Welcome to today’s roundup. Thirty stories from HN that warrant your attention.

AI & Tech Policy

EU Age Control: The trojan horse for digital IDs

Summary: The article argues that the EU’s age verification mandate for online services, framed as consumer protection, functions as a trojan horse that normalizes identity verification infrastructure across all digital interactions. The author shows how the technical requirements and data-collection mandates baked into age-checking systems create permanent surveillance capabilities that extend far beyond their stated purpose, effectively building the backbone for pan-European digital ID frameworks without legislative debate on those specific measures.

HN Discussion: HN commenters are split between those who see this as a predictable escalation of EU digital sovereignty agendas and others pointing out that existing KYC systems already perform similar identity verification in financial sectors. Several commenters note the slippery slope from voluntary age checks to mandatory universal identification, comparing it to past expansions of data retention directives.

AGPLv3 §7 Empowers Users to Thwart Badgeware Like OnlyOffice

Summary: The SF Conservancy explains how section 7 of the AGPLv3 license, which requires providing complete installation information including signing keys when distributing modified software over a network, can be used to block badgeware restrictions. The article documents cases where OnlyOffice and NextCloud attempted to use AGPL-licensed code while adding proprietary device-locking features, and shows how users invoking §7 can enforce their right to run modified versions on their own hardware without vendor control mechanisms.

HN Discussion: Commenters discuss the practical implications of AGPLv3§7 enforcement, with some suggesting it could reshape how SaaS vendors approach open-source licensing entirely by making device-locking features legally unenforceable against end users. Several point out that most developers are unfamiliar with this section of the license, limiting its real-world deterrent effect despite its theoretical power.

What the FCC router ban means for FOSS

Summary: The SF Conservancy analyzes the FCC’s new rule banning import of non-US-made home routers, explaining how it effectively blocks all foreign-made networking hardware given that virtually none are manufactured domestically. The article documents that Conditional Approval exemptions require domestic manufacturing plans and capital commitments that would make devices cost at least double current prices, using the OpenWrt One as a case study that already received approval under the old rules but faces uncertainty for any new products.

HN Discussion: HN commenters express concern about the broader implications for open-source hardware development, with some noting that this policy contradicts FCC’s own stated goals of promoting competition and consumer choice. Several commenters from manufacturing backgrounds explain why onshoring router production would be prohibitively expensive given the existing supply chain dependencies on Asian assembly operations.

Simulacrum of Knowledge Work

Summary: The author argues that proxy measures for quality in knowledge work—surface formatting, writing style, and ritualistic processes like code reviews—have been hollowed out by LLMs that can simulate the appearance of high-quality output without the substance. The essay traces how this creates a self-reinforcing cycle where workers optimize for the metrics they’re measured on (LLM-generated text looks polished), and reviewers have less time to scrutinize because everyone else is producing volume, culminating in Goodhart’s law automation where optimizing the proxy destroys what it was supposed to measure.

HN Discussion: HN discussion centers on whether this represents genuine degradation of workplace quality standards or merely a shift in which skills matter for modern development. Several commenters draw parallels to plagiarism detection challenges and note that many organizations already relied on superficial quality signals before LLMs made gaming them trivially easy.

---

Security & Privacy

Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign

Summary: Socket researchers discovered that Bitwarden CLI 2026.4.0 was compromised as part of the Checkmarx supply chain attack, with malicious code injected via an abused GitHub Action in Bitwarden’s CI/CD pipeline. The affected package, used by over 10 million users and 50,000 businesses, contained poisoned code in bw1.js that exfiltrated credentials from the password manager’s command-line tool. Socket has published indicators of compromise and recommends immediate credential rotation for anyone who installed this specific version.

HN Discussion: HN commenters discuss practical defenses including pinning npm dependency versions and setting minimum release ages on package managers like npm, pnpm, and uv to give teams time to vet new releases before deployment. Several recommend alternatives like rbw (the Rust-based Bitwarden CLI) while noting that the same supply chain risk exists across all language ecosystems with different threat profiles.

GnuPG – post-quantum crypto landing in mainline

Summary: The GnuPG announce mailing list reports that post-quantum cryptographic algorithms are being integrated into the mainline GnuPG release, adding support for Kyber as a lattice-based key encapsulation mechanism and Dilithium for digital signatures alongside existing classical algorithms through hybrid key exchanges. This brings quantum-resistant encryption to one of the most widely deployed PGP implementations across millions of email users, allowing organizations to protect communications against future quantum computing threats while maintaining full compatibility with existing OpenPGP workflows.

HN Discussion: Commenters debate whether mainstream PGP users will actually adopt these features given the generally slow adoption cycle for new cryptography in GnuPG, and whether the threat timeline for cryptographically relevant quantum computers justifies the implementation complexity. Some point out that most PGP traffic is already encrypted end-to-end with classical algorithms whose keys are too long for practical quantum attacks.

Tell HN: An app is silently installing itself on my iPhone every day

Summary: A user reports that an unknown application keeps appearing and installing itself on their iPhone every day without any apparent trigger, notification, or prior authorization from the account holder. The Tell HN post invites the community to help diagnose what mechanism could cause repeated silent app installations on iOS, given Apple’s strict sandboxing model and code signing requirements make such behavior unusually difficult, though shared device access or enterprise certificate abuse remain possible attack vectors worth investigating.

HN Discussion: HN commenters suggest checking for shared Apple ID accounts, jailbreak modifications, configuration profile installations, and potentially enterprise certificate abuse where apps are distributed outside the App Store via MDM profiles. Several note that if the phone is not jailbroken, silent installation should be effectively impossible through normal attack vectors, pointing toward a compromised account or physical access scenario instead.

---

Tech Tools & Projects

It’s OK to Use Coding Assistance Tools To Revive The Projects You Never Were Going to Finish

Summary: The author recounts using Claude Code with Opus 4.6 to resurrect a long-abandoned personal project—a YouTube Music to OpenSubsonic API shim—by laying out architectural decisions and an OpenAPI spec before handing the code generation over to the AI. The piece argues that abandoned side projects represent ideal testing grounds for coding assistants since failure carries no production risk, and that providing detailed specs and constraints upfront yields surprisingly usable results even when the AI lacks domain expertise in the target stack.

HN Discussion: HN commenters share their own experiences with reviving dead projects using Claude Code and other AI assistants, with several noting that the constraint of having a pre-written POC or spec dramatically improves output quality compared to open-ended generation. Some push back on the premise, arguing that AI-generated code for abandoned projects perpetuates technical debt rather than creating value.

USB Cheat Sheet (2022)

Summary: Fabiensanglard’s comprehensive reference documents USB specifications from version 1.0 through USB4, covering transfer speeds (12 Mbps to 40 Gbps), connector types and wire counts (USB-A at 4–8 wires, USB-C at 12 wires), power delivery tiers up to PD 3.1 EPR’s 240W, and the encoding overhead that reduces nominal throughput in practice (e.g., 8b/10b encoding wastes 20% of raw bandwidth). The sheet includes cable specifications, lane bonding mechanics for multi-lane USB 3.2 Gen 2x2 connections, and real-world throughput figures accounting for protocol overhead.

HN Discussion: HN discussion is notably sparse on the article itself since it’s a reference document, but comments point out encoding confusion in the original text and note that USB naming conventions remain deliberately confusing despite standardization efforts. Several readers suggest adding Thunderbolt compatibility matrices as a natural extension.

Writing a C Compiler, in Zig (2025)

Summary: The author documents building a C compiler frontend and code generator written entirely in the Zig programming language, treating it as an educational exercise that combines low-level systems understanding with practical compiler construction across all major compilation phases. The series walks through lexical analysis producing tokens from source characters, recursive descent parsing building abstract syntax trees for expressions and declarations, type-checking against K&R standards, and emitting x86-64 machine code without any runtime overhead beyond what a hand-written C compiler would produce.

HN Discussion: HN commenters debate whether Zig is a suitable choice for compiler internals compared to C itself or Rust, with several noting that implementing a compiler in the language it targets creates circular dependencies. Some praise the educational value while others question the utility of reinventing a well-established toolchain rather than focusing on novel language features or optimizations.

Show HN: Honker – Postgres NOTIFY/LISTEN Semantics for SQLite

Summary: Honker adds PostgreSQL-style cross-process NOTIFY/LISTEN messaging to SQLite, enabling push-based event delivery with sub-millisecond latency using the existing SQLite database file as both storage and transport without requiring a separate daemon or external message broker. The implementation uses SQLite’s journal mode and WAL extensions to implement a lightweight publish/subscribe layer suitable for desktop applications, while providing language bindings for Go and Python to make integration straightforward across multiple development stacks.

HN Discussion: The author responded directly to HN feedback with a follow-up PR addressing architectural concerns around concurrent listeners, WAL locking semantics, and backward compatibility with existing SQLite deployments. Commenters note that PostgreSQL 19 is also optimizing LISTEN/NOTIFY for better scalability under selective signaling patterns, while others raise questions about whether cross-process messaging belongs in an embedded database engine at all.

How to Implement an FPS Counter

Summary: The article walks through implementing a frames-per-second counter with multiple strategies: simple frame-tick accumulation over fixed intervals for raw sampling, exponential moving averages for smoothed tracking with configurable lag parameters to reduce visual jitter, and histogram-based percentile reporting that surfaces 1% lows alongside average metrics. The author compares naive counter implementations against smoothed variants that better reflect user-perceived performance through detailed benchmarking, showing how different algorithms handle burst patterns versus steady-state rendering latency.

HN Discussion: HN commenters discuss the tradeoffs between instant-response counters (which spike visibly on frame drops) versus smoothed statistics that hide individual bad frames, and suggest extensions like 1% low reporting commonly used in gaming benchmarks. Several note that modern game engines often include sophisticated performance monitoring tools that make custom FPS counters unnecessary for most development purposes.

New 10 GbE USB Adapters Are Cooler, Smaller, Cheaper

Summary: The author tests new RTL8159-based 10 Gigabit Ethernet USB adapters and finds they offer significantly better thermal performance and form factor than Thunderbolt alternatives, but only achieve full 10 Gbps throughput on computers with USB 3.2 Gen 2x2 (20 Gbps) ports. On most machines including Macs and modern laptops, the adapters deliver around 6–7 Gbps due to single-lane USB limitations, though they work plug-and-play without additional driver installation on macOS.

HN Discussion: HN commenters point out that USB naming conventions make it nearly impossible for average users to determine their system’s actual port bandwidth from device labels alone, with Windows reporting all USB 3.x connections generically as “USB 3.0” in Settings. Several recommend 2.5G or 5G adapters as better value for most use cases where full 10 Gbps is unlikely to be achievable anyway.

SDL Now Supports DOS

Summary: The SDL library added native support for running DOS applications through a pull request that enables game developers to target the DOS environment directly, compiling from modern toolchains into real-mode executables via SDL’s cross-platform abstraction layer. The implementation provides low-level access to DOS interrupt services, VGA text and graphics modes, and PC speaker audio, making it possible to write modern code that runs in pre-OS environments without requiring legacy toolchains or emulators.

HN Discussion: HN commenters joke about SDL for UEFI being the logical next step so games could boot directly into a pre-OS environment, while others note the irony that DOSBox itself is built on SDL. A few long-time readers express nostalgia for the era of djgpp ports and direct hardware access programming.

---

History & Science

Why has there been so little progress on Alzheimer’s disease?

Summary: The Freakonomics podcast episode examines why Alzheimer’s research has produced fewer effective treatments compared to other major diseases despite decades of intensive research, billions in funding, and multiple drug candidates reaching late-stage clinical trials. The discussion explores the complex, multifactorial nature of the disease—amyloid plaques, tau tangles, neuroinflammation, vascular factors—and how targeting single hypotheses has repeatedly failed in clinical trials, suggesting that Alzheimer’s may require entirely different therapeutic approaches rather than incremental improvements to existing strategies.

HN Discussion: HN commenters discuss the historical missteps in Alzheimer’s research including the amyloid cascade hypothesis dominating funding for decades while potentially more relevant pathways received less attention. Several suggest that the difficulty of early diagnosis before irreversible neuronal damage occurs is a fundamental barrier that newer blood biomarkers might finally address.

America’s Geothermal Breakthrough

Summary: Enhanced geothermal systems (EGS) using advanced drilling techniques borrowed from fracking operations could potentially unlock up to 150 gigawatts of carbon-free baseload energy in the United States, far exceeding current geothermal capacity of roughly 4 gigawatts. Companies like Fervo Energy are pioneering horizontal drilling into hot dry rock formations to create artificial hydrothermal reservoirs in locations that previously had no geothermal potential, while federal support continues expanding despite broader political opposition to renewable energy subsidies.

HN Discussion: Commenters debate whether the economics of EGS scale competitively with solar and wind when battery storage costs continue declining, noting that geothermal’s baseload advantage must overcome significantly higher upfront drilling costs. Several geological experts discuss regional suitability, pointing out that viable EGS sites require specific rock permeability characteristics not available everywhere in the US.

Hokusai and Tesselations

Summary: The article examines the mathematical structure underlying Hokusai’s famous Great Wave print from his Thirty-Six Views series, identifying repeating geometric patterns that function as tessellations despite their organic appearance. The analysis demonstrates how the cresting waves, foam splashes, and mountain backdrop form interconnected shapes that tile a plane with varying density, representing an early example of mathematical tiling principles applied in traditional woodblock art predating formal mathematical descriptions by centuries.

HN Discussion: HN comments highlight the intersection between Japanese ukiyo-e artistic traditions and Western geometric theory, with several noting parallels to Escher’s more famous tessellations. Readers appreciate the technical analysis while also questioning whether projecting modern mathematical concepts onto pre-modern art risks anachronistic interpretation, since the woodblock tradition relied on visual intuition rather than formal group theory.

PCR is a surprisingly near-optimal technology

Summary: The article argues that the polymerase chain reaction (PCR) technique, invented in 1983 to exponentially amplify DNA sequences, achieves theoretical optimality in energy efficiency and information transfer with minimal waste. The author shows how PCR’s cycling process—denaturation, annealing, and extension—extracts maximum information from a single template molecule using the minimum number of reagents possible, making it one of the most thermodynamically elegant laboratory techniques in molecular biology despite its simplicity.

HN Discussion: HN commenters discuss the historical context of PCR’s development during the Cold War era when Soviet and American scientists worked independently on similar amplification methods. While newer techniques like LAMP offer isothermal alternatives that simplify equipment requirements, PCR remains unmatched for quantitative accuracy across diverse template types, and its thermocycling instrumentation has become reliable enough to cost under $200 for basic lab use.

Why Not Venus?

Summary: The essay explores the persistent case for Venus as a human destination despite decades of missions revealing an uninhabitable surface with temperatures around 460°C and crushing atmospheric pressure. The author argues that Venus’s Earth-like size, proximity, and atmosphere (providing natural radiation shielding at altitude) make it uniquely suited for orbital or cloud-level habitation, and that the technological investments needed to overcome surface conditions would have spillover benefits for Mars missions in terms of life support and atmospheric processing.

HN Discussion: HN commenters debate whether Venus’s atmospheric sulfuric acid clouds present engineering challenges that outweigh its advantages compared to orbital habitats around Earth or Mars. Some suggest that floating cities at 50km altitude where pressure and temperature are Earth-like could be more feasible than previously assumed given modern corrosion-resistant materials science advances.

---

Academic & Research

Amateur armed with ChatGPT solves an Erdős problem

Summary: Twenty-three-year-old Liam Price, who has no advanced mathematics training, used a ChatGPT Pro subscription to prove a 60-year-old conjecture about primitive sets of integers—sets where no number evenly divides another. The AI generated a proof method that mathematicians had collectively overlooked, with Terence Tao noting the problem was “maybe easier than expected” and that humans made a wrong turn at the first move. Unlike previous AI-assisted math solutions that merely confirmed known results through novel but non-essential paths, this appears to be a genuinely new approach to a problem of some stature in number theory.

HN Discussion: HN discussion focuses on whether LLM-generated proofs represent genuine mathematical discovery or sophisticated pattern-matching that happens to find valid logical pathways humans missed. Several mathematicians weigh in on the credibility of the proof, with most agreeing that while novel, this approach may be limited to problems with similar structural properties rather than constituting a general methodology for mathematical research.

Optimizing Datalog for the GPU

Summary: This academic paper presents techniques for accelerating Datalog inference execution on GPUs, achieving significant speedups over traditional CPU-based engines by leveraging massive parallelism in semi-naive evaluation and fixed-point iteration loops. The authors propose novel memory access patterns optimized for GPU cache hierarchies and a work-stealing scheduler that balances load across streaming multiprocessors, demonstrating performance improvements of one to two orders of magnitude on benchmark rule sets with complex join patterns.

HN Discussion: HN readers praise the paper as an accessible introduction to Datalog optimization more broadly, with several pointing to related open-source implementations like kuzu (acquired by Apple) and Arvo’s research group work on GPU-accelerated graph analytics. Commenters discuss practical deployment considerations including data transfer overhead between CPU and GPU memory that can negate compute gains for smaller datasets.

---

Business & Industry

The Operating Cost of Adult and Gambling Startups

Summary: The author documents how businesses in the adult entertainment and online gambling sectors face systematically higher operational costs due to their industry classification, with payment processors charging premium fees, banking relationships harder to obtain, hosting providers willing to terminate contracts at shorter notice, and advertising platforms imposing stricter content review. The piece argues this “stigma tax” extends beyond direct financial costs into talent recruitment (engineers avoiding stigmatized companies), investor access (VCs hesitant about exit pathway clarity), and even legal counsel (fewer attorneys comfortable handling these cases).

HN Discussion: HN commenters share personal accounts of working in regulated industries and confirm the operational headwinds described, with several noting that the effects extend to related sectors like cannabis tech and sex-positive wellness platforms. Some suggest blockchain-based payment alternatives could eventually reduce the stigma premium by bypassing traditional financial infrastructure entirely.

Flickr: The first and last great photo platform

Summary: The article chronicles Flickr’s evolution from a photo-sharing platform that defined online community features still used across social media to its eventual decline as Instagram, Snapchat, and cloud services fragmented the audience. The author examines how Flickr’s core strengths—original content creation, group-based curation, and API accessibility created an ecosystem that competitors couldn’t replicate while simultaneously making it vulnerable when those same developers built better alternatives on top of its infrastructure.

HN Discussion: HN commenters debate whether Flickr’s decline was inevitable given smartphone photography trends or if different strategic decisions around groups and APIs could have preserved its position. Several long-time users note that while no platform has successfully replaced Flickr’s combination of photo hosting, community tools, and developer access, the category itself may be obsolete rather than any single service failing to capture it.

---

Other

The Joy of Folding Bikes

Summary: The author reflects on the practical and aesthetic appeal of folding bicycles as urban transport, documenting how a single foldable bike can integrate multiple commuting methods—carrying it onto trains, storing it under desks, combining with ferries—that would be impossible with a standard bicycle. The piece covers practical considerations including wheel size tradeoffs between portability and ride quality, weight versus durability compromises, and the social experience of riding in cities where bicycles coexist uneasily with pedestrian infrastructure.

HN Discussion: HN commenters share their folding bike experiences across different models (Brompton, Dahon, Birdy), debating whether the engineering compromises are worth the convenience gains. One commenter reports buying a Chinese-made folding bike for around €250 that replaced most e-scooter and taxi trips in their city, while others warn about quality inconsistencies with budget brands regarding brake performance on descents.

How to be anti-social – a guide to incoherent and isolating social experiences

Summary: The essay presents a satirical list of behavioral instructions for maximizing social isolation—assuming malicious intent in ambiguous situations, refusing to research or consider the credentials of people you disagree with, pivoting conversations when challenged, and exploiting immediate networks by presenting curated narratives that rally supporters against detractors. The piece reads as both genuine advice for self-destructive behavior and a mirror held up to the communication patterns that drive polarization in online spaces.

HN Discussion: HN readers interpret the essay variously as satire of toxic discourse norms, an honest reflection of the author’s own behavioral evolution away from confrontational patterns, or a guide to winning arguments by any means. Several commenters observe that many of the described behaviors map directly onto common tactics in flame wars and echo chamber dynamics, with one describing it essentially as “a list about how to have a flame war.”

Martin Galway’s music source files from 1980’s Commodore 64 games

Summary: The repository archives source files for music composed by Martin Galway, one of the most influential C64 game composers of the 1980s, whose work for software house Action Comics defined the musical identity of games across multiple platforms. The collection includes tracker files and raw assembly code that Galway used to compose his chiptune soundtracks, offering a window into how limited hardware capabilities—three sound channels plus noise—were leveraged for melodies that remained competitive with contemporary synth-pop production values.

HN Discussion: HN commenters praise the archival effort while discussing technical aspects of C64 music programming including the SID chip’s unique waveforms and filter capabilities. Several musicians comment on the ingenuity required to compose recognizable melodies with three simultaneous channels, comparing it favorably to modern chiptune production which benefits from more hardware but often lacks the same constraint-driven creativity.

The Free Universal Construction Kit (HN-native post)

Summary: This HN native post discusses the concept of a universal construction kit that could interconnect different toy systems including Lego, K’Nex, Lincoln Logs, and Tinkertoys, allowing creative play to transcend individual brand boundaries entirely. The original concept from around 2012 offered printable models for connecting parts across major construction toy brands through clever geometric adapters, positioning itself as an act of playful subversion against proprietary design lock-in while promoting interoperability in children’s toys and anticipating the modern open-hardware movement.

HN Discussion: HN commenters recall the kits fondly from their childhoods, discussing how they represented early thinking about interoperability in physical products decades before open-source hardware became mainstream. Some express nostalgia for eras when children’s toys were genuinely modular rather than increasingly branded and ecosystem-locked, while others point out that Lego has since embraced more universal connectivity through its own patent expirations.

What async promised and what it delivered

Summary: The article traces the evolution of concurrency from OS-thread-based models through callbacks, promises, futures, and finally async/await, analyzing how each wave solved previous problems while introducing new tradeoffs. It examines how C#‘s async/await with cancellation tokens represents a different design than JavaScript’s promise model, how Go chose channels instead, and how modern language designers are reevaluating function coloring costs after the async experience in other ecosystems demonstrated that ergonomics matter as much as performance for adoption.

HN Discussion: HN commenters engage in deep technical discussion comparing async implementations across languages, with several correcting factual claims about thread stack sizes by noting they are typically under 100KB on benchmarked systems rather than a full megabyte. Others debate whether Rust’s cancellation model or Go’s goroutine semantics offer better foundations for future concurrency design.

---

Web & Infrastructure

How Hard Is It to Open a File?

Summary: The article explores the surprising complexity behind the seemingly simple operation of opening a file on modern operating systems, tracing the layers from user-space library calls through kernel virtual file system abstractions, disk block allocation, caching hierarchies, and permission checking. It demonstrates that what appears as a single function call actually exercises dozens of subsystems including inode management, page cache coordination, I/O scheduler decisions, and filesystem-specific optimizations that vary dramatically across ext4, XFS, ZFS, and NTFS implementations.

HN Discussion: HN commenters find the article more amusing than informative, with several suggesting the actual title should be “How Hard Is It to Save a File?” given that modern operating systems have largely solved the open operation while write-back caching and journaling make file saving far more complex. Others share stories about filesystem corruption scenarios where the underlying complexity becomes painfully visible during recovery operations.

Discret 11: The French TV encryption of the 80s

Summary: Fabiensanglard documents Discret 11, the encryption system used by France’s Canal Plus channel starting in 1984 to protect subscription television signals transmitted over the air using the SECAM analog broadcast standard. The article describes how each frame of 625 lines was encrypted block-by-block with a rotating key, and how the scrambling affected only the visible scanlines while leaving VSYNC and HSYNC timing intact so that authorized decoders could identify and unscramble the correct frames without disrupting signal synchronization.

HN Discussion: HN readers share memories of living through the Canal Plus launch era in France and discuss the technical elegance of encryption schemes that had to operate within analog broadcast constraints where digital approaches like frame-based scrambling weren’t feasible on consumer hardware available at the time. Several compare it to later satellite TV encryption systems that used more sophisticated conditional access modules.