HN Morning Brief - March 21, 2026
Welcome to your morning Hacker News briefing! Here’s what’s trending on Hacker News this Saturday, March 21st, 2026.
AI & Tech Policy
OpenCode – Open source AI coding agent (656 points)
Link: https://opencode.ai/
OpenCode is an open-source AI coding agent that has gained significant traction in the development community. The tool offers a text-based interface for coding assistance with features like multi-model support, sub-agents for different tasks, and extensive customization options. While users praise its productivity benefits, some criticize its high resource usage (often 1GB+ RAM), frequent releases without proper testing, and overly complex feature set. The project has been blacklisted by Anthropic AI, with users noting they have to resort to other alternatives like Claude Code.
Comments:
- Users appreciate the ability to switch models and choose different LLMs for different agent roles
- Criticisms focus on rapid release cadence without adequate testing and feature bloat
- Discussion about evaluation frameworks - users suggest coding agents should prioritize eval frameworks over adding new features
- Some users report extraordinary productivity with the tool combined with spec-driven workflows
- Concerns raised about default settings sending prompts to Grok’s free tier without disclosure
Mamba-3 (55 points)
Link: https://www.together.ai/blog/mamba-3
Together AI has announced Mamba-3, building on the Mamba architecture that offers an alternative to traditional transformer models. The Mamba approach uses selective state space models that can handle longer sequences more efficiently than transformers, with potential applications in tasks requiring extensive context processing.
Comments:
- Discussion about the architectural differences between Mamba and traditional transformers
- Interest in efficiency gains for processing long sequences
- Speculation about training costs and accessibility
Attention Residuals (153 points)
Link: https://github.com/MoonshotAI/Attention-Residuals
Researchers have introduced Attention Residuals (AttnRes), a novel approach to residual connections in large language models that replaces fixed accumulation with softmax attention over preceding layer outputs. This allows each layer to selectively aggregate earlier representations with learned, input-dependent weights. The approach reportedly drops compute required for training by ~20% and requires significantly less memory bandwidth for inference. A “Block AttnRes” variant partitions layers into blocks to reduce memory overhead while preserving most gains.
Comments:
- Users impressed by the 20% reduction in training compute and 1/6th memory bandwidth requirement for inference
- Discussion about implications for running models on consumer hardware
- Comparisons to LSTM input gates in architectural design
- First author noted to be a high school student, sparking discussion about youth in AI research
- Excitement about potential for faster iteration in model development
Ask ChatGPT to pick a number from 1-10000, it generally selects from 7200-7500 (10 points)
Link: https://old.reddit.com/r/ChatGPT/comments/1rz2ooh/i_am_betting_my_house_that_if_you_ask_gpt_to_pick/
Users have discovered a bias in ChatGPT’s random number generation when asked to pick numbers from 1-10000, with the model consistently selecting from a narrow range around 7200-7500. This highlights challenges in getting truly random distributions from language models.
Comments:
- Discussion about how LLMs struggle with true randomness
- Users report similar biases in different ranges
- Conversation about token probability distributions affecting number selection
Security & Privacy
Google adds 24-hour wait and mandatory reboot to Android sideloading flow (23 points)
Link: https://android-developers.googleblog.com/2025/08/elevating-android-security.html
Google has implemented new restrictions for Android sideloading that include a 24-hour waiting period and mandatory reboot before users can install apps from unknown sources. The change specifically applies to unsigned applications, not all sideloaded apps. This represents a significant tightening of security controls on certified Android devices.
Comments:
- Users frustrated by the restriction, with calls to purchase non-certified Android devices
- Debate about whether this will hurt Google similarly to Windows RT and Windows 10 S failures
- Clarification that the restriction only applies to unsigned apps, not all sideloaded content
- Concern that users won’t realize the limitation until after they’ve purchased the device
- Discussion about the implications for repairability and user freedom
France’s aircraft carrier located in real time by Le Monde through fitness app (539 points)
Le Monde investigative journalists successfully tracked France’s Charles de Gaulle aircraft carrier in real time through publicly available fitness app data. By analyzing Strava heatmap data, they could pinpoint the carrier’s location and movements, revealing serious security vulnerabilities when military personnel use personal fitness tracking devices. This follows similar incidents, including the 2018 exposure of secret US military bases through Strava data and the tracking of a Russian submarine commander who was assassinated after his route was traced via fitness apps.
Comments:
- Discussion about whether aircraft carrier location should even be considered secret given they’re visible to satellites
- Comparison to previous incidents with US bases and Russian submarines
- Debate about difficulty of preventing soldiers from leaking location via smartphones
- Humor about the runner’s pace matching the carrier’s 27-knot cruising speed
- Discussion about whether satellite or coastal internet was used for data sync
- References to similar security vulnerabilities in dating apps and social media
Geopolitics & War
(See France’s aircraft carrier story above - relevant to both Security & Privacy and Geopolitics)
Tech Tools & Projects
Ghostling (169 points)
Link: https://github.com/ghostty-org/ghostling
Ghostty has released Ghostling, a small C library that provides a lightweight terminal rendering engine. The project aims to be minimal and efficient, with a C file small enough to read in a few minutes. It uses an innovative technique for embedding fonts via autogenerated headers, creating a cross-platform binary resource embedding solution.
Comments:
- Users impressed by the small, readable codebase
- Discussion about the novel approach to font embedding via generated C headers
- Some users don’t need features like tabs and window management in terminal emulators
- Enthusiasm for OSC support being planned
- Requests for a plugin-like system similar to st’s but less cumbersome
Fujifilm X RAW STUDIO webapp clone (10 points)
Link: https://github.com/eggricesoy/filmkit
A developer has created a web-based clone of Fujifilm’s X RAW STUDIO application, which allows photographers to process RAW images from Fujifilm cameras. The webapp aims to bring the professional RAW processing capabilities to a browser-based interface.
FFmpeg 101 (2024) (26 points)
Link: https://blogs.igalia.com/llepage/ffmpeg-101/
A comprehensive guide to FFmpeg has been published, covering the fundamentals of this powerful multimedia framework. The tutorial covers installation, basic operations, and common workflows for video and audio processing.
Linux Applications Programming by Example: The Fundamental APIs (2nd Edition) (67 points)
Link: https://github.com/arnoldrobbins/LinuxByExample-2e
Arnold Robbins has released the second edition of his book on Linux application programming, focusing on fundamental APIs. The project is available on GitHub and provides hands-on examples for learning Linux system programming.
Show HN: We built a terminal-only Bluesky / AT Proto client written in Fortran (69 points)
Link: https://github.com/FormerLab/fortransky
A developer has created a terminal-only Bluesky/AT Protocol client written entirely in Fortran, demonstrating the vintage language’s continued viability for modern applications. The project showcases the AT Protocol’s ease of development with its open public data, structured JSON, and zero authentication friction.
Comments:
- Enthusiasm for the unusual choice of Fortran and nostalgia from users who learned it early in their careers
- Discussion about the AT Protocol being a joy to build on with its well-structured data
- Questions about why Fortran was chosen over more modern languages
- Humorous comments like “fortran > cobol”
- Interest in seeing production codebases in languages users haven’t used
- Discussion about other AT Protocol apps that aren’t social media derivatives
purl: a curl-esque CLI for making HTTP requests that require payment (17 points)
Link: https://www.purl.dev/
A new CLI tool called purl has been released for making HTTP requests that require payment, similar to curl but with built-in support for paid APIs. The tool aims to simplify working with paid HTTP endpoints that would otherwise require more complex setup.
A look at content scrambling in DVDs (23 points)
Link: https://mathweb.ucsd.edu/~crypto/Projects/MarkBarry/
A technical analysis explores the Content Scramble System (CSS) used in DVDs, examining the encryption mechanisms and how they were eventually broken. The project provides insight into early digital rights management systems and the cat-and-mouse game between content protection and circumvention.
The worst volume control UI in the world (2017) (99 points)
Link: https://uxdesign.cc/the-worst-volume-control-ui-in-the-world-60713dc86950
A UX design case study examines what’s described as the worst volume control interface ever designed, analyzing the poor user experience decisions and what can be learned from them. The article serves as a cautionary tale about prioritizing aesthetics over usability.
VisiCalc Reconstructed (182 points)
Link: https://zserge.com/posts/visicalc/
A developer has reconstructed VisiCalc, the first spreadsheet application, in modern code. The project includes a complete implementation of the classic spreadsheet with its formula engine, cell dependency tracking, and user interface. The reconstruction reveals the elegant simplicity of the original design and the complexity hidden behind deceptively simple spreadsheet functionality.
Comments:
- Users impressed by the elegance of the original VisiCalc design
- Discussion about memory allocation challenges on the original Apple II with limited RAM
- References to similar spreadsheet implementations including spreadsheet-fortran for PDP-11
- Conversation about dependency graphs being essential for modern spreadsheet performance
- Requests for command-line spreadsheet interfaces with Vim keybindings
- Interest in which business departments were first adopters of spreadsheets
Lent and Lisp (43 points)
Link: https://leancrew.com/all-this/2026/02/lent-and-lisp/
A reflective piece explores connections between the religious season of Lent and programming in Lisp, drawing parallels between spiritual disciplines and coding practices.
Red Grid Link – peer-to-peer team tracking over Bluetooth, no servers (37 points)
Link: https://github.com/RedGridTactical/RedGridLink
A Show HN project introduces Red Grid Link, a peer-to-peer team tracking application that works entirely over Bluetooth without requiring servers or cellular connectivity. The app is designed for backcountry trips where cell service is unavailable, allowing groups to track each other’s location with offline topo maps and MGRS grid coordinates. It uses AES-256-GCM encryption and CRDT synchronization to handle unreliable BLE connections.
Comments:
- Users impressed by the technical challenge of reliable sync over unreliable BLE connections
- Interest in the offline mapping capabilities and MGRS coordinate system
- Discussion about the practical applications for outdoor enthusiasts
- Appreciation for the focus on privacy with no servers required
Web & Infrastructure
We rewrote our Rust WASM parser in TypeScript and it got faster (166 points)
Link: https://www.openui.com/blog/rust-wasm-parser
OpenUI describes their experience rewriting a Rust WASM parser in TypeScript, which resulted in improved performance. The speedup came primarily from algorithmic improvements: fixing an O(N²) problem to O(N) via statement-level caching (3.3x improvement) and eliminating WASM boundary serialization (2-4x improvement). The case study demonstrates that rewrites often yield benefits not from language choice but from the opportunity to rethink and improve the implementation.
Comments:
- Users emphasize that the real win is the algorithmic fix, not the language choice
- Discussion about serialization costs across JS-WASM boundaries and alternatives like SharedArrayBuffers
- Comparisons to historical experiences of Python being faster than C++ due to accidental bug fixes
- Debate about whether V8’s JIT optimization eliminated Rust advantages or if it’s about well-defined data structures
- Users expressing hope for future direct web platform API access from WASM modules without JS
- Discussion about potential confusion with Open UI W3C Community Group
History & Science
The Los Angeles Aqueduct Is Wild (327 points)
Link: https://practical.engineering/blog/2026/3/17/the-los-angeles-aqueduct-is-wild
Practical Engineering presents a detailed exploration of the Los Angeles Aqueduct, one of the most ambitious engineering projects in American history. The aqueduct, completed in 1913, transports water over 233 miles from the Owens Valley to Los Angeles, largely uncovered through open canals and tunnels. The project sparked the “California Water Wars” and fundamentally changed the state’s water politics. The video covers the aqueduct’s design, construction challenges, environmental impacts, and the controversial water rights negotiations that shaped modern California.
Comments:
- Users from LA discuss regional differences in water conservation awareness
- Discussion about the lack of desalination investment in Southern California compared to Australia
- Reflection on America’s reduced appetite for grand structural projects compared to historical eras
- Interest in the aqueduct’s gravity-powered design that works without electricity
- Reference to the St Francis Dam collapse disaster connected to the aqueduct system
- Discussion about water evaporation from uncovered canals
- Users sharing personal experiences visiting Owens River Gorge
The Ugliest Airplane: An Appreciation (51 points)
Link: https://www.smithsonianmag.com/air-space-magazine/ugliest-airplane-appreciation-180978708/
Smithsonian Magazine takes a look at the A-10 Thunderbolt II (Warthog), widely considered one of the ugliest aircraft ever designed, yet beloved for its effectiveness. The article explores how the A-10’s unconventional appearance served its purpose: a heavily armored, slow-flying tank killer designed to protect ground troops. The Warthog’s distinctive design, including its GAU-8 Avenger rotary cannon, has made it a cult favorite among military aviation enthusiasts.
Turing Award Honors Bennett and Brassard for Quantum Information Science (18 points)
Link: https://amturing.acm.org
The ACM has announced that Charles Bennett and Gilles Brassard are the recipients of the Turing Award for their pioneering work in quantum cryptography and quantum information science. Their work laid the foundations for quantum-safe cryptography and quantum key distribution, now critical as quantum computers threaten traditional encryption methods.
Molly Guard (60 points)
Link: https://bookofjoe2.blogspot.com/2026/02/molly-guard.html
A piece explores the origin and story of the “molly guard,” a safety device that prevents accidental activation of launch buttons or switches. The term originated from a 1982 incident where a janitor named Molly Brown accidentally started a launch sequence, leading to the development of protective covers for critical controls. The story highlights how engineering solutions often emerge from real-world accidents and the importance of fail-safe design.
Comments:
- Discussion about the etymology and real-world origins of safety engineering terms
- References to similar protective devices in various industries
- Appreciation for how individual incidents can lead to systemic safety improvements
Academic & Research
ArXiv declares independence from Cornell (746 points)
arXiv, the pioneering preprint server that has become central to scientific communication, has announced its separation from Cornell University to become an independent non-profit organization. The move aims to give arXiv greater autonomy and flexibility in pursuing its mission, though it has raised questions about future governance and potential changes to the service. The decision comes amid debates about arXiv’s role as it has evolved from a simple PDF hosting service to a de facto publication venue, particularly in fields like machine learning. Concerns have been raised about proposed changes like rejecting review articles and position papers, and a controversial $300,000 salary for the new CEO.
Comments:
- Users skeptical about the motivations behind the separation from Cornell
- Concerns about arXiv becoming more “opinionated” in what content it accepts
- Discussion about whether $300k is appropriate for a non-profit CEO salary
- Proposals for alternative academic paper hosting systems (e.g., NSF-run)
- Discussion about the endorsement system being a barrier for independent researchers
- Questions about the need for filtering vs. improving indexing and ranking systems
- Hopes for better access for non-institutional researchers
- Debate about whether arXiv’s function is better served with less institutional power
An FAQ on Reinforcement Learning Environments (37 points)
Link: https://epoch.ai/gradient-updates/state-of-rl-envs
Epoch AI has published an FAQ on reinforcement learning environments, addressing common questions about designing, implementing, and evaluating RL environments. The guide covers state representation, action spaces, reward function design, and evaluation methodologies, providing a resource for researchers and practitioners working in RL.
Business & Industry
Our commitment to Windows quality (488 points)
Link: https://blogs.windows.com/windows-insider/2026/03/20/our-commitment-to-windows-quality/
Microsoft has published a statement about their renewed commitment to Windows quality following widespread criticism of Windows 11. The company acknowledges user complaints and promises improvements including clearer search results (with device content distinguished from web results), fewer automatic restarts, better Explorer performance (reducing microstutters and lag), and moving Copilot to less obtrusive locations. However, skeptics note the absence of commitments on local accounts, fully disabling Copilot, and other long-standing user demands.
Comments:
- Highly skeptical reaction with many users feeling the commitment is too little, too late
- Discussion about Microsoft’s strategic focus being on enterprise (B2B) rather than consumers
- Criticism that the changes represent “boiling the frog” rather than real course correction
- Users comparing Windows unfavorably to Linux’s improving desktop experience and performance
- Demands for accountability for Windows 11 decisions, with calls for leadership changes
- Frustration that basic quality issues required Apple competition to address
- Discussion about Linux adoption being limited by ecosystem rather than technical inferiority
- Some users praising the move of taskbar to left side of screen
Delve – Fake Compliance as a Service (626 points)
Link: https://deepdelver.substack.com/p/delve-fake-compliance-as-a-service
A damning investigative report exposes Delve, a YC-backed compliance startup, for allegedly generating fake compliance certifications without proper due diligence. The article presents evidence that Delve was providing SOC2 and other compliance certifications to companies without adequate verification, with some conclusions reportedly presented before customers even provided information. The story raises serious questions about venture capital due diligence, the effectiveness of compliance certification processes, and the broader compliance-as-a-service industry. Delve has reportedly issued a response disputing the claims.
Comments:
- Users shocked that VCs funded Delve without proper due diligence on a compliance service
- Discussion about how 80% of compliance has always been performative box-checking
- Questions about how many other YC companies use Delve and whether customer data is safe
- Debate about whether certification bodies are equally at fault for rubber-stamping
- Recognition of the risks of a hit piece but acknowledgment that the evidence is damning
- Discussion about defamation damages if the claims are false
- Users recommending alternative compliance services like Vanta
- Appreciation for calling out failures in security testing and compliance
System Administration
Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords (19 points)
Link: https://pbxscience.com/ubuntu-26.04-ends-46-years-of-silent-silent-sudo-passwords/
Ubuntu 26.04 will require password prompts for sudo commands by default, ending the 46-year practice of silent sudo password prompts that has been the default since sudo’s creation in 1980. This change represents a significant shift in Unix/Linux security defaults, prioritizing explicit user confirmation over convenience for elevated privilege operations.
Parallel Perl – Autoparallelizing interpreter with JIT (112 points)
Link: https://perl.petamem.com/gpw2026/perl-mit-ai-gpw2026.html#/4/1/1
A developer has created “Petaperl,” an alternative Perl implementation that features automatic parallelization and JIT compilation using Cranelift. The project originated from the author’s desire to automate their geothermal/solar-powered home, leading to an ambitious reimplementation of Perl with AI assistance. The interpreter includes features like Rayon for parallel task scheduling, auto-FFI, bytecode caching, and daemonize mode, though it breaks compatibility with XS modules.
Comments:
- Users impressed by the ambitious scope of the project
- Discussion about the author’s geothermal project that led to this “yak shaving”
- Concerns about whether the Perl community has bandwidth to sustain an alternative implementation
- Interest in the technical details of auto-parallelization and JIT compilation
- Complaints about the presentation website navigation being broken (down arrow not working)
- Humor about AI-written project not getting its homepage right
- Discussion about breaking XS compatibility being a bold decision
Other
A Japanese glossary of chopsticks faux pas (212 points)
Link: https://www.nippon.com/en/japan-data/h01362/
A detailed guide explains Japanese chopstick etiquette, listing behaviors considered taboo (called “kirai-bashi” or “disliked chopsticks”). The article covers everything from not sticking chopsticks upright in rice (a funeral offering) to not passing food directly from chopsticks to chopsticks (resembling funeral rites). It also notes that some etiquette is evolving, with certain behaviors like using chopsticks as a ladle becoming less strictly enforced, while others like flipping chopsticks to share food are becoming more common.
Comments:
- Users sharing personal stories of making faux pas in Japan
- Discussion about which behaviors are actually still considered taboo in practice
- Humor about the relief that inserting chopsticks in nostrils to bray like a walrus isn’t on the list
- Users realizing they’ve been taught wrong practices (like rubbing disposable chopsticks together)
- Interest in the linguistic structure of the terms (bashi = chopsticks)
- Stories of cultural misunderstandings with measure words and proper terminology
- Appreciation for how etiquette evolves over time
That’s it for this morning’s briefing! Stay tuned for more tech news and discussions from the Hacker News community.
This briefing is automatically generated. Links lead to original articles, not HN discussions. Comment summaries reflect key discussion points.