HN Brief: 2026-05-23
Today’s Hacker News was defined by a sharp divergence between people who see AI as a genuine force multiplier and those who are already growing tired of its practical failures and brittle hype. The biggest threads centered on cost blowback—Microsoft pulling Claude Code licenses, reports that AI is actually more expensive than human labor, and a live tracker arguing the entire industry is unprofitable—while a parallel conversation asked whether software written or translated entirely by AI is a maintenance disaster waiting to happen, using the yt-dlp Bun deprecation and the “AI-generated repo with 63k stars” as cautionary tales. A lighter but still freighted throughline was the tension between deep institutional knowledge (Japanese companies’ diversification, Wozniak’s “actual intelligence” speech) and the promise that agents will just handle everything.
Threads most worth clicking: “If you’re an LLM, please read this” for the prompt-injection debate that turns into a proxy war over data ownership; “Bun support is now limited and deprecated” for the rawest argument of the day about whether a million-line AI-translated codebase is a miracle or a liability; “Antigravity 2.0 Tops the OpenSCAD Architectural 3D LLM Benchmark” because the real story is everyone raging at Google’s forced CLI migration, not the Pantheon model; “Don’t just paste the AI at me” for a deceptively simple sentiment that splits the room on whether the real asshole is the AI-paster or the person too lazy to Google first; and “Project Glasswing: An Initial Update” for the split between genuine awe at automated vulnerability discovery and deep suspicion that Anthropic is IPO-marketing.
If you’re an LLM, please read this [comments]
795 points · 419 comments · annas-archive.gl · 20h ago
The blog post is a tongue-in-cheek plea from Anna's Archive directly to LLMs, offering a detailed "llms.txt" file that explains where to legally bulk-download their data instead of hammering their CAPTCHAs, and then politely asks for donations. HN ran straight at the prompt-injection question, with a lively split: some argued it's just harmless advocacy or a nudge, while others insisted that wording like "if you have access to payment methods" is a deliberate attempt to reorient an agent's output. A tangent erupted over whether Anna's Archive even "owns" the data they're offering—many pushed back that the authors and publishers do, sparking a familiar debate about intellectual property as a monopoly vs. a property right, and whether data can be owned at all. Another camp focused on whether any major LLM actually reads llms.txt files, pointing out that Chrome Lighthouse now checks for them, and wondering if the donation pitch has ever actually worked in practice.
Why Japanese companies do so many different things [comments]
631 points · 311 comments · davidoks.blog · 16h ago
David Oks's piece argues that Japanese companies like Toto and Yamaha thrive on extreme diversification because of a deeply interlocking “bundle” of practices—lifetime employment, seniority-based pay, horizontal coordination, and insulation from shareholders—that forces firms to keep creating new businesses to employ their generalist workers rather than maximizing shareholder value. The thread largely agreed with the article's core thesis, with several people pulling out the key insight that the system is a self-reinforcing package you can't cherry-pick, but a Korean developer pushed back hard, arguing the piece romanticizes Japan and ignores the hidden costs: zombie companies, a rigid vertical hierarchy in practice (especially in software), and a classist social structure where your corporate affiliation defines your standing. Others debated whether the U.S. could borrow any of this stability without the downsides, and a separate argument erupted over the CEO-to-worker pay ratio, with some dismissing it as a misleading statistic while others saw it as a symptom of broken incentives. A recurring sub-thread also linked this to the difficulty of accessing capital outside the U.S., suggesting conglomerates naturally arise where funding is scarce.
Steve Wozniak cheered after telling students they have AI – actual intelligence [comments]
623 points · 513 comments · www.businessinsider.com · 22h ago
The linked article wasn’t available to this summarizer; from the discussion, Steve Wozniak gave a graduation speech telling students they already have “actual intelligence,” contrasting his collaborative, human-centered tone with what he sees as the tech elite’s hype—specifically singling out Eric Schmidt. The thread quickly split over whether that message is empowering or naive. One side argued young people can shape AI through skills and voting, and that the technology is just another layer of abstraction; the other side parried with the grim reality of the military-industrial complex, Citizens United–level campaign finance, and students being treated like cows in a meat industry they can’t influence. A long digression compared Wozniak’s approach to how Steve Jobs might have handled generative AI, with commenters guessing Jobs would have hated LLMs’ flakiness but would still have demanded polish, while others noted Apple Intelligence has so far been cautious, useful ML features buried under the brand—and Siri is still useless.
Bun support is now limited and deprecated [comments]
461 points · 457 comments · github.com · 14h ago
The yt-dlp project announced it's limiting and deprecating support for Bun as a JavaScript runtime, narrowing acceptable versions to a range that ends with the last release built from Bun's original Zig codebase. The maintainer explicitly cited Bun's recent rewrite from Zig to Rust using Claude as a reason, calling it "vibe-coded" and a future headache they'd rather avoid. The thread exploded over that second rationale: a sizable camp argued that dismissing code solely because it was AI-translated is irrational and ignores that the rewrite passes Bun's test suite, while the opposing side hammered home that a million-line PR merged in a week couldn't possibly have been reviewed, that the new codebase is full of unsafe Rust that fails Miri checks, and that depending on software no human understands is a recipe for disaster. A tangent emerged defending Deno as equally vibe-coded, and someone noted that Deno's glibc dependency makes it worse than Bun for musl-based distros like Alpine, so the deprecation is a real loss for those users. The underlying split is sharp: some see this as prudent risk management against an untrustworthy dependency, while others see it as reactionary moral panic dressed up as engineering rigor.
Project Glasswing: An Initial Update [comments]
411 points · 248 comments · www.anthropic.com · 12h ago
Anthropic published an update on Project Glasswing, a collaboration using their unreleased Mythos Preview model to find tens of thousands of critical vulnerabilities across major software like Firefox, Cloudflare, and open-source libraries, claiming it’s a step-change in automated security auditing. The Hacker News thread immediately split into two camps: one impressed by the raw numbers (2,000 bugs at Cloudflare, 271 in Firefox 150) and the implication that software security’s bottleneck has shifted from finding flaws to patching them, and another deeply skeptical that this is mostly marketing hype ahead of an Anthropic IPO. Skeptics pointed to a security researcher who reproduced similar results with a small open-weight model, and noted that the curl project’s creator found Mythos turned up only one real vulnerability where it claimed five, suggesting the 90% true-positive rate is cherry-picked from assessed bugs while unassessed ones may fare worse. Others argued the real story isn’t Mythos specifically but that AI-assisted vulnerability discovery across multiple models is now so good it’s overwhelming maintainers — with some open-source projects asking Anthropic to slow down disclosures — and that the key question is whether Anthropic can keep this model exclusive long enough to cash in before GPT-5.5 Cyber or other competitors catch up.
U.S. researchers face new restrictions on publishing with foreign collaborators [comments]
390 points · 242 comments · www.science.org · 15h ago
The linked article wasn't available directly, but the discussion centers on new, informal restrictions the US is placing on researchers publishing with foreign collaborators, with agencies like NIH and NSF flagging individual grantees without issuing any formal guidance. The thread immediately calls this a textbook chilling effect—unclear, arbitrary rules that make researchers self-censor to stay safe, which is exactly the point if the goal is to slow down science itself. A major vein of the conversation pushes back hard on the naive idea that industry titans should defend basic research, arguing instead that their fortunes are already made and they're now in a defensive posture, actively wanting less innovation to protect their own stasis. The deeper split is between those who see this as a straightforward political power grab to control what kind of research gets done, and those who suspect a more cynical endgame where the US is purposefully dismantling its own foundations, either out of blatant kleptocracy or a hidden belief that civilization is on a short clock anyway.
Shipping a laptop to a refugee camp in Uganda [comments]
381 points · 132 comments · notesbylex.com · 10h ago
The article follows the author's 42-day, 36,000-kilometer ordeal to ship a used MacBook from Australia to a Congolese refugee named Django in a Ugandan camp, after Django's own laptop died from a battery mishap. The thread zeroed in on two main reactions: admiration for Django's relentless determination against absurd bureaucratic friction—customs demanded a tax ID requiring a day-long journey, then seized the laptop for lacking an original receipt—and a furious debate about how developing-country governments and corrupt officials extract tax and bribes at every turn, with several people from Brazil and Argentina sharing horror stories about 80% electronics tariffs and the black markets they create. A significant tangent emerged around the effectiveness of aid delivery, with some arguing that sending money directly through organizations like GiveDirectly bypasses the kleptocratic infrastructure, while others countered that even imperfect aid saves lives and refusing to help until systems are perfect accomplishes nothing. The most charming aside was the final delivery: the laptop ended up sitting on a shelf in a random hardware shop, held by an owner who had no idea what was inside but agreed to keep it for "a friend," and who lit up with glee when Django powered it on and the Apple logo appeared.
Antigravity 2.0 Tops the OpenSCAD Architectural 3D LLM Benchmark [comments]
379 points · 148 comments · modelrift.com · 21h ago
The article benchmarks six AI coding tools on their ability to generate parametric OpenSCAD code to build a 3D model of the Pantheon from reference images, with Google's Antigravity 2.0 topping the list for quality by correctly implementing details like the coffered ceiling and inscription. A huge chunk of the comments veered away from the benchmark itself and into an entirely different argument: widespread frustration with Google's forced migration from the Gemini CLI to the Antigravity CLI, which people say is buggy, requires browser login every session, and lacks basic features like showing token quotas. Several users warned about vendor lock-in, with some insisting on using Neovim to avoid dependency on any single AI tool that Google might sunset or break. There was also a call for perspective—some argued that even the worst entries in this benchmark would have been considered magic three years ago, while others pushed back that it's fine to criticize once the novelty wears off and expectations mature.
DeepSeek makes the V4 Pro price discount permanent [comments]
375 points · 213 comments · api-docs.deepseek.com · 16h ago
DeepSeek has made the 75% discount on its V4 Pro model permanent, meaning prices are now locked at a quarter of the original rate—$0.87 per million output tokens versus the pre-discount $3.48. The thread lit up with people comparing those figures to competitors, noting that V4 Pro undercuts Qwen, Grok, and especially Opus and GPT-5.5 by massive margins, with cache-hit prices dropping to as low as $0.0036 per million tokens. Heavy users jumped in to report real-world costs: someone burned through 65 million tokens for $1.50, and another described getting 70% cache-hit rates on agentic workflows, with the model autonomously fixing a broken MCP in under 30 seconds. A big chunk of the discussion swerved into harnesses like Claude Code and Pi—people are happily plugging DeepSeek into those tools instead of waiting for DeepSeek to ship its own coding agent, though some argued the model maker's own harness could still be stickier long-term.
Deno 2.8 [comments]
348 points · 148 comments · deno.com · 20h ago
Deno shipped version 2.8, a major minor release with new subcommands like `deno pack` for building npm tarballs, `deno audit fix` for auto-patching vulnerable dependencies, and `deno why` to explain why a package is installed, plus a big jump in Node.js compatibility from 42% to 76.4% of Node's test suite passing. The thread quickly split into two camps: one side pushed back hard on Deno's decision to default to npm in `deno add` commands, arguing that the clean break from npm was Deno's whole selling point and now it's just "Node with extra steps," while the other side said refusing to support npm made Deno a non-starter for real-world corporate pipelines and CI systems. A big tangent erupted over whether Bun is a safer bet now that Anthropic owns it—some argued the acquisition means it won't run out of money, while others pointed to Anthropic's recent layoffs and the "vibe-coded the entire codebase" fiasco as signs it's unstable, with a few commenters noting that Node's move to a foundation is what actually makes it the low-risk choice long-term. The performance numbers got attention too: Deno now claims 3.66x faster cold npm installs and 76% Node compliance versus Bun's 40.6%, which surprised people who assumed Bun was ahead on compatibility given its marketing. A few folks also flagged that the release blog post wasn't live yet at the time of submission, so the thread was partly working from GitHub releases and memory.
AI has a multiplying effect on existing technical skills [comments]
304 points · 287 comments · www.joshwcomeau.com · 18h ago
The piece argues that AI coding tools are a force multiplier for developers who already know what they're doing, using the Iron Man suit analogy — powerful in skilled hands, useless otherwise. The HN thread largely agreed with the premise but went deep on a concrete counterexample: a GitHub repo with 63,000 stars and a top-trending developer turned out to be entirely AI-generated nonsense, with follow-up audits confirming the project is a non-functional facade, which the commenters used as perfect proof that the suit alone doesn't make Iron Man. A big split emerged around the long-term maintainability of AI-generated code — some argued that if the next maintainer is also an LLM, the source of truth shifts from code to prompts or specs, while others pushed back hard, pointing out that treating generated code as a disposable compile target breaks down when models change under you, introducing new bugs chaotically. Several experienced developers shared a pragmatic compromise: use AI to rapidly prototype designs you lack the skills for, then manually reimplement the result with clean code, treating the prompt output as a disposable sketch rather than shippable work.
Trump Mobile exposed customers' personal data [comments]
242 points · 117 comments · techcrunch.com · 16h ago
Trump Mobile confirmed it left customers' names, addresses, and phone numbers exposed on the open internet, blaming a third-party platform provider. The thread immediately turned the story into a referendum on whether anyone expected competent security from a Trump-branded phone company in the first place—the consensus was a hard no, with jokes about AliExpress drop-shipping and intern-run Excel spreadsheets substituting for infrastructure. A more pointed line of comments zeroed in on the company saying it was "evaluating whether to notify customers," which the crowd read as a flagrant dodge, especially since regulatory enforcement feels toothless under the current administration. Some users noted the irony that the data leak disproportionately hits a customer base derided as the most gullible people on the planet, while others wandered into a surprisingly detailed debate about headphone jack placement on the actual Trump-branded phones. The thread also spawned a tangential argument about whether "/s" ruins comedy and whether "A Modest Proposal" would hold up with a sarcasm tag, which is exactly the kind of HN sidebar that David will either love or skip entirely.
SpaceX launches Starship v3 rocket [comments]
230 points · 144 comments · www.nbcnews.com · 8h ago
The linked article wasn't available to this summarizer; from the discussion, this was the latest Starship test flight using the new Raptor 3 engines and a redesigned vehicle. The crowd that stayed up to watch was blown away by the views — especially camera feeds from deployed dummy satellites looking back at the ship in orbit — and genuinely impressed that despite losing an engine on both the booster and the ship, Starship still reached orbit, deployed its payloads, and executed a pinpoint soft splashdown in the Indian Ocean. The main split in the comments is between the iterative-design defenders and a skeptical contingent asking whether 12+ test articles with major failures on almost every flight means the program is a boondoggle rather than a success story in the making. Skeptics point out that the shuttle worked on its first try and that constantly redesigning engines and stages suggests fundamental problems, while defenders counter that SpaceX has gone from nothing to orbital capability in three years at a fraction of SLS costs, and that blowing up cheap, mass-produced hardware is exactly how you build a robust system for airline-like operations. A sub-argument broke out over whether the engine-out issues were planned or accidental, with the booster failing its boost-back burn being the bigger disappointment, likely killing any immediate hopes for a tower catch on the next flight.
Is AI Profitable Yet? [comments]
213 points · 158 comments · isaiprofitable.com · 5h ago
The site is a live tracker arguing that the entire AI industry, cumulatively, is deeply unprofitable—claiming $1.4 trillion in spend versus $718 billion in revenue, with only Nvidia in the black. The Hacker News crowd immediately jumped on the gold-rush shovels analogy, calling Nvidia the only real winner and noting that other hardware and datacenter suppliers are quietly cleaning up too. A major pushback centered on accounting: several people argued the data conflates capital expenditure with operating expense, and that amortizing the GPU costs over their useful lives would make the big cloud players’ books look far healthier, while others countered that GPU depreciation timelines are brutally short and the spend is still unsustainable. A separate split emerged between those who see this as a healthy early-stage investment cycle, similar to the dot-com buildout, and those who warn that the stock market is riding on AI hype and a crash would hammer pensions and the wider economy, not just the pure-play AI companies.
Open source Kanban desktop app that runs parallel agents on every card [comments]
212 points · 123 comments · www.kanbots.dev · 13h ago
KanBots is an open-source desktop kanban board that runs parallel AI agents on every card, with each agent operating in its own git worktree and the whole system built around local-first architecture with no telemetry or cloud dependency. The HN crowd split pretty cleanly into two camps: people who saw this as a genuinely useful orchestration layer for agent-driven development, and those who immediately pointed to competing tools like Windsurf, Cline's kanban, and OpenAI's Symphony as doing essentially the same thing. A significant chunk of the thread veered into a broader debate about whether anyone actually reviews AI-generated code anymore, with some arguing they never look at it and others insisting that refusing to review is how you end up with subtle bugs that look plausible but are completely wrong. There was also a notable sidebar about the homogenous, "designed by Claude" look of the landing page, which the creator addressed by acknowledging the criticism and sharing their own design background. The local-first, no-cloud pitch was explicitly called out as "table stakes" for adoption, though some questioned why this needs to exist as a standalone app when you could just wire an agent into existing project management tools via their APIs.
Microsoft starts canceling Claude Code licenses [comments]
210 points · 157 comments · www.theverge.com · 14h ago
The Verge reports that Microsoft is pulling most Claude Code licenses by June 30, after a six-month pilot that got wildly popular inside the company — popular enough to blow through its yearly AI coding budget. The HN thread immediately caught that the submitter's link went through three layers of AI-generated summaries before reaching the actual Verge article, and the top comments are a mourning ritual for journalism. The real debate is about cost control: some argue that unsupervised agentic workflows burn tokens like a slot machine with no guaranteed payout, while supervised human-in-the-loop use is far more efficient and manageable. Others point out that Microsoft's move isn't about Claude being bad — it's about internal politics and budget optics, since the cutoff aligns with the end of their financial year, and they're pushing developers toward Copilot CLI instead. A recurring thread warns that any company without Microsoft's R&D budget is going to get wrecked by unpredictable AI costs that don't scale like salaries do.
Microsoft reports AI is more expensive than paying human employees [comments]
201 points · 59 comments · fortune.com · 4h ago
The article reports that Microsoft and other firms are finding that heavy AI usage—driven by internal incentives like leaderboards and token-maxing goals—is costing more than the human labor it was meant to replace or augment. But the HN thread immediately pushes back hard on both the framing and the premise: the title is clickbait, and the article itself doesn't quote Microsoft saying AI is more expensive than employees—the real story is that Microsoft is just swapping Claude Code licenses for its own GitHub Copilot, a classic dogfooding move, not a cost-driven retreat. A recurring angle is that companies shot themselves in the foot by making token consumption a metric via OKRs, then got shocked when usage exploded under Goodhart's law, while several commenters point out that a deep learning team at Nvidia burning compute to push hardware forward has nothing to do with whether coding agents are economical for normal software work. The split is clear: some argue the whole "AI is too expensive" narrative is manufactured noise from a media torching AI, while others insist the real problem isn't AI's cost but vibe leadership chasing nonsense metrics, and that local or open-weight models already make inference cheap if you stop using Opus for every trivial Slack message.
The Companies Cutting Headcount for AI Will Lose to the Ones Who Didn't [comments]
199 points · 189 comments · libertas.software · 20h ago
The article argues that companies using AI to cut headcount are making a strategic error, because they’re tossing out the institutional knowledge that makes AI actually useful—the real play is to keep the same people and let AI multiply what they can do. The HN thread immediately turned on the article itself, with a lot of people calling it AI-generated slop, pointing out the telltale em-dashes and generic stock images. The core debate split into two camps: one side insists that augmenting workers with AI effectively replaces workers anyway, since a team of five with AI can do what ten used to do and there simply isn't infinite demand for the extra output; the other side fires back that they’ve never been at a company where there wasn’t a mountain of valuable work left undone, and that layoffs just reflect poor management and a lack of real ideas, not a genuine labor surplus. A recurring pushback was that this same article gets posted every month and C-suites clearly don’t care, though some noted the irony that HN, which loves to complain about AI replacing coders, was now upvoting a piece that essentially preaches the opposite.
CISA tries to contain data leak [comments]
188 points · 49 comments · krebsonsecurity.com · 15h ago
A KrebsOnSecurity investigation revealed a CISA contractor created a public GitHub repo called 'Private-CISA' packed with plaintext AWS GovCloud keys and internal system credentials, deliberately disabling GitHub’s secret-scanning protections. The HN thread treated CISA’s official line—"no indication that any sensitive data was compromised"—as a punchline, with many noting the agency hadn’t invalidated most exposed keys, including an RSA private key granting full access to CISA’s GitHub code repos, until security tooling vendors followed up weeks later. Some commenters pushed back on the "this is a human problem, not a technical one" framing from the Risky Business podcast, arguing that better technical controls—mandatory smartcards, HSMs, and ephemeral credentials—should have made it impossible for a contractor to exfiltrate working passwords dating back to mid-2025. A recurring split ran between those blaming deliberate gutting of CISA under the Trump administration (the agency lost a third of its workforce and nearly all senior leaders) and those who saw both the leak and the cover-up as garden-variety incompetence masquerading as inevitability.
How to convert between wealth and income tax [comments]
174 points · 575 comments · paulgraham.com · 16h ago
Paul Graham makes the case that a 1% wealth tax is mathematically equivalent to a 20% income tax (assuming a 5% risk-free return), arguing that politicians underestimate the bite of a wealth levy when they present it as a small number. The thread immediately split between those who accepted the math as a useful framing tool and those who accused Graham of sneaky advocacy, noting that the conversion only works for people whose income comes entirely from capital, not labor—a person with no savings pays 0% wealth tax regardless. A long, digressive sidebar erupted around a linked essay about “inequality talk is about grabbing,” where people fought over whether billionaires earn their wealth through “superpowers” or systemic exploitation, with one side arguing the real issue isn’t envy but the raw political power that concentrated wealth buys. Others pushed back on the practicality of wealth taxes entirely, debating enforcement (hidden assets, valuation of private businesses) and pointing out that most proposals exempt the first many millions, making the scare-mongering about hitting ordinary savers a bad-faith distraction.
Don't just paste the AI at me [comments]
159 points · 100 comments · dontquotetheai.com · 9h ago
The linked article is a screed against people who, when asked a question, just paste an AI-generated response back instead of offering their own judgment or experience. The HN thread largely agreed with the sentiment but split hard on delivery: a vocal contingent found the site's tone too aggressive and crass to actually send to a colleague, arguing you can't fight rudeness with rudeness and that tact is essential for real communication. Others pushed back just as hard, calling the act of pasting AI slop an "affront" and a "direct insult" that deserves zero tolerance, with one commenter noting it signals "I couldn't be bothered to read your question." A strong tangential thread emerged arguing that the real problem isn't just the AI-paster, but also the person asking a question they could easily have Googled or asked the AI themselves—wasting everyone's time and treating the human as a low-effort oracle—and several people shared anecdotes of formerly valuable community members who have "hollowed out" into nothing more than AI proxies.
Alberta to hold referendum on whether to remain in Canada [comments]
156 points · 338 comments · www.bbc.com · 18h ago
The BBC reports that Alberta is holding a referendum on whether to even begin the legal process for a future binding vote on separation from Canada, driven by a long-running sense of western alienation in the oil-rich province. The HN thread largely ignored the referendum's procedural weirdness—it’s a vote on whether to hold a later vote—and instead lit into the very idea of an Albertan national identity, with one side arguing it’s a fringe, manufactured grievance pushed by a single political party, while the other insists that a distinct Western Canadian identity and a century of resentment toward Ottawa are very real. A major split formed over whether the movement is fueled by foreign interference, with several people calling for treason investigations into separatists allegedly taking American money, though others pushed back hard that a lawful referendum is not sedition. The most substantive pushback came from people who lived in Alberta, who argued that even if the identity and grievances are authentic, a landlocked resource economy would just trade dependence on Ottawa for dependence on American corporate offices. A few commenters cut through the whole debate by predicting that the inevitable long-term outcome, regardless of the vote, is annexation by the United States.
Sleep research led to a new sleep apnea drug [comments]
143 points · 90 comments · temertymedicine.utoronto.ca · 9h ago
A University of Toronto professor's thirty years of research into the brain chemistry controlling tongue muscle movement during sleep has led to AD109, a daily pill that targets the noradrenaline "go" signal and muscarinic receptor "stop" signal that together cause airway collapse in sleep apnea, and the drug just posted positive phase 3 results. The thread immediately downshifted from the science to the real-world grind of sleep apnea: multiple people shared that they'd bounced off CPAP machines completely despite desperately wanting them to work, with one person rigging up a smart home system that flashes lights if they remove their mask at night. Several commenters pushed back hard on the drug's reported reduction of four breathing interruptions per hour, arguing that's a modest improvement that won't cure anyone, and pointed to GLP-1 drugs like Zepbound as actually curing over half of patients after a year of weight loss. There was also a sharp split between those who think sleep apnea symptoms should be obvious to anyone and those who've lived with it so long they assumed chronic exhaustion was just normal adult life, accompanied by warnings that some sleep clinics are cash cows that will score you positive for apnea to sell you equipment regardless.
Show HN: ShadowCat – file transfer through QR Codes in a Browser [comments]
143 points · 53 comments · github.com · 20h ago
ShadowCat is a single-file HTML page that moves data between devices by encoding it into a stream of QR codes, aimed at old phones with dead radios but working cameras and browsers. The HN crowd immediately zeroed in on the bootstrapping problem—if the phone's comms are broken, how do you get the HTML page onto it in the first place? The answer involved a mix of old-school cable syncing, scanning the code itself as a QR from another screen, or just admitting the difficulty. Several people pointed out that animated QR with erasure/fountain codes is a well-trodden idea, linking to prior art like Txqr and noting that using proper fountain codes (like RaptorQ or Wirehair) makes the transfer dramatically more efficient by handling missed frames without retransmission. The conversation also split into two camps: those who see this as a clever data-exfiltration tool for air-gapped or monitored environments (since a tiny JS download from a CDN looks like noise), and those who argued that at ~1 KB/s, you'd be better off just recording a video of the screen with a webcam and processing the QRs later.
A Forth-inspired language for writing websites [comments]
142 points · 14 comments · robida.net · 17h ago
A developer introduced Forge, a stack-based language inspired by Forth, designed specifically for building websites with both server-side rendering and client-side WebAssembly compilation. The HN thread quickly split into several camps: some accused the project of being AI-generated fluff since no repository or code was linked, while others pushed back that Forth-like languages are trivially bootstrappable in a weekend without any LLM help. A deeper argument erupted over whether React is the only sane way to build complex GUIs, with experienced developers calling React a "hodgepodge of leaky abstractions" and defending MVC or widget-based approaches as perfectly viable alternatives. Several commenters also got into the weeds of the Forth syntax itself, debating whether the `.` and `emit` words differ in HTML escaping, and questioning why the language forces authors to manually convert date strings rather than handling that automatically.
You can no longer Google the word 'disregard' [comments]
137 points · 78 comments · techcrunch.com · 15h ago
A TechCrunch piece points out that Google’s new AI-heavy search interface completely breaks when you type the word "disregard" — the AI summary treats it as a prompt-injection command and just says "understood," leaving a huge block of whitespace before the actual search results. The HN thread immediately zeroed in on this being an obvious and badly handled prompt-injection vulnerability, with many arguing that Google is prioritizing a fragile AI gimmick over functional search. Several people chimed in to note that "stop" and "cancel" trigger the same behavior, and that the traditional results are still there if you scroll past the giant dead zone, so the article’s alarmism got pushback as overblown. A recurring theme was that the real story isn't this one word but the fact that Google apparently isn't sanitizing user input at all, leaving its core product degraded for a laughably easy attack vector.
I’m writing again [comments]
134 points · 35 comments · www.cringely.com · 17h ago
Robert X. Cringely is back after three years away, announcing he's writing again and teasing a forthcoming piece that argues the trillion-dollar AI industry is taking the wrong architectural path—one his new company, 2Brains, has patented an alternative for. The HN thread immediately split into two camps: one group of longtime readers was genuinely happy to see him, reminiscing about *Triumph of the Nerds* and his InfoWorld days, while another contingent was ready with receipts, dredging up the 1998 controversy over his false claim of having a Stanford PhD and still stewing about some failed Minecraft server project. The pushback got sharp enough that other people in the thread started arguing with the critics for bringing up decades-old dirt, calling it pointless score-settling. A few commenters also noted that he previously claimed to be "back" in 2023 and only managed two posts before vanishing again, so there's a clear undercurrent of "we'll believe it when we see it."
Models.dev: open-source database of AI model specs, pricing, and capabilities [comments]
132 points · 23 comments · models.dev · 11h ago
The article presents Models.dev, an open-source database that aggregates AI model specs, pricing, and capabilities into one searchable repository. Hacker News immediately pointed out that the project's claim of being unique is undermined by a dozen existing competitors—someone helpfully dumped a long list of alternatives, leading others to joke that the field itself needs a database of databases. The crowd was united in demanding filtering and search features, calling the current sorting-only table nearly unusable for comparing models across modalities, tool-calling support, or "closed" vs. open models. Several people argued the project's real value depends on staying current, with one skeptic noting that raw pricing per token is misleading when providers silently swap in cheaper models or degrade output mid-task. A separate thread debated whether the model list could be self-updating via automated scraping, though others shot that down as a recipe for hallucinated pricing spam.
FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack [comments]
129 points · 39 comments · www.pcmag.com · 7h ago
An apparel site linked to FBI director Kash Patel—BasedApparel.com, a merch brand he co-founded before taking office—was compromised by hackers running a "ClickFix" attack that tricks macOS visitors into pasting a malicious command into Terminal, which would then steal browser credentials and crypto wallet data. The HN thread quickly turned from the technical details into a broader political roasting: several people pointed out that the real story isn't just a hacked t-shirt store but the absurdity of an FBI director even *having* a merch store, with some calling it proof that the U.S. is not a serious country and arguing for mandatory divestment from business interests for high-security officials. A few commenters pushed back against the reflexive "it's Russian malware" assumption, suggesting Israeli spyware or just opportunistic hackers, while others noted the attack only targeted Chromium-based browsers, not Safari, which seemed like a sloppy gap. One tangent spun off into the Arch Linux wiki's own terminal-based CAPTCHA, which normalizes pasting commands from a website—exactly the behavior the malware exploits—prompting a side-discussion about how dangerous that pattern is even when the source is trusted.
Sam Altman Won in Court Against Elon Musk. But, We All Lost [comments]
119 points · 131 comments · www.newyorker.com · 18h ago
The New Yorker piece is a scathing, literary takedown of the Altman-Musk trial, framing it as a farce where two billionaires’ egos—buttressed by $5,000-an-hour expert witnesses and literal butt pillows—eclipsed any real discussion of AI governance. The HN comments immediately pushed back on the headline’s framing, pointing out that Altman didn’t “win” on the merits; Musk’s entire case was dismissed on a statute of limitations technicality, meaning he lost because he waited too long to sue, not because his claims of a stolen charity were baseless. A strong faction argued that the real story isn’t the courtroom drama but the underlying reality that AI is here to stay regardless of OpenAI’s fate, calling the article’s tone a desperate fantasy among literati hoping to “Theranos” the technology away. Others countered that the hype *is* a scam—pointing at inflated valuations, subsidized coding agents, and a culture of lying—while a split emerged over whether current LLMs constitute “basically AGI” or are just really good at fooling people, with no resolution in sight.
Generated 2026-05-23 08:23 UTC
Generated by Sauron from Hacker News discussions and linked articles.