The newest HackerNews stories, desensationalized.

A single campaign compromised the TanStack release pipeline on 2026-05-11 by chaining a forged fork PR, cache poisoning, and runtime token extraction into a publish path. The attacker used pull_request_target jobs to execute fork-controlled code, polluted the pnpm cache, then relied on a later release workflow on main to restore that cache and run a prepare-time payload during install. Two versions of 84 packages across 42 @tanstack/* entries were published in a 20-minute window, while the release workflow’s intended publish step did not execute because the normal job path failed. The payload was distributed via optionalDependencies entries pointing to a forked router commit and executed through npm lifecycle scripts after install, triggering host-side actions and a 2.3 MB obfuscated script. No direct theft of npm tokens was confirmed, but the maintainers stated that any machine running installs of affected versions on that date should assume compromise and rotate AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials. External researchers discovered the activity quickly, the tarballs were pulled, and all affected versions were deprecated with public advisory coordination. A tracking issue confirmed the full scope, and emergency response included cache purges, permission tightening, workflow guards, and action pinning. The incident is presented as a three-part chain where each link was insufficient alone: fork merge execution, cache trust crossing, and OIDC publish privilege on a CI runner. The release relied on known CI trust boundaries rather than introducing a separate gate for registry publishing, and the post concludes that the pipeline was the failure point, not one single software bug.

UCLA Health researchers report a preclinical discovery in mice and humans showing stroke can disrupt brain connections far from the lesion, weakening coordinated gamma oscillations that support movement, especially in parvalbumin interneuron circuits. The team found that physical rehabilitation restores these oscillations and reconnects some of the disrupted circuitry in mice, including distant parvalbumin networks. Using that mechanism, they screened compounds and identified two candidates that stimulate parvalbumin neurons; one drug, DDL-920, produced significant motor-recovery effects in the mouse model. The study frames this as a molecular approach to mimic rehabilitation rather than replace therapy. It also claims novelty in mapping a specific network-level substrate for recovery and a corresponding pharmacologic target for post-stroke repair. The authors stress that this is not a cure for infarcted tissue itself, and that prior stroke care still relies on rehabilitation, which often yields incomplete functional recovery. Human translation remains pending, as the authors call for additional preclinical safety and efficacy work before clinical trials.

The article argues that language decisions are shifting because modern coding agents can now handle systems languages that were previously too costly for teams to adopt. It claims the practical advantage of Python and TypeScript is eroding as large language models improve quickly on Rust, Go, and similar ecosystems, citing SWE-bench Verified gains across multiple frontier models in 2026 and faster compiler-feedback loops as key enablers. It highlights Microsoft’s Go port of the TypeScript compiler, a Claude-agent-built Rust C compiler, and Rust rewrites of browser and tooling work as evidence that substantial systems code is now being generated with less human effort. The piece also contends that Python and JavaScript ecosystems increasingly depend on Rust under the hood through core libraries and tooling, making the “choose Python for speed, optimize later” logic weaker. It says this changes open-source contribution economics: instead of upstreaming fixes in unfamiliar codebases, teams may prefer rapid ports to faster stacks. The article acknowledges exceptions: some workloads still favor old choices because of serverless compatibility, ML ecosystem maturity, smaller AI training coverage, or project constraints. It frames the new regime as one where AI writes most routine translation, architecture and review, with humans focusing on design and quality control. The final thesis is that teams should reassess defaults and may increasingly pick languages that maximize AI-assisted iteration and runtime performance rather than human familiarity.

TypedMemory is a Java library that sits above the Foreign Function & Memory API to map Java records to contiguous off-heap memory with typed views, layout derivation, and an API for allocate, get, set, fill, copy, swap, and segment inspection. It is implemented to reduce manual layout and offset handling while preserving explicit control needed for native interop, simulation, graphics, data-oriented workloads, and large structured datasets. The project requires Java 25 or newer, runs through FFM-style arenas and MemorySegment access patterns, and currently supports core operations like typed allocation, record layout generation, wrapper views over existing segments, and reinterpretation support. A small set of planned features remains, including pointer-typed fields beyond raw addresses, unions, and maturation of schema support. It is labeled experimental and intentionally not a replacement for raw FFM, with explicit notes about command-line native-access flags and potential breaking changes as the API evolves. Maven usage is straightforward with a published 0.1.0 release and standard lifecycle commands for compile, test, package, and install, and integration examples are shown through a module declaration and records such as Point, Color, and nested arrays. The article frames the goal as making low-level Java memory programming safer and clearer while still staying close to native layout semantics.

GitLab announced an AI-oriented restructuring and strategy reset called Act 2, framing both the workforce changes and strategic bets as moves to prepare for high-volume, agent-assisted software development. The company said it is running a voluntary, transparent process that may complete by June 1, with final financial details expected on a June 2 earnings call, while reaffirming Q1 and full-year FY27 guidance. For customers, it promised no disruption to support, roadmap commitments, contracts, or day-to-day operations, but signaled faster and deeper innovation with stronger security, scalability, reliability, and user experience. Operationally it described a reduced country footprint, flatter management hierarchy, role right-sizing, and replacement of the previous CREDIT framework with three principles: Speed with Quality, Ownership Mindset, and Customer Outcomes. Leadership said savings from restructuring would be reinvested and listed five architectural priorities, including agent-native Git internals, orchestration for humans and agents, a connected lifecycle data plane, a centralized policy service, and more autonomous engineering workflows. In the employee letter, GitLab added that managers are running participatory conversations, set a May 18 voluntary separation cutoff where allowed, and offered performance-based bonus changes while arguing that a leaner structure should improve morale, ownership, and execution speed. Commenters reacted with sharp skepticism, arguing the blog post is heavy on AI rhetoric and that cutting staff while projecting a software demand boom appears inconsistent. Many questioned whether the company can safely automate reviews and critical workflows at scale, whether “agentic” promises are credible, and whether the DEI value removal and “

The post argues Denver’s current single-family zoning and infill constraints are pushing longtime mixed-income neighborhoods toward 10x price escalation, as aging homes are replaced by multimillion-dollar replacements. The author, identifying as economically liberal and libertarian-leaning, says this reflects decades of blocked incremental growth that preserved an equilibrium until rapid redevelopment pressure appeared. Denver’s “Unlocking Housing Choices” proposal is presented as an attempt to make smaller, more numerous homes financially viable by shifting developers’ incentives: limit unit size while allowing more units, permit larger accessory units behind retained houses, and allow voluntary deed-restricted affordable units. The author says the second and first approaches are most promising, with backyard additions especially attractive because they preserve visible character while increasing density. He is wary of mandatory inclusionary-style affordability, arguing current construction costs may require too many non-affordable units to keep projects feasible, and suggests experimentation with voluntary ratios instead. He also identifies permitting delays as a major missing lever, arguing that predictable, pre-approved pathways and quick approvals for preferred housing types could be as important as rule changes. He proposes adaptive rules tied to surrounding lot context, allowing modest growth for single-family replacements and larger relative gains for multi-unit builds, but admits the idea is untested and not fully pro forma modeled. The comments reinforce the post by quantifying costs and by challenging whether market dynamics, regulation, and politics can be aligned. Some readers praise the plan’s direction, while others predict resistance from higher-cost and

Nullsoft’s remaining team was reduced to a handful of employees, and the piece frames the move as the end of the division that had produced Winamp and related projects after AOL’s 1999 purchase of the company for $100 million. It credits founder Justin Frankel with turning Winamp into a simple, mass-market MP3 player and building Shoutcast to stream music, then depicts Gnutella as an intentionally decentralized peer-to-peer system designed to resist the central shutdown risks that doomed Napster. AOL removed those releases as unauthorized after Frankel posted them, and the article also details WASTE, his later encrypted invitation-only file-sharing network aimed at avoiding easy legal monitoring. The story portrays Frankel’s repeated friction with corporate ownership as principled resistance to central control over software direction, including ad-blocking and file-sharing side projects. His resignation is presented as the culmination of that conflict, and the article closes with raids on private networks and speculation that he could again build systems to evade enforcement pressure. Commenters expand this frame by tying Nullsoft’s culture to an enduring hacker ethic: innovation can emerge from small teams, but acquisition often shortens their independent lifespan even when their work becomes culturally influential. For HN readers, the case is less nostalgia than a technical lesson in how architecture choices and ownership rights can determine which internet platforms survive.

Orhun introduced Ratty, a terminal project tied to a new glyph-based graphics approach that blends text and 3D-rendered content in the command-line interface and is presented as a way to reduce the separation between textual and graphical interaction. The post highlights inspirations from historical systems like TempleOS and suggests direct in-terminal command-and-display workflows for code and data, with depth effects, layered visuals, and spatial UI cues. Readers connect it to older and current experiments, including shallow-3D interfaces, browser overlays, and existing terminal graphics efforts such as Kitty and sixel, and compare how it might evolve from text-only terminals toward richer media surfaces. The thread also introduces technical caveats: users ask whether 2D raster quality can truly improve, whether GPU acceleration survives remote SSH use, and whether missing features like synchronization and protocol support limit reliability. There is substantial interest in adjacent possibilities like VR, head-tracked displays, and browser-based terminals, while others caution this remains largely speculative and UX-heavy. A recurring comparison is that much of the work may shift burden to terminal emulators and desktop systems, making broad adoption dependent on protocol standardization and implementation support. Even while many see it as fun or visionary, several commenters frame it as a potentially useful but clearly experimental branch in UI evolution.

This project revives the Griffin PowerMate as a usable USB HID input device on modern macOS with a small Swift driver and companion agent. It reads 6-byte reports from the device, with one byte for button state and one for signed rotation, then derives rotation rate from report timing to let apps map dial and press events as scroll, arrow-key, click, or right-click actions. The PowerMate can be switched to menu-aware behavior through Accessibility so focused menus get Return and arrow keys, while Input Monitoring is required for posting events, and the binary can run in the background with Login Items for convenience. The implementation also exposes LED control APIs for brightness and pulse behavior, and it notes that LED commands fail when another process has exclusive access to the device. The guide includes build and run instructions, permission prompts, dependency wiring for other apps, Linux report compatibility, and a release path for signed notarized binaries. It also advises reconnecting or stopping competing software when needed because the driver opens the USB device with exclusive access. Readers in discussion frame it as a practical nostalgia project and a focused control tool rather than a gimmick.

A security report was presented as high confidence that attackers used AI to discover and exploit a vulnerability, with a patch developed afterward. The reporting was interpreted by commenters as potentially overstating the causality, since proving model-assisted discovery without operational evidence is difficult. Many argued that current large models can accelerate bug hunting by reviewing code at scale, but they may still resemble old automation techniques such as fuzzing, with effectiveness tied to compute budgets rather than magic inference. Commenters expected any AI-assisted offensive gain to be concentrated among actors with substantial resources, while noting that open models and other foreign providers may preserve exploitation capability even if some U.S. vendors restrict access. The thread also reflected skepticism that media and security firms overstate novelty to attract attention, policy leverage, or funding, and skepticism extended to claims of “thousands of zero-days” as potentially unverified corporate marketing. Others countered by raising a practical question about whether AI-driven defenses can patch faster than attackers can weaponize findings. Overall the discussion framed the issue as both a technical development and a narrative battle over AI risk claims.

A developer describes recurring 3 a.m. awakenings in a noisy city and built a local, home-networked system to identify likely causes by linking Raspberry Pi-captured noise events, Home Assistant sensor events, and Garmin sleep-stage and wake data into a synced timeline. The Pi records only when at-home, in-bed conditions are met, stores short pre/post-event audio clips above a threshold, and applies noise suppression to reduce false triggers; a custom web app highlights wake transitions so the user can review only candidate disturbances. The frontend is a PWA with push notifications, and the project was assembled quickly with AI-assisted coding, including direct testing on the Pi and screenshot-based UI verification, though the user explicitly avoided letting AI classify sounds. The system is intended as an investigative aid, not diagnostic sleep science: wake timestamps and transitions are treated as practical markers, while sleep-stage labels are acknowledged as approximate. With the tool, the user found recurring sources such as door noise, dishes, and street traffic and then applied targeted fixes like acoustic panels, improved insulation, and behavioral coordination. They report improved morning feel and Garmin trends, and propose future extensions for smarter notifications, clustering, and confidence-based alerts but consider the current version sufficient for action. In comments, some readers challenge assumptions about causality and suggest stress or sleep cycles as alternative explanations. The author notes they built it because AI lowered the execution cost, not because AI solved sleep quality alone.

Google’s signup and login controls are increasingly surfacing QR-based phone verification flows that can still invoke SMS, and users report these checks now block or complicate account creation for privacy-focused workflows. The discussion raises practical objections around SMS-only services, prefilled SMS links, and regional SIM constraints, especially for people using short-term foreign numbers, reused numbers, or users without smartphones. The original poster questions whether Google can infer identity through temporary numbers, how far phone records are retained, and whether location-aware checks can be bypassed with VPNs, while noting behavior changes are inconsistent by proxy quality and account conditions. Commenters reinforce these concerns by citing reused-number limits, old account lockdowns, and lockout loops even when 2FA is in place. The thread suggests the policy is part anti-fraud response to account abuse and part trust-balance shift in identity infrastructure, where one person’s registration success may depend on IP risk scoring, device profile, and history. Practical workarounds are debated, including separate devices, WebAuthn/2FA, domain-based mail, and paid providers, but users report no universal bypass. A central tension is clear: preventing mass account abuse versus preserving user agency, accessibility, and low-friction onboarding. Some argue old SMS verification is still the same mechanism wrapped in QR convenience, while others see this as a deeper move away from phone-free account access. The conversation reflects broader anxiety over digital identity becoming increasingly tied to phone-linked credentials, even for non-Gmail tasks. Several users conclude that the trend points to tougher registration, stronger anti-bot defenses, and greater 포함

The author rewrites Andrej Karpathy’s llm.c into Swift and benchmarks training and inference while optimizing handwritten matrix multiplication for an LLM workload on Apple Silicon. Early results show basic Swift is dramatically slower than C, largely because of Swift array copy-on-write overhead and lack of fast fused multiply-add code generation, so they add mutableSpan usage and Swift Numerics Relaxed.multiplyAdd to better match C’s loop behavior. They then adopt loop restructuring and InlineArray-based batching to mirror C’s unrolled inner logic, bringing performance close to and briefly above baseline C for single-threaded training. Next comes multithreaded execution with concurrentPerform and unsafe buffer access, which yields a major speed gain but also makes the code much less ergonomic and harder to maintain. The article then tests Apple-specific accelerators: custom AMX-style tiling improves speed further, and several Metal implementations (naive, threaded, and tiled) show the largest gains, with tiled kernels delivering the top throughput in this series. The author notes even the best handwritten result reaches about 1.1 TFLOP/s but remains below theoretical hardware limits, and emphasizes that production code should use Apple’s tuned frameworks instead. Commenters largely praise the thorough optimization journey and technical framing while adding caveats: AMX access is undocumented, OpenMP support in Swift is possible with the right compiler setup, and using -ffast-math is broader and riskier than needed. One comment argues -ffp-contract=fast is the key compiler control for FMA behavior, because numerical correctness tradeoffs should be explicit. Another reinforces that GPU peak claims are not straightforward, explaining why software-level tuning remains the

Interfaze is introduced as a hybrid architecture that merges task-specific DNN/CNN capabilities with transformer-style reasoning to better handle deterministic workloads like OCR, object detection, structured extraction, and transcription. The post argues that transformers are overused for repetitive tasks where predictable metadata, such as bounding boxes and confidence scores, matters more than broad reasoning, and it positions this approach as a middle path between fixed-task CNNs and generalist LLMs. It publishes architecture characteristics such as a 1M-token context, 32k output tokens, multimodal input (text, image, audio, file), and optional reasoning, and says cost and latency are tuned to outperform specialized and general flash/mini-style alternatives. In nine head-to-head benchmark results, Interfaze is reported to lead most of OCRBench, olmOCR, RefCOCO, VoxPopuli (WER), Spider 2.0-Lite, GPQA Diamond, MMMLU, MMMU-Pro, and SOB Value, while excluding non-native-audio models where needed. The launch also introduces a structured-output benchmark (SOB) to separate schema formatting from correctness and hallucination control, with claims that Interfaze produces more accurate filled outputs across text, image, and audio contexts. The API examples demonstrate practical workflows: schema-constrained OCR with full precontext metadata, task-specific mode selection via <task> tags, and retrieval-enhanced responses with raw search grounding, all through an OpenAI-compatible endpoint. It emphasizes OCR/transcription speed and multilingual transcription throughput, including a 1h35m example transcribed in tens of seconds, and positions this as a developer-facing, production workflow API rather than a pure research-only demo. The thread-level discussion also pressures the搏

Thinking Machines describes a shift from turn-based assistant patterns to native interaction models that can perceive and respond continuously across audio, video, and text, including interruptions, simultaneous speech, and tool use, using 200 ms micro-turns and a split-stack design with an interaction model plus asynchronous background model. The company argues current harness-based systems rely on separate turn detection and other modules, limiting fluid collaboration, and presents TML-Interaction-Small (276B parameters, 12B active) as a jointly trained architecture with encoder-light audio and vision pathways designed for time-aware behavior. Inference optimizations include streaming sessions, small-chunk prefill/decode handling, and kernel-level changes to reduce latency while maintaining stability through trainer-sampler alignment. Benchmarks presented claim strong competitiveness on FD-bench interactivity, Audio MultiChallenge, IFEval, and mixed turn-based metrics, while also introducing internal tests for timing and visual proactivity that existing realtime competitors reportedly do not handle well. The team frames visual proactivity and responsive overlap as a practical gap in current commercial systems and reports better qualitative behavior than prior examples from turn-based designs. Limitations are acknowledged: long-session memory growth, network dependence, and current size-speed tradeoffs that delay larger releases, with an intent to iterate through a limited preview, safety tuning, and grants for interaction evaluation. Readers in comments note the architecture’s promise and strong demos, while questioning whether the main win is a polished UX, practical deployment value, and how a smaller model footprint might evolve with time and compute constraints.

The project is a lightweight, zero-install, browser-based clone of Google Antigravity built in pure HTML/CSS/JS, designed to keep the familiar Antigravity-style interface while avoiding local IDE setup. It uses WebContainer-powered xterm.js for a Linux-like shell, synchronizes local files, and includes a proactive agent that can run shell commands, initialize projects, install dependencies with pnpm, and build applications. The system is BYOK and currently supports only Gemini models, including preview variants, with model selection hardcoded in code. Keys are kept in browser localStorage, and the author positions the tool as an Alpha intended for community extension rather than a finished replacement. Planned improvements are broad and practical: stronger orchestration, multi-provider support, file sync and terminal hardening, richer menu actions, settings UX, model switching, and Git workflows. Usage is simple, requiring a local server and API key entry in a small settings icon, but the UI and workflow rough edges are explicitly acknowledged. The implementation is explicitly non-commercially permissive under GPL-3.0. Users and the author both frame it as a useful distraction and fast experimentation environment rather than a full professional workstation, with progress managed through weekly PR reviews due school commitments.

AMÁLIA is presented as Portugal’s publicly funded effort to build a European Portuguese-first LLM, backed by 5.5 million euros and a consortium of leading universities and labs. The model extends EuroLLM instead of training from scratch, using Arquivo.pt and synthetic Portuguese data to increase language share during pretraining, supervised fine-tuning, and preference training, while adding new benchmarks such as ALBA to test grammar, syntax, world knowledge, and bias toward Brazilian Portuguese. The project is praised as strong technical work, but major criticism is that key assets—weights, data, logs, and benchmark artifacts—were not publicly available at the time of writing, despite “open source” claims. Reported data proportions are also debated: about 5.5% clearly identified European Portuguese in a 107B-token pretraining stage (5.8B tokens) and roughly 17–18% in SFT. The model reportedly beats Qwen 3-8B on most published Portuguese benchmarks, yet still loses to it on ALBA, which leads to open questions about whether token mix or training strategy is the stronger lever. The author argues that future gains likely require more pretraining data and better access to Portuguese-specific cultural knowledge, not only benchmark-driven tuning. Overall, the initiative is framed as a meaningful first step for a small language with promising results, but one that currently depends on greater openness to become broadly useful.

The cuda-oxide book presents an experimental v0.1.0 alpha compiler that translates standard Rust into PTX through a custom rustc backend, explicitly avoiding DSLs and external kernel languages. It targets users already fluent in Rust and async programming, and positions itself as a replacement flow from host code to GPU execution inside one language. A sample vector-add kernel shows kernel attribute macros, thread indexing, typed dispatch methods, and launch configuration wiring from Rust buffers and streams, with a cargo oxide build path for running examples. The project also exposes lower-level APIs for loading sidecar modules and custom launches, and exposes device-operation graphs, stream-pool scheduling, and async result coordination for larger pipelines. Its documentation frames safety as layered: simple patterns are safe by default, while shared memory, warp operations, and frontier features such as tensor-core or cluster-level communication require unsafe contracts. The initiative explicitly invites feedback because APIs are expected to change, and the GitHub-hosted project remains early, incomplete, and performance-first experimentation. It is marketed as a practical step toward writing GPU kernels in idiomatic Rust while preserving direct access to lower-level CUDA control when needed.

The article describes a puppet library operating for decades beneath Emmanuel Church on Boston’s Newbury Street, where Sara Peattie lends out a diverse collection of puppets free of charge. Peattie, a longtime Boston puppeteer, began in Bread & Puppet during the Vietnam-era movement and later left with George Konnoff to form the Puppeteers’ Cooperative in San Francisco in 1976, then eventually settled in Boston after a stop in Vermont. The pair promoted community events such as parades and pageants, and their network later supported major regional festivals. Peattie created the Puppet Free Library after repeated lending made inventory tracking difficult, and she kept it running through a simple checkout process, handwritten records, and direct follow-ups for overdue returns. She explained that large puppets are built from relatively simple materials—papier-mâché heads, fabric bodies, wire, and bamboo—and are designed to read as grand on stage despite structural simplicity. Comments suggest the physical location is easier to miss than the article implies, with a tiny side-door entrance off a side street, and the unusual visibility means people often discover it by chance. One commenter also recalled a childhood reaction to puppets as unsettling, adding a contrasting personal reaction to the generally celebratory community portrait.

The project presents an authenticated email gateway for AI agents that receives inbound mail via webhook or WebSocket, sends outbound mail through an HTTP API, and verifies sender identity for both people and agents with SPF/DKIM and H2A-style headers. It supports hosted and self-hosted deployment, with a shared relay domain for instant slug-based agent onboarding or custom-domain DNS setup, and details an end-to-end local Docker installation, health checks, agent registration, and migration workflow. The system normalizes inbound security checks and forwards signed X-E2A-Auth-* headers, including sender, entity type, timestamp, body hash, and signature, while requiring receivers to validate the HMAC to trust fields; SDK parsing defaults to rejection of unverified payload fields. Agent communication is split into cloud webhook mode and local WebSocket mode, both with REST polling fallback, and conversation continuity is preserved using conversation_id, with a relay-only authoritative X-E2A-Conversation-Id and RFC-compliant threading for human replies. Outbound workflows include optional human-in-the-loop holds, dashboard/API/CLI approval, and magic-link decision routes with configurable expiration actions. The release also covers operational concerns: Postgres-backed storage, multi-replica safety with SKIP LOCKED queue handling, security hardening for production, OAuth CSRF, replay-window checks, and data-retention and export/delete controls. It positions itself as an agent abstraction layer above SMTP rather than a replacement MTA, with explicit boundaries around outbound SMTP providers and self-hosted auditability. Comment context suggests readers may compare it to neighboring projects with similar goals, but this implementation focuses on a full signed-delivery model

The post describes ymawky, a macOS-only static HTTP server written entirely in AArch64 assembly with raw Darwin syscalls and no libc or external libraries, supporting GET, HEAD, OPTIONS, PUT, DELETE, byte ranges, directory listings, and custom errors. The author frames it as a learning project rather than a production replacement for nginx, using fork-per-connection for simplicity despite higher memory use and lower concurrency compared with event-driven servers. A large part of the implementation is manual request handling: byte-wise parsing of methods, paths, headers, percent decoding, range parsing, integer conversion, and strict validation that guards against malformed input like invalid headers, bad URIs, and oversized paths. For PUT, the server uses temp files and atomic rename to prevent partial writes when clients disconnect early, and rejects oversized bodies, while setting byte-level timeouts to reduce slowloris abuse and compute adaptive PUT timeouts from content length and minimum throughput. Security and correctness efforts include docroot enforcement, path-segment traversal checks after decoding, directory traversal mitigations, optional directory listing with URL and HTML escaping, and process-level limits using Darwin-specific proc_info plus timeout-driven process termination. The author also details Apple-specific syscall behavior around signals, showing how signal trampoline handling was simplified because the timeout path exits directly. Commenters largely read this as a deep systems exercise, with responses praising the ambition and linking to similar minimal servers, while also framing it as a reminder that the hard part of web servers is request parsing and edge-case handling rather than socket setup.

The discussion argues that hardware-based attestation systems such as Play Integrity, App Attest, and related digital ID stacks are being used increasingly to require device and OS approval for access to banks, payments, age checks, and ordinary services. Commenters say the model turns users into tracked actors because attestation metadata and certification decisions can become persistent device-linked identity signals, even when presented with indirection. They also challenge claims that these systems mainly solve fraud, noting practical bypasses through hardware attacks and pointing out weak rollout quality compared with the level of lock-in they create. A second thread in the comments frames the issue as political and economic: secure boot and attestation are presented as anti-competitive levers, especially in Google, Apple, and mobile ecosystems with opaque certification requirements. Others agree with the security goals but insist the anti-freedom outcome comes from implementation choices, calling for inclusive, non-monopoly participation by alternative OS vendors and stronger legal guardrails. The conversation connects this to ongoing proposals in EU digital identity, anti-abuse tools, and anti-bot efforts, warning that without policy constraints and transparent standards, open platforms become harder to access for users outside dominant hardware/software stacks.

A long-time Linux user tracked terminal memory use after heavy swap pressure appeared when running many kitty windows on an older machine, and measured nearly no swap recovery from heavy usage until kitty instances were replaced by xterm. The author benchmarked several terminals on X11 and Wayland with smem, comparing memory metrics such as USS, PSS, and RSS after running the same command set in each. Results showed wide variance: st and xterm stayed relatively low while kitty was high in both environments, with gnome-terminal performing better than expected and konsole remaining middle-of-the-road. Foot consistently supported timg image output with a memory profile far lower than kitty, while ptyxis and others were comparatively heavier; lxterminal, kitten, and alacritty fell between the extremes. The methodology acknowledged rough controls, including different sizes and scrollback settings, but the author considered the spread large enough to preserve ranking confidence. Functionality drove secondary choices: image support via timg made kitty appealing despite memory cost, and only a small set of terminals were noted as viable for pixel-level output. By the update, st was rejected for day-to-day use because it lacked scrollback, so the practical recommendation shifted toward lxterminal for X11 and foot for Wayland. The post also clarified platform behavior, noting X11 terminals generally run on Wayland via compatibility layers, while Wayland-native terminals usually do not run under X11.

The piece rederives the classic Buffon result for floorboard-line crossings using linearity of expectation instead of calculus, defining f(L) as the expected number of crossed lines for a random segment of length L. By dropping two independent needles of lengths L1 and L2, it shows E[X1+X2]=f(L1)+f(L2), then notes the same identity holds if the segments are welded into one, so f(L1+L2)=f(L1)+f(L2) for all L1, L2. With f nonnegative and increasing and f(0)=0, it concludes f(L)=cL. The argument is extended from a segment to a polygonal chain of N pieces and then to arbitrary finite-length rectifiable curves, showing expected crossings are proportional only to total length, independent of shape. To determine c, it evaluates a curve of known length: a circle of radius W/2 has length πW and crosses exactly one floor line twice with probability one, giving cWπ=2 and thus f(L)=2L/(πW). The discussion notes the setup uses Haar measure for randomness, equivalent to choosing the center uniformly in a region and orientation uniformly in [0,2π), and mentions continuity details are omitted in this sketch.

The author argues that AI does not convincingly make engineers less intelligent overall, but it can reduce hands-on learning when work is done through AI. They challenge the claim that this should block adoption, comparing current pressure to construction work where workers accept physical strain because it is part of the paid task. The essay says the traditional path of improving through writing code itself may be a historical artifact, and if AI improves short-term output enough, it may be hard to refuse using it. The post warns that insisting on manual coding alone could make engineers less competitive and that career planning may need to shift before older habits or roles become economically obsolete. It frames software engineering as potentially shorter in its traditional form, echoing the way athletes have finite performance windows, while noting that adaptation, supervision, and higher-level contribution may define the future role. In the comments, readers broadly dispute where that future boundary is, and whether AI causes deep atrophy or simply frees cognitive capacity. Several commenters argue that practical outcomes already show AI increasing productivity while changing job mix, with less pure implementation and more alignment, architecture, and communication. Others reject the core analogy, pointing out AI randomness, age-based career myths, and the fact that software work has always evolved and required periodic redefinition. The post links this discussion to broader anti-AI backlash and industrial-scale anxiety, reinforcing that the issue is less technical purity and more labor-market restructuring.

An engineering post reports on BEAM concurrency escape hatches introduced in recent OTP releases, contrasting :atomics and :counters as alternatives to shared mutable ETS-style patterns. :atomics is an off-heap, shared, mutable 64-bit integer array owned by the runtime, supporting atomic add, add-and-get, exchange, and compare-and-swap, with sequentially consistent ordering across indices that makes it suitable as a synchronization primitive. It also notes overflow wrapping behavior for unsigned values and explicit mention that values are mutable and visible across processes. :counters is also off-heap and integer-based but uses per-scheduler cells in signed mode, giving very fast contention-free writes and good scalability as writers increase, at the cost of only eventually consistent reads and weaker ordering guarantees. The post explains that :counters reads sum scheduler-local values, so concurrent readers may observe partial snapshots, while :atomics gives stronger ordering at a higher write contention cost. A benchmark on an Apple M4 Pro compares ETS, :atomics, and :counters; with one writer all are similar, while above single-core and then multi-core levels ETS degrades, :atomics holds steady, and :counters scales best until saturation. The author concludes that :atomics is best for real atomic synchronization needs, while :counters in write-concurrency mode is best for high-volume increments and infrequent reads, and that ETS still remains useful in other contexts. In discussion, readers question whether counters were always atomics-based internally, and others note a desire for an atomic_term abstraction for broader shared mutable state.