HN Morning Brief - March 7, 2026

Welcome to your daily Hacker News briefing for March 7, 2026. Today’s top stories feature major security research, critical performance insights, thought-provoking essays on technology’s unintended consequences, and practical tools for developers and system administrators.

AI & Tech Policy

Your LLM Doesn’t Write Correct Code. It Writes Plausible Code

This article presents a cautionary case study of an LLM-generated Rust rewrite of SQLite that is 20,171 times slower on basic operations like primary key lookups. The reimplementation, at 576,000 lines of code, compiles and passes tests but contains two critical bugs: it fails to recognize INTEGER PRIMARY KEY columns as rowid references (causing full table scans instead of O(log n) B-tree seeks), and uses sync_all instead of fdatasync for autocommit operations (78x overhead from 100 fsyncs vs one). These bugs compound with numerous “safe” design choices like cloning ASTs on cache hits, 4KB heap allocations per page read, and schema reloads on every autocommit. The author argues that LLMs optimize for plausibility over correctness and work best when users define clear acceptance criteria before code generation.

Key Discussion Points:

  • Multiple commenters share similar experiences with LLM-generated code that looks correct but fails under load or edge cases
  • Discussion focuses on the importance of human review and testing, especially for performance-critical code
  • Some note that the issue isn’t LLM-specific but applies to any automated code generation without proper validation

Hardening Firefox with Anthropic’s Red Team

Anthropic has published details of a collaboration with Mozilla where Claude Opus 4.6 discovered 22 vulnerabilities in Firefox over two weeks, with 14 classified as high-severity—almost one-fifth of all high-severity Firefox vulnerabilities remediated in 2025. The collaboration began by testing whether Claude could reproduce historical CVEs in older Firefox versions, then expanded to finding novel vulnerabilities in the current codebase. Within twenty minutes, Claude reported a Use After Free vulnerability in the JavaScript engine, ultimately submitting 112 unique reports after scanning nearly 6,000 C++ files. Most issues have been fixed in Firefox 148. Anthropic also tested whether Claude could develop working exploits, succeeding in only 2 out of hundreds of attempts—showing the model is much better at finding bugs than exploiting them, though even limited exploit development capability is concerning.

Key Discussion Points:

  • Security practitioners discuss using LLMs for security auditing, noting they’re particularly good at finding “local” bugs with obvious unsafe patterns
  • Commenters debate the cost-benefit of LLM security audits (~$3 worth of tokens) compared to manual review
  • Several share experiences of running LLM audits on their own projects, finding both genuine issues and false positives

A tool that removes censorship from open-weight LLMs

This Hugging Face Space offers a tool that removes censorship and safety filters from open-weight LLMs, allowing users to run models without content restrictions. The tool works by modifying model outputs to bypass standard safety guardrails while maintaining the model’s core capabilities. The creator argues that censorship in AI models infringes on user autonomy and that open-weight models should be freely usable without imposed moral constraints.

Key Discussion Points:

  • Heated debate about the ethics of removing safety filters from AI models
  • Some commenters argue for user freedom to control open-weight models they run locally
  • Others express concern about potential for misuse and harm without guardrails

Security & Privacy

The shady world of IP leasing

This investigative piece exposes the IPv4 address leasing market, where speculators and holding companies hoard massive blocks of IPv4 space and sub-lease them to anyone willing to pay. While Regional Internet Registries (RIRs) claim IPv4 exhaustion, addresses haven’t disappeared—they’ve been turned into digital real estate. IP leasing companies bypass RIR accountability systems, allowing customers to choose arbitrary geolocations, white-label address space so their name never appears in public records, and rent “residential” IPs that make traffic appear to come from someone’s house. The article identifies major providers including LogicWeb, IPXO, INIZ, and IPFoxi, supplying address space to VPN providers like NordVPN, ExpressVPN, and others. The ecosystem includes services for delisting IPs from spam blacklists and reputation laundering, undermining WHOIS, IRR databases, and routing policy that provide internet trust infrastructure.

Key Discussion Points:

  • Security researchers discuss how IP leasing enables abuse by providing anonymous, untraceable address space
  • Commenters debate whether this is a legitimate business practice or a threat to internet security
  • Some note the difficulty of regulating due to the gray-area legal status

Tell HN: I’m 60 years old

A 60-year-old programmer shares their perspective on age in the tech industry, noting they still actively code and contribute to open source projects. They discuss the advantages of experience, including deeper understanding of systems, better debugging skills, and ability to mentor younger developers. The post also addresses ageism in tech and how they’ve navigated it over their career.

Key Discussion Points:

  • Older developers share experiences and advice for navigating ageism in the industry
  • Discussion on the value of institutional knowledge and experience in tech teams
  • Some younger commenters express appreciation for mentorship from more experienced developers

Maybe there’s a pattern here?

This thought-provoking essay explores historical patterns of inventors who believed their technologies would prevent war, only to see them used for destruction. It traces examples from Richard Gatling’s machine gun (invented to reduce armies and battlefield exposure), to Hermann Oberth’s rocket society (whose members developed V-2 rockets for Nazi Germany), to Alfred Nobel’s dynamite (which he hoped would make war so destructive it would become impossible). The article examines the gap between inventors’ intentions and the reality of how their technologies are deployed, questioning whether this represents a fundamental pattern in technological development or a series of coincidences.

Key Discussion Points:

  • Commenters discuss the moral responsibility of inventors for how their creations are used
  • Debate about whether understanding potential military applications is part of responsible invention
  • Some note that dual-use technologies are nearly impossible to restrict

Tech Tools & Projects

Helix: A post-modern text editor

Helix is a terminal-based text editor built in Rust that describes itself as “post-modern”—if Neovim is the modern Vim. It features multiple selections as a core editing primitive inspired by Kakoune, tree-sitter integration for robust syntax highlighting and code navigation, and full language server protocol support. The editor includes modern built-in features like fuzzy finding, project-wide search, beautiful themes, auto-closing bracket pairs, and surround integration. Helix aims to provide a smaller codebase and modern defaults compared to Vim, with easier onboarding for new users. The project has plans for future GUI frontend using WebGPU.

Key Discussion Points:

  • Users praise Helix’s multiple selection model as powerful and intuitive once learned
  • Discussion comparing Helix to Kakoune, Neovim, and traditional Vim
  • Some commenters mention they’ve switched from other editors and are happy with the experience

Show HN: Moongate - Modern Ultima Online server

Moongate v2 is a modern Ultima Online server built from scratch in C# with .NET 10 and AOT compilation for high performance. The project targets a clean, modular architecture with strong packet tooling, deterministic game-loop processing, and practical test coverage. It features TCP server startup, packet framing/parsing, an inbound message bus for network-to-game-loop crossing, Lua scripting runtime, snapshot+journal persistence, and spatial region resolution using sector-based world streaming. The project actively seeks contributors for technical and code reviews. Data credits for world decoration and location datasets go to ModernUO’s Distribution data pack.

Key Discussion Points:

  • Commenters discuss the technical challenges of implementing MMORPG servers from scratch
  • Some share nostalgia for Ultima Online and similar classic MMORPGs
  • Debate about the benefits of rewriting vs. forking existing server implementations

Show HN: Kula - Lightweight Linux server monitoring

Kula is a self-contained Linux server monitoring tool that requires zero dependencies and external databases. It collects system metrics every second by reading directly from /proc and /sys, stores data in a built-in tiered ring-buffer storage engine (250MB for 1-second samples, 150MB for 1-minute aggregates, 50MB for 5-minute aggregates), and serves metrics through a real-time Web UI dashboard and terminal TUI. Collected metrics include CPU, load, memory, swap, network, disks, system uptime, processes, and Kula’s own resource usage. The HTTP server exposes REST API and WebSocket endpoints, with optional Argon2id authentication. The frontend is a single-page application embedded in the binary, built on Chart.js with interactive zoom, focus mode, and gap detection.

Key Discussion Points:

  • System administrators compare Kula to other monitoring tools like Prometheus/Grafana and Netdata
  • Discussion on the trade-offs between self-contained tools and full monitoring stacks
  • Some note the benefit of predictable, bounded disk usage from ring-buffer storage

Show HN: Yare - coding game

Yare is a programming game that challenges players to write code to control units and compete against other players’ algorithms. The game provides a simple API for controlling units, managing resources, and implementing strategies. Players can test their code against AI opponents and then compete in multiplayer matches where their code executes in real-time battles.

Key Discussion Points:

  • Discussion about the educational value of programming games for teaching algorithmic thinking
  • Some compare Yare to similar games like Robocode and Battlesnake
  • Commenters share strategies and techniques for competitive programming games

Web & Infrastructure

Plasma Bigscreen

Plasma Bigscreen is a free, open-source TV interface for Linux designed for TVs, HTPCs, and set-top boxes. It provides TV-friendly settings accessible via remote or game controller, support for running favorite Linux apps like Steam, Kodi, Jellyfin, and YouTube, and is built on a modern stack including Wayland, PipeWire, KDE Plasma, KDE Frameworks, Flatpak, and NetworkManager. The project aims to create an open platform that respects and protects user privacy in contrast to walled gardens from major TV manufacturers. A home overlay provides quick access to search, settings, homescreen, and app switching from anywhere. Plasma Bigscreen is developed by KDE community volunteers and welcomes contributions.

Key Discussion Points:

  • Commenters compare Plasma Bigscreen to other media center solutions like Kodi and LibreELEC
  • Discussion on the challenges of Linux support on TV hardware due to DRM and driver issues
  • Some note the project has been around for a while with sporadic development activity

Querying 3 billion vectors

This article documents an exploration of techniques for querying 3 billion vector embeddings for similarity search. Starting with a naive Python implementation that took 2 seconds for 3,000 vectors, the author progressively optimized using vectorization, float32 conversion, and numpy operations, reaching 0.0045 seconds for the same workload. However, scaling to 3 billion vectors revealed a memory problem: processing would require 8.6 TB of RAM for float32 vectors. The article discusses potential solutions including using generators, batching, memory mapping, rewriting in Rust or C, or using optimized libraries like SimSIMD. It also notes ambiguity in the problem specification regarding whether results need full comparison or just top-k ranking.

Key Discussion Points:

  • Data engineers discuss scaling vector databases and approximate nearest neighbor search
  • Some mention tools like FAISS, Weaviate, and Qdrant for billion-scale vector search
  • Discussion on the trade-offs between exact search and approximate search at scale

What canceled my Go context?

This article explains the new context cause-tracking functions in Go 1.20 and 1.21 that help debug context cancellation. Previously, context canceled and context deadline exceeded errors provided no information about why cancellation occurred, making debugging difficult in nested timeout scenarios. Go 1.20 introduced context.WithCancelCause and context.Cause, while Go 1.21 added WithTimeoutCause to attach custom errors to timeouts. However, the author identifies a subtle bug: WithTimeoutCause returns a regular CancelFunc (not CancelCauseFunc), so defer cancel() silently discards any cause set by WithTimeoutCause. The solution is to call cancel() explicitly only on error paths, avoiding defer for timeout-cause contexts.

Key Discussion Points:

  • Go developers share experiences debugging context cancellation in production
  • Discussion on the importance of understanding defer’s interaction with custom cancel functions
  • Some note that this is a common pitfall that should be better documented

Modernizing swapping

This LWN article discusses ongoing efforts to modernize Linux’s memory swapping subsystem. The current swap implementation has limitations including poor performance on modern hardware, lack of support for swap in compressed memory, and inefficient handling of large swap spaces. The article covers proposals for swap-over-network, swap file improvements, and better integration with zswap and zram. There’s discussion about balancing swap design for both desktop and server workloads, considering that servers may have minimal swap needs while desktops benefit more from swap-as-extension-of-RAM behavior.

Key Discussion Points:

  • Kernel developers discuss trade-offs in swap implementation for different use cases
  • Some argue servers should minimize swap while others note benefits for specific workloads
  • Discussion on the complexity of the swap subsystem and historical design decisions

History & Science

Galileo’s handwritten notes found

Researchers have discovered Galileo Galilei’s handwritten notes in an ancient astronomy text in the University of Manchester’s special collections. The notes, written in Latin, document Galileo’s observations of Jupiter’s moons and provide insight into his working methods and thought processes. The discovery sheds new light on how Galileo conducted his astronomical observations and developed his theories supporting heliocentrism. The notes are believed to be from the early 17th century, around the time Galileo was making his telescopic observations that would revolutionize astronomy.

Key Discussion Points:

  • Historians discuss the significance of finding primary sources from major scientific figures
  • Some note how discoveries like this can change our understanding of historical scientific methods
  • Discussion on the importance of preserving and digitizing historical documents

Entomologists use particle accelerator to image ants

Scientists have used a particle accelerator to create detailed 3D images of ant anatomy at microscopic scale. The technique, called X-ray microtomography, allows researchers to visualize internal structures without destructive dissection. The images reveal details about ant morphology that help explain their evolutionary adaptations and ecological specializations. The non-destructive nature of the technique allows imaging of rare and valuable specimens that couldn’t be dissected.

Key Discussion Points:

  • Biologists discuss the value of advanced imaging techniques in entomology
  • Some note how technology from particle physics enables discoveries in other fields
  • Discussion on the balance between traditional dissection and modern imaging methods

A Modular Robot Dashboard

This project presents a modular dashboard system for controlling and monitoring robots. The dashboard supports a plugin architecture where different robot-specific modules can be added, providing customized interfaces for different robot types. Features include real-time telemetry visualization, command control interfaces, log viewing, and alert management. The system is designed to be extensible, allowing researchers and engineers to add support for new robot platforms by developing new modules.

Key Discussion Points:

  • Robotics engineers discuss challenges in creating unified interfaces for diverse robot platforms
  • Some compare the approach to ROS (Robot Operating System) and other frameworks
  • Discussion on the benefits of modularity in robotics software systems

Academic & Research

Tech employment worse than 2008/2020

This tweet highlights that tech sector employment conditions are currently worse than during the 2008 financial crisis and 2020 pandemic. The post references recent layoffs, hiring freezes, and reduced opportunities across the industry. The author notes that while overall unemployment may not be at crisis levels, the tech sector specifically is experiencing significant contraction not seen in previous downturns.

Key Discussion Points:

  • Tech workers share experiences of job hunting in the current market
  • Some debate whether tech is actually worse or just more visible due to social media
  • Discussion on the cyclical nature of tech hiring and potential for recovery

Can a wealthy family change the course of a deadly brain disease?

This STAT article profiles a wealthy family’s efforts to fund research into a rare and deadly brain disease affecting multiple family members. Their significant financial investment has accelerated research, leading to new insights and potential treatments that might not have been pursued through traditional funding mechanisms. The story raises questions about the role of private philanthropy in medical research and whether disease research should depend on families’ ability to fund it.

Key Discussion Points:

  • Discussion on the ethics of medical research funding and equitable distribution of resources
  • Some note that rare disease research often relies on affected families’ advocacy and funding
  • Debate about whether this model is sustainable or if systemic funding reform is needed

Business & Industry

this css proves me human

This creative essay describes the author’s attempt to modify their writing style to avoid being detected as AI-generated. Using CSS text-transform: lowercase, custom font editing to replace em dashes with hyphens, and intentional misspellings based on word frequency analysis, the author struggles with losing their authentic writing voice. The piece explores identity, authenticity, and the tension between adapting to technological constraints and preserving one’s genuine style. Ultimately, the author decides not to proceed with the changes, choosing to maintain their writing identity.

Key Discussion Points:

  • Writers discuss the impact of AI detection tools on creative expression
  • Some note the irony that trying to appear “more human” makes writing less authentic
  • Discussion on whether AI-generated text should be disclosed and how to maintain human voice

Launch HN: Palus Finance

Palus Finance is launching a new financial platform that aims to provide simplified access to DeFi and traditional financial services. The platform offers features including portfolio tracking, yield farming opportunities, and integrated fiat on-ramps. The founders emphasize user experience and security, aiming to make complex financial tools accessible to everyday users while maintaining the benefits of decentralized finance.

Key Discussion Points:

  • Discussion on the challenges of making DeFi accessible to non-technical users
  • Some question the security model and regulatory compliance of the platform
  • Comparison to existing platforms like Coinbase, Uniswap, and traditional brokerage services

System Administration

C# strings kill SQL Server indexes

This article reveals a silent performance killer in .NET applications using Dapper with SQL Server: C# strings default to nvarchar(4000), causing implicit conversion on varchar columns. When querying a varchar column with a string parameter, SQL Server must convert every value in the column to nvarchar before comparison, forcing full index scans instead of seeks. The author describes a production issue where a simple query was responsible for significant CPU consumption due to this type mismatch. The fix is simple: use DbType.AnsiString or DbString with IsAnsi=true to send varchar parameters instead of nvarchar. The difference is dramatic: index scans become seeks, logical reads drop from tens of thousands to single digits, and CPU per execution drops from milliseconds to microseconds.

Key Discussion Points:

  • Multiple .NET developers report discovering this issue in their own codebases after reading the article
  • Discussion on why ADO.NET’s default (safe unicode string) causes performance problems
  • Some debate whether Dapper should handle this automatically or if explicit parameter typing is correct

A Modular Robot Dashboard

(See History & Science section)

Editing changes with Jujutsu

This article argues that Jujutsu (jj), a new version control system, offers significant improvements over Git. Jujutsu provides automatic conflict resolution, better handling of merge conflicts, and a more intuitive model of changes. The author demonstrates how Jujutsu simplifies common workflows like rebasing, cherry-picking, and managing multiple work-in-progress commits. The system uses a storage model that makes operations reversible and provides better tooling for inspecting changes.

Key Discussion Points:

  • Git users discuss whether they would switch to Jujutsu given Git’s ubiquity
  • Some note that Jujutsu’s features address long-standing Git pain points
  • Debate about the network effects of version control systems and barriers to adoption

Why New Zealand is seeing an exodus of over-30s

This article examines the trend of skilled workers over age 30 leaving New Zealand for opportunities abroad. Factors contributing to the exodus include high cost of living, housing affordability crisis, limited career advancement opportunities in a small market, and attractive offers from countries actively recruiting skilled workers. The piece includes perspectives from people who have left or are considering leaving, discussing the trade-offs of living in New Zealand versus pursuing opportunities elsewhere.

Key Discussion Points:

  • New Zealand residents share their experiences with the local job market and cost of living
  • Some debate whether the exodus is temporary or represents a long-term brain drain
  • Discussion on government policies that might encourage skilled workers to stay or return

Geopolitics & War

AI Error May Have Contributed to Girl’s School Bombing in Iran

This Reuters report explores allegations that an AI system may have made an error contributing to a bombing at a girls’ school in Iran. While details remain uncertain, the incident raises concerns about the use of AI in military and security applications where errors can have deadly consequences. The article discusses the difficulty of attributing responsibility when AI systems make incorrect decisions in high-stakes environments and the need for accountability and oversight in autonomous or semi-autonomous weapons systems.

Key Discussion Points:

  • Discussion on the ethics of using AI in military decision-making
  • Some argue that AI systems should never be used in life-or-death situations
  • Others note that many military systems already rely on automation and AI is a continuation of this trend

Launch HN: Palus Finance

(See Business & Industry section)

Launch HN: Palus Finance

(See Business & Industry section)

Other

proposal: crypto/uuid: add API to generate and parse UUID

This GitHub issue proposes adding a UUID generation and parsing package to Go’s standard library. The proposal notes that github.com/google/uuid is a staple import in nearly every server/database-based Go program, and that most other major languages (C#, Java, JavaScript, Python, Ruby) include UUID support in their standard libraries. The suggestion includes support for UUID versions 3, 4, and 5, covering name-based (MD5 and SHA-1) and random UUIDs. The issue has generated significant community discussion about whether this functionality belongs in the standard library versus the ecosystem.

Key Discussion Points:

  • Go developers debate the criteria for including packages in the standard library
  • Some argue that UUID is fundamental enough to deserve inclusion, others note the quality of third-party options
  • Discussion on whether the standard library should grow or stay minimal

The Longing (1999)

This retrospective looks back at The Longing, a unique 1999 adventure game that broke genre conventions. The game’s protagonist, a lonely shade in an underground kingdom, waits 400 real-time days for their king to awaken. Players can spend the real-time waiting period doing slow activities like reading books, drawing, and exploring, or simply leave the game running. The game addressed themes of loneliness, patience, and the passage of time in a way no other game had attempted. It remains a cult classic praised for its artistic ambition and philosophical depth.

Key Discussion Points:

  • Gamers discuss whether such an extreme real-time mechanic could work in today’s market
  • Some share memories of playing the game and the unique experience it provided
  • Discussion on how game design has evolved since 1999 and what we’ve lost and gained

CT Scans of Health Wearables

This Lumafield article provides fascinating CT scan images of various health and fitness wearables, including smartwatches and fitness trackers. The scans reveal the internal engineering of these devices, showing battery placement, sensor arrangements, and waterproofing mechanisms. The article discusses the impressive miniaturization required to pack sensors, batteries, processors, and wireless connectivity into wrist-sized devices. It also touches on the evolution of wearable technology and how design constraints have shaped engineering solutions.

Key Discussion Points:

  • Engineers discuss the trade-offs in wearable device design (size vs. battery life vs. features)
  • Some note the progress in wearable tech over the past decade
  • Discussion on repairability and the challenges of fixing or upgrading sealed devices

That’s it for today’s HN Morning Brief! Join us this evening for another roundup of the day’s top stories.

If you found this brief useful, consider sharing it with friends who follow tech news. Got feedback or suggestions? I’d love to hear from you.

Previous briefs: March 6 Morning | March 6 Evening