May 26, 2026

Hacker News Evening Brief: 2026-05-26

The evening briefing for May 26th covers Uber’s president questioning AI spending returns, the Netherlands blocking a US takeover of critical digital infrastructure, Spain’s crackdown on prediction markets, a proposed sleep mechanism for language models, and Pope Leo XIV’s encyclical on AI and human dignity — plus 25 more stories spanning security disclosures, retro computing, semiconductor business models, and the cost of homeownership.

AI & Tech Policy

Spain blocks prediction markets Polymarket, Kalshi over lack of gambling licence

Summary: Spain has blocked access to Polymarket and Kalshi for operating without gambling licences, treating crypto-based prediction markets as gambling under Spanish law. The ruling is part of a growing international regulatory response to platforms that let users bet on real-world events using cryptocurrency. The decision frames prediction markets not as financial innovation but as unlicensed gambling activity subject to existing consumer protection rules.

HN Discussion: Commenters raised concerns that prediction markets create financial incentives for real-world manipulation, with some arguing they incentivize violence and assassination to win payouts. Others drew a blunt comparison: if it quacks like a duck, it is gambling regardless of branding. Several expressed surprise at seeing Kalshi run mainstream television advertisements in the US.

Eagle 3.1: Collaboration Between the EAGLE Team, vLLM Team, and TorchSpec Team

Summary: EAGLE 3.1 tackles a core weakness in speculative decoding — performance degradation under different chat templates, long contexts, and out-of-distribution system prompts. The team identified “attention drift,” where the drafter model gradually shifts focus away from sink tokens as speculation depth increases. This joint release from the EAGLE, vLLM, and TorchSpec teams brings improved robustness and deployability to one of the most widely adopted speculative decoding families.

HN Discussion: Readers asked whether speculative decoding preserves model accuracy or silently introduces approximation errors, and whether these decoders are suitable for AI coding agents or only specific workload types. One commenter admitted they expected the post to be about PCB design software.

Magnifica Humanitas

Summary: Pope Leo XIV’s encyclical Magnifica Humanitas, dated May 15, 2026, argues that AI builders bear particular ethical responsibility because technology is never neutral — it reflects the values of those who design, finance, and deploy it. The document frames artificial intelligence within the tradition of Catholic Social Doctrine, tracing principles from Leo XIII through Vatican II to the present. Every design choice, it argues, reveals a vision of what it means to be human.

HN Discussion: Even atheist commenters acknowledged the Vatican produces unusually thoughtful technology policy analysis. Discussion centered on whether any technology has ever been successfully tamed for broader societal good, or whether power concentration always dominates outcomes. The encyclical’s reframing — from “can we build it?” to “should we, and for whom?” — resonated across ideological lines.

Security & Privacy

Are we self-sovereign PKI yet?

Summary: The article traces the fundamental gap in end-to-end encrypted messaging: key verification is architecturally supported but almost never practiced. Signal’s safety numbers, iMessage’s Contact Key Verification, WhatsApp’s Security Codes, and Threema’s contact ratings all attempt to solve this, yet encryption effectively remains conditional on the platform’s honesty. A proposed self-sovereign PKI would give users cryptographic identities that persist across applications and cannot be revoked or suspended by any single authority.

HN Discussion: Critics noted the proposal sidesteps key recovery and identity loss — the hardest problems for ordinary users. Concerns about name confusion attacks and lookalike identifiers drew particular attention. The economics of capped daily record supply (~10 per day) raised fears of speculative squatting on high-value names, while others argued permanent, unchangeable identities are the opposite of what users actually need.

Exposing Critical Vulnerabilities in CBSE’s On-Screen Marking Portal

Summary: A security researcher found elementary but devastating vulnerabilities in the Central Board of Secondary Education’s digital exam marking system, used to evaluate millions of Indian board exam papers. The flaws included a master password embedded in client-side JavaScript and a fake OTP process where the server sent the one-time code back to the client for local comparison. Discovered in February 2026 and reported to CERT-In, the vulnerabilities could have allowed full account takeover of examiner accounts across 28,000+ affiliated schools.

HN Discussion: Commenters expressed shock that a master password in client-side JS and server-returned OTPs made it into production for a system handling millions of students’ results. The disclosure prompted broader criticism of India’s education sector, including endemic exam paper leaks and outdated curricula. Several noted the painful irony that implementing correct security would have been simpler than building these broken mechanisms.

Micropatching Brings the Abandoned Equation Editor Back to Life (2018)

Summary: When Microsoft removed Equation Editor from Office rather than patch its security vulnerabilities, thousands of math teachers lost the ability to edit equations in existing documents. 0patch responded by creating binary micropatches that fix the vulnerabilities directly in the executable, keeping the tool functional and secure. Without such patches, affected users would have been tempted to skip all future Office updates entirely, leaving their systems exposed to every subsequent exploit.

HN Discussion: Commenters reflected on the sadness of external security researchers understanding Windows internals better than Microsoft’s own teams. The replacement product MathType was noted as a commercial option, though several wished for a simple equation editor that doesn’t require LaTeX proficiency for non-technical users.

Geopolitics & War

Netherlands blocks US takeover of vital digital supplier

Summary: The Netherlands has blocked Kyndryl, an IBM spin-off, from acquiring Solvinity, the company providing digital identity services to the Dutch government at roughly 30,000 requests per hour. The entire parliament voted to block the deal with only one party dissenting, citing data sovereignty concerns over critical infrastructure serving millions of citizens. The move underscores growing European resistance to US control of government digital systems.

HN Discussion: Dutch commenters described weeks of public pressure before the government acted, with frustration that parliament’s near-unanimous motion was initially ignored. Kyndryl’s claim that “politicization overshadowed benefits” drew sharp rebuttals — protecting citizens’ privacy is literally the job of politicians. Several questioned why a nation of 20 million cannot self-host an open-source identity solution.

Stockholm poised to become leading European geospatial intel player

Summary: Stockholm is positioning itself as a major European hub for geospatial intelligence, part of a broader continental push for independent satellite-based surveillance capabilities. The move reflects growing European interest in building intelligence infrastructure that doesn’t depend on US providers.

HN Discussion: Critics noted Sweden still relies on US technology for core systems and on ESA/France for satellite launches, questioning whether dependency constitutes leadership. A pointed warning: relying on US tech means access could be revoked at any moment due to political shifts, undermining the very sovereignty such investments aim to build.

Tech Tools & Projects

Opaque Types in Python

Summary: The article proposes using NewType over a private implementation class to create opaque types in Python, giving library authors a way to expose configuration objects with minimal public interface. The pattern lets consumers build objects only through constrained constructor functions while keeping internals hidden from the compatibility surface. A shipping options example demonstrates how the technique works in practice.

HN Discussion: Purists argued that if you cannot say anything about a type, you should simply leave it unannotated — Python is dynamically typed after all. Others compared the approach unfavorably to Java’s private constructors, which solved this cleanly from the start. The pattern reportedly breaks down with inheritance and creates testing friction since test suites must import private classes.

What Color is Your Function? (2015)

Summary: Bob Nystrom’s classic essay uses a strawman language to demonstrate how async functions create a bifurcated ecosystem where you must maintain parallel synchronous and asynchronous APIs. The “color” metaphor captures how async infects callers: you cannot call an async function from a synchronous one without restructuring everything above it. Go is cited as the exception, hiding async complexity inside its runtime.

HN Discussion: A decade later the essay remains relevant. Go’s runtime hides async details, though commenters noted it has analogous plumbing pain with error propagation and context.Context. The practical pattern shared by experienced developers: keep code synchronous as long as possible, only converting to async when absolutely forced, and rely on code ownership reviews to catch unnecessary conversions.

C extensions, portability, and alternative compilers

Summary: Written by someone building their own C compiler, the article documents the non-standard behaviors and extensions that real-world C code depends on — and the headaches they cause alternative toolchains. glibc headers use elaborate preprocessor gymnastics to detect compiler capabilities, but the fallbacks are often incomplete. Many C projects are effectively “works on my machine” code that assumes GCC or Clang extensions without proper guards.

HN Discussion: Walter Bright shared similar war stories from building ImportC for the D compiler. A Windows/FreeBSD user noted the frustration of Linux-first C code breaking everywhere else due to implicit GCC assumptions. The Common Lisp ecosystem was cited as a healthier model where implementations experiment, useful extensions spread, and portability libraries emerge as de facto standards.

Web & Infrastructure

DynIP – Dynamic DNS with RFC 2136, IPv6, DNSSEC, and BYOD

Summary: DynIP is a dynamic DNS service built on the RFC 2136 TSIG standard, meaning it works natively with FortiGate, MikroTik, OPNsense, and OpenWRT routers without proprietary clients. Updates propagate in roughly 60 seconds end-to-end, compared to the 30-minute cache times typical of legacy DDNS providers. The service supports AAAA records for IPv6 alongside CGNATed IPv4, with DNSSEC enabled by default.

HN Discussion: The founder, a Swedish network engineer, built the service because existing DDNS providers were stuck in 2010-era architectures. Users noted it integrates with Kubernetes external-dns via RFC 2136. The landing page drew criticism for looking like generic AI-generated content, with feedback that more personality would help differentiate the product.

Don’t put aria-label on generic elements like divs

Summary: The ARIA spec explicitly prohibits naming generic roles like div and span with aria-label or aria-labelledby. Section 5.2.8.6 lists roles that “cannot be named,” and “generic” is among them. Beyond the spec violation, browsers handle labeled generic elements inconsistently — VoiceOver announces them as “group,” TalkBack announces them but they remain invisible to accessibility users navigating by heading or landmark.

HN Discussion: Multiple commenters pointed out the article itself overflows to the left on narrow phones without a scrollbar — an ironic accessibility failure in a post about accessibility. Frustration was directed at screen reader vendors for wildly inconsistent behavior across tools, with the observation that creating an accessible dialog should not require a multi-page essay.

Incident with Actions and Pages

Summary: GitHub suffered a significant outage affecting GitHub Actions and GitHub Pages. Reports indicated the GitHub Actions service account was apparently deleted, causing the bot to appear as a ghost in pull request comments. CI/CD pipelines and deployed static sites across countless projects were disrupted.

HN Discussion: The outage prompted recommendations for alternatives: SourceHut for private repos, Codeberg for public ones, or self-hosted Gitea and Forgejo. One developer cited GitHub Actions’ chronically poor reliability and ergonomics as motivation to quit their job and build a competitor. The incident reinforced frustration with GitHub as the industry’s single point of failure for continuous integration.

History & Science

The Ballad of TIGIT

Summary: This long-form essay chronicles the rise and fall of TIGIT-targeting cancer immunotherapy drugs, placing them alongside amyloid-beta Alzheimer’s treatments in the category of “cursed” drug classes. These compounds consumed billions of dollars in clinical trial investment and enrolled thousands of patients before ultimately failing to deliver meaningful results. The article explores how such drug categories develop a radioactive reputation that persists even when later evidence suggests partial efficacy.

HN Discussion: Comments were limited at the time the pack was captured.

C64 Basic: Game Map Overhead Camera View

Summary: A tutorial on implementing Ultima-style overhead camera maps in Commodore 64 BASIC, where the map defines a larger world and the camera view is a sliding window over it. The piece becomes an exploration of C64 BASIC optimization — how to scroll a character-based viewport across a larger map efficiently on hardware with severe memory and speed constraints. Part of a broader series on retro roguelike development for the C64.

HN Discussion: Experienced C64 developers pointed to hardware-level solutions using VIC-II register manipulation — specifically $D011/$D016 for pixel-level scrolling and $D018 for memory base control. The consensus was that 6502 assembly is far more practical for this kind of routine, with magazine BASIC games of the era typically embedding machine code via DATA statements and POKE.

Phantasy Star IV – 1993 Developer Interviews

Summary: Translated from multiple 1993 Japanese magazine interviews, this compilation features conversations with the Phantasy Star IV development team including director Rieko Kodama. The interviews cover the game’s lengthy development cycle, its relationship to earlier entries in the series, and the intense pressure to ship before the end of 1993. Kodama describes finishing the instruction booklet and her brain turning to “mush” after the long push to completion.

HN Discussion: Commenters shared nostalgia for the series, generally rating PS I, II, and IV as excellent while acknowledging PS III as flawed. Discussion of Phantasy Star Online revealed it as the only entry most modern players recognize. A tribute to Rieko Kodama — whose work also included Skies of Arcadia — noted her passing in 2022 went unreported for months due to her family’s desire for privacy.

Academic & Research

Language Models Need Sleep

Summary: This paper proposes a sleep-like consolidation mechanism for transformer-based LLMs struggling with attention’s poor scaling in long contexts. During “sleep,” the model performs offline recurrent passes over accumulated context, converting recent information into persistent fast weights in state-space model blocks before clearing the KV cache. The result is a three-tier memory system: stable base weights, mid-term fast weights from consolidation, and short-term cache — directly analogous to how biological sleep converts short-term memories into long-term storage.

HN Discussion: Some objected to the anthropomorphic framing, arguing that calling it “sleep” misleads more than it illuminates. Others compared it to E2E test-time training, which offers a more flexible continuous learning approach. Practical implementations involving LoRA fine-tuning on compaction data were discussed, alongside related work from the Letta team on offline “sleep-time compute” for pre-processing user contexts.

Multimodal adaptive optical microscope: in vivo imaging, molecules to organisms

Summary: Published in Nature Methods, this paper presents a multimodal adaptive optical microscope capable of in vivo imaging across biological scales from individual molecules to whole organisms. The system combines adaptive optics with multiple imaging modalities to correct optical aberrations in living tissue, enabling high-resolution visualization deep within samples where scattering normally degrades image quality. A large multi-institutional team contributed to the work.

HN Discussion: One commenter speculated about whether similar engineering principles could enable combined Raman shift and XRD/XRF spectroscopy instruments, though the technical specialization limited broader discussion.

Business & Industry

Launch HN: Minicor (YC P26) – Windows desktop automations at scale

Summary: Minicor, a YC P26 startup, offers an RPA platform that deploys AI agents into legacy Windows desktop applications. Its key differentiator is self-healing agents: when a UI changes or an unexpected dialog appears, a reflection agent verifies what is on screen and adapts the workflow before it breaks. The platform runs on Windows VMs or in-browser, supports on-premise deployment, and holds SOC 2 Type II and HIPAA compliance certifications.

HN Discussion: The landing page drew immediate feedback for not explaining the RPA acronym at first mention. Questions focused on the deployment model — whether AI companies install Minicor directly on customer machines — and on the fundamental challenge that legacy system users are among the slowest to adopt new AI tools.

Summary: The essay reframes subscriptions as ongoing relationships that shape identity rather than simple purchases. A ChatGPT subscription is functionally similar to Netflix from the provider’s perspective — a recurring revenue stream — but chatbots can be customized to amplify behavioral effects in ways Netflix cannot. The analogy: a subscription is a button that gives you ten dollars now but carries a high probability of altering your tastes, routines, and thinking patterns.

HN Discussion: A popular strategy emerged: cancel immediately after subscribing to force a conscious re-subscription decision each month. The Costco membership model was analyzed as dual-purpose — creating loyalty while deliberately excluding higher-maintenance customers. Commenters argued that companies wanting casual subscribers should support easy cancellation processes and anti-dark-pattern laws to build long-term trust.

Summary: Massachusetts has become the first US state where Uber and Lyft drivers have formed a recognized union, marking a watershed moment for gig economy labor. The milestone follows years of legal battles over driver classification as independent contractors versus employees, and comes as both companies continue to invest heavily in autonomous vehicle technology.

HN Discussion: Some observed that the original organizing impetus was more about blocking robotaxis in Boston than collective bargaining per se. Drivers reportedly take home a surprisingly small share of each fare, and that share is expected to shrink without collective action. The timing drew dark humor: unionizing just as self-driving taxis become commercially viable echoes the Teamsters’ historical fight to protect horse carriage drivers from automobiles.

Outsourcing plus LocalAI will soon become more economical vs. Frontier labs

Summary: The essay argues that hiring engineers in lower-cost countries and equipping them with DeepSeek or local AI tools puts a ceiling on what frontier labs can charge for API access. GPT-5.5 costs over three times what GPT-5 cost eight months ago; Gemini 3.5 Flash tripled its predecessor’s pricing; Anthropic’s new tokenizer effectively increased token consumption by 32–47%. The ever-rising frontier pricing creates economic room for local alternatives combined with cheaper human expertise.

HN Discussion: Critics pointed out that subscription pricing is 10–40x cheaper than API pricing, making frontier models more competitive than the raw numbers suggest. DeepSeek’s pricing was flagged as heavily subsidized and unsustainable, with inference hardware geopolitically restricted. One commenter shared a real-world counterpoint: their company is replacing Eastern European teams with smaller US teams augmented by AI, reporting faster feature delivery.

Uber president says AI spending is getting ‘harder to justify’

Summary: Uber’s president publicly questioned the return on investment for massive AI infrastructure spending, reflecting a growing corporate skepticism about whether trillion-dollar AI capex translates into measurable business outcomes. The statement is notable coming from a major tech company that itself relies on AI for core operations like dispatch and pricing.

HN Discussion: One view held that AI spending is fundamentally a race for generational advantage in automating software development, with productivity as a side effect. Others argued that small, experienced teams with AI tools outperform large corporations burning tokens. The comparison to AWS reaching $40 billion ARR with clear value creation versus the ambiguous impact of AI coding tools was stark. Repeated demand: where does all this token spending actually show up in quarterly results?

Ferrari shares fall after launch of first EV as Jony Ive design proves divisive

Summary: Ferrari’s first electric vehicle, the Luce, features design by Jony Ive and launched to a share price decline. The styling has polarized opinion among Ferrari enthusiasts and automotive commentators, marking a high-stakes entry into the EV market for a brand whose identity is deeply tied to internal combustion heritage.

HN Discussion: The sky blue color choice drew particular criticism — commenters felt the underlying shape worked but the color should have been Ferrari’s signature red.

AI Startup Says It Will Pay People $2k a Month to Masturbate

Summary: Startup Joi AI is offering $2,000 per month to users willing to generate intimate data for training AI companionship products. The platform combines AI-generated avatars, voice interactions, and personalized chat experiences. The business model sits at the intersection of data collection, synthetic companionship, and the gig economy, paying people to produce sexual training data for commercial AI products.

HN Discussion: Commenters raised concerns about AI-generated NSFW content proliferation and blackmail scenarios using manipulated images. Several asked whether this represents peak AI hype. The enterprise was called deeply dystopian by those who argued AI cannot deliver genuine companionship or intimacy regardless of the data it trains on.

How do you build a semiconductor company on something that’s free?

Summary: A profile of aesc silicon, a startup attempting to build a semiconductor business on open-source principles modeled after Red Hat’s Linux strategy. Core chip IP is freely available while revenue comes from support, customization, and specialized services. Founder Daniel Schultz is bootstrapping the company, betting that a large user base drives faster design iteration and improvement — the same dynamic that propelled open-source software.

HN Discussion: Deep skepticism that the model translates to hardware: every tape-out failure costs massive physical time, unlike cheap software iteration cycles. Open-source EDA tools are stuck on legacy process nodes far behind state-of-the-art fabrication. Software monetization models don’t map cleanly to an industry where physical manufacturing constraints dominate economics.

System Administration

Other

What we lost when we stopped letting kids leave the front yard

Summary: Steve Magness presents striking data: 84% of 11-year-olds are not allowed to leave their street, and 53% cannot leave their front yard. For 14-year-olds, 92% cannot leave their neighborhood. In England, the share of primary-age children traveling home from school unaccompanied fell from 86% in 1971 to 25% by 2010. The author argues this contraction stems not from phones or real danger but from parental fear — a culture of safetyism that replaced exploration with surveillance.

HN Discussion: Gen X commenters recalled roaming miles from home with no cell phone, a stark contrast with modern parenting. One pointed out that kids turned to computers partly because coordinating in-person hangouts became bureaucratically difficult for both children and parents. Deep suburbs offer nowhere worth walking to — house after house with nothing in front yards — unlike European towns with kid-oriented public spaces. The biggest fear for children in the world isn’t abduction but car traffic in car-dependent neighborhoods.

Sweden becomes a smoke-free country

Summary: Sweden has officially declared itself smoke-free, defined as fewer than 5% of adults smoking. The milestone follows decades of progressive tobacco control, though Sweden’s strong snus (smokeless tobacco) culture has served as a substitute for cigarette use. Public health officials described it as an “incredible” achievement, though the definition of smoke-free has drawn scrutiny.

HN Discussion: Commenters characterized the announcement as masterful spin: Sweden defined smoke-free as under 5%, ignored widespread snus and Zyn use, and declared victory. Anecdotes about Swedish founders replacing Zyn pouches every five minutes during interviews circulated. The debate over whether 1 in 20 people smoking truly qualifies as smoke-free was sharpened by the quip that only 5% admit to smoking.

The Cost of Owning a Home

Summary: A detailed financial breakdown from a homeowner who bought in early 2011, challenging the common advice that renting is throwing money away. Loan settlement costs alone ran 3% of the home’s value. The rule of thumb — set aside 1–3% of home value annually for repairs — is widely ignored, causing properties to slowly degrade. The author presents actual numbers across 15 years of ownership showing that the hidden costs are substantial and often underestimated.

HN Discussion: Renting carries its own hidden costs: precarious tenure, unpredictable rent hikes, and the inability to make meaningful improvements. The psychological value of predictable mortgage payments and freedom to customize was cited as substantial and difficult to quantify. Repair costs follow a bursty pattern — years of calm followed by multiple major failures simultaneously — which lulls owners into a false sense of security before testing their finances.