping [0].

Yes, the loose wire was the immediate cause, but there was far more going wrong here. For example:

- The transformer switchover was set to manual rather than automatic, so it didn't automatically fail over to the backup transformer.

- The crew did not routinely train transformer switchover procedures.

- The two generators were both using a single non-redundant fuel pump (which was never intended to supply fuel to the generators!), which did not automatically restart after power was restored.

- The main engine automatically shut down when the primary coolant pump lost power, rather than using an emergency water supply or letting it overheat.

- The backup generator did not come online in time.

It's a classic Swiss Cheese model. A lot of things had to go wrong for this accident to happen. Focusing on that one wire isn't going to solve all the other issues. Wires, just like all other parts, will occasionally fail. One wire failure should never have caused an incident of this magnitude. Sure, there should probably be slightly better procedures for checking the wiring, but next time it'll be a failed sensor, actuator, or controller board.

If we don't focus on providing and ensuring a defense-in-depth, we will sooner or later see another incident like this.

[0]: https://www.youtube.com/watch?v=znWl_TuUPp0

https://www.cnbc.com/2025/11/19/larry-summers-epstein-openai.html

By koolba ⬆️ 313 💬 347 [comments]

Top comment by koolba:

In related news, Harvard is also launching its own investigation into its former president Summers: https://www.thecrimson.com/article/2025/11/19/harvard-opens-...

https://www.cloudflarestatus.com/?t=1

By imdsm ⬆️ 2131 💬 1378 [comments]

Top comment by abelanger:

If anyone needs commands for turning off the CF proxy for their domains and happens to have a Cloudflare API token.

First you can grab the zone ID via:

    curl -X GET "https://api.cloudflare.com/client/v4/zones" -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" | jq -r '.result[] | "\(.id) \(.name)"'

And a list of DNS records using:

    curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json"

Each DNS record will have an ID associated. Finally patch the relevant records:

    curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" --data '{"proxied":false}'

Copying from a sibling comment - some warnings:

- SSL/TLS: You will likely lose your Cloudflare-provided SSL certificate. Your site will only work if your origin server has its own valid certificate.

- Security & Performance: You will lose the performance benefits (caching, minification, global edge network) and security protections (DDoS mitigation, WAF) that Cloudflare provides.

- This will also reveal your backend internal IP addresses. Anyone can find permanent logs of public IP addresses used by even obscure domain names, so potential adversaries don't necessarily have to be paying attention at the exact right time to find it.

https://blog.cloudflare.com/18-november-2025-outage/

By eastdakota ⬆️ 1303 💬 752 [comments]

Top comment by gucci-on-fleek:

> This showed up to Internet users trying to access our customers' sites as an error page indicating a failure within Cloudflare's network.

As a visitor to random web pages, I definitely appreciated this—much better than their completely false “checking the security of your connection” message.

> The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind. Instead, it was triggered by a change to one of our database systems' permissions

Also appreciate the honesty here.

> On 18 November 2025 at 11:20 UTC (all times in this blog are UTC), Cloudflare's network began experiencing significant failures to deliver core network traffic. […]

> Core traffic was largely flowing as normal by 14:30. We worked over the next few hours to mitigate increased load on various parts of our network as traffic rushed back online. As of 17:06 all systems at Cloudflare were functioning as normal.

Why did this take so long to resolve? I read through the entire article, and I understand why the outage happened, but when most of the network goes down, why wasn't the first step to revert any recent configuration changes, even ones that seem unrelated to the outage? (Or did I just misread something and this was explained somewhere?)

Of course, the correct solution is always obvious in retrospect, and it's impressive that it only took 7 minutes between the start of the outage and the incident being investigated, but it taking a further 4 hours to resolve the problem and 8 hours total for everything to be back to normal isn't great.

https://www.blender.org/download/releases/5-0/

By FrostKiwi ⬆️ 891 💬 284 [comments]

Top comment by gehsty:

I’d really like to see something like blender come for the 3D CAD industry, at the moment it feels like the only people who would lose out are AutoDesk. The amount of money that flows in and out of 3D cad (as subscription and then value created) having a first class open source kernel and tooling, would be giving big industrial players freedom to modify and tailor to their needs as well as smaller / hobbyists get started for free!

https://blog.joinmastodon.org/2025/11/my-next-chapter-with-mastodon/

By Tomte ⬆️ 551 💬 391 [comments]

Top comment by glenstein:

This is an indescribably devastating loss for a project that, whatever its imperfections, can fairly lay claim to the most intellectually consistent and sincere adherence to FOSS, privacy, and decentralization of any major social media project. Eugene has proven a spectacular and indispensable developer, and I don't know that Mastodon has the ability to move on without him. I want to praise Eugen but the uncomfortable truth is I think Mastodon as a project may not recover from losing him. Though I hope to be proven wrong.

https://blog.google/products/gemini/gemini-3/

By preek ⬆️ 524 💬 436 [comments]

Top comment by lairv:

Out of curiosity, I gave it the latest project euler problem published on 11/16/2025, very likely out of the training data

Gemini thought for 5m10s before giving me a python snippet that produced the correct answer. The leaderboard says that the 3 fastest human to solve this problem took 14min, 20min and 1h14min respectively

Even thought I expect this sort of problem to very much be in the distribution of what the model has been RL-tuned to do, it's wild that frontier model can now solve in minutes what would take me days

https://www.bbc.com/news/articles/c1j8ewy1p86o

By YeGoblynQueenne ⬆️ 499 💬 485 [comments]

Top comment by njarboe:

One of the main reasons people want/need brighter headlights is that there is much more light inside the car from screens. These don't let your eyes adjust to the dark properly. Older cars had dim green lighting for the gauges and even had a knob to adjust the brightness up and down. You could create a very dim interior instead of the huge amount of white light you get with modern cars and the multiple screens.

I'm happy my Tesla does a decent job of having the screen be quite dark at night but the headlights are quite bad with the horizontal cutoff style that only lights the first few feet of horizontal ahead of the car. I need to see those deer and elk on the side of the road, damn it.

https://ericmigi.com/blog/pebble-rebble-and-a-path-forward/

By phoronixrly ⬆️ 431 💬 223 [comments]

Top comment by xyzzy_plugh:

I view this entire thing through an extremely simple, reductive lens:

Rebble effectively had free reign on this ecosystem for years, and could have at any time decided to try and capitalize on it further. They still can! But instead they're apparently interested in rent seeking while Core makes real headway.

It's clear that Eric and Core want to make something now. It's not clear what Rebble wants, but it's clear they are feeling left out. That obviously sucks but it's clear from what both sides are saying that Core has been trying to involve Rebble in their efforts. That's certainly noble and I'm not sure others would do the same.

Would Eric be able to do this all without Rebble? Lots of commenters have been saying "no" but I'm skeptic. I was an early Pebble user. I stopped using it before they went bust, and while I was aware of Rebble, there was nothing compelling there for me. It's neat that they have maintained a copy of the original watchfaces but beyond that I don't perceive a ton of value. I don't like the subscription fee. I'm sad they never took a serious crack at making a Rebble watch.

I hope everyone finds a way forward, together, but I'm not optimistic.

https://pixeldrain.com/u/hwgaNKeH

By Topfi ⬆️ 410 💬 268 [comments]

Top comment by scrlk:

Benchmarks from page 4 of the model card:

    | Benchmark             | 3 Pro     | 2.5 Pro | Sonnet 4.5 | GPT-5.1   |
    |-----------------------|-----------|---------|------------|-----------|
    | Humanity's Last Exam  | 37.5%     | 21.6%   | 13.7%      | 26.5%     |
    | ARC-AGI-2             | 31.1%     | 4.9%    | 13.6%      | 17.6%     |
    | GPQA Diamond          | 91.9%     | 86.4%   | 83.4%      | 88.1%     |
    | AIME 2025             |           |         |            |           |
    |   (no tools)          | 95.0%     | 88.0%   | 87.0%      | 94.0%     |
    |   (code execution)    | 100%      | -       | 100%       | -         |
    | MathArena Apex        | 23.4%     | 0.5%    | 1.6%       | 1.0%      |
    | MMMU-Pro              | 81.0%     | 68.0%   | 68.0%      | 80.8%     |
    | ScreenSpot-Pro        | 72.7%     | 11.4%   | 36.2%      | 3.5%      |
    | CharXiv Reasoning     | 81.4%     | 69.6%   | 68.5%      | 69.5%     |
    | OmniDocBench 1.5      | 0.115     | 0.145   | 0.145      | 0.147     |
    | Video-MMMU            | 87.6%     | 83.6%   | 77.8%      | 80.4%     |
    | LiveCodeBench Pro     | 2,439     | 1,775   | 1,418      | 2,243     |
    | Terminal-Bench 2.0    | 54.2%     | 32.6%   | 42.8%      | 47.6%     |
    | SWE-Bench Verified    | 76.2%     | 59.6%   | 77.2%      | 76.3%     |
    | t2-bench              | 85.4%     | 54.9%   | 84.7%      | 80.2%     |
    | Vending-Bench 2       | $5,478.16 | $573.64 | $3,838.74  | $1,473.43 |
    | FACTS Benchmark Suite | 70.5%     | 63.4%   | 50.4%      | 50.8%     |
    | SimpleQA Verified     | 72.1%     | 54.5%   | 29.3%      | 34.9%     |
    | MMLU                  | 91.8%     | 89.5%   | 89.1%      | 91.0%     |
    | Global PIQA           | 93.4%     | 91.5%   | 90.1%      | 90.9%     |
    | MRCR v2 (8-needle)    |           |         |            |           |
    |   (128k avg)          | 77.0%     | 58.0%   | 47.1%      | 61.6%     |
    |   (1M pointwise)      | 26.3%     | 16.4%   | n/s        | n/s       |

n/s = not supported

EDIT: formatting, hopefully a bit more mobile friendly

https://fabiensanglard.net/quake_chunnel/index.html

By billiob ⬆️ 381 💬 84 [comments]

Top comment by skrebbel:

Random drive-by nitpick:

> From the beginning of the development, id had requested from djgpp engineers that their DPMI client would be able to run on djgpp's DPMI server but also Windows 95 DPMI server.

I'm pretty sure that "DJGPP engineers" is just one guy, DJ Delorie. DJGPP was always open source so I bet he got some contributors, but if the rest of this sentence is true that "id has requested from djgpp engineers", it just means they asked the maker of an open source tool they used to please add a feature. I wonder whether they paid him for it or whether DJ just hacked it all in at id's request for kicks. His "about me" page suggests he does contracting so might be the latter.

DJGPP was spectacularly good back in the day. I didn't appreciate at the time what a monumental effort it must have been to port the entire GCC toolchain and runtime to DOS/Windows. Hats off to DJ Delorie!

https://www.githubstatus.com/incidents/5q7nmlxz30sk

By wilhelmklopp ⬆️ 375 💬 314 [comments]

Top comment by aeldidi:

I'm becoming concerned with the rate at which major software systems seem to be failing as of late. For context, last year I only logged four outages that actually disrupted my work; this quarter alone I'm already on my fourth, all within the past few weeks. This is, of course, just an anecdote and not evidence of any wider trend (not to mention that I might not have even logged everything last year), but it was enough to nudge me into writing this today (helped by the fact that I suddenly had some downtime). Keep in mind, this isn't necessarily specific to this outage, just something that's been on my mind enough to warrant writing about it.

It feels like resiliency is becoming a bit of a lost art in networked software. I've spent a good chunk of this year chasing down intermittent failures at work, and I really underestimated how much work goes into shrinking the "blast radius", so to speak, of any bug or outage. Even though we mostly run a monolith, we still depend on a bunch of external pieces like daemons, databases, Redis, S3, monitoring, and third-party integrations, and we generally assume that these things are present and working in most places, which wasn't always the case. My response was to better document the failure conditions, and once I did, realize that there was many more than we initially thought. Since then we've done things like: move some things to a VPS instead of cloud services, automate deployment more than we already had, greatly improve the test suite and docs to include these newly considered failure conditions, and generally cut down on moving parts. It was a ton of effort, but the payoff has finally shown up: our records show fewer surprises which means fewer distractions and a much calmer system overall. Without that unglamorous work, things would've only grown more fragile as complexity crept in. And I worry that, more broadly, we're slowly un-learning how to build systems that stay up even when the inevitable bug or failure shows up.

For completeness, here are the outages that prompted this: the AWS us-east-1 outage in October (took down the Lightspeed R series API), the Azure Front Door outage (prevented Playwright from downloading browsers for tests), today’s Cloudflare outage (took down Lightspeed’s website, which some of our clients rely on), and the Github outage affecting basically everyone who uses it as their git host.

https://www.pcgamer.com/gaming-industry/legendary-game-designer-programmer-space-invaders-champion-and-lgbtq-trailblazer-rebecca-heineman-has-died/

By shdon ⬆️ 857 💬 169 [comments]

Top comment by AdmiralAsshat:

Huge loss to the community. She was, by all accounts, an amazing programmer. I remember when she uploaded the source code of her Doom 3DO port she indicated that she had to write her own string lib because the base one sucked:

> I had to write my own string.h ANSI C library because the one 3DO supplied with their compiler had bugs! string.h??? How can you screw that up!?!?! They did! I spent a day writing all of the functions I needed in ARM 6 assembly.

https://github.com/Olde-Skuul/doom3do

I can't even imagine the level of skill required to just say, "Fine, I'll write MY OWN string lib!" while chasing a deadline.

As an aside...I wonder what will happen to her personal artifacts. There was a media blitz awhile back when Tim Cain said he doesn't have the original source code to Fallout because he was "ordered to destroy it" by Interplay when he left. But Becky then chimed in to say that she did have a surviving copy, because she was a founder. [0] I hope someone else on her behalf would be able to continue that effort, but I worry that with her death, Bethesda would assert that no one else has "legal standing" to do so.

[0] https://thisweekinvideogames.com/news/fallout-1-2-source-cod...

https://www.windowslatest.com/2025/11/18/windows-11-to-add-an-ai-agent-that-runs-in-background-with-access-to-personal-folders-warns-of-security-risk/

By jinxmeta ⬆️ 616 💬 558 [comments]

Top comment by ChicagoDave:

Microsoft has gone full-blown evil corporation again. No customer validation on any of the AI cruft. No full OPT OUT. Office products are bastardized with copilot buttons everywhere.

I've been a Windows user from day one and I now see a future without it. Satya had been a bright spot in Microsoft, but this blind lust for AI, especially in bed with Altman who is pure con artist, is unforgivable.

Some of the investment sells recently are starting to look like the beginning of the end for OpenAI. That will have a wide range impact on everything.

I use Claude for coding (and mostly in WSL). OpenAI enabled its users to have a sext conversation.

Seriously. And Satya just keeps on at full speed.

https://rebble.io/2025/11/17/core-devices-keeps-stealing-our-work.html

By jdauriemma ⬆️ 581 💬 108 [comments]

Top comment by lrvick:

I am the primary author of the current generation Pebble Appstore frontend, the one that maintained the database most of the time, the guy who ran the security, infrastructure, data privacy team, and quite a few things around the Pebble ecosystem over the years. I also was on the team that begrudgingly had to hand it all over to Fitbit in the acquisition.

I have a very strong opinion here.

Any development of Pebble as an ecosystem that is not 100% free open source software and available to the public, is a dick move at this point. It is a dick move if Eric does it in any way, and it is a dick move if the Rebble team does it in any way.

Let Eric or anyone else scrape what they want with the Appstore and wish them luck. Maybe even make a nice JSON export button for people, why not?

Meanwhile those in the community should keep doing what they have always done: Work towards fully open source community first solutions with the full blessing and support of said community.

Proprietary solutions are always a dead end so do not waste any energy fighting them or thinking about them. Just keep pushing to public repos.

https://www.bleepingcomputer.com/news/microsoft/microsoft-aisuru-botnet-used-500-000-ips-in-15-tbps-azure-ddos-attack/

By speckx ⬆️ 461 💬 288 [comments]

Top comment by haunter:

This is what I don't get

>The Aisuru DDoS botnet operates as a DDoS-for-hire service with restricted clientele; operators have reportedly implemented preventive measures to avoid attacking governmental, law enforcement, military, and other national security properties. Most observed Aisuru attacks to date appear to be related to online gaming.

https://www.netscout.com/blog/asert/asert-threat-summary-ais...

So why? Like why would someone pay to take a game down? I see this all over reddit with different games but I just don't get the point. What's the benefit of taking down an online game for a couple of hours.

https://wok.oblomov.eu/tecnologia/google-killing-open-web-2/

By akagusu ⬆️ 394 💬 329 [comments]

Top comment by nwellnhof:

Removing XSLT from browsers was long overdue and I'm saying that as ex-maintainer of libxslt who probably triggered (not caused) this removal. What's more interesting is that Chromium plans to switch to a Rust-based XML parser. Currently, they seem to favor xml-rs which only implements a subset of XML. So apparently, Google is willing to remove standards-compliant XML support as well. This is a lot more concerning.

https://www.sammobile.com/news/israeli-app-app-cloud-samsung-phones-controversy/

By croes ⬆️ 376 💬 251 [comments]

Top comment by baklavaEmperor:

What’s striking is how often these ‘small’ surveillance tech stories trace back to the same state-aligned ecosystem. When Israel does it, it’s treated as a complex security issue. When another ‘bad’ country does the same thing, we immediately call it espionage. And almost on cue, the discussion drifts anywhere except the uncomfortable fact that it’s the same ecosystem from the same country showing up again.

https://github.com/medusalix/FreeMDU

By Medusalix ⬆️ 324 💬 86 [comments]

Top comment by Aurornis:

This is a great project. The blog post explaining how they reverse engineered everything is a good read, too:

https://medusalix.github.io/posts/miele-interface/

https://geminiprotocol.net/

By andsoitis ⬆️ 315 💬 175 [comments]

Top comment by graypegg:

I really enjoyed messing around with Gemini a while ago! But after the "messing around" stage with the protocol itself, the restrictions inherent to gemtext sapped my excitement around it.

It's a mark up language squarely focused on those that write text, but arduous to use if you want to share things you've illustrated, which is most of what I share online that isn't tech related. There's of course the argument that inline images/a spec'd way to expose an image directory listing with thumbnails/etc would only serve to distract or exploit you... but that also ignores the fact that people make art for your eyeballs too. Text is certainly the first class citizen, where images/music/video are all tied for second class, accessible only by downloading them 1 by 1.

That does mean it's perfectly fit for purpose! I wouldn't say it's bad just because I don't get my specific needs met. Someone who's needs are met by Gemini will love it.

https://unbuffered.stream/gemini-personal-context/

By JakaJancar ⬆️ 291 💬 71 [comments]

Top comment by gruez:

>But why is Gemini instructed not to divulge its existence?

Seems like a reasonable thing to add. Imagine how impersonal chats would feel if Gemini responded to "what food should I get for my dog?" with "according to your `user_context`, you have a husky, and the best food for him is...". They're also not exactly hiding the fact that memory/"personalization" exists either:

https://blog.google/products/gemini/temporary-chats-privacy-...

https://support.google.com/gemini/answer/15637730?hl=en&co=G...

https://blog.google/technology/google-deepmind/weathernext-2/

By meetpateltech ⬆️ 280 💬 127 [comments]

Top comment by lysecret:

Im pretty deep into this topic and what might be interesting to an outsider is that the leading models like neuralgcm/weathernext 1 before as well as this model now are all trained with a "crps" objective which I haven't seen at all outside of ml weather prediction.

Essentially you add random noise to the inputs and train by minimizing the regular loss (like l1) and at the same time maximizing the difference between 2 members with different random noise initialisations. I wonder if this will be applied to more traditional genai at some point.

https://www.zigbook.net

By rudedogg ⬆️ 689 💬 381 [comments]

Top comment by rudedogg:

I submitted this and unfortunately it is likely AI generated. The authors github history suggests it at the very least, along with seemingly misunderstanding a reference to a Zig language feature (labeled blocks - https://zig.guide/language-basics/labelled-blocks/) in the project issues (https://github.com/zigbook/zigbook/issues/4).

I’m not sure how much value is to be had here, and it’s unfortunate the author wasn’t honest about how it was created.

I wish I wouldn’t have submitted this so quickly but I was excited about the new resource and the chapters I dug into looked good and accurate.

I worry about whether this will be maintained, if there are hallucinations, and if it’s worth investing time into.

https://jonathanclark.com/posts/coinbase-breach-timeline.html

By jclarkcom ⬆️ 676 💬 218 [comments]

Top comment by AlexErrant:

Here's a Reuters report from June 2, which includes a link to a May 14 SEC filing:

> Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters.

https://www.reuters.com/sustainability/boards-policy-regulat...

> On May 11, 2025, Coinbase, Inc., a subsidiary of Coinbase Global, Inc. (“Coinbase” or the “Company”), received an email communication from an unknown threat actor claiming to have obtained information about certain Coinbase customer accounts, as well as internal Coinbase documentation, including materials relating to customer-service and account-management systems.

https://www.sec.gov/Archives/edgar/data/1679788/000167978825...

https://github.com/jonasstrehle/supercookie

By vxvrs ⬆️ 355 💬 100 [comments]

Top comment by jmward01:

At some point we need actual consequences for sites that intentionally hide their tracking. It should be criminal. It is stalking and has real world consequences. Just because an exploit exists doesn't mean it should be used. That logic is like saying it is OK to break into a house because the lock on the door was weak. If we don't get real protections, at what point does it become justified to go offensive against sites that exploit things like this? If I found someone putting trackers on me with the intent to sell that information (harm me) I would defend myself. When am I allowed to do that in the digital world?

Quick side note here. I appreciate the research calling this out. We need to know the dangers out there to figure out how to protect ourselves, especially since governments don't seem to take this seriously.

https://www.darkpattern.games

By robotnikman ⬆️ 346 💬 134 [comments]

Top comment by offsky:

It’s always shocking to see one of my sites pop up on HN.

For context around my motivation to make the site. I was really addicted to a certain mobile game to the point that it was affecting my work and family life. I stumbled upon an article about how game companies hire psychologists to make the games more addicting. This led me down a rabbit hole of researching dark patterns. It was very eye opening and by learning about the dark patterns they lost their power over me. I was able to quit playing the addictive game. I still play games, I just pick better games and the dark patterns don’t work on me anymore. The research and education that I gave myself was so helpful in restoring balance to my life that I wanted to share it with others. Hence the website. It’s about 7 years old.

The most important part of my site is the text descriptions of the dark patterns. The crowd sourced game reviews are probably spam and rubbish and I’ve been meaning to remove them. I had written code to scrape the iOS and android stores to automatically add new games but this code broke ages ago and I never fixed it. The game listings are years out of date. I had plans to include console and pc games but never got around to it. I moved on to other projects.

I have received many emails over the years from people who say that my site has helped them stop or avoid playing addictive games. This makes me happy.

https://nolanlawson.com/2025/11/16/the-fate-of-small-open-source/

By todsacerdoti ⬆️ 291 💬 223 [comments]

Top comment by p0w3n3d:

  Given that some 80% of developers are now using AI in their regular work, blob-util is almost certainly the kind of thing that most developers would just happily have an LLM generate for them. Sure, you could use blob-util, but then you’d be taking on an extra dependency, with unknown performance, maintenance, and supply-chain risks.

Letting LLM write utility code is a sword that cuts both ways. You often create a throw-away code that is unproven and requires maintenance. It's not a guarantee that the blobutil or toString or whatever created by AI won't fail at some edge cases. That's why e.g. in Java there is Apache commons which is perceived as an industry standard nowadays.

https://britneyspears.ac/lasers.htm

By lachlan_gray ⬆️ 283 💬 87 [comments]

Top comment by AlbertoGP:

Around the time this website was made, I was building an application for a big company in Spain that was to run as a Java applet and required the code to be signed.

They did not yet have their own certificates so I had to make my own CA during testing and sign the code, and I wanted to make sure that they did not forget to switch to their certificates later, so instead of signing the code with my name which some bureaucrat might decide to not bother changing, the code was signed by Britney Spears.

They noticed it, got the joke and made sure to switch certificates for the release. Everything went well thanks to Britney.

https://karboosx.net/post/4eZxhBon/building-a-simple-search-engine-that-actually-works

By freediver ⬆️ 262 💬 78 [comments]

Top comment by marginalia_nu:

The idea behind search itself is very simple, and it's a fun problem domain that I encourage anyone to explore[1].

The difficulties in search are almost entirely dealing with the large amounts of data, both logistically and in handling underspecified queries.

A DBMS-backed approach breaks down surprisingly fast. Probably perfectly fine if you're indexing your own website, but will likely choke on something the size of English wikipedia.

[1] The SeIRP e-book is a good (free) starting point https://ciir.cs.umass.edu/irbook/

https://minimaxir.com/2025/11/nano-banana-prompts/

By minimaxir ⬆️ 840 💬 219 [comments]

Top comment by Genego:

I have been generating a few dozen images per day for storyboarding purposes. The more I try to perfect it, the easier it becomes to control these outputs and even keep the entire visual story as well as their characters consistent over a few dozen different scenes; while even controlling the time of day throughout the story. I am currently working with 7 layers prompts to control for environment, camera, subject, composition, light, colors and overall quality (it might be overkill, but it’s also experimenting).

I also created a small editing suite for myself where I can draw bounding boxes on images when they aren’t perfect, and have them fixed. Either just with a prompt or feeding them to Claude as image and then having it write the prompt to fix the issue for me (as a workflow on the api). It’s been quite a lot of fun to figure out what works. I am incredibly impressed by where this is all going.

Once you do have good storyboards. You can easily do start-to-end GenAI video generation (hopping from scene to scene) and bring them to life and build your own small visual animated universes.

https://zed.dev/blog/zed-is-our-office

By sagacity ⬆️ 595 💬 314 [comments]

Top comment by BinaryPie:

I generally like what Zed is trying to become. However, all of these features and blog posts are frustraing when they struggle to keep basic editor features stable. Edit a file outside of the editor? It's not going to show up in the project pane or the git diff. Need to work inside a container because it's 2025 and we don't need to clutter our local machine with 100s of dependencies and env managers... well now all the AI stuff is broken. ACP sounds cool until you realize every single CLI in existence works better.

My wish is that Zed gets the core working correctly 100% of the time before moving on to expanding feature sets. For now I'm back in NeoVIM because it always works the first time....

https://github.com/zed-industries/zed/issues/38109

Hopefully soon I can give it another shot at full time usage.

https://blog.kagi.com/slopstop

By msub2 ⬆️ 553 💬 254 [comments]

Top comment by irl_zebra:

This is so, so exciting. I hope HN takes inspiration and adds a similar flag. :)

https://techcrunch.com/2025/11/13/blue-origin-lands-new-glenn-rocket-booster-on-second-try/

By perihelions ⬆️ 431 💬 266 [comments]

Top comment by ChuckMcM:

Congrats to the Blue Origin team! That's a heck of a milestone (landing it on the second attempt). It will compete more with Falcon Heavy than Starship[1] but it certainly could handle all of the current GEO satellite designs. I'm sure that the NRO will appreciate the larger payload volume as well. Really super glad to see they have hardware that has successfully done all the things. The first step to making it as reliable as other launch platforms. And having a choice for launch services is always a good thing for people buying said launch services.

Notably, from a US policy standpoint, if they successfully become 'lift capability #2' then it's going to be difficult to ULA to continue on.

[1] Although if Starship's lift capacity keeps getting knocked back that might change.

https://www.checkout.com/blog/protecting-our-merchants-standing-up-to-extortion

By StrangeSound ⬆️ 410 💬 203 [comments]

Top comment by joshmn:

It’s notable that there were ShinyHunters members arrested by the FBI a few years ago. I was in prison with Sebastian Raoult, one of them. We talked quite a bit.

The level of persistence these guys went through to phish at scale is astounding—which is how they gained most of their access. They’d otherwise look up API endpoints on GitHub and see if there were any leaked keys (he wasn’t fond of GitHub's automated scanner).

https://www.justice.gov/usao-wdwa/pr/member-notorious-intern...

https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

By abraham ⬆️ 399 💬 375 [comments]

Top comment by habibur:

    5 million Rust LOC 
    One potential memory safety vulnerability found 
    Rust is 0.2 vuln per 1 MLOC.

    Compared to 
    C and C++ : 1,000 memory safety vulnerabilities per MLOC. 

Key take.

https://www.rosalux.de/en/news/id/53917/britains-railway-privatization-was-an-abject-failure

By robtherobber ⬆️ 397 💬 351 [comments]

Top comment by graemep:

It implies railways were les safe post privatisation. This is misleading. There were more accidents and deaths, but that was because of a huge increase in miles travelled. Deaths per billion kilometers fell consistently before and after privatisation.

A lot of the problems lie in tracks and their maintenance, and the tracks were re-nationalised many years ago. It is not efficiently run (see HS2!).

They are expensive, but that is partly because rail workers are well paid. Train drivers can be paid as much as aircraft pilots. Their ability and willingness to strike affects both costs and people's willingness to rely on public transport.

The big constraint is lack of subsidies. it probably makes little difference whether the system is privately owned but tightly regulated, or publicly owned so much as willingness to subsidise it. This is also shown by the failure of franchises taken back into public ownership to improve.

https://www.anthropic.com/news/disrupting-AI-espionage

By koakuma-chan ⬆️ 356 💬 270 [comments]

Top comment by 0xbadcafebee:

> At this point they had to convince Claude—which is extensively trained to avoid harmful behaviors—to engage in the attack. They did so by jailbreaking it, effectively tricking it to bypass its guardrails. They broke down their attacks into small, seemingly innocent tasks that Claude would execute without being provided the full context of their malicious purpose. They also told Claude that it was an employee of a legitimate cybersecurity firm, and was being used in defensive testing.

Guardrails in AI are like a $2 luggage padlock on a bicycle in the middle of nowhere. Even a moron, given enough time, and a little dedication, will defeat it. And this is not some kind of inferiority of one AI manufacturer over another. It's inherent to LLMs. They are stupid, but they do contain information. You use language to extract information from them, so there will always be a lexicographical way to extract said information (or make them do things).

> This raises an important question: if AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is

Money.

https://hightimes.com/news/politics/hemp-ban-hidden-inside-government-shutdown-bill/

By bilsbie ⬆️ 345 💬 551 [comments]

Top comment by mothballed:

Even the legal weed state senators were voting for this.

It is mostly about shifting profits from mom and pop, low regulation hemp industry to wealthy corporations that own dispensaries that have gargantuan regulatory costs that gatekeep out most the competition. This ensures profits are captured by the wealthy rather than small family type setups.

Wealthy former hemp companies will shift to the "legal" weed market, while the mom and pops will get completely wiped out.

https://www.tweeks.io/onboarding

By jmadeano ⬆️ 315 💬 200 [comments]

Top comment by freshtake:

This looks cool and could be a much needed step towards fixing the web.

Some questions:

[Tech]

1. How deep does the modification go? If I request a tweek to the YouTube homepage, do I need to re-specify or reload the tweek to have it persist across the entire site (deeply nested pages, iframes, etc.)

2. What is your test and eval setup? How confident are you that the model is performing the requested change without being overly aggressive and eliminating important content?

3. What is your upkeep strategy? How will you ensure that your system continues to WAI after site owners update their content in potentially adversarial ways? In my experience LLMs do a fairly poor job at website understanding when the original author is intentionally trying to mess with the model, or has overly complex CSS and JS.

4. Can I prompt changes that I want to see globally applied across all sites (or a category of sites)? For example, I may want a persistent toolbar for quick actions across all pages -- essentially becoming a generic extension builder.

[Privacy]

5. Where and how are results being cached? For example, if I apply tweeks to a banking website, what content is being scraped and sent to an LLM? When I reload a site, is content being pulled purely from a local cache on my machine?

[Business]

6. Is this (or will it be) open source? IMO a large component of empowering the user against enshittification is open source. As compute commoditizes it will likely be open source that is the best hope for protection against the overlords.

7. What is your revenue model? If your product essentially wrestles control from site owners and reduces their optionality for revenue, your arbitrage is likely to be equal or less than the sum of site owners' loss (a potentially massive amount to be sure). It's unclear to me how you'd capture this value though, if open source.

8. Interested in the cost and latency. If this essentially requires an LLM call for every website I visit, this will start to add up. Also curious if this means that my cost will scale with the efficiency of the sites I visit (i.e. do my costs scale with the size of the site's content).

Very cool.

Cheers

https://android-developers.googleblog.com/2025/11/android-developer-verification-early.html

By erohead ⬆️ 1239 💬 572 [comments]

Top comment by rom1v:

I want to be able to install apps from alternative app stores like F-Droid and receive automatic updates, without requiring Google's authorization for app publication.

Manually installing an app via adb must, of course, be permitted. But that is not sufficient.

> Keeping users safe on Android is our top priority.

Google's mandatory verification is not about security, but about control (they want to forbid apps like ReVanced that could reduce their advertising revenue).

When SimpleMobileTools was sold to a shady company (https://news.ycombinator.com/item?id=38505229), the new owner was able to push any user-hostile changes they wanted to all users who had installed the original app through Google Play (that's the very reason why the initial app could be sold in the first place, to exploit a large, preexisting user base that had the initial version installed).

That was not the case on F-Droid, which blocked the new user-hostile version and recommended the open source fork (Fossify Apps). (see also this comment: https://news.ycombinator.com/item?id=45410805)

https://store.steampowered.com/sale/steammachine

By davikr ⬆️ 1204 💬 611 [comments]

Top comment by CobrastanJorji:

> Install your own apps, or even another operating system. Who are we to tell you how to use your computer?

From your mouth to Tim Cook's ear, friend.

https://store.steampowered.com/sale/steamframe

By Philpax ⬆️ 876 💬 317 [comments]

Top comment by modeless:

Foveated streaming! That's a great idea. Foveated rendering is complicated to implement with current rendering APIs in a way that actually improves performance, but foveated streaming seems like a much easier win that applies to all content automatically. And the dedicated 6 GHz dongle should do a much better job at streaming than typical wifi routers.

> Just like any SteamOS device, install your own apps, open a browser, do what you want: It's your PC.

It's an ARM Linux PC that presumably gives you root access, in addition to being a VR headset. And it has an SD card slot for storage expansion. Very cool, should be very hackable. Very unlike every other standalone VR headset.

> 2160 x 2160 LCD (per eye) 72-144Hz refresh rate

Roughly equivalent resolution to Quest 3 and less than Vision Pro. This won't be suitable as a monitor replacement for general desktop use. But the price is hopefully low. I'd love to see a high-end option with higher resolution displays in the future, good enough for monitor replacement.

> Monochrome passthrough

So AR is not a focus here, which makes sense. However:

> User accessible front expansion port w/ Dual high speed camera interface (8 lanes @ 2.5Gbps MIPI) / PCIe Gen 4 interface (1-lane)

Full color AR could be done as an optional expansion pack. And I can imagine people might come up with other fun things to put in there. Mouth tracking?

One thing I don't see here is optional tracking pucks for tracking objects or full body tracking. That's something the SteamVR Lighthouse tracking ecosystem had, and the Pico standalone headset also has it.

More detail from the LTT video: Apparently it can run Android APKs too? Quest compatibility layer maybe? There's an optional accessory kit that adds a top strap (I'm surprised it isn't standard) and palm straps that enable using the controllers in the style of the Valve Index's "knuckles" controllers.

https://xeiaso.net/blog/2025/valve-is-about-to-win-the-console-generation/

By moonleay ⬆️ 521 💬 413 [comments]

Top comment by Normal_gaussian:

Valve certainly won't win it, but they're bringing the heat where it wasn't before.

SteamOS is the important part here - if it is proven to be a good console experience (which the deck has basically proven already) then licensing of the OS to other manufacturers will put a lot of pressure on integrated h/w s/w manufacturers.

Unlike the handheld format, the tvbox console is fairly easy to manufacture and is tolerant of a lot of spec and price variety. Any slip up by Sony and Microsoft in specs and price will result in steam machine variants carving away market share, which could force more frequent console releases.

The steam machine will almost certainly come in at a higher price point than the PS5, but with no 'online' subscription charge and reasonably priced storage upgrades we may see these revenue streams disappear from the next console generation in order to compete.

SteamOS isn't perfect, and the variety inherent in the platform that is a strength is also a weakness. The core markets for Nintendo and for Sony aren't going anywhere.

https://www.cnn.com/2025/11/12/business/last-penny-minted

By andrewl ⬆️ 504 💬 662 [comments]

Top comment by Night_Thastus:

I'd say screw it, get rid of nickles and dimes as well. Quarters can stay, for now.

It's a complete waste of money and time continuing to mint such low-value currency. It can't be used for just about anything.

Unfortunately, I do see the problem with part of this. For a handful of items where it does matter, it will force people to use cards more if they want to avoid rounding. And the card providers already have a choke-hold on retailers, and the whole thing is basically a scheme that funnels money from the poor to the wealthy via interest and fees on the consumer, interchange fees, and rewards programs.

https://openai.com/index/gpt-5-1/

By tedsanders ⬆️ 503 💬 639 [comments]

Top comment by dkersten:

I don’t want more conversational, I want more to the point. Less telling me how great my question is, less about being friendly, instead I want more cold, hard, accurate, direct, and factual results.

It’s a machine and a tool, not a person and definitely not my friend.

https://www.jenn.site/my-dad-could-still-be-alive-but-hes-not/

By DustinEchoes ⬆️ 418 💬 273 [comments]

Top comment by twodave:

I feel this, but in reverse. My son could be dead, but he’s not. He was born on the floor of a trailer park apartment, not breathing. His birth mother’s partner called 911, who dispatched an ambulance. All rescue units for his zone were already busy. An ambulance returning from the nearby hospital to another zone heard the call over the radio and happened to be passing by. The hospital was expecting a DOA, but the paramedics (HEROES) managed to get him breathing again on the way. He’s 11 now, and he is the source of all kinds of trouble and joy. Our home would be very different without him.

https://www.windowslatest.com/2025/11/12/meta-just-killed-native-whatsapp-on-windows-11-now-it-opens-webview-uses-1gb-ram-all-the-time/

By DearAll ⬆️ 388 💬 356 [comments]

Top comment by iamcalledrob:

As the person who designed and fought for this app, I am a bit sad about the change.

The native app was by no means perfect, but it felt like a real productivity tool that was trying to be respectful of it's environment.

I've come to the conclusion that native desktop apps are just not viable from large companies, even if there is headcount. The problem is coordination cost.

If you want to launch new features and experiments here, there and everywhere, then the coordination complexity increases nonlinearly with the number of platforms.

If you can sustain a more deliberate, low churn pace of development then it's workable. Features can be well defined and then implemented by the platform team as they see fit. But if you want a more fast-paced, "just in time" style of development, you need to coordinate with every team for every change... wouldn't it be nice to just write web code and be done?

Even Microsoft are building this way these days.

This is why ironically small companies seem more able to support native apps than large ones. The more "stuff" that's being worked on concurrently, the harder it is to support multiple platforms.

https://www.shadertoy.com/view/4dsXzM

By AbuAssar ⬆️ 388 💬 81 [comments]

Top comment by smusamashah:

Discovered Maxwell's Spot illusion while looking further into this https://www.psy.ritsumei.ac.jp/akitaoka/Maxwell_spot_illusio...

This is a flickering blue/green image. In the center wherever your eyes are looking, you will see a dark spot.

https://github.com/yt-dlp/yt-dlp/issues/15012

By bertman ⬆️ 319 💬 185 [comments]

Top comment by embedding-shape:

Seems its already in Arch's repositories, and seems to work, just add another flag to the invocation:

    yt-dlp --cookies-from-browser firefox --remote-components ejs:github -f "bestvideo[ext=mp4]+bestaudio[ext=m4a]/best[ext=mp4]/best" 'https://www.youtube.com/watch?v=XXX'

It is downloading a solver at runtime, took maybe half a second in total, downloads are starting way faster than before it seems to me.

    [youtube] [jsc:deno] Solving JS challenges using deno
    [youtube] [jsc:deno] Downloading challenge solver lib script from  https://github.com/yt-dlp/ejs/releases/download/0.3.1/yt.solver.lib.min.js

It would be great if we could download the solver manually with a separate command, before running the download command, as I'm probably not alone in running yt-dlp in a restricted environment, and being able to package it up together with the solver before runtime would let me avoid lessening the restrictions for that environment. Not a huge issue though, happy in general the start of downloads seems much faster now.