Hacker News
The Front Page
Show HN: GAH, programatically add Git hunks
Git Add Hunk (gah) is a non-interactive tool for hunk-based Git staging, designed for AI agents and automation. It allows staging specific code modifications via indices, content anchors, regex patterns, or line ranges without manual prompts. Key features include stable content-based anchors (unaffected by line shifts), dry-run preview, and structured JSON output. Targeted at environments lacking interactive TTY access, like scripting or machine-driven workflows, it overcomes limitations of `git add -p` by programmatically selecting hunks.
A new register allocator for ZJIT
Aaron Patterson announceda new global register allocator for ZJIT, implementing a linear scan algorithm built on Static single-assignment (SSA) form that tracks live ranges and uses interference‑graph concepts to assign physical registers and spill when necessary, enabling values to stay in the same register across basic‑block boundaries, reducing unnecessary loads and stores, supporting method inlining, and still confronting challenges such as lifetime holes that limit aggressive register reuse.
Show HN: Hm – a task runner with a Python DSL, growing into a CI/CD system
Harmont CLI is a command-line client for the Harmont CI platform, an early alpha task runner that offers DAG-based parallel execution, Docker isolation, and layer caching. Unlike traditional CI/CD systems, Harmont allows users to define workflows in Python or TypeScript rather than YAML, enabling instant local execution with Docker containers. The platform supports typed toolchains for languages including Rust, Go, Python, Java, C++, and React, and integrates with GitHub Actions through the harmont-dev/actions-hm action with automatic Docker image caching. The project aims to overcome common CI/CD frustrations by providing a unified experience for local development and continuous integration, maintaining statefulness between pipeline steps without requiring artifact transfers. Currently in development, Harmont remains open-source and dual-licensed under Apache 2.0 and MIT.
I think Anthropic and OpenAI have found product-market fit
Anthropic and OpenAI have achieved product-market fit as their coding‑agent products (Claude Code, Codex) generate massive API usage and enterprise revenue, with pricing changes in November 2025 and April 2026 locking customers into API token pricing that now competes with subscription plans; power‑user costs exceed $1,000 per month, job listings show roughly a third of openings in enterprise sales and support, and SpaceX’s Cloud Services Agreement with Anthropic highlights $1.25 billion per month spend on inference capacity, indicating the labs are moving beyond API revenue to sustainable enterprise income.
Show HN: OAuth 2.0 framework for MCP servers
mcp-authflow is an open‑source OAuth 2.0 authorization server framework written in Python for MCP (Claude, etc.) servers. It issues and introspects access tokens, supporting PostgreSQL or in‑memory storage, RFC‑compliant error handling, PKCE, device‑code flow, private‑key JWT client authentication, and sliding‑window rate limiting. The async‑first design, built on Starlette, includes CORS helpers, input validation for client IDs and scopes, and detailed token‑storage APIs for both access and refresh tokens. Documentation provides quick‑start code, configuration via environment variables, and SQL schema for PostgreSQL deployment.
Chaos Dimension: A themeable mission control for agent orchestration
The webpage discusses **Chaos Dimension**, likely exploring concepts related to complexity and unpredictability. It highlights efforts to analyze and understand intricate systems through mathematical frameworks. The content emphasizes the challenges and insights gained from studying chaotic behavior. Summary not available.
Space-Tree: Workspace Management Trees in Emacs
Content is being fetched
GitHub Actions outage told devs 'your account is suspended'
GitHub Actions suffered a three‑hour outage on May 26 2026, showing the erroneous error message “Your account is suspended”, which halted CI/CD pipelines and left developers stressed; the incident was traced to authentication failures affecting both hosted and self‑hosted runners, the service was restored by 1:18 PM UTC but many workflows remained impacted, underscoring the platform’s growing reliance on Actions despite rising activity and migration considerations.
Codex has dethroned Claude as the king of AI programming
The webpage discusses how *Codex* has surpassed *Claude* as the leading AI programming platform, marking a significant shift in the tech landscape. It highlights the transition in popularity, with *Codex* gaining traction for its performance and evolving features, while *Claude* has faced challenges in maintaining its earlier edge. The article notes developments such as OpenAI's improved *Codex* and Anthropic's strategic moves, emphasizing *Codex*'s growing influence and user adoption. The summary reflects a clear preference for *Codex* over *Claude* in the current AI programming market.
Front-end, regrounded: Why Wraplet might be what you're missing
Wraplet offers a streamlined, type-safe approach to front-end development by wrapping DOM nodes with defined classes and predicting their lifecycle. It simplifies code readability, reduces reliance on hidden frameworks, and supports seamless integration for developers seeking maintainable, clean boilerplate—especially those working on complex projects or libraries. The framework emphasizes predictability, minimizes hidden logic, and allows both humans and AI tools to easily understand and debug the codebase.
NASA selects Jeff Bezos's Blue Origin for first of three uncrewed lunar missions
Nasa has selected Blue Origin of Jeff Bezos for the first of three uncrewed lunar missions slated for 2026 as part of a $20bn moon base initiative, with the cryogenic cargo lander Endurance to deliver scientific payloads to the Shackleton de Gerlache Ridge near the moon’s south pole, marking the first privately funded lunar landing and supporting a roadmap toward a permanent presence by 2032 along with additional contracts with firms such as Lunar Outpost and Firefly Aerospace.
Enlicitide lowers LDL by 60% with little side effect
Merck's experimental cholesterol-lowering drug enlicitide significantly reduced LDL ("bad") cholesterol by up to 60% in a major study of over 2,900 high-risk patients, offering a potential oral alternative to injectable PCSK9 inhibitors. The pill, which must be taken on an empty stomach, showed no safety risks compared to placebo and maintained its effectiveness over a year, according to research published in the New England Journal of Medicine. Funded by Merck and fast-tracked by the FDA, enlicitide could benefit millions who struggle with statin-resistant cholesterol, though a larger 14,000-patient trial is underway to confirm whether the cholesterol reduction translates to fewer heart attacks and strokes. Current treatments like PCSK9 inhibitors are underutilized due to injection requirements and complexity, while statins remain the standard despite limitations in some patients.
Google Replaces Fitbit App with Terrible AI Garbage, Being Review Bombed
Google has officially discontinued the Fitbit app in favor of a revised health-focused version called Google Health, after widespread negative feedback highlighting its poor performance, lack of features, and issues with AI integration. Users are forced to migrate to this new app, which is met with criticism for inaccuracies, bugs, and a confusing user interface. The transition reflects broader concerns about technology companies prioritizing AI over user experience and durability.
Tell HN: Submission titles should indicate entirely-AI-generated content
Hacker News users have observed a notable increase in front‑page articles that are entirely AI‑generated, and they express concern that such vapid content detracts from the site’s emphasis on long‑form discussion; they recommend that submission titles be revised when sufficient community reports and evidence confirm full AI authorship, noting that while no detector is perfect, agreement among multiple detectors supports the change.
South Korea detains dissident who fled China in rubber boat
to South Korean authorities detained Dong Guangping, a 68-year-old Chinese dissident and former police officer, after he crossed into Korean waters in a rubber boat following a 30-hour journey from China. Dong, who had been imprisoned multiple times in China for activism linked to commemorating the Tiananmen Square crackdown, had previously attempted to flee three times but was deported each time. Rescued by South Korea’s coast guard after a fishing boat spotted him near Taean, he faces immigration charges, while human rights groups urge Seoul to grant him political asylum or facilitate relocation to Canada, warning of persecution risks if returned to China.
A naked microblogging app built on open-standards
Veenew (formerly Veeblog) is a microblogging platform designed to blend simplicity with flexibility, supporting traditional blogs, essays, and personal websites through Markdown formatting and open standards like ActivityPub and RSS for Fediverse integration. It emphasizes distraction-free writing by eliminating likes, comments, and follower counts, while offering instant setup via a subdomain or custom domain upgrade. The platform is entirely ad-free, provides automatic RSS feeds, and ensures data ownership with free content export. Core features remain free indefinitely, with a one-time $36 payment required for advanced options like custom domains or analytics.
AI agents imperiled by critical vulnerability in open source package
A critical vulnerability named "BadHost" (CVE-2026-48710) in the open-source framework Starlette, which receives 325 million weekly downloads, poses a severe risk to millions of AI agents and servers. The flaw allows hackers to bypass authentication and gain access to sensitive data by injecting a single character into the HTTP Host header, enabling unauthorized access to systems using Starlette-based tools like FastAPI, vLLM, and LiteLLM. This exposes credentials and data from sectors including healthcare, finance, and cybersecurity, with researchers warning the vulnerability's severity rating of 7/10 understates its potential impact. The issue stems from Starlette's failure to validate Host header values, leading to inconsistent URL interpretation and enabling SSRF and remote code execution. A patch was released in Starlette 1.0.1, but many systems remain vulnerable, prompting urgent calls for updates and scanning via tools from X41 D-Sec and Nemesis.
PostHog will train AI models with your data (opt-in by default)
The content discusses the process of training AI models within PostHog, highlighting efforts to enhance Product OS pricing, build smarter and more proactive products, and improve features like session replay and synthetic user testing. It emphasizes transparency about data usage, user opt-in/out options, and the company's commitment to making tools simpler and more powerful. The summary captures key initiatives aiming to leverage PostHog's data for better product development and customer value.
Show HN: Turn your Google accounts into a free, load-balanced LLM API gateway
OpenGem is a free, open‑source API gateway that lets users expose a local, load‑balanced Gemini interface while also supporting OpenAI Chat Completions and Anthropic Messages endpoints, allowing most SDKs to switch providers by changing only the base URL. A Next.js admin console provides setup wizard, account management, API key creation, usage dashboards, logs, and a chat playground, backed by a local SQLite or optional Firebase Firestore database. The gateway automatically rotates Google accounts with cooldowns, handles quota limits, retries, and reactivates accounts, and offers streaming, function calling, system prompts, and tool payloads across all supported surfaces. Endpoints mirror native Gemini (`POST /v1beta/models/{model}:generateContent`), OpenAI (`POST /v1/chat/completions`, `GET /v1/models`), and Anthropic (`POST /v1/messages`) APIs, with secure JWT admin sessions, rate limiting, and Helmet headers. The project is built with TypeScript Express for the backend and a static Next.js export for the UI, packaged for Node 22.5+ and deployed locally or behind a trusted reverse proxy. The repository, released under MIT, includes full documentation, a setup guide, and example code for each vendor.
University of California STEM professors call for reinstating SAT in math
The page outlines document procedures, emphasizing clear guidance via its contact, while clarifying its independence from UC ties.
Palantir's Grip on Europe Could Be Deadly, Here Is Why
Palantir dominates Europe’s defence AI landscape, with its Maven Smart System now embedded in NATO’s command structure and contracts running through the UK, France, Spain and Poland, while the U.S.‑based company’s data‑fusion platform underpins day‑to‑day operational decisions for European forces. Despite a €1.07 billion European Defence Fund push aimed at creating sovereign solutions, the Commission’s investment largely funds research rather than the command‑and‑control software that European militaries lack. Germany has begun rejecting Palantir contracts, but other Euro‑states continue to deepen ties, underscoring a growing reliance on U.S. tech. Experts argue that filling the €150‑to‑200 billion €2020–2030 deficit required to build an independent European C2 ecosystem would take years and far more money than current funding, leaving many European armies effectively dependent on American software that operates outside EU regulation.
Matching Hashes: Reproducing the Guix-Built Bitcoin Core Release Binary with Nix
A Bitcoin developer b10c successfully reproduced a Guix-built Bitcoin Core v31.0 bitcoind binary using Nix, achieving an identical SHA256 hash after a three-year project. This demonstrates that Bitcoin Core's build process is deterministic enough that independently constructed toolchains can produce bit-for-bit identical binaries. The breakthrough came when the developer employed AI tools (Claude Code) which took approximately 1.5 weeks of processing time and produced around 80 commits, though the AI used some shortcuts like hardcoding byte replacements in glibc ELF notes. While the author won't continue this work, they note that matching other binaries like bitcoin-cli and cross-compiling for other platforms could be future extensions.
It's so over for finance bros, I made an AI agent that does a 100K analyst job
EDGAR Analyst is an AI agent designed to search and analyze SEC EDGAR filings, enabling users to extract line items, compare filings across periods with word-level redlines, and analyze companies. The tool processes documents 8× faster than manual review, delivers analysis in under 60 seconds, and provides citation-grounded answers from over 22 million filings since 1993. Key features include natural language queries across any company or period, table extraction, cross-company reasoning, and real-time monitors that trigger alerts when filings are posted. While offering a free EDGAR reader forever, advanced features require a paid subscription. The platform serves hedge funds, asset managers, sell-side analysts, and corporate development teams, providing insights that would traditionally require hours of manual document review.
Slick Lorem Ipsum Generator
The webpage displays information about *Lipsum Lorem*, a popular text generation service, highlighting its role as a fast imputation tool for previewing text content. It emphasizes the platform's functionality for creating placeholder text quickly. Summary not available.
Recruit cracked engineers using GitHub
Powerset Research has released a public GitHub dataset containing approximately 400,000 active repositories to help companies identify and recruit top open source developers, with the data updated daily through a Modal cron job and published as a frozen DuckLake instance on Cloudflare R2. The dataset includes repository information, contributors, activity metrics, stars, languages, and project metadata, and can be queried either through an MCP-compatible endpoint for conversational AI agents like Claude or OpenAI Codex, or directly via DuckDB using SQL queries. Portfolio founders and recruiters can use the data to answer questions like finding impressive systems architects in specific locations, matching candidates to engineering roles, or tracking fastest-growing terminal coding agents, with setup instructions and documentation provided in their research repository.
CSS vs. JavaScript
Inhis post, Josh W. Comeau explains that native CSS keyframe animations run on a separate thread and stay smooth even when the main thread is busy, whereas plain JavaScript animation loops share that thread and can freeze under load; libraries such as Motion sidestep this by using the Web Animations API to run on a background thread, while GSAP offers richer features but can get out‑of‑sync during jank; he notes download overhead for JS libs, recommends using CSS whenever possible and resorting to purpose‑built libraries only when CSS limits are hit, and points readers to his Whimsical Animations course for deeper learning.
DuckDuckGo search saw 28% more visits after Google said people love AI mode
DuckDuckGo’s AI-free search page (noai.duckduckgo.com) experienced a 22.7% average week-on-week traffic increase from May 20 to 25, peaking at 27.7% on May 24, following Google CEO Sundar Pichai’s claim that users “love Search’s AI Mode.” The DuckDuckGo mobile app saw U.S. installs rise 18.1% week-on-week, with iOS downloads spiking 33% (peaking at 69.9%), as reported by TechCrunch. CEO Gabriel Weinberg criticized Google’s forced AI integration, emphasizing DuckDuckGo’s focus on user choice and privacy, stating, “People just want a choice.” While DuckDuckGo holds ~2% of the U.S. search market versus Google’s 85%, the surge reflects growing user pushback against AI-driven search results. DuckDuckGo also offers AI tools like duck.ai for private LLM interactions, balancing privacy with optional AI features.
Stress disrupts hippocampal integration of overlapping events, memory inference
Summary not available.
Show HN: Workplane – collaborative filesystem for humans and AI
The webpage focuses on simplifying the process of sharing AI-generated artifacts with humans and agents using Workplane. It emphasizes ease of use, allowing users to publish documentation, presentations, and screenshots directly from popular AI tools with a single click. The platform ensures artifacts are visible to authorized reviewers, support revisions, and are integrated with existing workflows, enhancing collaboration without technical complications.
Show HN: Demon – open-source real-time music diffusion engine, 25Hz local GPU
DEMON is a streaming diffusion engine for real-time music generation built on ACE-Step v1.5 models. The system uses a ring buffer of in-flight generations with per-slot timestep schedules, advanced by batched decoder forward passes. After warmup, each tick produces a finished song latent. DEMON supports various solver-side parameters at 25Hz frame resolution, including source preservation, velocity scaling, and classifier-free guidance. Native TensorRT engines handle 60-240 second songs with sliding windows for longer pieces. The decoder supports hot-swapping LoRAs without rebuild. Performance metrics on RTX 5090 show throughput ranging from 8.9 to 12.3 generations/second depending on pipeline depth, with per-tick latency from 14.0 to 81.1ms. The system demonstrates features like live timbre control, prompt blending, LoRA refitting, and agentic control through an MCP server.
How to set up PostHog: GDPR, CCPA, and global privacy laws
PostHog can beintegrated to respect GDPR, CCPA, and other privacy regulations through two approaches: a cookieless‑only mode that uses server‑side hashing to count visitors while losing features like identify(), session replay, surveys, and GeoIP enrichment, or a consent‑aware mode that relies on the Probo cookie banner to automatically detect the applicable regulation and consent type (opt‑in for EU‑style regimes, opt‑out for CCPA‑style), respect existing consent stored in the probo_consent cookie, trigger a probo‑ready event before initializing PostHog, ensure analytics are captured only when consent is granted, and enable the project setting “Cookieless server hash mode” to maintain unique‑visitor counts for rejected users.
Microsoft wants safer C# without turning it into Rust
Microsoft is introducing a new memory-safe model for C# in C# 16 (scheduled for late 2027) that will redefine the unsafe keyword, making the language more like Rust while retaining automatic memory management. The update will require methods marked as unsafe to propagate that context to their callers, unless suppressed by an explicit unsafe block, and will restrict the unsafe designation to individual methods rather than entire types. Pointer usage itself won’t be unsafe, only dereferencing memory, aiming to make unsafe code more visible and easier to review. The changes are opt-in for developers but will apply to Microsoft’s .NET runtime libraries, with potential future enforcement. While business application developers who avoid unsafe code will see no impact, the shift reflects Microsoft’s goal to position C# as a type- and memory-safe language, with developer feedback largely positive and comparisons to a “managed Rust” welcomed.
A brief note about slot access cost in Common Lisp
Performance differences emerge due to customization demands, where slot access faces complexity.
Training a 22MB prompt injection classifier that runs inline in a Lambda
StackOne developed a 22MB prompt injection classifier called AgentShield for their Defender product, designed to guard against prompt injections in MCP tool-calling agents. Constrained by size limits (under 50MB), fast classification (under 30ms), and privacy requirements (no external APIs), the team rejected LLM-based approaches due to latency, cost, privacy concerns, and recursion risks. After testing various backbones, they selected all-MiniLM-L6-v2 (22MB quantized) which balanced size and accuracy. The team created specialized training data, focusing on agentic attack patterns that specifically target tool-calling contexts and developing benign data that matches real enterprise connector payloads rather than generic text. Their inference pipeline uses per-string scoring with sentence packing, density adjustment to reduce false positives, and batched inference to meet performance requirements. The final production model achieves an 81.0 AgentShield score when integrated end-to-end into the Defender pipeline.
Citadeld – Replay any CI failure locally from a single artifact file
The webpage discusses a CI failure issue where a test run in Citadeld failed. Developers are trying to reproduce the problem locally using an artifact file, specifically mentioning an npm test that encountered an error in the "staging" environment. The discussion highlights troubleshooting steps and potential fixes for the failure.
Europe is making a fatal mistake with China – Yanis and Wolfgang [video]
YouTube underscores its focus on compliance, balancing creator and advertiser interests while addressing legal challenges.
OpenAI and Anthropic dig in against each other on AI jobs apocalypse
Summarynot available.
Cache Aware Scheduling Shows Nice Wins for AMD Zen 5 on Network Performance
Summary not available.
Show HN: Gochan – A library of channel architectures for Go, inspired by Rust
This library offers Go developers a collection of specialized channel architectures inspired by Rust, making it easier to implement common patterns like oneshot, broadcasts, and watches. Each channel type is encapsulated in its own subpackage, supporting go.mod and permissive licensing. Users can integrate pre-built hybrid models for seamless development across channels while maintaining Go’s standard best practices.
What It Takes to Preserve Floppy Disks
Content is being fetched
Rails has overtaken Next.js in a dataset of 3,658 profitable startups
Summary not available.
Derek Sivers' Minimal .vimrc Is Only 4 Lines Long
The article describes Derek Sivers' concise Vim setup, commending its effectiveness and simplicity.
Building self-improving tax agents with Codex
Summary not available.
