Tonight’s Hacker News front page moved between AI platform consolidation, maintainer overload, privacy research, retrocomputing, and a handful of small but sharp technical projects. The strongest through line is infrastructure under pressure: open source queues, classrooms, security lists, API tooling, and even home desk setups are all being reshaped by automation, incentives, and the need for better guardrails.

AI & Tech Policy

Anthropic Acquires Stainless

Summary: Anthropic says it is acquiring Stainless, the SDK and MCP server tooling company founded in 2022. Stainless generated Anthropic’s official SDKs and turns API specs into language-native SDKs, CLIs, and MCP servers across TypeScript, Python, Go, Java, Kotlin, and other ecosystems. Anthropic’s stated rationale is that agents need reliable ways to connect to real APIs and tools. The sharp operational detail is that hosted Stainless products, including the SDK generator, are being wound down, with new signups, projects, and SDKs stopped.

HN Discussion: The thread treats the deal less as a normal product acquisition and more as an acquihire because the hosted products are closing immediately. Commenters focus on existing customers and on whether large model vendors are turning agent tooling and API connectors into controlled gardens.

Elon Musk has lost his lawsuit against Sam Altman and OpenAI

Summary: TechCrunch reports that a California jury rejected Elon Musk’s lawsuit against Sam Altman, Greg Brockman, OpenAI, and Microsoft. Musk accused OpenAI’s leaders of “stealing a charity” by creating a for-profit affiliate around the AI lab. The verdict turned on timing: jurors found that Musk filed after the legal deadline for his claims had expired. The trial nevertheless revisited OpenAI’s early structure and evidence about Musk’s own communications on for-profit arrangements.

HN Discussion: Commenters separate a procedural loss from a factual vindication, with several saying the statute-of-limitations result leaves some merits questions unresolved. Others point to Musk’s 2017 emails about for-profit structures as damaging to the betrayal narrative, while appeal prospects get a round of practical skepticism.

Qwen 3.7 Preview

Summary: Alibaba’s Qwen account posted a Qwen 3.7 preview, though the captured source text is mostly X shell content rather than the announcement itself. The supported story is that another Qwen model preview is arriving after the recent Qwen 3.6 line. HN comments frame Qwen as an open-weight or locally runnable model family that developers are testing for coding, tool use, and agent workflows. The announcement body is not available in the pack, so benchmark details should be treated cautiously.

HN Discussion: Users praise Qwen 3.6 35B and 27B as unusually capable open-weight models, especially when paired with tools and agents. The concrete debate is benchmarking: commenters want leaderboards that filter by open weights, local hardware, release date, and task type instead of one-off blog rankings.

Cursor Introduces Composer 2.5

Summary: Cursor announced Composer 2.5, but the captured source is again mostly X page data rather than the full announcement. HN commenters say the model follows Composer 2, is based on Kimi K2.5, and is claimed to offer state-of-the-art performance at around one-tenth the cost. One commenter also says Cursor mentioned a new from-scratch model on Colossus 2. The broader story is Cursor continuing to move from editor integration toward owning more of the coding-model stack.

HN Discussion: The thread is skeptical of Cursor’s eval framing, with commenters comparing earlier Composer 2 claims against practical use. People question why the comparison apparently emphasizes Opus rather than Sonnet, while others note how quickly Cursor has moved past the “VS Code fork with no moat” critique.

---

Security & Privacy

We stopped AI bot spam in our GitHub repo using Git’s –author flag

Summary: Archestra describes a GitHub bounty issue that attracted legitimate contributors before automated AI accounts flooded it with low-quality implementation plans and comments. The issue reached 253 comments, turning maintainers’ notifications into noise and making real contributor discussion harder to follow. Their mitigation uses Git author metadata to separate real code authorship from GitHub account activity. The post frames the incident as a broader open source maintenance problem when bounties make low-effort AI participation cheap and tempting.

HN Discussion: Commenters propose reputation systems that score useful merged work and acknowledged issues rather than trying to classify human versus AI. A security thread notes that merged contributors can gain relaxed workflow approval requirements, making low-quality PR spam a potential account-trust escalation path.

Project Glasswing: what Mythos showed us

Summary: Cloudflare describes Project Glasswing, an internal effort testing security-focused LLMs against live code in critical infrastructure. The post focuses on Anthropic’s Mythos Preview and similar models as tools for finding vulnerabilities before attackers can exploit comparable capabilities. Cloudflare’s framing is not just faster scanning, but the surrounding process needed before these models can scale safely. A concrete operational pressure is the push toward very short CVE-to-patch timelines, where speed can collide with regression testing.

HN Discussion: Commenters criticize the post for lacking hard numbers, clear benchmark methodology, and surprises beyond the original Mythos announcement. The strongest technical thread concerns response process: two-hour patch targets sound impressive, but may produce worse outcomes if teams skip regression testing.

Voice AI Systems Are Vulnerable to Hidden Audio Attacks

Summary: IEEE Spectrum’s piece is titled around hidden signals that can hijack AI voice systems. The captured article text is mostly page script and styling, so the safe claim is that the story concerns adversarial or hidden audio inputs against voice AI. The implied risk is that listening systems may act on commands or signals that are not obvious to nearby human listeners. The topic sits at the intersection of speech recognition, assistant security, and adversarial machine learning.

HN Discussion: Commenters immediately compare the attack class to adversarial images, where humans perceive one thing and models classify another. Others discuss layered audio on short-form video and whether machine interpretation can be manipulated through audio tracks, with one reply framing the issue as a modern return of phreaking.

The foundations of a provably secure operating system (PSOS) (1979) [pdf]

Summary: The linked PDF is a 1979 paper on PSOS, a provably secure operating system. The guard did not extract PDF text, so the document’s title and HN context carry the supported summary. Commenters place PSOS in the capability-OS and formal-specification lineage, alongside older secure-system work such as KSOS. The story is a reminder that many present-day isolation and authority debates had serious research prototypes decades ago.

HN Discussion: The thread argues that capability operating systems look more relevant in the internet age, where downloaded code should not inherit broad ambient authority. One concrete analogy compares ambient authority in Windows or Linux to global variables, while capabilities are like explicitly passed local variables and function parameters.

Show HN: Auto-identity-remove – Automated data broker opt-out runner for macOS

Summary: Auto-identity-remove is a macOS-focused tool for automating opt-outs from data broker and people-search sites. The repository description says it removes personal information from more than 30 sites on a monthly schedule. The macOS-specific part appears to be launchd scheduling, while the runner may be usable from the command line. The project targets a recurring privacy chore because broker removals often need to be repeated as records reappear.

HN Discussion: A Canadian tester reports rough edges: optional signup prompts, dependency on Apple’s Mail app, many 404s, and frequent manual intervention. Non-US addresses and nonnumeric postal codes come up as likely compatibility problems, while another thread suggests systemd support should be straightforward if launchd is the only macOS-specific layer.

Researchers Wanted Preschool Teachers to Wear Cameras to Train AI

Summary: 404 Media reports that University of Washington researchers planned to have preschool teachers wear cameras capturing a first-person view of classrooms. The footage would include children and would be used to develop AI models for understanding learning experiences and classroom interaction quality. The program was presented to parents as opt-out rather than opt-in, requiring action to prevent children’s recordings from being processed. A parent-shared document also described possible fixed classroom cameras.

HN Discussion: Commenters focus on consent design, arguing that classroom recording for AI research should require affirmative opt-in. A specific worry is that children who opt out may be marked with stickers, singling them out socially while still leaving questions about incidental filming.

---

Tech Tools & Projects

Show HN: Files.md – Open-source alternative to Obsidian

Summary: Files.md is presented as an open-source note-taking project built around plain Markdown files. The HN title positions it as an Obsidian alternative, while the visible project framing emphasizes local, inspectable .md files rather than a proprietary knowledge-base format. The captured repository excerpt is mostly GitHub page chrome, so the safer reading is about positioning and workflow rather than a detailed feature list. Comment context suggests the project may offer its own way to work with thoughts, notes, and knowledge rather than strict Obsidian parity.

HN Discussion: Licensing drives the first thread, with users realizing Obsidian is not open source even though its Markdown storage makes it feel open. Others debate what “alternative” should mean: shared file format, feature parity, plugin compatibility, or a different notes workflow entirely.

1024000^2 Blocks, 2B2T Minecraft Server World Download Project, and Discoveries

Summary: This GitHub project presents itself as the largest world-download effort for 2b2t and Minecraft overall, covering a 1,024,000-by-1,024,000 block area. The repository promises full information, renders, timelapses, and a future torrent for the resulting data. Because 2b2t is a long-running anarchy server, the archive is also a record of an adversarial online world with no normal area protections. The captured excerpt is mostly GitHub chrome, so tooling details stay outside the supported summary.

HN Discussion: Commenters explain 2b2t for outsiders: modded clients, x-raying, item duplication, PvP, and a famously hostile spawn area are part of the culture. A technical thread asks why Minecraft lacks a low-load spectator or streaming mode for sharing coordinates and viewing large builds without joining a live server.

Learn Harness Engineering

Summary: Learn Harness Engineering is a course about designing harnesses for AI coding agents. Its syllabus covers why capable agents fail, what a harness is, why the repository should become the system of record, initialization phases, long-running task continuity, observability, and clean session endings. It cites OpenAI and Anthropic harness-engineering materials plus Awesome Harness Engineering. The premise is that agent outcomes depend on workflow design and verification, not just model strength.

HN Discussion: The visible discussion is sparse, but one commenter shares a concrete verification pattern: repeat a focused audit prompt in fresh contexts and compare outputs across models. The practical theme is using harnesses to force correctness checks and find missed security configuration issues without letting the agent edit files during review.

The Fil-C Optimized Calling Convention

Summary: The Fil-C article explains a calling convention designed for memory-safe C/C++ compatibility even when programs behave adversarially. It handles wrong-signature function pointer calls, mismatched imports and exports, symbols treated as data or functions incorrectly, too few arguments, wrong argument types, va_list misuse, and too many expected return values. The convention either panics or assigns safe behavior for bad cases. In normal calls, it aims to preserve efficient register-style calling with an added current Fil-C thread pointer.

HN Discussion: The compact pack includes no top HN comments for this story, so there are no concrete commenter themes to summarize. The discussion surface implied by the article is the engineering tradeoff between hostile C safety and keeping the common calling path efficient.

Porting my 3D points renderer on a ZX Spectrum 48K

Summary: This project ports a 3D points renderer to the ZX Spectrum 48K. The captured repository text is mostly GitHub framing, but the title establishes the target machine and rendering goal. The work sits in the retrocomputing niche where modern graphics ideas are adapted to Z80-era hardware limits. HN comments indicate the output is runnable, with one user testing it on a Belarusian Bajt ZX Spectrum clone.

HN Discussion: Commenters compare retro assembly development with modern tooling, arguing that 1980s productivity was constrained as much by tools as by assembly language. Z80 optimization advice gets specific, including sparse use of IX/IY registers and 256-byte aligned tables with low-byte indexing.

Don’t answer the first question

Summary: Lalit Maganti uses Perfetto support questions to argue that engineers should not always answer a user’s first phrasing. His example is a user asking how to split a Perfetto trace, where the better response is to ask why the trace is large enough to need splitting. The post distinguishes this from a simple XY-problem diagnosis: the confusion that produced the wrong question can teach the user a better model and reveal product confusion. It is also a tactic for engineers to create value through support and product insight.

HN Discussion: Commenters connect the tactic to UX research practices such as the five whys, where users often state a proposed solution rather than the underlying problem. The caution is social: knowledgeable users may feel undermined if every direct question is met with interrogation.

---

Business & Industry

The Quiet Renovation at Bitwarden

Summary: The post argues that Bitwarden’s recent premium price increase was poorly communicated: buried in a feature announcement, described in monthly terms despite annual billing, and sent close to renewal. It says longtime CEO Michael Crandell moved into an advisory role in February without a prominent company announcement. His replacement, Michael Sullivan, is described through prior roles at Acquia and Insightsoftware plus LinkedIn language around mergers, acquisitions, and private-equity experience. The author’s claim is that Bitwarden may be shifting from open-source underdog toward financially optimized software company.

HN Discussion: Discussion focuses less on the price increase itself and more on fear that private-equity-style incentives could degrade product quality and security. Commenters describe migration plans including Vaultwarden self-hosting and KeePassXC/KeePassDX setups synced as ordinary files.

Garry Tan, the CEO of venture YC, accused me of unethical reporting

Summary: Radley Balko responds to Y Combinator CEO Garry Tan’s accusation that Balko engaged in unethical reporting. The dispute centers on Tan’s praise for Dion Lim’s book Amplified, published by Third State Books, a company started by Tan’s wife Stephanie Lim. Balko says Tan portrayed Lim as a journalist who exposed crimes against Asian-Americans and challenged San Francisco District Attorney Chesa Boudin. Balko states that he has not read Lim’s book and is responding to Tan’s claims about his own reporting rather than reviewing the whole book.

HN Discussion: The compact pack includes no top HN comments for this story, so there are no concrete discussion themes to summarize. The likely discussion surface is media ethics, conflicts of interest, and how powerful tech figures frame criticism of local journalism.

Enough with the AI FOMO, go slow-mo, says Domo CDO

Summary: The Register quotes Domo chief design officer and futurist Chris Willis arguing that companies should slow down on AI adoption driven by fear of missing out. The article frames the backlash as anxiety caused by vendors and executives pushing AI before durable use cases are clear. A quoted point from the discussion says many AI proof-of-concept projects lack what is required to be durable, trustworthy, and deployable at scale. The practical advice is to start with business needs and financially viable use cases instead of chasing novelty.

HN Discussion: Commenters broadly agree with the FOMO framing but point out irony when AI platform vendors warn against hype while selling AI dashboards, agents, and automation. One thread defends small failed proof-of-concepts as useful exploration before putting AI into load-bearing systems.

---

System Administration

Two computers, one monitor, zero fiddling – Alex Plescan

Summary: Alex Plescan describes a work-from-home setup with a Mac laptop, a Linux desktop, one monitor, and shared keyboard and mouse. The solution combines a monitor with built-in KVM support and DDC commands sent over HDMI or DisplayPort to switch inputs without touching cables or monitor buttons. The monitor’s KVM makes USB peripherals follow the active video input, while software handles switching from the keyboard. The goal is to avoid flaky USB-C switches, dongles, and manual plugging.

HN Discussion: Commenters trade monitor-specific DDC command details and note that documentation for these controls is often hard to find. Several compare the approach with two-monitor setups, Deskhop, Synergy, or remote desktops, while cautionary replies focus on Linux and monitor sleep states that can leave an input black.

Linux security mailing list ‘almost unmanageable’

Summary: The Register reports that Linus Torvalds said AI-powered bug hunters have made the Linux security mailing list almost entirely unmanageable. The stated problem is duplicate or low-value reports from multiple researchers using similar tools to find the same bugs, creating unnecessary pain and pointless work. The article places the remarks beside more positive comments from Greg Kroah-Hartman about AI in open source. The real issue is maintainer bandwidth and security triage signal-to-noise, not simply whether AI can find bugs.

HN Discussion: Commenters add mailing-list context, including reports of huge nonsensical patch emails that look AI-generated and may even be intended to poison LLMs. Several criticize The Register’s framing by pointing to the actual Linux 7.1-rc4 post and arguing that the article stretches a narrow remark into a broader claim.

---

Geopolitics & War

Iran Starts Bitcoin-Backed Ship Insurance for Hormuz Strait

Summary: Bloomberg’s headline says Iran has started a Bitcoin-backed shipping insurance scheme for vessels using the Strait of Hormuz. The article body was not available in the pack because Bloomberg returned HTTP 403, so details such as pricing, eligibility, legal structure, and state backing are not supported here. The safe reading is that maritime risk in a strategic chokepoint is being linked with cryptocurrency-backed financial instruments. That combination alone explains why the story drew attention.

HN Discussion: HN is skeptical of the word insurance, with commenters repeatedly recasting the scheme as a protection racket or shakedown. Several replies focus on hard-power risk in Hormuz, arguing that financial coverage cannot protect a ship from military action, while another notes Bitcoin’s public traceability.

Actually, democracy dies in H.R.

Summary: The New York Times article was unavailable in the pack because the fetch returned HTTP 403. HN context says it discusses research on how mediocre employees can help would-be authoritarians maintain power. A quoted passage focuses on ordinary career pressures, such as reviving a stalled career or obtaining a minor promotion, as incentives for officials to violate obligations and norms. The supported summary is that the story links bureaucracy, personnel incentives, and democratic erosion rather than a single dramatic takeover mechanism.

HN Discussion: Commenters debate whether the research is novel or just formalizes an obvious point about career incentives and institutional cowardice. A methodological thread criticizes political science for using thin data to describe social dynamics that literature may capture more honestly.

---

Web & Infrastructure

Show HN: InsForge – Open-source Heroku for coding agents

Summary: InsForge describes itself as an all-in-one open-source backend platform for agentic coding. The repository pitch is that coding agents can use it for database, auth, storage, compute, hosting, and an AI gateway when shipping full-stack apps. The Show HN framing calls it an open-source Heroku for coding agents, emphasizing deployment and backend primitives over a single library. The project is aimed at letting agents build end-to-end applications without stitching together many separate services.

HN Discussion: The author discusses planned safety work, especially dynamic permissions where agents receive scoped API keys and must ask for temporary expansion during a task. Rollback is another concrete theme, with “Git for backend” snapshots so write operations can be reversed after agent mistakes.

---

History & Science

What Is Date:Italy?

Summary: The post starts from Ruby’s Date::ITALY constant, which evaluates to the Julian day number 2299161. Ruby’s Date class also exposes ENGLAND, GREGORIAN, and JULIAN constants that encode calendar reform boundaries for different historical regimes. The author uses the odd API surface to explain proleptic calendars, Julian day numbers, and the Gregorian switchover from the Julian calendar. A key point is that calendar reform was not globally uniform, with Italy, some Catholic countries, England, and colonies changing at different times.

HN Discussion: Commenters extend the historical nuance, noting that adoption could vary by cities, religious groups, travel context, and even the status relationship between correspondents. A practical thread mentions Julian dates in encrypted radio timing, inherited from astronomy because continuous day counts avoid skipped-date problems.

The Aperiodic Table

Summary: John Graham-Cumming riffs on XKCD 3242, arguing that its “aperiodic table” is not aperiodic in the Penrose-tiling sense. With help from Claude, he built aperiodictable.com, placing the periodic table onto a Penrose P3 tiling. The page lets users drag the canvas to position the table and print a single-page version. The implementation is described as a small Cloudflare Pages-hosted interactive project.

HN Discussion: Commenters discuss the mathematical vocabulary, especially whether aperiodic, quasiperiodic, and “lacking pattern” are being used precisely. A design thread asks whether element relationships are meaningfully encoded by the tiling or whether elements are just assigned to nearby cells.

When Kierkegaard Got Cancelled

Summary: Daniel Goodman’s article revisits a period when Søren Kierkegaard was mocked by a notorious Copenhagen scandal sheet. The excerpt frames the attacks as months of deeply personal public ridicule combined with silence from friends and allies. The piece appears in Plough’s faith and spirituality section and treats the episode as part of Kierkegaard’s intellectual and spiritual life. Since the captured article text is mostly page framing, the summary should not add unsupported biographical detail.

HN Discussion: The visible HN discussion is thin and centers on style rather than Kierkegaard, with one commenter alleging AI-like phrasing. Specific complaints mention formulaic constructions such as “surface-level similarities,” “not X but Y,” and heavy em-dash use, so broader themes should not be overstated.

‘We mould trees to grow into the shape of chairs’

Summary: The BBC story covers people who shape living trees so they grow into chair-like furniture forms. The excerpt provides the headline but little article body, so specific names, timelines, and methods from the BBC piece are not available in the pack. HN context identifies the broader field as tree shaping: guiding, bending, braiding, or grafting growing trees into functional or sculptural forms. The subject is both craft and biology because the maker works over growing seasons rather than cutting lumber and assembling furniture afterward.

HN Discussion: Commenters connect the story to a longer history of tree shaping, including examples seen in Reader’s Digest in the 1990s and older traditional practices. Several name related work such as Pooktre and Australian artists Peter Cook and Becky Northey, noting that chairs are only one possible form.

Build a Radio Wave Detector with Balls of Aluminum Foil

Summary: WIRED describes building a radio-wave detector using balls of aluminum foil. The article body in the pack is mostly styling, but the title and comments indicate the device is a simple coherer-like radio detector experiment. Commenters describe the mechanism as radio-triggered sparking or contact changes, where oxide layers may break down and allow conduction. The story connects a hands-on physics demonstration with early radio detector history.

HN Discussion: Commenters compare the project with an ElectroBOOM demonstration and note that the practical range may only be a few meters. A historical thread discusses Jagadish Chandra Bose’s mercury coherer, its self-restoring behavior, and the disputed credit around Marconi’s radio work.

---

Academic & Research

It is time to give up the dualism introduced by the debate on consciousness

Summary: Carlo Rovelli argues in Noema that consciousness should not be treated as separate from the physical world. The essay’s thesis is that the mind or soul is of the same nature as the body and other natural phenomena, not a special nonphysical category. Rovelli frames resistance to that view alongside earlier cultural resistance to Darwin and other ideas that challenged human self-image. The article pushes readers away from the “hard problem” framing and toward treating consciousness as a complex natural phenomenon.

HN Discussion: Commenters criticize the essay for not engaging deeply with positions such as Searle’s naturalism, Dennett and Churchland-style eliminativism, Chalmers, or Nagel. Several replies debate whether rejecting the hard problem is a productive reframing or an unjustified hand-wave over a real explanatory gap.