Big Tech Blunders, AI Drama, and Data Leaks!

FreeCAD is an open-source parametric 3D modeler

Key Points

• FreeCAD 1.0 emphasizes improved stability/usability with no licensing fees or vendor lock-in.
• Cross-platform and extensible, with broad file format support for workflow integration.
• Includes FEA, experimental CFD, BIM, CAM/CNC, and robot simulation workbenches.

Reading the undocumented MEMS accelerometer on Apple Silicon MacBooks via iokit

Key Points

• Undocumented accelerometer on Apple Silicon accessed via IOKit/HID (AppleSPUHIDDevice, AppleSPUHIDDriver).
• HID report parsing: 22 bytes; XYZ at byte offsets 6/10/14 (int32 LE), scaled to g by 1/65536.
• Requires sudo; Python tool includes a BCG heartbeat demo (0.8–3 Hz bandpass, autocorrelation).

Fast KV Compaction via Attention Matching

Key Points

• Attention Matching compacts KV caches by matching attention outputs and preserving per-head attention mass.
• Achieves up to 50× compaction in seconds on some datasets with minimal quality loss.
• Improves the Pareto frontier over training-heavy methods like Cartridges for time–quality trade-offs.

Show HN: Fostrom, an IoT Cloud Platform built for developers

Key Points

• IoT platform in Technical Preview, free now and free for three months for early adopters.
• JavaScript-based Actions for event-driven workflows and real-world effects.
• Sequential Mailboxes with back-pressure for ordered, reliable device message processing.

Debugging Kernel Oops (2024)

Key Points

• Kernel Oops vs. kernel panic: definitions and behavior.
• CONFIG_KALLSYMS and System.map for symbol resolution in Oops logs.
• How to interpret Oops fields: timestamp, codes, PREEMPT/SMP/architecture, IP, and function offsets.

"Made in EU" – Building a Startup on European Infrastructure

Key Points

• EU-only infrastructure stack combines Hetzner, Scaleway, Bunny.net, Nebius, and Hanko.
• Self-hosted apps on Kubernetes (via Rancher) keep data controlled but add ops overhead.
• Unavoidable U.S. dependencies persist: Google Ads and Apple’s Developer Program.

Show HN: Write native binary web apps with TypeScript and Express

Key Points

• Express-like TypeScript APIs compiled to native binaries via Tsonic
• .NET 10 SDK required; ASP.NET Core deps installed during setup
• Familiar routing, middleware, body parsing, static files, and server lifecycle

Raspberry Pi Pico 2 at 873.5MHz with 3.05V Core Abuse

Key Points

• RP2350’s regulator limit can be disabled for higher requested voltages.
• Cooling (heatsink and fan) enables higher stable clocks, up to 678 MHz at ~2.2 V.
• Actual core voltage at high settings is current-limited by the onboard regulator.

Untapped Way to Learn a Codebase: Build a Visualizer

Key Points

• Focus on Next.js’s Turbopack (Rust-based bundler) to learn a complex codebase.
• Avoid starting from main; survey repo structure and pick a manageable entry point.
• Use a minimal reproducible example from a bug report and build a visualizer to map components.

Spell Checking a Year's Worth of Hacker News

Key Points

• Pipeline uses HN via Algolia, filters non-blogs, crawls links, and applies a small LM for error detection.
• False positives require confidence thresholds and manual review despite prompt tuning.
• Pilot found 3/30 posts with fixable errors and reachable authors; emails include detailed context.

Web Components: The Framework-Free Renaissance

Key Points

• Web Components and native APIs can replace many framework roles for building modern UIs.
• Standards-based code benefits from strong browser backward compatibility, reducing maintenance risk.
• Use attributes/properties for downward data and CustomEvent bubbling for upward communication.

SwiftUI Agent Skill: Build Better Views with AI

Key Points

• Open-source SwiftUI Agent Skill centralizes best practices via SKILL.md and topic-specific references.
• Guidance includes avoiding single-parameter onChange and fixing nested ScrollView and redundant state update issues.
• Available on GitHub with community contributions already merged.

The path to ubiquitous AI (17k tokens/sec)

Key Points

• Transforms AI models into custom silicon in ~2 months, yielding per‑model ASICs.
• Unifies memory and compute to remove off‑chip bottlenecks and avoid complex components like HBM.
• First product: HC1 hard‑wired with Llama 3.1 8B; title cites 17k tokens/sec.

Notes on Clarifying Man Pages

Key Points

• Rsync’s man page uses a concise SYNOPSIS and an OPTIONS SUMMARY to improve readability.
• Strace organizes options by category rather than alphabetically to aid discovery.
• Embedded cheat sheets and prominently placed examples (e.g., Perl’s perlcheat, OpenBSD’s tail) enhance man page usability.

Hyperbound (YC S23, Series A) needs a Engineer with something to prove

Key Points

• Hiring in-person full-stack engineer for fast-paced, high-ownership role
• Reports rapid ARR growth and a recent $15M Series A
• Tech stack includes Next.js/React, Node.js/NestJS, PostgreSQL, MongoDB, TypeScript, and AWS

Fast Sorting, Branchless by Design

Key Points

• Traditional sorts leak timing information due to data-dependent behavior.
• Sorting networks provide a fixed, data-oblivious compare-and-swap pattern.
• Used in cryptographic contexts, constant-time sorting mitigates timing attacks.

Ask HN: How to measure how much data one can effectively process or understand?

Key Points

• Kardashev scale is unsuitable for measuring information processing.
• Effective metrics: throughput, compression efficiency, and relational depth.
• Agentic Runtimes and GraphRAG enhance relational modeling and contextual memory.

I used Claude Code and GSD to build the accessibility tool I've always wanted

Key Points

• ScrollAnywhere helps but has limited scope across browsers and OS contexts.
• macOS dwell action provides a slow but universal scrolling fallback.
• AI coding tools (Copilot, ChatGPT, Claude Code) materially improve productivity for the author.

Silicon Valley engineers were indicted for allegedly sending secrets to Iran

Key Points

• Three engineers indicted for alleged theft of processor trade secrets sent to Iran.
• Google detected activity through security monitoring and alerted law enforcement.
• Alleged concealment included routing via third‑party platform and photographing screens.

The Rediscovery of 103 Hokusai Lost Sketches (2021)

Key Points

• 103 Hokusai sketches resurfaced in Paris in 2019 and were later acquired by the British Museum.
• Late-1820s personal hardships likely contributed to the project’s abandonment.
• European collectors and Japanese institutions shaped the works’ provenance and preservation.

Mothers (YC X26) Is Hiring

Key Points

• On-site, full-time roles in Austin across ML (acoustic), computer vision, DSP (acoustic), and systems (acoustic).
• Compensation includes $150K–$250K or $100K–$400K salary bands plus 0.1%–0.5% equity.
• YC-affiliated startup Mothers is expanding its engineering team.

Ggml.ai joins Hugging Face to ensure the long-term progress of Local AI

Key Points

• ggml.ai is joining Hugging Face to support and scale ggml/llama.cpp while keeping them fully open-source.
• Future focus includes seamless integration with Hugging Face transformers and improved packaging/user experience.
• Community autonomy is maintained; Hugging Face provides long-term resources and platform integrations.

I found a useful Git one liner buried in leaked CIA developer docs

Key Points

• Updated Git one-liner deletes only merged local branches while protecting main/develop.
• Lowercase -d ensures unmerged branches are not removed, reducing risk.
• Add as a zsh alias (ciaclean) to streamline routine repository cleanup.

Show HN: A native macOS client for Hacker News, built with SwiftUI

Key Points

• Native macOS Hacker News client built with SwiftUI, featuring WebKit-based reading and ad/pop-up blocking.
• Simple installation via DMG; requires macOS 14.0+ and includes Sparkle-based auto-updates.
• Open-source MIT-licensed project with source builds via Xcode and Swift packages.

PayPal discloses data breach that exposed user info for 6 months

Key Points

• PII exposure via PPWC app from July 1–Dec 13, 2025; discovered Dec 12 and fixed within a day.
• PayPal refunded limited unauthorized transactions, reset passwords, and offered two years of Equifax credit monitoring.
• Update: PayPal says systems weren’t breached; about 100 customers were potentially affected.

How to Stop Being Boring

Key Points

• Boringness is framed as the outcome of excessive self-editing to fit norms.
• A “cringe list” helps surface authentic interests suppressed over time.
• A recovery protocol suggests reintroducing unfiltered interests in low-stakes situations.

Child's Play: Tech's new generation and the end of thinking

Key Points

• San Francisco’s streets feature startup-focused, B2B advertising unlike New York’s consumer ads.
• Cluely’s provocative “cheating tool” campaign drew backlash, and the startup left San Francisco after Planning Commission pushback.
• Cluely’s product is a simple interface for ChatGPT aimed at assisting routine office work, reflecting broader workplace reliance on AI tools.

Trump's global tariffs struck down by US Supreme Court

Key Points

• Supreme Court strikes down Trump’s global tariffs.
• Tariffs were imposed via IEEPA emergency, bypassing Congress.
• Appeals court deemed most tariffs illegal in August 2025 but left them in place.

The Popper Principle

Key Points

• Popper’s fallibilism reframed scientific progress around falsification.
• Open Society links Plato’s political ideas to modern totalitarian ideologies.
• Popper wrote in exile in New Zealand; personal wartime losses intensified his critique.

No Skill. No Taste

Key Points

• LLMs have lowered barriers to app creation, increasing low-quality, derivative releases.
• HN rewards projects with strong taste and resonance over pure technical complexity.
• Examples (This Website Will Self-Destruct, OpenClaw) show taste can outweigh technical polish.

The Gay Tech Mafia

Key Points

• Rumors of a “gay tech mafia” in Silicon Valley have persisted and intensified through anecdotes and social media.
• A viral photo of YC-backed founders with Garry Tan catalyzed renewed speculation.
• The article cites prominent gay leaders to contextualize—but not prove—the narrative.

Why Is the American Diet So Deadly?

Key Points

• Controlled NIH inpatient study compared minimally processed and processed diets under supervision.
• Processed foods were associated with discomfort; less-processed foods with better subjective well-being.
• Metabolic measurements showed ~1,700 calories/day at rest and highlighted differences in fat vs carbohydrate metabolism.

Lessons learned from `oapi-codegen`'s time in the GitHub Secure Open Source Fund

Key Points

• $10k from GitHub’s Secure Open Source Fund enabled focused security work on oapi-codegen.
• The project’s generated Go code from OpenAPI specs touches sensitive request/response paths, making security critical.
• Release governance risks (tag pushes, merges to main, auto-updaters) were identified and addressed to support adding maintainers.

F-Droid: "Keep Android Open"

Key Points

• F-Droid asserts Android installation restrictions are still planned and adds warning banners to clients and website.
• F-Droid Basic 2.0-alpha3 releases with multiple new management and privacy features.
• Conversations/Quicksy adjust Play integration via IPC; several apps receive notable updates.

Making frontier cybersecurity capabilities available to defenders

Key Points

• AI-driven code reasoning finds complex vulnerabilities beyond rule-based static analysis.
• Human-in-the-loop workflow with multi-stage verification, severity and confidence ratings.
• Limited research preview for Enterprise/Team customers; expedited access for open-source maintainers.

Lil' Fun Langs

Key Points

• The article catalogs many small ML-style language implementations, detailing size, implementation language, and target backend for each.
• It provides approximate line-of-code estimates for implementing a broad range of language features, from basics to advanced type and effect systems.
• It highlights concrete reference projects and classic texts that readers can study to learn how to build functional language compilers and interpreters.

Tesla to pay $243M judgement over Autopilot crash

Key Points

• Judge upholds $243M verdict against Tesla in Autopilot wrongful death case.
• Tesla plans to appeal; a punitive cap could reduce but not erase nine-figure exposure.
• Regulatory actions force Tesla to drop 'Autopilot' branding amid broader legal pressure.

Blue light filters don't work

Key Points

• Blue light filters are unlikely to improve sleep; total luminance control matters more.
• Melanopsin’s broad sensitivity (cyan/blue/green) invalidates “blue-only” filtering as a circadian solution.
• SCN-driven circadian timing is influenced by overall light exposure relayed by ipRGCs.

Facebook is absolutely cooked

Key Points

• Return to Facebook after ~8 years shows a feed dominated by non-followed recommendations.
• Many posts appear AI-generated, with visible artifacts and engagement-bait content.
• Facebook displays suggested questions for interacting with AI on video posts.

Do you want to build a community where users search or hang? (2021)

Key Points

• Two archetypes: hangout (“Facebook”) vs. search-and-go (“Google”).
• Examples: Rands Engineering Slack, Ruby, Orbit.love’s Discord vs. Stack Overflow, Elasticsearch forum.
• Determinants include technology scope, real-world events, and unifying philosophies or interests.

KFC, Nando's, and others ditch chicken welfare pledge

Key Points

• Eight UK restaurant groups left the BCC and joined the SCF.
• SCF cites emissions and supply concerns; UKHospitality says welfare and environment remain priorities.
• Animal welfare groups condemn the shift; KFC now fully out of the BCC.

Testing Super Mario Using a Behavior Model Autonomously

Key Points

• Open-source code shows an autonomous exploration system that can complete Super Mario Bros. levels.
• Input generation uses XOR-based bit flips on byte-encoded controls to produce realistic sequences.
• Determinism enables storing and replaying paths; a fitness function prioritizes x-axis progress.

I found a Vulnerability. They found a Lawyer

Key Points

• Sequential user IDs and a shared default password enabled unauthorized access.
• Missing controls (rate limiting, account lockout, MFA) exacerbated the risk.
• Disclosed April 28, 2025; fixed later; user notification remains unclear.

How to Review an AUR Package

Key Points

• Arch maintainers removed three malware-containing AUR packages and added safeguards.
• The article teaches how PKGBUILD scripts work and how to review them for safety.
• AUR builds use makepkg and may need AUR helpers, which have trade-offs.

Wikipedia bans Archive.today after site executed DDoS and altered web captures

Key Points

• Wikipedia will blacklist Archive.today and remove around 695,000 links due to DDoS and content alterations.
• Editors are instructed to replace Archive.today domains with alternatives like Internet Archive, Ghostarchive, or Megalodon.
• Archive.today is under FBI investigation to identify its founder.

A chatbot's worst enemy is page refresh

Key Points

• Page refresh severs SSE streams, hiding in-progress tokens until the final response is saved.
• Common fix: store token deltas (e.g., in Redis) and implement a resume endpoint.
• WebSockets + Ably demo shows seamless resume and history without persistence.

OpenScan

Key Points

• Examples use OpenScan Classic/Mini with OpenScanCloud and, in some cases, focus stacking or 3DF Zephyr.
• Credits and Sketchfab links are provided for original models from creators and institutions.
• Subjects span lab and field setups, including a smartphone-captured on-site scan in Germany.

Escaping Misconfigured VSCode Extensions (2023)

Key Points

• Three VSCode extension vulnerabilities and a VSCode mitigation bypass (CVE-2022-41042) were disclosed.
• Microsoft’s SARIF Viewer and Live Preview had high-severity flaws enabling local file exfiltration.
• Proper Webview configuration (CSP, localResourceRoots, secure postMessage) can block XSS-driven compromise.

Show HN: Mines.fyi – all the mines in the US in a leaflet visualization

Key Points

• 6,608 active U.S. mines visualized with Leaflet using OSM/CARTO basemaps.
• Surface mines dominate (5,779); Stone and Sand/Gravel lead commodity groups.
• Top operators and states are ranked by mine counts and employees.

Turn Dependabot Off

Key Points

• Disable Dependabot for Go projects and use scheduled GitHub Actions with govulncheck and tests.
• Rely on Go Vulnerability Database metadata and reachability analysis to filter alerts.
• The edwards25519 fix (v1.1.1) led to widespread, often unnecessary Dependabot PRs and alerts.

Every company building your AI assistant is now an ad company

Key Points

• OpenAI began serving ads in ChatGPT shortly after announcing the change.
• OpenAI bought Jony Ive’s startup io to build a contextually aware, screenless device.
• Local on-device inference is presented as the key privacy-preserving alternative to cloud processing.

The Essential Economics of Nigeria's Okrika Industry (2023)

Key Points

• Nigeria plans to ban Okrika, citing health, economic and sustainability concerns.
• Okrika is crucial to affordable clothing access, illustrated with concrete price and income examples.
• Historical and industrial context frames the policy debate, including local producers’ competition challenges.

FCC asks stations for "pro-America" programming, like daily Pledge of Allegiance

Key Points

• FCC launches voluntary patriotic programming pledge for broadcasters.
• Participation may satisfy public interest obligations, per Carr.
• The campaign aligns with the 2026 yearlong commemoration of US independence.

Phil Spencer is exiting Microsoft as AI executive takes over Xbox

Key Points

• Phil Spencer retires; Sarah Bond exits Microsoft.
• Asha Sharma named Microsoft Gaming CEO with AI background.
• Matt Booty promoted to EVP and Chief Content Officer.

How were video transfers made? (2011)

Key Points

• Pre-digital transfers used film chains and later telecine scanners (Rank, Bosch).
• NTSC/PAL standards dictated frame-rate handling and projector/transfer setup.
• Mastering moved from 2" quad/1" C-type to Beta SP and digital formats (D1, D2, Digi‑Beta).

I hate AI side projects

Key Points

• AI enables rapid building but has saturated the web with similar side projects.
• Past side projects taught concrete skills (VPS deployment, Python in browser) and sometimes attracted clients.
• Many former projects can now be built quickly with tools like Claude Code, raising the bar for public sharing.

CERN rebuilt the original browser from 1989

Key Points

• CERN rebuilt the original 1990 WorldWideWeb browser within a modern browser in 2019.
• The project is supported by the US Mission in Geneva via the CERN & Society Foundation.
• The site includes how-to instructions and extensive historical and technical resources.

Across the US, people are dismantling and destroying Flock surveillance cameras

Key Points

• Destroyed Flock cameras reported in La Mesa after the city kept its Flock contracts.
• Flock’s ALPR network spans ~6,000 U.S. communities; data access reportedly occurs without warrants and by ICE.
• Documented misuse cases and multi-state public pushback raise legal and privacy concerns.

The true story behind the Toronto mystery tunnel

Key Points

• Tunnel discovered in northwest Toronto with advanced features including lighting and a sump pump.
• Early speculation tied the tunnel to 2015 Pan Am Games venues before builder identification.
• Elton McDonald, a local construction worker, built the tunnel over nearly two years as a personal retreat.

A16Z partner says that the theory that we'll vibe code everything is ' wrong'

Key Points

• Anish Acharya says AI-assisted coding shouldn’t be used to rebuild all enterprise functions; focus AI on core business value.
• Software stocks are “oversold,” Acharya says, after a sell-off partly linked to concerns over an Anthropic AI tool.
• Vinod Khosla suggests API call volume—not stock prices—is the key metric for assessing AI adoption.

Be Wary of Bluesky

Key Points

• Most users rely on Bluesky-hosted PDS, making self-hosting rare despite migration tools.
• Bluesky controls key infrastructure layers: Relay, AppView, and DID Directory.
• Each new ATProto app increases dependence on Bluesky’s infrastructure, raising switching costs.

Irish man detained by ICE [Update] – It's not what it seems

Key Points

• Detained by ICE since September 2025 following arrest last September.
• Overstayed a 2009 U.S. tourist visa and missed an Irish court appearance on drug-related charges, prompting a warrant.
• Daughter publicly states she hopes he is deported and has no sympathy for his situation.

Lexega Turns SQL into Signals

Key Points

• Deterministic SQL-to-signals pipeline with rule matching and policy decisions (allow/warn/block).
• Detection of semantic issues via column lineage across CTE boundaries (e.g., LEFT JOIN null-filter bug).
• Support for multi-statement SQL and Jinja/dbt templates with custom YAML rules.

Don't create .gitkeep files, use .gitignore instead

Key Points

• Place a .gitignore inside the directory with '*' and '!.gitignore' to track the directory.
• The .gitkeep method works but is less maintainable and not an official Git convention.
• Committing the directory with its .gitignore ensures it exists in fresh clones without tracking generated files.

Cord: Coordinating Trees of AI Agents

Key Points

• Cord lets AI agents build task trees dynamically with SPAWN, ASK, and FORK nodes.
• The article highlights limitations in existing frameworks that rely on predefined workflows.
• An example demonstrates parallel tasks, human-in-the-loop queries, and dependency tracking leading to a final recommendation.

What Is OAuth?

Key Points

• OAuth standardizes delegated access to replace insecure, custom solutions.
• OIDC builds sign-in on OAuth, akin to magic link authentication.
• OAuth functions as a flexible framework within IETF standards; OIDC was later formalized from OAuth.

Index, Count, Offset, Size

Key Points

• Use “count” for element totals and “index” for positions; enforce index < count.
• Use “size” for byte counts and “offset” for byte positions; size = @sizeOf(T) * count.
• Avoid ambiguous “length”; language differences (Rust vs. Python) make it unreliable.

Claude Code's compaction discards data that's still on disk

Key Points

• Auto-compaction drops working access to user data despite full transcripts being stored on disk.
• Proposed fix: add transcript line-range pointers in summaries for on-demand recovery.
• Future extension: cross-session indexed lookup of prior transcripts with user consent.

Reproducible and traceable configuration for Conan C and C++ package manager

Key Points

• New “conan config install-pkg” enables versioned, reproducible configuration packages.
• Configuration packages support version ranges and lockfiles for controlled updates.
• Per-OS configuration packages allow automatic Windows/Linux selection during installation.

Excessive token usage in Claude Code

Key Points

• Usage spiked after updating Claude Code to version 2.1.1, reaching limits much faster.
• Opus plan mode reportedly consumed ~10% usage quickly without full database reads.
• Haiku showed lower consumption (2–5% per hour), indicating model-specific differences.

Show HN: Agent Passport – OAuth-like identity verification for AI agents

Key Points

• Open-source OAuth-like identity layer for AI agents with Ed25519 and JWT.
• Risk engine assigns 0–100 scores to allow/throttle/block agent actions.
• MIT-licensed, free-tier friendly, with npm SDK, docs, and live demo.

Show HN: PIrateRF – Turn a $20 Raspberry Pi Zero into a 12-mode RF transmitter

Key Points

• Transforms Raspberry Pi Zero 1 W into a browser-controlled RF transmitter with 12 modes.
• Pre-built image enables rapid setup; Pi Zero 2 W is incompatible due to rpitx timing constraints.
• Emphasizes legal compliance and safe indoor, antenna-free testing with standard amateur frequencies provided.

Show HN: I built a 55K-word email marketing knowledge base and Claude Code skill

Key Points

• 55,000-word, open-source email marketing guide with 4,798 insights from 908 sources
• Claude Code skill provides real-time access to the structured knowledge base
• Includes 19 industry-specific playbooks with tactics, benchmarks, and automation flows

Show HN: Script Snap – Extract code from videos

Key Points

• Claims 99% accuracy for technical terms using ontology-based validation.
• Hybrid architecture with Inngest, Railway, and Vercel; Next.js frontend on Vercel Edge.
• Pipeline: FFmpeg → Nova ASR → dictionary correction → GPT for final docs.

SwiftForth IDE for Windows, Linux, macOS

Key Points

• Cross-platform Forth IDE with optimizing compiler and advanced debugging tools
• Licensed version includes complete source code and a cross compiler for kernel customization
• Windows-specific capabilities include DLL creation, DDE support, and exception handling