AI Summarized Hacker News
Front-page articles summarized hourly.
Error: Python bot is not whitelisted to access cached content on property z7wu4c8cqvjidttjmfy2jyoj.
HN Comments
Fresta reports on Credentials for Linux (FOSDEM 2026), a cross-desktop effort to bring WebAuthn/FIDO2 passkeys to Linux, improving support for sandboxed apps and browsers. The project comprises libwebauthn (a Rust FIDO2/U2F library with USB/BLE/hybrid authenticators and pluggable transports) and credentialsd (a D-Bus service with an XDG portal for credential management, incl. Firefox integration and distro packaging). The talk shows a sandboxed Firefox talking to hardware keys via credentialsd and sketches a roadmap: TPM-backed authenticators, origin binding, unprivileged browser APIs, and collaboration with GNOME/KDE/Flatpak and distros. Watch slides and videos linked.
HN Comments
An error shows the request was blocked by the site's security policies (429/400). If this is an error, users should contact support.
HN Comments
Open Library volunteers, led by Emily, created a Nancy Drew collection uniting multiple series. Team members from Tokyo, Pakistan, and the western U.S. planned with Google Docs and Zoom, then manually tagged books with collectionid: for accessibility. Metadata challenges included ghostwriter attribution to Carolyn Keene, corrected by Lisa Seaberg, and sourcing across multiple editions. Nichole and Maahin added specific series; Liz consulted Girl Sleuth for context. The first eight series (500+ books) were added; work continues with more tags and series ordering. The project invites volunteers. Lessons: manual tagging is effective; human connections matter; live training helps.
HN Comments
Susam Pal argues that social media shifted from genuine social interaction to “attention media” around 2012–2016, with infinite scroll and manipulative notifications that prioritized engagement over relevance. The author recalls an initial Web 2.0 optimism, but now sees feeds filled with strangers and a loud, intrusive experience. Abandoning mainstream platforms, Pal finds Mastodon restores the original social feel: few, meaningful followings; updates from chosen people; no bogus alerts; a calm, predictable timeline. The author hopes Mastodon stays true to this social model.
HN Comments
Ankit Maloo argues that while LLMs excel at word models, true world models—simulating multi-agent environments, theory of mind, and adversarial dynamics—are still missing. He highlights three world-model strands: 3D video/world models (Marble, Genie 3), Meta’s latent-space projections (JEPA, V-JEPA), and multi-agent models for adversarial reasoning. In real settings, agents model and adapt to each other; perfect-information games (chess) are easier than imperfect-information ones (poker). LLMs fail when trained for artifact quality instead of outcomes under strategic interaction. The fix: train with multi-agent feedback and evaluate results, not only language style. Experts’ edge is dynamic world-modeling, not surface coherence.
HN Comments
Could not summarize article.
HN Comments
Shadaj Laddad uses Lean4 to formally model a Cyberchase Nim-like puzzle from PBS Kids and prove a winning strategy for the Cybersquad. The post defines a dragon removal game with a poison-number state (green_dragons mod 4 = 0) that lets Hacker force a loss, and shows how the squad can drive the game toward such states and eventually win. It walks through mutual recursion squadWins/hackerWins, termination measures, and tactics (rw, simp, split, omega) to complete the proof, including a modular-arithmetic lemma (mod_zero_plus_k). The author links to the GitHub repo and advocates Lean's rigor and autoformalization.
HN Comments
CATL's Naxtra sodium‑ion battery powers the Changan Nevo A06, the world’s first mass‑produced sodium‑ion EV. It delivers about 250 miles (≈400 km) on the China CLTC cycle and shows strong cold‑weather performance, retaining over 90% of range at −40°C and stable power down to −50°C. The rollout signals a dual‑chemistry era where sodium‑ion and lithium‑ion can coexist. Sodium‑ion is cheaper and less temperature‑sensitive, with 175 Wh/kg energy density. The battery isn’t coming to the U.S. today; CATL expects range to rise to ~600 km in the future as the supply chain matures.
HN Comments
Underhill: A Mars Colony Game is a survival and building game on Mars, inspired by Kim Stanley Robinson's Mars Trilogy, created by Aria Alamalhodaei.
HN Comments
Release notes for Bun v1.3.9: new features and broad performance/bug fixes across runtime, test runner, and tooling. Highlights include parallel/sequential script execution with Foreman-style output, Symbol.dispose for mocks/spies, ES module bytecode, faster Markdown rendering, and new APIs (Archive, JSONC, Terminal, URLPattern). CPU profiler interval flag, improved NO_PROXY handling with explicit proxies, and HTTP/2 server upgrades. Numerous engine optimizations: SIMD-based RegExp, JIT improvements for fixed-count patterns, String/Set/Map/trim/replace enhancements. Bug fixes for Node compatibility, Web APIs, and TS types. Installation and upgrade commands are provided.
HN Comments
Suve explains how Fedora’s mass rebuild hit chocolate-doom due to GCC 15 defaulting to C23 (-std=gnu23). Chocolate-doom’s custom boolean type clashes with the keywords false/true in C23. Two fixes considered: force an older C standard or switch to built-in bool; upstream chose to require C99. A later patch to use stdbool.h and int boolean caused startup crashes due to undefined behavior from assigning -1 to a _Bool, as revealed by debugger and code analysis. The episode underscores how UB and language standard changes can break legacy C code.
HN Comments
Flaw in Roundcube Webmail (<1.5.13, <1.6.13) lets attackers bypass 'Block remote images' by abusing SVG feImage href. The rcube_washtml sanitizer treats image attributes: it blocks images via is_image_attribute for <img>, <image>, <use>, etc., but feImage href is processed by wash_link() as a link, not as an image, so remote URLs slip through. Attack demonstrates loading remote image via SVG filter <feImage>. Impact: attacker can detect email opens, log IP, fingerprint browser. Fixed in 1.5.13 and 1.6.13 (patch merges feImage into image check).
HN Comments
An article detailing how to re-create the 1997 process of building the win32 Quake binaries (winquake.exe, glquake.exe, QuakeWorld) by following four historical environments—from an Intergraph or Pentium Pro workstation to VirtualBox running Windows NT 4/98SE. It covers installing Windows NT 4, installing Visual C++ 6, obtaining the original source (q1source.zip from the Quake Official Archive), and building with VC++6 using the WinQuake.dsw workspace. The build initially fails due to old hand-optimized assembly; needs the VC++5 Processor Pack and MDAC setup. After a second rebuild, QuakeWorld runs with QSpy.
HN Comments
Explains Secure Boot and how attackers bypass it using signed bootloaders. Focuses on PreLoader and shim that authorize trusted files via embedded hashes or certificates, allowing execution of previously untrusted .efi while requiring physical user presence. Describes two universal boot-disk approaches: (1) modded GRUB with an internal EFI loader bypassing signature checks; (2) a custom pre-loader that hooks UEFI verification functions. Shows examples: Super UEFIinSecureBoot Disk and Silent UEFIinSecureBoot Disk based on Kaspersky Rescue Disk 18. Concludes that some Microsoft-signed bootloaders enable silent loading of untrusted code under Secure Boot, with potential revocation in future.
HN Comments
A 403 Forbidden error means the server understood the request but refuses to authorize access to the requested resource, typically due to insufficient permissions or access restrictions.
HN Comments
Danny Spencer shows a real-time 3D shader on the Game Boy Color. Using normal maps from Blender, cryptomattes, and a per-pixel formula v = m cos(Nφ−Lφ) + b with Lθ fixed, the ROM stores (Nφ, log(m), b) and uses log-space multiplication via lookups. All scalars are 8-bit fractions; signs encoded in the log-space MSB. The per-pixel work runs in ~130 cycles; 15 tiles per frame; ~89% of the frame CPU. Self-modifying code patches hot-path instructions to shave cycles. The post also recounts attempts with AI, workflow details, and links to the GitHub repo and video.
HN Comments
Vouch is an experimental, open-source contributor-trust system based on explicit vouches and denouncements. Projects maintain a flat VOUCHED.td list (or read others') to form a web of trust, controlling who can participate. It offers GitHub Actions and a Nushell CLI to vouch/denounce users, check PR authors, and manage status via discussion or issues. The policy is project-specific; governance and consequences are up to each project. MIT-licensed; designed to cope with AI-generated low-quality contributions.
HN Comments
An issue reports a vulnerability in GitHub Copilot Chat: billing can be bypassed by orchestrating subagents with an agent definition. Start a chat on a free model, create an agent using a premium model, and have it spawn a subagent that runs the premium model; the outer request stays free while the premium usage is consumed, enabling near-unlimited free premium calls. Examples mention GPT-5 mini as the free model and Opus 4.5 as the premium model.
HN Comments
Valéria Chomsky, Noam Chomsky’s wife, speaks as Noam, who is recovering from a stroke and cannot comment. She acknowledges acquaintance with Jeffrey Epstein, whom they met in 2015. They attended lunches and dinners tied to Noam’s work and received help with a financial issue; Epstein sent a $20,000 payment for a linguistic project, and a $270,000 transfer was Noam’s funds later recovered with Epstein’s alleged help. They deny witnessing any criminal acts and say Epstein never had access to their accounts or investments. She apologizes for poor judgment, emphasizes solidarity with Epstein’s victims, and says their actions were professional.
HN Comments
Made by Johno Whitaker using FastHTML