It’s Friday, May 1st. Today’s brief covers a wide swath of the HN front page: a massive Linux kernel exploit that works on every distro since 2017, OpenWarp giving developers freedom over their terminal’s AI provider, a life-size replica of ENIAC built by students, and the $500M Virtual Biology Initiative backed by the Zuckerbergs. We also have deep dives into Snowball Earth climate cycles, sphere packing formalization in dimension 8, and a mechanical panoramic camera from Jeff Bridges. Here are 30 stories worth your attention.

AI & Tech Policy

Opus 4.7 knows the real Kelsey

Kelsey Piper reports that advanced AI models, particularly Claude Opus 4.7, can identify individual writers from as few as 150 words of text. She traces how stylistic fingerprints — specific syntactic patterns, attribution styles, and recurring editorial habits — allow models to guess authorship with startling accuracy. As someone who has been pro-anonymity her entire online career, Piper argues that the erosion of textual anonymity threatens both marginalized communities and intellectual risk-taking in public discourse.

Commenters tested the model against their own writing: one fed it a James Mickens pastiche and Opus correctly identified the imitation rather than generating a plausible author name; another showed a snippet from an unpublished book chapter and received an immediate guess of his real identity. Simon Willison discovered that even disabled-search Claude incognito could still fingerprint his distinctive inline update parentheticals and (via Lobsters) attribution style.

Alignment whack-a-mole: Finetuning activates recall of copyrighted books in LLMs

A new GitHub repository demonstrates that finetuning language models can reactivate verbatim recall of copyrighted books they ingested during pretraining. The “Alignment Whack-a-Mole” technique shows that removing copyrighted text via one alignment method doesn’t prevent the model from reproducing it through alternative fine-tuning paths, suggesting copyright leakage is deeply embedded in LLM weights rather than a superficial behavioral quirk.

Commenters discussed the broader implications: one researcher noted they had been O-CRing shadow library scans specifically because of this discovery; another compared it to an impending Napster-style reckoning for AI companies. Several commenters argued that modern copyright duration is the actual problem, with suggestions that works before 1998 should be in the public domain.

Academic & Research

Snowball Earth may hide a far stranger climate cycle than anyone expected

A new study published in PNAS proposes an alternative to Snowball and Slushball Earth models, suggesting the Neoproterozoic icehouse state involved a more complex climate cycle than previously understood. The researchers’ model reconciles inconsistencies between geological evidence and existing glaciation scenarios by introducing additional feedback mechanisms involving silicate weathering and carbon cycling over millions of years.

Commenters pointed to the ongoing PNAS paper and discussed how Earth has been in an icehouse state for only a rare fraction of its 4.5-billion-year history, spending about 85% in greenhouse phases. One commenter drew on silicate weathering as a natural CO₂ sink over geological timescales, while another wondered hypothetically whether global cooling by the same magnitude as current warming would be worse for humanity.

A Milestone in Formalization: The Sphere Packing Problem in Dimension 8

AlphaXiv highlights a major milestone in formalizing the proof that E₈ lattice packing is optimal among all sphere packings in eight dimensions, building on Maryna Viazovska’s groundbreaking work. The formalization effort represents one of the most complex mathematical proofs to enter verified theorem-proving systems, requiring substantial infrastructure for handling high-dimensional geometry and Fourier analysis.

No comments were posted on this submission, likely due to its narrow appeal to formal methods researchers. The piece appeared on AlphaXiv as a summary of an academic preprint rather than a direct research paper link.

Universal patterns emerge across 22 languages, mapping how vocabularies evolve

Researchers published in Proceedings of the Royal Society B found universal patterns in how vocabulary evolves across 22 languages: frequently used words cluster together semantically, forming “popular regions” in word embedding space. The study used Word2vec representations combined with word frequency data to map these cross-linguistic regularities, suggesting that basic communicative needs impose structural constraints on language evolution independent of cultural differences.

A single commenter linked the original Proceedings B paper and confirmed its peer-reviewed status. The article’s Phys.org framing was treated as a standard science news summary rather than generating substantive discussion.

$500M for Virtual Biology Initiative, Funded by Zuckerbergs

Biohub announced the Virtual Biology Initiative with a $500 million commitment — $100 million to coordinate global data generation and $400 million to develop next-generation measurement, imaging, and engineering technologies. The five-year effort aims to create an open data foundation for AI-accelerated biology, targeting predictive models of the human cell that could accelerate disease prevention and cure research globally.

Commenters questioned whether genuine disease researchers view this as valuable or if it represents tax-deductible funds flowing into the AI industrial complex. One commenter expressed skepticism about AI initiatives in biology where fundamental human understanding remains incomplete, though acknowledged hoping to be wrong.

Business & Industry

Maladaptive frugality

Herbert Lui reflects on how he delayed repairing his iPhone despite having AppleCare coverage — a behavior he calls “maladaptive frugality” that stems from a childhood framing of spending money as inherently sinful. Growing up in a Hong Kong immigrant household where frugality was survival, he internalized the belief that saving small amounts was virtuous, only to realize later how this mindset drained energy better spent on actual priorities and business opportunities.

Commenters shared similar stories: one recounted his father keeping the thermostat under 65°F and their early marriage arguments over a “balmy” 70°F setting until he calculated it cost little to stay warmer; another noted that having a spouse nearby helps detect these patterns more easily than self-diagnosis; a commenter from Poland described how Soviet-era scarcity left people forever stuck in survival-mode spending long after prosperity arrived.

History & Science

Roboticist-Turned-Teacher Built a Life-Size Replica of ENIAC

A former roboticist turned teacher led students to build a life-size functional replica of ENIAC, the 1946 electronic computer that launched the digital age. The project grew from a robotics company venture that produced about 200 hobbyist robots across 17 countries before recognizing there was simply no market volume for robot kits — shifting the builder’s focus toward education.

Commenters praised the hands-on educational value, with one noting that these kinds of projects excite both kids and adults equally. Another remarked on the builder’s personal journey from commercial robotics to classroom work, calling his background “just amazing” beyond the ENIAC clone itself. A few commented that there should be more such projects for students.

New copy of earliest poem in English, written 1,3k years ago, discovered in Rome

Researchers from Trinity College Dublin discovered a new early 9th-century manuscript containing Caedmon’s Hymn — the earliest known poem in the English language — at the National Central Library of Rome. Dated between 800 and 830, this is only the third surviving text of the poem composed by a Northumbrian farm laborer over a millennium ago, found through traditional archival sleuthing combined with modern analysis.

The submission received no comments, likely because it appeared as a news brief from Trinity College Dublin’s press office without generating immediate HN discussion traction. The find is academically significant but narrowly focused on manuscript studies rather than provoking broader debate.

The Church Rock Uranium Mill Spill

A Wikipedia-linked article revisits the 1979 Church Rock uranium mill spill in New Mexico, where an estimated 1.23 tonnes of uranium and 46 curies of alpha contaminants traveled 80 miles downstream through Navajo County and onto the Navajo Nation. The radioactive, acidic spill also contained toxic metals and sulfates, contaminating groundwater and rendering the Puerco River unusable for local residents — yet it remains the largest uranium release in U.S. history by volume.

Commenters noted that the spill was worse than Three Mile Island, with one expressing shame at how it was handled historically. The discussion focused on the environmental justice dimension: the contamination disproportionately affected Navajo communities who relied on the Puerco River for water and livestock, raising questions about long-term health impacts on Indigenous populations.

1.4 GW: battery storage at former Grohnde nuclear power plant

Germany is converting the decommissioned Grohnde nuclear power plant into a 1.4 GW battery energy storage system with 6 GWh of capacity — exceeding the original nuclear station’s output. Located on major power lines and built by GESI, the facility leverages existing grid infrastructure at a decommissioned site to bypass the NIMBY opposition that typically delays high-capacity grid connections for a decade or more.

Commenters highlighted that siting at a former nuclear plant is an elegant solution to German grid planning bottlenecks. One commenter noted the economic logic: it can store six hours of output from the previous nuclear station and represents a “wild bet” as an arbitrage play — buying cheap wind energy and selling at peak prices, presumably with substantial government grants making the economics work. Another glider pilot lamented losing the thermal updrafts the old plant generated.

The Accidental Ancestor – How Verifying Numbers Shaped Modern Hashing

This blog post traces modern cryptographic hashing back to Hans Peter Luhn’s 1954 patent for a “Computer for Verifying Numbers,” which introduced the Modulus 10 algorithm still used today in credit card validation. The article walks through how simple mathematical transformations — multiplying alternate digits by two, handling carry digits, and computing check values via modulo arithmetic — laid conceptual groundwork for data integrity verification that eventually evolved into SHA-256 and beyond.

No comments were posted, likely because the piece is a self-contained educational blog post without an interactive discussion thread. Readers who found it interesting would likely appreciate the historical arc from credit card checksums to modern cryptographic hash functions.

Biology is a Burrito: A text- and visual-based journey through a living cell

Niko McCarty presents mathematics and visualizations that reveal how impossibly crowded bacterial cells actually are — an E. coli genome stretched end-to-end would reach the moon and back several times from just one culture grown in a gallon jug. The essay challenges the spacious textbook depictions of cellular interiors with Michael Elowitz’s “burrito” analogy: molecules crammed together in fast, chaotic environments where David Goodsell’s watercolor cross-sections capture the reality of biochemical chaos.

Commenters recommended companion books — David Goodsell’s “The Machinery of Life” for illustrations and Ron Milo and Rob Philips’ “Cell Biology by the Numbers” for order-of-magnitude calculations. One commenter identified strongly with a student who chose biochemistry precisely because it avoided multivariable calculus, finding McCarty’s description of that experience “shockingly accurate.” Another highlighted the precision engineering of DNA transcription as one of biology’s most fascinating processes.

Other

New mechanical panoramic film camera from Jeff Bridges

Jeff Bridges’ SilverBridges project has produced the WideluxX, a new analog panoramic camera with a moving lens that sweeps light across film to create continuous exposure panoramas. Priced at $4,400 in a first run of only 350 units, it uses modern German precision manufacturing to bring swing-lens panorama photography into the contemporary era — capturing environments as they are experienced, with time and motion embedded directly in the image rather than assembled afterward.

Commenters were divided between respect for Bridges’ commitment and frustration at the $4,400 price tag, with one noting it had taken five years of patience to reach this point. Several compared it unfavorably to the XPan format for distortion quality and interchangeable lens support, while acknowledging that if the WideluxX is mechanically perfect, the craftsmanship deserves admiration regardless of cost.

The Hearts of the Super Nintendo

Fabien Sanglard takes apart a Super Nintendo motherboard to identify its two clock generators — the “hearts” that dictate timing for every chip on the board. The essay walks through crystal oscillators versus ceramic resonators, showing how CLK output pins connect via copper traces to processors like the Motorola 6502 and custom graphics chips from Midway and Capcom, offering a hardware-level understanding of one of gaming’s most beloved systems.

Commenters recognized this as a repost — the original “Hearts of the Super Nintendo” post had received 548 points and 153 comments in 2024, with related posts about SNES cartridges also generating significant discussion. One commenter simply called it “tech porn” and praised the craftsmanship of the analysis.

Security & Privacy

Can I disable all data collection from my vehicle?

Rivian’s support documentation reveals that electric vehicles can disable certain functionalities including over-the-air updates, but raises unresolved questions about safety recalls when e-SIM connectivity is cut. Mozilla’s Privacy Not Included review found some manufacturers collecting exceptionally personal data — Nissan’s policy included “sexual activity” as a monitored category — while commenters flagged internet-connected cars manufactured in one country and sold in another as a potential national security vulnerability.

Commenters debated the tension between privacy and safety: one asked what happens with safety-critical OTA updates when the e-SIM is disabled, noting that ICE vehicles are legally required to receive emissions-relevant updates. Another drew parallels to Zed’s disable_ai setting as a precedent for opting out of built-in AI features. A commenter raised the geopolitical concern that a foreign manufacturer could theoretically disable its own cars in another country during a trade dispute.

CPanel and WHM Authentication Bypass – CVE-2026-41940

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel and WHM allows attackers to bypass the login mechanism entirely. The flaw affects widely-deployed web hosting control panel installations, potentially granting unauthorized administrative access to customer servers without any credentials — a significant risk for shared hosting environments where a single compromised account could expose dozens of websites.

As this appeared as a security advisory rather than a community discussion thread, no HN comments were posted. The vulnerability’s severity stems from cPanel’s ubiquitous presence in web hosting infrastructure and the fact that many administrators may not yet have patched their installations.

Follow-up to Carrot disclosure: Forgejo

Following a security disclosure about vulnerabilities in Forgejo, the author describes encountering harassment from Mastodon moderators who removed posts citing “irresponsible disclosure,” while other friends of the researcher received private outreach attempts to persuade them not to publish. Meanwhile, the Netherlands deployed a sovereign Forgejo instance and the incident reignited the eternal debate over vulnerability disclosure norms within the information security community.

Commenters were sharply divided: one offered a charitable interpretation that the reporter’s goal wasn’t humiliation but acknowledging risk; another called it “the classic response of a troll.” A commenter linked to the original HN thread from two days earlier, and someone else noted the delightful favicon — a children’s book illustration — on the blog’s domain.

SimpleX Channels, SimpleX Network Consortium and Community Crowdfunding

SimpleX v6.5 introduces Channels — a new public publishing model built around participation privacy, where channel content is visible to relay operators but neither owners nor subscribers reveal their identities to the network. The SimpleX Network Consortium was formed alongside community crowdfunding to govern the protocol independently of venture capital, arguing that free speech requires infrastructure protected by design rather than corporate discretion.

A single commenter expressed distrust of the founder’s “bow to the law” approach as antithetical to a darknet userbase, noting that the official servers currently censor content and the app suffers from instability and memory leaks. The tension between governance transparency and ideological purity remains unresolved within the community.

Copy Fail

CVE-2026-31431, dubbed “Copy Fail,” is a 732-byte Linux kernel exploit that achieves unprivileged local privilege escalation on every mainstream distribution shipped since 2017. The vulnerability chains through AF_ALG in the kernel crypto API, splice() operations, and a 4-byte page-cache write — a straight-line logic flaw requiring neither race conditions nor kernel-specific offsets, making it reliably exploitable across all distro configurations with default settings.

A Linux kernel cryptography developer described AF_ALG as “really frustrating” — added without sufficient review years ago, it exposes massive attack surface to unprivileged userspace programs that already have their own cryptography alternatives in userspace. Commenters noted vendor confusion during disclosure: Red Hat classified the CVE as “moderate severity” with fixes deferred, leaving many distros unpatched despite the exploit’s straightforward 732-byte POC.

System Administration

I Got Sick of Remembering Port Numbers

Greg Raiz built local.vibe, a dashboard and .vibe hostname resolver for Mac that eliminates “port rot” — the slow accumulation of forgotten services, dead browser tabs, and competing port assignments in local development environments. Instead of juggling localhost:3000 versus localhost:5173 roulette, developers get friendly local hostnames mapped to their services automatically through a reverse proxy layer.

Commenters pointed out that /etc/services has handled short-name-to-port resolution for decades, while others noted macOS and Linux both support any-subdomain-of-localhost naturally without needing a new TLD. Cloudflare Tunnel users reported exposing development services with built-in HTTPS listing, and one commenter emphasized maintaining a single doc file so coding agents know where to find updated service mappings.

OpenWarp

OpenWarp is an open-source community fork of Warp’s terminal emulator that adds bring-your-own-AI-provider support, letting users plug in any OpenAI-compatible endpoint including DeepSeek, Ollama, and Groq. The project preserves Warp’s full UI and interaction model while taking full control of the AI layer — API keys, models, and system prompt templates all managed locally via a minijinja-based template engine.

The Warp founder himself joined the HN thread announcing plans to add BYOM (bring-your-own-model) support directly into official Warp, suggesting the fork may have accelerated upstream development. Several commenters expressed interest in a “ThinWarp” — just the terminal UI without bundled AI — since many users want the interface but prefer running Claude Code or similar tools externally.

Show HN: Winpodx – run Windows apps on Linux as native windows

Winpodx lets developers run Windows applications as native Linux windows, eliminating the need for full virtual machines when testing cross-platform software. The tool provides a windowing compatibility layer that makes Windows executables appear indistinguishable from native Linux GUI applications in terms of compositing, keyboard focus, and taskbar integration.

No comments were posted on this submission, which suggests the tool either attracted early-stage interest that was still forming at time of capture or targets a niche audience without generating broad HN discussion traction. The project appeared under Show HN format, indicating it is likely a new release seeking community feedback.

Recovering files from beyond the grave using PhotoRec

A developer with decades of old hardware explored TestDisk and PhotoRec’s file recovery capabilities, discovering that even after “Delete + Empty Trash,” individual files can often be reconstructed from unallocated disk sectors. Using the tools on aging drives from various family computers over the years, the author recovered data including a crash-recovery story of salvaging homework files just before high school started — and found recoverable data lingering in unexpected formats across filesystems.

Multiple commenters shared war stories: one recovered photos from a card that professional recovery services had deemed unrecoverable by combining ddrescue for damaged memory chips with PhotoRec to sift through the wreckage. Another recommended creating an exact disk image as the first step, and noted that trying multiple configurations on retry often yields better results than a single attempt. A Mac user pointed out that PhotoRec performs poorly with professional video formats.

Tech Tools & Projects

Reverse Engineering SimTower

Pat Hulin used an LLM to reverse engineer the binary of SimTower — the classic 1994 building simulation game — producing towers.world, a fully playable collaborative clone that supports coop multiplayer. Rather than a clean-room reimplemention to avoid copyright issues with API-level copying, the project fed ground-truth binary feedback to guide the AI through subsystem identification, dealing with the LLM’s tendency to lock onto premature conclusions about code structure and struggling to redirect it when those guesses proved wrong.

Commenters expressed nostalgia for SimTower — described as “the best sim game” of childhood — and one discovered Yoot Tower, a little-known sequel that was commercially unsuccessful but enjoyed by players in the 2000s and 2010s. Another commenter drew parallels between the LLM’s behavior here and frustration with Opus 4.7 going down incorrect analytical paths and holding onto them stubbornly when corrected.

Full-Text Search with DuckDB

A follow-up to the author’s introductory DuckDB post, this article walks through full-text search capabilities built into DuckDB, comparing them against Elasticsearch and PostgreSQL’s pg_search extension. Using Okapi BM25 scoring algorithms and configurable query parameters, DuckDB offers a zero-infrastructure FTS solution that lets you search historical publications or email tranches without deploying separate search services — all within a single SQL-based workflow.

Commenters celebrated DuckDB-WASM as transformative enough to power in-browser LLM benchmark systems running entirely client-side. One commenter reported replacing CloudWatch and Loki log infrastructure with simple parquet-on-S3 storage queried via local DuckDB, eliminating cloud compute costs for log searching. A few raised concerns about DuckDB’s default runtime extension auto-loading behavior, calling the mechanism unnecessarily risky without more visibility.

Compositing and Blending – Exploring the math and intuition behind blend modes

Niklas Gadermann provides an interactive exploration of CSS compositing and blend modes, explaining how browsers combine layered pixels through mathematical operations like add and multiply. The 33-minute deep dive covers which blend modes exist in practice, the W3C specification’s definition of backdrop combination, and practical CSS usage patterns — including the pitfalls developers encounter when mixing blend modes with transparency and z-index stacking contexts.

A teacher commenter noted they use exactly this material — Photoshop’s add and multiply compositing — to teach students how simple high school math can composite objects without masks or erasers. Someone else traced the mathematical formulation back to a Lucasfilm research paper, confirming that these blend modes have roots in computer graphics research dating back decades.

Zed 1.0

Zed’s co-founder Nathan Sobo announced the Zed 1.0 release, describing how the editor was built from scratch like a video game rather than atop web technologies — using GPUI, a custom UI framework written in Rust that feeds data to shaders running on the GPU instead of rendering through Chromium’s layout engine. The approach allows Zed to bypass performance ceilings imposed by Electron-based editors while offering file editing, terminal integration, remote SSH development, and agent support in a unified pane.

Commenters expressed strong opinions: one subscribed monthly just to fund the team despite not needing the editor daily; another called the top comments “abysmal” after finding mostly praise instead of constructive critique. A practical user shared their workflow combining Zed with exe.dev remote sandboxes for SSH development, while a longtime Sublime Text user admitted Zed’s stricter type checking makes older PHP projects look like an “ocean of red.”

Web & Infrastructure

Does Postgres Scale?

DBOS benchmarked a durable workflow execution system running on PostgreSQL and found a single Postgres server can handle up to 144K writes per second — roughly 12 billion writes per day. The benchmarks tested workflow execution under increasing load, finding approximately linear scaling at the hardware level before hitting resource limits, challenging the assumption that PostgreSQL inherently struggles at scale.

Commenters pushed back on the article’s linear scaling narrative: one shared personal experience with Postgres multi-row insert slowdowns due to index contention that didn’t match the reported numbers; another noted that “big scale” always means “larger than anyone in the room has seen,” making practical concerns about real-world workloads secondary to theoretical benchmarks. A commenter pointed out that getting Postgres to scale requires deep esoteric knowledge of undocumented settings and configuration tuning.

Show HN: What happens when you load a webpage (Interactive)

This interactive visualization breaks down a single page load into seven distinct phases — URL parsing, DNS resolution, TCP handshake, TLS negotiation, HTTP request to edge server, server-side processing through load balancer and database, and response transit with rendering — with warm-path versus cold-path timing comparisons for each. The tool shows realistic microsecond breakdowns for fast residential connections, helping developers diagnose performance issues at specific layers rather than lumping everything into “the site is slow.”

Commenters were divided: one bookmarked it enthusiastically as among the best learning resources ever compiled, while another called it “jargon acronym soup” targeted at people who already know the entire networking stack from OSI up. A few noted the frontend design quality with wry humor, and a link was shared to the classic SuperUser explanation that has been the default answer on Stack Overflow for years.

Commit and push the brief file

<tool_call> <function=exec> <parameter=command> cp /tmp/hn-morning-brief-2026-05-01.md.tmp /Users/andy/hn-blog/src/content/blog/hn-morning-brief-2026-05-01.md 2>&1 && echo “Copied successfully” || echo “Copy failed”