AI Summarized Hacker News
Front-page articles summarized hourly.
An AI-assisted security review of a microservice that serves uploaded HTML uncovers critical risks and mitigations. Key flaw: /api/pages/:id/content returns raw HTML, enabling stored XSS; mitigations include strict Content-Security-Policy, X-Content-Type-Options nosniff, sandboxed iframe, and app-shell headers; CSP built with trusted CDN origins. Medium risks include no upload/report throttling; rate limiting now uses a secret, HMAC hashes of IP+UA and subject stored in Netlify Blobs with Sentry logging. Admin delete token risk discussed; origin check added to deletion workflow. Validation tightened with parse5 and 2MB cap. Conclusion: more robust, still some gaps; code available.
HN Comments
NeuralNote is an open-source audio plugin that converts audio to MIDI inside DAWs (VST3/AU/Standalone). It supports polyphonic transcription and pitch-bend detection, allows listening-adjusted transcription, tempo/scale quantization, and drag-and-drop MIDI export. Built on Spotify’s basic-pitch with RTNeural for CNN and ONNXRuntime for features; uses JUCE. Cross-platform: Windows, macOS, Linux; installers/binaries available. Not real-time due to CQT latency (~120 ms). Build from source with cmake; Apache-2.0 licensed; credits Damien Ronssin, Tibor Vass.
HN Comments
Microsoft released the earliest DOS source code discovered to date, including 86-DOS 1.00 kernel sources and development snapshots of PC-DOS 1.00, plus CHKDSK. The code predates MS-DOS branding and was digitized from decades-old printouts by the DOS Disassembly Group. 86-DOS was created by Tim Paterson for Seattle Computer Products; Microsoft licensed it, later bought the rights, and sold PC-DOS to IBM, helping begin the MS-DOS era. The materials sit in the same GitHub repo as earlier MS-DOS releases and other early projects (Zork, Movie Maker); earlier 86-DOS finds had surfaced recently.
HN Comments
On Outline Demoparty 2026, HellMood released a 16-byte real-mode DOS program 'wake up! 16b' that generates an infinite Sierpinski fractal on video RAM while driving the PC speaker, using 16-byte assembly. The code plays a line of sound and draws to the 40x25 text buffer (0xB800) by manipulating memory with 16-byte steps and 56-byte backwards moves. The author explains the math: the accumulator follows a binomial sequence; using XOR yields a Sierpinski pattern (rule 60); the beat comes from the fractal as audio. The project emphasizes sizecoding and hardware quirks, inspired by Plex's Rainbow Surf and M8trix.
HN Comments
ICE awarded Bi2 Technologies a $25.1 million, no-bid contract for iris-scanning biometric tech and access to Bi2’s database of over 5 million booking records for field operations. The deal is more than five times the prior contract and will deploy about 1,570 devices to ICE locations by late June (up from 200). The procurement did not require FedRAMP clearance, an independent audit, congressional notification, or outside review.
HN Comments
ACAV (Aurora Clang AST Viewer) is an interactive AST visualization tool for C, C++, and Objective-C, built with Clang and Qt. With a JSON compilation database, it opens real projects to inspect the AST of a translation unit, navigate between source code and AST nodes, and view declaration context. It supports searching in both code and AST and reuses AST-cache artifacts across sessions. It is read-only and shows one translation unit at a time. Core components are GUI (acav), dependency query, and make-ast cache builder.
HN Comments
Bun.Image is Bun’s fast native image pipeline for decoding, transforming and encoding JPEG/PNG/WebP/HEIC/AVIF with no npm deps. It accepts input as a path, bytes, Blob, Bun.file, or Bun.s3; detects format from bytes. You can read metadata (width, height, format) without decoding pixels. Transformations include resize (with various fits and filters), rotate/flip, and modulate. Encode with jpeg/png/webp/heic/avif; placeholders, progressive JPEG, and a chainable API; terminal methods like bytes(), buffer(), blob(), toBase64(), write(). Bun.serve integration, clipboard input, and OS backends with fallbacks to portable paths if a format isn’t supported.
HN Comments
Could not summarize article.
HN Comments
Online project reproducing Oliver Byrne’s 1847 Euclid with colored diagrams and symbols. It offers interactive diagrams, cross-references, and Nicholas Rougeux-designed posters, covering Books I–VI of Euclid’s Elements. It highlights key propositions—basic plane geometry, circles and angles, regular polygons, ratios and proportions, geometric proportions—and provides posters and puzzles based on every illustration. The site also explains Byrne’s original publication, how the project was made, licensing, and display notes.
HN Comments
An Emacs/i3 integration approach that patches i3 to forward key events to Emacs when the focused window is Emacs, avoiding slow external tooling. The author adds a passthrough mechanism: a Binding.passthrough.class field, a modified parser, and a patch to handle_key_press() to re-send the event to the focused Emacs window with interception disabled. They also provide Elisp helpers for Emacs windmove that call i3-msg when no local window exists, and scripts to launch mistty or Alacritty from Emacs. The result is smoother, two-way coordination between i3 and Emacs; patch and config forthcoming.
HN Comments
Sales & Dungeons is an open-source D&D/TTRPG utility that turns thermal printers into a versatile table companion. It prints customizable handouts, spells, items, letters, and character sheets; includes random content generators, a shareable session grid, and optional LLM-driven content creation (OpenAI, OpenRouter, local models). It runs on Windows, macOS (Intel/ARM), Linux, and Raspberry Pi. Uses HTML/CSS templates with Nunjucks/JS and supports data imports from CSV, JSON, XML, FoundryVTT, etc. MIT-licensed; features a community Workshop and privacy-focused analytics via Umami.
HN Comments
Susam Pal argues for avoiding “don’t roll your own” in web UI, drawing an analogy to cryptography. He decries custom UI behaviors that override browser defaults—such as custom scrolling, link navigation, password fields, and date pickers—and cites GitHub’s heavy JavaScript navigation as frustrating. He favors native browser controls (like input type date and built-in password fields) to ensure usability, accessibility, and consistency, warning that frequent redesigns break users, especially older relatives. He concedes some cases for custom features but urges conservatism in UI design, favoring user-centric, browser-native behavior.
HN Comments
Reddit blocked your request under a network policy. To browse again, log in or create an account. If using a script or app, sign in with developer credentials. Ensure your User-Agent is non-empty, unique, and descriptive; if using an alternate UA, revert to default to avoid blocks. Review Reddit's Terms of Service. If blocked in error or you want easier data access, file a ticket and include your Reddit account and the code: 019e56fb-d246-7759-85a6-760ad3e79b5a.
HN Comments
Researchers released a high‑resolution digital atlas of the Roman road network, Itiner-e, showing that at the empire's height in the 2nd century CE the road system covered roughly 300,000 km—almost double prior estimates. Only about 2.7% of roads are known with precise locations; the rest are informed conjecture, mapped with a new confidence layer. The network linked provinces across vast distances (not always to Rome), e.g., the Via Nova Traiana from Aqaba to Bosra. They used milestones, satellite imagery, topographic and paleogeographic data to locate and infer roads, revealing many lost routes and guiding future searches.
HN Comments
California Governor Newsom declared a state of emergency as Orange County fire crews try to contain a toxic methyl methacrylate leak at a Garden Grove aerospace facility. About 7,000 gallons in a tank risked failing; internal temperature rose to 32C, with officials warning of two possible outcomes: rupture/spill or a catastrophic explosion. Evacuations were ordered for thousands, and roads and schools affected. Authorities were spraying water to stabilise the tank amid an inoperable valve. Dikes were planned to contain any spill and prevent contamination of drains or the ocean. The facility, run by GKN Aerospace, remains under investigation.
HN Comments
Google I/O 2026 frames software engineering as being at a tipping point, urging professional development through systems thinking to understand how developer ecosystems shape software and the broader AI-driven changes shaping the industry, and how to prepare for them.
HN Comments
Andrew Lock explains union types in .NET 11 (C# 15). Unions let a type represent one of several cases (e.g., Result<T>, Option<T>), with a practical example of a three-way union for OSes: Windows, Linux, MacOS. The compiler generates a struct with an IUnion.Value and per-case constructors, and you typically use a switch expression for exhaustiveness. To use unions today you need .NET 11 preview, LangVersion=preview, and net11 targeting; earlier runtimes require a manual UnionAttribute and IUnion. The post also covers non-boxing implementations to avoid allocations, IDE support, and upcoming features like member providers and closed enums/hierarchies.
HN Comments
Randy Au reflects on building bsBB, a free, community-oriented forum for his data-focused newsletter audience. It’s a nostalgic Web 1.0 homage and a public pet project, designed more by system thinking than raw coding. He treats humans first and data practitioners second, inviting members to discuss anything they’re excited about. The post details design tradeoffs: Bluesky ATProto-based authentication with profile data syncing, moderation tooling (bans, roles, deletions, PII nuking), and UI basics like markdown and emoji pickers. He relies on LLMs to shape the architecture while auditing outputs, stressing vigilance and iterative improvement.
HN Comments
cc-wiki turns your ~/.claude history into a shareable Quartz knowledge base. Using a skill + Quartz template, it ingests local Claude Code sessions to build an arXiv-like knowledge repository so no context is wasted. The project by tejpalv is MIT-licensed, built on Quartz (Jacky Zhao). Requirements: macOS or Linux, Claude Code, Python 3.9+, Node 22+. Install: curl -fsSL https://raw.githubusercontent.com/tejpalv/cc-wiki/main/install.sh | bash.
HN Comments
microsandbox replaced its user-space FUSE OCI rootfs with a real read-only disk image mounted by the VM via EROFS. The VM now uses two block devices per sandbox—a read-only lower stack of merged OCI layers and a writable upper—and overlayfs merges inside the guest, removing host–VM round-trips. Benchmarks show ~47× mean speedup across 14 workloads (worst cases >1,000×); metadata_scan_stdlib fell from ~500 ms to ~2 ms. Benefits: kernel-backed path and shared layers; caveats: first pulls heavier; bind mounts unchanged.
HN Comments
Made by Johno Whitaker using FastHTML