AI Summarized Hacker News
Front-page articles summarized hourly.
Anthropic stock transfers require board approval; sales or transfers without approval are void and not recorded. SPVs and investment funds cannot acquire Anthropic stock, or provide indirect access, and such offers are likely invalid under transfer restrictions. Be wary of unsolicited offers, 'exclusive' access, fast-moving deals, or attempts to bypass restrictions; beware fake stock certificates. Not authorized to trade Anthropic shares: Open Door Partners, Unicorns Exchange, Pachamama, Lionheart Ventures, Hiive, Forge, Sydecar, Upmarket. If in doubt, verify with regulators, seek legal/financial advice, and email [email protected] with concerns.
HN Comments
Amr Shawky describes PicPocket.io’s development: started to repurpose a chat interface for sharing and organizing photos by the people in them; users could later post other media to a web feed from the chat UI. This created a unified feed for sharing things that aren’t messages. In practice, the product felt like 'old Facebook'—no ads, no algorithms, posts from people you know, even albums reminiscent of early FB. Friends posted more candid content. It also facilitated sharing YouTube videos. Future plans include UX overhaul and bringing the feed to mobile; model focuses on photo storage rather than ads.
HN Comments
Quack is DuckDB’s HTTP-based client-server protocol enabling DuckDB instances to talk to each other. It runs as an extension (core_nightly, v1.5.2) and uses a request–response model with a custom MIME type (application/duckdb) for serialization. By default the server binds to localhost:9494 and generates a random token; SSL is not enabled by default. It supports remote queries and data transfer with a round trip for workloads, plus bulk transfers for large datasets. Benchmarks show Quack outperforms PostgreSQL and Arrow Flight for bulk loads and delivers small-write performance. Future work includes DuckLake integration, auto-install, richer syntax, replication, and a DuckDB 2.0 release.
HN Comments
Needle is a 26M-parameter Simple Attention Network distilled from Gemini 3.1 for on-device AI. It runs on Cactus at ~6000 tokens/sec prefill and 1200 decode. Weights and the dataset are open. Architecture: encoder x12, decoder x8 with shared embeddings and gated residuals; cross-attention, RoPE, and self-attention. Pretrained on 200B tokens (TPU v6e) and fine-tuned on 2B tokens for single-shot function calls. Geared for tiny devices (phones, wearables). UI at http://127.0.0.1:7860 with Python CLI for finetuning/inference; quickstart: clone, setup, run.
HN Comments
An op-ed arguing that the modern economy rewards visibility over substance. Platforms monetize engagement, elevating loud, flashy content—often AI-generated—over careful, tested work. Drawing on Frankfurt’s On Bullshit and Graeber’s Bullshit Jobs, it notes a rise of grifters, mentorship influencers, and content about content as a systemic problem. It harms those who do real work while rewarding hollow performance. Solutions: reward substance, pay for human-made work, and be embarrassable; the system is reversible.
HN Comments
Could not summarize article.
HN Comments
Canada’s Bill C-22, dubbed The Lawful Access Act, would require digital services to retain metadata for a year and expand information sharing with foreign governments, including the U.S. It also would enable the government to compel companies to insert backdoors into encrypted services, provided there’s no declared “systemic vulnerability.” Definitions are vague, potentially covering apps and OSes, and public disclosure of orders would be barred. Major companies oppose it; U.S. lawmakers expressed concerns. The bill risks widespread surveillance, data breaches, and privacy erosion, echoing UK missteps.
HN Comments
Statewright provides state machine guardrails that constrain AI agents’ tool use by phase, not by boosting model size. A planning phase uses read-only tools; implementing unlocks limited write capabilities; testing restricts commands. If a tool is disallowed, the agent is rejected with guidance. The Rust engine enforces transitions and per-state guards (allowed_tools, max_edits, command allow-lists) via MCP integrations across Claude Code, Codex, Cursor, opencode, and Pi. It supports frontier/local models, offers a quick-start plugin, self-hosting, and Apache‑2.0 licensed code; docs available.
HN Comments
The Moth introduces The Moth Story Map, a video showing five-story structure steps: The World As It Was; And Then One Day…; Raising the Stakes; The Moment of Change; The World As It Is Now. It uses Dante Jackson’s high school story “The Prom” (2013) as an example. The post invites educators and students to get involved via the All City Residency (7 weeks for NYC 10th–12th graders) and The Moth Teacher Institute (virtual for teachers worldwide), with links to further resources on story structure.
HN Comments
Researchers at Google DeepMind envision an AI-enabled mouse pointer that understands what the user points at and why it matters, enabling seamless, cross-app collaboration without prompts. The pointer translates visual context into actionable tasks by four principles: maintain flow across apps; show and tell by capturing relevant text/graphics; use natural shorthand ('This'/'That'); and turn pixels into entities (places, dates, objects). They prototype pointer in Gemini and plan Chrome and Googlebook integrations (e.g., compare products, place visualization), with AI Studio demos and broader testing.
HN Comments
XBOW reports CVE-2026-45185, a critical unauthenticated RCE in Exim 4.97 (Debian/Ubuntu) triggered by a use-after-free during TLS shutdown when processing BDAT chunks. A single ungetc into a freed xfer_buffer corrupts Exim’s allocator metadata, enabling remote code execution. The piece walks Exim’s memory model and BDAT handling, showing two exploitation routes: an autonomous LLM-driven attempt relying on glibc/FILE-structure tricks, and a human-guided approach abusing Exim’s store allocator with a stack leak. The PoC shells to /bin/bash and exfiltrates the flag via /dev/tcp. Timeline: vulnerability submitted May 1, private fix May 5, CVE assigned May 10, public May 12, 2026.
HN Comments
CERT released six CVEs for dnsmasq security vulnerabilities affecting most non-ancient versions. Patches are available; CVE details at thekelleys.org.uk/dnsmasq/CVE/. Simon Kelley released dnsmasq-2.92rel2 with patches; development-tree fixes will be uploaded; some backports, some root-cause rewrites. AI-driven bug reports have surged; embargoes less useful; priority is fixing going forward. 2.93rc1 will be tagged; aim for a stable 2.93 soon, with testing encouraged. Expect more vulnerability reports; process will continue.
HN Comments
Googlebook, arriving Fall 2026, is a Gemini Intelligence–powered laptop product. It showcases Magic Pointer to ask/compare/create with Gemini, a Widget Builder to make custom widgets, and cross‑device features like Cast My Apps and Quick Access to access phone apps and files on a laptop. The marketing pledges a featherweight design with heavyweight power and calls it the perfect Android partner. Sign‑up prompts offer notifications (internet required, 18+; Android 17+ required) and note that results vary.
HN Comments
Hopper is the first agentic development environment for the mainframe. It uses AI agents to navigate TN3270, inspect datasets, write JCL, debug jobs, query VSAM, and operate inside z/OS from a modern development environment. It provides a real TN3270 terminal and can drive JCL, parse JES return codes, NEWCOPY to CICS, and decode abends from JESMSGLG/JESYSMSG/SYSUDUMP into structured diagnostics. Pricing includes Hobby (free) and Enterprise; available on macOS, Windows, Linux; connect to your own LPAR; on-prem/VPC deployment, SAML SSO, admin/privacy controls; SOC 2 & pen tests. Community and resources.
HN Comments
Could not summarize article.
HN Comments
Two business loops drive software: uncertainty reduction (marketing, product, customers) and complexity management (stability, maintainability) controlled by senior developers. The author argues senior devs falter when they talk about complexity instead of uncertainty reduction. To communicate value, describe solutions to the business problem: quick, reusable, minimal-change experiments, e.g., “Can we try something quicker?” AI speeds up delivery but hurts understandability; thus decouple into two systems: a Speed version for fast market feedback and a Scale version for stability, with senior developers acting as editors to ensure quality.
HN Comments
Instructure paid a ransom to the ShinyHunters after Canvas was breached twice in about 10 days. The deal reportedly returns or secures data for about 275 million users across more than 8,800 institutions, with “digital shred logs” and assurances that no customer will be extorted. The monetary value wasn’t disclosed, and the ransom deadline was May 12. The breaches caused outages and exam delays; Instructure said it would continue forensics and security hardening, and by Monday all Canvas environments were back online.
HN Comments
Heinrich Schliemann excavated Hisarlık (ancient Troy) in 1871–73, using a trench and dynamite to reach layers he deemed Priam’s Troy, and smuggled Priam’s Treasure to Athens in 1873. The Ottoman Empire sued; he paid £2,000 and kept the gold, though some artifacts returned to Istanbul. The site hosts nine successive cities; the layers Schliemann ignored belong to Troy II (c. 2400 BC), while Troy VI–VIIa show the city Homer describes. After Berlin, Priam’s Treasure moved to the Zooflakturm during WWII and finally to Moscow’s Pushkin Museum, under Russian restitution laws. The Iliad remains a real, contested lens on history.
HN Comments
Could not summarize article.
HN Comments
Amazon employees are widely using an internal AI tool, MeshClaw, to automate tasks amid pressure to adopt AI and track token usage. Some workers allegedly engage in “tokenmaxxing” to inflate AI activity, though managers say token data won’t affect performance. MeshClaw can deploy code, triage emails, and interact with Slack. Security concerns exist about an AI acting on a user’s behalf, but Amazon says thousands are benefiting from the tool as part of responsible AI deployment.
HN Comments
Made by Johno Whitaker using FastHTML