AI Summarized Hacker News

Front-page articles summarized hourly.

Secret Tracker in Claude Code Uncovered, Anthropic Directly Deletes Code

Security researchers uncovered hidden tracking code in Anthropic’s Claude Code that surveilled users (including in China) via prompt steganography, sending data like time zones and proxy use back to Anthropic. The code, described as an 'experiment' from March to curb unofficial resellers and distillation attacks, was slated for deletion after public scrutiny. Privacy advocates condemned the covert monitoring as a breach of trust; Alibaba reportedly banned Claude Code for work over backdoor fears. Anthropic says measures protect its models and urges stronger export policies.

HN Comments

Mapping homes you can buy from the US government for <$100k

GovAuctions lists 2,074 agency-owned homes (HUD, Fannie Mae, Freddie Mac) nationwide, with 334 under $100,000 in 38 states. The cheapest include a $3,000, 3-bed, 1-bath in Flint, MI, plus several under $20k–$16k elsewhere. These are sold as-is through HUD-registered brokers—not live auctions, and final price may exceed list. Owner-occupants get priority windows. Buyers should expect major repairs, possible liens, and a title search; financing may use rehab loans like FHA 203(k). Data current July 7, 2026.

HN Comments

Midtown Manhattan blocks evacuated after beams buckling at construction site

Midtown Manhattan was evacuated after workers found buckling beams on the 21st floor of the Pfizer HQ–turned–residential conversion at 235 E 42nd Street. The 37-story building has continued to move since authorities arrived around 8 a.m., with floors 21–26 caving under stress. No injuries were reported as all workers were evacuated. A frozen zone between 40th and 45th Streets and 1st and 3rd Avenues was set, and nearby buildings were evacuated. Engineers will shore the structure once safe; the project is overseen by Metro Loft with DOB involvement. Partial collapse fear cited, full collapse unlikely.

HN Comments

Chat Control 1.0 and 2.0 Explained

Two parallel EU tracks: Chat Control 1.0, a temporary, voluntary scanning regime for suspected CSAM in private messages (not end-to-end encrypted), expired 4 April 2026 after Parliament rejected extensions; the Council is attempting a revival via a formally new law with identical content. Chat Control 2.0 (CSA Regulation) would be a permanent rule to detect/report CSAM, but hinges on whether scanning private communications and encryption are allowed. Five trilogues failed to reach a deal; negotiations continue under the Irish presidency. As of July 2026, CH1.0 revival is being pursued while CH2.0 remains unresolved.

HN Comments

Automating AI Away

Beagle SCM uses LLMs (e.g., Claude via Fable) to automate coding tasks, but LLMs are imperfect and non-deterministic, shown by issues like accidentally committing the build/ dir. The approach blends fast, deterministic tools and formal workflows to contain LLM non-determinism, with LLMs scripting routines in JavaScript while core logic stays in C. The tooling and workflow layers read from the filesystem (node_modules-style), and git hooks tokenize code, inspect history, cross-check links, and access internal data, enabling automated self-automation within reliable bounds.

HN Comments

Sites that block AI training crawlers mostly ignore the answer time bots

A Sitedex study of top 10,000 sites found 5,577 with readable robots.txt and 1,197 blocking at least one major AI crawler. GPTBot rules cluster in 2023 after launch and a lawsuit. Today, AI vendors run two bots: a training crawler and an answer-time fetcher. Although many sites blocked the training crawler, explicit rules for answer-time bots are rare (about 0.9–4%), with 144 sites explicitly inviting an answer-time bot. The result: a policy gap—open to live answers, but largely unmanaged and unchosen.

HN Comments

Software Bonkers

Craig Mod argues software should be fast, knowable, and owned by the user. Using Claude Code, he built TaxBot2000 in five days: a local, multi‑currency accounting system that ingests CSVs, reconciles international transfers, learns from usage, and delivers a holistic financial dashboard. It replaces Quicken for him and stores data with no subscription, handling tax docs (1099s, K1s) and PDFs. He also built a members site (SPECIAL PROJECTS) and other tools. He foresees a future of model‑assisted programming where Claude co‑produces features, with data control and open‑source collaboration at the core.

HN Comments

GitHub Freno: cooperative, highly available throttler service

freno is a cooperative, highly available throttler service for controlling writes to data stores (primarily MySQL). It observes replication lag across clusters, and advises apps whether to write but does not proxy requests. It uses Raft for leader election and HA, and adapts to dynamic server inventories (including haproxy pools). It can forcibly throttle selected apps to prioritize others. Clients check with /check endpoints (HEAD) and receive 200 (ok to write), 404, 417, 429, or 500 statuses. It is lightweight, HTTP-based, and MIT-licensed; core client is freno-client (Ruby).

HN Comments

Why we built yet another Postgres connection pooler

PgDog is a Postgres proxy with built-in connection pooling designed to avoid changing application code. It preserves session state by detecting and managing SET statements per client, letting users keep Postgres features like RLS. It also handles LISTEN/NOTIFY internally, proxying pub/sub messages across processes while preserving transactional semantics with a dedicated Postgres connection. Built on Tokio, each client runs in its own async task, enabling multithreaded scaling across CPUs and more efficient pooling. In production for over a year at about 2M qps; open source and deployable anywhere.

HN Comments

Reducing Doom Loops with Final Token Preference Optimization

Doom loops—repetitive thinking segments during inference—are mitigated by Antidoom, which applies Final Token Preference Optimization (FTPO) to nudge the first looping token toward coherent alternatives, minimally disturbing the rest of the distribution. FTPO trains on chosen/rejected token pairs for that position, using a KL-like loss and two-part regularization; implemented with LoRA. On LFM2.5-2.6B, doom-loop rate dropped from 10.2% to 1.4%; on Qwen3.5-4B, from 22.9% to 1%. Additional rounds can reveal new loops, further reducing failures. Code at github.com/Liquid4All/antidoom.

HN Comments

MacSurf 1.68 – NetSurf on OS 9 Released

MacSurf 1.68 (macQJS) is a native browser for Classic Mac OS that now runs macQJS QuickJS (ES2023), replacing Duktape ES5. This enables real modern JavaScript on PowerPC/Mac OS 9. The release fixes text-caret, selection, login persistence, keyboard navigation, and startup (<1s); improves rendering, per-page JS realms, and a 20s memory guard; adds disk-cached assets, downloads, bookmarks, and window behavior; improves XenForo compatibility; uses per-host cookies and login persistence; updates fonts/SVG rendering. Known issues affect some heavy HTTPS sites. Thanks to 68kmla; support welcome.

HN Comments

Jim's TrueType QR Code Font

qr-font is a proof-of-concept TrueType font that encodes bracket-delimited text into a QR code while leaving surrounding text readable. It ships three variants (qrfont-1L.ttf, -2L.ttf, -3L.ttf) for 21x21, 25x25, and 29x29 modules with capacities up to 17, 32, or 53 characters. Built from Liberation Sans using OpenType GSUB features; uses a Python/uv toolchain to generate the font and a Reed-Solomon parity circuit. Usage: wrap text like abc[def]ghi and render with the generated font. Dists and demos at dist/ and https://qr.jim.sh/; license SIL OFL 1.1.

HN Comments

30papers.com – Ilya's 30 essential ML papers, in a beginner friendly format

Could not summarize article.

HN Comments

Amazon Without the Knockoffs

Knockoff is a browser extension that filters out trademark-squat brands from Amazon search results, leaving established brands. It runs locally in the browser, with no accounts or tracking, and relies on a community-maintained brand list refreshed daily. Unknown names are scored using heuristics (e.g., ALL-CAPS, vowel removal). Users can set Relaxed/Standard/Strict modes to hide, dim, or label items, and can also strip Sponsored listings. Contributions and misclassification reports are supported; it's MIT-licensed and not affiliated with Amazon.

HN Comments

China sentences official to death for taking $325M in bribes

Yang Youlin, a former Nanjing city official (1993–2023), was sentenced to death for taking more than 2.2 billion yuan ($325m) in bribes over 30 years. He used his positions to help others win engineering contracts, land transfers and financing, and was also convicted of embezzlement, abuse of power and money laundering. The case, part of Xi Jinping’s anti-corruption campaign, involved one of the largest sums in recent years. Death sentences for white-collar crimes are rare but possible when sums exceed about 1 billion yuan; Yang pleaded guilty and expressed remorse.

HN Comments

But Nothing Has Changed on Our Side

Access to acm.org is blocked by Cloudflare's security protection. The page requests cookies and warns that the user's action triggered a security rule, potentially from certain keywords, SQL commands, or malformed data. To resolve, contact the site owner with details of what you were doing and the Cloudflare Ray ID shown on the page; your IP is also visible. The block is part of Cloudflare's performance and security measures.

HN Comments

Better Auth is joining Vercel

Better Auth announces it is joining Vercel to accelerate open-source auth and secure agent workflows. The partnership provides more resources to advance a framework-agnostic authentication core and to bring secure, revocable access across Vercel products as agents act on behalf of users. The post recounts Better Auth’s origin—solving multi-tenant auth, open-source DX, YC funding—and its acquisition of Auth.js/NextAuth.js. It previews a renewed focus on the Better Auth framework and the Agent Auth Protocol, aided by Vercel’s platform and tooling. Thanks to the community and investors.

HN Comments

Show HN: PostgreSQL performance and cost across 23 EC2 instance types

PostgreSQL on AWS benchmarks PostgreSQL performance across AWS EC2 instances (arm64 Graviton and x86-64) with gp3 storage, for 1–50 GB datasets under a 90% read / 10% write, 32-way concurrency in us-east-1, aiming for 33,000 RPS. A cost-performance frontier shows which configs meet the target; the cheapest 1 GB config is m8g.large gp3-baseline (~$82/mo, 45,515 RPS). Arm64 often offers best value; c8i.large reaches 52,203 RPS. The full 52-config table reports RPS, latency, and cost data for filtering and comparison.

HN Comments

Microsoft Fire IdTech Team at Id Software

The text indicates an HTTP 415 “Unsupported Media Type” error from an Nginx server, meaning the request’s Content-Type is not supported.

HN Comments

Chat Control passed first round in EU Parliament

EU Parliament advanced a renewed extension of “Chat Control,” approving an urgency motion to reintroduce the transitional regulation that expired in April, allowing tech firms to voluntarily search private chats for child sexual abuse material. The move, 331-304 with 11 abstentions, enables a plenary vote Thursday before summer break. Critics call it a procedural trick undermining rules; supporters cite preventing a regulatory gap and that reports would otherwise miss abuse material. Privacy advocates warn of mass surveillance and pressure toward a permanent Chat Control 2.0.

HN Comments

Made by Johno Whitaker using FastHTML