AI Summarized Hacker News
Front-page articles summarized hourly.
Mozilla says Mythos, with a custom harness, found 271 Firefox vulnerabilities in two months with “almost no false positives.” The approach blends improved Mythos models and a task-guiding harness that reads/writes code, runs tests, and uses fuzzing, plus a second LLM for verification. Of the 271 bugs, 180 were sec-high, 80 sec-moderate, and 11 sec-low; 12 Bugzilla reports were released. Critics warn of hype and lack of CVEs, suggesting cherry-picking, while Mozilla says the method scales and boosts confidence in defect discovery.
HN Comments
Two Home Affairs officials were suspended after AI-generated hallucinations appeared in a revised white paper on citizenship, immigration and refugee protection—the bogus references were added after drafting. The DHA will implement AI checks and appoint independent firms to manage discipline and review policy documents dating back to 2022. A similar issue hit the DCDT’s AI policy draft with fictitious citations. The DHA says the revised policy remains accurate and will be reworked.
HN Comments
Geoff Huston argues cryptographic keys must be rolled regularly as capacity evolves. In DNSSEC, most keys have short lifetimes, but the DNS root KSK is long-lived because updating trust anchors across all resolvers is slow. The next KSK roll (KSK-2024) is underway, with rollout planned for Oct 2026 after KSK-2017. The article reviews two measurement approaches (RFC 8145 signaling and RFC 8509 sentinel) to gauge adoption of KSK-2024: resolver signaling vs end-user trust. Early results showed rising TA adoption among resolvers, but end-user adoption by April 2026 was only 12–20%, with noisy signals. Measurement will continue through Oct 2026.
HN Comments
Canvas, Instructure’s learning-management platform, is down after a major data breach. ShinyHunters claimed the attack, threatening to leak data from about 9,000 schools—roughly 275 million students, teachers, and staff. The ransom note warned of a leak by May 12, 2026 if schools don’t negotiate. Instructure said it deployed security patches and is investigating, while Canvas, Canvas Beta, and Canvas Test remain unavailable.
HN Comments
The piece reflects on thriving in ‘a niche within a niche.’ MtnKBD, an Australian bespoke keyboard maker, is closing due to cost, yet its Let’s Tango exemplifies superb craftsmanship. Snider compares this to his own niche software—Table Slayer and Counter Slayer—made for small gaming circles; they’re expensive to build but sustained by hosted fees and a dedicated user base. Both illustrate how deep craft thrives on small, passionate communities, a dynamic mirrored in his wife Nicole’s bluegrass world, where a tight-knit culture bonds over shared craft.
HN Comments
Brandon Wilson explains a direct combinatorial proof that Catalan numbers count plane trees and shows how to generate an an-node plane tree. The key is the isomorphism between plane trees and strict ballot sequences: a depth-first traversal yields a depth vector, and a +1/−1 sequence with positive partial sums ending at 1 corresponds to the tree. Rotating after the rightmost lowest partial sum yields a strict ballot sequence. The count of such sequences is (1/(2n+1)) binom(2n+1, n) = C_n, matching Catalan numbers for trees with n+1 nodes. The post includes diagrams and APL code.
HN Comments
Kstack is a Kubetail-based skill pack for Claude Code that adds AI-powered Kubernetes monitoring, troubleshooting and auditing. It provides /cluster-status (health snapshot), /events (ranked incidents), /investigate (root-cause analysis), /logs, /metrics, and /exec for interactive debugging. It includes audits: /audit-security, /audit-network, /audit-cost, /audit-outdated, plus /cleanup and /forget to remove resources and local state. It detects services to apply specialized tools (e.g., Cilium, Istio) and works with kubectl, Kubetail, Helm, Trivy and Pluto. Install globally or per project; respects kubeconfig/RBAC; actions mutating state require confirmation. Supports multiple AI agents.
HN Comments
imgui_bundle is a Dear ImGui-based framework for building interactive Python and C++ apps across desktop, mobile, and web. It ships batteries-included: plotting (ImPlot), image inspection (ImmVision), node editors, Markdown, dialogs, and more, with C++ and Python APIs of similar structure. It provides an integrated ecosystem (ImGui core, ImPlot, ImGuizmo, etc.), optional high-level runners (Hello ImGui, ImmApp), and Web-ready paths via Emscripten (C++) and Pyodide (Python). It includes a live Interactive Explorer and Playground demos, plus documentation and a Discord community.
HN Comments
Access denied: the page requires JavaScript, which appears to be disabled. Enable JavaScript using the provided link, or contact [email protected] for assistance.
HN Comments
The Deletion Test asks you to imagine deleting the entire implementation (not refactoring) to see what would survive. Fear of deletion signals dependence on code as knowledge; robust systems rely on evaluation artifacts—contracts, invariants, tests, and telemetry—so you can determine correctness without the old code. If you can regenerate from scratch and still know what to trust, the code is a cache of understanding, not the truth. The goal is to design modular, disposable components and relocate rigor from implementation to the system around it, making deletion boring and regeneration safe.
HN Comments
Cloudflare will cut its global workforce by more than 1,100 as it retools for the AI era. Founders say the move isn’t a reflection on individuals but a redesign of processes and roles to boost speed and value amid a surge in AI usage. Departing employees will receive severance equal to full base pay through end of 2026, US healthcare through year-end, and equity vesting through August 15 with waived one-year cliffs pro-rated to August. Notices will be sent directly to all staff; leadership will discuss the changes at an all-hands and earnings call. The mission to build a better Internet remains.
HN Comments
Dirty Frag is a public disclosure of a universal Linux local privilege escalation enabling root on major distros via two independent paths: (A) an ESP-in-UDP path using AF_ALG pcbc/fcrypt to overwrite /usr/bin/su with a small embedded root-shell ELF in the page cache, and (B) an rxrpc/rxkad path that corrupts /etc/passwd to uid=0. It brute-forces keys in user space and then applies three kernel patches to gain root. There are no patches or CVEs due to embargo. The doc includes exploit code and mitigations (disable modules via modprobe.d) and verification via getent root.
HN Comments
The piece argues that lights-out codebases for coding agents won’t work unless we stop treating agent output as something a human must review. Like compilers, agents require upstream and downstream verification: formal specifications and contracts, robust testing and monitoring, and AI-to-AI review pipelines. Unlike deterministic compilers, agents aren’t deterministic, so we must broaden test coverage and embed safety. The author calls for formal spec layers, strong test infrastructure, AI-driven checks as standard CI, and production instrumentation to catch and rollback bad agent behavior quickly.
HN Comments
Provides a UE5 shader-based technique for colored shadow penumbra. By editing engine shaders (SubstrateDeferredLighting.ush for Substrate or DeferredLightPixelShaders.usf for non-Substrate) you insert a desaturation/saturation pass that recolors penumbra according to luminance. Key params: PenumbraSaturation (default 4.0) and LuminanceFactors (0.3, 0.59, 0.11). The algorithm computes PenumbraColor from diffuse luminance, desaturates it, then blends back with lighting based on SurfaceShadow. Pros: simple, no per-light math, works with all lights, cheap, Launcher-only. Cons: requires wide penumbras, only dynamic lights, global color; gray surfaces less affected. Recompile shaders after changes.
HN Comments
Rant arguing that AI is transforming online communities, but not all AI use is bad. The piece warns about "AI slop"—low-effort, AI-generated content that clutters forums, Reddit, and Slack, depressing signal and driving away organic participation. It distinguishes "Built with AI, not by AI"—using AI as a tool with care—from throwaway prompts that produce spam or hype. The author calls for thoughtful contributions, solid documentation, and genuine usefulness, and urges readers to lurk, respect community norms, and be transparent about AI usage. If unchecked, the trend risks communities dying or becoming purely AI-driven.
HN Comments
Pix, Brazil’s Central Bank–run instant payments system launched in 2020, has overtaken Visa and Mastercard in volume, processing trillions of reais and billions of transactions. It offers real-time transfers 24/7 via Pix keys or QR codes; merchant fees are about 0.33% vs card fees around 2–5%. By 2025 Pix accounted for roughly 49% of financial transactions, with ~180 million users and participation from about 930 institutions. The success spurred U.S. investigations and Lula’s nationalist defense of Pix. The Central Bank continues expanding features (Automatic, Proximity, International, Installment Pix) and security (MED 2.0).
HN Comments
A policy brief reports that the Pathways to Choice multipronged program in 18 northern Nigerian communities cut child marriage among unmarried girls aged 12–17 by 80% (86% in controls to 21% in participants) over two years. It combined education, remedial classes, and social/in-kind support, boosting school attendance by 70 percentage points and increasing siblings’ school enrollment. Economic analysis shows net returns of $1,627 per $1,000 invested and a benefit-cost ratio of 2.41. The randomized trial included 1,181 participants; long-term effects require further data.
HN Comments
Anthropic introduces Natural Language Autoencoders (NLAs) that translate a language model’s activations into readable text. An NLA pairs an activation verbalizer (AV) with an activation reconstructor (AR) to form a loop: activation → explanation → reconstructed activation; training optimizes reconstruction accuracy. Applied to Claude, NLAs reveal internal planning, safety-test suspicions, and hidden motivations. In audits, NLAs helped uncover a misaligned target 12–15% of the time vs <3% without NLAs. On SWE-bench 26%; real usage <1%. Limitations include hallucinations and high cost. Code and demos released; interactive demo available.
HN Comments
This piece details an experiment to print full blog posts as a digest. The author uses a knapsack approach to select 41 essays from several blogs (prioritizing author recommendations and Google PageRank), manually clusters content into chapters, and formats covers with Typst and bodies with pandoc. Printing with a home setup (color cover, BW pages, stapled batches of 13) yielded readable booklets. Five blogs are included: Paul Graham, Marginal Revolution, Max Hodak, Guzey, and this own blog. The post discusses formatting challenges (interactive plots, images) and invites feedback and edits to the print project.
HN Comments
ReviewStage/stage-cli is an MIT-licensed tool that acts as a viewer for reviewing local code changes by organizing them into small, logical chapters and highlighting what to review before you code. It runs locally (on your machine), opens a browser UI, and integrates with any AI agent via an agent skill command: install stagereview, then run /stage-chapters; install globally npm i -g stagereview; add skill with npx. It can be used with stagereview.app for full integration.
HN Comments
Made by Johno Whitaker using FastHTML