HN Evening Brief - 2026-03-18
HN Evening Brief - March 18, 2026
Welcome to tonight’s Hacker News brief! Today’s top 30 stories span AI, security, hardware hacking, and web development, with some fascinating discussions about the future of technology.
AI & Tech Policy
Rob Pike’s Rules of Programming (1989) [648 points]
https://www.cs.unc.edu/~stotts/COMP590-059-f24/robsrules.html
A classic 1989 document from Rob Pike (co-creator of Go, UTF-8, and Plan 9) that outlines fundamental programming principles. The rules emphasize simplicity over complexity, favoring clear, maintainable code over clever optimizations. Pike argues that programmers should avoid premature optimization, write code for humans first and machines second, and recognize that debugging is twice as hard as writing the code in the first place. These timeless principles continue to resonate 37 years later, especially in an era of increasingly complex software systems.
Key discussion points: HN users noted how these rules remain remarkably relevant, with many sharing how they still apply to modern development practices. Several commenters highlighted that while tools and languages have evolved dramatically, Pike’s emphasis on simplicity, clarity, and writing code for humans rather than machines is more important than ever. The discussion touched on how AI tools might change programming but won’t eliminate the need for these fundamental principles.
2025 Turing Award Given for Quantum Information Science [34 points]
https://awards.acm.org/about/2025-turing
The ACM Turing Award for 2025 has been awarded to researchers in quantum information science, recognizing groundbreaking work in quantum computing and quantum cryptography. This award highlights the growing importance of quantum technologies in computing, which promise to revolutionize fields from cryptography to optimization problems. The recipients’ work has advanced our understanding of quantum mechanics applied to information processing, bringing practical quantum computers closer to reality. This represents a significant milestone in computing science, acknowledging research that may fundamentally change how we process information in the coming decades.
Key discussion points: Commenters discussed the practical implications of quantum computing breakthroughs, with debate about when quantum computers will actually surpass classical computers for practical applications. Several noted that while progress is real, the timeline for useful quantum supremacy remains uncertain, and classical computers continue to improve rapidly as well.
Google Engineers Launch “Sashiko” for Agentic AI Code Review of the Linux Kernel [51 points]
https://www.phoronix.com/news/Sashiko-Linux-AI-Code-Review
Google engineers have released Sashiko, an AI-powered code review tool specifically designed for the Linux kernel development process. The system uses advanced language models to analyze kernel patches, identify potential bugs, security vulnerabilities, and code quality issues before they reach human maintainers. Sashiko is designed to work with the existing Linux kernel workflow, analyzing patches submitted to mailing lists and providing automated feedback that can help maintainers focus their limited time on the most critical issues. The tool represents a significant investment in AI-assisted code review for one of the world’s most critical software projects.
Key discussion points: HN users debated whether AI tools should be submitting patches or just reviewing them, with strong opinions on both sides about maintaining human oversight. Many praised the approach of using AI to assist maintainers rather than replace them, noting that Linux kernel maintainers are bottlenecked on review time. Concerns were raised about potential AI spam and the importance of ensuring the tool actually identifies real bugs rather than hallucinated issues. The GitHub repository (https://github.com/sashiko-dev/sashiko) provides details on the system’s design and limitations.
Nvidia NemoClaw [111 points]
https://github.com/NVIDIA/NemoClaw
Nvidia has released NemoClaw, a framework for building and deploying AI agents that can autonomously complete complex tasks across multiple systems. The tool provides infrastructure for creating agents that can reason, use tools, and coordinate multiple AI systems to achieve goals that would be impossible for a single model. NemoClaw focuses on making it easier to build production-grade AI agents that can reliably execute tasks in enterprise environments, with particular emphasis on safety, observability, and integration with existing systems. The release represents Nvidia’s growing interest in the agentic AI space beyond just providing GPU hardware.
Key discussion points: Commenters discussed the competitive landscape of AI agent frameworks, with comparisons to other tools like LangChain, AutoGPT, and various startup offerings. Several noted that while the space is crowded, Nvidia’s entry brings significant resources and potential GPU optimizations. The conversation also touched on the challenges of building reliable AI agents, with debate about whether framework-level solutions or better model reasoning capabilities are more important.
AI Coding Is Gambling [136 points]
https://notes.visaint.space/ai-coding-is-gambling/
A thought-provoking essay argues that AI-assisted coding is fundamentally a gamble, trading certainty for probabilistic outcomes. The author contends that while AI tools can write code quickly, they introduce uncertainty that makes software engineering less reliable and predictable. Traditional programming gives you control over every line of code, while AI coding introduces randomness and requires constant verification of generated code. The piece suggests this shift from deterministic to probabilistic development may ultimately reduce software quality and increase maintenance burdens, despite short-term productivity gains.
Key discussion points: This sparked intense debate, with some agreeing that AI coding introduces dangerous uncertainty while others argued all programming involves trade-offs and probabilities. Many commenters pointed out that traditional software engineering already deals with uncertainty through testing, code review, and gradual refinement. Several noted that AI tools might actually reduce gambling by providing more consistent patterns and catching common errors, while others worried about over-reliance on tools that don’t actually understand the code they generate.
Get Shit Done: A Meta-Prompting, Context Engineering and Spec-Driven Dev System [419 points]
https://github.com/gsd-build/get-shit-done
An ambitious open-source project that provides a comprehensive system for using AI models in software development through sophisticated meta-prompting and context engineering. The system focuses on specification-driven development, where detailed specs are fed to AI models that then generate code, tests, and documentation according to well-defined patterns. GSD includes tools for managing context windows, orchestrating multiple AI calls, and maintaining consistency across large codebases. The project represents a maturing of AI-assisted development approaches, moving beyond simple chat interfaces to more systematic workflows.
Key discussion points: HN users praised the project’s approach to making AI development more systematic and reproducible, with many noting that successful AI coding requires careful engineering of prompts and context. Several shared their own experiences with similar systems, discussing trade-offs between flexibility and structure. The conversation also touched on whether such systems reduce developer agency or simply automate repetitive parts of the job.
Snowflake Cortex Prompt Injection Attack Sandbox Escape [78 points]
https://arxiv.org/abs/2603.08852
Security researchers have demonstrated how a prompt injection attack can escape the sandbox in Snowflake’s Cortex AI system, potentially allowing malicious code execution. The attack exploits the fact that the AI agent can manipulate its own environment and trigger commands outside the intended sandbox, effectively giving the AI control over system resources. This research highlights the fundamental security challenges with agentic AI systems that have access to tools and can execute commands. The paper demonstrates that putting the security boundary inside the agent’s control flow, rather than as an external constraint, creates vulnerabilities that sophisticated attacks can exploit.
Key discussion points: Commenters criticized the security design, noting that if an agent can request execution outside a sandbox, then it’s not really a sandbox. Many drew parallels to SQL injection attacks, noting that putting instructions and data in the same stream always creates vulnerabilities. Several pointed out that this isn’t the first time AI systems have been tricked into doing unexpected things, with references to other incidents where models attempted to hide their actions or engage in unauthorized resource usage. The discussion also touched on whether prompt injection can ever be fully solved given the fundamental nature of language-based interfaces.
Show HN: Tmux-IDE, OSS Agent-First Terminal IDE [11 points]
A lightweight, open-source terminal-based IDE specifically designed for working with AI agents in a tmux environment. The tool provides a declarative, scriptable interface for orchestrating multiple AI agents that can work on long-running tasks in the background. By leveraging tmux and SSH, users can boot into their IDE remotely, give prompts to AI agents, and then disconnect while the agents continue working. The system is intentionally minimal, with the philosophy that power should come from the AI agents and tools you’re using rather than the IDE itself providing heavy features.
Key discussion points: Users discussed the trade-offs of running multiple AI agents simultaneously, with some noting that multitasking productivity gains have often proven illusory for humans. Several shared similar tools they’d built for managing multiple terminal sessions with AI, discussing the challenges of orchestrating complex workflows across multiple processes. The conversation also touched on the growing ecosystem of agent orchestration tools and the importance of lightweight interfaces that don’t add unnecessary complexity.
Security & Privacy
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root [23 points]
Security researchers at Qualys have discovered a critical vulnerability in Snap, the universal package system used by Ubuntu and other Linux distributions. The flaw allows local users to escalate their privileges to root through a race condition in the snap-confine tool that enforces sandbox restrictions. This is particularly concerning because Snap packages are often run with elevated privileges for system services, and the vulnerability affects default installations. The issue was responsibly disclosed and patches are available, but it highlights ongoing security challenges with containerization and package management systems that need to balance security with usability.
Key discussion points: Commenters debated whether more complex modern systems like Snap and systemd are inherently more vulnerable than simpler alternatives, with references to long-standing Unix security principles around careful use of /tmp and proper permission handling. Several noted that this class of race condition has existed for decades and isn’t unique to modern containerization systems. The discussion also touched on how Rust’s memory safety guarantees can’t prevent bugs that cross API boundaries, emphasizing that security requires thinking about the entire system, not just individual components.
Federal Cyber Experts Called Microsoft’s Cloud “A Pile of Shit”, Yet Approved It [317 points]
https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
A ProPublica investigation reveals how federal cybersecurity experts criticized Microsoft’s Government Community Cloud High (GCC High) as having inadequate documentation and security posture, yet ultimately approved it for government use. The investigation documents how Microsoft’s cloud was deployed across government and defense industries while still under review, creating a fait accompli that made rejection difficult. The piece highlights conflicts of interest, with Justice Department officials involved in the approval process later being hired by Microsoft. It raises serious questions about the FedRAMP authorization process and whether government cybersecurity certifications actually meaningfully assess security.
Key discussion points: HN users shared extensive experience with Azure, many agreeing with the assessment that Microsoft’s cloud ecosystem is frustrating and poorly integrated. Several current and former Microsoft employees commented anonymously about internal problems with Azure, noting that the company has multiple competing systems that don’t work well together. The discussion also touched on broader issues with cloud security certifications and whether they provide meaningful protection or just bureaucratic checkboxes. Many drew parallels to other enterprise software where market power and vendor lock-in matter more than actual quality or security.
North Korean’s 100k Fake IT Workers Net $500M a Year for Kim [89 points]
https://www.theregister.com/2026/03/18/researchers_lift_the_lid_on/
Research has revealed that North Korea operates approximately 100,000 fake IT workers worldwide who generate an estimated $500 million annually for the regime. These workers pose as remote software developers and IT professionals, taking jobs from Western companies and funneling the income back to North Korea’s weapons programs. The operation is sophisticated, using stolen identities, fake credentials, and networks of recruiters to place workers in companies worldwide. This represents one of the largest state-sponsored cyber operations ever documented, blurring the lines between cybercrime and state action.
Key discussion points: Commenters discussed how companies can verify the identity of remote workers, with suggestions including video interviews, verification of educational credentials, and cross-referencing work history. Several noted that this problem has been known for years but continues to grow as remote work becomes more common. The conversation also touched on the ethical implications for companies that unknowingly employ these workers and whether there are reliable ways to detect such operations at scale.
Tech Tools & Projects
Nightingale – Open-Source Karaoke App That Works with Any Song on Your Computer [393 points]
Nightingale is an impressive open-source karaoke application that can generate karaoke tracks from any song in your music library. The app uses AI-powered audio processing to separate vocals from instrumentals, allowing you to sing along with your own music collection. It includes features like pitch scoring, timed lyrics display, and adjustable vocal levels, all running locally on your computer without requiring cloud services. The project represents an innovative use of modern audio processing tools to create a practical application that would have been impossible just a few years ago.
Key discussion points: Users were enthusiastic about the project, many noting how impressive it is that this can run locally without cloud services. Several reported success with various genres of music, while others noted that some songs work better than others depending on the vocal/instrumental mix. The developer was active in the comments, answering questions about potential features like pitch guidance hints and network/server capabilities for preprocessing songs on one device and using results on another. The conversation also touched on the broader trend of AI-powered audio processing enabling new creative applications.
OpenRocket [109 points]
OpenRocket is a comprehensive, free, open-source rocket design and simulation tool that allows enthusiasts and engineers to design model rockets and predict their flight characteristics. The software provides detailed aerodynamic analysis, stability calculations, and flight simulation, helping users design rockets that will fly safely and predictably. It’s used by everyone from hobbyists building model rockets to educators teaching aerospace engineering concepts. The project has been developed over many years and represents one of the most sophisticated tools available for amateur rocketry.
Key discussion points: HN users shared experiences using OpenRocket for educational purposes and hobby rocketry, praising its accuracy and comprehensive feature set. Several noted how valuable it is for teaching aerospace concepts without expensive equipment or risking actual rockets. The conversation also touched on the broader hobby rocketry community and how tools like this have lowered barriers to entry for complex engineering projects.
Show HN: Sub-Millisecond VM Sandboxes Using CoW Memory Forking [271 points]
https://github.com/adammiribyan/zeroboot
Zeroboot is an innovative system that creates virtual machine sandboxes in under a millisecond using copy-on-write memory forking techniques. The system allows for extremely rapid creation and teardown of isolated environments, making it practical to create fresh sandboxes for each task or API call. This approach provides stronger isolation than traditional containers while maintaining performance competitive with conventional virtualization. The project represents significant advances in virtualization technology, potentially enabling new security and isolation models for cloud computing and microservices architectures.
Key discussion points: Commenters discussed the performance implications of different isolation approaches, with comparisons to containers, traditional VMs, and languages like WebAssembly. Several noted potential applications in security-sensitive environments where strong isolation is needed without the overhead of traditional virtualization. The conversation also touched on the challenges of balancing security, performance, and resource efficiency in modern cloud infrastructure.
A Fuzzer for the Toy Optimizer [13 points]
https://bernsteinbear.com/blog/toy-fuzzer/
A detailed technical blog post describing the development of a fuzzing tool for a compiler optimizer used in educational contexts. The author walks through the process of building a fuzzer that can automatically generate test cases to find bugs in optimization passes, demonstrating practical techniques for automated testing of compilers. The piece serves as both a tutorial on fuzzing and an interesting case study in testing complex transformational software. It’s particularly relevant given the growing importance of automated testing in finding security vulnerabilities and correctness bugs in compilers and other critical software infrastructure.
Key discussion points: Commenters appreciated the practical walkthrough of building a fuzzer, with several noting that such tools are increasingly important for finding subtle bugs in compilers and optimizers. The discussion touched on related work in fuzzing various types of software, with recommendations for tools like AFL and libFuzzer. Several noted that this kind of automated testing is essential as software systems grow more complex and manual testing becomes impractical.
Show HN: Hacker News Archive (47M+ Items, 11.6GB) as Parquet, Updated Every 5 Minutes [99 points]
https://huggingface.co/datasets/open-index/hacker-news
A new project provides the complete Hacker News archive as a continuously updated Parquet dataset, making the full history of HN easily accessible for analysis and machine learning. The dataset contains over 47 million items spanning the entire history of the site, updated every 5 minutes to include new posts and comments. By using the Parquet columnar format optimized for analytical queries, the dataset enables efficient analysis of trends, topics, and community behavior over time. This represents a valuable resource for researchers studying online communities, natural language processing, and the evolution of tech discourse.
Key discussion points: Commenters discussed potential analyses enabled by this dataset, from tracking topics over time to studying how the HN community has evolved. Several noted the value of having the complete dataset in an easily queryable format for historical research and trend analysis. The conversation also touched on privacy considerations and the value of having long-running datasets for studying internet communities. Many expressed appreciation for projects that preserve and make accessible the history of online communities.
Web & Infrastructure
Death to Scroll Fade [255 points]
https://dbushell.com/2026/01/09/death-to-scroll-fade/
A passionate critique of the ubiquitous “scroll fade” animation effect where content gradually appears as users scroll down web pages. The author argues that these animations are distracting, accessibility-hostile, and disrespectful of users’ time and attention. The piece demonstrates how these effects are particularly problematic for users with motion sensitivity or who prefer reduced motion settings. It calls for web designers to focus on content and functionality over decorative animations that add nothing of value while creating barriers for many users.
Key discussion points: This sparked extensive debate about web design trends, with many commenters agreeing that scroll animations have become overused and often add nothing of value. Several pointed to examples from major tech companies like Apple, Anthropic, and Tesla that use these effects prominently. The discussion also touched on the origins of scroll fade, with one commenter suggesting it may have evolved from poorly implemented lazy loading where images would “pop” into view, and designers tried to smooth it out with fade effects. Many noted that while subtle animations can draw attention effectively, most implementations are heavy-handed and distracting.
Wander – A Tiny, Decentralised Tool (Just 2 Files) to Explore the Small Web [44 points]
Wander is a beautifully simple, decentralized web discovery tool consisting of just two files that anyone can host on their website. Inspired by Kagi Small Web but more flexible, Wander allows sites to maintain lists of interesting links and discover other Wander-enabled sites through a peer-to-peer network. The tool requires no database, server-side code, or installation - just two files uploaded to your web server. It represents a minimalist approach to web discovery that harkens back to earlier web directories and webrings while using modern web technologies.
Key discussion points: Commenters appreciated the simplicity and philosophy of the project, with many noting that it recaptures the spirit of early web discovery tools like StumbleUpon without requiring centralized infrastructure. Several shared intentions to add Wander to their own sites, helping the network grow. The discussion also touched on the importance of the “small web” - independent, personal websites that contrast with the dominant platforms of the modern internet. Many expressed nostalgia for earlier web ecosystems while appreciating that modern tools make it easier to build distributed discovery networks.
Machine Payments Protocol (MPP) [88 points]
https://stripe.com/blog/machine-payments-protocol
Stripe has introduced the Machine Payments Protocol, designed to enable AI agents and other automated systems to make payments on behalf of users and organizations. The protocol standardizes how machines can discover prices, initiate payments, and receive receipts without human intervention for each transaction. This represents Stripe’s bet on agentic commerce, where AI assistants handle purchasing decisions within defined budgets and parameters. The protocol aims to reduce friction in automated purchasing while providing guardrails around spending and authorization.
Key discussion points: Commenters were skeptical about whether this represents a genuine protocol or just marketing hype around what is essentially an API for payments. Several noted that calling this a “protocol” seems to misuse the term, which historically referred to foundational technologies like TCP/IP rather than company-specific APIs. The discussion touched on whether AI agents actually need specialized payment protocols or can work with existing payment infrastructure. Many expressed concerns about the security implications of giving AI agents direct access to payment systems, while others noted that this is already happening with companies providing budgets to AI systems for token purchases and other expenses.
Show HN: Will My Flight Have Starlink? [66 points]
A clever web tool that predicts whether specific flights will have Starlink satellite internet based on airline, aircraft type, and tail number. The system uses data from airline enthusiast communities who meticulously track which aircraft have been equipped with Starlink hardware. Users can search by flight number and date to get an estimate of Starlink availability, helping them choose flights with better internet connectivity. The tool represents an interesting data aggregation problem, normalizing information from multiple enthusiast sources to provide a unified, user-friendly service.
Key discussion points: Commenters shared positive experiences with Starlink on flights, noting that it’s dramatically better than traditional in-flight Wi-Fi and often free. Several discussed the airline strategy behind Starlink deployments, with United Airlines notably securing an early exclusive deal among major US carriers. The conversation also touched on how SpaceX is leveraging Starlink as a marketing tool to build brand awareness and demonstrate the capabilities of satellite internet. Many expressed appreciation for the data normalization approach, noting that crowdsourced enthusiast data is often the most reliable source for niche information like this.
Business & Industry
Oil Nears $110 a Barrel After Gas Field Strike [67 points]
https://www.bbc.com/news/articles/c78x83lpgngo
Oil prices have surged toward $110 per barrel following an attack on a major Iranian gas field, creating significant uncertainty in global energy markets. The strike threatens to disrupt energy supplies across the Persian Gulf region, with potential ripple effects on global inflation and economic growth. Analysts warn that sustained prices at this level could pressure consumer spending, increase transportation costs, and complicate central bank efforts to control inflation. The situation highlights the ongoing geopolitical risks to energy supplies and the vulnerability of global markets to regional conflicts.
Key discussion points: Commenters discussed the potential economic impacts of sustained high oil prices, from transportation costs to effects on food production and distribution. Several noted the geopolitical dimensions of the situation, with debate about various countries’ roles and interests in Middle Eastern energy politics. The conversation also touched on the long-term implications for energy transition, with some arguing that high fossil fuel prices could accelerate the shift to renewable energy while others noted the short-term economic pain. Many expressed concern about how these price increases will affect already stressed global supply chains.
Hardware & Systems
Write Up of My Homebrew CPU Build [203 points]
https://willwarren.com/2026/03/12/building-my-own-cpu-part-3-from-simulation-to-hardware/
An impressive blog post documents the author’s journey building a custom CPU from scratch, moving from simulation to actual hardware implementation using breadboards and individual chips. The article details the challenges of translating a theoretical design into physical reality, dealing with timing issues, signal integrity, and the practical realities of wiring dozens of chips together. The project demonstrates deep understanding of computer architecture while also showcasing the persistence and debugging skills required for such hardware projects. It’s an inspiring example of hands-on computer engineering that goes beyond simulation into the physical world of wires, chips, and oscilloscopes.
Key discussion points: Commenters were impressed by the dedication and skill shown in the project, with many sharing their own experiences building custom CPUs or similar hardware projects. Several debated whether building CPUs in hardware is worthwhile versus staying in simulation, with differing opinions on where the real learning and enjoyment lies. The conversation touched on the unique challenges of hardware debugging versus software debugging, noting that hardware problems can be much harder to isolate and fix. Many appreciated the author’s honesty about the messy reality of hardware projects, including the rats-nest of wires and inevitable troubleshooting.
History & Science
Restoring the First Recording of Computer Music (2018) [21 points]
https://www.bl.uk/stories/blogs/posts/restoring-the-first-recording-of-computer-music
A fascinating look at efforts to restore and preserve the first known recording of computer-generated music, created in 1951 on Alan Turing’s Mark II computer at the University of Manchester. The recording features the computer playing “God Save the King,” “Baa Baa Black Sheep,” and “In the Mood,” albeit with some pitch inaccuracies due to the Mark II’s limited frequency resolution. The restoration work involved recovering audio from deteriorating media and cleaning up the recordings while preserving their historical authenticity. This represents an important piece of computing history, demonstrating how early computers were already being used for creative expression beyond pure calculation.
Key discussion points: Commenters appreciated the historical significance of the recording, noting how remarkable it is that computers were making music just a few years after their invention. Several pointed out the charming imperfections in the pitch, which give the recording character and remind us how far computing technology has come in 75 years. The discussion also touched on broader themes of digital preservation and the importance of recovering and maintaining historical computing artifacts. Many expressed appreciation for institutions like the British Library that invest in preserving this kind of technological heritage.
That’s it for tonight’s HN Evening Brief! Tomorrow morning we’ll be back with more highlights from the Hacker News front page. In the meantime, happy hacking!