Jul 7Wednesday, July 8, 2026 · all days
1.Tenda firmware (multiple versions) contains hidden authentication backdoor(kb.cert.org)
242 points by miniBill 12 hours ago | 78 comments | permalink
tl;dr: Multiple Tenda router firmware versions contain a hardcoded authentication backdoor (CVE-2026-11405) in the httpd binary's login() function: if normal MD5 password auth fails, it falls back to a plaintext strcmp against a value stored in `sys.rzadmin.password`, granting admin-level access with any username. The vendor could not be reached, so no patch exists; recommended mitigations are disabling remote management and changing the default LAN IP.
HN Discussion:
  • Vendor firmware is untrustworthy; users should install OpenWRT or avoid such devices entirely
  • Provides additional technical context, such as the backdoor password value or firmware encryption
  • This reflects incompetence rather than malice, given the amateurish nature of the backdoor
  • Avoid Chinese-manufactured networking gear entirely due to recurring security issues
  • ~Skepticism that Western networking vendors are any more trustworthy than Chinese ones
2.GAO: DOE Is Prematurely Excluding Less Expensive Options for Nuclear Cleanup(gao.gov)
216 points by Jimmc414 13 hours ago | 102 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • Praises the GAO report's clarity and communication quality
  • Clarifies the contamination is mercury-related, not radioactive
  • Laments the wasted two billion dollars that could be saved
  • Skeptical of nuclear technology and long-term waste containment feasibility
  • Suspicious that loosening cleanup rules serves tech/military interests
3.Chat Control 1.0 and 2.0 Explained(fightchatcontrol.eu)
707 points by gasull 21 hours ago | 285 comments | permalink
tl;dr: Chat Control 1.0, the EU's voluntary message-scanning derogation, expired in April 2026 after Parliament rejected its extension, but the Council is now attempting an unprecedented revival by pushing an identical "new" law through an expedited procedure — with a binding Parliament vote on July 9 requiring 361 MEPs to block it. Meanwhile, Chat Control 2.0, the permanent CSA Regulation proposed in 2022, remains deadlocked after five failed trilogues, with encryption and suspicionless scanning still the sticking points. The Council's own legal service has warned that even "voluntary" generalised scanning likely violates Article 7 of the EU Charter.
HN Discussion:
  • Mass surveillance law is disproportionate overreach that harms everyone to target few offenders
  • Technical questions about how scanning works with E2E encryption and client-side scanning
  • ~Requests for evidence of abuses from CC1.0's two years of operation before condemning it
  • Governments' hypocrisy suggests child protection is a pretext for surveillance
  • ~Broader anti-democratic trends in EU (like party bans) are even more concerning
4.Local, CPU-Friendly, High-Quality TTS (Text-to-Speech) with Kokoro(ariya.io)
435 points by speckx 17 hours ago | 83 comments | permalink
tl;dr: Kokoro is an 82M-parameter TTS model that produces high-quality multilingual speech entirely on CPU, easily deployable via the Kokoro-FastAPI Docker container which exposes an OpenAI-compatible speech API on port 8880. Benchmarks show it's fast even on old hardware—generating a short paragraph in 4.7s on a 12-year-old Intel i7-4770K and 1.5s on a Ryzen 7 8745HS. For users needing STT as well, the Speaches container bundles both Kokoro and Whisper.
HN Discussion:
  • Users praise Kokoro's quality and CPU-friendliness, sharing successful personal use cases like ebook/article reading
  • ~Kokoro has limitations such as poor short-word pronunciation and limited language support
  • Other TTS models (Chatterbox, Fish Audio, Pocket TTS) offer more features like voice cloning and emotional control
  • Developers are building their own tools and optimizations around Kokoro (browser extensions, mobile ports, games)
  • Kokoro punches above its weight compared to other TTS models per benchmarks
5.30papers.com – Ilya's 30 essential ML papers, in a beginner friendly format(30papers.com)
551 points by notmcrowley 20 hours ago | 85 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • Skepticism about the list's provenance and the quality of the vibe-coded website
  • Author responding to feedback and explaining the project's origin as a helpful side project
  • ~Suggestions for improvement like logical reading order or complementary resources
  • Provenance doesn't matter since the papers are genuinely valuable pedagogical resources
  • Sharing related supplementary resources like reviews, talks, and audio versions
6.Herdr: One terminal to rule them all(herdr.dev)
305 points by handfuloflight 6 days ago | 136 comments | permalink
tl;dr: Herdr is a terminal multiplexer purpose-built for coding agents, letting you run multiple agents (Claude Code, Codex, Cursor, etc.) in persistent PTY sessions on any machine and attach from any terminal, including over SSH from a phone. Unlike tmux/Zellij, it understands agent state (blocked/working/done) and exposes a CLI and JSON socket API so agents can orchestrate panes themselves. It's a single binary with no Electron, account, or telemetry, available on Linux/macOS with a Windows preview.
HN Discussion:
  • Tmux users frustrated with managing many agents find Herdr's agent-aware features compelling enough to try
  • Enthusiastic adopters praise Herdr's UX and landing page as a modern, novice-friendly tmux replacement
  • Skeptics question what real value Herdr adds beyond tmux besides agent status notifications
  • ~Users point to existing alternatives like Supacode, ghostel, or custom tmux setups that solve similar problems
  • Calls for a standardized protocol so switching between these agent-terminal tools becomes easier
7.Show HN: Davit, a Apple Containers UI(davit.app)
322 points by xinit 17 hours ago | 76 comments | permalink
tl;dr: Davit is a free, open-source native SwiftUI app for Apple's container platform, providing a GUI to manage Linux containers on Apple Silicon without Docker Desktop. It communicates directly with Apple's container daemon via XPC, offering container/image/volume management, streaming logs, in-container file browsing, terminal access, and registry logins. Unlike Docker Desktop's persistent VM, Apple's engine boots a lightweight per-container VM, and Davit itself is a ~17MB app that can auto-install the platform without admin rights.
HN Discussion:
  • App is solid, well-built, and impressively lightweight with good native feel
  • Questions whether Apple Containers offers advantages over existing tools like OrbStack
  • ~Requests for feature improvements like tutorials, terminal choice, and bug fixes
  • Wishes Apple would add Docker API compatibility to make the ecosystem easier
  • Reflection on AI-assisted development enabling rapid creation of quality tools like this
8.Every new car sold in the European Union must include a driver monitoring camera(allaboutcookies.org)
681 points by nickslaughter02 15 hours ago | 863 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • Modern car UX with beeps and driver aids is annoying and poorly designed
  • Driver monitoring cameras misclassify normal driving behavior causing dangerous false alarms
  • Driver monitoring works well and could genuinely save lives
  • Mandate is a slippery slope toward surveillance in other devices and commercial exploitation
  • Road deaths justify minor interventions like monitoring; complaints about fun are misplaced
9.StreetComplete: Fixing OpenStreetMap, one tiny quest at a time(streetcomplete.app)
781 points by kls0e 23 hours ago | 196 comments | permalink
tl;dr: StreetComplete is a mobile app that gamifies contributing to OpenStreetMap by surfacing nearby missing data as simple "quests." Users visit the location, answer a straightforward question, and the app submits the edit directly to OSM under their account—no separate editor required.
HN Discussion:
  • Enthusiastic users sharing positive experiences using StreetComplete to contribute to OSM
  • ~App is great but limited; users want more editing capabilities beyond simple labeling
  • Recommending complementary OSM contribution tools like Every Door
  • Concerns about OSM licensing allowing commercial players like Google to benefit one-way
  • Ideas for scaling data collection via dashcams/AI or expanding crowdfixing to other domains
10.Microsoft fire idTech team at Id software(gamefromscratch.com)
609 points by bauc 20 hours ago | 548 comments | permalink
tl;dr: Microsoft has laid off most or all developers working on the idTech engine at id Software as part of a massive Xbox restructuring that will eliminate roughly 3,200 roles through FY27, including 1,600 immediately, plus divest four studios. The cuts include 20+ year id veteran Michael Maynard, raising questions about the future of idTech, one of the most influential game engines in FPS history.
HN Discussion:
  • Layoffs reflect cost-cutting strategy to replace expensive in-house engine expertise with cheap UE5 contractors
  • Microsoft blundered by not open-sourcing idTech, handing Epic a game engine monopoly
  • Microsoft is destroying unique studio cultures and homogenizing acquired studios into generic content factories
  • Article lacks evidence that idTech coders were specifically let go, and talent may thrive outside Microsoft
  • Loss of idTech weakens Vulkan adoption on Windows and pressure on GPU vendors to optimize drivers
11.A better way to tie gym shorts (or any drawstring) [video](youtube.com)
508 points by surprisetalk 23 hours ago | 173 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • Tried the knot but abandoned it after issues with unwanted tightening
  • Endorses the knot as effective, especially for slippery drawstrings
  • Identifies the knot and provides technical context (Lapp Knot)
  • ~Suggests alternative knots are more useful or situational
  • Rejects the knot due to practical laundry concerns with drawstrings
12.98% isn't much(whynothugo.nl)
503 points by speckx 23 hours ago | 331 comments | permalink
tl;dr: 98% support sounds high, but for basic expectations it's actually terrible—leaving out millions of users or, in the author's real case, 30% of a specific site's audience despite a feature being "widely supported" globally. Robust engineering should gracefully handle edge cases rather than treat 2% failure as acceptable, since general population statistics don't map cleanly to any given site's actual visitors.
HN Discussion:
  • 98% is acceptable; diminishing returns make chasing edge cases impractical for business
  • Percentages mislead; odds-notation reveals how significant that 2% gap really is
  • Small failures compound and drive away users beyond the immediate 2% affected
  • ~Whether 98% suffices depends on domain—partial credit works for CSS but not safety-critical contexts
  • Treating users as statistics is ethically wrong; each excluded person matters
13.Chat Control passed first round in EU Parliament(heise.de)
577 points by miroljub 20 hours ago | 248 comments | permalink
tl;dr: The EU Parliament voted 331-304 to fast-track a renewed extension of "Chat Control," the expired regulation allowing companies like Meta and Google to voluntarily scan private messages for child sexual abuse material. A final vote is scheduled for Thursday, the last session before summer break, where procedural rules require an absolute majority (361 votes) to reject or amend—making passage likely as many MEPs have already left. Critics, including Pirate and AfD MEPs and IT security researchers, call it a procedural end-run around Parliament's earlier rejections and warn it enables mass surveillance with unreliable AI scanning.
HN Discussion:
  • Procedural manipulation exploits absolute majority rule and MEP absences to force passage
  • Repeatedly retrying rejected legislation is anti-democratic and cynical governance
  • Chat Control will spread globally as other countries copy EU regulations
  • ~Iterative re-legislation is a normal parliamentary process, not necessarily malicious
  • Public apathy and ignorance enables these surveillance overreaches to succeed
14.China sentences official to death for taking $325M in bribes(bbc.com)
327 points by randycupertino 19 hours ago | 401 comments | permalink
tl;dr: A Chinese court sentenced former Nanjing official Yang Youlin to death for accepting $325M in bribes over three decades, along with embezzlement and money laundering convictions. Yang used his positions to help others obtain engineering contracts, land transfers, and financing in exchange for money and valuables. Death sentences for white-collar crimes remain rare in China, typically reserved for cases exceeding 1bn yuan, and Yang's cooperation with authorities was deemed insufficient to warrant leniency given the severity of his offenses.
HN Discussion:
  • China genuinely enforces harsh penalties on white-collar crime when caught
  • This is selective prosecution and political theater, not real anti-corruption
  • Western countries have legalized corruption as lobbying and should adopt similar measures
  • Autocracies tolerate corruption strategically to enable selective prosecution of enemies
  • Other countries like India should adopt similar crackdowns (minus death penalty)
15.The Art of Computer Programming by Donald E. Knuth(www-cs-faculty.stanford.edu)
221 points by archargelod 1 day ago | 56 comments | permalink
tl;dr: Knuth's landing page for The Art of Computer Programming catalogs the current status of all volumes: Volumes 1-3 (fully published), Volume 4A (2011), Volume 4B (2023), Fascicle 7 of forthcoming Volume 4C (2025, on constraint satisfaction), and Volume 5 (Syntactic Algorithms) still in preparation. The page warns readers to only buy the PDF eBook editions since non-PDF versions (Kindle, ePUB) mangle the mathematics, and it links to extensive errata files plus the famous $2.56 hexadecimal reward for finding errors.
HN Discussion:
  • Sharing Knuth's recent preprints and his changing views on generative AI
  • Well-wishes for Knuth's health and longevity to complete his life's work
  • Personal appreciation for reading and owning the volumes
  • Noting the cost and Knuth's practical instructions about error reporting
  • Pride in receiving one of Knuth's famous reward checks
16.Why skilled workers come to Germany and then leave again(dw.com)
264 points by theanonymousone 1 day ago | 728 comments | permalink
tl;dr: A German IAB study found that skilled immigrants leave Germany primarily due to bureaucratic friction (slow visa/naturalization processing, credential recognition delays, high fees), inadequate language support, discrimination, and job mismatches where workers end up in roles below their qualifications. About 60% return home while 40% relocate to competing European countries like Spain and Switzerland. Recruiters argue that pre-arrival German language training and better retention infrastructure—such as the planned federal "Work and Stay" agency—are needed, since English-only pathways rarely lead to sustainable employment in Germany.
HN Discussion:
  • Limited upward mobility and reserved culture prevent immigrants from reaching leadership positions regardless of language skills
  • Social exclusion and lack of belonging make immigrants feel unwelcome even after citizenship
  • Germany's infrastructure decay, economic crisis, and declining conditions make staying less attractive
  • German presumptuousness and outdated self-image prevent acknowledging real problems
  • ~Language learning is essential responsibility of immigrants, though Germans switch to German in social settings excluding expats
17.OpenWrt One – Open Hardware Router(openwrt.org)
810 points by peter_d_sherman 1 day ago | 310 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • OpenWrt is essential for extending router life and gaining capabilities beyond manufacturer support
  • OpenWrt One is a reliable, well-priced device that solves router quality issues
  • ~OpenWrt has usability issues with installation, upgrades, and scattered documentation
  • Alternative open hardware/software options like Turris, OPNSense, and SPR are worth considering
  • OpenWrt has overlooked use cases beyond routing, like device scheduling and SDR
18.CoMaps – FOSS Offline Maps(comaps.app)
773 points by basilikum 1 day ago | 205 comments | permalink
tl;dr: CoMaps is a free, open-source offline maps and navigation app forked from Organic Maps and Maps.me, using OpenStreetMap data. It offers GPS-based search and routing without mobile data, emphasizes privacy (no tracking or data collection, audited by Exodus), and is optimized for battery efficiency. Development is community-driven via Codeberg.
HN Discussion:
  • Positive user experiences with CoMaps for navigation, biking, and map updates
  • Suspicion that CoMaps promotion involves coordinated trash-talking of Organic Maps
  • Concerns about Organic Maps governance justify the CoMaps fork
  • ~OSM-based apps suffer from poor search quality and lack user-generated content
  • Questions about availability, layer/plugin standards, and comparisons with Organic Maps
19.Europe's company websites are mostly served by US vendors(ciphercue.com)
250 points by adulion 1 day ago | 178 comments | permalink
tl;dr: A study of 19,450 European company websites found that US-headquartered vendors serve the majority of primary sites in the UK (67.5%) and Netherlands (53.6%), and a plurality in Italy, Spain, and France, while Germany and Poland resist the trend due to strong domestic hosting industries. Cloudflare is the single largest internet-facing vendor in all seven markets studied. The analysis attributes vendors via AS operator lookups on DNS records, measuring who fronts the site rather than physical hosting location or origin infrastructure.
HN Discussion:
  • ~US vendors operate EU data centers under EU law and dependencies flow both ways
  • Methodology is flawed; analyzing APIs or better data shows different results
  • ~Europe lacks competitive alternatives to US products like Stripe, AWS, and Cloudflare
  • Aggregating Europe as one market ignores vast differences between countries and vendor lock-in nuances
  • Focusing on public web frontends is the wrong starting point for sovereignty discussions
20.Dua Lipa opens library for banned and censored books in Portugal(euronews.com)
294 points by pax 23 hours ago | 238 comments | permalink
tl;dr: Dua Lipa has opened the Manifesto Library, a permanent collection of nearly 100 banned and censored books housed inside Porto's Livraria Lello bookshop as part of the new BABELL – City of Books festival. The collection—organized around themes of power, control, voice, and memory—includes works by Margaret Atwood, Salman Rushdie, and Olga Tokarczuk. The project is an extension of Lipa's Service95 Book Club, and she'll also curate the Southbank Centre's 2026 London Literature Festival.
HN Discussion:
  • Dua Lipa is genuinely intellectual and her star power promoting reading is a societal good
  • ~The framing is misleading since the books aren't banned in Portugal, and grammar/translation of 'library' is questionable
  • The project is a stunt since Livraria Lello is a paid tourist trap, not a real library
  • Europe's inconsistent free speech record undermines the anti-censorship message
  • Defending the concept: featuring books banned elsewhere is a legitimate stand against censorship