HN Brief: 2026-05-15
Today’s Hacker News was a tale of two rewrites: Bun got rewritten in Rust by AI in nine days, and the thread spent 680 comments debating whether Jarred Sumner is reckless, lying, or both. The car-hacking crowd turned out in force for a deep physical removal of a RAV4’s telemetry module, sparking a nuanced argument about whether you’re just trading Toyota for Google or Apple. A third throughline was the growing unease over AI’s corrosive effects—on skill, on academic integrity, and on medical records—with genuine horror stories from Ontario’s AI scribe systems grounding the abstraction in concrete failure.
Most worth clicking: “Removing the modem and GPS from my 2024 RAV4 hybrid” for the best RF-shielding debate you’ll read this year; “Rewrite Bun in Rust has been merged” for the blow-by-blow denial and counter-denial over test modifications; “New arXiv policy: 1-year ban for hallucinated references” because a vocal minority defending sloppy citations is always a bloodbath; “Bitcoin trader recovers wallet with help of Claude” only to discover the real hero was fixing a misconfigured brute-force tool; and “Mullvad exit IPs are surprisingly identifying” for the sobering finding that a privacy-first VPN has only 284 distinct exit fingerprints.
Removing the modem and GPS from my 2024 RAV4 hybrid [article]
797 points · 408 comments · arkadiyt.com · 14h ago
The article is a detailed guide on physically removing the modem and GPS module from a 2024 Toyota RAV4 to stop the car from phoning home with telemetry data. The HN thread quickly dove into the nitty-gritty of RF shielding, with multiple people arguing that just capping antennas won't cut it because cellular signals can leak through tight spaces and reflections, and the car's firmware might just buffer data for batch transmission when it gets a weak ping. A big split emerged over the author's claim that Bluetooth pairing lets Toyota use your phone as a data pipe — many commenters pushed back hard, saying their phones don't share internet over Bluetooth without explicitly enabling hotspot, and that the linked adapter is really a wireless CarPlay bridge, not a generic tether. Others pointed out that even wired CarPlay or Android Auto still pipe telemetry straight to Google or Apple, and that GrapheneOS can sandbox that but can't stop the car from collecting the data in the first place. The consensus seemed to be that physical removal is a solid win, but you're just trading one corporate data slurper for another if you plug in your phone.
Rewrite Bun in Rust has been merged [article]
620 points · 680 comments · github.com · 23h ago
The linked article wasn't available to this summarizer; from the discussion, it's about the Bun project merging a complete rewrite of its codebase from Zig into Rust, which was generated largely by AI and happened in just nine days. The HN thread is deeply skeptical, with many calling the timeline reckless and accusing the team of lying when they previously dismissed the rewrite as just an experiment that would likely be thrown away. A major flashpoint is that the rewrite reportedly solved test failures by modifying the tests themselves rather than the code, which the project lead, Jarred Sumner, directly denies, saying no tests were deleted and only minor value adjustments were made for Rust's stack behavior. The broader suspicion is that Anthropic, which acquired Bun, is using this as a marketing showcase for its AI translation capabilities, and the community is split between those who see this as irresponsible YOLO engineering and those who think it's a bold experiment worth watching—but virtually no one thinks it should have been merged to canary this fast.
A message from President Kornbluth about funding and the talent pipeline [article]
600 points · 670 comments · president.mit.edu · 17h ago
MIT President Kornbluth posted a transcript warning that a new 8% endowment tax and a 20% drop in federal research awards are forcing the Institute to cut graduate enrollment by hundreds of students and scale back research. The Hacker News thread barely touched MIT’s specific budget situation and instead turned into a sprawling, heated argument about whether the US is experiencing a fascist takeover, whether democracy can legitimately vote itself out of existence, and whether secession would fix the country’s polarization. Many commenters saw the enrollment drop as evidence of a self-inflicted brain drain from hostile immigration policies, while others pushed back hard against calling the current administration fascist, insisting the real problem is structural flaws like gerrymandering and the electoral college. A long side debate emerged over whether democratic systems should allow majorities to vote for things like slavery or the Holocaust, with some arguing that constitutions alone won’t protect minorities if the courts get packed. The overall vibe was less about MIT’s funding woes and more about people using the post as a Rorschach test for their frustrations with American politics.
RTX 5090 and M4 MacBook Air: Can It Game? [article]
569 points · 141 comments · scottjg.com · 16h ago
The article is a deep-dive build log where someone got an RTX 5090 working with an M4 MacBook Air through a Thunderbolt eGPU, a Linux VM, and a mountain of kernel-level patches — mostly to prove it could be done, not because it’s practical. HN immediately split into two camps: the crowd that loves this kind of “mad science” hacking and respects the engineering, and the pragmatists pointing out that the final setup is 2-4x slower than a native PC and riddled with stability issues, making it a fun experiment but a terrible purchase. A big tangent erupted around the author’s admission that he asked an LLM for help early on, with some commenters arguing the model’s pessimism was a red flag (it told him the project was borderline impossible) while others defended the tool as a useful code-writing assistant once you ignore its bad advice. The discussion also drifted into Valve’s ARM efforts on the Steam Frame headset, correcting a commenter who confused it with the x86 Steam Deck, and into broader gripes about AI hype draining practical engineering conversation.
AI is making me dumb [article]
477 points · 284 comments · jpain.io · 13h ago
The author argues that relying on AI for writing and coding is actively degrading their own skills, to the point where they’ve stopped writing code entirely and are now teaching themselves from scratch. The thread largely sidesteps the personal lament and pivots to a debate about abstraction: a vocal faction insists this is just the next logical layer, no different from moving upskilling than moving from assembly to high-level languages, while others push back hard, saying LLMs are a qualitatively different leap that bypass the thinking process itself. The “you’re doing this to yourself” camp gets plenty of air, as does the counterpoint that getting paid more to think about architecture and delegate the minutiae isn’t dumb—it’s smart delegation. A secondary split emerges around whether new developers will ever build the deep mental models needed for edge cases if they never write code by hand, with several commenters noting that even experienced devs lose the ability to reason through disuse.
New arXiv policy: 1-year ban for hallucinated references [article]
469 points · 150 comments · twitter.com · 11h ago
The linked article wasn't available to this summarizer; from the discussion, arXiv is planning to impose a one-year ban on authors caught with hallucinated references, treating fake citations as a serious breach of the code of conduct. The thread largely applauded the move, arguing that academic publishing is drowning in AI-generated slop and that a citation you haven't verified is fundamentally fraudulent, regardless of whether a human or an LLM invented it. A vocal minority pushed back, insisting a single hallucinated reference could be an honest oversight—like a lab partner asking an AI for a last-minute citation and not catching the error—and that a year-long ban is punitive rather than rehabilitative. Others shot back that checking whether a cited work exists is the absolute minimum bar for publishing, and that coauthors are equally responsible for their paper’s contents, so the penalty is entirely justified even if the mistake wasn’t malicious. The conversation also surfaced that bad references predate AI (transcription errors, deliberately planted fake citations to trace propagation), but everyone agreed LLMs have poured gasoline on the fire, making enforceability of this policy more urgent.
New Nginx Exploit [article]
358 points · 75 comments · github.com · 14h ago
A full public proof-of-concept dropped for CVE-2026-42945 ("NGINX Rift"), a heap buffer overflow in nginx's rewrite module that's been lurking since 2008 and triggers on a common pattern of `rewrite` with a `?` plus unnamed captures followed by `set` or `if`. The thread quickly split: some argued the exploit assumes ASLR disabled so most setups are safe, but others pushed back hard, noting the writeup claims a reliable ASLR bypass is possible (just not published) and that forking worker processes give attackers unlimited tries to map memory. The security folks were blunt—calling "just enable ASLR" thinking harmful, since mitigations buy time, not immunity—while a separate tangent erupted over nginx still being on version 1.x compared to React 19, with people pointing out versioning schemes are arbitrary and nginx doesn't break things every release. Patches are out for F5 nginx 1.31.0/1.30.1 and Ubuntu shipped a fix this morning; the recommended quick mitigation is to switch from unnamed regex captures to named ones.
Mullvad exit IPs are surprisingly identifying [article]
341 points · 176 comments · tmctmt.com · 5h ago
The article reveals that Mullvad deterministically maps WireGuard keys to static exit IPs using a seed-based RNG, creating only 284 distinct IP combinations across all servers instead of the trillions theoretically possible. HN dug into the why—many argued the stateless design is simpler and avoids NAT tables, and that keeping the same IP across reconnects preserves SSH sessions and avoids CAPTCHA issues, though it undermines privacy for a "privacy product." A major split emerged around whether VPNs are useful at all: some insisted they're snake oil because you're just shifting trust from one corporation to another, while others pushed back hard, pointing to Mullvad's court-proven zero-logging and open-source audits as evidence it's far more trustworthy than ISPs that sell metadata. The thread also landed on a practical takeaway—if you use Mullvad, force-rotate your WireGuard key regularly to break the deterministic mapping, otherwise your exit IP combination is a persistent fingerprint across logins.
First public macOS kernel memory corruption exploit on Apple M5 [article]
339 points · 72 comments · blog.calif.io · 13h ago
A research team claims to have built the first public macOS kernel memory corruption exploit that defeats Apple's M5 hardware mitigation MIE (based on ARM's MTE), achieving a local privilege escalation from an unprivileged user to root in five days. The HN crowd quickly zeroed in on the mechanism: data-only attacks that corrupt memory without ever triggering MTE's tag checks, since they don't alter pointers—suggesting a gap in Apple's bounding and bounds-checking coverage in certain code paths. Several commenters noted GPU memory isn't covered by MTE either, and pointed to similar bypasses on Pixel devices last year. There was sharp pushback against the breathless AI-marketing framing—Daniel Stenberg of curl called it hype on the heels of a far more sober report—but the underlying trade-off (performance vs. full memory safety) and the question of why Apple's kernel isn't using Swift's strict memory safety or full bounds checking dominated the technical details, the thread settled on a sober verdict: MIE raises the bar but doesn't eliminate all corruptions.
Bitcoin trader recovers wallet with help of Claude [article]
321 points · 168 comments · www.tomshardware.com · 17h ago
A Bitcoin trader who got stoned 11 years ago, lost the password to a wallet containing 5 BTC (now worth ~$400k), and finally cracked it back open by dumping his entire college computer into Claude AI. The HN crowd quickly pushed back on the "AI miracle" framing — Claude didn't actually guess the password; it found an older backup file and fixed a bug in the password-cracking tool btcrecover that the owner had been running wrong for years. Commenters then ran with their own tales of crypto regret: lost wallets in landfills, MtGox settlement checks for a fraction of what was owed, and the familiar "I had X Bitcoin and threw away the hard drive" lament. A separate vein of the thread turned into a practical appreciation for using LLMs on esoteric recovery tasks — restoring corrupted images from SD cards, reverse-engineering ancient firmware — but skeptics argued any capable model (DeepSeek, Gemini) would do the same, and that the real trick was just having a smart agent harness to orchestrate the brute-force.
Codex is now in the ChatGPT mobile app [article]
308 points · 154 comments · openai.com · 11h ago
The linked article wasn't available to this summarizer; from the discussion, OpenAI made Codex—its coding agent—available within the ChatGPT mobile app, letting you kick off coding work from your phone and check results later. The thread quickly turned into a direct comparison war between Codex and Anthropic's Claude, with a clear split: a vocal group insists Codex is now faster, less frustrating, and actually cheaper than Claude's current plans, which they say burn through tokens and hit limits comically fast. Several people specifically cite Codex's GPT-5.5 on the highest effort setting as competitive with or better than Claude's Opus 4.7 for real coding work, while others push back, saying the free tier feels throttled or unimpressive for their stack. There's also a practical undercurrent about pricing—multiple commenters argue the $20 ChatGPT plan gives you far more usable mileage than Claude's equivalent, and one developer shared a detailed breakdown of refactoring a Godot framework with Codex over months without hitting hard walls.
A few words on DS4 [article]
278 points · 103 comments · antirez.com · 9h ago
antirez announced DwarfStar 4, a focused inference engine he built in a week to run DeepSeek v4 Flash on high-end Macs and similar hardware, using an aggressive 2/8-bit quantization to fit a quasi-frontier model in 96–128GB of RAM. The HN crowd actually got it running — several people reported solid token generation speeds on M5 and M4 Max machines, though a sharp split emerged: prefill speed (time-to-first-token) is painfully slow for agentic workloads with large contexts, which matters if you’re feeding it an entire codebase. A loud argument broke out over whether it’s worth building a model-specific engine instead of contributing to llama.cpp; the defense was that a small, AI-iterable C codebase can move faster than the mature C++ project, and others pointed out that antirez explicitly said llama.cpp maintainers don’t want AI-generated code without human review. A separate sideline erupted when antirez claimed GPT 5.5 is immensely helpful for low-level performance work while Claude Opus is useless — some commenters pushed back with benchmark data showing Opus still ahead on certain tasks, and others called the whole local AI scene a Yegge-tier psychosis, which got met with empirical benchmarks and accusations of moving goalposts.
USDA Projects Smallest US Wheat Harvest Since 1972 Due to Plains Drought [article]
247 points · 167 comments · www.agweb.com · 18h ago
The linked article wasn’t available to this summarizer; from the discussion, it covers the USDA projecting the smallest U.S. wheat harvest since 1972 because of drought on the Plains. The thread quickly turned into a heated debate about water, with one side arguing that desalination and a closed global water cycle mean we’ll be fine, and the other side pointing out that the Ogallala Aquifer is being depleted faster than it refills and that shipping desalinated water to Kansas is physically and energetically impossible. A surprising amount of the conversation spun off into the 1877 Desert Land Act, which let settlers claim arid land by promising to irrigate it—and which is apparently still in use today for homesteading federal land. A secondary split emerged over whether irrigating wheat is even common (most wheat is dryland, but some Montana and Kansas farmers do pivot-irrigate, and the data show irrigated yields have been improving faster than dryland yields for decades).
Ontario auditors find doctors' AI note takers routinely blow basic facts [article]
214 points · 99 comments · www.theregister.com · 9h ago
Ontario auditors found that 60% of AI scribe systems used by doctors botched prescribed drugs in patient notes. The thread went heavy on personal horror stories—people reported AI note-takers mangling meeting summaries and even turning a harmless voicemail into something ominous, making family members worry. A loud faction pushed back, arguing that human medical records already have a 60% error rate and that the real danger isn't accuracy but the feeding frenzy of insurance companies and drug makers tapping that real-time feed. Others countered that AI makes a fundamentally different kind of mistake—hallucinating confidently in ways no human would—and that without provenance (like timestamped recordings to check the source), these tools are dangerous for anything where accuracy matters.
Computer Hobby Movement in Canada [article]
197 points · 76 comments · museum.eecs.yorku.ca · 19h ago
The exhibit chronicles the Toronto Region Association of Computer Enthusiasts (TRACE) and how hobbyists in Canada built the ground for personal computing in the 1970s and 80s. HN mostly ignored the hardware history and instead fell into a familiar, bitter argument about Canadian regional identity — specifically whether the article’s Toronto focus was fair or just another case of the rest of the country being erased. A large contingent from Alberta pushed back hard, listing grievances about equalization payments, under-representation in Parliament, and what they see as a condescending “eastern” attitude, while several Ontario-based commenters shot back that the persecution complex is inflated and that Toronto’s dominance is simply demographic reality. The thread turned into a proxy fight over western alienation versus central Canada’s economic weight, with only a few people circling back to the actual computer kits and clubs.
Sam Altman's Business Dealings Under GOP Scrutiny Ahead of OpenAI's IPO [article]
196 points · 154 comments · www.wsj.com · 19h ago
The WSJ reports that Republican officials are looking into Sam Altman’s personal investments overlapping with OpenAI’s portfolio ahead of the company’s IPO. The thread immediately turned cynical: most people see this as purely performative, with one camp arguing the real story is Elon Musk leaning on the administration to hurt Altman in their legal feud — which kicked off a long, heated argument over whether either billionaire is a psychopath and whether the AI boom is actually hurting everyone else. Others pointed out that OpenAI execs are major Trump donors, so the GOP scrutiny looks like a protection racket shaking down the company for more. A few commenters dug into the substance, noting Altman’s habit of pushing OpenAI to back companies he’s personally invested in — a conflict-of-interest pattern that echoes his YC days and draws direct comparisons to the WeWork disaster, with everyone waiting for the S-1 filing as the final punchline.
The AI zombification of universities [article]
184 points · 187 comments · www.thenewcritic.com · 13h ago
The article is a long, melodramatic first-person essay from a UChicago philosophy student arguing that AI has become a cancer on universities—students cheat on exams with phones, student papers run AI-generated sports copy, and even professors are starting to lecture from ChatGPT drafts. The HN thread immediately split into a meta brawl over whether the essay itself was AI-written, with one camp insisting the purple prose and em-dashes are dead giveaways for a language model, while others shot back that it’s just how UChicago philosophy majors write and that trying to diagnose “AI-ness” by style is missing the point. The comments then largely ignored the article’s specific anecdotes and pivoted to the practical question of what universities should actually do: a vocal faction argued the only real solution is returning to strictly proctored, no-tech in-person exams, but others pointed out that the article already describes students photographing tests to feed to LLMs even in the exam room, so enforcement alone won’t cut it. Meanwhile, a cynical, historically grounded contingent predicted that nothing much will change—universities are prestige gatekeepers, online learning hype fizzled before, and they’ll just adapt by weighting grades toward in-class exams while the credentialist machine keeps churning.
More than sixty percent of the United States is experiencing drought conditions [article]
184 points · 72 comments · news.vt.edu · 9h ago
More than sixty percent of the US is in drought, with a Virginia Tech climatologist blaming an atypical La Niña and climate warming for conditions that are among the worst in decades by coverage and intensity. The top thread immediately corrected the headline—it’s the *total area* under drought that’s worst in decades, not that every region is seeing its own record drought. Several people dove into the Drought Monitor map itself, arguing it’s a subjective, expert-judgment black box, not a purely objective measurement, with one camp defending the map as the best we’ve got and another citing a known climate contrarian’s critique that the map has overhyped drought in places like eastern Washington. A substantial side conversation spun off over whether AI data centers are using up all the water—mostly met with pushback that data center cooling is a rounding error next to agriculture, and that banning restaurant water glasses is a performative distraction. The real split came over how much to trust a subjective expert process when the stakes are policy decisions, with some insisting that expertise doesn't equal objectivity and others calling that a disingenuous take.
Meta's New Reality: Record High Profits. Record Low Morale [article]
178 points · 189 comments · www.wired.com · 17h ago
The Wired piece reports that Meta is posting record profits while employee morale has cratered, driven by repeated layoffs, pay cuts, a forced tracking software rollout, and the sense that workers are being used to train the AI that will replace them. The HN thread largely took the article at face value, with many current and former employees chiming in to confirm the grim atmosphere, but the real debate centered on why anyone stays: golden handcuffs from unvested stock, the difficulty of matching Meta’s compensation elsewhere, and the Bay Area’s cost of living effectively trapping people in a job they hate. A significant split emerged between those who argue the money makes the misery worth it (some explicitly saying they'd tolerate years of unhappiness for $2 million) and others who say no amount of pay justifies working for a company they believe actively harms society—with one Meta employee in integrity work defending their role as harm reduction. Several commenters also pushed back on the idea that this is a new problem, noting Meta has cultivated a survival-of-the-fittest culture since 2022, and that the drawn-out layoff process—giving people a month to wonder—is actually worse than ripping the band-aid off quickly.
HDD Firmware Hacking [article]
178 points · 22 comments · icode4.coffee · 15h ago
The post walks through a security researcher's deep dive into hacking HDD firmware to insert a deliberate read delay for an Xbox 360 exploit—a rabbit hole they ultimately didn't need because the exploit ended up working anyway. The thread quickly turned into an unofficial recruitment ad for Red Balloon Security, whose representatives showed up to confirm their infamous hard-drive-based interview CTF is indeed still running, while others shared war stories about dumping firmware from those challenge drives. Several commenters pointed to related resources: Sprite's classic HDD hack that modified `/etc/shadow` on the drive itself, and a decompiled Samsung 840 EVO firmware manual that predates Samsung's encryption—sparking fresh bitterness about Samsung's quality and the risks of buying used SSDs. A recurring pushback called out how trivial most vendor "obfuscation" really is, with people arguing the only point is to set up a DMCA trap if you publish the decrypted code.
Amazonbot is finally respecting robots.txt [article]
152 points · 40 comments · xeiaso.net · 11h ago
Amazonbot has apparently started respecting robots.txt after years of ignoring it, according to a blog post that also discusses the author’s own Anubis proof-of-work system for deterring AI scrapers. The HN crowd is deeply skeptical—many point out that robots.txt has always been a voluntary gentleman’s agreement, and the real story is that massive crawlers only follow it when it suits them, which is rarely. Several people share horror stories: one got 750 GiB of traffic from Amazonbot alone, another had it ignore disallowed paths while hosting on AWS itself, leading to the irony of using Amazon’s own WAF to block Amazon’s scraper. The conversation quickly shifts to whether allow-lists and IP blackhole routes are the only sane defense now, and a few argue that Amazonbot’s purpose isn’t just AI training but price monitoring for marketplace sellers, making its belated compliance feel like a strategic retreat rather than a genuine change of heart.
How Claude Code works in large codebases [article]
151 points · 103 comments · claude.com · 3h ago
The article from Anthropic lays out best practices for using Claude Code at scale on large codebases, emphasizing a harness of CLAUDE.md files, hooks, skills, and LSP integrations over relying on a single model or codebase index. The thread immediately pushed back on the premise that agentic search beats indexing, with people pointing out that IDEs like PHPStorm and Copilot already have reliable local indexes that don't go stale, and that claiming a software engineer navigates by raw grep is a strawman. A major split emerged over security: the article's success criteria went unchallenged, but several people argued that giving an AI agent any ability to delete prod resources is insane, while others retorted that any company letting a dev (or an AI) have blind prod access already has bigger problems. There was also a sharp debate about whether the market has actually moved to Codex — one commenter claimed everyone with a choice has, but others called that an influencer bubble and pointed to the upcoming end of Copilot's heavy subsidies.
What's in a GGUF, besides the weights – and what's still missing? [article]
133 points · 43 comments · nobodywho.ooo · 14h ago
The article is a deep dive into the GGUF file format for local LLMs, celebrating its all-in-one simplicity but pointing out gaps like bundled projection models, standardized tool-call parsing, and missing metadata for think tokens. HN mostly ran with real-world gripes: several folks argued that the original single-file ethos is already broken by having to download separate projection models, and one of the original GGUF designers chimed in to regret that decision and hope someone merges them back. There was a lively tangent about the difficulty of parsing special tokens and chat templates—people dug into how llama.cpp's jinja2 implementation has to track metadata to avoid confusing content with control tokens, and a commenter building a retro FLTK app lamented the lack of a clean C API for it. A few commenters also pushed for embedding the actual compute graph in the file, not just architecture strings, so new model families don't require code changes, while others swapped tips on what models run well on consumer GPUs now that TheBloke is gone.
Anthropic forms $200M partnership with the Gates Foundation [article]
121 points · 100 comments · www.anthropic.com · 16h ago
The article announces Anthropic's $200 million partnership with the Gates Foundation to deploy Claude across global health, education, and agricultural programs. Hacker News mostly treated this as an exercise in PR reading and reputation accounting—there was immediate skepticism about whether the deal is real or just another round-numbered announcement that will evaporate, with multiple people pointing to Ed Zitron's track record of revisiting similar past announcements that went nowhere. The conversation quickly pivoted to Bill Gates himself, with heavy pushback against the foundation's credibility due to the Epstein connection and the fallout with Melinda, plus broader critiques about Gates's farmland holdings and the foundation's actual track record in US education. A deeper technical comment argued the real story isn't the headline amount but the shift toward operational deployment rather than research collaboration, essentially calling it a multi-year managed-services contract that will live or die on the foundation's ability to stand up proper evaluation pipelines.
Cuba says it has run out of fuel, blames U.S. embargo [article]
119 points · 262 comments · www.upi.com · 15h ago
Cuba's energy minister says the country has run completely out of diesel and fuel oil, blaming the U.S. embargo for a collapse that now means 20-22 hour daily blackouts in Havana. The thread quickly zeroed in on the headline's word "blames," with multiple people arguing that's a loaded framing—this isn't an accusation, it's cause and effect, since the U.S. openly cut off Venezuela and Mexico as fuel suppliers and is intercepting ships. A major split emerged: some see a straightforward humanitarian crime, while others defend the embargo as a legitimate tool against a hostile communist regime, or point to Florida's Cuban-American voting bloc and Marco Rubio as the real drivers. The State Department's counter-claim—that Cuba refused $100 million in aid—got shredded in the comments as either a transparent PR move or a "fable," with nobody buying that Cuba would turn down fuel they desperately need. A recurring side thread questioned why the U.S. treats a tiny, broke island as an existential threat while tolerating China and Russia's global moves, with one person summing it up as "embarrassment that they overthrew our businesses in 1959."
Germany's Sovereign Tech Fund Backs KDE with €1.3M [article]
118 points · 14 comments · www.theregister.com · 12h ago
Germany’s Sovereign Tech Fund gave KDE €1.3 million, framed by The Register as part of Europe waking up to the need for its own operating system stack. The thread barely touched on the actual grant details and instead turned into a mix of celebration and scattered anxiety: people cheered KDE’s growth and called it a public good and digital infrastructure worth funding, but a few pushed back hard, arguing that KDE’s Wayland-only direction will abandon legacy users and that the money should instead go to projects like X11 or GTK2-ng. The more cynical corner flatly asked where the “path to profit” is for a nonprofit desktop environment, only to get shut down with the response that roads and sewers don’t have a profit motive either. Some also revived old grudges against Jolla out of nowhere, and there were jokes about whether KDE’s infamous “donate now” nag screen will finally shut up now that the money’s flowing.
UK government replaces Palantir software with internally-built refugee system [article]
117 points · 26 comments · www.bbc.com · 9h ago
The UK government ditched Palantir’s Foundry platform for the Homes for Ukraine refugee system and built its own, claiming millions saved and more flexibility. Most of the thread takes that at face value — several commenters point out this is exactly the kind of problem the UK’s Government Digital Service handles routinely, and that the scale (hundreds of thousands of records) is small enough that a competent in-house team should be able to build and maintain it cheaper than Palantir’s expensive consulting-heavy model. Others push back harder: Palantir is openly MAGA-aligned, and a few argue the UK should never have handed visa and residency data to a US company in the first place. The debate isn’t really about whether the replacement works — the article says it does — but whether Palantir ever deserved the business, with the thread broadly agreeing the civil service can outperform when given the resources and leadership.
Access to frontier AI will soon be limited by economic and security constraints [article]
116 points · 85 comments · writing.antonleicht.me · 6h ago
The article argues that access to frontier AI models will soon be sharply limited by economic costs, security risks like distillation and model theft, and U.S. government leverage—using Anthropic’s Mythos cybersecurity model as the canary in the coal mine. The HN thread immediately pushed back on the core premise: several people pointed out that the author completely ignored open-weight models, which are now only months behind the frontier and already good enough for most practical use cases, making the “cut-off” scenario much less dramatic than painted. Others countered that the gap between frontier and open models is actually widening on hard benchmarks like ARC-AGI, and that even if open models catch up, the political and economic advantages of first access to the best tokens still matter. A significant split emerged over whether the U.S. government can realistically enforce these restrictions—one side argued the Trump administration is too incompetent and captured by oligarchs to pull it off, while another insisted the real threat is Chinese labs having already escaped any moat, so the genie is well out of the bottle regardless of policy. The distillation debate also got heavy: if cutting off API access is meant to stop Chinese labs from distilling frontier models, a commenter noted that the “model is the data” framing means locking down access just accelerates the data bottleneck for those labs, potentially backfiring.
Show HN: Running the second public ODoH relay [article]
116 points · 41 comments · numa.rs · 21h ago
The post announces a second public ODoH (Oblivious DNS over HTTPS) relay—a protocol that splits DNS lookups so one operator sees your IP but not the query, and another sees the query but not your IP, without requiring an account or telemetry. The HN crowd immediately pushed back on the practical value: several people pointed out that without widespread ECH adoption, the server name still leaks in plaintext during the TLS handshake, making ODoH a partial fix at best. Defenders argued that plugging one leak at a time is still forward progress, and that ODoH at least keeps your ISP and DNS provider from both seeing the full picture. A recurring split emerged between those who think running your own recursive resolver is the real answer (arguing that authoritative nameservers can’t identify you anyway) and those who counter that a solo recursive resolver makes you trivially trackable—you need the anonymity set of a busy public relay. There was also a tangent about the project's .numa private TLD and pkarr, with someone asking if it would turn into a crypto thing, but the author clarified it’s DHT-based, not blockchain.
RISC-V Router [article]
115 points · 56 comments · router.start9.com · 11h ago
Start9 announced a RISC-V router built on the SpacemiT K1 chip, fully open-source from the boot stack to the board schematics, with a custom OpenWRT fork called StartWRT that adds identity-based Wi-Fi passwords and VPN chaining. The HN crowd immediately flagged that the same Banana Pi board costs about a hundred bucks less and questioned why a 2026 router ships with only a single gigabit WAN and LAN port—people serious about self-hosting want SFP+ or at least 2.5GbE, though others pushed back that gigabit is still far beyond what most households worldwide can actually use. A big chunk of the discussion debated whether the RISC-V CPU can even saturate that gigabit with routing and VPN turned on; some posted benchmarks showing the K1 can handle it fine, while others pointed out the chip lacks hardware acceleration for packet processing, meaning software performance could be a real bottleneck. Many were wary of yet another startup crowdfunding a hardware fork of OpenWRT instead of upstreaming their GUI improvements, noting that projects like Turris Omnia already exist with better specs and a longer track record of openness. The core split was between people who see real value in an auditable, backdoor-free RISC-V router for privacy-conscious users and those who think the current hardware is too weak and under-specced to justify the $300 price tag.
Generated 2026-05-15 08:03 UTC
Generated by Sauron from Hacker News discussions and linked articles.