Ttl;dr HNabout
1.Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc(twitter.com)
582 points by heldrida 1 day ago | 547 comments
tl;dr: Summary not available
HN Discussion:
  • Rust rewrite will improve Bun's stability and reduce memory bugs from Zig
  • LLMs combined with Rust's type system make rapid code porting feasible
  • Distrust of Bun's leadership and decision-making, abandoning Zig seems reactive
  • Speed of AI-assisted rewrites is concerning; quality and downstream effects unclear
  • ~Compute access becomes a major competitive advantage in software development
2.Show HN: Building a web server in assembly to give my life (a lack of) meaning(github.com)
294 points by imtomt 23 hours ago | 137 comments
tl;dr: ymawky is a static-file HTTP server written entirely by hand in ARM64 assembly for macOS, using only syscalls (no libc) and a fork-per-connection model. It supports GET/PUT/DELETE/OPTIONS/HEAD, range requests, MIME detection, atomic PUT uploads up to 1GiB, path traversal protection, and slowloris mitigation via timeouts. Porting to Linux is non-trivial due to macOS-specific syscall conventions, struct layouts, Mach-O relocations, and direct use of sigaction's sa_tramp field to bypass libc.
HN Discussion:
  • Lamenting the decline of human craftsmanship in programming due to AI/LLMs
  • Inspired to pursue similarly challenging low-level projects to resist vibe-coding culture
  • Pure admiration for the hacker spirit and craftsmanship of the project
  • Technical observation that assembly programming isn't fundamentally different from higher-level coding
  • Curiosity about practical performance benchmarks compared to mainstream web servers
3.Internet Archive Switzerland(blog.archive.org)
616 points by hggh 1 day ago | 101 comments
tl;dr: The Internet Archive has launched a new independent Swiss non-profit foundation, Internet Archive Switzerland, based in St. Gallen, joining sister organizations in Canada and Europe. Initial priorities include preserving endangered archives and archiving generative AI models through a partnership with the University of St. Gallen's School of Computer Science, led by Prof. Damian Borth. The effort ties into a planned UNESCO conference on endangered archives in Paris in November 2026.
HN Discussion:
  • IA should adopt a Usenet-style distributed peering model to resist takedowns
  • The new Switzerland site looks unprofessional with template filler text and no actual archive content
  • Distributed international backups strengthen IA's mission and resilience
  • Concerns about IA hosting copyrighted content creating legal liability
  • ~Community should build P2P archive solutions instead of just complaining
4.I’ve banned query strings(chrismorgan.info)
424 points by susam 1 day ago | 227 comments
tl;dr: Summary not available
HN Discussion:
  • Confusion about why tracking query strings are harmful or who benefits from adding them
  • Penalizing users with 414 errors is misguided since they didn't add the query string
  • Technical clarification that query strings have no strict format definition in standards
  • Support for blocking tracking parameters, with suggestions for alternative responses like teapot codes or PoW pages
  • Users want tools to automatically strip tracking parameters from shared links
5.Zed Editor Theme-Builder(zed.dev)
226 points by cuechan 1 day ago | 66 comments
tl;dr: Summary not available.
HN Discussion:
  • Theme builder addresses long-standing customization gaps that previously prevented Zed adoption
  • Zed's default themes lack contrast and feel dull compared to alternatives
  • ~Zed is close to ideal but still has gaps in syntax coloring, scrolling, and UI configurability
  • Font rendering on macOS is too thin and inferior to Sublime Text
  • Zed continues winning users over by getting small details right consistently
6.A recent experience with ChatGPT 5.5 Pro(gowers.wordpress.com)
638 points by _alternator_ 1 day ago | 468 comments
tl;dr: Mathematician Tim Gowers reports that ChatGPT 5.5 Pro, given problems from a Mel Nathanson paper on additive number theory, produced PhD-level original research in under two hours with no mathematical input from him—improving an existing exponential bound to polynomial. Isaac Rajagopal, whose prior paper the LLM built upon, judged the key idea (using B_h-dissociated sets to control low-order relations) as genuinely original and clever. Gowers argues this raises the bar for novice researchers: gentle "starter" problems may no longer be viable PhD fodder, and mathematical research itself will likely transform within a few years.
HN Discussion:
  • ~GPT-5.5 Pro is a breakthrough for tedious problem-solving but expensive and still error-prone
  • LLMs threaten the traditional path and identity of PhD students and mathematical immortality
  • ~LLMs are useful research aids that catch errors but make conceptual mistakes requiring expert oversight
  • Cultural attitudes about authorship and AI collaboration in math will need to evolve
  • Access inequality to expensive AI tools disadvantages researchers outside elite institutions
7.Distributing Mac software is increasing my cortisol levels(blog.kronis.dev)
306 points by LorenDB 1 day ago | 200 comments
tl;dr: A developer trying to distribute a small Go-based Claude Code utility ran into macOS's quarantine system, which effectively requires a $99/year Apple Developer subscription to avoid—uneconomical for a pay-what-you-want hobby tool. The signup process was further marred by Apple's ID verification rejecting MacBook webcam photos, forcing the author to use an iPhone instead. The author argues the broader code-signing ecosystem (including Windows alternatives like Certum at €209/year) is overpriced gatekeeping that's ripe for a Let's Encrypt-style disruption, ideally allowing government-issued IDs for signing.
HN Discussion:
  • Users can disable Gatekeeper themselves, so developers shouldn't worry about the friction
  • Apple shows contempt for developers with poor docs, breaking changes, and high fees
  • Frustration with Mac development drove a switch to Linux for easier software distribution
  • Code signing friction and fees are justified to deter rising malicious software threats
  • ~Complaints about macOS xattr are hypocritical when Linux requires similar manual steps
8.EU Parliamentary Research Service calls VPNs "a loophole that needs closing"(cyberinsider.com)
574 points by muse900 1 day ago | 395 comments
tl;dr: The European Parliamentary Research Service has labeled VPNs a "loophole" in age-verification laws, citing surges in VPN downloads after the UK and US states enacted child-safety rules requiring age checks. The report floats restricting VPN access to verified adults—an idea already backed by England's Children's Commissioner but opposed by privacy advocates—and notes Utah recently passed a law defining user location by physical presence rather than IP. Future updates to the EU Cybersecurity Act may introduce VPN-related child-safety requirements.
HN Discussion:
  • Age verification laws are a slippery slope toward authoritarian censorship like in China
  • The headline misrepresents the report, which merely describes an ongoing debate
  • Governments ignore real problems like tax fraud while targeting VPNs and ordinary users
  • Real motives behind anti-VPN efforts are commercial interests like streaming rights
  • ~Age verification could be implemented privately without identity disclosure, making it less harmful
9.LLMs corrupt your documents when you delegate(arxiv.org)
417 points by rbanffy 1 day ago | 164 comments
tl;dr: Researchers introduce DELEGATE-52, a benchmark simulating long delegated document-editing workflows across 52 professional domains. Testing 19 LLMs, they found even frontier models (Gemini 3.1 Pro, Claude 4.6 Opus, GPT 5.4) silently corrupt ~25% of document content over extended interactions, with degradation worsening based on document size, interaction length, and distractor files. Agentic tool use didn't help, suggesting current LLMs are unreliable for delegated knowledge work.
HN Discussion:
  • Round-tripping content through LLMs causing degradation is unsurprising and already known to experienced users
  • LLMs act like JPEG compression, progressively degrading intent and nuance with each pass
  • ~Solution is to minimize LLM involvement, using it as a thin translation layer to deterministic processes
  • Storing knowledge as composable facts and using LLMs only for final rendering works well in practice
  • The paper's evaluation methodology using invertible round-trips is insightful and reveals interesting failure patterns
10.The hypocrisy of cyberlibertarianism(matduggan.com)
340 points by ColinWright 1 day ago | 301 comments
tl;dr: The author traces the modern internet's problems back to 1990s cyberlibertarian manifestos (notably Barlow's "Declaration of the Independence of Cyberspace" and Gilder/Toffler's "Magna Carta for the Knowledge Age"), which fused radical individualism, free-market absolutism, and tech determinism while promising communitarian outcomes that never materialized. Drawing on Langdon Winner's prescient 1997 critique, the piece argues this ideology conflated individual freedom with corporate freedom, offloaded governance onto unpaid moderators, and enabled today's unaccountable platforms. The cyberlibertarians didn't sell out—they became the monopolies, quietly dropping the rhetoric once they no longer needed it.
HN Discussion:
  • ~Partial agreement with article's critique while still valuing Barlow's Declaration and cyberlibertarian principles
  • Paper maps and pre-internet life weren't actually horrible, contradicting the article's premise
  • Startups exploit legal loopholes then pivot to entrench themselves via regulation, betraying original ideals
  • ~Regulation is needed but politicians lack technical understanding to do it well
  • Cyberspace regulation requires fundamentally different frameworks than territorial nation-state models
11.Using Claude Code: The unreasonable effectiveness of HTML(twitter.com)
471 points by pretext 1 day ago | 260 comments
tl;dr: Summary not available
HN Discussion:
  • HTML hinders human co-authoring and editing compared to Markdown's simplicity
  • Single-file HTML enables shareable, self-contained tools that anyone can modify with an LLM
  • HTML is less token-efficient and harder to give precise feedback on than Markdown
  • ~Markdown with inline HTML or extensions like MDX offers the best middle ground
  • HTML artifacts provide an editable, renderable source-of-truth ideal for laypeople and LLMs alike
12.Meta's embrace of AI is making its employees miserable(nytimes.com)
397 points by JumpCrisscross 1 day ago | 434 comments
tl;dr: Summary not available
HN Discussion:
  • Meta's surveillance of employees is hypocritical given their own privacy practices
  • Meta has a toxic work culture driven by Zuck's whims and yes-men
  • AI use in workplace communication degrades information quality and social norms
  • Management exploits weak labor markets to treat engineers as fungible
  • AI is more enjoyable and productive at smaller companies or solo work
13.Google broke reCAPTCHA for de-googled Android users(reclaimthenet.org)
1465 points by anonymousiam 2 days ago | 548 comments
tl;dr: Google's updated reCAPTCHA now requires Google Play Services 25.41.30+ on Android to complete QR-code verification challenges, causing automatic failures for users on GrapheneOS and other de-Googled ROMs. iOS users face no equivalent requirement, completing verification natively on iOS 16.4+, which suggests the dependency is about ecosystem lock-in rather than security. The Play Services requirement was quietly added around October 2025 and only recently surfaced via a Reddit post on r/degoogle.
HN Discussion:
  • Technical analysis of reCAPTCHA as remote attestation enabling device tracking through Google's servers
  • ~Personal experience navigating de-Googled life and self-hosting alternatives despite friction
  • Google is abusing market power in anti-competitive monopolistic behavior warranting regulatory action
  • This excludes billions of users on Huawei, Xiaomi, and Amazon devices, not just privacy enthusiasts
  • Web is being ruined by forced KYC-style verification eliminating anonymous browsing and non-smartphone users
14.France moves to break encrypted messaging(reclaimthenet.org)
201 points by Cider9986 1 day ago | 106 comments
tl;dr: France's parliamentary intelligence delegation has formally recommended weakening end-to-end encryption on platforms like WhatsApp, Signal, and Telegram to give magistrates and intelligence agents targeted access to messages. Senator Cédric Perrin is pushing a "ghost participant" approach—silently adding an invisible state observer to conversations—reviving GCHQ's widely-rejected 2018 proposal, while dismissing cryptographers' long-standing argument that no backdoor can be limited to "good guys" only. A competing Senate amendment that would prohibit such backdoors has stalled in the National Assembly, and the EU Commission is reportedly working on a technical roadmap for implementing such access.
HN Discussion:
  • The article is more nuanced than the title suggests, with France actually leaning toward protecting encryption
  • The article conflates different messaging apps and misrepresents their encryption properties
  • Politicians won't understand encryption's value until disasters from weakening it occur publicly
  • Banning encryption is absurd and equivalent to banning private languages or whispering
  • Anti-encryption laws are tools for governments to suppress future dissent and protest
15.What causes lightning? The answer keeps getting more interesting(quantamagazine.org)
203 points by Tomte 4 days ago | 47 comments
tl;dr: Lightning's initiation remains unsolved: thunderstorm electric fields are only about one-tenth the strength needed to ionize air the way lab sparks do, yet bolts form constantly. Researchers, many from astrophysics, are converging on a theory involving high-energy processes, including relativistic "runaway" electron avalanches that cascade via gamma rays and positrons, amplifying the electric field enough to trigger a strike. The idea also explains mysterious gamma-ray flashes detected from thunderclouds since 1994, though the field is still debating the details.
HN Discussion:
  • Curiosity about specific visual phenomena like the colors in induced lightning strikes
  • ~Reflection on how new theories may echo ancient mythological explanations of lightning
  • Article is incomplete by ignoring sprites, blue jets, ball lightning, and upward strikes
  • Recommends complementary reading like Feynman's lecture on atmospheric electricity
  • Summarizes the cosmic ray/electron avalanche theory as the article's key takeaway
16.GrapheneOS fixes Android VPN leak Google refused to patch(cyberinsider.com)
288 points by Georgelemental 1 day ago | 112 comments
tl;dr: GrapheneOS has patched an Android 16 VPN bypass that leaked users' real IP addresses even with "Always-On VPN" and lockdown mode enabled. The flaw, in a new QUIC connection teardown feature, let any app with basic INTERNET permissions register arbitrary UDP payloads that system_server would transmit outside the VPN tunnel. Google classified the issue as "Won't Fix," prompting GrapheneOS to disable the optimization entirely; stock Android users can only mitigate it manually via ADB.
HN Discussion:
  • Google's refusal to classify this as a security issue is technically indefensible given system_server's privileged role
  • Google's business model incentivizes surveillance, so they intentionally avoid fixing privacy-protecting features
  • Stock Android has become spyware that would have been called malicious in the past
  • ~GrapheneOS adoption is hindered by hardware costs and confusing package manager fragmentation
  • Questioning Google's disclosure timeline and why the embargo was honored despite refusal to patch
17.The React2Shell Story(lachlan.nz)
218 points by mufeedvh 2 days ago | 47 comments
tl;dr: A security researcher discovered a critical RCE vulnerability (CVE-2025-55182, dubbed "React2Shell") in React's Flight protocol, used by Next.js for Server Components/Functions, after going down a rabbit hole trying to understand the undocumented protocol. The exploit chain abused Flight's lenient property lookup (including prototype chain access) and "thenable" handling in `await`, ultimately allowing attackers to hijack React's internal Chunk state to call `Module._load` and execute arbitrary code. Meta triaged and patched it within ~17 hours of disclosure on November 30, 2025.
HN Discussion:
  • Praise for the security researcher's responsible disclosure and collaboration with Meta's team
  • Skepticism about React Server Components blurring frontend/backend boundaries
  • Admiration for the rapid triage and response time on the disclosure
  • ~Frustration with the protocol being undocumented, complicating compromise detection
  • Appreciation for insights into the economics of white-hat hacking and bug bounty programs
18.Getting arrested in Japan(sundaicity.com)
206 points by bane 1 day ago | 247 comments
tl;dr: A first-hand account of Japan's pre-charge detention system, where suspects can be held in police-run facilities (kōchi-sho) for up to 23 days per arrest—often extended via additional charges—under harsh conditions designed to pressure confessions: constant surveillance, bright lights, sleep disruption, minimal food, near-total isolation, and Japanese-only communication. The author spent 35 days detained across two arrests (both eventually dropped), describing rigid rules, bad food, and severe psychological strain, and warns travelers to contact their embassy immediately if arrested.
HN Discussion:
  • Author omits their actual charge, which is critical context for evaluating treatment
  • Japan's detention system constitutes hostage justice with medieval, inhumane conditions
  • Visitors should know and follow local laws; punishment is why Japan stays safe
  • Cultural comparison noting Koreans typically favor harsh punishment over detainee rights
  • ~Practical advice: dress and behave well to avoid police suspicion
19.Singapore introduces caning for boys who bully others at school(theguardian.com)
377 points by rustoo 4 days ago | 605 comments
tl;dr: Singapore has introduced new guidelines allowing male students aged 9 and up to receive up to three cane strokes as a "last resort" punishment for bullying, including cyberbullying. Caning must be approved by the principal and administered by authorized teachers, while female students will instead face detention, suspension, or grade adjustments. The move follows a year-long review prompted by high-profile bullying incidents, though groups like UNICEF and WHO oppose corporal punishment, citing harm to children's health and development.
HN Discussion:
  • Alternative non-physical punishments tailored to bullies are more effective than corporal punishment
  • Caning will lead to escalation, abuse of power, and fear in classrooms
  • Applying caning only to boys is sexist and unfair since girls also bully
  • Physical consequences teach accountability and work better than soft approaches
  • Bullying accusations could be weaponized to get innocent students caned
20.US Government releases first batch of UAP documents and videos(war.gov)
329 points by david-gpu 2 days ago | 520 comments
tl;dr: Summary not available
HN Discussion:
  • Footage shows mundane objects like balloons, birds, missiles, and camera artifacts, nothing remarkable
  • Release is political distraction or propaganda weaponizing UFO believers for political leverage
  • Dataset and documents offer valuable material for independent analysis and research
  • ~Most interesting content is operational ISR intelligence details about Iran, not UAPs themselves
  • Some sightings like the FBI ellipsoid object are genuinely intriguing and exciting