Bun Rewrites in Rust in Six Days!

EU calls VPNs "a loophole that needs closing" in age verification push

Key Points

• EPRS says VPNs are a loophole in online age-verification enforcement as child-safety rules expand.
• The article reports technical and privacy weaknesses in current age-verification approaches, including flaws in the European Commission’s app.
• Utah has enacted a law targeting VPN-based circumvention, and future EU legislation may impose new requirements on VPN providers.

I Will Never Use AI to Code

Key Points

• The author says he will not use AI for coding because he enjoys coding itself and does not see AI-generated output as equivalent work.
• The article argues that real skill development requires direct practice, not just reading or recognizing AI-provided answers.
• It warns both about poor judgment when users lack expertise and about skill decay when experts rely on AI too heavily.

What Causes Lightning? The Answer Keeps Getting More Interesting

Key Points

• The article examines the unresolved question of how lightning begins inside thunderstorms.
• New observations show lightning and thunderclouds emit X-rays and gamma rays, pointing to high-energy physics.
• Researchers say a growing consensus links lightning initiation to energetic processes beyond the traditional spark model.

America's carpet capital: an empire and its toxic legacy

Key Points

• Dalton’s carpet industry used PFAS-based stain treatments for decades, including Scotchgard and related chemicals.
• Mill wastewater in northwest Georgia contaminated river systems that provide drinking water in Georgia and Alabama.
• The investigation says weak oversight and industry influence helped allow continued PFAS use despite mounting warnings.

All my clients wanted a carousel, now it's an AI chatbot

Key Points

• The article frames AI chatbots as the newest must-have website feature in a longer cycle of trend-driven additions.
• Clients are described as wanting chatbots despite often finding them unhelpful or inaccurate on other sites.
• The writer contrasts this with simple, fast websites that clients like in practice but may see as not impressive enough.

How to Optimize MongoDB Query Performance with Indexes

Key Points

• The tutorial shows how to diagnose slow MongoDB queries and improve them with indexes.
• It explains how explain-plan stages reveal whether MongoDB is scanning collections or using indexes.
• A payments query example is used to motivate creating and managing a compound index in VisuaLeaf.

Making Julia as Fast as C++

Key Points

• The article studies Julia optimization using an aerodynamic vortex particle method example.
• The case study is an O(N^2) N-body problem involving induced velocity and Jacobian calculations.
• A C++ implementation is provided as the baseline computational pattern for performance-focused discussion.

Vladimir Putin is losing his grip on Russia

Key Points

• The article says Vladimir Putin has led Russia into a political dead-end.
• It identifies a shift in language by officials, governors, and businessmen as a sign of change.
• It frames Putin’s efforts to preserve power as accelerating political decay.

Killswitch: Per-function short-circuit mitigation primitive

Key Points

• The patch adds a Linux kernel feature that can force individual functions to return a fixed value without running.
• It is intended as a temporary security mitigation while patched kernels are being built and deployed.
• The submission includes implementation, documentation, configuration, and self-tests across 19 modified or added files.

Reviving the IBM Selectric Composer Fonts (2023)

Key Points

• The IBM Selectric Composer used seven width classes and three scaling settings to create proportional typesetting mechanically.
• IBM catalogues show that some nominal font sizes had identical set widths and differed only in drawing height.
• Adrian Frutiger’s Univers adaptation exposed the limitations of IBM’s fixed glyph width scheme based on Times proportions.

Internet Archive Switzerland

Key Points

• Internet Archive Switzerland is a new independent non-profit foundation in St. Gallen focused on digital preservation.
• Its first projects are the Gen AI Archive with the University of St. Gallen and the Endangered Archives initiative.
• The foundation links its mission to universal knowledge access, human-rights principles, and education goals.

Forking the Web

Key Points

• The proposal seeks a simpler alternative Web specification, initially focused on HTML.
• It recommends stable semantic versioning and immutable published standards.
• It calls for a strict formal grammar so invalid pages are rejected rather than tolerated.

LLMs Corrupt Your Documents When You Delegate

Key Points

• DELEGATE-52 is a new benchmark for testing LLM reliability in long delegated document-editing workflows.
• A study of 19 LLMs found that even frontier models corrupted an average of 25% of document content over long workflows.
• Agentic tool use did not improve results, and degradation worsened with larger documents, longer sessions, and distractor files.

How LEDs are made (2014)

Key Points

• A 2014 YunSun factory tour in Shenzhen details the step-by-step manufacturing of LEDs.
• LED dies are manually aligned into lead frames, then connected with gold-wire bonding before curing and molding.
• LED shape and customization are limited by mold design and a specialized multi-supplier manufacturing chain.

Removing fsync from our local storage engine

Key Points

• The engine avoids fsync on PUT and DELETE by using preallocation, O_DIRECT, and SSD-aware journaling.
• The approach is intentionally limited to SSD-only, single-node KV workloads with narrower durability semantics than POSIX.
• The reported benchmark shows higher 4 KB random-write throughput than an ext4 + O_DIRECT + fsync setup on AWS local NVMe.

Read Programming as Theory Building

Key Points

• The article frames programming as building a mental model of a system rather than just writing code.
• It argues that code quality, tests, documentation, and architecture all serve the shared purpose of communicating design intent.
• It connects Naur’s idea to design patterns, Domain-Driven Design, and Intellectual Control as related approaches.

The FCC Wants Your ID Before You Get a Phone Number

Key Points

• The FCC has proposed mandatory identity verification for customers before phone service activation.
• The rules would apply broadly across telecom providers, including mobile carriers and VoIP services.
• The article highlights prepaid phone service as a major area of impact because it currently allows cash purchase without ID.

Show HN: Free tool to mark points and polygon regions

Key Points

• tack. is a free client-side image annotation tool for points, curves, and polygon regions.
• It supports configurable coordinate systems and exports data in JSON, YAML, and HTML image map formats.
• The article emphasizes local processing and privacy, stating that images never leave the user’s device.

PipeDream on the Acorn Archimedes

Key Points

• Acorn's Archimedes introduced ARM, a processor architecture that later achieved major industry adoption beyond Acorn itself.
• Delays to ARX led Acorn to ship Arthur, which evolved into RISC OS with several distinctive interface features.
• PipeDream unified word processing, spreadsheet, and database functions in one application designed by Mark Colton.

The Intolerable Hypocrisy of Cyberlibertarianism

Key Points

• The article argues that the internet’s problems stem from ideological choices made in its early development.
• John Perry Barlow’s 1996 “A Declaration of the Independence of Cyberspace” is presented as a defining cyberlibertarian text.
• The piece combines criticism of internet ideology with historical context about Barlow and the declaration’s creation at Davos.

GrapheneOS fixes Android VPN leak Google refused to patch

Key Points

• GrapheneOS disabled a QUIC-related Android optimization to fix a VPN leak on supported Pixel devices.
• The flaw let ordinary apps cause system_server to send UDP payloads outside the VPN tunnel, exposing the real IP address.
• Google reportedly declined to patch the issue, while GrapheneOS shipped its own mitigation and additional security updates.

First, the FBI Searched Her Home. Then, She Won a Pulitzer.

Key Points

• Hannah Natanson’s home was searched by FBI agents in January during a leak investigation tied to her reporting.
• Her Washington Post reporting on the Trump administration’s federal work force cuts later helped win the Pulitzer Prize for public service.
• The article cites press-freedom concerns, noting claims that such a search of a reporter’s home had no precedent in this type of case.

The context window has been shattered: Subquadratic debuts a 12M token window

Key Points

• Subquadratic claims a 12 million-token context window using its SSA architecture, with a 50 million-token model planned.
• The article says SSA scales linearly in compute and memory and is claimed to be 52x faster than dense attention at 1 million tokens.
• Subquadratic is launching the model via API and pairing it with SubQ Code and SubQ Search, while citing benchmark wins on MRCR v2 and SWE-bench.

A new hash table for Lwan

Key Points

• Lwan replaced its aging kmod-based hash table after performance and maintenance issues accumulated.
• The new design borrows ideas from hashbrown and SwissTable, including split hashes and compact slot metadata.
• To improve portability, Lwan uses memchr() instead of direct SIMD and implements a single-group probing layout.

Introduction to Beaver Triples

Key Points

• The article explains private restaurant selection using secret sharing and score aggregation.
• Each friend’s private affordability and preference inputs are shared, not revealed directly.
• Naive multiplication of shared secrets raises the reconstruction threshold, motivating Beaver triples.

Show HN: Mochi.js: bun-native high-fidelity browser automation library

Key Points

• Mochi.js is presented as a Bun-only browser automation framework built on raw CDP.
• The article says it creates coherent multi-surface browser fingerprints from a single seed and profile.
• It combines browser-native networking, synthetic human interaction, and baseline-based CI checks in one automation library.

CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers

Key Points

• cPanel released a second emergency TSR in ten days, patching three new vulnerabilities on May 8, 2026.
• Two of the newly patched flaws, CVE-2026-29202 and CVE-2026-29203, carry CVSS 8.8 high-severity ratings.
• The release followed a prior attack that the article says compromised 44,000 hosting servers using CVE-2026-41940.

I Will Not Add Query Strings to Your URLs

Key Points

• Susam Pal connects his URL design decision to Chris Morgan’s writing and earlier technical feedback.
• The article outlines Pal’s background as a systems programmer who learned web development as a hobby.
• Wander Console is presented as a lightweight, decentralized, self-hosted tool built with static web technologies.

Zed Editor Theme-Builder

Key Points

• The Theme Builder is currently desktop-only in Zed.
• Users who cannot access it can browse existing theme extensions.
• The article demonstrates theme customization through UI tokens and a live-style code preview with diagnostics.

Apple is increasing my cortisol levels

Key Points

• A Go-based utility compiled easily for Windows and Linux but faced distribution barriers on macOS.
• The article says Apple’s quarantine system and paid developer program complicate release of small independent Mac software.
• The author also reports problems completing Apple’s ID verification using a MacBook webcam.

Bun ported to Rust in 6 days

Key Points

• Bun was reportedly ported to Rust in six days, covering about 960,000 lines of code.
• The Rust version reportedly passes 99.8% of Bun’s existing test suite on Linux x64 glibc.
• The rewrite is intended to improve memory safety, stability, and maintainability through Rust’s language features.

The ROKR wooden typewriter: a closer look

Key Points

• The article says ROKR’s wooden typewriter can actually type despite a warning suggesting otherwise.
• The product uses mainly laser-cut wooden parts with plastic and metal components, including springs.
• Interview material credits Yuzhen Wang, Chaorui Guo, and Yifan Zhu, and says the Underwood No. 5 inspired the design.

Show HN: Create flashcards with Space CLI

Key Points

• Space CLI lets users manage flashcard decks and cards from the terminal using the Space app’s local database.
• The tool supports AI workflows by exporting structured data to LLMs such as Claude, ChatGPT, Ollama, and LM Studio.
• The project supports cross-device sync through the Space app and is distributed as open source via GitHub.

Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc

Key Points

• Jarred Sumner said Bun’s Rust rewrite passes 99.8% of the existing test suite.
• The reported compatibility result is specific to Linux x64 glibc.
• The article provides no further technical, performance, or release details beyond the X post.

Meta's Embrace of A.I. Is Making Its Employees Miserable

Key Points

• Meta said it would monitor U.S. employees’ computer activity to collect data for training A.I. models.
• Employees objected internally, calling the policy invasive and raising privacy concerns.
• The article links the monitoring policy to Meta’s wider A.I. push and planned layoffs within its workforce.

Production engineering when trading billions of dollars a day [video]

Key Points

• Jane Street’s video covers production engineering for software trading billions of dollars daily.
• The systems operate across stock markets worldwide and require close monitoring.
• The description emphasizes message-level reliability and fast alerting in a high-stakes environment.

"Dirty Frag" (CVE-2026-43284): The Second Linux Root Exploit in Eight Days

Key Points

• Dirty Frag is described as a Linux kernel exploit chain combining CVE-2026-43284 and CVE-2026-43500 to achieve root access.
• The article says the bug stems from improper shared-memory handling in the IPsec/ESP receive path with MSG_SPLICE_PAGES.
• Affected systems reportedly include mainstream Linux distributions built from roughly 2017 onward, and the article urges patching and rebooting.

FreeBSD: Local Privilege Escalation via Execve()

Key Points

• FreeBSD disclosed CVE-2026-7270, a privilege escalation flaw in `execve(2)` affecting all supported versions.
• The bug is a kernel operator precedence error that can lead to a buffer overflow and overwrite adjacent argument buffers.
• FreeBSD says no workaround exists and recommends immediate updating and rebooting using supported package, binary, or source-based methods.

I Caught the Car

Key Points

• The author reports reaching Senior Software Engineer about two and a half years after starting a first full-time software job.
• The company’s engineering title ladder is described as ASE to SE to SSE to Staff SE.
• The author attributes the rapid promotion path partly to luck, including a visible project opportunity and a manager supportive of promotions.

Show HN: I made a Clojure-like language in Go, boots in 7ms

Key Points

• let-go is a Go-implemented Clojure-like language with a bytecode VM, small binary size, and very fast startup.
• It supports both standalone executable builds and WebAssembly-based browser apps with terminal emulation.
• The project reports 95.4% compatibility on a cross-dialect Clojure test suite and includes broad built-in support for core Clojure-style features.

Making your own programming language is easier than you think (but also harder)

Key Points

• The author began building a custom programming language in December 2025 and later paused the project while documenting the experience.
• The project was motivated by both personal interest and practical modding needs for a simulation-heavy game.
• The article highlights three desired modding-language traits: performance with ECS-style data, easy sandboxing, and simple script-based deployment.

The 90 Day disclosure policy is dead

Key Points

• The article says LLMs have shortened the time needed to discover and potentially exploit critical vulnerabilities.
• It describes a case where 11 researchers reported the same critical bug within roughly six weeks.
• The author argues vendors should treat critical security issues as P0 and patch them immediately.

Getting Arrested in Japan

Key Points

• The article says Japan’s police detention system can hold people up to 23 days per arrest before formal charges, with possible extensions through additional allegations.
• It describes detention centers as highly controlled environments marked by surveillance, isolation, limited communication, and strict routines.
• The article contrasts Japan’s investigation-first model with the U.S. process, which it says moves more quickly toward judicial review and possible bail.

The Death of the Roadmap

Key Points

• A 12-month engineering roadmap was described as obsolete six months after it was created.
• The article credits agents using Claude Code with compressing feature delivery into a couple of days.
• It argues that leadership should shift from fixed planning to creative, adaptive execution in fast-moving markets.

Rust but Lisp

Key Points

• rlisp maps Lisp-style s-expressions directly to Rust source while preserving Rust semantics.
• The tool relies on `rustc` for type checking, borrow checking, and optimization after transpilation.
• The article documents syntax mappings, CLI usage, and a compile-time macro system based on s-expression transformation.

The Serial TTL connector we deserve

Key Points

• The article proposes Julet connectors as a sturdier replacement for Dupont wires in UART TTL access setups.
• It cites ready-made M6 Julet pigtails, cable ratings, and simple assembly tooling as practical advantages.
• It recommends strain relief and consistent wire assignments to create a more reliable plug-and-play serial connector.

France Moves to Break Encrypted Messaging

Key Points

• France’s intelligence delegation recommended targeted access to encrypted messages for magistrates and intelligence services.
• The article says end-to-end encryption prevents platform-side access because decryption keys remain on user devices.
• A previous Senate-approved amendment led by Cédric Perrin was later rejected by the National Assembly.

User just tricked Grok and Bankrbot to send tokens with Morse code

Key Points

• A Morse code prompt allegedly caused Grok and Bankrbot to transfer about $200,000 in DRB on Base.
• The attacker reportedly expanded Grok’s wallet permissions by sending a Bankr Club Membership NFT before triggering the transfer.
• The article frames the exploit as a warning about prompt-injection and execution risks in autonomous Web3 agents.

Surfel-based global illumination on the web

Key Points

• The article tests whether WebGPU can power real-time surfel-based global illumination in the browser.
• It uses a history-of-light introduction to connect physical photon behavior with rendering concepts.
• The piece is presented as an interactive, step-by-step exploration of compute-heavy web graphics pipelines.

The first microcomputer: The transfluxor-powered Arma Micro Computer from 1962

Key Points

• The 1962 Arma Micro Computer was a compact aerospace computer built from discrete transistor logic.
• It used a 22-bit serial architecture with a 19-instruction set and specialized math functions.
• Its design influenced later systems deployed in military and aviation platforms including the E-2C Hawkeye, Concorde, and Air Force One.

I'm writing a history of Visual Basic, Chapter 1 is up

Key Points

• Chapter 1 of a planned Visual Basic history has been published and covers 1964–1992.
• The chapter traces BASIC’s path from Dartmouth and Microsoft’s earlier BASIC products to Visual Basic’s launch.
• The project is designed to highlight undercovered developers and product decisions rather than retell executive history.

The Trail of Jeremiah

Key Points

• Robert Redford often regarded *Jeremiah Johnson* as his favorite film and connected deeply with its wilderness themes.
• The film was closely tied to Utah, Mount Timpanogos, and the land Redford named Sundance.
• Redford opposed Warner Bros.' effort to move filming to a backlot, insisting on real Utah locations.

Sparse Cholesky Elimination Tree

Key Points

• The article derives the column elimination tree from the right-looking sparse Cholesky algorithm.
• Fill-in occurs only during the trailing matrix rank-1 update step in the presented algorithm.
• The elimination tree can predict both nonzero fill patterns and task dependencies from the original sparsity pattern of A.

Show HN: Building a web server in assembly to give my life (a lack of) meaning

Key Points

• ymawky is a static HTTP server written entirely in AArch64 assembly for macOS using raw Darwin syscalls.
• The project deliberately avoids libc, external libraries, and prebuilt parsers to expose low-level server mechanics.
• The article explains syscall-based file and socket operations and describes a fork-on-request request-handling model.

Gemini API File Search is now multimodal

Key Points

• Gemini API File Search now supports multimodal search across text and images.
• Custom metadata filtering helps improve RAG relevance, speed, and accuracy.
• Page-level citations let applications link answers directly to source pages in documents.

Emerich Juettner: The One Dollar Counterfeiter

Key Points

• Emerich Juettner made crude counterfeit one-dollar bills in New York for nearly a decade before his 1948 arrest.
• He used basic tools and skills in photography and engraving, producing notes that were poor in quality but often escaped notice in routine transactions.
• The Secret Service investigated the case as file 880, later giving rise to Juettner’s public identity as “Mister 880.”

We see something that works, and then we understand it

Key Points

• The article says innovation often begins with something working before people fully understand why.
• It critiques linear innovation models and the waterfall approach as overemphasizing upfront theory and design.
• It argues that experimentation and observation are essential in R&D and warns against overestimating AI’s ability to solve problems through knowledge alone.