Hacker News, Distilled

AI powered summaries for selected HN discussions.

Page 92 of 950

Copy Fail

A newly disclosed Linux kernel vulnerability (“Copy Fail”, CVE-2026-31431) allows any local user on many systems since 2017 to gain root by abusing the AF_ALG crypto socket interface to corrupt the page cache of readable binaries like `su`. Commenters confirm the exploit works on a range of popular distributions and kernels, debate its true scope (including containers and Android), and share mitigations such as upgrading to patched kernels, disabling `algif_aead`/AF_ALG, or tightening SELinux and seccomp policies. The incident also revives criticism of setuid binaries, the AF_ALG API itself, and the growing use of named, heavily marketed vulnerabilities backed by AI‑generated writeups.

Full summary View on HN ↗ Original Article ↗

The Abstraction Fallacy: Why AI can simulate but not instantiate consciousness

A new DeepMind paper arguing that AI can only simulate, not truly instantiate, consciousness has reignited long‑running disputes over what consciousness is and whether it can emerge from computation alone. Commenters challenge the paper’s core move of separating “simulation” from “real” experience as potentially circular or unfalsifiable, and note that we lack a clear, testable definition of consciousness to ground such claims. The conversation widens into ethical and practical concerns, including AI “welfare,” anthropomorphism, and whether highly capable but non‑sentient systems should still be granted moral consideration.

Full summary View on HN ↗ Original Article ↗

Opus 4.7 knows the real Kelsey

Advances in large language models are revealing an unexpected capability: accurately attributing anonymous or unpublished text to specific online writers based solely on style and content. Commenters report Opus 4.7 correctly identifying authors of drafts, blog posts, and chat messages, raising fears that stylometric deanonymization at scale could effectively end practical online anonymity. The thread explores how this might affect vulnerable groups, future privacy norms, and whether defensive tools — such as AI-based style obfuscation — can meaningfully mitigate the risk.

Full summary View on HN ↗ Original Article ↗

Maryland becomes first state to ban surveillance pricing in grocery stores

Maryland’s move to ban “surveillance pricing” in grocery stores is prompting broader scrutiny of how retailers use personal data and dynamic algorithms to tailor prices to individual shoppers. Commenters highlight existing practices like loyalty apps, personalized coupons, and online delivery platforms that already approximate this model, warning it can penalize privacy‑conscious and low‑income consumers while undermining price transparency. Many doubt the new law’s effectiveness given exemptions for discounts and loyalty programs and relatively small penalties, but see it as an early attempt to curb increasingly adversarial, data‑driven pricing in essential goods.

Full summary View on HN ↗ Original Article ↗

FastCGI: 30 years old and still the better protocol for reverse proxies

FastCGI is being re-evaluated as a safer, more robust protocol than HTTP for communication between reverse proxies and backend applications, largely because it cleanly separates trusted metadata from untrusted client headers and avoids many HTTP parsing pitfalls. Commenters weigh this security and performance benefit against the ubiquity and simplicity of using HTTP end‑to‑end, noting that modern stacks, cloud tooling, and developer workflows overwhelmingly assume HTTP even if it is “worse is better.” Alternatives like uWSGI, custom protocols, and embedded HTTP servers are mentioned, but most agree that careful header allowlisting or dedicated front-end firewalls are essential when HTTP is used between internal services.

Full summary View on HN ↗ Original Article ↗

Online age verification is the hill to die on

Governments worldwide are moving toward mandatory online age verification in the name of protecting children from porn, social media harms, and other “adult” content, prompting intense concern about privacy and free speech. Critics argue that tying internet access to government‑backed identity will entrench mass surveillance, chill anonymous expression, and expand corporate data collection, while supporters counter that some form of ID‑based gating is necessary to hold platforms and porn sites accountable for serving minors. Proposed alternatives range from device‑level parental controls and simple content‑rating headers to privacy‑preserving cryptographic attestations, but many fear that lawmakers and major tech firms are instead converging on invasive, hard‑to‑reverse identity infrastructures.

Full summary View on HN ↗ Original Article ↗

Cursor Camp

A whimsical multiplayer web game called Cursor Camp, where users control their mouse cursors as avatars in a shared camp environment, is delighting players with its rich details, secret badges, mini-games, and nostalgic Club Penguin–era vibes. Commenters praise the inventive use of mouse hijacking for movement, the sense of spontaneous social interaction (from volleyball to piano concerts), and the technical polish, while a minority note issues with cursor sensitivity, browser compatibility, and mobile performance.

Full summary View on HN ↗ Original Article ↗

U.S. war in Iran has cost $25B so far, says Pentagon official

A Pentagon estimate that the U.S. war in Iran has cost $25 billion so far prompts wide debate over both the direct and hidden costs of the campaign, from depleted missile stockpiles to higher global oil prices. Commenters contrast this spending with domestic priorities such as student debt relief, public services, and parental leave, and question whether the operation meaningfully advances U.S. security given Iran’s regional posture and nuclear ambitions. Many also highlight the role of Trump-era decisions, especially abandoning the 2015 nuclear deal and sharply expanding the defense budget, in setting the stage for a conflict that critics argue will ultimately have to be resolved diplomatically.

Full summary View on HN ↗ Original Article ↗

Why AI companies want you to be afraid of them

AI labs’ habit of warning that their own products could end humanity is framed as a strategic choice rather than pure altruism. Commenters argue that apocalyptic rhetoric builds hype, attracts investors, steers regulation in favor of large incumbents, and distracts from more immediate harms such as job loss, surveillance, spam, deepfakes, environmental costs, and unsafe deployment in critical systems. Others counter that many researchers genuinely fear long‑term risks, leaving society in a “damned if you do, damned if you don’t” bind over how seriously to take existential claims while still regulating today’s concrete abuses.

Full summary View on HN ↗ Original Article ↗

Mistral Medium 3.5

Mistral Medium 3.5, a 128B-parameter dense, text‑only model from French startup Mistral, is drawing mixed reactions as an open‑weights alternative to US and Chinese “frontier” AI systems. Commenters note that while it appears competitive with strong mid‑tier models and is attractive for on‑premise and sovereignty‑focused deployments, it lags leading proprietary and newer Chinese models on capability, speed, and price, especially given its heavy hardware requirements. The release is seen as part of a broader strategy where smaller labs aim for “good enough” models optimized for cost and local control, even as many users feel the performance gap to top agents from OpenAI, Anthropic, and DeepSeek still meaningfully impacts productivity.

Full summary View on HN ↗ Original Article ↗

What can we gain by losing infinity?

Mathematicians and technologists are weighing whether rejecting actual infinity and working only with finite or “ultrafinite” quantities could yield a more realistic or computationally grounded mathematics. Supporters argue that since physical measurements and computers are inherently finite, abandoning infinite sets might improve decidability and align math more closely with the real world, while critics counter that infinity is a coherent abstract concept that underpins calculus, analysis, and modern physics. The exchange highlights a broader tension between mathematics as a practical modeling tool for finite systems and mathematics as an open-ended exploration of abstract structures unconstrained by physical observability.

Full summary View on HN ↗ Original Article ↗

An open-source stethoscope that costs between $2.5 and $5 to produce

An open-source stethoscope design that can be 3D‑printed for $2.50–$5 is challenging the idea that quality medical tools must cost $100 or more. Commenters weigh its claimed Littmann‑level performance against concerns about durability, sterilization, regulatory standards, acoustic subtlety, and the practical realities of clinical use. Many conclude that while professionals in wealthy settings will still prefer proven commercial models, locally manufacturable, “good enough” devices could be valuable in low‑resource or crisis environments where supply chains and budgets are constrained.

Full summary View on HN ↗ Original Article ↗

Zed 1.0

Zed 1.0, a GPU‑accelerated, Rust-based code editor, is being praised for its speed, responsive UI, and batteries‑included setup that makes it a compelling alternative to VS Code, JetBrains IDEs, and Sublime for many developers. Users highlight strong SSH remote development, solid vim/emacs keybinding support, and deep AI integration (agents, inline completions, Claude/OpenRouter/Ollama support), while also noting gaps such as limited plugin/extensibility APIs, polarizing search and Git UIs, incomplete language tooling and debugging in some ecosystems, and ongoing Linux/Wayland and accessibility issues. A significant undercurrent of concern centers on Zed’s telemetry and terms of service, its habit of auto‑installing language tools, and the risks of a VC‑funded, AI‑centric product, leading some to prefer forks or more traditional editors despite Zed’s technical merits.

Full summary View on HN ↗ Original Article ↗

We need a federation of forges

Calls to reduce reliance on GitHub are reviving interest in “federated forges” — code hosting platforms that interoperate instead of centralizing projects, identities, and collaboration tools in one company’s hands. Commenters examine Tangled, a new VC‑funded git forge built on the AT Protocol, debating its technical merits (federated identity, issues and PRs, Jujutsu support) versus alternatives like ForgeFed, Radicle, mailing‑list workflows, and simply mirroring git repos. Many like the idea of shifting power away from single providers, but are skeptical about new protocols, spam and moderation challenges, cold‑start problems, and the long‑term incentives of venture-backed platforms.

Full summary View on HN ↗ Original Article ↗

10Gb/s Ethernet: what I did to get it working in my home

Home tinkerers are pushing 10Gb/s Ethernet into their houses, weighing the appeal of near–SSD-speed file transfers and fast game downloads against high costs, power draw, and heat—especially with 10GBASE‑T over copper. Many report that existing Cat5e/Cat6 cabling often works fine for short 10G runs, but argue that fiber or 2.5/5GbE links can be more practical, cooler, and cheaper to scale. Underneath the hardware choices is a broader question: for most households whose internet usage rarely maxes out even 1Gb/s, how much multi-gigabit capacity is genuinely useful versus just a fun overbuild.

Full summary View on HN ↗ Original Article ↗

He asked AI to count carbs 27000 times. It couldn't give the same answer twice

AI tools that claim to estimate calories or carbohydrates from food photos are being called out as unreliable and potentially dangerous, especially for people with diabetes who may use them to dose insulin. Commenters note that a single image often lacks enough information to infer nutritional content, models are probabilistic and inconsistent even with identical inputs, and current systems rarely say “I don’t know” when a task is impossible. Many argue this exposes a broader problem: consumer-facing AI is marketed as an all-purpose oracle, while users receive little education about its limits, leading to misplaced trust in health‑related applications.

Full summary View on HN ↗ Original Article ↗

HashiCorp co-founder says GitHub 'no longer a place for serious work'

Growing frustration with GitHub’s reliability and product direction is driving some open-source maintainers and companies to leave the platform, with recent high-profile projects migrating to alternatives like GitLab, Forgejo, and Codeberg. Commenters link the decline to Microsoft’s post-acquisition priorities, including aggressive AI feature rollouts, Copilot monetization, and a perceived shift from stability to growth at all costs. Others note the powerful network effects that still keep most code on GitHub, but argue that self‑hosting and decentralized forges are becoming increasingly attractive for teams that depend on high availability and predictable workflows.

Full summary View on HN ↗ Original Article ↗

Show HN: Rip.so – a graveyard for dead internet things

A nostalgia-fueled “graveyard” site cataloging dead internet services and tech has prompted both enthusiasm and critique. Commenters enjoy revisiting products like ICQ, MSN, Tamagotchi and MiniDisc, but argue over what truly counts as “dead,” point out omissions and regional bias, and suggest clearer status labels (shut down, zombie, niche) plus a community-driven submission and voting system. Many also criticize the heavy use of AI-generated eulogies and some visual design choices, urging the creator to add real user memories, screenshots, logos, and better accessibility while the author commits to iterative improvements.

Full summary View on HN ↗ Original Article ↗

Soft launch of open-source code platform for government

The Netherlands has soft-launched a national Forgejo-based platform (code.overheid.nl) for publishing and collaborating on government open-source software, aiming to reduce dependence on commercial services like GitHub and US-based cloud providers. Commenters broadly welcome the move as a step toward digital sovereignty and reusable “public code,” but note rough edges in the pilot, limited current adoption, and the wider reality that many Dutch public bodies still rely heavily on Microsoft and other proprietary infrastructure. The conversation situates the initiative within a broader European trend, comparing Dutch efforts to those in Germany, France, the UK, and the Nordics, and raises concerns about sensitive systems like the DigiD identity platform potentially falling under US jurisdiction.

Full summary View on HN ↗ Original Article ↗

Why I still reach for Lisp and Scheme instead of Haskell

Advocates of Lisp and Scheme argue that these languages make it easier to prototype and evolve complex systems, thanks to simple, uniform syntax, powerful macros, and interactive REPL-based workflows that allow live inspection and modification of running programs. Haskell proponents counter that its strong static type system and dense, math-like syntax enable highly reliable code and expressive domain-specific languages, but critics find its syntax, laziness, and IO/monad model cumbersome for everyday debugging and “just add a print” iteration. Across languages, participants weigh trade-offs between dynamic flexibility and static safety, the practicality of hot-reloading in production, and how much syntax and tooling help or hinder real-world development.

Full summary View on HN ↗ Original Article ↗