Hacker News Evening Brief: 2026-05-23
Your evening digest of the day’s most interesting stories from Hacker News, spanning retro hardware archaeology, supply-chain security scares, corporate AI politics, and the enduring wisdom of P.T. Barnum.
Web & Infrastructure
On The
Summary: Ben Myers argues that the HTML <dl> (description list) element is one of the most underrated tools in the web developer’s toolkit. The article walks through the anatomy of <dl>, <dt>, and <dd> elements, demonstrating layouts from key-value grids to glossaries, and tackles accessibility considerations including how screen readers handle description lists and which ARIA attributes are actually valid on the element.
HN Discussion: Commenters debated whether aria-label is technically valid on <dl> given its lack of an implicit ARIA role, with references to the W3C spec. Several admitted abandoning semantic HTML approaches like <dl> because real-world layouts need more wrapping flexibility than the element provides. One noted that the world’s first website at CERN makes heavy use of <dl> elements.
Yeunjoo Choi from Igalia on Chromium
Summary: An interview with Yeunjoo Choi, who has spent 15 years working on WebKit and Chromium, first at LG Electronics and now at Igalia — the worker-owned open-source consultancy. Choi focuses on enterprise browsers built atop Chromium, an area of growing demand as browsers become the primary control point for corporate IT environments. Igalia’s cooperative model contracts with companies to implement web standards and fix browser bugs, offering an alternative to Big Tech browser monoculture.
HN Discussion: The piece drew quiet interest from those following open-source browser governance and cooperative work structures, though the specialist subject matter kept the discussion focused rather than broad.
Security & Privacy
Oura says it gets government demands for user data
Summary: Health wearable maker Oura — whose rings track heart rate, sleep patterns, menstrual cycles, and location — has received government demands for user data but has not disclosed how many such requests it has fielded. The company’s data is not end-to-end encrypted, meaning health information can be unscrambled at certain points during transmission and on Oura’s servers. The article questions whether Oura will commit to transparency reports, especially given the backlash over its previous deal with the Department of Defense and Palantir.
HN Discussion: Commenters pointed out the article conflates end-to-end encryption with encryption-in-transit — a meaningful technical distinction. Illinois’ biometric privacy law was cited as a potential check on cross-state data queries. Several users compared Oura unfavorably to Apple’s Advanced Data Protection, which offers zero-access end-to-end encryption for health data.
The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers
Summary: The FBI is seeking near real-time access to license plate reader data collected by private and public surveillance networks across the United States. LPR systems capture plate numbers, timestamps, and GPS coordinates from vehicles on public roads, building detailed movement histories. The proposal raises Fourth Amendment concerns about warrantless mass surveillance, as a nationwide LPR network would enable comprehensive location tracking of the driving public.
HN Discussion: SCOTUS precedent in Carpenter v. United States was cited as establishing that tracking movement over time requires a warrant. Some pushed for local-level bans on license plate readers to prevent data collection at the source. The piece was also called out as a republishing of a prior Wired article that already received HN front-page coverage.
New Attack “Megalodon” Compromises 5.5K+ GitHub Repos
Summary: A campaign dubbed “Megalodon” pushed malicious commits to over 5,500 GitHub repositories in a single automated day, echoing the earlier TeamPCP attacks that poisoned roughly 3,800 repos. The attacker used stolen credentials to inject malicious commits directly into repositories, potentially compromising downstream dependents. The sheer scale — 5,500 repos in one day — underscores the fragility of the open-source supply chain when credentials are compromised.
HN Discussion: The story was still gaining traction at the time of selection, with limited discussion captured in the source packs.
History & Science
Reverse engineering circuitry in a Spacelab computer from 1980
Summary: Ken Shirriff reverse-engineers an ALU processor board from the Mitra 125 MS, a French-built minicomputer that controlled NASA’s Spacelab module aboard the Space Shuttle. Unlike modern systems, the Mitra 125 used a 16-bit processor constructed from multiple boards of discrete chips rather than a single microprocessor die. Shirriff traces the circuitry of the arithmetic logic unit to reveal how period space-rated computing hardware was designed, including the pressurized lab, connecting tunnel, and unpressurized pallets that comprised the Spacelab system.
HN Discussion: The author joined the thread to answer questions about his reverse-engineering methodology. Commenters appreciated the depth of hardware archaeology involved in tracing 1980s space-rated computing systems from physical artifacts.
80386 Microcode Disassembled
Summary: After years of collaborative effort, the author successfully disassembled the 80386’s microcode ROM — a massive 94,720-bit control store, nearly nine times larger than the 8086’s 10,752 bits. The breakthrough came when collaborators extracted and decoded the binary from high-resolution die images originally captured by Ken Shirriff. Without a reference patent (unlike the 8086 project), the team had to reverse-engineer the microcode format and instruction mappings entirely from scratch, providing unprecedented visibility into how Intel’s landmark 32-bit x86 processor executes instructions at the lowest level.
HN Discussion: Commenters asked about the process of reconstructing microcode from die photos — whether it requires recognizing individual transistors and modeling the full circuit. Someone asked if the disassembled microcode could boot Linux in an emulator. The blog’s 33-year history and long hiatus before this post drew note from long-time readers.
A 1955 Los Alamos computer experiment changed our understanding of chaos
Summary: In 1955, programmer Mary Tsingou ran a first-of-its-kind numerical experiment on MANIAC at Los Alamos, now known as the Fermi-Pasta-Ulam-Tsingou (FPUT) problem. Conceived by Fermi, Pasta, and Ulam, the experiment expected energy in a nonlinear string to distribute evenly but instead found unexpected recurrences — a paradox that launched chaos theory. Fermi died in 1954 before seeing the full results, which showed that nonlinear systems can behave in surprisingly stable and structured ways contrary to intuition. The FPUT problem became foundational for understanding atmospheric dynamics, fusion plasmas, economics, and biological rhythms.
HN Discussion: Readers shared the Wikipedia visualization of the FPUT problem and the original algorithm flowchart dated May 20, 1955. The piece was praised for connecting early supercomputing history to modern AI-assisted exploration of uncertainty in scientific research.
Solving the “Zork” Mystery
Summary: The author traces the origin of the name “Zork,” investigating the widely-cited claim that it was MIT jargon for an unfinished program. Wikipedia’s unsourced assertion from a 2001 edit survived for 13 years before receiving a citation in 2014 from a 1985 New Zork Times article by Tim Anderson, who wrote that MIT’s Dynamic Modeling Group “tended to name our programs with the word zork until they were ready to be installed on the system.” The piece also covers finishing the game, tying the etymological detective work back to the experience of playing Zork itself.
HN Discussion: Commenters debated whether “zork” truly meant “unfinished software” or was simply a nonsense word like “foobar” that happened to be used for incomplete programs. The 13-year Wikipedia citation gap was noted as a cautionary tale about trusting unsourced claims on heavily-edited pages.
Ebola Outbreak Now Third Largest Recorded and “Spreading Rapidly”
Summary: The current Ebola outbreak in the DRC has reached nearly 750 cases and 177 deaths, making it the third largest Ebola outbreak ever recorded. The risk level has been elevated as cases spread rapidly in the eastern DRC region around Goma, with medical personnel setting up isolation rooms and placing suspected cases under 21-day observation. The situation is worsening with what Ars Technica describes as insufficient international attention and resources.
HN Discussion: Commenters noted that Ebola requires contact with bodily fluids and is amplified by local funeral rituals involving contact with the deceased. One described it as the “same bat country, same fear cycle” — the DRC’s 17th outbreak. Concern was raised that international attention will only materialize when the disease spreads uncontrollably outside the DRC.
Tech Tools & Projects
z386: An Open-Source 80386 Built Around Original Microcode
Summary: z386 is an FPGA-based 80386-compatible CPU that uses the original Intel microcode recovered from die analysis rather than instruction-by-instruction emulation in RTL. The core boots DOS 6 and DOS 7, runs protected-mode extenders like DOS/4GW, and plays Doom and Cannon Fodder. Performance benchmarks put it roughly on par with a ~70MHz cached 386 or low-end 486 — 34 FPS on 3DBench and 16.5 FPS on Doom at max detail — while using only 8K lines of code and 18K ALUTs, a smaller footprint than the comparable ao486 project.
HN Discussion: Commenters were surprised the design fits in just 18K LUTs, a modest footprint by modern FPGA standards. Discussion ranged to whether production 386 hardware still does useful work anywhere, with nostalgic mentions of Amiga-powered small businesses. Gray386linux was noted as a maintained project running a patched Linux 3.7 kernel on 386-class hardware.
PHP’s Oddities
Summary: After five years of PHP development at a company whose backend dates to 2007, the author reflects on the language’s most unintuitive features. PHP arrays are overloaded as both ordered lists and hash maps in a single data structure, creating confusion when developers expect one behavior and get the other. The type system is clunky too, with dynamic property addition on objects and loose comparisons that breed subtle bugs. Despite these oddities, modern PHP has caught up with most languages in features and performance, becoming a genuinely versatile general-purpose tool.
HN Discussion: A 20-year PHP veteran now in Java praised PHP’s maps and arrays as less verbose than Java’s collection infrastructure. SplFixedArray was pointed out as PHP’s proper array type since PHP 5.3, though underused. Dynamic properties becoming a hard error in PHP 9 should simplify internals and unlock optimizations. Several commenters requested a similar treatment for JavaScript’s everyday gotchas.
Lisp in Vim (2019)
Summary: Susam Pal’s guide compares the Slimv and Vlime plugins for Lisp development in Vim, covering structured s-expression editing and REPL integration. Fifteen years ago Vim had no good Lisp plugins; by 2019 both Slimv (10+ years old) and Vlime offered interactive programming with debugger and inspector support. The walkthrough covers setup with SBCL, Paredit for s-expression editing, and trace/debug workflows, with a detailed comparison section to help developers choose between Slimv’s maturity and Vlime’s more modern architecture.
HN Discussion: Conjure was recommended as the current best option for Lisp languages in Neovim, supporting Clojure, Common Lisp, and Fennel. Several commenters shared Fennel-based Neovim configurations, noting the language’s fit for editor scripting despite initial setup friction.
Highest Random Weight in Elixir
Summary: The article introduces Rendezvous hashing (Highest Random Weight) as a stateless alternative to consistent hashing for distributing keys across Elixir cluster nodes. Unlike Discord’s ExHashRing, which requires managing ring processes under a supervision tree with persistent state, HRW needs no background processes. It works by computing a hash of each key combined with each node identifier and assigning the key to whichever node produces the highest value, trading some rebalancing flexibility for operational simplicity.
HN Discussion: The post appealed to a specialist Elixir and distributed-systems audience, with limited broader discussion.
Improving C# Memory Safety
Summary: Microsoft is significantly redesigning the unsafe keyword in C# to better inform callers about memory safety obligations they must uphold. The initiative, part of .NET 10, aims to bring C#‘s memory safety closer to Rust and Swift, with explicit comparisons in the announcement. Developers can already convert unsafe pointers to Span<T> for safer passing, dropping to fixed contexts only when performance demands it. The improvements are partly motivated by the Windows team’s increasing adoption of C# over traditional COM and C++.
HN Discussion: C# was noted as a strong language for LLM-generated code, with Google models performing particularly well in C# compared to Python or Go. Commenters asked whether long-standing IntPtr-using functions like Marshal.Copy would finally be marked unsafe. The Span-based approach was praised as already enabling safe pointer workflows in current C#.
Rubish: A Unix shell written in pure Ruby
Summary: Rubish is a Unix shell implemented entirely in Ruby, blending shell scripting ergonomics with Ruby’s language constructs. It joins a lineage of language-native shells — scsh (Scheme), rush (Ruby) — that attempt to replace ad-hoc shell syntax with proper programming constructs, aiming to provide a daily-driver experience where Ruby’s expressive syntax supersedes traditional bash patterns.
HN Discussion: A commenter who spent nearly a decade trying to blend Ruby and bash called it “the strange but amazing love child” and planned to give it a spin. Discussion emerged about vibe-coded Ruby projects becoming more common, with concern that AI-generated code makes contribution harder. The name “Rubish” was universally praised as the best project naming of the weekend.
ArcBrush – Node-based 2D image editor
Summary: ArcBrush is a free, native C++ desktop application for Windows, macOS, and Linux offering 79 nodes for building non-destructive image processing pipelines. Targeted at game artists, pixel artists, and illustrators, it automates asset variant generation — producing, for example, 2,400 icon variants across 12 color tiers from a single pipeline. Features include sprite sheet export with TexturePacker-compatible JSON manifests, pixelation and dither nodes for retro styling, and palette remapping for limited-color art, all without requiring an account or subscription.
HN Discussion: The anti-Electron, anti-subscription, native C++ philosophy earned praise, but the lack of FOSS licensing and transparency about the company behind it was flagged as “incredibly sketchy.” PixieEditor was suggested as a free, open-source alternative. One commenter accused ArcBrush of vibe-coding a front-run of Plasma Studio, a similar node-based editor announced a month earlier.
Deno 2.8
Summary: Deno 2.8 is the project’s biggest minor release to date, introducing deno audit fix for automatically patching reported vulnerabilities and Deno Sandbox, a new API for running untrusted code in secure Linux VMs targeting multi-tenant and plugin-based architectures. Deno continues to position itself as the Unix-philosophy-aligned TypeScript/JavaScript runtime with native TypeScript support and a permission-based security model, while JSR, the TypeScript-first ESM package registry, evolves alongside.
HN Discussion: Users debated Deno’s competitive position: Node is the stable incumbent, Bun is fast and now Anthropic-owned, while Deno offers a clean permission model and sandbox API. Happy users called it a “Swiss clock” for small-to-mid-size web services. Concern was raised about the authors declining donations, potentially creating long-term financial pressure.
Academic & Research
Making Deep Learning Go Brrrr from First Principles
Summary: Horace He’s guide approaches deep learning performance optimization from first principles, breaking the problem into three components: compute, memory, and overhead. The central insight is a bandwidth asymmetry — in the time Python executes a single FLOP, an A100 GPU could process 9.75 million FLOPS. The article covers kernel fusion to reduce memory round-trips, when model parallelism helps versus hurts, and batch size selection to saturate compute without wasting memory, all while discouraging cargo-cult tuning and advocating for profiling your specific bottleneck first.
HN Discussion: Commenters were struck by the raw A100 throughput comparison. A linked Jane Street talk by Horace covering modern ML systems was recommended. Discussion covered how PyTorch chaining like x.cos().cos() can outperform separate calls through automatic kernel fusion.
AI Engineering from Scratch
Summary: A free, open-source MIT-licensed curriculum covering 435 lessons across 20 phases, from linear algebra to autonomous agent swarms. Every algorithm is built from raw math before any framework is imported — backpropagation, tokenizers, attention mechanisms, and agent loops are all implemented from scratch in four languages: Python, TypeScript, Rust, and Julia. By the time PyTorch appears, learners already understand what the framework does internally rather than treating it as a black box.
HN Discussion: The resource appears to have been bookmarked and shared more than debated, with minimal top-level discussion.
The quadratic sandwich
Summary: The article explains how strong convexity and L-smoothness create upper and lower quadratic bounds — a “sandwich” — around a function being optimized with gradient descent. Strong convexity prevents the function from being too flat, while L-smoothness prevents it from being too steep; when the sandwich is tight, optimization is well-conditioned. The piece builds from first-order Taylor expansions to Hessian eigenvalue analysis, with a practical trick for verifying L-smoothness without computing eigenvalues. Animated visualizations show gradient descent succeeding or failing based on sandwich tightness.
HN Discussion: Visualizations and the direct connection between proofs and practical behavior drew praise. Momentum-based methods were discussed as a fix for the failure modes shown. Wavelet fitting was raised as a real-world problem that fails under gradient descent for exactly the reasons the framework describes.
Fast Factorial Algorithms
Summary: Peter Luschny’s reference covers five essential factorial algorithms: SplitRecursive (fastest without prime factorization), PrimeSwing (asymptotically fastest known, computing n! via prime factorization of “swing numbers”), Moessner’s addition-only method (fascinating but impractical), Poor Man’s algorithm (no BigInteger library needed, fast up to 10,000!), and ParallelPrimeSwing (multi-core variant). The page includes practical recursive multiplication code and a separate section on Stirling’s approximation for when exact computation isn’t required.
HN Discussion: Caching was suggested as the fastest practical approach since very few factorial values exist before numbers become pointlessly large. Commenters noted the algorithms lack detailed explanations, making the page more reference than tutorial. Someone wondered whether a compiler could automatically rewrite a naive factorial into an optimized variant.
Business & Industry
The Art of Money Getting
Summary: P.T. Barnum distilled a lifetime of business experience into 20 plainspoken rules in this 1880 book, written at age 70. Core principles include selecting work suited to your natural aptitude, avoiding debt that erodes self-respect and freedom, and pursuing endeavors with full commitment rather than half-measures. Barnum’s own arc — building America’s most famous museum, going broke on a bad clock company investment, then co-founding Barnum & Bailey Circus at 60 — gave him hard-won credibility on financial recovery.
HN Discussion: A retired programmer noted parallels to tech careers: people chase money into the field without genuine interest, and their work suffers. Edsger Dijkstra’s advice to a PhD student — “Do only what only you can do” — was compared to Barnum’s rule about finding your knack. Skeptics argued that modern ultra-successful figures exhibit the opposite traits: accumulating debt without personal risk and lacking genuine focus.
Why Japanese companies do so many different things
Summary: The article examines why Japanese companies like Toto — the world’s largest toilet and bidet maker, with stock up 60% year-to-date and net profit up 230% YoY — operate in wildly diverse businesses rather than focusing on a core competency. The root cause is Japan’s lifetime employment system: firms have irreplaceable employees with firm-specific skills, so diversification absorbs that labor rather than resorting to layoffs. Japanese firms are also largely insulated from outside shareholder pressure, run by employees rather than investors, which removes the Western imperative to divest non-core divisions.
HN Discussion: A Korean commenter noted the Western idealization of Japan on HN, suggesting insiders see more downsides than romanticized analyses convey. The lifetime employment system’s dark side — a job market with very low fluidity where missing the fresh-graduate hiring window creates poor mid-career prospects — was discussed. Western companies used to be more diversified too before shareholder-value ideology pushed focus and divestiture.
BambuStudio has been violating PrusaSlicer AGPL license since their fork
Summary: Josef Prusa accuses Bambu Lab of violating PrusaSlicer’s AGPL license with BambuStudio since its fork, centering on a closed-source networking binary blob. Prusa outlines five Chinese laws enacted between 2017 and 2023 — the National Intelligence Law, Cryptography Law, Data Security Law, Counter-Espionage Law revision, and others — that collectively compel Chinese companies to share data with the state while prohibiting disclosure of that cooperation. The Data Security Law’s extraterritorial reach means EU/US data hosting offers no protection, since jurisdiction follows the company, not the server location.
HN Discussion: Enthusiast users are abandoning Bambu despite acknowledging hardware quality, citing Creality as a comparable alternative that’s less user-hostile. Commenters debated whether the US Cloud Act creates similar surveillance capabilities. Business users expressed concern about sending proprietary prototypes through cloud-connected slicers, with some planning to build their next printer from open-source components.
Geopolitics & War
Italy Cancels Boeing Pegasus Order, Shifting to Airbus A330 MRTT
Summary: Italy cancelled its Boeing KC-46 Pegasus tanker order and selected the Airbus A330 MRTT instead, marking a significant shift in NATO-aligned procurement. Defense analysts note the KC-46 has suffered technical problems and delays that slowed its competitiveness abroad, benefiting the A330 MRTT already adopted by many NATO allies. The decision is framed more as an industrial victory for Airbus than a political defeat for the US, though it signals growing European defense autonomy.
HN Discussion: Commenters noted the USAF itself had originally selected the A330 MRTT before the contract was controversially overturned in Boeing’s favor. The value of vendor competition in defense procurement was highlighted. Discussion touched on whether this signals broader European moves away from US defense platforms.
AI & Tech Policy
Microsoft starts canceling Claude Code licenses
Summary: Microsoft is canceling Claude Code licenses for its developers and pushing them toward GitHub Copilot CLI instead. The company originally offered both tools to developers expecting feedback on which performed better, but developers overwhelmingly chose Claude Code, undermining Microsoft’s own command-line Copilot product. The move highlights internal tensions between Microsoft’s $13B OpenAI partnership and developer demand for Anthropic’s tooling — with the irony that Microsoft’s own workforce voted with its feet against the company’s flagship AI product.
HN Discussion: Developers pushed back on using cheaper models, arguing performance reviews reward output speed, not token savings — their livelihoods depend on the most effective tool. Supervised human-in-the-loop Claude Code usage was described as productive and token-efficient, unlike unsupervised agentic workflows that burn tokens with little to show. Commenters noted the irony of the situation.
US tech firms share Dutch regulator officials’ names with Senate
Summary: Microsoft and Meta shared the names of Dutch civil servants and academics working on European tech regulation with a US Senate committee investigating “tech censorship” and “jawboning.” The Dutch cabinet described the development as “extremely worrying,” as named officials could face travel bans to the US. The incident complicates EU efforts to reduce dependence on US technology companies, as switching away from Microsoft and others is not feasible in the short term — a major Dutch cloud provider used by government departments is itself on the verge of being sold to a US company.
HN Discussion: One commenter argued the headline is clickbait — companies responding to US government inquiries naturally forwarded emails containing regulator names. The difficulty of escaping US tech was highlighted, with Dutch government systems deeply embedded in Microsoft infrastructure. Skepticism was expressed about targeting individual civil servants who lack decision-making power.
—dangerously-skip-reading-code
Summary: The author explores a provocative scenario: if organizational leadership accepts the risks, should engineers treat LLM-generated code like compiled output — not reading it, just verifying behavior through tests and specs? The analogy is to how programmers don’t read assembly, bytecode, or transpiled JavaScript; source code could become another layer of machine-generated intermediate representation. Inspired by a Thoughtworks “retreat” article, the post proposes Markdown specifications as the new unit of knowledge, with automated PR checks verifying spec compliance, and argues this is a framework for consciously accepting the tradeoffs organizations already make.
HN Discussion: Critics questioned whether “rework is almost free” accounts for real compute and energy costs, suspecting VC subsidies mask true economics. One commenter argued that if Markdown specs don’t express more rigor in fewer words than code, it’s just legacy coding with extra steps. A blunt take: “the lesson of the AI age is how little people who’ve worked in software their entire careers understand software development” — code generation speed was never the bottleneck.
Other
I Miss Terry Pratchett
Summary: A personal essay about discovering Terry Pratchett’s Discworld novels as a teenager in a French classroom, and the lasting impact of his humor and wisdom. The piece centers on a Rincewind quote about memories that “settle in and start terrorising the other occupants by kicking over the chairs” as a metaphor for literary influence that refuses to leave. The author reflects on reading cheap pocket editions from the school library, and how Pratchett’s unique ability to embed profound observations about human nature inside comedic fantasy shaped their thinking for life.
HN Discussion: The post was accused of being AI-generated, with one commenter outlining a formula: pick an author nerds like, prompt Claude to imitate their style, and don’t fix the faux-witty phrases. Fans shared personal Pratchett discovery stories — one found the books while working tech support in Brooklyn in 2004. Simon Willingham noted he still hasn’t read The Shepherd’s Crown because finishing it means having no new Pratchett left.