Here’s tonight’s round-up from Hacker News, curated for you.

AI & Tech Policy

Gemini 3.5 Flash

Google announced Gemini 3.5 Flash, its latest frontier model in the Flash series, bringing increased reasoning capability through extended thinking modes alongside a notably steep pricing shift. The per-million-token rate jumps to $1.50 input and $9.00 output, roughly triple the cost of the previous-generation Flash model and approaching the price point of Gemini 2.5 Pro.

HN Discussion: Commenters traced the pricing trajectory across recent Flash releases and noted the unusual pattern of skipping a full “Gemini 3” release in favor of a preview track. Performance comparisons showed Thinking Medium using around 7,500 tokens for an SVG generation task—comparable to or under a previous Pro model. The naming also drew playful comparisons to HTML5’s predecessor.

Google Changes Its Search Box

Google redesigned its search interface with an AI-integrated layout that prominently surfaces generated answers, shifting the SERP away from traditional organic result listings toward synthesized responses. This move continues a longer trajectory some observers call “Google Zero”—the gradual elimination of outbound traffic to external websites from search results.

HN Discussion: Commenters questioned whether AI-sourced facts deserve more trust than original source material, especially when numerical data is involved. Others pointed out the inherent tension: organic listings bring free eyeballs that fund the ad business, while synthetic answers risk starving the very content ecosystem that feeds Google’s models. A few also noted that quality complaints about search may actually be overstated by those who’ve simply grown accustomed to older patterns.

Mistral AI Acquires Emmi AI to Create the Leading AI Stack

Mistral AI announced its acquisition of Emmi AI, an industrial-focused startup, aiming to consolidate infrastructure, data layering, and domain expertise into a unified AI stack optimized for manufacturing and heavy industry applications. ASML, the semiconductor equipment giant, is listed as a Mistral investor, adding credibility to the industrial push.

HN Discussion: Some commenters expressed initial skepticism about yet another “industrial AI” play but acknowledged that vertical focus could differentiate Mistral from the broader frontier race. Questions lingered about what specific manufacturing problems Emmi had already solved and how the combined stack would measure up against established players like Siemens or Rockwell Automation in real factory environments.

I’ve Joined Anthropic

Andrej Karpathy announced he is joining Anthropic’s pre-training team, effective immediately. The pre-training group is responsible for the large-scale training runs that form Claude’s base capabilities. Karpathy had previously hinted at this move in a recent interview, noting his concern about falling behind evolving approaches and expressing interest in working at any frontier lab that would take him on.

HN Discussion: Commenters praised Karpathy’s track record as both an educator and researcher, with some hoping he could maintain side projects despite anticipated NDAs. A few noted he’d effectively foreshadowed the move himself, while others framed the hire as a net positive for Anthropic given his reputation for building thoughtful, safety-conscious systems.

OpenAI Adopts Google’s SynthID Watermark for AI Images with Verification Tool

OpenAI announced it would embed Google’s SynthID watermark into all AI-generated images produced by its models and released a companion verification tool for detecting the signature in downstream usage. The move aligns OpenAI with Google’s broader content provenance infrastructure, creating a shared standard for machine-generated media identification across two major labs.

HN Discussion: Many commenters were skeptical about practical efficacy, pointing out that watermarks can be stripped or distorted with minimal effort—meaning they’d only deter casual rather than determined bad actors. Several noted that propaganda generators would simply use AI to remove the watermark in return, potentially sparking an adversarial arms race between embedding and removal tools.

Intro to TLA+ for the LLM Era: Prompt Your Way to Victory

A new article demonstrates using large language models to generate TLA+ specifications for system design validation. Evaluation across eleven systems showed that while LLMs produce syntactically correct TLA+ fairly reliably, they struggle with ensuring correctness of invariants and proper conformance to the formal specification’s intent—highlighting the gap between syntax generation and semantic reasoning.

HN Discussion: Several practitioners shared their own approaches, including pairing LLM output with manual comparison against hand-constructed race conditions and unit-testing invariant violations. One commenter recommended Quint as a companion tool for its more approachable syntax, making actual collaboration with models feasible rather than relying on blind trust. Others noted the article was about expressing invariants rather than discovering them, which some had mistakenly expected.

Gemini Omni

DeepMind released Gemini Omni, a new model variant focused on multimodal capabilities including video generation and real-time physics simulation. Early demos showcase rigid body dynamics, particle systems, and scene composition at interactive speeds, suggesting an expansion of Google’s generative AI footprint into spatial-temporal content creation.

HN Discussion: A background in robotics simulation raised doubts about learning discontinuous contact physics from data alone, arguing it’s fundamentally different from smooth function approximation. Others expressed disappointment with early results, finding nothing clearly superior to competing video generation tools despite significant spending on similar services. Some also questioned whether the computational resources devoted to complex generative simulations might be better allocated to more direct scientific problems.

KV Sharing, MHC, and Compressed Attention

A deep-dive article covers recent architectural innovations in LLM inference: KV cache sharing across attention heads, mixed-head computation strategies, and compressed attention mechanisms that reduce memory bandwidth requirements without proportional quality loss. The post maps how these techniques stack together to squeeze throughput from existing hardware.

HN Discussion: One comment framed the broader implication as making formal CS education increasingly redundant in a “vibecoding” era, suggesting practitioners must instead master compute primitives directly. The discussion revealed both excitement about infrastructure efficiency and some anxiety about what this means for traditional software engineering skill development going forward.

Security & Privacy

Copy Fail, Dirty Frag, and Fragnesia Kernel Vulnerabilities

Gentoo published a security advisory covering three Linux kernel vulnerabilities: Copy Fail, Dirty Frag, and Fragnesia—each exposing different attack surfaces from privilege escalation to memory corruption across recent kernel versions. The advisory recommends immediate kernel updates or live-patching for affected systems.

HN Discussion: Commenters debated whether live patching should become an intrinsic part of the Linux kernel rather than an add-on, drawing parallels with how package managers handle routine system updates. Several pointed out the irony that LLM-generated patches would need human review precisely because automated installation introduces its own attack vector. Questions also arose about which other distributions face similar update pressure in practice versus Gentoo’s rolling-release model.

CISA Admin Leaked AWS GovCloud Keys on GitHub

KrebsOnSecurity reported that a CISA administrator had inadvertently committed AWS GovCloud credentials to a public GitHub repository, exposing sensitive government cloud infrastructure keys. The researcher who discovered the leak contacted security teams after initial requests for removal went unanswered, highlighting the ongoing problem of credentials accidentally published in version control.

HN Discussion: Commenters pointed out that leaking the credentials themselves is counterproductive—security researchers should use responsible disclosure channels rather than public exposure. Several raised broader concerns about LLM APIs receiving secret tokens through .env files committed to repositories, noting that AI providers can read environment variables during code execution. Some expressed strong skepticism about government agencies lacking automated credential-scanning infrastructure in 2026.

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

A supply-chain worm dubbed “Mini Shai-Hulud” was discovered compromising at least 314 npm packages by injecting malicious lifecycle scripts that propagate through dependency chains. The worm exploits NPM’s automatic pre/post-install execution model, making even transient dependencies a potential infection vector without user awareness.

HN Discussion: Commenters advocated for disabling lifecycle scripts by default in NPM, calling the current behavior an “arbitrary code execution convenience feature.” One noted additional compromised packages beyond the initial count, including a popular VS Code extension with millions of downloads. Several asked whether freezing dependency versions entirely might be safer than relying on automated update tools like Dependabot, given the recurring nature of supply-chain attacks.

Geopolitics & War

Tesla’s Lithium Refinery Discharges 231,000 Gallons of Polluted Wastewater a Day

A Texas lithium processing facility operated by Tesla has been authorized to discharge approximately 231,000 gallons of wastewater daily under a permit issued by the state environmental regulator TCEQ. While laboratory results showed some contaminant levels just above regulatory thresholds—including hexavalent chromium at 0.0104 mg/L—no violations have been formally alleged and Tesla remains in compliance with all permit conditions.

HN Discussion: Commenters were divided between those who found the contaminant concentrations surprisingly low relative to the volume discharged and others who emphasized that permitting process itself raised questions about transparency—specifically why the TCEQ issued the permit quietly rather than through public notice. Some also noted the article’s structure felt incomplete, leaving readers without a clear conclusion about environmental implications or Tesla’s stated position.

Minnesota Becomes First State to Ban Prediction Markets

Minnesota passed legislation banning prediction markets within its borders, marking the first state-level prohibition of such platforms in the U.S. The law frames prediction markets as a potential loophole for sports gambling, but legal observers point out that CFTC-regulated commodities futures contracts—which prediction markets are classified under—likely create a federal pre-emption conflict that would challenge any state ban in court.

HN Discussion: Legal commenters noted the difficulty of sustaining state restrictions against federal commodity regulations and took bets on how long the law would actually survive judicial review. Some also questioned the classification itself, asking whether traditional financial markets aren’t themselves prediction mechanisms by definition—a distinction they found difficult to parse in practice.

Business & Industry

Disney Erased FiveThirtyEight

Nate Silver’s personal blog chronicles how Disney shut down and erased FiveThirtyEight after acquiring the data journalism outfit, wiping decades of statistical analysis from public access. The article details the leadership transition dynamics that led to abandoning what had been a successful project, while noting broader patterns of link rot and institutional amnesia in media.

HN Discussion: Commenters drew parallels between Disney’s handling of FiveThirtyEight and its treatment of Star Wars under new management, questioning whether acquiring intellectual property necessarily means preserving its original value. A few cited a Pew study finding that nearly 40% of internet links active a decade earlier were already broken, framing FiveThirtyEight’s erasure as part of a wider pattern of institutional forgetting.

Dumb Ways for an Open Source Project to Die

An essay examines the surprising and often mundane ways open source projects meet their end—abandoned maintainers, corporate sponsorships that change priorities, dependency rot, and the slow drift of contributors away from neglected codebases. The piece catalogs recurring failure patterns that threaten infrastructure many teams rely on without realizing it.

HN Discussion: Commenters shared personal war stories about losing access to critical tools when underlying projects silently died. Several reflected on how open source dependencies form invisible supply chains that most teams never notice until something breaks—drawing connections to broader questions about sustainability in volunteer-driven software development.

Tech Tools & Projects

I’ve Built a Virtual Museum with Nearly Every Operating System You Can Think Of

The Virtual OS Museum presents an extensive browser-based collection of operating systems spanning decades and architectures, allowing visitors to explore historical computing environments through emulated interfaces without leaving the browser. The project covers everything from early microcontroller firmware to modern desktop distributions, curated as both a historical archive and interactive experience.

HN Discussion: Commenters questioned whether some exhibits showcase only the final version rather than the “greatest” iteration of each OS, noting that mid-cycle releases sometimes had superior features. Several shared personal memories connected to specific systems—the Pick computer used in UK health services, Domain/OS emulation viability—and one commenter humorously demanded TempleOS be included alongside the more established entries.

Apple Unveils New Accessibility Features

Apple announced a new set of accessibility enhancements leveraging its on-device AI capabilities, including improved speech-to-text transcription and expanded real-time assistive interactions across iOS, iPadOS, and macOS. The features continue Apple’s long-standing position in the assistive technology space while integrating deeper machine learning into core system functions.

HN Discussion: Several commenters noted that despite Apple’s accessibility reputation, speech-to-text transcription remains a persistent weakness—accurate enough for basic dictation but still lagging behind competitors on complex voice patterns. Others reflected on Apple’s historical leadership in accessibility design, contrasting it with what some perceived as a relative decline after the Steve Jobs era. The integration of agentic AI into accessibility features drew particular interest as both a practical innovation and a familiar Apple product strategy—launching ambitious features under an understated banner.

Show HN: Gaussian Splat of a Strawberry

A developer showcased an interactive 3D Gaussian Splat reconstruction of a strawberry, rendered in real-time using PlayCanvas—the same WebGL rendering engine they built back in 2011 for video games. The scene demonstrates how Gaussian Splatting technology has evolved from niche research to accessible web-based visualization within the browser.

HN Discussion: The project quickly became a distraction as users explored the interactive rendering and zoomed into fine detail. Several asked about the underlying reconstruction pipeline, speculating it used multi-angle photography rather than single-image generation. One commenter mentioned an accompanying apple model that generates splats from a single image in roughly 30 seconds on M1 hardware, noting limitations when viewing angles deviate too far from the capture position.

Show HN: Forge – Guardrails Take an 8B Model from 53% to 99% on Agentic Tasks

Forge is a framework that applies structured constraints and validation layers—called “guardrails”—between language model inference and tool execution, boosting an 8B-parameter model’s performance on agentic coding tasks from 53% to 99%. The approach sits between the model and its API endpoints, enforcing correct tool calling patterns, parameter validation, and error recovery loops.

HN Discussion: Commenters pressed for clarity on the evaluation methodology, asking how closely benchmark scores reflected real-world workflow conditions. Several questioned what exactly “guardrails” meant in practice—whether they were schema validators, policy enforcement layers, or something more sophisticated. One commenter noted the gap between getting right tool-call format and actually solving production coding problems reliably, while another connected this to older concepts from TI Explorer Lisp machines.

Show HN: Haystack – Review the PRs That Need Human Attention

Haystack is a pull request review tool that uses AI to triage code changes, surfacing only those PRs where human judgment is needed and grouping related changes into visual workflows. The platform aims to reduce review fatigue by filtering out low-signal changes and highlighting areas requiring architectural or domain expertise input.

HN Discussion: Commenters noted the name collision with dozens of existing “Haystack” products in the developer tooling space. Some questioned whether simply giving an LLM instruction to escalate uncertain decisions would produce similar results, while others praised the visual triage concept as a genuine productivity improvement over flat inbox-style review queues.

Show HN: Superlog (YC P26) – Observability That Installs Itself and Fixes Bugs

Superlog is a YC-backed observability platform designed to automatically instrument applications upon deployment, analyze runtime behavior, and propose fixes for production issues without manual configuration. The system positions itself as the next step beyond traditional logging by closing the loop between error detection and remediation through automated code changes.

HN Discussion: A frequent critique centered on data provenance—commenters wanted clearer information about where collected telemetry and generated patches are sent, particularly to upstream AI providers. Others argued that generating patches is actually the easy part; the real challenge lies in correctly diagnosing root causes by connecting error traces to configuration drift, infrastructure changes, and deployment ordering. Several welcomed the launch as a sign that automated observability could finally move past manual setup pain into continuous improvement.

Crossview 4.4.0 Is Now Available

The Crossview project released version 4.4.0 of its Kubernetes visualization tool, which maps resource relationships across complex cluster topologies. This iteration focuses on reliability improvements to graph rendering, clarified visual indicators for dependency chains, and performance enhancements when exploring large-scale multi-cluster environments.

HN Discussion: The primary conversation centered on practical usage in production clusters—how the improved relation explorer handles namespace sprawl, cross-namespace dependencies, and real-time updates during live deployments. Several commenters who had previously used beta versions reported that the new version resolved long-standing rendering lag issues when viewing deeply nested service graphs.

Show HN: I Made a 3D Pose Maker for Artists

SetPose is a web-based 3D pose reference tool designed for artists and illustrators, offering pre-built articulated figures with customizable poses, camera angles, and lighting setups that can be viewed on any device. The platform aims to fill the gap between traditional wooden mannequins and full 3D modeling software by providing quick-access pose generation without complex setup.

HN Discussion: Pricing drew immediate comparison—several commenters pointed out that Clip Studio Paint offers similar 3D pose tools with a marketplace of free models for less than half the monthly cost. Others appreciated the phone-accessible design for on-the-go sketching and noted it would be valuable for artists who need quick reference poses during commutes or field sessions. One commenter praised the “Time” feature for freezing poses across multiple camera angles simultaneously, calling it a genuinely useful innovation over standard pose libraries.

History & Science

The Silver Swan

The Bowes Museum has unveiled its restored Silver Swan—a nineteenth-century automaton bird that can simulate feeding behavior—demonstrating Victorian mechanical engineering at remarkable sophistication. The piece, dating to circa 1840, uses a complex system of cams, gears, and weighted mechanisms programmed by the French clockmaker François Junot to create lifelike motion in metal.

HN Discussion: Commenters expressed fascination with the precision engineering involved—cam profiles carved by hand to produce fluid animation across hundreds of moving parts. Several noted it as an underappreciated milestone in automation history, predating modern robotics by more than a century while achieving comparable behavioral fidelity through pure mechanics.

I Found Ultra-Pure Quantum Crystals in an Abandoned Mine in the Atacama Desert

A physicist documents discovering remarkably pure natural crystals at an abandoned mining site in Chile’s Atacama Desert, using materials found there for quantum research applications. The author recounts field expeditions to remote extraction points and analyzes the crystal properties that make them suitable for experiments requiring exceptional material purity under extreme environmental conditions.

HN Discussion: Commenters with Chilean connections defended the country’s scientific output against dismissive American-centric narratives, pointing to Chile’s growing investment in astrophysics and fundamental research at world-class facilities like ALMA. Several praised the author’s photo captions as an exemplary standard rarely seen in popular science writing. One commenter linked to other works by the same author on consciousness and altered states.

Why Is Almost Everyone Right-Handed? A New Study Connects It to Bipedalism

Researchers at Oxford published a study proposing that human right-handedness correlates with the evolution of bipedal locomotion and increased brain size, suggesting that upright posture shifted biomechanical loading patterns that favored one hand for precision tasks during development. The research links hand preference emergence to specific developmental windows influenced by spinal and neural maturation patterns unique to two-legged gait.

HN Discussion: Some commenters noted situational ambidexterity—right-handed for everyday tasks but left-handed for sports like hockey or pool—questioning whether the study accounts for this flexibility across different contexts. Others wondered about the developmental timeline of hand preference and what factors might influence it, suspecting environmental influences operate counterintuitively compared to common assumptions. One commenter suggested that left-hemisphere dominance for complex motor tasks might have reinforced right-hand usage through cultural pressures beyond pure biomechanics.

Hanoi’s Humble Beer Glass and the Memory of a Nation

A long-read piece explores bia hơi—the fresh, unpreserved draft beer served from modest glass cups across Vietnam—as both a social institution and cultural artifact. The article traces how this casual drinking culture embodies aspects of Vietnamese identity: communal gathering spaces, accessibility across income levels, and resistance to industrialization even as urban life transforms around it.

HN Discussion: Readers shared personal encounters with bia hơi in Hanoi’s streets and alleys, describing the experience of sitting on small plastic stools alongside locals as an unforgettable cultural moment. Some compared it unfavorably (and fondly) to European tank beers like Urquell, while others noted they had never visited Vietnam but felt transported through the article’s sensory detail. Several called it a “great read about a niche topic” with remarkable atmospheric writing.

Academic & Research

Era: From Nature Publication to Catalyzing Computational Discovery

Google Research introduced ERA (Empirical Research Assistance), an AI system designed to support researchers throughout the computational discovery process—from literature review and hypothesis generation through experimental design analysis. The tool emerged from research published in Nature and aims to reduce the cognitive load on scientists working across large, complex datasets and interdisciplinary domains.

HN Discussion: Commenters discussed the practical friction points ERA addresses: the enormous time investment in finding relevant papers across expanding literatures, the challenge of connecting findings across methodological boundaries, and whether AI-assisted discovery tools can genuinely accelerate scientific output or merely produce more noise in an already saturated publication landscape. Several researchers expressed cautious optimism while emphasizing that the system’s usefulness ultimately depends on how well it integrates with existing workflows rather than replacing them.

System Administration

The Foundations of a Provably Secure Operating System (PSOS) (1979)

A 1979 paper describing PSOS, a provably secure capability-based operating system developed at SRI. The work predates modern discussions of microkernel design and formal security verification, proposing a capability-based architecture where memory is tagged with unforgeable hardware-level access tokens rather than relying on software-defined access control lists.

HN Discussion: A former contributor recalled working on KSOS, PSOS’s predecessor, writing its file system and all drivers. Commenters debated why capability-based design was overlooked for so long and whether it should be standard for internet-facing systems, with one framing the distinction between ambient authority models like Linux versus capability architectures as equivalent to using global variables versus properly encapsulated code.

OpenBSD 7.9

The OpenBSD project released version 7.9, continuing its track record of security-first system design with a focus on code correctness and proactive vulnerability elimination. The release notably removes Exim from the ports collection—a decision that will affect anyone using it as an MTA in favor of transitioning to OpenSMTPD. New features include updates to the base networking stack, improved driver support, and ongoing refinements to the default secure configuration profile.

HN Discussion: The removal of Exim drew particular attention from mail administrators; several shared migration experiences and recommended transition guides for moving to OpenSMTPD. Others reflected on OpenBSD’s decades-long commitment to security as a growing differentiator in an era where operating system vulnerabilities are constantly being discovered across all platforms—some exacerbated by AI-assisted exploitation tools. A nostalgic comment recalled installing it on early-2000s PowerBook hardware and praised the platform’s no-nonsense approach to blobs and system integrity.