Claude Opus 4.7 launches at unchanged pricing ($5/M input, $25/M output) with improved coding, instruction following, and vision—now accepting images up to 2,576px (~3.75 megapixels), 3x prior models. A new xhigh effort level sits between high and max; Claude Code defaults to xhigh for all plans. Anthropic intentionally curtailed Opus 4.7's cybersecurity capabilities vs. the unreleased Mythos Preview, adding automatic safeguards that block high-risk security requests; a Cyber Verification Program is open to legitimate researchers. A new /ultrareview command in Claude Code (three free trials for Pro/Max users) and public-beta task budgets for API developers also ship today. Migration requires planning: a new tokenizer increases token use 1.0–1.35x, and higher-effort agentic sessions produce more output tokens. Enterprise testers report double-digit gains—13% on one coding benchmark, 3x task resolution on Rakuten-SWE-Bench, and 98.5% visual-acuity scores vs. 54.5% for Opus 4.6. Available via Claude API, Bedrock, Vertex AI, and Microsoft Foundry.
Comments: Users report frustration with Opus 4.7's aggressive cybersecurity filtering: the model flags ordinary code and markdown as potential malware mid-task, and safeguards retroactively affect Opus 4.6, blocking researchers without CVEs from the Cyber Verification Program. The 1.0–1.35x tokenizer overhead plus new xhigh default effort raises cost concerns, with subscription users questioning whether their limits effectively shrank. "Adaptive thinking" replacing "extended thinking" changed defaults silently—reasoning summaries are now off by default, requiring "display": "summarized", breaking production pipelines without errors. Independent benchmarkers confirm Opus 4.7 leads in agentic coding but flag a MRCR long-context regression (78% to 32%) and more hallucination on obscure knowledge. Many believe Opus 4.6 was deliberately degraded before the 4.7 launch and see 4.7 as codifying rather than reversing those regressions. Stricter literal instruction-following means prompts tuned for earlier models now produce unexpected results. A surge of "switched to Codex" comments drew skepticism about whether it represents genuine migration or coordinated messaging.
Tree-sitter is a fast, incremental C-based code parsing generator with bindings in Rust and R. Davis Vaughan authored the R grammar for Tree-sitter, which became the foundation for an entire R developer tooling ecosystem. GitHub uses this grammar to improve R code search, surfacing function definitions as top results. The Positron IDE's Ark kernel uses Tree-sitter for autocompletion, hover docs, and smart pipeline selection. Air is a Rust CLI that reformats R code blazingly fast; Jarl extends Air to lint, fix, and detect unreachable code or duplicate definitions. The {treesitter} R package provides direct parsing and querying, and underpins {gander} (LLM code assistance) and {igraph.r2cdocs}. ast-grep and its R wrapper {astgrepr} enable structural search and rewriting, used in {flir} for refactoring. {pkgdepends} calls Tree-sitter to scan package dependencies; {muttest} uses it for mutation testing. Gábor Csárdi's {ts} handles YAML/TOML editing while preserving comments, and difftastic provides syntax-aware structural diffs with native R support.
Nvidia Blackwell GPU rental prices hit $4.08/hour — up 48% in two months — while CoreWeave raised prices 20% and extended minimum contracts from one to three years. OpenAI CFO Sarah Friar acknowledged skipping projects due to compute constraints, and Anthropic has limited its newest model to roughly forty organizations, making frontier AI access a gated privilege. Five trends are defining this "scarcity era": relationship-based selling where providers favor strategic customers; SOTA models going to the highest bidder; availability without speed guarantees; AI compute becoming an inflationary commodity requiring procurement discipline; and forced diversification toward smaller or on-premise models until energy and data center buildouts catch up, potentially years away. Startups face the toughest conditions, as capital depth increasingly determines who can access the bleeding edge.
Comments: Commenters broadly push back on the "scarcity era" framing. Several note that open-weight models lag SOTA by only six to twelve months, meaning developers can already build capable products on locally-runnable models like recent Qwen releases — including voice chatbots in 8GB VRAM — drawing an analogy to personal computing displacing mainframe telnet access. Others point out models are becoming dramatically more efficient (DeepSeek V3 at roughly one-tenth the cost of contemporary ChatGPT), and distillation is an equalizing force. Some call it artificial scarcity, predicting ASIC-based LLM inference will commoditize within two to three years. A pointed critique notes labs burning cash while claiming insufficient compute is contradictory — like a grocer selling oranges below cost and claiming supply shortages. More optimistically, users argue constraints will accelerate innovation in harness design and small model optimization, both areas still rich with low-hanging fruit. The US energy bottleneck and China's compute restrictions are framed as a race where whoever resolves their constraint first exits the scarcity era first.
Google has introduced three new tools for AI-assisted Android development outside Android Studio: Android CLI, Android Skills, and the Android Knowledge Base. Android CLI is a terminal-based interface covering environment setup, project creation, emulator management, and deployment; internal tests show 70% reduction in LLM token usage and 3x faster task completion versus standard toolsets. Key commands include android sdk install, android create, android run, and android update. Android Skills are modular markdown-based instruction sets (SKILL.md files) that auto-trigger based on prompt context, covering common patterns and best practices for workflows that LLMs often struggle with. The Android Knowledge Base, accessible via android docs and already in Android Studio, lets agents fetch up-to-date guidance from Android developer docs, Firebase, Google Developers, and Kotlin docs—compensating for LLM training cutoffs. All three tools are agent-agnostic, supporting Gemini CLI, Claude Code, Codex, and others, and are designed to bridge into Android Studio for advanced UI design, debugging, and profiling. Android CLI is available in preview at d.android.com/tools/agents.
Comments: Users raise security concerns, predicting LLM-generated code will produce entire classes of exploitable vulnerabilities—including bugs baked in by flawed training data—creating a future cleanup industry analogous to today's legacy tech migration work, but compounded by LLM-specific failure patterns. On privacy, users note that Android CLI collects usage metrics (commands, subcommands, flags) by default and question why only a --no-metrics flag is offered rather than an environment variable opt-out, with some frustrated that Google collects still more data. On the positive side, some see agentic tooling as finally delivering on decades of demand for proper requirements-driven software development. Practical concerns also emerge around app publishing, with at least one user unwilling to engage with the platform unless ID verification requirements are removed.
AutoProber is an open-source hardware hacking stack combining a GRBL-compatible 3018-style CNC, USB microscope, and Siglent oscilloscope to let an AI agent autonomously locate, image, annotate, and probe circuit board targets. The agent scans a new target by capturing XYZ-logged microscope frames, identifying pads, pins, and chips, then stitches them into an annotated map. Probe candidates surface in a web dashboard for manual operator approval before any physical contact. Safety is central: the GRBL probe pin is explicitly untrusted; an independent optical endstop wired to oscilloscope Channel 4 is the true safety monitor, polled at 10 Hz+ during all motion. Any ambiguous voltage, CNC alarm, or limit pin triggers immediate feed hold with no automatic recovery — operators must explicitly clear the condition. Hardware includes a SainSmart Genmitsu 3018-PROVer V2, Siglent SDS1104X-E oscilloscope, and a network-controlled smart power strip. Control is available via web dashboard, Python scripts, or agent commands. Licensed under PolyForm Noncommercial 1.0.0; commercial use requires a paid license.
Comments: The sole comment expresses astonishment that the project has only a single star on its repository, calling it "genuinely mind blowing" — implying the commenter views AutoProber as a significantly underappreciated technical achievement given its scope and sophistication.
Akkari is building a customer context API designed for LLMs, aggregating fragmented customer data from sources like calls, chat, emails, and CRM systems into a unified, continuously updated state for AI agents. The platform aims to make customer-related queries and automations faster, cheaper, and more reproducible. Founded by repeat entrepreneurs with prior startup exits and backed by notable VC funds and AI executives, the company is seeking one Founding Engineer based in San Francisco to help shape product and company direction, requiring strong engineering fundamentals and entrepreneurial drive. Interested candidates can apply via jobs@akkari.io.
A blogger ran his informal "pelican riding a bicycle" SVG benchmark on two new releases: Alibaba's Qwen3.6-35B-A3B (a 21GB quantized model run locally via LM Studio on a MacBook Pro M5) and Anthropic's Claude Opus 4.7. Qwen won both tests—pelican on bicycle and flamingo on unicycle—with Opus notably botching the bicycle frame; a second Opus attempt with maximum thinking didn't improve results. Suspicious of potential benchmark gaming, the author used a secret "flamingo on unicycle" backup test, which Qwen also won, partly for its charming SVG comment. He concludes that while Qwen produced better SVGs, this doesn't imply general superiority—Opus likely remains more capable overall. The benchmark, always intended as a joke, historically correlated loosely with general model usefulness, but that connection now appears broken. The takeaway: for the specific task of SVG animal illustrations, a locally-run quantized open model currently outperforms Anthropic's flagship proprietary release.
Comments: Commenters are split on both the results and the benchmark's validity. Some disagree with the author's judgment, arguing Opus's flamingo is anatomically more accurate—correctly seated with functional spokes—while Qwen's is physically implausible, suggesting Qwen may be overfitting to the pelican test. Many question the benchmark's broader usefulness, noting SVG quality reflects targeted fine-tuning rather than general capability, and that labs increasingly optimize for known benchmarks. One commenter provides concrete coding data: Qwen3.6-35B-A3B solved only 11/98 Power Ranking tasks versus Opus 4.6's 95/98, underscoring the real-world capability gap. Others note Anthropic's models have been regressing on non-coding tasks since version 4.1. Several users highlight the persistent gap between impressive one-shot demos and reliable iterative tool use—e.g., getting Gemini to make small diagram edits remains frustrating. A few share positive hands-on experience running Qwen locally for agentic workflows and security bug-finding, though patch-writing quality lags. Some simply call the benchmark pointless after repeated model releases.
Cloudflare is launching a unified inference layer giving developers access to 70+ AI models from 12+ providers — OpenAI, Anthropic, Google, Alibaba Cloud, and others — through a single API and shared credit pool. Using the existing AI.run() binding, switching providers is a one-line change. The platform centralizes cost monitoring with custom metadata tagging by user, team, or workflow. Automatic failover reroutes traffic if a provider goes down, with no custom logic required. For streaming agents, AI Gateway buffers responses independently of agent lifetime, enabling mid-inference reconnection without duplicate billing. Cloudflare's 330-city network minimizes latency. Custom fine-tuned models can be deployed via Replicate's Cog containerization, which abstracts CUDA dependencies and weight loading. Replicate's team has merged fully into Cloudflare's AI Platform, with their hosted models migrating to Cloudflare infrastructure. REST API support, container push APIs, wrangler commands, and GPU snapshotting for faster cold starts are in progress. Image, video, and speech models are now supported for multimodal applications.
Comments: Users widely compare the offering to OpenRouter, questioning what differentiation Cloudflare adds beyond its Argo network. Pricing transparency is a top concern — the model catalog shows no costs, and users question whether Cloudflare marks up token prices. Several users demand hard daily spending caps, citing runaway-bill risks from bugs or breaches, and note competitors like Google and OpenAI handle budget controls better. Privacy-focused users flag that a "unified inference layer" is effectively a prompt-and-response proxy, with zero-data-retention not on by default and not universally supported. Lack of regional deployment detail frustrates some. On the upside, users praise D1's reliability and see this as a credible AWS Bedrock alternative with better uptime. The Replicate acquisition is viewed positively, though scalable LoRA/fine-tune deployment remains an unsolved problem industry-wide. A notable complaint thread describes Cloudflare's support as broken — dead phone lines, defunct emails, looping AI chatbot — raising enterprise reliability doubts. Agent governance and authorization auditability are flagged as the next hard unsolved layer.
A full-length documentary chronicles the creation of Clojure, the Lisp dialect built by Rich Hickey during a two-year sabbatical that now powers core infrastructure at Nubank, the world's largest independent digital bank. Featuring Hickey alongside contributors Alex Miller and Stuart Halloway, the film traces Clojure's intellectual roots in academic papers like "Out of the Tarpit" and Phil Bagwell's Hash Array Mapped Tries research, which directly inspired Clojure's persistent data structures. The language runs on the JVM and prioritizes immutable values, functional programming, and Software Transactional Memory for concurrency — design choices that reduce accidental complexity. Cognitect, the consultancy that stewarded Clojure for years, was acquired by Nubank in 2020. The ecosystem has since expanded to ClojureScript, ClojureCLR, Babashka for fast scripting, and experimental targets like LLVM (Jank) and Flutter (ClojureDart). A growing set of AI coding tools — including ClojureMCP and MCP-nREPL — now connect LLMs directly to the Clojure REPL for structure-aware editing.
Comments: Commenters express genuine enthusiasm for the documentary, with some sharing personal histories of building production Clojure systems — including early experiments compiling Clojure to JavaScript on AWS Lambda when Node.js 0.10 was the only available runtime. One commenter raises a pointed criticism: the inclusion of AI-generated content in the documentary is seen as tone-deaf given Rich Hickey's known skepticism toward AI, suggesting a disconnect between the subject's values and the producers' choices.
Marky is an open-source macOS markdown viewer built with Tauri v2, React, and markdown-it, designed to open .md files from the terminal via marky FILENAME or entire folders as persistent workspaces with marky FOLDER. It features live reload (files update instantly as they change on disk), a Cmd+K fuzzy-search command palette powered by nucleo, syntax highlighting via Shiki with VS Code themes, KaTeX math rendering, Mermaid SVG diagrams, and full GitHub Flavored Markdown support including tables, task lists, and footnotes. The app uses DOMPurify for sanitized rendering, follows system light/dark preference, and ships as a native webview (not Electron), keeping the production .dmg under 15 MB. Installation is via Homebrew, though the binary is currently unsigned pending Apple developer review, requiring a temporary xattr -cr workaround. The stack includes Rust for the backend (file I/O, watching, fuzzy search), React + TypeScript + Vite for the frontend, shadcn/ui primitives, and Tailwind CSS. Planned features include x86 and Linux support, built-in AI chat with Claude Code or Codex, and git diff review.
Comments: Commenters are broadly positive, with one noting they had the same need and built a similar tool (mdreader) using fumadocs for the UI layer. Another user acknowledges appreciation for the Tauri choice and draws a comparison to Typora, a well-regarded commercial markdown editor, suggesting Marky fills a gap for users who want a free alternative. Neither commenter raises technical concerns, and the overall reception reflects recognition of a real workflow need in the developer community.
Two researchers explored whether hardware datapath optimizations can be expressed as classical compiler transformations, using carry-save addition and loop fusion as their test case. Carry-save addition reduces three n-bit integers to two using full-adders in parallel, cutting cost to one slow addition plus constant overhead. Loop fusion merges adjacent loops to reduce iterations and memory traffic. By expressing bitvector addition as a loop of full-adders and applying fusion, the resulting program is structurally identical to carry-save addition. Formal equivalence is proven by induction over loop index i in GF(2) arithmetic, requiring a strengthened hypothesis (a[i]b[i] = c[i]d[i]) to close — a proof the authors call "pretty gnarly." The key insight is that a compiler capable of loop fusion and inductive loop-body rewriting could automatically discover carry-save adders and potentially other hardware tricks, exploiting the regularity in hardware programs at a level between fully unrolled circuit analysis and high-level operator rewrites.
Comments: Commenters note that the intersection of functional programming and hardware circuit design has a long history, pointing to Mary Sheeran's µFP language from the early 1980s as an early example of modeling synchronous digital circuits with functions. Surveys exist on the broader topic of representing circuits functionally, and systems in various languages have explored this space. BlueSpec is mentioned as another noteworthy — though quite different — approach in this domain, suggesting the paper's ideas connect to a substantial body of prior academic work.
The author concludes a multi-part series by drawing parallels between AI/ML adoption and the automobile's societal transformation — arguing that just as cars reshaped cities and decimated communities, LLMs already cause measurable harm through slop-filled search results, rising energy costs, fraudulent content, CSAM, and deskilling. The author argues ML assistance degrades "metis" — deep theory-building and muscle memory that comes from doing work by hand — and advocates refusing LLMs for writing, software, and personal life. Recommendations include calling Congress for regulation, opposing datacenter tax breaks, forming labor unions to resist Copilot mandates, and suggesting AI company employees quit their jobs. Delaying ML advancement is framed as buying time for culture and government to adapt to existing harms. The epilogue undercuts this by admitting the author will likely eventually use an LLM for a constrained home automation task, acknowledging their own cognitive dissonance. The piece was written entirely by hand in Vim without LLM assistance.
Comments: Commenters debate whether the "stop" stance is realistic. Several note that resisting LLMs is a luxury for those with established skills, while junior engineers facing job pressure have little real choice. Historically minded commenters observe that cognitive skills only became economically valued around WWII, suggesting AI may return society to valuing physical robustness. Others compare resistance to Luddism, noting moral objections appear at every industrial turning point. One commenter highlights a senior VC who profits from AI while worrying her children will have no jobs. Some argue the car analogy fails because AI explicitly aims to replace rather than augment. Practical users describe a "90% machine" model — LLMs for boilerplate, human judgment for final implementation — while wrestling with whether that erodes foundational knowledge. Several push back on doomerism, comparing AI deniers to COVID deniers, while others question whether AI harms are primarily felt inside the tech bubble. UK Online Safety Act geo-blocking drew ironic commentary. Frank Herbert's warning about doing things without thinking was cited in defense of the author's argument.
Kampala, by Zatanna, is a traffic interception tool that lets users reverse-engineer HTTP/S flows from websites, mobile apps, and desktop apps in real time. It operates as a man-in-the-middle (MITM) proxy, automatically mapping auth chains — tokens, cookies, sessions — and capturing request sequences for replay as automations. A key feature is fingerprint preservation, which keeps intercepted TLS/HTTP fingerprints identical to originals to avoid detection. The tool is currently Mac-only, with Windows support on a waitlist. Its primary use cases include automating workflows against apps that lack public APIs, building agents, and generating API documentation from captured traffic.
Comments: Users are largely impressed by Kampala's capabilities, with several sharing their own similar approaches — one describing a workflow using HAR files, Claude, and Playwright to build MCP servers that extract auth credentials and call internal APIs in locked-down corporate environments. Others ask about OpenAPI spec export, gRPC/WebSocket support, and handling mid-session re-authentication. SSL pinning is raised as a major practical blocker, with users reporting tools like ChatGPT and iOS apps failing immediately under MITM proxies. A Caido co-founder notes that auth handling and TLS fingerprinting are extremely difficult to get right. Ethical and legal concerns dominate a significant thread: multiple users argue the tool enables ToS violations by design — particularly its anti-bot evasion feature — and question whether YC should be backing startups built on circumventing application restrictions. One user suggests dropping "reverse engineer" from the marketing language to reduce legal exposure.
CodeBurn is an open-source CLI (npm install -g codeburn) giving developers visibility into AI coding token costs across Claude Code, Codex, Cursor, OpenCode, Pi, and GitHub Copilot by reading session data directly from disk — no proxy or API keys. It classifies turns into 13 task categories (Coding, Debugging, Git Ops, etc.) using deterministic tool-usage pattern matching, not LLM calls. A key metric is the "one-shot rate": the percentage of edit turns where the AI succeeded without triggering edit/test/fix retry loops. The Ink-based TUI shows daily cost charts, per-model breakdowns, cache hit rates, MCP server usage, and shell commands. Pricing comes from LiteLLM (cached 24h), with hardcoded fallbacks for Claude and GPT-5 to prevent fuzzy-match mispricing. A macOS SwiftBar menu bar widget shows live spend; 162 ISO 4217 currencies are supported via ECB exchange rates. GitHub Copilot support covers output tokens only; Cursor's "Auto" mode is estimated at Sonnet pricing. The tool was prompted by the author spending ~$1,400/week on Claude Code with no token visibility.
Comments: Users generally find CodeBurn compelling, with one suggesting a future feature that analyzes usage patterns to recommend cost-cutting improvements. A developer building a custom Claude harness notes interest in using CodeBurn as reference, pointing out it shares Ink (React for terminals) as a UI framework with Claude Code itself. One user highlights a similar alternative, Claudoscope, while another points to their own open-source project, clauderank.com. A skeptical commenter pushes back on the $1,400/week spend framing, claiming the $200/month subscription plan has never rate-limited them even running five-plus concurrent agent tabs on a 300k-line codebase — implying the headline figure reflects heavy API usage, not subscription use. A practical limitation noted is that Cursor Agent may store data in ~/.cursor rather than the path CodeBurn currently reads, causing detection failures for some users.
Google's IPv6 statistics page shows connectivity availability among Google users crossed 50% on March 28, 2026, though the metric measures availability rather than actual traffic volume. The graph shows predictable weekly oscillation of ~5%, with Saturday peaks and mid-week troughs, attributed to higher smartphone usage on weekends since mobile devices predominantly use IPv6. Mobile-heavy markets like India drive adoption above 70%, France and Germany lead at ~80%, while Spain sits at ~9.9% and Denmark lags despite robust fiber infrastructure. Service-side adoption trails: GitHub remains IPv4-only, Amazon.com hasn't adopted IPv6, and GCP internal services like CloudSQL still lack full IPv6 support. Technical barriers include TCAM memory constraints in routers that force many ISPs to software-route IPv6 with near-double latency. Economically, CGNAT keeps IPv4 viable enough to delay migration, with AWS charging for IPv4 addresses being the strongest market pressure toward change. Wikipedia reports 35% IPv6 vs. 65% IPv4 for HTTP requests, and bot/crawler traffic is nearly 100% IPv4. The adoption curve appears to be flattening into a sigmoid well below 100%.
Comments: Comments stress that Google's metric measures IPv6 availability among its users rather than total internet traffic, a distinction the submission title misrepresents. The weekly ~5% oscillation reflects weekend mobile usage surges, as smartphones use IPv6 while enterprise workstations stay on IPv4. GitHub's IPv4-only status draws frustration, though enabling IPv6 would silently break customers relying on IP-based access controls since IPv4 and IPv6 addresses can't be easily correlated. A technical explanation cites TCAM memory as a core hardware barrier — routers can't dynamically reallocate TCAM between protocols, forcing software-routing of IPv6 with near-double latency, suggesting properly supported IPv6 may be below 10% of networks. France (~80%) and Germany (~77%) lead while Spain (~9.9%) and Denmark lag; India's high rate reflects 4G/5G prevalence. IPv4 remains viable via CGNAT, and AWS charging for IPv4 is seen as the strongest migration pressure. An IETF draft for IPv8 published days prior generated sardonic commentary about waiting for the next protocol rather than completing the current migration.
Cloudflare launched Artifacts, a distributed versioned filesystem for AI agents exposing standard Git remotes via HTTPS, backed by Durable Objects, R2, and KV. Repos can be created, forked, and imported programmatically at millions-per-namespace scale via REST API or native Workers bindings with on-the-fly credential generation. The Git engine is pure Zig compiled to ~100KB Wasm — no libc — handling SHA-1, zlib, delta encoding, pack parsing, and the full smart HTTP protocol. Files sit in Durable Object SQLite, chunked for the 2MB row limit, with streaming throughout fetch and push paths. Cloudflare also open-sourced ArtifactFS, a FUSE driver that mounts large repos instantly via blobless clone and hydrates file contents in the background — cutting a 2-minute clone to ~10-15 seconds, prioritizing code and manifests over binaries. Internally, Cloudflare uses Artifacts to persist agent session state per session, enabling forking and time-travel. Git-notes let agents attach metadata to objects without mutating history. Pricing: $0.15/1k operations, $0.50/GB-month, with 10k ops and 1GB free. Private beta is live for paid Workers customers; public beta targets early May 2026.
Comments: Users find the Zig/Wasm Git engine impressive — one commenter spent years on a Zig Git implementation and praises its memory control and zero-dependency philosophy. ArtifactFS draws enthusiasm, with comparisons to OCI content-addressed storage. Pricing skepticism is notable: at $0.15/1k operations, costs run ~30x higher than S3 PUT/POST, making operation batching critical. Some question the target market, arguing most coding-agent platforms tolerate minutes of setup and default to GitHub plus existing sandbox providers. A pointed skeptic challenges the core premise — that agents changed source control demand — arguing code volume is constrained by product requirements, not throughput, and that Git's line-oriented diff is poorly suited for general state storage versus relational databases. One user raises concern about recording full agent session history: powerful for collaboration, but a deep erosion of personal workspace privacy. Another sees Artifacts as part of a convergence where Dropbox, GitHub, and now Artifacts version files for different audiences, questioning why one unified system can't serve all three.
MacMind is a 1,216-parameter single-layer, single-head transformer written entirely in HyperTalk — Apple's 1987 HyperCard scripting language — and trained on a Macintosh SE/30 running System 7.6.1. It learns the bit-reversal permutation (first step of the FFT) from random examples, with no compiled code or external libraries. The architecture includes token embeddings, positional encoding, scaled dot-product self-attention, cross-entropy loss, backpropagation, and SGD, all weights stored as comma-delimited numbers in hidden HyperCard fields. Training ~1,000 steps to convergence takes hours on real hardware since every operation goes through the HyperTalk interpreter on an 8 MHz 68030. After training, the attention map independently reproduces the FFT butterfly routing pattern Cooley and Tukey published in 1965. The stack ships as two disk images — pre-trained and blank — and a Python/NumPy reference confirms 100% accuracy. HyperCard 2.0+ is required because version 1.x lacks standard operator precedence, which would silently corrupt all matrix math. It runs on real vintage hardware or under Basilisk II and SheepShaver emulators.
Comments: Commenters find the project genuinely impressive, drawing parallels to other efforts running modern ML on constrained vintage hardware, and frame it as evidence that AI progress is fundamentally about better algorithms rather than just more compute. One user quickly imported the stack into the web-based HyperCard Simulator and shared a working link, noting it runs adequately without XCMDs. Another sees it as a new benchmark target for an in-progress ARM64 JIT for Basilisk II. Some ask where the actual HyperTalk source is, since only the Python validator appears in the repo. Philosophically, users liken the project to transplanting germ theory to ancient Greece — modern concepts that could have existed decades earlier had anyone thought to try them. A few shorter comments request more inference demos and call the architecture interesting.
France, Germany, Poland, the Netherlands, Luxembourg, Belgium, NATO, and the European Commission are rolling out government-controlled messaging apps to replace WhatsApp and Signal for official communications. The shift is driven by concerns over strategic dependence on American technology — WhatsApp is owned by Meta, and Signal is a US-based non-profit subject to US jurisdiction. The European Commission plans to complete its transition by end of 2026. Critics note a deep irony: government-run messengers are precisely what makes employees distrust them, since their own managers can read their messages, whereas the threat from Meta feels more abstract. Commenters also question whether these apps are genuinely secure given backend infrastructure often runs on AWS or Azure, phones can receive silent app updates, and hardware-level backdoors remain. Some suggest the EU should self-host open-source federated protocols like Matrix or ActivityPub instead of building proprietary tools. The practical reality is that government IT is notoriously underfunded, with employees still complaining about 200MB mailbox limits, making usability of new tools a serious concern.
Comments: Commenters support the intent but are skeptical about execution and genuine security gains. The core criticism is that government-owned messengers undermine employee trust in a concrete, immediate way — employees know their managers can read their messages, driving them to unofficial channels. Security-minded users point out that sovereignty is illusory when backends run on AWS or Azure, phone vendors hold root keys to secure elements, and apps can be silently updated. Some suggest the EU should federate around open protocols like Matrix or ActivityPub rather than building proprietary tools. Others note the real security gap isn't the messaging app — civil servants frequently discuss sensitive matters in public settings after work. A few highlight that EU civil servants are broadly banned from AI tools (with Microsoft Copilot as a noted exception), suggesting a pattern of inconsistently applied tech policy. Self-hosting open-source solutions is framed as obvious common sense that bureaucracies keep missing.
Airline booking systems rest on 60-year-old infrastructure most engineers misunderstand. A PNR locator like "DDTCIV" is GDS-scoped—unique within Amadeus or Sabre, but not globally, so two passengers on different airlines can share the same code. IATA's RP 1830, formalized in the 1960s, requires five elements before a PNR saves: passenger name, flight segment, contact, ticketing deadline, and a received-from audit field; passport and payment are optional. The e-ticket number is the true primary key: its three-digit prefix identifies the ticketing carrier (098 = Air India), it lives in the airline's ETD rather than the GDS, and survives cancellations and re-accommodations while PNR segments change. Fare lines use IATA's Neutral Unit of Construction (NUC), a fictional 1970s currency that allows consistent international pricing by applying a Rate of Exchange only at ticketing time. Q surcharges are legacy routing fees—retiring them requires multilateral industry agreement, adding them does not. Tour codes embedded in PNRs thread corporate account identifiers across GDS, airline, travel agency, and corporate finance systems via IATA's BSP settlement.
Comments: Commenters add several technical details absent from the piece. One notes that NUC informally stood for "Not US Currency" among its creators, yet it tracks the dollar anyway—calling it "the first stablecoin" since that dollar-peg was the only compromise everyone could accept. Another points out a collision risk: six base-36 characters yields only ~2.18 billion combinations, and GDS documentation suggests locators are purged and recycled after roughly a week, raising the question of how collision-free recycling is managed. One commenter was nearly deterred by the vague title, expecting something about short DOS filenames. Another is troubled by the 3-digit numeric airline code system—with only 1,000 possible values, it seems insufficient given the number of active carriers worldwide. A fifth commenter asks a pointed technical question the piece leaves unanswered: the ROE value gives an exchange rate, but nothing in the fare line explicitly states the target currency—how does a parser know what units to convert into?
Cloudflare's Email Service entered public beta during "Agents Week," offering bidirectional email infrastructure for AI agents and Workers apps. Email Sending provides a native Workers binding with no API keys needed, plus a REST API with TypeScript, Python, and Go SDKs at $0.35/1K outbound emails. Cloudflare auto-configures SPF, DKIM, and DMARC on domain addition to avoid spam filtering, and combined with the existing free Email Routing, developers get complete send/receive in one platform. The Agents SDK gains full bidirectional support via an onEmail hook, with Durable Objects persisting state across sessions and HMAC-SHA256-signed headers securing reply routing to specific agent instances. Additional tooling includes an Email MCP server, Wrangler CLI commands, a coding-agent skill, and an open-source "Agentic Inbox" reference app with threading, Workers AI classification, R2 attachment storage, and built-in automation. The service requires the Workers Paid plan—a restriction absent from the announcement. Target use cases include customer support agents, invoice processing, account verification, and async multi-agent workflows.
Comments: Users welcome an alternative to AWS SES and Resend but raise pointed concerns. Spam risk dominates: critics note that lowering friction for bulk sending on a trusted global network is a tragedy-of-the-commons problem, and Cloudflare's transparent IP prefix documentation makes it trivial for operators to block the entire service. Transit security is another gap—MTA-STS is supported but not enabled by default or surfaced during onboarding. Pricing drew scrutiny: at $0.35/1K emails the service is roughly 3x AWS SES, and agentmail.to undercuts it at $0.20/1K with a 3K free tier. A significant omission is that Email Sending requires the Workers Paid plan, exposing solo developers to uncapped billing risk from runaway workers. Technical gaps include no SMTP credential support (blocking Supabase integrations) and no idempotency. Some question the premise entirely—agent-to-agent email loops risk accelerating "dead internet" dynamics—while others counter that the "agents" framing is pure marketing for a straightforward transactional email API comparable to what AWS has offered for years.
Researchers gave OpenAI's Codex a browser-level shell on a Samsung Smart TV (KantS2 firmware, Linux 4.1.10) and asked it to escalate to root without a provided bug or recipe. The setup included a controller host for building ARM binaries, a tmux-driven shell, Samsung's firmware source tree, and a memfd wrapper to bypass Tizen's Unsigned Execution Prevention. Codex identified world-writable Novatek-derived ntk* device nodes, audited the driver source, and found ntksys accepted user-supplied physical addresses via ST_SYS_MEM_INFO ioctl and remapped them verbatim — a physmap primitive with no range validation. Using /dev/ntkhdma to leak a DMA buffer address, Codex proved read/write physical memory access, then scanned RAM windows from /proc/cmdline to locate the browser process's kernel cred structure by its uid=5001/gid=100 pattern, zeroed the credential fields, and launched a root shell. Researchers steered Codex several times when it drifted. The initial browser foothold was obtained by the researchers separately; Codex handled only the privilege escalation.
Comments: Users flag key caveats: Codex had full firmware source code, and the browser foothold was obtained by researchers — not Codex — making the "AI hacked a TV" framing overstated. Many note Samsung's stack is a typical BSP pileup where Novatek ships a barely-functional driver, Samsung integrates it without security audits, and deadline pressure ensures no range validation gets added. Some question whether this is genuine "hacking" or well-resourced brute-force on a platform that has been hackable for a decade. Others are more impressed: a skilled human with Codex as a tool can achieve exploitation with light steering, and casual conversational prompting proved effective. A concern raised is that LLM vendors may respond by censoring security capabilities. Commenters share adjacent wins: one used Codex to reverse-engineer a TP-Link router's obfuscated auth API, another used Claude to document an unsecured Bluetooth RGB protocol. The consensus is the real story is the physmap design flaw — a world-writable memory-management interface with no physical range validation — not AI capability alone.
Finding security bugs with AI is fundamentally unlike proof-of-work mining because LLMs have an intelligence ceiling that more tokens or weaker models running longer cannot overcome. The author uses the OpenBSD SACK bug as a case study: a complex three-way interaction between missing window-start validation, integer overflow, and an unexpectedly-entered NULL branch. Weaker models pattern-match individual suspicious traits and hallucinate partial findings, but lack causal reasoning to connect all three components into a real exploit. Counterintuitively, stronger (but not frontier-level) models are less likely to claim a bug exists at all, because they hallucinate less. Only a sufficiently capable model can reason through the full chain. The conclusion is that tomorrow's cybersecurity edge will come from access to better frontier models, not raw GPU scale or token budgets. The OpenBSD SACK example is offered as a reproducible test using cheap 120B open-source models.
Comments: Commenters question whether "Mythos" — cited as the model capable of finding the SACK bug — is verified or unaccountable marketing, since it's inaccessible via API with no known experimental setup. Others challenge the binary framing: both model quality and token budget matter, with the real advantage lying in frontier models combined with intelligent humans and ample compute. A recurring counterpoint is attacker-defender asymmetry: attackers need one bug; defenders must close all of them and deploy patches before attackers reverse-engineer fixes — a gap AI compresses to hours. Vast legacy and IoT codebases will remain vulnerable regardless, lacking economic incentive for patching. Some reframe the thesis as "proof of financial capacity," with frontier model access becoming a controlled means of production. Others note human pentesting equally relies on pattern-matching and luck. The practical consensus: more compute helps, better models help more, both together help most.
Japan's Justice Ministry has updated guidelines requiring certain applicants for the "Engineer/Specialist in Humanities/International Services" visa — commonly used by interpreters, company workers, and hotel staff — to prove language proficiency at CEFR B2 (upper-intermediate) level if their role involves language skills. Acceptable proof includes a JLPT N2 certificate or a Business Japanese Proficiency Test score of 400 or higher. B2 typically represents 2–5 years of study. The stated rationale is preventing fraud where applicants secure language-category visas but then perform unrelated or lower-skilled work — an upfront test being cheaper and more effective than post-hoc auditing. Commenters generally view this as a sensible, targeted anti-fraud measure, noting that language-dependent roles logically require demonstrated language ability, and some anticipate possible future expansions to permanent residency requirements.
Comments: Commenters broadly support the policy as a logical, cost-effective anti-fraud measure — if a visa category requires language skills, proving those skills upfront screens out fraudulent applicants while letting legitimate ones through easily. Long-term Japan residents note that language barriers impede social integration and generate resentment among both locals and foreign residents, with some expressing personal regret at not studying sooner. One dissenting view argues more broadly against immigration restrictions as a concept, comparing nations to hereditary country clubs and warning that as countries tighten entry requirements, people fleeing failing states — including potentially Americans — lose viable options; this commenter also draws a parallel to how politicians across countries use immigration as a scapegoat for domestic systemic failures rather than addressing root causes. The consensus, however, frames this specific policy as narrowly targeted and reasonable rather than broadly restrictive.
PHP 8.6 introduces two closure optimizations via an accepted RFC by Ilija Tovilo. Non-static closures are automatically inferred as static when guaranteed not to use $this, eliminating implicit reference cycles that required the cycle collector to resolve. The inference works in ~78% of explicitly-marked static closures in Symfony Demo testing, with edge-case limits around variable variables, indirect calls, and nested closures. Second, stateless closures — static, capturing no variables, declaring no static variables — are cached after first instantiation so repeated calls reuse the same object; a synthetic benchmark of 10M identical closures improves ~80%. In Laravel templates, 2,384 of 3,637 closure instantiations are avoided, yielding ~3% real-world throughput. BC breaks include ReflectionFunction::getClosureThis() returning NULL for inferred-static closures, identity equality between same-location stateless closures across calls, and earlier destructor triggering. Closure::bind()/bindTo() with an object is silently discarded for inferred-static closures to preserve compatibility.
Comments: Users draw a parallel to JavaScript, where closure expressions always produce distinct instances, making object identity reliably unique, though FinalizationRegistry now makes GC timing observable while still providing few guarantees — suggesting JS engines could theoretically apply similar caching optimizations. Others point to the PHP manual's existing documentation on static anonymous functions for background context. Some note the ~3% real-world gain as modest but welcome, while expressing confusion about the $this capture semantics. One commenter questions the continued relevance of PHP given JavaScript's ubiquity, reflecting a broader sentiment among some long-time PHP users.
Duke University's GDDI program adopted the Playdate — a $229 yellow handheld by Portland-based Panic — to replace index-card prototyping in introductory game design courses. Its free SDK, browser-based no-code Pulp builder, and free PC/Mac simulator let students build real playable games within hours, no hardware required. The device's constraints — 1-bit display, modest processor, fold-out crank — force deliberate design decisions. Portability enables spontaneous campus playtesting. Students with no prior development experience built polished games: a wave-based tower defense title and a crank-controlled spelling game, both themed around a required "owl" prompt. GDDI director Ernesto Escobar connected with Panic's Greg Maletic through the program's advisory board, launching Playdate's Fall 2024 curriculum debut. Over 50 units have since been distributed. Panic has formalized this into "Playdate for Education," offering institutional discounts to other schools.
Comments: Users draw a comparison between Playdate and TI-83 graphing calculator homebrew games — lo-fi, constraint-driven, community-made — highlighting how the device's aesthetic echoes that era. Interest is tempered by price: at $229 retail ($195 with education discount), some find it steep. However, the fully free development toolchain, including simulators for PC and Mac, is seen as a meaningful offset — making it reasonable to explore game development without buying the physical device at all.