Ttl;dr HNabout
Jun 23Wednesday, June 24, 2026 · all days
1.Vulnerability reports are not special anymore(words.filippo.io)
300 points by goranmoomin 12 hours ago | 167 comments | permalink
tl;dr: Open source maintainers have traditionally treated vulnerability reports as special obligations—owing responsiveness and credit to researchers in exchange for their scarce insight and confidentiality. But in 2026, LLMs have made vuln discovery cheap and abundant, shifting the bottleneck from finding bugs to triaging them, while also eroding the value of embargoes since attackers can run the same tools. The author argues maintainers should now focus on rapid triage, remediation, and prevention (possibly via LLM analysis in CI), reserving "special" treatment only for high-severity reports or trusted researchers.
HN Discussion:
  • Spam and low-quality vuln reports overwhelm maintainers, validating the need to deprioritize them
  • Current LLM-driven flood is temporary; bugs will get fixed and reports will become special again
  • ~The problem demands engineering solutions like memory-safe languages to eliminate bug classes entirely
  • Low-quality vuln reports and bad incentives predate LLMs; nothing fundamentally new here
  • ~Concern about commercialization and hype-driven dynamics distorting the vulnerability disclosure space
2.Jerry's Map(jerrysmap.com)
494 points by turtleyacht 17 hours ago | 55 comments | permalink
tl;dr: In 1963, Jerry began doodling a map of an imaginary city during a boring job, set it aside in 1983, then resumed decades later — it now spans 4,000+ 8x10 panels arranged in a rough circle. The project is governed by an evolving deck of ~100 instruction cards that dictate what to paint, collage, or alter on each panel, along with rules about layers (paint bands, collage, "city squares," Void, Red Dimension, etc.) that progressively replace earlier work. The result is a rule-based, semi-randomized generative art system executed by hand over 60+ years.
HN Discussion:
  • Sharing related tools or digital recreations of Jerry's Map system
  • Personal nostalgia about making similar imaginary maps or worlds as children
  • Appreciation for the rule-based system that balances structure and creativity
  • Connecting the project to outsider art and other rule-based creative works
  • Pointing to prior documentation and coverage of the project
3.In memory of the man who put red and green squiggles under words(devblogs.microsoft.com)
434 points by saikatsg 18 hours ago | 70 comments | permalink
tl;dr: Tony Krueger, a longtime Microsoft Word developer, passed away. He's credited with making spell-check non-blocking and introducing the now-ubiquitous red (and later green) squiggly underlines for misspellings and grammar errors. He also ported Chip's Challenge to Windows by reverse-engineering the MS-DOS version without source code.
HN Discussion:
  • Prior software like Prowrite on Amiga had real-time spell checking with red squiggles before Word
  • Squiggles are annoying, distracting, or unhelpful, especially in multilingual or non-standard writing contexts
  • Appreciation for the squiggle UI pattern as an intuitive and impactful design decision
  • Software developers deserve more visible credit for their contributions, like movie credits
  • Wikipedia citation for the Chip's Challenge port circularly references Chen's own article
4.FUTO Swipe – A new swipe typing model(swipe.futo.tech)
574 points by futohq 18 hours ago | 197 comments | permalink
tl;dr: FUTO has released an open swipe typing system for their offline Android keyboard, trained on a public dataset of 1M+ QWERTY English swipes (released under MIT). The architecture uses three small models—a layout-agnostic encoder, a per-language ContextLM, and a layout-specific decoder—totaling ~2.5M parameters, achieving a ~4% top-4 fail rate (under 1% excluding OOV). Models are under the FUTO Model License (requiring user-visible attribution), with an accompanying GPL C++ inference/beam-search library.
HN Discussion:
  • Existing FUTO users are pleased with the swipe update and find it nearly matches gboard quality
  • The keyboard's Futo License is criticized while the GPL library is praised
  • ~Users want better multi-language simultaneous swipe support without manual switching
  • Desire for a keyboard layout redesigned specifically to reduce swipe ambiguity
  • iOS users lament unavailability and discuss alternative swipe keyboards on their platform
5.Printing Gaussian Splats(patreon.com)
326 points by ilnmtlbnm 2 days ago | 36 comments | permalink
tl;dr: Crysta.ai 3D-printed the author's Gaussian splat of an insect by voxelating it into a translucent "crystal" block, with each voxel containing a mix of inks and varying transparency. The author trained the splat using spherical harmonics at level 0 in linear space to suit the non-view-dependent printing process, though results came out slightly dark with some splat artifacts and clumpy fur. They suggest future improvements like voxelization previews and MagicaVoxel import/export support.
HN Discussion:
  • Amazement at the fidelity and novelty of this 3D printing technique
  • Questions about technical details like printer technology and pricing
  • Skepticism about the voxelation approach, suggesting mesh-based alternatives might be more efficient
  • Validation that Gaussian splatting can support a viable business/product
  • Sharing supplementary resources like the original splat and printer video
6.Swift Package Index joins Apple(swiftpackageindex.com)
213 points by JDevlieghere 18 hours ago | 70 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • Happy for the SPI team's success and recognition by Apple
  • Skeptical of Apple's track record with open source and developer services
  • ~Concerned Apple will restrict or gatekeep which packages get indexed
  • Disappointed Swift ecosystem is becoming more tied to Apple rather than independent
  • Makes strategic sense given Apple's server-side Swift ambitions
7.Show HN: TikZ Editor – WYSIWYG editor for figures in LaTeX(tikz.dev)
404 points by DominikPeters 22 hours ago | 73 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • ~Praises the tool's UI but criticizes the quality of generated TikZ code using absolute coordinates
  • Enthusiastically welcomes the tool as a solution for difficulty writing TikZ manually
  • ~Requests support for alternative typesetting systems like Typst/cetz instead of LaTeX
  • Suggests improvement by adding presets for common use cases
  • Notes that AI coding tools already handle TikZ generation well, implying less need for this tool
8.The worthlessness of Vitamin D is mildly exaggerated(dynomight.net)
312 points by surprisetalk 19 hours ago | 227 comments | permalink
tl;dr: Vitamin D RCTs have refuted the magical correlations (no 30% mortality reduction), but the author argues skeptics overcorrected: trials consistently show hazard ratios slightly below 1 for cancer and all-cause mortality, and detecting modest-but-meaningful effects would require sample sizes far larger than any trial conducted. Combined with evolutionary evidence (ancestral levels ~115 nmol/L, pale skin evolving despite folate costs) and biology (vitamin D receptors throughout the body), supplementing if you have low-ish levels is probably worthwhile—even a HR of 0.96 would beat the cost of a daily pill.
HN Discussion:
  • ~Sunlight itself, not just vitamin D, drives health benefits through multiple pathways
  • Personal anecdotes confirming vitamin D supplementation reduces illness
  • ~Vitamin D deficiency claims are overhyped by supplement industry and influencers
  • Methodological concerns about studies—dosing, K2 cofactor, blood level measurement
  • Blood vitamin D may just be a proxy for outdoor exercise, which is the real cause
9.Meta Pauses Employee-Tracking Program Following Internal Data Leak(wired.com)
273 points by 1vuio0pswjnm7 12 hours ago | 202 comments | permalink
tl;dr: Meta has paused its Model Compatibility Initiative (MCI), a tool deployed to US employees in April that captured mouse movements, keystrokes, click locations, and screen content to train AI systems on human computer use. The pause follows an internal security incident where MCI-collected data was accessible to other Meta employees; an initial fix on June 18 failed to hold, prompting further lockdowns. Employees had been petitioning against the program over privacy concerns, and opt-outs were only added after protests.
HN Discussion:
  • Meta is a fundamentally unethical company harming the world and its employees
  • Leaks like this are necessary resistance against expanding surveillance society
  • Treating employees this way reveals how Meta treats user data generally
  • Invasive employee monitoring signals deeper organizational dysfunction
  • Meta's pause is temporary and the program will return
10.Fired by Google for creating the Google workspace CLI(twitter.com)
568 points by justinwp 18 hours ago | 338 comments | permalink
tl;dr: A Google employee was fired two months ago after creating a Google Workspace CLI tool that went viral, topping Hacker News and gaining thousands of GitHub stars and users. The author believes the termination stemmed from internal fears about AI agents disrupting Workspace, noting the irony that Google announced its own official Workspace CLI at Google Cloud Next just two days before the firing.
HN Discussion:
  • Releasing under employer's name without approval obviously warrants firing, author exercised poor judgment
  • Firing reflects Google's broken bureaucracy punishing innovation and 20% time culture
  • ~There must be more to the story; typical response would be warning, not termination
  • Google employees commenting critically should disclose conflicts of interest
  • Praise for Justin's past contributions and genuine connection to the platform
11.The deadly rise of giant trucks and SUVs(nytimes.com)
445 points by xnx 2 days ago | 702 comments | permalink
tl;dr: A NYT investigation found that the shift toward larger SUVs and pickups—with hoods now averaging 3 feet tall and significantly bigger blind zones—has caused roughly 3,000 additional pedestrian deaths from 2016-2024, accounting for about 10% of the 75% surge in pedestrian fatalities since 2009. Automakers have pushed bigger vehicles because they generate nearly all industry profits, while a 2009 rollover safety rule inadvertently worsened visibility by thickening A-pillars. Regulators have largely ignored the issue, betting instead on automatic braking technology that tests show is unreliable.
HN Discussion:
  • Article overstates the case since its own data shows vehicle size only explains 10% of the increase
  • Other factors like phones or driver behavior better explain pedestrian deaths, not vehicle size
  • Larger vehicles should require stricter licensing and penalties to reflect their danger
  • Society applies a double standard, ignoring car dangers while quickly regulating smaller risks
  • Aggressive truck/SUV design aesthetics are killing pedestrians and deserve condemnation
12.Steam Machine launches today(store.steampowered.com)
1889 points by theschwa 1 day ago | 1670 comments | permalink
tl;dr: Summary not available.
HN Discussion:
  • Appreciation for Valve's fair reservation system and transparent pricing explanation
  • Praise for the device being unlocked and user-controllable, supporting open computing
  • Enthusiasm for Steam Machine boosting Linux gaming legitimacy and adoption
  • Criticism that specs (16GB RAM, 512GB SSD) are insultingly low for the $1000+ price point
  • Skeptical comparison to PS5/Pro showing Steam Machine offers poor value versus console competition
13.The Coming Loop(lucumr.pocoo.org)
395 points by ingve 1 day ago | 273 comments | permalink
tl;dr: Developers are increasingly building "harness loops" around coding agents—outer loops that queue work, judge results, and re-prompt models until tasks complete without human intervention. The author argues this works well for ephemeral tasks like porting, benchmarking, and security scanning, but produces overly defensive, hard-to-understand code when used for long-lived codebases, creating systems treated more like organisms than deterministic machines. Opting out may not be viable due to competitive and security pressures, so the real question is how to preserve human judgment, code legibility, and engineering standards in a loop-driven future.
HN Discussion:
  • Clear specifications and human thinking time remain the real bottleneck, not agent loops
  • LLMs produce defensive, taste-lacking code unsuitable for codebases we care about
  • Reliance on AI is degrading human understanding and communication around code
  • Only delegate well-specified, repeatable tasks; keep judgment-heavy work human
  • The article is vague techno-babble mystifying what is just AI writing code
14.AI's Affordability Crisis(blog.dshr.org)
294 points by ilreb 21 hours ago | 384 comments | permalink
tl;dr: AI platforms like OpenAI and Anthropic have been massively subsidizing usage—analysis shows $200/month subscribers can burn $8,000-$14,000 in tokens—while OpenAI lost $38.5B on $13B revenue in 2025, spending 44% on sales and marketing. As companies shift to token-based pricing, enterprise customers are experiencing 7x cost spikes, with some firms finding AI more expensive than human workers. Servicing the industry's projected $3T debt would require displacing roughly 27% of US jobs, making the path to profitability implausible even as OpenAI and Anthropic head toward IPOs.
HN Discussion:
  • User behavior shifted rapidly with token pricing, causing companies to clamp down on AI usage
  • ~Real issue isn't cost but lack of ROI; models get cheaper but bad ideas won't generate profit
  • Article's subsidy math is wrong because enterprise customers don't get the $200 plans
  • VC overinvestment creates Enron-like scheme that will implode after IPOs dump on retail investors
  • New tech is always expensive initially and gets cheaper; people are overreacting
15.Mistral OCR 4(mistral.ai)
471 points by meetpateltech 22 hours ago | 123 comments | permalink
tl;dr: Mistral released OCR 4, a document extraction model that returns bounding boxes, typed block classifications (tables, equations, signatures, etc.), and per-word confidence scores across 170 languages, deployable in a single self-hosted container. It claims top scores on OlmOCRBench (85.20) and 72% win rates in human preference tests against competitors, though Mistral notes benchmark scoring artifacts inflate apparent errors on math and multi-column docs. Pricing is $4/1k pages via API ($2 batch), $5/1k for Document AI, available through Mistral Studio, AWS SageMaker, and Microsoft Foundry.
HN Discussion:
  • Skepticism about Mistral's benchmark claims given past versions underperformed external benchmarks
  • Criticism of misleading presentation like truncated y-axes and selective benchmark reporting
  • Questioning the price increase and lack of clear differentiation from the previous v3 model
  • ~Mixed real-world testing results showing accuracy issues with certain languages/scripts compared to competitors
  • Curiosity about missing competitor comparisons (e.g., Claude) in the benchmarks
16.The war on terror primed America for autocracy(economist.com)
224 points by andsoitis 10 hours ago | 207 comments | permalink
tl;dr: Summary not available
HN Discussion:
  • Patriot Act traded freedom for false security, as predicted long ago
  • Bin Laden's strategy to weaken America succeeded
  • The slide into autocracy was obvious and alienating at the time
  • Expansion of executive power is the root cause of creeping autocracy
  • Tools used against outgroups inevitably get turned on citizens
17.Unlimited OCR: One-shot long-horizon parsing(github.com)
475 points by ingve 1 day ago | 108 comments | permalink
tl;dr: Baidu released Unlimited-OCR, a document parsing model that extends DeepSeek-OCR for one-shot long-horizon parsing of single images, multi-page documents, and PDFs up to 32k tokens. It supports two image configurations (gundam and base) and ships with both Hugging Face Transformers and SGLang inference paths, including a batch script with concurrent requests against an OpenAI-compatible API. The model is available on Hugging Face and ModelScope, with an accompanying arXiv paper.
HN Discussion:
  • Technical appreciation for the architectural approach to solving KV cache memory issues in long document OCR
  • Enthusiasm for multi-page single-pass VLM OCR with interest in the attention mechanism design
  • Skepticism about OCR hallucinations and whether this model avoids inventing artifacts
  • Questioning how this compares to other OCR tools like Infinity Parser 2 or Mistral's offering
  • Curiosity about why companies open-source genuinely valuable software like this
18.Giant Banana Pulled Over: Driver Says Cops Have Stopped Him 100s of Times(cowboystatedaily.com)
214 points by speckx 3 days ago | 116 comments | permalink
tl;dr: Steve Braithwaite has driven his 23-foot Big Banana Car over 250,000 miles since building it in 2008, and says he's been pulled over hundreds of times—usually by cops who just want photos or an excuse to chat. The latest stop happened in Billings, Montana, over a license plate issue, but he wasn't ticketed. Braithwaite now plans a "World Needs More Whimsy Grand Tour" to drive the banana through Central America and eventually around the globe.
HN Discussion:
  • Playful creative responses celebrating the banana car with poems and jokes
  • Personal anecdotes of spotting or riding in the banana car
  • Appreciation for whimsy and wanting more fun vehicles on the road
  • Criticism that police stops waste everyone's time and should be tracked
  • ~Curiosity about missing technical details like engine and chassis specs
19.Madison Square Garden compiled a list of activists against facial recognition(404media.co)
307 points by cdrnsf 22 hours ago | 88 comments | permalink
tl;dr: Madison Square Garden compiled a document tracking activists who publicly criticized its use of facial recognition technology, collecting their tweets and comments for internal distribution. The document was discovered in a 45GB cache of data stolen by hackers and leaked online, then reviewed by 404 Media. The revelation underscores MSG owner Jim Dolan's reputation for targeting critics, while simultaneously deploying biometric surveillance on patrons.
HN Discussion:
  • The broader use of facial recognition to block critics is the real scandal, not just this dossier
  • ~Facial recognition itself is a useful tool; the real issue is governance and transparency over who decides exclusions
  • This fits a wider pattern of surveillance infrastructure being weaponized against citizens by powerful entities
  • Questions whether automated recognition is meaningfully different from a human doorman with a good memory
  • Praises the activists named in the dossier as brave for standing up to MSG
20.Digital euro clears key hurdle as EU seeks to break free from U.S. credit cards(finance.yahoo.com)
208 points by madars 20 hours ago | 342 comments | permalink
tl;dr: The European Parliament's economic committee approved draft rules for a digital euro, a central-bank-backed electronic wallet aimed at reducing the eurozone's reliance on U.S. payment networks like Visa and Mastercard amid strained transatlantic ties. The ECB plans a 12-month pilot starting in late 2026 ahead of a full launch in 2029, with final legislative approval potentially coming by year-end. The project, six years in development, has gained urgency under Trump's second term, though it still faces opposition from some lawmakers and concerns from banks over deposit outflows.
HN Discussion:
  • Digital euro doesn't address why people use credit cards (fraud protection, chargebacks, insurance)
  • ~EU should copy proven systems like India's UPI/RuPay or Brazil's Pix instead
  • The project has strategic sovereignty value for Europe despite unclear user benefits
  • Concerns about heavy KYC, spending controls, and surveillance via digital euro
  • Implementation will likely still depend on US tech companies (Apple/Google), undermining independence
Jun 23all days