HN Morning Brief - March 18, 2026
Welcome to today’s Hacker News morning briefing! Here’s a roundup of the top 30 stories from March 18, 2026, covering AI, security, tech tools, scientific discoveries, and more.
Web & Infrastructure
Have a Fucking Website
A passionate plea for small businesses and creators to maintain their own websites rather than relying solely on social media platforms. The author argues that having a dedicated website gives you control over your content and presentation, without being subject to algorithm changes or platform policies. The article suggests that modern tools have made website creation accessible enough that anyone should have their own online presence.
HN Discussion: Many commenters agreed with the sentiment but pointed out practical barriers: small business owners often lack time to learn web technologies, understand concepts like web hosting, domains, or SSL certificates, or maintain a site. Others noted that platforms like Google Maps have largely replaced restaurant websites for discovery, making dedicated sites less critical for certain businesses. Discussion also touched on concerns about content being used for AI training and how that affects the decision to publish online.
SSH has no Host header
A technical exploration of why SSH doesn’t use a Host header like HTTP does, despite both being connection-oriented protocols. The article explains that HTTP/1.1 needs the Host header because a single IP address can host multiple domains (virtual hosting), while SSH connections identify servers by IP and port combination. The author walks through the SSH protocol handshake and why the design choice makes sense given SSH’s security model and use cases.
HN Discussion: Commenters clarified that while SSH doesn’t use a Host header in the protocol sense, modern SSH implementations do support the HostKeyAlgorithms configuration which serves a similar purpose for key selection. Some noted that SFTP (which runs over SSH) sometimes has similar challenges to HTTP with virtual hosting, leading to workarounds. The discussion highlighted how protocol design choices reflect the era and requirements when each protocol was created.
Kagi Small Web
Kagi launches a new discovery tool for the “small web” - independent blogs, webcomics, and YouTube channels that operate outside major platforms. The service provides a StumbleUpon-like experience, surfacing interesting content from a curated index of personal sites with RSS feeds. The tool aims to help users discover authentic, human-created content that doesn’t surface in traditional search engines dominated by commercial results.
HN Discussion: Some users praised the concept and compared it favorably to discovery tools from the early web era. Others criticized Kagi’s definition of “small web” as too narrow, requiring RSS feeds and recent posts, which excludes many interesting static sites, personal pages, and fan sites that characterize the true small web. Commenters shared similar curated blog directories and RSS aggregators. The discussion revealed differing expectations about what constitutes the small web and how discovery tools should work.
Switzerland Built an Alternative to BGP
Switzerland has developed a secure alternative to the Border Gateway Protocol (BGP), the routing protocol that underpins the internet but suffers from security vulnerabilities like route hijacking and man-in-the-middle attacks. The new system, called SCION, provides better security properties and path transparency while being compatible with existing internet infrastructure. The project originated from Swiss research but has gained international adoption as organizations look for more secure routing alternatives.
HN Discussion: Commenters noted that while SCION provides security benefits, adoption challenges remain due to the massive inertia of BGP and the internet’s existing routing infrastructure. Some pointed out that Switzerland’s approach was motivated by specific national security concerns and infrastructure needs that may not apply equally everywhere. The discussion touched on whether alternatives can achieve critical mass given BGP’s entrenched position, and what incentives might drive migration.
Edge.js: Run Node apps inside a WebAssembly sandbox
Wasmer introduces Edge.js, a technology that runs Node.js applications inside WebAssembly sandboxes for enhanced security and portability. The system compiles Node.js to WASM, allowing it to run in isolated environments without direct access to host resources. This enables safer code execution, especially for untrusted third-party code, and opens new deployment possibilities for Node applications across different platforms.
HN Discussion: Users questioned performance overhead of running Node in a WASM sandbox, with some noting that WebAssembly’s security model comes at a cost. Others saw value for specific use cases like running untrusted code or deploying in highly restricted environments. The discussion covered compatibility issues with Node’s native modules and how well the WASM runtime handles Node’s ecosystem requirements. Some expressed skepticism about the practical benefits compared to existing containerization approaches.
Tech Tools & Projects
A Decade of Slug
A personal retrospective on ten years of using the Slug static site generator, written by its creator. The author reflects on why he built Slug, the design philosophy that prioritized simplicity over features, and how it has evolved (or not) over a decade of use. The post discusses the trade-offs of maintaining your own tools versus using more popular alternatives, and what it means to build software primarily for your own needs.
HN Discussion: Commenters appreciated the perspective on maintaining personal software projects and the reality that sometimes tools don’t need major features to remain useful. Some shared similar experiences with their own long-running projects, noting that personal tools often serve their creator’s needs perfectly while seeming under-featured to outsiders. The discussion touched on the value of simplicity in software and how personal projects can avoid feature creep that plagues commercial tools.
More than 135 open hardware devices flashable with your own firmware
A comprehensive directory of over 135 open hardware devices that users can flash with custom firmware, providing alternatives to vendor-locked hardware. The collection includes routers, single-board computers, network equipment, and various embedded systems. Each entry documents the device, the firmware options available, and instructions for flashing, empowering users to take control of their hardware and extend its capabilities beyond manufacturer limitations.
HN Discussion: Users praised the resource for consolidating information about open hardware options, which had previously been scattered across forums and wikis. Some shared their experiences with specific devices and contributed additional models not yet listed. The discussion highlighted the growing importance of user-controllable hardware as manufacturers increasingly lock down devices, and how communities are documenting workarounds and alternatives.
Python 3.15’s JIT is now back on track
The Python development team reports significant progress on the JIT compiler for Python 3.15 after encountering technical setbacks including performance regressions. The new approach uses a “dual dispatch” mechanism that keeps the interpreter compact while enabling JIT compilation for hot code paths. The team has resolved major architectural issues and is now confident the JIT will ship with Python 3.15, providing substantial performance improvements for Python code without breaking compatibility.
HN Discussion: Many users expressed excitement about the performance improvements the JIT promises, noting that Python’s speed has long been a limitation for certain use cases. Others questioned why Python isn’t learning from other languages that have had successful JITs for years, suggesting the language needs to evolve more radically. Some raised concerns about how the JIT will interact with Python’s extensive C API and third-party extensions that assume the current interpreter design. The discussion also touched on PyPy’s existing JIT and why CPython can’t simply adopt that approach.
Get Shit Done: A meta-prompting, context engineering and spec-driven dev system
An AI-powered development framework that uses meta-prompting, context engineering, and specification-driven development to help users build software. The system provides structured workflows for working with AI coding assistants, including detailed project specifications, task breakdowns, and automated testing enforcement. It aims to make AI-assisted development more predictable and maintainable by providing guardrails and patterns rather than relying entirely on free-form prompting.
HN Discussion: Users had mixed experiences, with some finding the framework helpful for complex projects and others reporting it generated too much boilerplate and burned through tokens quickly. Some compared it favorably to similar tools like Superpowers, while others preferred simpler approaches. The consensus seemed to be that spec-driven workflows have value, but the right balance of structure vs. flexibility varies by user and project type. Commenters noted that the field is still evolving rapidly and best practices haven’t settled yet.
Show HN: Sub-millisecond VM sandboxes using CoW memory forking
A project that achieves sub-millisecond VM startup times by using copy-on-write memory forking with Firecracker VMs. Instead of booting fresh VMs for each execution, the system boots Firecracker once with Python and numpy loaded, then snapshots the full VM state. Subsequent executions create new KVM VMs backed by MAP_PRIVATE mappings of the snapshot memory, leveraging Linux’s copy-on-write page management. This provides isolation of real VMs with startup times approaching process forking.
HN Discussion: Commenters were impressed by the performance gains, noting that sub-millisecond startup for isolated execution environments could enable new use cases. Some raised concerns about memory usage and how the system handles writes that trigger CoW page copies at scale. The discussion covered use cases like API sandboxing, code execution platforms, and safe code analysis. Others noted similarities to techniques used in unikernels and specialized execution environments, but appreciated this being built on standard Linux/KVM primitives.
A tale about fixing eBPF spinlock issues in the Linux kernel
A detailed account of diagnosing and fixing spinlock-related issues in the eBPF (Extended Berkeley Packet Filter) subsystem of the Linux kernel. The author describes symptoms that were difficult to reproduce and trace, the debugging techniques employed, and how the root cause was eventually identified and resolved. The story illustrates the challenges of low-level kernel debugging and how subtle concurrency issues can manifest in production systems.
HN Discussion: Kernel developers and low-level systems programmers appreciated the detailed debugging narrative, noting that real-world kernel debugging stories are rare and educational. Some shared similar experiences with difficult-to-trace concurrency issues and the techniques they used. The discussion highlighted how modern debugging tools have improved kernel debugging, but deep understanding of the system architecture remains essential. Several commenters noted that the article serves as good documentation for future developers encountering similar issues.
Forget Flags and Scripts: Just Rename the File
A discussion of how program behavior can be controlled by naming input files rather than using command-line flags or complex configuration. The author explores scenarios where the program infers intended operation from file extensions or names, reducing cognitive load for users. Examples include batch processing systems, build tools, and data transformation utilities where file naming conventions carry operational meaning.
HN Discussion: Reactions were mixed, with some appreciating the simplicity and user-friendliness of convention-based interfaces, especially for users who aren’t comfortable with command-line options. Others argued that explicit configuration is more maintainable and less error-prone, with conventions creating implicit knowledge that must be learned. The discussion touched on the balance between discoverability (explicit flags) and ease of use (implicit naming), and how this varies by use case and target audience.
Robotocore · a Digital Twin of AWS
Robotocore provides a digital twin simulation of AWS infrastructure, allowing developers to test AWS deployments locally without using real cloud resources. The system emulates key AWS services and their interactions, providing a realistic environment for development, testing, and disaster recovery planning. This can significantly reduce costs and accelerate development cycles by enabling rapid iteration without cloud dependencies.
HN Discussion: Users noted the overlap with existing tools like LocalStack and questioned what differentiates this project. Some appreciated the focus on digital twin concepts rather than just mocking services, seeing potential for more sophisticated simulations. The discussion covered challenges of accurately emulating AWS behavior, especially edge cases and service interactions. Some expressed interest in using it for chaos engineering and what-if scenario planning beyond basic testing.
Show HN: Fatal Core Dump – A debugging murder mystery played with GDB
A unique game where players solve a murder mystery by debugging a Linux binary using real debugging tools like GDB. Players are given a binary, core dump, source code, and logs, and must determine whether an airlock accident was a bug or sabotage. The game teaches real debugging techniques while providing an engaging narrative, with the full source code available for those interested in how it was built.
HN Discussion: Commenters loved the concept of gamifying low-level debugging skills, noting it’s a creative way to teach techniques that are usually learned through painful experience. Some requested similar games covering different debugging scenarios or security challenges. The discussion highlighted the educational potential of interactive learning for technical skills, with several suggesting this could be adapted for training new developers or security researchers. Players shared their progress and the techniques they used to solve the mystery.
Show HN: I built an interactive 3D three-body problem simulator in the browser
An interactive web-based simulator for the three-body problem from classical mechanics, demonstrating the chaotic dynamics that emerge when three gravitationally-interacting bodies orbit each other. Users can adjust initial conditions and watch how the system evolves, seeing sensitive dependence on initial conditions that characterizes chaotic systems. The visualization helps build intuition about why the three-body problem has no general closed-form solution and why predicting orbits long-term is impossible.
HN Discussion: Users praised the educational value of visualizing chaos theory concepts interactively, noting that seeing the dynamics in action helps understand the mathematics better than equations alone. Some shared similar educational physics simulations they’d built or used. The discussion touched on applications to real-world problems like orbital mechanics and climate systems, where similar chaotic behavior appears. Several commenters suggested enhancements like adding more bodies, different force laws, or phase space visualizations.
Security & Privacy
Microsoft’s ‘unhackable’ Xbox One has been hacked by ‘Bliss’
Security researcher Markus Gaasedelen successfully hacks the original 2013 Xbox One after more than a decade of it remaining secure, using voltage glitching attacks to bypass the platform’s security measures. The hack chains two separate glitch attacks to skip security checks and gain code execution at boot ROM level, allowing unsigned code to run. The breakthrough required understanding the Xbox’s complex multi-stage boot process and finding precise timing windows to manipulate the CPU’s internal state.
HN Discussion: Commenters were impressed by the technical achievement and the persistence required over years of work. Some noted that the Xbox stayed unhacked so long partly because there was little incentive—the game library overlapped with PC and few people cared to emulate it. The discussion covered the sophisticated mitigations Microsoft had implemented, including random loops, disabled debug readouts, hash-chain execution checks, and user-mode kernel partitions. Others debated the practical implications, noting that this only affects the original “VCR” hardware, not later revisions, and that Microsoft can still detect and ban compromised devices on Xbox Live.
AI & Tech Policy
Mistral AI Releases Forge
Mistral AI launches Forge, a platform for training custom AI models on organizational data, addressing the challenge of building domain-aware AI systems. The platform supports pre-training on large internal datasets and post-training methods for refining model behavior for specific tasks and environments. Forge targets enterprises needing specialized models that understand their proprietary data and workflows, particularly in regulated markets like the EU.
HN Discussion: Users debated how “pre-training” works with typical company datasets that are too small for foundation model training, speculating that Forge might use synthetic data generation or distillation from larger models. Some saw value in Mistral’s approach of focusing on custom enterprise models rather than competing on the largest frontier models. The discussion touched on whether specialized proprietary data is a defensible moat for AI companies, with some arguing that accessing high-quality domain data is increasingly valuable as general model capabilities plateau. Others noted MongoDB’s similar entry into this market as validation of the approach.
Why AI systems don’t learn – On autonomous learning from cognitive science
A research paper examining why AI systems lack true autonomous learning capabilities from the perspective of cognitive science. The authors analyze the differences between biological learning systems and current AI approaches, identifying fundamental gaps in how AI systems acquire and adapt knowledge compared to humans and animals. The paper draws on insights from developmental psychology and neuroscience to propose directions for more genuine learning capabilities in AI.
HN Discussion: Commenters discussed the distinction between training and learning, noting that most AI systems learn only during training phases and don’t continue adapting afterward. Some argued that biological systems’ continuous learning is tied to their embodiment and interaction with the world, which AI lacks. The discussion covered whether scaling current approaches will eventually yield more autonomous learning, or whether fundamentally different architectures are needed. Several shared perspectives from cognitive science about how humans integrate new knowledge and why that’s different from statistical pattern matching.
Unsloth Studio
Unsloth launches a new interface for fine-tuning and deploying custom large language models, aiming to make model customization accessible to non-experts. The platform provides a visual interface for training on custom datasets, evaluation, and deployment, abstracting away much of the complexity of traditional fine-tuning workflows. Unsloth Studio targets teams that need domain-specific models without deep ML expertise or significant computational resources.
HN Discussion: Users noted the trend toward making LLM customization more accessible, comparing it to the democratization of AI that followed GPT’s release. Some questioned whether fine-tuning is still the right approach given advances in prompt engineering and context techniques, while others argued that domain-specific models still offer advantages in quality and cost for specialized applications. The discussion touched on whether these tools lead to better models or just more lower-quality fine-tunes, and what skills developers still need to use them effectively.
Launch an autonomous AI agent with sandboxed execution in 2 lines of code
A library that enables launching autonomous AI agents with sandboxed code execution in just two lines of Python code. The system handles agent setup, tool integration, and secure execution environments automatically, letting developers focus on agent logic rather than infrastructure. Sandboxing ensures that agents can run untrusted code or make system calls safely without compromising the host.
HN Discussion: Some praised the developer experience and the ease of getting started with agentic systems, noting that infrastructure setup often dominates the complexity. Others raised concerns about abstracting too much and whether developers understand what’s happening under the hood, especially around security boundaries. The discussion covered the growing complexity of AI agent frameworks and the trend toward higher-level abstractions that make them accessible to more developers. Some questioned whether autonomous agents are the right abstraction for most use cases or if they add unnecessary complexity.
Business & Industry
Launch HN: Kita (YC W26) – Automate credit review in emerging markets
Kita, a Y Combinator W26 company, automates credit review for lenders in emerging markets using vision-language models (VLMs) to parse messy financial documents. The system handles highly variable, unstandardized documents like bank statements, payslips, and screenshots in PDF, scanned, or photo formats. Kita extracts structured financial data, performs cross-document verification, and detects fraud-specific patterns for markets like the Philippines, Mexico, Indonesia, South Africa, and even the US.
HN Discussion: Users were interested in the focus on emerging markets where credit infrastructure is weak and document-based underwriting is the norm. Some questioned whether VLMs are the right approach compared to more traditional OCR and document parsing tools, given VLMs’ higher costs. The discussion touched on the challenges of working with messy real-world documents and why generic tools often fail in this domain. Several noted the large market opportunity—$13.3T in global lending with 90% involving document review—but asked about the competitive landscape and how Kita differentiates from other fintech document AI solutions.
Honda is killing its EVs
Honda announces significant cuts to its electric vehicle program, scaling back plans for EV development and production. The decision reflects struggles with battery technology, supply chain challenges, and slow market adoption of Honda’s EV offerings. Analysts suggest this retreat may severely handicap Honda’s ability to compete in the rapidly electrifying automotive market, where other manufacturers have committed heavily to EV transitions.
HN Discussion: Commenters debated whether Honda’s retreat is a prudent business decision or a fatal strategic error. Some argued that Honda is being realistic about its capabilities and the market, avoiding sunk cost fallacy by pivoting. Others countered that the automotive industry is undergoing a once-in-a-century transition and backing out now may leave Honda permanently behind. The discussion covered the challenges of legacy automakers transitioning to EVs compared to startups like Tesla, and whether hybrid vehicles are a better intermediate strategy than pure EVs for some manufacturers.
History & Science
Ryugu asteroid samples contain all DNA and RNA building blocks
Analysis of samples from the Ryugu asteroid reveals the presence of all nucleobases used in DNA and RNA, providing strong evidence for the panspermia hypothesis and the extraterrestrial origins of life’s building blocks. The findings suggest that organic compounds essential for life could have been delivered to early Earth via meteorite impacts, jumpstarting the chemical processes that led to life. The study contributes to our understanding of how complex organic molecules form in space and what role they may have played in the origin of life.
HN Discussion: Commenters were fascinated by the implications for understanding life’s origins and the possibility that life could be common throughout the universe. Some clarified that this doesn’t prove panspermia, but makes it more plausible by showing that life’s chemical precursors exist in space. The discussion touched on alternative hypotheses for how life originated on Earth and why the discovery of nucleobases in space is significant. Several noted the importance of sample return missions like Hayabusa2 for this kind of research and called for more missions to other celestial bodies.
Leviathan (1651)
A link to Thomas Hobbes’s classic philosophical work “Leviathan” (1651), exploring the social contract theory and the foundations of political authority. The book argues that individuals consent to surrender some freedoms to a sovereign authority in exchange for protection of their remaining rights. Written during the English Civil War, Leviathan remains one of the most influential works in political philosophy, shaping modern concepts of state sovereignty and the legitimacy of government.
HN Discussion: Commenters discussed the historical context of Hobbes writing during the English Civil War and how that influenced his pessimistic view of human nature and the need for strong authority. Some noted contrasts with other social contract theorists like Locke and Rousseau, who had more optimistic views. The discussion touched on Leviathan’s ongoing relevance to modern political debates about the balance between security and liberty, and whether Hobbes’s conclusions would be different in today’s context. Several shared how reading foundational texts like this provides perspective on contemporary political issues.
Electron microscopy shows ‘mouse bite’ defects in semiconductors
Researchers use advanced electron microscopy techniques to visualize “mouse bite” defects in semiconductor materials, microscopic notches that can affect device performance and reliability. The study reveals the atomic-scale structure of these defects and provides insights into their formation mechanisms during manufacturing processes. Understanding these defects at the atomic level is crucial for improving semiconductor yield and developing more robust fabrication techniques for next-generation chips.
HN Discussion: Commenters appreciated the window into semiconductor manufacturing challenges that are invisible at macro scales but critically important for yield and performance. Some discussed how defects like these propagate through manufacturing and can cause failures in the field. The discussion touched on the microscopy techniques used and how they’ve advanced to allow atomic-scale imaging. Several noted that semiconductor manufacturing involves managing incredibly precise physical processes, with atomic-level defects having outsized impacts on the final product.
Other
The pleasures of poor product design
An essay exploring how intentionally poor or flawed product design can create unique user experiences and emotional connections. The author argues that perfect, frictionless design often lacks character, while products with quirks, inconveniences, or even design flaws can become beloved for their idiosyncrasies. The piece examines examples from vintage technology, furniture, and everyday objects to illustrate how imperfections contribute to the personality and charm of products.
HN Discussion: Many commenters resonated with the sentiment, sharing examples of products they loved specifically because of their flaws—the creaky old mechanical keyboard, the uncomfortable but iconic chair, the finicky vintage car. Others pushed back, arguing that good design should minimize frustration and that romanticizing poor design is a form of survivorship bias (we remember the flawed products that survived, not the ones that were simply annoying). The discussion highlighted the tension between usability and character in product design, and how different users value different qualities.
I Simulated 38,612 Countryle Games to Find the Best Strategy
A detailed analysis of optimal strategies for the game Countryle, achieved by simulating over 38,000 games with different approaches. The author uses statistical analysis to identify which word choices provide the best information gain and highest win rates, testing various hypotheses about optimal play. The results challenge some conventional wisdom about the game and provide data-backed recommendations for players looking to improve their success rates.
HN Discussion: Commenters appreciated the rigorous approach to game analysis and the large sample size used to draw conclusions. Some questioned whether the optimal strategy identified is actually the most enjoyable way to play, noting that perfect optimization can kill the fun of games. The discussion touched on similar analyses of other word games like Wordle and how strategies have evolved as communities have shared findings. Several noted the value of this kind of systematic analysis for understanding games at a deep level, even if they don’t play optimally themselves.
Ndea (YC W26) is hiring a symbolic RL search guidance lead
Ndea, a Y Combinator W26 startup, is hiring for a role focused on symbolic reinforcement learning and search guidance. The position involves developing algorithms that combine symbolic reasoning with RL to improve search efficiency and decision-making. The role highlights Ndea’s focus on advancing AI capabilities through hybrid approaches that leverage both symbolic and subsymbolic methods.
HN Discussion: Commenters discussed the trend toward hybrid AI approaches that combine symbolic reasoning with neural networks, noting that pure deep learning may have limits for certain kinds of reasoning tasks. Some speculated about what Ndea is building given this job posting and the company’s broader mission. The discussion touched on whether symbolic AI, which fell out of favor during the deep learning revolution, is seeing renewed interest as researchers seek to address current AI limitations. Several noted the growing importance of search and planning in advanced AI systems beyond just pattern recognition.
JPEG Compression
An accessible explanation of how JPEG compression works, from the high-level concepts to the mathematical details of discrete cosine transforms and quantization. The article walks through each step of JPEG compression, including color space conversion, downsampling, frequency domain transformation, and lossy compression of high-frequency components. The explanation makes complex image processing concepts understandable without assuming deep technical background.
HN Discussion: Commenters praised the clarity of the explanation, noting that JPEG is often used but rarely understood at a technical level. Some shared similar explanations of other compression formats and image processing techniques. The discussion touched on why JPEG has remained relevant despite being decades old, and how newer formats compare in terms of quality and efficiency. Several noted that understanding how compression works provides insight into image quality trade-offs and why certain artifacts appear in compressed images.
It Took Me 30 Years to Solve This VFX Problem – Green Screen Problem [video]
A video presentation chronicling a 30-year journey to solve a persistent problem in visual effects related to green screen compositing. The creator describes the technical challenges of extracting clean mattes from green screen footage, the evolution of solutions over decades, and the breakthrough that finally provided a robust approach. The story illustrates how difficult some visual effects problems are and how perseverance and iterative improvement eventually solve even the most stubborn technical challenges.
HN Discussion: Commenters were impressed by the persistence and the technical depth of the problem, which appears simple but has hidden complexities related to color spill, edge handling, and lighting conditions. Some shared their own experiences with compositing challenges and the tricks they’ve learned. The discussion touched on how VFX has evolved over the years and the interplay between artistic and technical challenges. Several noted that this kind of long-term problem-solving is rare in an industry where tools and techniques change rapidly, and appreciated the dedication required to stick with a problem for decades.
That wraps up today’s morning briefing! The stories reflect ongoing developments across AI, security infrastructure, and scientific discovery, alongside the ever-present debates about software development philosophy and the future of technology. Stay curious, and check back this evening for another roundup of what’s trending on Hacker News.