AI Summarized Hacker News
Front-page articles summarized hourly.
Tech outlet The Register reports Lovable’s vibe-coding platform hosted an app that exposed data for 18,697 users due to AI-generated backend flaws. The app, using Supabase for auth and storage, shipped with faulty access control when row-level security and RBAC weren’t explicitly implemented. A malformed authentication function inverted permissions, potentially allowing unauthenticated access and compromising user records, emails, grades, and admin emails. The exposed dataset included 4,538 students, 10,505 enterprise users, and 870 users with full PII. Lovable says it provides a security scan and that the vulnerability lay with the app owner; the owner is addressing it.
HN Comments
Looney applies Evolutionary Game Theory to model cycles of fraud with a three-strategy GSM: Grifter, Skeptic, and Mark. Grifters exploit Marks; Skeptics pay vigilance; Marks prosper when Grifters are rare but are exploited when Grifters abound. Replicator dynamics yield non-transitive, quasi-periodic cycles on the simplex, unlike Hawks–Doves–Retaliators, which converge to an ESS. Conclusion: grift appears cyclical due to internal dynamics; model is simplified but suggests rising skepticism then relapse, with real-world hints like NFTs.
HN Comments
Anthropic’s Claude Gov, a guardrails-light version used for classified US work under a $200M DoD contract, faces a Pentagon demand to waive restrictions on surveillance and autonomous weapons. The Pentagon threatens to use the Defense Production Act to modify terms or force retraining without safeguards, or to designate Anthropic a supply-chain risk, potentially ending government use and pressuring contractors to drop Anthropic. Anthropic, safety-focused and led by Dario Amodei, could walk away given its roughly $18B 2026 revenue, but retraining could cause alignment problems and delays, weakening performance.
HN Comments
Sprites on the Web explains using a single spritesheet to animate multi-frame visuals in CSS, a technique borrowed from games to keep performance on low-end devices. The author shows how to display one frame at a time with an <img> and a fixed viewport, using object-fit and object-position, then drive frame changes with a CSS keyframes animation. He introduces steps(…, jump-none) and steps(…, jump-end) to render discrete frames, explains how to handle interruptions, compares sprites with GIFs, outlines use cases and trade-offs, and showcases examples like a golden trophy and a playful cat.
HN Comments
Independent researchers evaluated ChatGPT Health with 60 realistic scenarios (emergency to mild). In 51.6% of cases needing emergency care, ChatGPT Health advised waiting or routine care. It under-triaged emergencies such as asthma attacks and respiratory failure and was notably poor at recognizing suicidal ideation, raising concerns about harm or death. In simulations, eight of ten suffocation cases led users to a future appointment they would not reach. Meanwhile, 64.8% of completely safe individuals were told to seek immediate care. Researchers call for stronger safeguards and auditing; OpenAI says results reflect simulations and the model is continually updated.
HN Comments
In Armendariz v. City of Colorado Springs, the Tenth Circuit reversed the district court, holding that warrants to search a protester’s devices and data, and a nonprofit’s social-media data, were overbroad and lacked particularity. The warrants allowed a two-month data sweep and a time-unlimited search of 26 broad keywords, plus a search of the Chinook Center's Facebook page, all to find alleged simple assault. The court found officers violated clearly established law and denied qualified immunity. The decision remands the case for further proceedings, marking a rare win for protesters’ Fourth Amendment rights and digital privacy.
HN Comments
An AI agent at Mendral diagnoses CI failures by querying terabytes of CI logs in ClickHouse via a SQL interface. Each log line includes 48 metadata fields, enabling fast predicates on job data or full-text log content. In 8,534 sessions and 52,312 queries, investigations typically scan hundreds of thousands to billions of rows, with metadata queries around tens of ms and large log scans in seconds. Ingestion is throttled to ~3 requests/sec to achieve a ~5-minute P95 delay. Durable execution (Inngest) handles bursts. Goal: automate CI debugging.
HN Comments
GitHub repository page for qwibitai/nanoclaw, showing forks (2.5k), stars (15.8k) and typical repo navigation (issues, pull requests, discussions, actions, projects, security, insights); no article content was provided.
HN Comments
Could not summarize article.
HN Comments
OpenAI raised $110 billion in private funding, led by Amazon ($50B) with $30B each from Nvidia and SoftBank, valuing it at $730B pre-money. The round remains open to more investors. The deal includes infrastructure partnerships: OpenAI will run models on Amazon’s Bedrock via a new stateful runtime and expand AWS commitments (adding about $100B on top of $38B). Nvidia will provide roughly 3GW inference and 2GW training on Vera Rubin systems. An additional $35B from Amazon may arrive later if AGI or IPO conditions are met. Prior round: $40B at $300B.
HN Comments
Instead of blindly using malloc/free, tailor memory allocators to data usage patterns. Treat memory by data structure: pages from the OS (mmap/munmap), stacks via alloca or the break space (sbrk), arrays with a bucketed, reference-counted allocator that stores length and ref in a header, and objects with per-class free lists and page recycling. Use separate allocators per data type or usage pattern to gain performance. Wrap malloc with alloc_xxx wrappers for profiling, and consider incremental, pause-free garbage collection for objects. Do not mix with the libc malloc.
HN Comments
Claude for Open Source is Anthropic’s program that grants 6 months of Claude Max (20x) for open-source maintainers. Applications are reviewed on a rolling basis; up to 10,000 contributors accepted. If approved, you receive a link to activate Claude Max for your subscription period. Eligibility focuses on maintainers of public repos with 5,000+ GitHub stars or 1M+ monthly NPM downloads, with recent activity; others can apply and explain their ecosystem role. Terms and conditions apply. The page also presents Claude’s product suite, pricing, and resources.
HN Comments
James M Snell argues the WHATWG Web Streams API is flawed for modern JavaScript due to historical design choices (locked readers, BYOB, heavy promise churn, backpressure gaps, complex edge cases) that hurt usability and performance. He proposes a first-principles alternative built around async iterables: streams are AsyncIterable<Uint8Array[]>; pull-based transforms; explicit backpressure policies (strict, block, drop-oldest, drop-newest); batched chunks; a bytes-only model with sync/async paths. The API avoids hidden locks, reduces allocations, and shows significant speedups in benchmarks. A reference implementation at github.com/jasnell/new-streams invites feedback to spark discussion toward a simpler, faster streaming primitive.
HN Comments
Could not summarize article.
HN Comments
RetroTick lets you run classic Windows and DOS programs directly in your web browser, eliminating the need to install legacy software locally.
HN Comments
Tamriel Rebuilt and Project Tamriel are two fan mods aiming to add the rest of Tamriel to The Elder Scrolls III: Morrowind. Spawned by a forum call to expand Morrowind’s scope, they merged assets under Tamriel_Data and built a cohesive, lore-accurate Tamriel with hundreds of hours of handcrafted quests and landscapes. They survived early splits (notably Silgrid Tower) and a turbulent history by centralizing info, refining onboarding (showcases), and using open tools like Blender. Nine Tamriel Rebuilt releases exist; Abecean Shores arrived in 2024; Poison Song due 2026; full completion possibly 2035, driven by ongoing releases and volunteer growth.
HN Comments
February 2026 postmarketOS update covers organizational progress, governance shifts, and new generic kernel packages. PMCR-0009 is being refined to ensure stability for the main device category. AI policy now bans generative AI. Bhushan is a Trusted Contributor; Minecrell and Anton stepped down as TC. CSP tasks highlight Stefan, Clayton, and Pablo. New generic kernels (linux-postmarketos-mainline, -stable, -lts) offer broad device support with unified config checks. Highlights include hardware CI improvements, OpenIMSD QCOM baseband profile manager, kde-nightly bootstrap, revamped kernel command-line generation, and PinePhone Megapixels 2.1.0 fix. Call for contributors via pmbootstrap cleanups and OpenCollective.
HN Comments
US military used a laser to shoot down a drone near the US-Mexico border; the drone reportedly belonged to Customs and Border Protection. The FAA closed airspace around Fort Hancock near El Paso, marking a second laser incident in two weeks. Lawmakers criticized coordination among the Pentagon, FAA, and DHS, and called for an independent investigation. A joint statement from the FAA, CBP, and the Pentagon described counter-drone actions as part of border protections. Drones pose growing threats; Congress is expanding authorities and funding for drone defenses.
HN Comments
Viral post about reading English from 1000 AD raises interest in older English. The author argues Old English is not as foreign as it seems and is closer to Modern English than to German. Using a sample passage, the piece walks through a series of modernization steps: updating orthography, replacing cognates, and rendering phrases into modern English. Each pass makes the text more understandable, with key words like heo, ich, swa, wifeman, and wer gradually becoming familiar. The article notes quirks like ne particle and mid, but concludes Old English is a distinct yet approachable predecessor of Modern English.
HN Comments
Index page for the complete RAM disassembly of Manic Miner, listing sections such as memory maps, routines, data, messages, unused addresses, graphics and sound, caverns, sound data tables and buffers, and the game status buffer. Also includes reference, changelog, glossary, trivia, bugs, pokes, and credits. Version 20221122 copyright 1983 Bug-Byte Ltd. and 2022 Richard Dymond, created with SkoolKit 8.8; offers a switch to hexadecimal.
HN Comments
Made by Johno Whitaker using FastHTML