The morning of May 22nd brings a packed Hacker News front page. AI infrastructure heats up as Anthropic expands onto xAI’s Colossus datacenter and OpenAI readies its IPO, while a malicious VSCode extension compromises nearly 4,000 GitHub repos. On the tools front, BBEdit turns 16, the uv Python package manager gets a UX critique, and multiple spec-driven development workflows for Claude debut. Further afield: Samsung’s semiconductor workers receive record bonuses, a fascinating punch card archive surfaces, and Donald Knuth’s 1980 treatise on drawing the letter S resurfaces.

---

AI & Tech Policy

Anthropic is expanding to Colossus2. Will use GB200

Summary: Anthropic will run Claude inference on xAI’s Colossus datacenter, with plans to expand to Colossus2 powered by NVIDIA GB200 GPUs. The partnership leverages SpaceX’s rapid infrastructure deployment capabilities to meet surging AI compute demand. Notably, xAI appears to be opening its datacenter to external customers rather than reserving capacity exclusively for Grok.

HN Discussion: Commenters raised serious security concerns about whether the datacenter owner could observe tenant token streams or exfiltrate model weights. Others speculated this signals Grok’s model improvements are plateauing, pushing xAI toward an infrastructure-as-a-service pivot. Environmental worries were also raised — Colossus operates gas turbine generators without permits by classifying them as “portable,” and Colossus2 appears to follow the same pattern.

---

Security & Privacy

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Summary: A malicious VSCode extension compromised approximately 3,800 GitHub repositories, with GitHub officially confirming the breach. The attack exploited VSCode’s extension security model, which grants extensions broad access to the developer’s workspace, file system, and authentication tokens with minimal isolation.

HN Discussion: Frustration centered on VSCode’s near-nonexistent extension sandboxing — a feature request for extension sandboxing has languished since 2018. Developers shared workarounds including Docker-contained Code Server, restricting installs to Microsoft-only extensions, or switching to Zed for its WASM-based sandboxing. The irony wasn’t lost that developers who’d never install random executables now routinely pull gigabytes of untrusted code through IDEs and package managers.

---

Business & Industry

Samsung chip workers will get an average $340k bonus as AI profits soar

Summary: Samsung semiconductor employees are receiving average bonuses of approximately $340,000, driven by surging AI-related chip demand. The payout scale is extraordinary by Korean living standards and reflects the outsized profitability of memory and foundry operations in the AI era.

HN Discussion: Commenters contrasted this with US tech compensation, noting American executives would capture most of such a windfall while rank-and-file workers see far less. Questions about whether “average” masks a wide variance between senior and junior staff, alongside pointed comparisons to US companies cutting benefits and PTO.

SpaceX not the behemoth everyone thought

Summary: Axios analysis of SpaceX’s IPO prospectus reveals the company may depend more heavily on future growth expectations than its dominant market position suggests. Expected to be the largest IPO ever, the filing shows heavy reliance on projected rather than current revenues, raising questions about valuation sustainability.

HN Discussion: A reported price-to-sales ratio around 100 drew scrutiny — almost no S&P 500 industry averages above 5. Starlink’s recurring satellite relaunch costs were challenged as a drag on the business model. A broader concern emerged about companies operating without needing profitable business operations, with warnings that the bill for this era is coming due.

Spotify will start reserving concert tickets for fans

Summary: Spotify is launching a program to reserve concert tickets for identified “superfans” using listening history data to verify genuine fan engagement before granting ticket access. The initiative aims to combat ticket scalping by tying purchase eligibility to demonstrated interest in an artist.

HN Discussion: Scalpers will likely automate fake Spotify plays to game the superfan detection, incentivizing artificial streaming activity. Non-transferrable ticket systems and descending-price auction mechanisms were both proposed as more robust alternatives to the listening-data approach.

The IBM-ification of Google?

Summary: A blog post argues Google is following IBM’s trajectory of bureaucratic decline. The Railway GCP account ban is cited as emblematic — a billion-dollar startup had its cloud account deleted with zero warning and no human recourse. GCP is portrayed as stuck in a dead middle ground: too unreliable for enterprises due to automated bans, too expensive for indie developers who prefer Hetzner or OVH.

HN Discussion: A counter-argument held that Google remains a top-tier AI vendor controlling both content generation and visibility, giving it structural dominance regardless of execution quality. Multiple commenters observed a wave of non-contributing middle management hiring starting around 2020 that diluted Google’s engineering culture. Pushback on the “Google kills products” narrative argued that aggressive sunsetting is what risk-taking actually looks like.

The Death of the Brick and Mortar Toy Store

Summary: A blog post examining the decline of physical toy stores under pressure from online retail and Amazon’s dominance, exploring the cultural and economic loss of experiential retail shopping for families with children.

HN Discussion: Counter-evidence emerged from multiple commenters: independent toy stores in some communities are thriving by embedding themselves in local culture — running farmers’ market booths, offering free gift-wrapping and glitter tattoos. An indie bookstore owner argued three complementary small shops (bookstore, toy store, tea/candy shop) create a destination cluster. Birthday party gift-buying keeps urban toy stores busier than expected on weekends.

Fender escalates legal campaign against S-style guitars

Summary: Fender is sending cease-and-desist letters to smaller builders like LsL Instruments for making S-style (Stratocaster-shaped) guitars. The Stratocaster shape dates to 1954 and a cottage industry of small builders has existed for decades — many producing instruments widely regarded as superior to Fender’s own. Fender has been owned since 2020 by Servco Pacific, a Hawaiian car dealer with a private equity arm, raising speculation about value-extraction motives.

HN Discussion: The guitar community sided overwhelmingly with small builders — brands like Suhr, Anderson, and Tyler are considered to make objectively better S-style instruments. Legal questions were raised about whether a 75-year-old guitar shape is validly copyrightable without historical registration. The move was widely seen as brand-destructive in a market driven by community goodwill.

OpenAI Is Preparing to File for an IPO Soon

Summary: The Wall Street Journal reports OpenAI is preparing to file for an IPO imminently, a striking milestone for a company originally founded as a nonprofit. The filing comes amid intensifying competition with decreasing barriers to entry and open-source alternatives increasingly rivaling proprietary models.

HN Discussion: The irony of a nonprofit filing for an IPO dominated the thread — “Nonprofit files for IPO should be the headline.” One commenter pointed to DeepSeek v4 as a freely downloadable model rivaling Claude Opus 4.7, questioning OpenAI’s defensive moat. Concern emerged that limited capital creates a race to IPO among AI companies, with AI potentially generating only marginal returns absent a near-monopoly.

---

Tech Tools & Projects

Uv is fantastic, but its package management UX is a mess

Summary: The author praises uv’s speed and Python version management but criticizes its package maintenance UX. There’s no simple “uv outdated” command — the current workaround is “uv tree —outdated —depth 1,” which dumps the entire dependency tree rather than a clean outdated-only list. Upgrading individual packages requires manual “uv add” commands, making the workflow clunkier than pnpm or Poetry for routine maintenance.

HN Discussion: A uv maintainer explained that default upper bounds are intentionally omitted to avoid ecosystem-wide resolution conflicts, since Python cannot install diverging versions in the same dependency tree. Armin Hohler (mitsuhiko) confirmed the same design decision in Rye. Some commenters felt the article overstated the problem, calling it minor quality-of-life friction rather than a genuine “mess.”

Show HN: Spec-Driven Development Workflow for Claude Code

Summary: A Claude Code plugin implementing spec-driven development: tasks are decomposed into requirements, code analysis, and design phases before being split into subtasks for implementation. The key innovation is clearing context between every step — after spec generation and after each subtask — keeping costs low and context focused. Specs persist to disk so information survives context resets.

HN Discussion: No substantive comments at time of collection.

Show HN: Agent.email – sign up via curl, claim with a human OTP

Summary: AgentMail (YC S25) launched agent.email, a signup flow designed for AI agents rather than humans. An agent requests an inbox via curl, receives credentials, emails its human operator for a one-time OTP to claim the account, then gains a fully functional email address. The premise: the internet was designed to keep machines out of signup flows, creating a bootstrapping problem for agents needing their own identities.

HN Discussion: Security concerns were raised immediately — one commenter compared the concept to “zero-click RCE” given the implications of agents autonomously creating accounts. A user described manually provisioning agent emails via Migadu and the friction of services detecting and blocking bot accounts despite legitimate domain reputation. Some pushed back on the premise, arguing the internet wasn’t designed exclusively for humans.

BBEdit 16

Summary: BBEdit 16 has been released with over a hundred new features, changes, and refinements including forward-looking capabilities for modern development workflows. It remains a one-time purchase at $60 for an individual license — notably cheaper than the 1998 price of $120 ($245 inflation-adjusted) for BBEdit 5.0.

HN Discussion: Longtime users celebrated 35+ years of BBEdit usage, noting that Rich Siegel never sold out and the product has consistently avoided subscription pricing. The inflation comparison resonated — software has become dramatically cheaper in real terms while BBEdit maintained quality across decades. CotEditor was recommended as a lightweight, Mac-native, non-Electron alternative for users wanting a simpler text editor.

Show HN: Open-source .docx editor library for building document apps

Summary: An open-source WYSIWYG .docx editor library written in TypeScript that preserves canonical OOXML format, supports tracked changes, and enables real-time collaboration. Designed as a building block for document-centric applications rather than a standalone editor.

HN Discussion: Strong positive reception — multiple commenters reported actively searching for exactly this capability, particularly the tracked changes support from TypeScript. Another developer who built a similar PDF library expressed solidarity with the difficulty of the undertaking. The repo appears to have been newly made public, filling a notable gap in the open-source document editing ecosystem.

Show HN: I Made a Claude Skill for Spec-Driven Development (SDD)

Summary: A Claude Code skill implementing spec-driven development methodology, providing a structured workflow for Claude to decompose tasks into specifications before generating code. The open-source repository joins a growing ecosystem of SDD tools appearing for AI coding agents.

HN Discussion: A commenter pointed to juxt/allium as a more mature alternative and warned that large requirements files in context can trigger hallucinations and drift in bigger codebases. The SDD concept is gaining traction with multiple independent implementations appearing simultaneously.

---

Web & Infrastructure

Using Kagi Search with Low Vision

Summary: A low-vision user found mainstream search engines caused significant visual fatigue from cluttered layouts, AI summaries, ads, and auto-play content. Switching to Kagi’s paid, ad-free search engine dramatically reduced visual load. Kagi’s customization options — adjustable result density, font sizing, and keyboard-driven navigation — provided meaningful accessibility improvements that Google and Bing couldn’t match.

HN Discussion: Vim-style keybindings for keyboard-driven search navigation were praised as a standout feature. Several users noted the irony that the author’s accessibility-optimized personal website itself was too large for their own accessibility tools, causing Dark Reader to freeze. Strong sentiment around the “you are not the product” model of paid search versus ad-supported alternatives.

Show HN: Freenet, a peer-to-peer platform for decentralized apps

Summary: Freenet is a peer-to-peer platform for building decentralized applications using Rust and TypeScript, requiring no servers or cloud infrastructure. Peers form a small-world network on a ring topology where messages reach destinations in a few hops, claimed to scale to millions of peers. Apps run in the browser but can’t be taken down, don’t track users, and operate on open protocols.

HN Discussion: A commenter alleged the project was forced through by a board decision that dumped the original Freenet development team in favor of a rewrite without prior discussion. Technical concerns were raised about the state-merging approach pushing conflict resolution complexity onto developers. Mobile viability was questioned — iOS WASM restrictions mean desktop peers would need to relay for mobile clients.

The

Summary: The HTML <noscript> element only activates when JavaScript is entirely disabled or unsupported — not when scripts fail to load from network errors, ad blockers, CSP blocks, or CDN outages. The author recommends using a generic text element that gets updated or removed by your own script via DOM APIs, providing a true fallback for any script failure mode rather than relying on <noscript>.

HN Discussion: Commenters clarified that <noscript> is specifically a fallback for deliberately-disabled JS (Tor Browser, uBlock Origin’s JS toggle), not a general error handler. Some felt the article highlighted a genuine web standards gap but offered no actionable alternative. The piece was seen more as a standards critique than a practical fix.

---

History & Science

Mycorrhizal Fungi, Nature’s Key to Plant Survival and Success

Summary: An exploration of mycorrhizal fungi and their symbiotic relationships with plant roots, forming underground nutrient exchange networks that dramatically improve plant health and drought resistance. These fungal networks connect plants across entire ecosystems, facilitating resource sharing and communication.

HN Discussion: Gardeners shared practical experience using mycorrhizal inoculants, reporting significantly improved plant growth and lawn health even during extended drought. One commenter noted Ohio State University created a shiitake mushroom memristor, highlighting fungi’s unusual electrical properties. Merlin Sheldrake’s “Entangled Life” was recommended as essential reading.

Tristan Davey’s Punch Card Archive

Summary: A curated online archive of 255 punch cards across 5 formats, printed by 55 printers for 64 companies, alongside 11 pieces of hardware and 18 manuals. The collection covers the 1950s-60s peak era when hundreds of companies printed millions of punch cards monthly for accounting, data collection, and early computing. Notable items include a Bell Telephone Laboratories aperture card from 1973 containing microfilm.

HN Discussion: Edge-notched cards drew particular interest — needles through holes could isolate a single card from thousands instantly, a remarkable mechanical search technology. The same pin-through-hole selection mechanism was compared to children’s puzzle games still sold today.

Deciphering the Hashihara Castle Town Map

Summary: Obayashi Corporation’s project team is building a 3D reconstruction of a fictitious ideal castle town drawn by Edo-period scholar MOTOORI Norinaga at age 19. The Hashihara Castle Town Map depicts an entire castle town with natural terrain, named residents from an accompanying genealogical table, and culturally significant shrines and temples. Rivers and bridges carry names derived from classical Japanese literature.

HN Discussion: No substantive comments at time of collection; the story attracted interest for its historical and cartographic novelty.

The Letter S, by Donald Knuth (1980) [pdf]

Summary: Knuth’s 1980 paper from The Mathematical Intelligencer explores the typographic challenges of designing the letter S, directly connected to his creation of TeX and METAFONT. The work was motivated by his desire to preserve identical typography across editions of The Art of Computer Programming when Linotype machines became unavailable to publishers.

HN Discussion: Commenters shared the charming anecdote of Knuth’s wife responding to early S designs with “Why don’t you make them S-shaped?” One reader spotted apparent duplication errors in Figure 9 of the scanned PDF where multiple glyphs appeared pixel-identical. The paper’s placement alongside Ruelle’s “Strange Attractors” in the same journal volume influenced at least one physicist to adopt TeX.

Bournegol??? (2014)

Summary: Marc Lehmann’s 2014 page documenting “Bournegol” — the ALGOL-like C macro dialect Steve Bourne used to write the original Unix shell in 7th Edition UNIX. The source uses macros like LOCAL, INT, IF, ANDF, THEN, REG, and STRING to make C look like ALGOL. The term originates from a 1990 Usenet post in Unix Power Tools.

HN Discussion: Someone who met Steve Bourne reported he chose the ALGOL macros simply because it was the syntax he knew best — no deeper motivation. A qutebrowser user discovered the page redirects to random anthropic.com URLs unless the User-Agent is changed to match Firefox. Comparisons were drawn to Arthur Whitney’s similarly terse, idiosyncratic K/Q programming style.

---

Academic & Research

Multi-Stream LLMs: new paper on parallelizing/separating prompts, thinking, I/O

Summary: A paper proposing a multi-stream LLM architecture that parallelizes thought generation, input processing, and output streaming instead of the traditional sequential message-passing format. Current AI agents still use ChatGPT-era sequential message exchange; this work unblocks that bottleneck by allowing concurrent streams for different cognitive operations. Models tested are small-scale, but the authors argue the parallel stream concept is a fundamentally better format for agent architectures.

HN Discussion: Commenters noted that actual parallelism is more fruitful than pushing single-threaded generation speed, since tool calls and code generation tasks are often embarrassingly parallel. Questions were raised about how contradicting tokens across parallel streams would be reconciled. Acknowledged as potentially game-changing for speed but limited by the small model scale used in experiments.

Who wins and who loses in prediction markets? Evidence from Polymarket

Summary: A study of 588 million trades ($67B in volume) on Polymarket shows the top 1% of users capture 76.5% of all profits. Winners provide liquidity via limit orders that resolve favorably; losers take liquidity via market orders. 81% of gains come from sports markets, where successful traders exploit the fact that Polymarket doesn’t ban consistent winners unlike traditional sportsbooks.

HN Discussion: The sports market dominance was attributed to traditional betting apps banning profitable users while Polymarket does not. The top-1%-captures-76.5% pattern was compared to wealth concentration on platforms like OnlyFans and in the broader economy. Questions were raised about why anyone bets against near-certain outcomes late in events.

Triangle Tessellation with Clamped Parallelograms

Summary: John Hable revisits Dx11-style hardware tessellation (originating on Xbox 360 in 2005) with 20 years of hindsight, proposing a new algorithm using clamped parallelograms. The algorithm enables smooth transitions between tessellation patterns without popping artifacts, addressing a key limitation of the original Dx11 approach. An MIT-licensed JavaScript interactive viewer accompanies the paper.

HN Discussion: No substantive comments at time of collection.

---

System Administration

Blog ran on Ubuntu 16.04 for 10 years. I migrated it to FreeBSD

Summary: The author ran a blog on Ubuntu 16.04 LTS for over a decade on a Digital Ocean VPS, long after LTS support ended and apt repositories went offline. The migration to a Hetzner VM running FreeBSD cut costs to less than half while moving geographically closer in Europe. FreeBSD Jails with Bastille provided service isolation, and the write-up includes load benchmarks comparing the old and new setups.

HN Discussion: Several commenters shared similar stories of neglecting servers for years, with one unable to recreate a 10-year Hetzner VPS. One poster used an AI agent (Gemini 3.1 Pro) to automate their own migration from a 2015-era Ghost blog. FreeBSD pain points discussed included PM2 instability, difficulty getting logs from rc.d daemons, and firewall configuration overhead. Caddy + Docker Compose was suggested as a simpler alternative stack.

---

Other

Where are all the UK red telephone kiosks?

Summary: The K6 Project documents and catalogs surviving UK red telephone kiosks (Giles Gilbert Scott’s K6 design), tracking locations, door types, and current repurposing. Entries cover Tudor Crown variants, door classifications, and whether kiosks are protected, residential, or repurposed. Many decommissioned kiosks now serve as defibrillator stations, micro-libraries, and small museums.

HN Discussion: One kiosk in Meols, Merseyside became a museum for Orchestral Manoeuvres in the Dark — the band used it as their booking office and its phone number inspired the song “Red Frame White Light.” Commenters shared nostalgia including memories of making reverse-charge calls between booths across the street. The poster traced their interest from a conversation about Arbroath fish and chips to discovering defibrillator-equipped kiosks.

Thoughts on People and Blogs

Summary: Andre Franca responds to Manu Moreale’s announcement about the future of “People & Blogs,” a series documenting personal blogs and their creators. Moreale described the exhaustion of running an independent project: administrative burden, guests ghosting, and perceived lack of audience engagement despite years of consistent output. Franca frames this as a broader challenge — sustainable quality in independent publishing requires collective participation, not just passive consumption.

HN Discussion: Some commenters were unsympathetic, questioning why the author expected people’s time and noting a series may simply lack a viable audience after three years. Others agreed that good independent projects need active community support to survive. The tension between creator expectations and audience obligations was the central theme.

Magic the Gathering format: Fun 40

Summary: Fabien Sanglard created a casual 40-card Magic: The Gathering format inspired by a tournament at “Beasts of the Bay.” Design principles prioritize back-and-forth interaction, no discard or land destruction, mild prison effects, and 40-card decks for easier shuffling. Six pre-built decks combine Portal Three Kingdoms white borders, Beta black borders, Moxes, and Sol Ring for powered-up nostalgia.

HN Discussion: Commenters shared their own alternative formats, including “Danger Room” (a cube-style draft variant) and a custom hex-grid mana terrain system. Forty-card decks were praised as a sweet spot — 23 non-land choices provide expressiveness without decision fatigue. WotC’s Commander push was attributed partly to 100-card decks driving more singles purchases.