Tonight’s Hacker News brief spans hardware experiments, privacy fights, AI governance, academic funding, old-computing history, and a few beautifully odd corners of the web. The common thread is specificity: practical hacks, institutional constraints, and arguments over what the technology actually changes.

AI & Tech Policy

Claude AI recovers an 11 yrs old BTC wallet holding 400k USD

Summary: Tom’s Hardware reports that a Bitcoin holder recovered an old wallet worth about $400,000 after losing the password roughly 11 years earlier. Claude helped reason through the recovery strategy, while the actual attempt reportedly involved trying trillions of candidate passwords against an old wallet backup. The story also says a rediscovered mnemonic seed phrase in a college notebook was central, making the recovery a combination of preserved wallet artifacts, conventional cracking, and AI-assisted workflow.

HN Discussion: Commenters pushed back on the headline’s AI framing, arguing that the seed phrase and password-cracking tools were the real breakthrough. Others shared analogous Claude uses for forensic or bureaucratic recovery, including malformed image files and an R&D tax-credit dispute. The thread treated AI as a hypothesis-narrowing assistant, not a way around cryptography.

Sam Altman’s Business Dealings Under GOP Scrutiny Ahead of OpenAI’s IPO

Summary: The Wall Street Journal story was not available in the compact pack beyond its title and captured discussion, but the issue concerns Republican scrutiny of Sam Altman’s business dealings ahead of a possible OpenAI IPO. Comment excerpts describe the alleged concern as OpenAI backing or directing funds toward for-profit ventures in which Altman personally held investments. The governance question is how OpenAI’s nonprofit origins, for-profit structure, board approvals, disclosures, and personal financial conflicts interact.

HN Discussion: Readers split between seeing ordinary conflict-disclosure mechanics and seeing a deeper problem because OpenAI has long traded on a public-interest mission. Some suspected political motives connected to Elon Musk’s disputes with Altman. Others compared the optics to WeWork and questioned the assumption that nonprofits are automatically insulated from self-dealing incentives.

Anthropic forms $200M partnership with the Gates Foundation

Summary: Anthropic announced a four-year, $200 million partnership with the Gates Foundation involving grant funding, Claude usage credits, and technical support. The programs target global health, life sciences, education, and economic mobility with partners in the United States and abroad. Anthropic frames the work as a beneficial-deployments effort for areas where markets alone may not provide AI access, including public health datasets, evaluation benchmarks, and discounted access for nonprofits and schools.

HN Discussion: The thread mixed jokes about a missed “Phil-Anthropic” pun with skepticism about whether AI partnership announcements produce durable results or mostly publicity. A recurring worry was circular financing: charitable funds or credits becoming committed purchases from favored AI vendors. Some commenters argued the more mundane motives are goodwill, publicity, tax treatment, and the Gates Foundation’s need to spend capital effectively.

Apple-OpenAI Relationship Frays, Setting Up Possible Legal Fight

Summary: Bloomberg reports that the Apple-OpenAI partnership has deteriorated enough to raise the possibility of a legal fight. The compact article excerpt was mostly page chrome, so the supported details come from the title and discussion: commenters characterized OpenAI’s complaint as frustration that Apple has not surfaced or shipped OpenAI-powered features prominently enough. The strategic issue is whether Apple’s reliance on an outside AI partner creates product, quality, and legal risk as Apple Intelligence features roll out.

HN Discussion: Readers questioned what damages OpenAI could claim if Apple is not paying it directly and if the integration has not become very visible. One concrete theme was quality control: a lawsuit could backfire if Apple argues under oath that OpenAI features failed to meet its standards. Others framed the story as Apple relearning that third-party dependencies can become liabilities in core platform features.

---

Security & Privacy

New Nginx Exploit

Summary: The linked repository publishes Nginx-Rift, a proof-of-concept exploit for CVE-2026-42945. The issue appears tied to specific rewrite configurations, especially unnamed regex capture groups that are later referenced by directives such as set. The public proof of concept is described as assuming ASLR is disabled, while the disclosure claims the attack can be made reliable despite ASLR. F5’s advisory points administrators toward patched releases and named-capture mitigations.

HN Discussion: Security-focused commenters pushed back on treating the bug as harmless just because the posted proof of concept disables ASLR. Others narrowed the affected surface to particular rewrite and set directive combinations, making configuration auditing important alongside version checks. The most practical comments shared F5’s mitigation language: replace numbered captures like $1 and $2 with named captures.

Removing the Modem and GPS from My 2024 RAV4 Hybrid

Summary: Arkadiy Tetelman describes physically removing the modem and GPS hardware from a 2024 Toyota RAV4 Hybrid to reduce vehicle telemetry and location tracking. The post frames the modification against connected-car privacy risks including location histories, driving behavior, in-cabin sensors, and resale of data to brokers or insurers. It is a practical teardown guide with photos and caveats for owners willing to trade connected services for a more offline vehicle.

HN Discussion: Commenters praised the guide’s photos and repeatability while lamenting that privacy-conscious car owners may now need hardware surgery. A major thread questioned the Bluetooth claim, asking what mechanism would let a car use a phone’s internet connection without explicit tethering. Readers also noted that CarPlay and Android Auto can introduce their own privacy questions even after the automaker’s modem is removed.

HDD Firmware Hacking

Summary: Ryan Miceli begins a series on hard-drive firmware hacking that grew out of Xbox 360 exploit work requiring modified HDD firmware. This first installment focuses on dumping, analyzing, and modifying firmware from hard drives, before later posts cover JTAG live debugging, additional HDDs and SSDs, and black-box reverse engineering. The author explicitly says the initial HDD work was done manually, with AI-assisted analysis reserved for later parts of the series.

HN Discussion: The compact pack contained no captured comments, so there is no concrete HN debate to report. The supported discussion surface is the article itself: drive firmware dumping, embedded debugging, console exploit tooling, and the boundary between manual and AI-assisted reverse engineering. Given the lack of comments, the brief should not invent reader reactions beyond those themes.

Show HN: Running the second public ODoH relay

Summary: Numa describes shipping an Oblivious DNS-over-HTTPS client and relay as a single Rust binary for anonymous DNS without accounts or Apple platform lock-in. The design separates who sees the user’s IP address from who sees the DNS question, mirroring the split-trust idea behind iCloud Private Relay. The post argues that DoH and DoT encrypt transport but still leave one resolver operator seeing both identity and query, while the implementation leans on audited HPKE and TLS libraries.

HN Discussion: Commenters debated whether ODoH simply moves trust to another layer, with concerns about who controls proxies, DoH servers, and certificates. A technical objection asked how much ODoH helps while Encrypted Client Hello adoption remains low and destination names may leak elsewhere. Practical interest centered on running it as a service, Docker and macOS usability, Tailscale integration, and the pain of operating a public relay.

Myths about /dev/urandom (2014)

Summary: The 2014 article corrects common advice about Linux /dev/urandom and /dev/random, especially the claim that /dev/random is always safer for cryptography. It explains that both devices used the same cryptographically secure pseudorandom generator, with blocking behavior as the practical difference. A 2024 note says Linux’s random subsystem has since been reworked and that the separation between the two devices has largely disappeared in practice.

HN Discussion: Commenters criticized the article’s formatting because it was hard to tell which paragraphs were myths and which were corrections. Several asked for real-world exploit history, distinguishing serious failures such as the Debian SSH-key fiasco from abstract entropy worries. Operational anecdotes focused on applications unexpectedly blocking on randomness, including a PHP CMS that stalled until a debugger revealed the random-device issue.

Deal reached with hackers to delete data stolen from the Canvas platform

Summary: NBC News reports that the operator of the Canvas online learning system reached a deal with hackers to delete data stolen in a cyberattack. The breach reportedly created chaos for students, including many in the middle of finals, making the incident operationally disruptive as well as privacy-sensitive. The company acknowledged there is no reliable way to prove the stolen data was permanently erased, which is the core dilemma in this kind of extortion response.

HN Discussion: Commenters were sharply skeptical of paying for deletion, arguing that hackers could keep copies and sell or leak the data later. The main concrete theme was verification: without practical proof of deletion, the deal depends on trusting the same actors who stole the data. Readers also framed the response as desperation caused by student harm, not a clean security remedy.

Lawmakers’ prescription data at risk after data breach

Summary: The Politico article body was unavailable in the compact pack, but the title and discussion report that lawmakers’ prescription data may be at risk after a third-party breach. Commenters identified the exposed data class as names, birthdays, and prescription information, making the incident both identity-sensitive and medically sensitive. The timing drew attention because commenters said RXNT waited until the last permissible day to notify the attending physician’s office after March breaches.

HN Discussion: The thread focused on political irony: lawmakers may personally experience privacy harms after years of weak data-privacy legislation. A concrete complaint was delayed breach notification, especially for medical data where affected people may want to act quickly. Commenters treated prescription details as unusually embarrassing and coercive compared with generic account data.

---

Tech Tools & Projects

RTX 5090 and M4 MacBook Air: Can It Game?

Summary: Scott JG documents attaching an NVIDIA RTX 5090 desktop GPU to an M4 MacBook Air through a Thunderbolt eGPU setup. The post walks through macOS PCI passthrough engineering, including BAR mapping, DMA on Apple Silicon, an NVIDIA alignment quirk, coalesced mappings, scheduling, and total store ordering concerns. Benchmarks cover several games plus GravityMark and local AI inference, making the project both a graphics stunt and a practical exploration of external compute.

HN Discussion: Commenters focused on Apple Silicon GPU passthrough gaps, including a former Apple Silicon Mac Pro worker who said Linux VM GPU passthrough would have made that machine more useful. Several readers thought the local LLM prefill-speed gains were more practically important than the game numbers. Others were surprised because Apple’s public eGPU support has remained Intel-only and historically AMD-focused.

Bun’s Rust rewrite has been merged

Summary: The linked Reddit discussion reports that Bun’s Rust rewrite work has been merged, with HN commenters pointing to an upstream Bun pull request as the source. The change matters because Bun has been known for a Zig-heavy implementation, so a Rust rewrite signals a significant internal technology shift for a major JavaScript runtime and toolchain. The compact pack does not include pull-request details, so the supported claim is the merge report rather than a full architecture review.

HN Discussion: Commenters focused on process and trust, noting that the merge seemed ironic after recent statements that it was far from certain. Skepticism centered on AI-assisted rewrites, with one reader worrying that the result could become opaque code that causes new maintenance problems. Others supplied provenance links and flagged duplicate HN discussion, making source tracking part of the thread.

60fps Video on a CGA? – The GlyphBlaster

Summary: The GlyphBlaster is a retro-computing hack that produces 60fps video-like output on a CGA card by manipulating character glyphs instead of treating the hardware as a normal bitmap display. The author builds on OneROM and Raspberry Pi Pico-style projects, replacing or driving the CGA font ROM with programmable hardware. The impressive part is the interposer-style abuse of the display pipeline: a modern microcontroller is fast enough to impersonate old ROM hardware in real time.

HN Discussion: Commenters compared the trick to NES bus-stuffing and reverse-emulation projects, where modern hardware injects data fast enough to make old systems do surprising things. Readers wanted to see similar ideas in cartridges, FPGA-based NES systems, and other retro platforms that accept physical media or ROM replacements. One technical suggestion explored using foreground and background attributes as finer 8x1 cells.

Saying Goodbye to one line of APL

Summary: Kyle Croarkin reflects on replacing a beloved one-line Dyalog APL expression in a voxel-game project after months of learning the language by building with it. The project implements Perlin terrain generation, block-to-geometry conversion, frustum culling, collision, and other systems in idiomatic APL, reaching interactive frame rates on a MacBook. The specific line computed which chunk faces were exposed so they could be sent to the vertex buffer, operating over 3D boolean arrays.

HN Discussion: Commenters discussed APL’s density and its chalkboard-oriented history, noting that reading APL often requires slow, deliberate thought. Readers shared their own one-liners and described how vector-style thinking influenced later programming work. Others supplied context links to earlier diagrams of the project’s data structures, showing interest in the algorithm rather than only the language aesthetics.

The Emacsification of Software

Summary: Thomas Ptacek argues that AI-assisted coding is making more software feel like a personal .emacs file: customized, local, and tailored to one user’s workflow. The post begins with a concrete itch, a better Markdown viewer, contrasting terminal Markdown tools with polished graphical editors that are too editor-like for casual reading. The larger claim is that small personal utility apps are now cheap enough to build that programmers may stop waiting for packaged software to match their preferences.

HN Discussion: Commenters strongly engaged with the “dot emacs” metaphor, describing a future of personal software cocoons made feasible by LLMs. A countertheme invoked the Lisp Curse: if everyone builds private tools, collaboration and shared progress may suffer. Practical examples included using Claude to turn shell-script workflows into small native tools and lists of consumer apps hackers might now replace for themselves.

---

Web & Infrastructure

Pipes, Forks, and Zombies

Summary: This archived Harvard CS61 page teaches Unix shell concepts around pipes, forked processes, and zombie processes. It begins with historical context for pipes, quoting Doug McIlroy’s 1964 garden-hose metaphor for composing programs by coupling output to input. The page also detours into literate programming and older course material, with a warning that the wiki-to-site translation may contain mistakes. Its core educational aim is process coordination and child reaping.

HN Discussion: Commenters immediately corrected technical and editorial errors, including a disputed explanation of what happens when seq is piped into less. Several readers noted that the page misspells or misdescribes literate programming, linking to Knuth’s official page for the correct term. The thread also had light humor about the title sounding like post-apocalyptic advice rather than Unix process management.

Linux gaming is faster because Windows APIs are becoming Linux kernel features

Summary: XDA argues that Linux gaming performance is improving partly because Windows API behaviors needed by Wine and Proton are being supported closer to the Linux kernel. The article frames compatibility work not just as emulation polish but as operating-system plumbing that reduces mismatches between Windows games and Linux primitives. The broader context is Proton, Steam Deck-style distributions, and gaming-focused Linux systems making Windows games increasingly viable without a Windows install.

HN Discussion: Commenters compared the pattern with older compatibility layers, including a story about implementing DOS traps in CTOS so command-line DOS tools would run. Many saw real consumer momentum from Proton, Bazzite, Steam, older game support, and gaming laptops that can now run acceptable Linux setups. A recurring theme was backwards compatibility, with some arguing Linux plus Wine is now a better WinAPI platform for old games than modern Windows.

---

History & Science

Computer Hobby Movement in Canada

Summary: York University’s Computer Museum exhibit traces Canada’s computer hobby movement from the mid-1970s, when few homes had computers, into the 1980s personal-computing boom. The exhibit treats clubs, magazines, local retail culture, and early microcomputers as the social infrastructure that helped personal computing spread. Its framing is Canadian, with Toronto used as a major case study for how enthusiasts encountered machines, shared programs, and built community.

HN Discussion: Commenters added first-person memories of Canadian and Commodore-era computing, especially Jim Butterfield’s influence and type-in tools such as TINYMON. Several readers debated omissions, including the absence of Electron magazine and an overemphasis on Toronto as a stand-in for Canada. The nostalgia was concrete, comparing a smaller local knowledge universe with today’s more fragmented computing ecosystem.

Fossils show millipede and centipede ancestors evolved legs underwater

Summary: Phys.org reports on peer-reviewed fossil work suggesting early myriapod relatives evolved walking appendages while still living underwater. The article centers on ancient sea fossils, including a reconstruction of Waukartus muscularis, used to infer gait and appendage function before millipede and centipede ancestors moved fully onto land. The finding complicates the simple story that legs emerged mainly as a terrestrial adaptation, pointing instead to benthic locomotion in marine environments.

HN Discussion: The captured HN discussion was very thin, with one commenter linking to a video about centipedes and spiders surviving while competing in similar ecological niches. Supported reader themes are therefore limited to arthropod evolutionary context and comparisons among long-lived predatory lineages. There was no substantive captured critique of the paper’s fossil methods.

The Tree House: A voyage to the source of a backyard dream

Summary: Robert Moor’s essay in Lapham’s Quarterly traces the cultural source of the tree-house fantasy from suburban childhood imagination toward more distant ethnographic and literary images. It begins with the author’s memory of a National Geographic image of a spacious jungle tree house, contrasting it with the rough plywood backyard version. The piece treats tree houses as symbols of freedom, escape, elevation, and childhood adventure rather than only as architectural objects.

HN Discussion: Commenters responded to the essay’s central question by comparing their own sources of tree-house desire, including children’s books such as The Swiss Family Robinson. Practical reactions grounded the romance in sway, structural comfort, scorpions, sealing, and property-tax implications for a real retreat. The discussion balanced literary nostalgia with the maintenance and habitat realities of building in trees.

Leaving the Physical World

Summary: The EFF page republishes an older essay about the early imagination of cyberspace and the idea that human life was moving away from physical production into an informational realm. Its rhetoric contrasts tangible labor and material objects with a hoped-for digital future of communication, thought, and leisure. Read today, it is a historical artifact of cyberculture optimism, automation anxiety, and the belief that networks would transform work and embodiment.

HN Discussion: Commenters debated the essay emotionally and historically, with one reader saying its romantic view of leaving physical labor ignored wage theft, exhaustion, and class experience. Several tried to date the piece precisely, comparing it with other EFF-era writings. Others argued the predicted liberation did not arrive: machines changed labor, but much physical work was shifted geographically rather than abolished.

Heritability of human life span is ~50% when heritability is redefined

Summary: Dynomight examines claims about the heritability of human lifespan and argues that the answer changes dramatically when “heritability” is redefined. The post uses hair color and other examples to show how ordinary readers may confuse genetic causation, inherited family environment, randomness, and technical variance components. Its larger lesson is that heritability numbers are population- and definition-dependent, not direct measures of how biologically fixed a trait is for an individual.

HN Discussion: Commenters emphasized semantic cleanup: heritable does not necessarily mean a molecular genetic mechanism, and inheritance can include social, linguistic, or environmental transmission. Several discussed the standard formula, genetic variance divided by phenotypic variance, and why it gives counterintuitive examples such as near-zero heritability for universal human bipedalism. The thread also debated whether reducing environmental randomness would make genetic contributions appear larger.

---

Academic & Research

MIT: 20% drop in incoming graduate students

Summary: MIT President Sally Kornbluth says the Institute faces linked pressures on funding and its talent pipeline, including a reported 20% drop in incoming graduate students. Her message attributes budget strain partly to a new 8% tax on endowment returns and to sustained pressure across central and local units. The graduate-student decline is presented as a practical consequence of weaker funding and grants, because admitted students are less likely to enroll when support is uncertain.

HN Discussion: Commenters split among explanations: research-funding cuts, international-student uncertainty, immigration policy, AI, and broader disillusionment with academic careers. Several emphasized PhD economics, arguing that long timelines, low pay, and limited faculty jobs are pushing even committed graduate students away. Others saw a geopolitical talent story, comparing U.S. research institutions with rising Chinese universities.

EditLens: Quantifying the extent of AI editing in text (2025)

Summary: EditLens is an arXiv paper studying how to measure the amount of AI editing in text when the original human-written version is available. The authors argue that AI-edited text is distinguishable from both purely human-written text and fully AI-generated text, filling a gap left by generation-focused detectors. Their approach uses lightweight similarity metrics to quantify edit magnitude and validates those metrics against examples of human text revised by language models.

HN Discussion: The compact pack included no captured HN comments, so there is no specific discussion thread to report. The supported themes come from the paper’s own framing: measurement rather than simple detection, the need for access to the original text, and policy questions around partially AI-edited writing. The absence of comments means the brief should avoid attributing methodological criticism to readers.

Technical Dimensions of Live Feedback in Programming Systems

Summary: Joshua Horowitz presents a research framing for live feedback in programming systems, arguing that the design space is important but poorly mapped. The work proposes six dimensions for describing and evaluating live feedback: granularity, reactivity, velocity, moldability, bidirectionality, and materiality. Presented at PLATEAU 2026 and based on earlier LIVE 2024 work, it aims to give researchers and tool builders vocabulary for comparing interactive programming environments.

HN Discussion: The captured discussion was small but concrete: one reader said visuals helped them understand the related Future of Coding podcast episode. Another supplied a direct PDF link, making the thread mainly about access to the research artifact. There was no captured methodological debate, so the supported themes are discoverability, visual explanation, and the value of a shared taxonomy.

---

Business & Industry

On The Conflation of Money and Things

Summary: The Literary Hub excerpt from J. W. Mason and Arjun Jayadev examines how money descriptions can obscure the physical reality of goods, buildings, infrastructure, and production. It opens with buildings as an example: the same structures can be described materially, by age and construction, or financially, by price, rent, mortgage, or asset value. The essay’s central claim is that economic language often conflates money measures with things themselves, making physical and social constraints harder to see.

HN Discussion: The captured HN discussion was minimal; the only included comment complained about intrusive popups on the article page. There was therefore no supported debate over the essay’s economic argument in the pack. The concrete reader theme was user experience on the publisher site rather than disagreement with the authors’ claims.

USDA Projects Smallest US Wheat Harvest Since 1972 Due to Plains Drought

Summary: AgWeb’s article body was unavailable to the guard because of HTTP 403, so the supported account relies on the title and HN comments. The title says USDA projects the smallest U.S. wheat harvest since 1972 and attributes the shortfall to Plains drought. Commenters who saw article text said the body also emphasized crop-switching: farmers planting more soybeans because soy requires less fertilizer than wheat or corn. The story therefore involves weather, input costs, and planting decisions.

HN Discussion: Commenters challenged the headline’s causality, saying the article appeared to put more weight on soybeans and fertilizer economics than drought alone. Input costs were the concrete theme, especially lower nitrogen and potassium requirements for soybeans. Others broadened the thread to feed prices and land or water competition, including a jab that new data centers are being built in the same region.

---

Other

Swift bricks to be installed on all new buildings in Scotland

Summary: The Guardian reports that Scotland will require swift bricks in all new buildings after MSPs backed the rule. Swift bricks are built-in nesting cavities designed to give swifts and similar birds places to nest in modern sealed buildings. The measure embeds biodiversity support into construction standards rather than relying only on separate conservation reserves or voluntary habitat projects. The story also points to sustained campaigning by Hannah Bourne-Taylor, whose role commenters said the article understated.

HN Discussion: Commenters wanted a clearer explanation of what a swift brick is and supplied a Wikipedia link because the article did not make the object concrete enough. Several discussed lived experience with swallows and swifts around homes, including insect-eating benefits and nesting conflicts near doors. Skeptics asked why swifts were singled out, whether bricks beat habitat preservation, and why the requirement needed to be universal.

LinkedIn Fanfiction

Summary: Marginalia’s “LinkedIn fanfiction” is a satire of startup social media, AI-agent hype, and growth-post moralizing. The narrator turns a bus confrontation into a mock heroic business lesson, invoking Claude, unsafe permissions, localhost deployment, MRR growth, IPO aspirations, Cybertrucks, and AI-generated infographics. The joke is that every ordinary human situation is reframed as founder content, with the AI agent both coauthor and absurd problem solver.

HN Discussion: Commenters used the satire to discuss LinkedIn’s real career lock-in, noting that some job postings require a LinkedIn URL even for people who dislike the platform. Readers compared older LinkedIn virtue-signaling stories with newer AI-era expert-signaling posts. A few said the piece was charming but not quite identical to the platform’s usual soul-sucking tone, making the parody funnier than the real feed.