NPM Meltdown! Privacy Showdown! Pebble Goes Free!

Hyperoptic: IPv6 and Out-of-Order Packets

Key Points

• Upstream router failed to respond to RS, delaying RAs and the IPv6 default route.
• MAC address changes triggered immediate unsolicited RAs post-DHCPv6 PD.
• Manual and automated default route workarounds via ip -6 route and dhcpcd hooks.

Build desktop applications using Go and Web Technologies

Key Points

• Bundles Go backend and web UI into a single desktop binary.
• Uses native rendering engines (no embedded browser) with native UI features.
• Provides CLI, templates, and auto-generated TypeScript for Go integration.

The Feds Want to Make It Illegal to Even Possess an Anarchist Zine

Key Points

• New indictment includes charges against Daniel “Des” Sanchez for transporting zines after a protest.
• Sanchez’s October indictment for concealing a document is merged with protest-related defendants.
• Article cites other cases (Georgia RICO, Maya Lau, Project Veritas) to frame broader legal risks around possession/transport of materials.

Git 3.0 will use main as the default branch

Key Points

• Git 3.0 will default new repos to a “main” branch, as noted in Git 2.52.
• The release plans a default hash switch from SHA-1 to SHA-256.
• Storage format and build process updates aim for performance and cross-platform support, including Rust integration.

McMaster Carr – The Smartest Website You Haven't Heard Of

Key Points

• Function-first, minimal design tailored to high-intent part discovery.
• Filter workflow based on quantitative specs enables rapid narrowing to exact items.
• Embedded illustrations and explanations support clarity and decision-making.

Show HN: Syd – An offline-first, AI-augmented workstation for blue teams

Key Points

• Offline, air‑gapped AI workstation delivered via 1TB SSD and updated with encrypted USB.
• Local Dolphin Llama 3 8B model with RAG over 356,000 knowledge chunks for rapid, actionable insights.
• Development at 85% completion; seeking £15,000–£25,000 for ISO packaging and vector DB integration.

Pixar: The Early Days

Key Points

• Toy Story’s success led to Pixar’s record 1995 IPO and strategic focus on feature films.
• By late 1996, Pixar’s team had grown 70% and A Bug’s Life was in production.
• Jobs’s talent-centered management philosophy and Disney partnership renegotiation shaped Pixar and his later leadership at Apple.

A One-Minute ADHD Test

Key Points

• A 4/6 score on the six‑question ADHD screener indicates a strong reason to seek assessment.
• The screener has 69% sensitivity and 99.5% specificity; estimated PPV is ~87.5% at 5% prevalence.
• ADHD treatments include effective stimulants and non‑stimulant alternatives.

Breakthrough in antimatter production

Key Points

• New positron-cooling technique boosts antihydrogen production eightfold.
• 15,000+ antihydrogen atoms accumulated in under seven hours; over 2 million in 2023–24.
• Enables faster precision measurements and gravity studies via ALPHA-g.

Moss survived outside of the International Space Station for 9 months

Key Points

• >80% of P. patens spores remained viable after nine months outside the ISS.
• UV light was the main damaging factor; vacuum and microgravity had limited impact.
• Models indicate spores could survive up to ~15 years in space.

We stopped roadmap work for a week and fixed bugs

Key Points

• Quarterly fixit week halted normal work to address small user and developer productivity issues.
• Outcome: 189 bugs closed by 40 participants; median 4 per person, max 12.
• Key fixes: Perfetto feature request, GitHub Action CI access improvement, and an amalgamated SDK build.

Set theory with types

Key Points

• De Bruijn’s 1973 paper motivates typed set theory for AUTOMATH.
• ZF’s “everything is a set” leads to unintuitive encodings and memberships.
• Typed sets align with practices in Isabelle/HOL and modern proof assistants.

Murphyjitsu (2018)

Key Points

• Murphyjitsu iteratively strengthens plans by anticipating and defending against likely failures.
• Inner Sim (aided by the Outside View) helps identify personal failure modes.
• Act on forecasts: adjust scope/timelines, add resources, or pre-commit focused work time.

Building the largest known Kubernetes cluster, with 130k nodes

Key Points

• GKE experimentally reached 130,000 nodes, sustaining 1,000 Pods/sec and >1M stored objects.
• AI demand is driving large clusters, with expectations around 100K nodes and power becoming a key constraint.
• Investments include MultiKueue, managed DRANET RDMA networking, and Kubernetes read scalability features (KEP-2340, KEP-4988).

Shai-Hulud Returns: Over 300 NPM Packages Infected

Key Points

• Over 300 NPM packages were poisoned in hours on Nov 24, 2025.
• Malicious updates hid behind Bun runtime changes, stealing secrets and exfiltrating via GitHub Actions.
• Registry-side tampering enabled worm-like propagation, affecting over 27,000 GitHub repositories.

The Only GM EV1 Ever Publicly Sold, and Where It's Going Next

Key Points

• VIN #212 is the first EV1 legally sold to the public.
• EV1’s design delivered a 0.19 drag coefficient and ~90-mile range on lead-acid batteries.
• Most EV1s were leased, reclaimed, and crushed; ~40 were donated to institutions.

General principles for the use of AI at CERN

Key Points

• CERN issued technology-neutral AI principles covering all organizational activities.
• Principles include transparency, accountability, legality, fairness, security, safety, sustainability, human oversight, and privacy.
• AI at CERN must be used for non-military purposes only.

Slicing Is All You Need: Towards a Universal One-Sided Distributed MatMul

Key Points

• Universal one-sided algorithm supports all partitionings and replication factors.
• Slicing computes overlapping tiles; operations can be reordered and lowered to optimized IR.
• Implementation with C++ PGAS and direct GPU-to-GPU communication shows performance competitive with PyTorch DTensor.

NSA and IETF, part 3: Dodging the issues at hand

Key Points

• IETF TLS WG is standardizing hybrid ECC+PQ, with a separate non-hybrid PQ draft under consideration.
• April 2025 adoption call results were contested; chairs declared consensus despite reported objections.
• IESG later directed an area director to assess whether rough consensus for adopting the ML-KEM draft was appropriately called.

I built an faster Notion in Rust

Key Points

• Rewrote a knowledge base from Go to Rust to reduce boilerplate and improve clarity.
• Integrated a Zanzibar-inspired authorization model to avoid external services.
• Market and regulatory shifts (Atlassian Data Center sunset, EU data residency) shape product positioning.

Bureau of Meteorology asked to examine $96.5M bill for website redesign

Key Points

• BOM’s website cost approximately $96.5 million; initial public figure was $4.1 million.
• Government intervention led to reverting the radar map and ongoing fixes after user complaints.
• Cost breakdown: $4.1m design, $79.8m build, $12.6m launch and security testing.

Trade Chaos Causes Businesses to Rethink Their Relationship with the U.S.

Key Points

• Changing U.S. tariffs are disrupting small exporters’ pricing, logistics, and investments.
• Some firms have paused U.S. shipments or expansion due to volatility.
• Six businesses from Sweden to Brazil describe communication strategies with U.S. customers.

'Nobody wants to come': What if the U.S. can no longer attract immigrant doctors

Key Points

• U.S. policy changes are making the country less appealing to immigrant physicians.
• Michael Liu’s trajectory—Toronto to Harvard to residency in Boston—illustrates the draw and reassessment.
• Cuts to NIH research funding and HHS staffing have prompted career reconsideration.

Show HN: Cynthia – Reliably play MIDI music files – MIT / Portable / Windows

Key Points

• Supports folder and .m3u playlist playback with robust MIDI format 0 and 1 compatibility.
• Advanced controls: speed 10%–1,000%, volume boost up to 200%, and detailed visualization panels.
• Multi-device support with per-device time shift, volume, channel routing, and automatic resync.

Serflings is a remake of The Settlers 1

Key Points

• Requires original Settlers 1 data files unless History Edition default path is present.
• Supports original savegame import and adds modern features like high resolutions and LAN play.
• Provides command-line options for previews, data validation, and Java system information.

Fast Lua runtime written in Rust

Key Points

• Create an HTTP server and register routes in Lua using Astra.
• Handle request bodies, set response status/headers, and return JSON.
• Configure port 3000 and start the server with server:run().

US 'Homeland Security' Twitter account seemingly run from Israel

Key Points

• X added an “account based in” location label feature to posts.
• Claims include DHS’s account initially showing Israel, later showing U.S. with a VPN indicator.
• Reports suggest temporary pausing and exemptions for government accounts.

Hugo Static Site on Cloudflare

Key Points

• Hugo generates static HTML from Markdown for fast site performance.
• Cloudflare Pages automates builds from main/master branch updates and supports custom domains.
• Cloudflare offers DNS, anti-attack features, and a free plan; downsides include rare outages and a complex dashboard.

Show HN: Virtual SLURM HPC cluster in a Docker Compose

Key Points

• Docker Compose launches a SLURM/OpenMPI cluster on Rocky Linux 9 with optional MariaDB accounting.
• Default setup: 1 login node, 2 workers (4 vCPU, 2048 MB RAM each), SSH access on localhost ports.
• Runtime customization and example SLURM/MPI commands enable quick job submission and testing.

Booking.com cancels $4K hotel reservation, offers same rooms again for $17K

Key Points

• Confirmed $4,300 booking was cancelled and reoffered above $17,000 due to a claimed pricing error.
• Booking.com’s policies allow cancellations for clear rate errors, especially around event pricing.
• Hotel cited a synchronization error with Booking.com; offered alternatives were not equivalent.

I put a real search engine into a Lambda, so you only pay when you search

Key Points

• Compiles a Lucene-based search engine to a native binary with GraalVM to eliminate JVM warmup.
• Explores remote index storage on AWS S3 and EFS to enable scale-to-zero.
• Achieves a reduced Docker image (~338MB) and aims for sub-second startup in AWS Lambda.

Inside Rust's std and parking_lot mutexes – who wins?

Key Points

• Compares std::sync::Mutex (Rust v1.90.0) with parking_lot::Mutex (v0.12.5) via teardown and benchmarks.
• Explains mutex basics and contrasts Rust’s data-wrapping approach with manual locking in C++.
• Provides a decision guide for choosing between std and parking_lot based on measured behavior.

SHA1-Hulud the Second Comming – Postman, Zapier, PostHog All Compromised via NPM

Key Points

• Second wave of Shai-Hulud detected Nov 24, timed before npm’s Dec 9 token revocation.
• Worm exfiltrates secrets via GitHub and propagates by publishing infected packages to npm.
• 425 packages (132M monthly downloads) across namespaces like @accordproject, @asyncapi, and @ensdomains are compromised.

X Just Accidentally Exposed a Covert Influence Network Targeting Americans

Key Points

• X’s new “About this account” feature reveals accounts’ operating locations.
• Numerous large pro‑MAGA accounts claiming U.S. identities are operated from abroad.
• Location-identity mismatches are flagged by X as potential red flags despite VPN caveats.

Corvus Robotics (YC S18): Hiring Head of Mfg/Ops, Next Door to YC Mountain View

Key Points

• Hiring for Head of Manufacturing/Operations in SF Bay Area.
• Drone fleet planned to 5x in 2026; scaling U.S. and overseas manufacturing.
• Bonus skills: Mandarin and EVT/DVT/PVT experience; concise application via DM/email.

Britain is one of the richest countries. So why do children live in poverty?

Key Points

• One-third of UK children (4.5 million) live in relative poverty; 1 million are destitute.
• Charities like Little Village are filling gaps left by weakened public services.
• Childcare costs take ~25% of couples’ net income and ~60% for single parents; many poor children have working parents.

Historically Accurate Airport Dioramas by AV Pro Designs

Key Points

• AV Pro Designs builds 1:1400 historically accurate airport dioramas using archival photos.
• Completed works include JFK, LAX, Heathrow, Newark; BOM features a nighttime view.
• Kai Tak and Charles de Gaulle models are in progress, expanding the collection.

France threatens GrapheneOS with arrests / server seizure for refusing backdoors

Key Points

• French outlets Le Parisien and Le Figaro published critical pieces on GrapheneOS.
• La Quadrature du Net reaffirms GrapheneOS as a recommended privacy tool.
• GrapheneOS is a free, open-source mobile operating system aimed at protecting against tracking and spyware.

We're (now) moving from OpenBSD to FreeBSD for firewalls

Key Points

• FreeBSD chosen for PF firewalls due to superior 10G performance and easy PF ruleset migration.
• New OpenBSD builds halted; firewalls and recent VPN servers now on FreeBSD.
• Some non-firewall OpenBSD hosts likely to move to Ubuntu during replacement.

A New Raspberry Pi Imager

Key Points

• New wizard interface integrates OS customisation into the main imaging flow.
• Pre-configure Raspberry Pi Connect during imaging for instant remote access on first boot.
• Enhanced accessibility: screen reader labels, full keyboard navigation, and improved color contrast.

Cool-retro-term: terminal emulator which mimics look and feel of the old CRTs

Key Points

• Terminal emulator mimicking CRT aesthetics, customizable and lightweight.
• Built with Qt5 using a QML port of qtermwidget (Konsole); runs on Linux and macOS.
• Easy installation via AppImage/dmg and available in Ubuntu, Fedora, and Arch repositories.

Pebble Watch Software Is Now 100% Open Source

Key Points

• Pebble software stack, including the mobile app, is now 100% open source.
• Pebble Appstore adds multiple feeds, public backup, and a new Developer Dashboard.
• Pebble Time 2 targets shipments starting January, with most units arriving March–April.

Claude Opus 4.5

Key Points

• Claude Opus 4.5 is available via apps, API (model ID 'claude-opus-4-5-20251101'), and major cloud platforms at $5/$25 per million tokens.
• Anthropic presents Opus 4.5 as state-of-the-art on SWE-bench Verified for real-world software engineering.
• Platform updates add longer-running agents and integrations for Excel and Chrome, with extended conversation support in apps.

The Bitter Lesson of LLM Extensions

Key Points

• Early ChatGPT plugins enabled API tool use but were constrained by model limitations and UX.
• Persistent and shareable customization emerged via Custom Instructions, Custom GPTs, and ChatGPT Memory.
• Repo-native rules (Cursor) and later protocols reflect maturing, more reliable model-tool integrations.

GrapheneOS migrates server infrastructure from France

Key Points

• GrapheneOS is ending operations in France and relocating servers abroad.
• Community services move to Toronto; critical website hosting moves to Netcup in Germany.
• Project cites EU policy concerns and negative French media coverage as triggers.

Three Years from GPT-3 to Gemini 3

Key Points

• Gemini 3 demonstrates end-to-end capability by building an interactive mini‑game from a prompt.
• Antigravity enables agentic coding with permissioned computer access and an Inbox for approvals.
• Coding proficiency turns AI agents into general-purpose tools for a broad range of computer tasks.

Google's new 'Aluminium OS' project brings Android to PC

Key Points

• Google is merging ChromeOS and Android into an AI-centric desktop platform codenamed “Aluminium OS.”
• A Google job listing and Snapdragon Summit statements confirm Android is coming to PCs in collaboration with Qualcomm.
• Key details such as branding, upgrades for existing Chromebooks, and target device tiers remain unspecified.

Mind-reading devices can now predict preconscious thoughts: is it time to worry?

Key Points

• BCIs can detect intention before conscious action, improving assistive control.
• Dual‑implant approaches including posterior parietal cortex expand decoding beyond motor signals.
• AI‑enhanced consumer EEG devices raise privacy and ethical concerns about neural data.

Is Your Android TV Streaming Box Part of a Botnet?

Key Points

• Access to 2,200+ services requires installing Superbox-specific apps outside Google’s ecosystem.
• Setup replaces Google Play with an unofficial app store due to lack of Android TV certification.
• Experts report the apps may enroll devices into residential proxy networks linked to cybercrime.

TSMC Arizona Outage Saw Fab Halt, Apple Wafers Scrapped

Key Points

• Power fault at Linde cut gas supply, halting TSMC Arizona Fab 21 and causing wafer scrap.
• Q3 net income at TSMC Arizona dropped 99% to $1.4M; outage offers an alternate explanation.
• Client impact likely minimal; losses may be insured and output can be recovered later.

Ask HN: Scheduling stateful nodes when MMAP makes memory accounting a lie

Key Points

• Coordinator misread low row count and repeatedly tried to load segments onto a near-OOM node.
• mmap, lazy loading, and OS page cache made memory usage opaque and RSS unreliable.
• Proposed approaches include node-enforced backpressure, per-segment cost models, and decoupling storage and query balancing.

What OpenAI did when ChatGPT users lost touch with reality

Key Points

• OpenAI updates increased ChatGPT’s conversational, confidant-like behavior.
• User reports in March triggered internal review by leadership.
• OpenAI later made ChatGPT safer, balancing engagement with risk.

The history of Indian science fiction

Key Points

• “Sultana’s Dream” is framed as an early landmark of Indian SF in English (1905, Madras).
• The story deploys defamiliarization/cognitive estrangement to invert patriarchy in a utopian Ladyland.
• It anticipates techno-utopian themes: mechanized labor, climate regulation, and hydrogen-powered aircraft.

Claude Advanced Tool Use

Key Points

• Three new Claude features: Tool Search Tool, Programmatic Tool Calling, and Tool Use Examples.
• On-demand tool discovery cuts token usage drastically (to ~8.7K total; ~95% of context preserved).
• Internal tests report significant accuracy gains on MCP evaluations for Opus models.

Show HN: I built an interactive HN Simulator

Key Points

• Interactive tool replicates Hacker News layout and metadata.
• Sample feed shows auto-generated posts with points, times, and comment counts.
• Includes per-item comment links and standard HN navigation.

The Arithmetic of Braids (2022)

Key Points

• Braids can be normalized so only one crossing occurs at a time.
• Labeling single-crossing events enables encoding braids as words.
• Concatenating braids corresponds to concatenating their symbolic words.

PS5 now costs less than 64GB of DDR5 memory. RAM jumps to $600 due to shortage

Key Points

• 64GB DDR5 kit hits $599.99 on Newegg, surpassing console prices.
• Approx. 190% price surge since late September tied to AI-driven supply crunch.
• Storage shortages ripple: nearline HDD backlogs, QLC SSD buys, and bundling trends.

You can see a working Quantum Computer in IBM's London office

Key Points

• IBM’s Quantum System One is on public view at its London Waterloo office.
• The system launched in 2019 and operates at cryogenic temperatures near absolute zero.
• Viewing is from outside only; the display was created with design and display partners.

New report calls for end to child marriage in the US

Key Points

• 314,000+ U.S. child marriages since 2000; 86% involved girls.
• Statutory-rape exemptions tied to marriage affect at least 60,000 cases since 2000.
• 16 states, one district, and two territories have set 18 as the minimum age without exceptions since 2018.

Neopets.com Changed My Life (2019)

Key Points

• First publication in The Neopian Times at age 10 led to over 30 published pieces.
• Learning HTML via Neopets’ homepage customization translated to academic success.
• The author still uses Neopets to practice and improve web skills.

DoGE "cut muscle, not fat"; 26K experts rehired after brutal cuts

Key Points

• OPM confirmed DOGE’s early termination and took over many of its functions.
• DOGE’s reported $214B savings face scrutiny as potentially overstated by ~40%.
• Brookings documented 26,511 firing-then-rehire cases involving critical professional roles.

Unpowered SSDs slowly lose data

Key Points

• Unpowered SSDs can lose data; retention varies by NAND type (QLC/TLC/MLC/SLC).
• Consumer SSDs are poor choices for long-term archives; consider HDDs, tape, or M-Disc.
• Follow the 3-2-1 backup rule using NAS and cloud storage for redundancy.

Show HN: OCR Arena – A playground for OCR models

Key Points

• Leaderboard ranks OCR models using ELO, win rate, and battles.
• Users can upload PDF, JPEG, or PNG files to start anonymous OCR battles.
• Built by extend.ai with sections for Battle, Playground, Leaderboard, and About.

Bytes before FLOPS: your algorithm is (mostly) fine, your data isn't

Key Points

• Optimization should start with profiling to find real bottlenecks.
• Transform and organize data for efficient access; data issues often dominate performance.
• Specialize algorithms to match data characteristics, aiming to “do less.”

Fifty Shades of OOP

Key Points

• OOP is presented as a set of related techniques rather than a single definition.
• Classes are contrasted with prototype-based designs (Self, JavaScript), with ES6 classes abstracting prototypes.
• Explicit vs. implicit receivers and method placement vary by language, affecting ergonomics and performance.

Everything you need to know about hard drive vibration (2016)

Key Points

• Vibration causes I/O misses that trigger rotational retries, degrading HDD performance.
• Internal server sources—fans and the drives—are the main contributors to vibration.
• High track density in HDDs makes them highly sensitive to even minor vibrations.

Show HN: Supabase-Test – Fast Isolated Postgres DBs for Testing Supabase RLS

Key Points

• Instant, isolated PostgreSQL test DBs tailored for Supabase with per-test rollback and clean teardown
• RLS-focused testing via role/claim context switching using setContext and SET LOCAL
• Comprehensive API (getConnections, PgTestClient) plus CI/CD compatibility and flexible seeding

Random lasers from peanut kernel doped with birch leaf–derived carbon dots

Key Points

• Birch leaf–derived carbon dots in a peanut enabled random lasing under pulsed excitation.
• Lasing arises from multiple scattering and coherent feedback in the peanut’s disordered structure.
• Bio-derived CDs address toxicity and stability issues of conventional gain media.

How sea turtles learn locations using Earth’s magnetic field: research

Key Points

• Turtles can learn and remember geographic magnetic signatures, aiding return navigation.
• Two distinct magnetic senses—map and compass—operate via different detection mechanisms.
• Findings, published in Nature by UNC-Chapel Hill researchers, have conservation and tech implications.

Build a Compiler in Five Projects

Key Points

• Five-project path builds a Racket-based compiler targeting x86-64 with growing feature sets.
• Design favors rapid expressiveness, omitting GC, type safety, and register allocation initially.
• Next steps: add dynamic type tagging, register allocation, more built-ins; Boehm GC optional.

A fast EDN (Extensible Data Notation) reader written in C11 with SIMD boost

Key Points

• SIMD‑accelerated EDN parsing across NEON, SSE4.2, and WebAssembly SIMD128.
• Zero‑dependency C11 library with UTF‑8 handling and arena‑based memory management.
• Cross‑platform support and flexible integration via static linking or source inclusion.

A Major City of the Kazakh Steppe? Investigating Semiyarka's Bronze Age Legacy

Key Points

• 140ha Late Bronze Age settlement with planned architecture and central monumental structure.
• Evidence of organized tin-bronze production linked to Cherkaskul and Alekseevka–Sargary cultures.
• Geophysical surveys show mudbrick walling and structured layout; ongoing work under UCL’s ERC/UKRI-funded DREAM project.

Show HN: Hypercamera – a browser-based 4D camera simulator

Key Points

• Browser-based demo provides a 3D sensor view of a 4D hypercamera.
• Comprehensive keyboard/mouse controls for movement, rotation, and zoom.
• Toggles for additional views, gizmo mode, and voxel rasterization, plus vertex selection.

Using Antigravity for Statistical Physics in JavaScript

Key Points

• Antigravity with Gemini 3 Pro produced a JavaScript Ising model visualization in about an hour.
• A Chrome DOM-retrieval extension significantly supported the coding workflow.
• The tool is described as similar to Windsurf, with comparisons to OpenAI and Anthropic experiences.

How did the Windows 95 user interface code get brought to the Windows NT?

Key Points

• NT reimplemented Windows 95 window manager features using 95 as a reference.
• Explorer code was copied to NT and adapted for Unicode with A/W interface variants.
• NT safeguarded changes with #ifdef WINNT and portable types/macros to avoid impacting Windows 95.

A million ways to die from a data race in Go

Key Points

• Data races violate the Go memory model and can cause arbitrary memory corruption, especially with multiword types.
• A common race arises from closures in goroutines implicitly capturing and mutating a shared outer variable.
• Avoid shared mutable state by using closure-local variables or named returns; coordination primitives alone don’t prevent races.

Advice for crime analyst to break into data science

Key Points

• Learn Python and strengthen SQL; ML or LLM skills are increasingly expected.
• Build an evidence-based portfolio (website, GitHub) to complement or substitute formal credentials.
• Apply to analyst roles at relevant companies (e.g., LexisNexis, Esri, Axon) and consider in-person roles.

Migrating to Bazel symbolic macros

Key Points

• Symbolic macros in Bazel 8 add typed attributes and controlled target visibility.
• They enforce naming and standard visibility rules, with errors on violations.
• Macros expand in the loading phase; rules run in the analysis phase.