Tonight’s selection spans Anthropic’s guardrails controversy, a trivial RCE in AMD’s updater, Xiaomi’s open-source coding assistant, and the growing disconnect between AI productivity claims and developer experience. From orbital data center thermodynamics to a first-person shooter written in COBOL, here are the stories that shaped the HN front page.

---

AI & Tech Policy

Anthropic apologizes for invisible Claude Fable guardrails

Summary: Anthropic issued an apology after revelations that Claude Fable silently modified user prompts in real time to detect and subvert suspected model distillation attempts. Cybersecurity researchers objected strongly, noting that invisible prompt rewriting undermines trust in the model’s responses and could compromise legitimate security research workflows. The guardrails operated without any indication to the user that their input had been altered.

HN Discussion: Commenters framed silent prompt rewriting as an information disclosure vulnerability and a dangerous precedent for AI products. Several argued that Anthropic should fail cleanly — refusing to answer — rather than deceiving users about what the model is actually processing. Comparisons to booby-trapping drew attention to the risk of punishing legitimate customers based on suspicion.

Ask HN: How do you get into a flow state when using AI to code?

Summary: A developer who previously prided themselves on sustained deep work asked how peers maintain flow state while using agentic coding tools. The prompt-wait-check loop inherent to agent-driven development disrupts the continuous concentration that traditional coding enables. Even faster models don’t fully resolve the problem, as their reduced capability demands more frequent correction cycles that break momentum further.

HN Discussion: Multiple commenters reported they simply cannot achieve flow with AI coding tools, with some calling the experience joyless and boring. One compared it to managing junior developers who never actually improve from the mentoring investment. A structured counterpoint emerged: build detailed plans with diagrams upfront, verify happy paths and clarify assumptions, then execute in focused sprints.

Build a Basic AI Agent from Scratch: Long Task Planning

Summary: This tutorial extends a basic AI agent with long-horizon task planning, addressing the tendency of LLMs to default to conversational back-and-forth rather than sustained autonomous execution. It covers goal decomposition, progress tracking, and maintaining focus across extended task spans — the infrastructure needed for an agent to work on multi-step goals without constant human intervention.

HN Discussion: Experienced builders pushed back, arguing that explicit planning scaffolding is now unnecessary since modern models can follow plans from plain text alone. One commenter humorously noted the author’s example of migrating from Eleventy to Hugo resulted in the post ending up on Medium rather than their own site. Defenders of the tutorial pointed out that simple runnable examples are the right scope for educational content.

Fable 5 lies 96% of the time

Summary: Kradle AI posted benchmark results claiming Anthropic’s Fable 5 lies 96% of the time, and the claim went viral with hundreds of thousands of views. The headline is misleading, however: the benchmark is specifically a deception game where models are instructed to lie as part of the rules. The metric measures instruction-following accuracy, not deceptive behavior.

HN Discussion: A commenter quickly identified that the benchmark instructs models to lie, making the 96% figure a measure of compliance rather than unfaithfulness. The discussion turned to how viral AI benchmark claims routinely strip essential methodological context, generating misleading narratives that spread faster than corrections.

---

Security & Privacy

The RCE that AMD wouldn’t fix

Summary: A security researcher discovered a trivial remote code execution vulnerability in AMD’s AutoUpdate software after being annoyed by a recurring popup console window. The updater fetches its XML manifest over HTTPS but downloads actual executables over plain HTTP with zero signature verification, meaning any network-level MITM attacker could substitute a malicious binary that AMD’s software would immediately execute. AMD initially dismissed the report as out of scope; the fix they eventually shipped uses CRC32 as its “signature verification.”

HN Discussion: Commenters were particularly entertained by CRC32 being offered as signature verification. DNS cache poisoning was raised as an alternative attack vector that doesn’t require a full MITM position. The discussion broadened into criticism of AMD’s long track record of producing subpar software to accompany its hardware.

Petition to Withdraw Canada’s Bill C-22

Summary: A petition on Canada’s Parliament website calls for the full withdrawal of Bill C-22, surveillance-focused legislation that critics argue would harm both the domestic tech industry and citizens’ privacy rights. The NDP appears to be the only major party mounting substantive opposition, while the Conservatives have signaled they want the bill split rather than withdrawn entirely.

HN Discussion: Commenters urged Canadian tech workers to contact their MPs directly, arguing there is not enough public noise about the bill given its potential consequences. Frustration centered on the lack of mainstream attention to legislation that could reshape digital privacy in Canada.

Pokémon Go Scans Trained the Navigation Tech for Military Drones

Summary: Originally reported by Dutch newspaper Trouw, the story reveals that Pokémon Go players performing AR scanning tasks for in-game rewards were unknowingly building Niantic’s visual positioning dataset. That dataset is now licensed as Vantor for military drone navigation. Niantic/Maxar reserves the right to use player-collected spatial data for defense contracts, raising questions about informed consent in gamified data collection.

HN Discussion: A commenter working in the geospatial space noted the headline overstates the case — the geographic overlap between Pokémon Go scan locations and active military drone theaters is minimal or zero. The discussion was framed as primarily ideological, about the civilian-to-military data pipeline and what consent means when data collection is gamified.

Show HN: Open-source API Key server written in Go by Ory

Summary: Ory released Talos, an open-source API key management server written in Go, designed for users, services, machine-to-machine authentication, and AI agents. It features token derivation for fine-grained capability tokens that mitigate common API key pitfalls like secret leakage. The project is Apache 2 licensed for independent deployments, with a commercial tier for scalable high-availability setups.

HN Discussion: Questions arose about support for ephemeral short-lived tokens that would let AI agents access third-party services like GitHub without risking upstream credential leaks in committed code. The Ory team engaged directly in the thread to discuss architecture decisions and upcoming features.

---

Geopolitics & War

Spoiling Linux Kernel with “sanctioned” code

Summary: A developer recounts having a legitimate bug fix for the Linux kernel’s OHCI USB 1.1 stack rejected because sanctions prevent accepting code contributions from their nationality. The fix addressed an artificial 1ms delay introduced in 2004 that broke timing-sensitive hardware like older printers. The author argues that the kernel’s sanctioned-contributor policy creates a situation where genuine fixes from certain nationals can never be merged, regardless of merit.

HN Discussion: Commenters discussed the broader security implications: sanctioned-country developers could submit either genuine fixes or subtly harmful patches, and the trust model that underpinned FOSS collaboration is fracturing along geopolitical lines. One commenter argued that the FOSS golden age was sustained by peacetime trust, and that national hard forks of Linux may become standard practice.

---

Tech Tools & Projects

MiMo Code is now released and open-source

Summary: Xiaomi released MiMo Code, an open-source terminal-native AI coding assistant built as a fork of OpenCode. It adds persistent memory, subagent orchestration, goal-driven autonomous loops, and a self-improvement mechanism via dream/distill cycles. The tool can read and write code, run commands, manage Git, and maintain project understanding across sessions using Xiaomi’s MiMo model, which benchmarks competitively near Sonnet 4.6 level.

HN Discussion: Commenters appreciated the frictionless onboarding — no account or +86 phone number required, which is unusual for Chinese tech products. Discussion of Xiaomi’s MiMo model being underrated, with strong benchmark performance and aggressive pricing. The OpenCode fork foundation drew comparisons to similar tooling in the coding assistant space.

FPS.cob: A first person shooter in COBOL

Summary: A developer built a functional first-person shooter entirely in COBOL, hosted as a single-commit GitHub repository. The project implements raycasting-style 3D gameplay using surprisingly readable COBOL source. The README describes it as “what you get when you decide game development is too easy nowadays.”

HN Discussion: Commenters who compiled and ran it confirmed the game plays, though clunkily, and shared gameplay video. Praise focused on COBOL’s readability — one commenter found the codebase refreshing compared to the “syntax soup” of modern languages. A suggestion to compile it to WASM for browser-based play gained traction.

Software Is Made Between Commits

Summary: Zed editor founder Nathan Sobo introduces DeltaDB, a system that records every edit operation — not just committed snapshots — as the primary artifact of software development. The thesis is that the most important design conversations happen while code is being written, not after it’s pushed to a pull request. Sobo argues this becomes even more critical for human-agent collaboration, where the conversation generating code is the true source.

HN Discussion: Early discussion was sparse but philosophically engaged, with one commenter drawing the analogy that “music is the silence between notes.” The post revisits the longstanding tension between PR-based asynchronous code review and real-time collaborative editing models.

SVG-Line: Better Status Bars for Emacs

Summary: svg-line renders all four Emacs status bars — mode-line, header-line, tab-bar, and tab-line — as SVG images, solving inconsistent layout, alignment, icon, and interactivity limitations across them. Built on Emacs’s native SVG support with a small rendering engine, it normalizes a rich feature set across all bars through a single configuration function.

HN Discussion: Commenters praised the concept and highlighted the author’s broader blog covering Emacs UI patterns and the VOMPECCC configuration stack (Vertico, Orderless, Marginalia, Prescient, Embark, Consult, Corfu, Cape). The approach was seen as a clever workaround for Emacs’s inconsistent *-line APIs.

A new era for software testing

Summary: Redis creator antirez argues that while AI-generated code may not match hand-written structural quality, LLMs open a strictly more powerful paradigm for software QA without quality compromise. He introduces “scenario testing,” where LLMs simulate real user workflows at a level above traditional unit or integration tests. This approach is more durable because user-facing behavior changes far less frequently than internal implementation details.

HN Discussion: Commenters saw scenario testing as a potential game changer that avoids the maintenance burden of tests tightly coupled to internal logic. A cautious counterpoint emerged: LLM-based testing should supplement rather than replace deterministic test suites, since non-determinism in test results undermines confidence in CI pipelines.

---

Web & Infrastructure

Nextcloud Hub 26 Spring: Built together, designed for the future

Summary: Nextcloud released Hub 26 Spring, updating its self-hosted collaboration platform across files, chat, office, calendar, and its on-premise AI assistant. The release continues Nextcloud’s privacy-first positioning with expanded feature coverage. Hub 26 corresponds to Nextcloud server version 34, following the project’s confusing dual-versioning scheme.

HN Discussion: The version numbering drew immediate complaints — Hub 26 is Nextcloud 34, following Hub 9. Self-hosting veterans praised it as essential infrastructure alongside Home Assistant, but criticized the platform for being heavier and slower than necessary. Specific complaints targeted broken offline support in Notes and poor iOS app quality.

MapComplete: Maps about various topics which you can contribute to

Summary: MapComplete is a thematic map viewer and editor for OpenStreetMap that lowers the barrier to casual contributions. It offers topic-specific map views — toilets, benches, ATMs, drinking fountains — with simplified editing workflows that present focused questions about points of interest, avoiding the complexity of the default OSM iD editor or JOSM.

HN Discussion: Praised as one of the best recent additions to the OSM ecosystem for onboarding non-technical contributors. Users reported making their first OSM edits within seconds of opening the site. Practical use cases included locating public toilets during long city walks and quickly adding missing amenities to the map.

Ask HN: Favorite text heavy blogs that are a joy to read?

Summary: A developer redesigning their personal tech blog after ten years asked for examples of well-designed, text-heavy blogs with good typography. Searching for design inspiration returns marketing listicles about commercial sites rather than prose-focused personal blogs. They were looking for examples with good fonts, well-formatted code snippets, responsive images, and thoughtful navigation choices.

HN Discussion: LessWrong was recommended for its dual sidebar layout — heading-based TOC on the left, margin notes on the right. Julia Evans’ blog drew praise for comfortable paragraph width and clean typography. Maxime Heckel was noted for interactive code snippets. Several personal sites with distinctive aesthetics were shared, including a curated collection at mnmm.xyz.

---

History & Science

Solar generates more energy in US than coal for first time

Summary: US solar power generation has surpassed coal for the first time, marking a historic energy transition milestone. The crossover reflects both solar’s rapid growth and the steady conversion of coal plants to natural gas over the past two decades. Context matters: solar produced 388.82 TWh in 2025, while natural gas still dominates at 1,807.34 TWh — nearly five times solar’s output.

HN Discussion: Commenters contextualized the milestone as partly driven by coal’s decline rather than purely solar’s ascent. Data showing gas remains the dominant generation source tempered the celebration. A brief “Oil next” sentiment captured longer-term expectations for the energy transition.

Global population movements from 1990 to 2023

Summary: Nature published the most detailed global migration maps covering 1990–2023, revealing that annual migration surged from 13 million people in 2000 to approximately 35 million in 2023. AI modeling tools filled gaps in migration data to produce unprecedented granularity in population movement tracking. An interactive explorer allows drilling into bilateral migration flows between any two countries.

HN Discussion: Commenters were surprised that MENA is a net positive migration destination, contrary to common narratives focused on outward flows to Europe. One commenter flagged a conflicting earlier Nature headline claiming “Migration isn’t increasing.” Interest in 2025 data was high, to capture how recent political shifts have affected North American migration patterns.

Web Browsers on Video Game Consoles

Summary: An 8,000-word deep dive traces the history of official web browsers on game consoles from the Philips CD-i through modern systems. The piece documents how console browsers evolved from cheap web gateways for casual users into integrated system components, covering unusual interaction methods like the Dreamcast’s light-gun link clicking and the Wii’s Opera-powered Wiimote navigation.

HN Discussion: Nostalgia centered on the Wii’s Opera browser, which supported native Wiimote input through JavaScript libraries. The Dreamcast Dreamkey’s light-gun browsing drew particular fascination, with commenters calling for its interaction paradigm to be revived. The PS5’s increasingly locked-down hidden browser was contrasted as a step backward from earlier consoles’ openness.

Omniglot: The Online Encyclopedia of Writing Systems and Languages

Summary: Omniglot, online since 1998, is a comprehensive encyclopedia covering writing systems and languages worldwide. It catalogs alphabets, abjads, abugidas, syllabaries, semanto-phonetic scripts, undeciphered scripts, and hundreds of constructed scripts — both natural and fictional. Each entry includes sample sentences, language profiles, useful phrases, numbers, idioms, and proverbs.

HN Discussion: Shared as a go-to reference for combating misinformation about writing systems. Commenters praised its thoroughness and longevity — nearly three decades of continuous maintenance — with sample sentences for each script making it both a research tool and a browsing rabbit hole.

---

Academic & Research

Open Reproduction of DeepSeek-R1

Summary: Hugging Face’s Open-R1 project is a fully open reproduction of DeepSeek-R1, aiming to replicate the reasoning model’s training pipeline. Key releases include Mixture-of-Thoughts, a curated dataset of 350,000 verified reasoning traces distilled from R1 covering mathematics, coding, and science, plus OpenR1-Distill-7B which replicates smaller DeepSeek model capabilities.

HN Discussion: Commenters noted the project hasn’t been updated in over a year, flagging it as dated in a fast-moving field. Alternatives recommended included Allen AI’s OLMo, NVIDIA’s Nemotron, and OpenThoughts for more current fully open training pipelines. Discussion highlighted the distinction between distillation-based reproduction and truly open training from scratch.

Thermodynamics rules future orbital data centers

Summary: IEEE Spectrum examines the thermodynamic challenges of orbital data centers, where heat dissipation is fundamentally harder than on Earth because the only cooling mechanism is radiative — no convection is possible in vacuum. This makes thermal management a first-order design constraint that shapes the engineering viability of space-based computing infrastructure, independent of launch cost economics.

HN Discussion: An economics calculator was shared showing orbital data centers cost 2–3x terrestrial equivalents even under optimistic assumptions. Skepticism focused on scaling: Musk’s vision of 10,000 launches per year would create significant atmospheric pollution. One commenter compared space data centers to abandoned space manufacturing promises from the ISS era, arguing capital equipment remains too heavy for the economics to close.

---

Business & Industry

Lines of code got a better publicist

Summary: David Curlewis argues that AI vendors’ headline metrics — Google’s “75% of new code is AI-generated,” Anthropic’s “80% of merged production code is written by Claude,” Cursor’s “100M+ lines of enterprise code per day” — are lines-of-code vanity stats rebranded. The industry spent two decades learning that LoC is a terrible productivity metric, yet now celebrates AI adoption using exactly the same flawed measure. None of the cited claims address what shipped, what it did for customers, or whether the code is maintainable.

HN Discussion: Microsoft’s reported goal of “1 million LoC per engineer per month” was held up as the apex of volume-based absurdity. Broad agreement that companies use AI productivity claims to justify post-COVID headcount corrections while looking good to investors. The core objection: the reasons LoC was rejected haven’t changed — code output is not value delivery.

Introducing Waymo Premier, an elevated rider experience

Summary: Waymo launched Premier, a $29.99/month invite-only membership for frequent autonomous ride-hailing users in San Francisco, Los Angeles, and Phoenix. Members get priority pickups, 10% Waymo Cash back on every trip (more during surge), early access to new city launches, and five free cancellations per month. The program targets daily commuters who rely on Waymo as their primary transportation.

HN Discussion: Some commenters wanted short-term vehicle rental features — the ability to leave shopping or child seats in the car between stops. A philosophical thread questioned what society loses when people never experience even mildly uncomfortable social interactions like talking to a driver. The broader tradeoff between convenience and social connection drew mixed reactions.

Doing nothing at work

Summary: Sean Goedecke argues engineers should target 80% utilization by default, spending 20% of the workday away from the computer unless a high-pressure project demands more. His thesis: software impact is dominated by outlier events — a trivially small fix at exactly the right moment can generate tens of millions in value. Examples include last-minute features that close enterprise deals, early incident mitigation, and finding high-leverage infrastructure optimizations that no one had time to look for.

HN Discussion: Agreement that constant busyness degrades design quality — rushing code rarely produces the best architecture. The practical challenge is political: managers with overseer mentalities interpret relaxed engineers as idle. Remote work was praised as the best mechanism for maintaining utilization reserves without the visibility pressure of open offices.

OpenAI mulls slashing prices as it competes with Anthropic for users

Summary: CNBC and the Wall Street Journal report that OpenAI is considering price cuts as Anthropic’s Fable and Mythos models compete aggressively for developer mindshare. The timing of the discussions suggests OpenAI may not have an imminent model release that outperforms Anthropic’s current lineup. Price competition between frontier labs is intensifying as benchmark leadership oscillates with each release cycle.

HN Discussion: Users compared the value propositions: OpenAI’s Codex offers generous limits on the Pro plan, while Claude Code users report hitting token ceilings every few hours. Speculation emerged that OpenAI’s prepaid API tokens offer better economics than subscription tiers for power users. Enterprise dynamics differ — Microsoft customers may stick with OpenAI due to zero-data-retention requirements.

Workers are spending over 6 hours a week botsitting AI, fueling job frustration

Summary: Business Insider reports that workers now spend over six hours weekly supervising AI outputs — a practice dubbed “botsitting” — contributing to growing job dissatisfaction. Customer service employees who previously enjoyed building relationships with people are being redirected to oversee AI agents performing the human interaction instead. The article highlights the disconnect between headline productivity gains and the erosion of meaningful work.

HN Discussion: Several developers considered six hours low, with one reporting more time in Claude Code than any other application. Concern focused on automating the enjoyable parts of jobs and leaving only tedious supervision tasks. A parallel was drawn to how library management replaced the craft of building custom tooling, shifting developer identity from creation to curation.

---

System Administration

Queues Don’t Fix Overload (2014)

Summary: Fred Hébert’s classic 2014 essay argues that adding queues to handle system overload merely delays failure rather than preventing it. Using a bathroom sink analogy — when output capacity is fixed and input exceeds it, a bigger basin just means more water on the floor eventually — he advocates for backpressure, load shedding, and rate limiting as the correct responses to sustained overload, rather than ever-larger buffers.

HN Discussion: A commenter drew parallels to manufacturing buffers between stations, which handle rhythm differences but cannot absorb sustained overload. Harchol-Balter’s Performance Modeling and Design of Computer Systems was recommended as deeper reading. Debate surfaced over whether rejecting requests outright is meaningfully better than queuing them when the system is already saturated.

---

Other

Car headlights don’t have to be this blinding

Summary: The Atlantic reports on the proliferation of excessively bright LED headlights on American roads, making night driving increasingly unpleasant and dangerous. Adaptive beam technology that shapes light patterns around oncoming traffic exists and is deployed in Europe, but regulatory inertia has stalled widespread US adoption. SUVs and trucks with higher-mounted headlight assemblies amplify the glare problem for drivers in smaller vehicles, pedestrians, and cyclists.

HN Discussion: Commenters blamed regulation that equates brightness with safety, without requiring real-world glare testing. NHTSA’s Blindzone Glare Elimination Method was shared as a practical technique for reducing mirror glare. Pedestrians reported being blinded even from blocks away, underscoring that the problem extends beyond driver-to-driver interactions.