1. DeepSeek v4
   DeepSeek drops its fourth major model and the HN crowd goes wild with 1473 comments — the most active discussion of the day by a wide margin. If you're comparing frontier models for coding workflows or evaluating Claude alternatives, this is a must-read. The comment thread is packed with benchmark comparisons and real-world impressions.
2. I cancelled Claude: Token issues, declining quality, and poor support ⚡
   A developer documents their frustrations with Claude's token limits, perceived quality regression, and unresponsive support — and ultimately walks away. Given that our reader builds with Claude Code daily, this is essential reading for stress-testing your own assumptions about tool reliability. The HN thread surfaces both validation and pushback.
3. Google plans to invest up to $40B in Anthropic
   Google is doubling down on Anthropic in a massive way — $40B dwarfs earlier commitments and signals a long-term bet on Claude as a Google Cloud cornerstone. For anyone building on Anthropic's APIs, this changes the vendor-lock-in calculus significantly. The HN thread debates competitive dynamics with OpenAI and what this means for Claude's roadmap.
4. CC-Canary: Detect early signs of regressions in Claude Code ⚡
   A targeted open-source tool that monitors Claude Code for quality regressions over time — exactly the kind of canary-in-the-coalmine tooling that power users of AI coding assistants need. Given the post above about Claude quality concerns, running something like this in your workflow is timely. Dead simple GitHub integration.
5. Sabotaging projects by overthinking, scope creep, and structural diffing
   Kevin Lynagh dissects how developers — and now AI coding agents — sabotage themselves through over-engineering, premature abstraction, and structural diffing rabbit holes. Directly relevant to anyone using Claude Code or Copilot and noticing the AI goldplate everything. Sharp, opinionated writing.
6. MacBook Neo and how the iPad should be ⚡
   Craig Mod imagines a dream MacBook form factor and uses it as a lens to critique the iPad's perpetual identity crisis. Beautiful writing from one of the best Apple essayists working today. If you've ever felt the iPad Pro should be more than it is, Mod articulates it perfectly.
7. My audio interface has SSH enabled by default
   A developer discovers their RODECaster Duo audio interface ships with SSH open on the local network by default — no opt-in, no warning in the manual. Classic IoT security debt in a prosumer audio device. A good reminder to nmap your own studio gear.
8. Firefox Has Integrated Brave's Adblock Engine ⚡
   Firefox quietly ships Brave's uBlock-compatible adblock engine, dramatically upgrading its built-in tracker blocking without requiring an extension. This is a meaningful privacy win for Firefox users — especially on platforms where extension support is limited. Might be enough to lure some Safari-only users back.
9. Show HN: Browser Harness – Gives LLM freedom to complete any browser task
   Browser Harness is a new open framework from the browser-use team that gives LLMs unconstrained control over browser automation tasks. Think of it as a more flexible complement to Playwright-based agents. Useful for anyone building AI workflows that need to navigate the real web.
10. You don't want long-lived keys ⚡
    A crisp argument for short-lived credentials everywhere — API keys, SSH keys, service tokens. The practical case for OIDC workload identity and ephemeral tokens over static secrets is made clearly, with real threat-model reasoning. Essential reading before your next infrastructure review.
11. Laws of Software Engineering
    A well-organized reference catalog of the classic laws — Brooks, Conway, Hyrum, Goodhart, Gall, YAGNI, DRY, KISS — with context on when each applies and when it misleads. The value isn't memorizing them; it's knowing their scope and failure modes. Bookmark-worthy for anyone mentoring junior devs or reviewing architecture decisions.
12. How LLMs Work — A Visual Deep Dive ⚡
    An interactive, visually rich explainer that walks through attention mechanisms, tokenization, and transformer architecture from first principles. If you've been using LLMs as a black box and want to understand why context windows behave the way they do, this is the tutorial to bookmark. Surprisingly polished for a personal site.
13. Is Your Site Agent-Ready?
    A quick scanner that checks your website for llms.txt, MCP support, and other emerging agent-friendliness standards. As AI agents increasingly navigate the web on users' behalf, being agent-ready is the new being mobile-ready. Run your own domains through this today.
14. agents-with-taste
    Emil Kowalski argues that AI coding agents need to be given aesthetic constraints and opinionated defaults — not just task instructions — to produce good UI work. A short, sharp essay on prompt engineering for visual quality. Directly applicable if you're using Claude Code for frontend work.
15. Atomic — Everything You Know, Connected
    Atomic is an AI-powered knowledge base that auto-embeds, tags, and links your notes, articles, and web clips as you add them — a direct Obsidian competitor with a more automated approach. For Obsidian power users curious about AI-native alternatives, this is worth a test drive. Could replace a lot of manual linking work.
16. Monodraw for macOS — Helftone ⚡
    Monodraw is a beautiful macOS-native ASCII/unicode art editor that doubles as a lightweight diagramming tool. Perfect for README diagrams, architecture sketches in plain text, and Obsidian embeds that survive any renderer. If you haven't tried it, this resurfacing is a good nudge.
17. RivoLink/leaf: Terminal Markdown previewer — GUI-like experience.
    Leaf is a TUI Markdown previewer that renders rich, GUI-like output entirely in the terminal. For developers who live in the command line and keep Obsidian-style Markdown notes, this fills a real gap. Pairs well with any CLI-heavy workflow.
18. What Async Promised and What it Delivered — Causality ⚡
    A thoughtful post-mortem on async/await: it solved the callback-hell readability problem but introduced new structural costs by hiding which operations actually depend on each other. Relevant for TypeScript/.NET developers who've felt the pain of async spreading through a codebase. Honest and well-argued.
19. Command Execution via Drag-and-Drop in Terminal Emulators
    A clever attack vector: dragging and dropping files into certain terminal emulators can silently trigger command execution — no user confirmation required. Affects iTerm2, Kitty, and others. If you use a terminal on macOS, check your drag-and-drop settings now.
20. GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser ⚡
    LlamaIndex's LiteParse is a fast, open-source document parser optimized for feeding PDFs and other docs into LLM pipelines. A lighter-weight alternative to commercial parsing services like LlamaParse or Unstructured. Drop it into any RAG workflow that needs reliable text extraction.

Read the full magazine edition →

1. GPT-5.5
   OpenAI drops GPT-5.5, the next step on the staircase between GPT-4o and the rumored full GPT-5. With 890 comments and the top score of the day, this is the model release everyone is dissecting right now. If you're building with AI tools or using Claude Code for comparison, this is essential context on what the competition is shipping.
2. An update on recent Claude Code quality reports ⚡
   Anthropic publishes a postmortem on a Claude Code quality regression that hit users earlier this week. If you noticed degraded output from your primary coding assistant, here's what went wrong and what was done about it. Rare transparency from a major AI lab — worth reading if Claude Code is in your daily workflow.
3. DeepSeek v4
   DeepSeek v4 lands with API docs live and the HN crowd already stress-testing it. Another competitive open-weight model that keeps the pressure on frontier labs. For developers evaluating coding-assistant alternatives, this is one to benchmark against your current stack.
4. Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign ⚡
   The Bitwarden CLI npm package was targeted in an active supply chain attack — a serious concern for anyone using it in CI/CD or scripted credential workflows. Socket's research details the Checkmarx campaign vector and what versions are affected. Audit your lockfiles and update immediately.
5. Show HN: Tolaria – Open-source macOS app to manage Markdown knowledge bases
   A native macOS app for managing Markdown-based knowledge bases — think Obsidian's ethos with Git and Claude Code integration baked in. For an Obsidian user who also lives in Claude Code, this is practically built for your exact workflow. Free forever, open-source, and already generating buzz.
6. French government agency confirms breach as hacker offers to sell data ⚡
   A French government agency confirms a breach as the attacker moves to monetize the stolen data on underground markets. Another data point in the relentless drumbeat of state-sector breaches. The exfiltration-to-sale pipeline is now faster than ever.
7. Your hex editor should color-code bytes
   A sharp argument that semantic color-coding — NULL bytes in one color, printable ASCII in another, high bytes in a third — dramatically reduces cognitive load when reverse engineering binary formats. The author shows side-by-side comparisons that make a compelling case. Every tool team should read this.
8. Show HN: Honker – Postgres NOTIFY/LISTEN Semantics for SQLite ⚡
   Brings Postgres-style pub/sub NOTIFY/LISTEN to SQLite, letting you react to row changes without polling. A useful primitive for .NET or TypeScript apps using SQLite as an embedded store who want event-driven reactivity without spinning up a full Postgres. Clean, focused, and immediately useful.
9. MeshCore development team splits over trademark dispute and AI-generated code
   An open-source team fractures over whether AI-generated code is acceptable in the codebase — a live case study in the governance tensions AI tooling is creating in collaborative projects. The trademark dispute is a sideshow; the AI code debate is the real story developers will be fighting about for years.
10. Incident with multiple GitHub services ⚡
    GitHub suffered a broad multi-service outage yesterday, hitting Actions, Pages, Packages, and more simultaneously. The incident page documents the timeline; the HN thread is full of postmortems-in-progress. Reminder to keep local mirrors of critical dependencies.
11. Introducing Claude Design by Anthropic Labs
    Anthropic Labs ships Claude Design, a new tool focused on AI-assisted UI/visual design workflows. Directly relevant for developers who build frontends and want Claude integrated deeper into their design-to-code pipeline. Watch this space — it's Anthropic's first explicit move into creative software territory.
12. google-labs-code/design.md: A format specification for describing a visual identity to coding agents
    Google proposes DESIGN.md — a structured markdown spec that gives coding agents a persistent, versioned understanding of your design system, so every AI-generated component stays on-brand. Think CLAUDE.md but for visual identity. Immediately actionable for any team using agents to write frontend code.
13. how a roblox cheat and one AI tool brought down vercel's entire platform
    A Roblox cheat on one employee's machine at Context.ai cascades into a full Vercel platform compromise — plaintext environment variables, over-scoped OAuth grants, and "Allow All" permissions doing their worst. A chilling, step-by-step supply chain horror story that every developer granting third-party AI tools access to their Google Workspace should read right now.
14. Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150
    Anthropic's Mythos AI security tool pre-identified 271 zero-day vulnerabilities in Firefox 150 before release — a watershed moment for AI-assisted security research. Firefox's CTO declares "defenders finally have a chance to win." This is the most concrete demonstration yet that LLMs can meaningfully shift the vulnerability discovery balance.
15. Pica, a MacOS font management app
    A clean, native macOS font management app that promises a better way to browse, activate, and organize your font library. Font management on macOS has been a mess for years — this looks like a focused, well-designed alternative worth trying if you do any design work or creative coding.
16. Qwen3.6-27B: Flagship-Level Coding in a 27B Dense Model ⚡
    Simon Willison breaks down Qwen3.6-27B, which reportedly delivers flagship-level coding performance in a model small enough to run locally. For developers who want a capable code assistant without cloud API costs, this is the benchmark to watch. Willison's framing is always practical and trustworthy.
17. exe.dev
    A VM hosting service designed specifically for AI agents: real Ubuntu machines with sub-second start, SSH-based API, persistent disks, and private-by-default HTTP sharing via Discord-style links. Spin up 20 idle sandboxes on one subscription. Perfect for isolating agent workloads from your main environment.
18. Tolaria — A second brain for the AI era ⚡
    The marketing site for Tolaria fills in what the GitHub repo doesn't say: it's explicitly positioned as an Obsidian successor with native Git sync and Claude Code integration, free forever. For an Obsidian-using developer already in the Claude ecosystem, this is the most directly relevant new app of the week.
19. https://github.com/JuliusBrussee/caveman
    A one-line-install Claude Code skill that makes Claude respond in caveman-speak — cutting ~75% of token usage while maintaining full technical accuracy. Based on the viral observation that stripped-down terse language dramatically reduces LLM verbosity without losing substance. Absurd but genuinely useful for cost-conscious Claude Code users.
20. Overview - Agent Skills ⚡
    A curated directory of reusable agent skills for Claude and other LLMs — think npm for agentic behaviors. If you're building Claude Code workflows or custom agents, this is a time-saver for discovering and composing pre-built capabilities rather than prompting from scratch every time.

Read the full magazine edition →

1. We found a stable Firefox identifier linking all your private Tor identities
   Researchers at Fingerprint.com discovered that Firefox's IndexedDB implementation leaks a persistent identifier across Tor Browser sessions — completely undermining anonymity for users who think they're safe. This is a serious, concrete browser privacy flaw that affects anyone relying on Tor for identity separation. Patch accordingly and read the full technical breakdown.
2. Apple fixes bug that cops used to extract deleted chat messages from iPhones ⚡
   Apple quietly patched a vulnerability that forensic tools exploited to recover supposedly-deleted chat messages from iPhones — used in law enforcement extractions. If you care about the Apple ecosystem and digital privacy, this is a must-update patch. It's a reminder that 'deleted' rarely means gone without a deliberate fix.
3. Qwen3.6-27B: Flagship-Level Coding in a 27B Dense Model
   Alibaba's Qwen team claims flagship coding performance in a 27B dense model — small enough to run locally but reportedly punching above its weight class on benchmarks. For developers using AI coding assistants, a capable self-hosted alternative to proprietary models is a big deal. Worth testing against your Claude Code workflows.
4. Over-editing refers to a model modifying code beyond what is necessary ⚡
   A sharp analysis of a frustrating LLM coding behaviour: models that rewrite everything when you ask for a small fix. The post proposes concrete metrics and training signals to reward minimal, surgical edits. Directly relevant if you use Claude Code or any AI coding assistant and have felt the pain of over-eager refactors.
5. Parallel agents in Zed
   Zed editor now lets you spawn multiple AI agents working in parallel on the same codebase — a step toward the multi-agent development workflows the industry keeps hyping. This is actionable today if you're already on Zed, and worth watching even if you're not. The editor-as-orchestrator model is evolving fast.
6. Scoring Show HN submissions for AI design patterns ⚡
   A developer built a rubric to detect 'design slop' — the telltale visual and UX patterns that scream 'this was vibe-coded by an LLM.' It's a useful meta-analysis of what AI-generated products look like in the wild and how to avoid the clichés. Good reading for anyone shipping AI-assisted software.
7. Workspace Agents in ChatGPT
   OpenAI is rolling out Workspace Agents — persistent, context-aware agents that can operate across your files, emails, and integrations inside ChatGPT. This is the agentic turn hitting mainstream productivity tools. Worth understanding what OpenAI is building as you evaluate your own AI workflow stack.
8. I am building a cloud ⚡
   David Crawshaw (creator of Tailscale's networking layer) writes candidly about building a personal cloud infrastructure from scratch — the decisions, tradeoffs, and lessons. It's part engineering journal, part philosophy on ownership vs. renting compute. A grounding read for any developer thinking seriously about infrastructure independence.
9. Our eighth generation TPUs: two chips for the agentic era
   Google's 8th-gen TPUs arrive with two distinct chips optimized for training and inference at agentic scale — signalling that the hardware race is now explicitly being shaped around multi-step AI agents, not just single-shot queries. The compute gap between cloud AI and local models just got a bit wider.
10. Windows 9x Subsystem for Linux ⚡
    Someone built the inverse of WSL: a Windows 9x compatibility layer that runs inside Linux, letting you run old Win9x binaries on a modern kernel. It's a wild hack that says more about the community's nostalgia and ingenuity than anything else. 224 comments of delighted chaos.
11. Columnar Storage Is Normalization
    A conceptually satisfying post arguing that columnar storage formats are just relational normalization applied to the physical layer — separating attributes into their own structures for better compression and scan performance. If you work with databases or data pipelines in .NET, this reframes a lot of 'modern' data engineering as classical database theory.
12. OpenAI's response to the Axios developer tool compromise ⚡
    OpenAI disclosed a supply chain compromise affecting a developer tool used by Axios — a sobering reminder that AI-adjacent tooling is now a target for attackers. If you use third-party developer tools in your AI workflows, this is a good prompt to audit your dependency chain. The incident response details are worth reading.
13. Verus is a tool for verifying the correctness of code written in Rust
    Verus brings SMT-backed formal verification to Rust, letting you write mathematical specs alongside your code and prove correctness at compile time. As AI-generated code becomes more prevalent, tools that can actually verify correctness — not just test it — are increasingly valuable. Actionable for anyone working on safety-critical or high-assurance Rust.
14. Ultraviolet corona discharges on treetops during storms ⚡
    Researchers at Penn State captured UV corona discharges glowing at treetops during thunderstorms on film for the first time. This is the kind of genuinely weird, visually stunning natural phenomenon that makes you feel the world is still full of surprises. Short read, unforgettable images.
15. A True Life Hack: What Physical 'Life Force' Turns Biology's Wheels?
    Quanta Magazine dives into the biophysics question of what fundamental physical process drives cellular machinery — the molecular motors, pumps, and oscillators that keep cells alive. It's a deep, beautifully written piece at the intersection of thermodynamics and biology. Brain food for the commute.
16. 5x5 Pixel font for tiny screens ⚡
    A beautifully crafted 5×5 pixel font system designed for microcontroller displays — with a full rendering engine, Unicode support, and compression. It's a love letter to legibility at extreme constraints and doubles as an interesting case study in creative coding under tight hardware limits.
17. Alberta startup sells no-tech tractors for half price
    The top HN story today: a Canadian startup selling deliberately low-tech tractors — no GPS, no CAN bus, no proprietary repair lockouts — at half the price of a John Deere. It's a real-world refutation of 'more tech is always better' and a compelling argument for right-to-repair by design. 552 comments of farmers and engineers agreeing loudly.
18. Technical, cognitive, and intent debt
    Martin Fowler extends the 'technical debt' metaphor to cover two underappreciated variants: cognitive debt (complexity that burns your team's mental bandwidth) and intent debt (code that no longer reflects why it was written). In the age of AI-generated code, intent debt is about to become a much bigger problem.
19. Borrow-checking without type-checking
    A thought-provoking exploration of whether Rust-style borrow checking could be decoupled from the full type system — enabling memory safety guarantees in languages that don't want to commit to Rust's type discipline. Niche but intellectually rewarding for anyone interested in language design and compiler theory.
20. Website streamed live directly from a model
    Flipbook.page serves a website whose HTML is generated and streamed in real-time directly from an LLM on every page load — no static files, no CMS, just the model. It's a provocative demo of what 'dynamic content' might mean in a post-template world. Actionable as a creative coding experiment and thought-provoking about the future of web publishing.

Read the full magazine edition →

1. Framework Laptop 13 Pro
   Framework's highest-scoring launch ever signals the modular laptop movement is hitting its stride. A Pro tier means more RAM, better display, and pro-grade specs without sacrificing repairability. 612 comments worth of opinion on whether this is finally the Linux/Windows dev laptop to ditch Apple for.
2. Laws of Software Engineering
   A curated compendium of named laws, heuristics, and aphorisms that govern software development — from Conway's Law to Hyrum's Law. Essential reading for senior devs who want shared vocabulary with their teams. 464 comments means the HN crowd has plenty of additions and rebuttals.
3. ChatGPT Images 2.0
   OpenAI's next-gen image model lands inside ChatGPT with dramatically improved instruction-following, text rendering, and photorealism. If you do any design or creative work with AI, this is the new benchmark to evaluate against. The 599-comment thread is a live stress test of its capabilities and limits.
4. SpaceX says it has agreement to acquire Cursor for $60B ⚡
   The most jaw-dropping acquisition rumor in years: SpaceX allegedly buying Cursor, the AI coding IDE, for $60 billion. If true, this reshapes the AI coding assistant landscape overnight and raises urgent questions about what happens to your codebase. Head to the 676-comment HN thread to separate signal from noise.
5. Claude Code to be removed from Anthropic's Pro plan?
   Directly relevant if you rely on Claude Code daily: reports are swirling that Anthropic may pull Claude Code access from the $20/mo Pro tier. This would force power users onto a higher-cost plan or find alternatives. The 516-comment thread is pure signal on what Anthropic has actually communicated.
6. Meta to start capturing employee mouse movements, keystrokes for AI training ⚡
   Meta is rolling out pervasive keylogger-level monitoring of its own employees to harvest behavioral data for AI training — a chilling precedent for workplace privacy everywhere. If this normalizes, expect enterprise software vendors to follow. Anyone who cares about digital rights should read the Reuters report carefully.
7. Changes to GitHub Copilot individual plans
   GitHub is reshuffling Copilot's individual pricing tiers — changes that could affect what model you get and what you pay. Worth a careful read before your next billing cycle. Developers already juggling Claude Code, Cursor, and Copilot need to know if the value equation just shifted.
8. The Vercel breach: OAuth attack exposes risk in platform environment variables ⚡
   Trend Micro's post-mortem on the Vercel OAuth supply chain attack is a must-read for anyone deploying apps to serverless platforms. The attack vector — stealing secrets baked into environment variables — is shockingly common. Actionable mitigations are included.
9. Show HN: VidStudio, a browser based video editor that doesn't upload your files
   A fully browser-local video editor — no uploads, no cloud, no privacy risk. For developers and creators who need quick edits without feeding footage to a third-party server, this is a compelling privacy-respecting alternative. Runs on WebAssembly and handles surprisingly heavy files.
10. CrabTrap: An LLM-as-a-judge HTTP proxy to secure agents in production ⚡
    Brex open-sources CrabTrap, an HTTP proxy that uses an LLM to evaluate agent requests before they hit production APIs — essentially a guardrail for AI agents going rogue. If you're building agentic workflows (Claude Code pipelines, etc.), this is exactly the kind of safety layer you should be thinking about. Clever architecture worth studying.
11. Edit store price tags using Flipper Zero
    TagTinker turns a Flipper Zero into a tool for reading and writing the electronic shelf labels (ESLs) found in modern retail stores. A fascinating look at how much trust is placed in low-cost wireless price tags. The security implications — and legal gray area — are thoroughly debated in 306 comments.
12. Cal.diy: open-source community edition of cal.com ⚡
    Cal.com forks its own product into a fully open-source, community-driven edition — no paid tiers, no feature gates. Self-hostable scheduling infrastructure for developers who don't want to pay SaaS rates or hand calendar data to a third party. Drop it in your stack today.
13. Show HN: GoModel – an open-source AI gateway in Go
    GoModel is a lightweight AI gateway written in Go that lets you proxy, route, and manage requests across multiple LLM providers behind a single unified API. Great for teams that want to avoid vendor lock-in between OpenAI, Anthropic, and others. A practical piece of infrastructure if you're building AI-powered apps.
14. A type-safe, realtime collaborative Graph Database in a CRDT ⚡
    A TypeScript-native graph database built on CRDTs for conflict-free real-time collaboration — think of it as a type-safe, offline-capable alternative to Firebase for graph-shaped data. Directly relevant for Angular/TypeScript devs building collaborative tools. The CRDT design means eventual consistency without custom merge logic.
15. Running a Minecraft Server and more on a 1960s UNIVAC Computer
    Someone actually got a 1960s UNIVAC mainframe to serve Minecraft packets, which is either the greatest or most unnecessary engineering achievement of the year. A deep dive into vintage hardware coaxed into modern networking — thoroughly entertaining and technically impressive.
16. Diverse organic molecules on Mars revealed by the first SAM TMAH experiment ⚡
    The Curiosity rover's SAM instrument has detected a remarkably diverse range of organic molecules preserved in Martian rock for billions of years. This is one of the strongest hints yet that Mars may have once harbored the chemistry necessary for life. A genuinely significant planetary science result.
17. Drunk post: Things I've learned as a senior engineer (2021)
    A classic resurfaces: unfiltered, hard-won lessons from a senior engineer — on meetings, estimates, code quality, and career survival. Resurfaces periodically on HN because it keeps hitting home. Refreshingly honest compared to polished "lessons learned" blog posts.
18. Fusion Power Plant Simulator ⚡
    An interactive browser-based simulator that lets you design and operate a fusion power plant, tuning plasma parameters and engineering tradeoffs in real time. It's both an educational tool and a surprisingly deep model of fusion economics. If you've ever wondered what it actually takes to make fusion "worth it," this is the best explainer available.
19. Some secret management belongs in your HTTP proxy
    A sharp argument for offloading API key injection and secret rotation to your HTTP proxy layer rather than baking secrets into application code or environment variables — especially timely given the Vercel breach above. Concrete, actionable patterns for .NET and Node backends. Read alongside the Vercel post-mortem for a full picture.
20. XOR'ing a register with itself is the idiom for zeroing it out. Why not sub? ⚡
    Raymond Chen digs into why x86 assembly programmers reach for XOR instead of SUB to zero a register — a subtle interplay of instruction encoding, flag side effects, and CPU microarchitecture optimizations. A bite-sized but deeply satisfying piece of low-level computer science trivia.

Read the full magazine edition →

1. John Ternus to become Apple CEO
   The biggest Apple leadership shake-up in over a decade: Tim Cook transitions to Executive Chairman while hardware engineering chief John Ternus steps up as CEO. Ternus led the Apple Silicon transition and the M-series chip era — his ascent signals Apple doubling down on hardware excellence. Huge implications for the macOS and iOS ecosystem you live in every day.
2. All phones sold in the EU to have replaceable batteries from 2027 ⚡
   The EU mandates user-replaceable batteries in all phones and tablets by 2027 — a landmark right-to-repair ruling that will force Apple and others to fundamentally redesign their devices. This is the biggest regulatory pressure on device longevity since the Lightning-to-USB-C mandate. Watch for Apple's compliance strategy closely.
3. Qwen3.6-Max-Preview: Smarter, Sharper, Still Evolving
   Alibaba's Qwen team drops a new frontier model preview that benchmarks competitively with the top closed-source models. The open-weights space is accelerating fast, and Qwen models are increasingly viable as local or self-hosted alternatives for AI coding workflows. Worth evaluating as a Claude/GPT complement.
4. Atlassian enables default data collection to train AI
   Atlassian quietly opted all users into AI training data collection by default — meaning your Jira tickets, Confluence docs, and Bitbucket code could feed their models unless you opt out. If you use any Atlassian product at work, check your org's privacy settings today. This is the 'enshittification by default' pattern playing out in enterprise tooling.
5. OpenAI ad partner now selling ChatGPT ad placements based on "prompt relevance"
   A leaked deck reveals OpenAI's ad partner StackAdapt is selling ChatGPT ad slots keyed to what users are literally asking about in prompts. The ad-supported AI era is here, and it's more invasive than banner ads ever were — your queries are the targeting signal. Critical context for anyone thinking about which AI tools to trust with sensitive work.
6. Kimi vendor verifier – verify accuracy of inference providers ⚡
   Kimi releases a tool to cryptographically verify that inference API providers are actually running the model they claim — a huge trust issue as the third-party LLM hosting market explodes. If you're routing Claude Code or other AI workflows through proxy providers, this kind of verification matters. Actionable tool for any AI-heavy dev stack.
7. Brussels launched an age checking app. Hackers took 2 minutes to break it
   The EU's mandated age-verification app was broken in under two minutes by security researchers — a case study in what happens when regulation outruns engineering competence. The app was collecting far more data than needed, on top of being trivially bypassable. A cautionary tale about compliance theater vs. actual privacy-preserving design.
8. Jujutsu megamerges for fun and profit ⚡
   A practical deep-dive into Jujutsu's megamerge workflow — a technique that makes integrating long-running feature branches dramatically less painful than Git rebasing. If you've been curious about jj but haven't found the killer workflow yet, this is it. Especially relevant for teams managing complex TypeScript or .NET monorepos.
9. Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys
   Cryptographer Filippo Valsorda cuts through quantum FUD: Grover's algorithm only halves the effective key space, making 128-bit symmetric keys still computationally safe even against large quantum computers. Clear, rigorous, and corrects a lot of half-baked takes in the "post-quantum" discourse. Essential reading before you over-engineer your encryption stack.
10. Anthropic says OpenClaw-style Claude CLI usage is allowed again ⚡
    Anthropic reverses course and explicitly permits OpenClaw-style CLI wrappers that route to Claude — huge news for developers building custom AI coding workflows. This unblocks an entire ecosystem of Claude Code alternatives and extensions. If you're building or using a Claude-powered CLI tool, your usage is now officially sanctioned.
11. mvanhorn/last30days-skill: Claude Code skill that researches any topic across Reddit + X from the last 30 days, then writes copy-paste-ready prompts
    A Claude Code skill that auto-researches Reddit and X for the last 30 days on any topic and synthesizes copy-paste-ready prompts. Directly plugs into the Claude Code ecosystem this reader uses daily. Install it in one line and immediately level up your prompt research workflow.
12. Codex for Mac gains Chronicle for enhancing context using recent screen content - 9to5Mac ⚡
    Codex for Mac adds Chronicle — a feature that uses your recent screen activity to enrich AI context, similar to what Rewind and Apple Intelligence promised. This is exactly the kind of macOS-native AI tooling that matters for developers who want their coding assistant to actually know what they've been working on. Worth a close look for your AI workflow.
13. Anthropic secretly installs spyware when you install Claude Desktop — That Privacy Guy!
    A privacy researcher alleges that Claude Desktop silently installs monitoring components not disclosed in Anthropic's privacy policy — explosive claims that directly affect daily Claude users. The post is making rounds and Anthropic hasn't issued a clear rebuttal yet. If you run Claude Desktop on your Mac, read this and check your system today.
14. Vercel April 2026 security incident | Vercel Knowledge Base
    Vercel's official post-mortem on the April 2026 outage triggered by a Roblox cheat tool and an AI agent run amok. The incident exposed how AI-generated traffic can cascade into platform-wide failures at a scale nobody planned for. Essential reading if you deploy anything on Vercel or use AI agents that make outbound requests.
15. Johny Srouji named Apple's Chief Hardware Officer - Apple
    With Ternus elevated to CEO, Apple creates a new Chief Hardware Officer role and taps silicon genius Johny Srouji. This is the second major Apple org announcement of the week and reshapes who controls the M-series and future chip roadmap. The Apple ecosystem you rely on is being steered by new hands — pay attention to this transition.
16. ShaderPad | Get creative with shaders ⚡
    ShaderPad is a polished browser-based GLSL shader editor — write fragment shaders, see results instantly, and share them as URLs. Cleaner and more approachable than Shadertoy for newcomers to creative coding. A great sandbox for experimenting with visual effects without any local setup.
17. DeFlock
    DeFlock is an open-source crowdsourced map of Flock Safety automatic license plate readers (ALPRs) in your area. These cameras are proliferating invisibly in neighborhoods and log every vehicle's movement — DeFlock makes the surveillance network visible. An essential tool for privacy-conscious citizens and a fascinating civic tech project.
18. Amiga Graphics Archive
    A lovingly curated archive of Amiga demoscene pixel art spanning the late 1980s and 1990s — some of the most technically constrained and artistically inventive digital graphics ever made. Incredible reference material for anyone interested in pixel art, color palette mastery, or the history of creative computing. Prepare to lose an hour.
19. madhadron - The seven programming ur-languages
    A compelling essay arguing that all programming languages descend from seven fundamental paradigms — and that learning one representative of each is more valuable than accumulating syntax. Thought-provoking mental model for any developer evaluating new tools or trying to understand why certain languages feel the way they do.
20. firecrawl/web-agent ⚡
    Firecrawl open-sources the foundation of their autonomous web research agent — fork it, swap in your own models, add custom skills, and self-host. This is exactly the kind of AI agent scaffolding that complements Claude Code for tasks requiring live web data. The architecture is clean and the swap-model design means you can plug in any LLM backend.

Read the full magazine edition →

1. Vercel April 2026 security incident
   Vercel has confirmed a breach with hackers claiming to sell stolen data — a direct hit to anyone deploying on the platform. With 418 comments, the HN thread is packed with threat assessments and mitigation steps. If you're hosting anything on Vercel, this is mandatory reading today.
2. Notion leaks email addresses of all editors of any public page ⚡
   A serious privacy foot-gun: Notion has been silently exposing the email addresses of every collaborator on any public page — including people who never intended to be public-facing. If your team uses Notion for wikis or shared docs, audit your public pages now.
3. Changes in the system prompt between Claude Opus 4.6 and 4.7
   Simon Willison does his usual forensic diff on Anthropic's system prompt changes between Opus versions, surfacing what's actually changed in the model's default behavior. Essential reading if you build on Claude Code or the API — subtle prompt shifts can break your workflows in unexpected ways.
4. The RAM shortage could last years ⚡
   AI's insatiable appetite for HBM is creating a prolonged RAM crunch that will ripple through consumer hardware pricing for years. The 327-comment HN thread digs into whether this accelerates or stifles local AI adoption — directly relevant to anyone running models on Apple Silicon.
5. The creative software industry has declared war on Adobe
   Affinity, DaVinci Resolve, and a wave of challengers are using Adobe's customer resentment as rocket fuel, rolling out free tiers and aggressive feature updates. The subscription-fatigue revolt is real and the alternatives are genuinely compelling now — worth reassessing your creative stack.
6. Show HN: Run TRELLIS.2 Image-to-3D generation natively on Apple Silicon ⚡
   TRELLIS.2 — one of the best image-to-3D models around — now runs natively on Apple Silicon without any cloud dependency. For anyone doing creative prototyping or 3D asset generation on a Mac, this is something you can clone and try today.
7. Prove you are a robot: CAPTCHAs for agents
   As AI agents get better at solving human CAPTCHAs, the web is inverting the challenge — designing puzzles that only bots can pass to verify they're legitimate automation. A thought-provoking look at the infrastructure challenges of agentic AI workflows.
8. Claude Token Counter, now with model comparisons
   Willison's Claude token counter now lets you compare token counts across multiple models side-by-side — an immediately actionable tool for anyone optimizing prompts and managing API costs across Opus, Sonnet, and Haiku. Bookmark this one.
9. SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit [pdf] (2017)
   A resurfaces classic: researchers demonstrated that headphone/speaker jacks can be repurposed as microphones via audio driver manipulation — even on air-gapped machines. Disturbing and technically fascinating in equal measure, and newly relevant as physical-layer attacks get more attention.
10. The Bromine Chokepoint ⚡
    Israel controls ~40% of global bromine production — a critical ingredient in memory chip manufacturing — making regional instability a direct threat to the semiconductor supply chain. A geopolitics-meets-chemistry explainer that puts the RAM shortage story in starker context.
11. GitHub - gsd-build/get-shit-done: A light-weight and powerful meta-prompting, context engineering and spec-driven development system for Claude Code and OpenCode.
    A meta-prompting framework purpose-built for Claude Code that brings spec-driven development and structured context engineering to your AI coding sessions. If you're already using Claude Code daily, this is a productivity layer worth wiring in immediately.
12. Codex for (almost) everything | OpenAI ⚡
    OpenAI's updated Codex app for macOS and Windows now adds computer use, in-app browsing, image generation, memory, and plugin support. Direct competition to Claude Code — worth benchmarking against your current AI coding workflow.
13. Mythos di Anthropic: potere, rischi e la necessità di regole per la cybersecurity
    Bruce Schneier's sharp critique of Anthropic's Claude Mythos — an AI capable of finding and exploiting software vulnerabilities, currently gated to ~50 large companies via Project Glasswing. He demands independent audits and broader researcher access before letting one private company control defensive AI power. Directly relevant to anyone building on Anthropic's stack.
14. Claude Codeで実際に起きたセキュリティ事故7選と防止策 #AI - Qiita ⚡
    A Japanese developer catalogs 7 real security incidents that occurred while using Claude Code — including credential leaks, unintended file writes, and prompt injection via repo contents. Even if you can't read Japanese, the incident patterns are readable and the prevention checklist is worth internalizing.
15. GitHub - NikolayS/pgque: PgQue – Zero-bloat Postgres queue. One SQL file to install, pg_cron to tick. · GitHub
    A dead-simple Postgres-native job queue: one SQL file to install, no external dependencies, pg_cron to tick. For .NET backend devs who want reliable background jobs without bolting on Redis or a separate service, this is a genuinely elegant solution.
16. qmd ⚡
    A local-first CLI search engine for your docs, knowledge bases, and meeting notes — tracking current SOTA approaches while keeping everything on-device. Perfect complement to an Obsidian vault: fast semantic search without sending your notes to the cloud.
17. Wiretext — Unicode Wireframe Design Tool
    A browser-based tool for building wireframes entirely from Unicode box-drawing characters — paste the result directly into markdown, Obsidian notes, or code comments. Surprisingly powerful for quick UI sketches without leaving your keyboard.
18. Qwen3.6-35B-A3B: Agentic Coding Power, Now Open to All
    Alibaba's Qwen3.6-35B-A3B is a mixture-of-experts model with only 3.6B active parameters, optimized specifically for agentic coding tasks and now fully open. Punches well above its weight class for local inference — a strong option on Apple Silicon for offline coding workflows.
19. BrowserLeaks.com - Web Browser Security Checklist for Identity Theft Protection
    A comprehensive fingerprinting and leak-testing suite that shows exactly what your browser is broadcasting — canvas, WebGL, font, timezone, and more. An actionable privacy audit you can run right now to see how identifiable your setup is.
20. Artemis II pilot talks about what it was really like to fly and land in Orion - Ars Technica
    First-person account from the Artemis II pilot on what it actually felt like to fly and splash down in the Orion capsule — from the violence of reentry to the elation of recovery. A rare, detailed human window into a historic mission that doesn't get enough coverage.

Read the full magazine edition →

1. Migrating from DigitalOcean to Hetzner
   The most-upvoted story of the day is a detailed war story on escaping DigitalOcean's pricing and moving workloads to Hetzner, with 383 comments of corroborating experience. Hetzner has become the de-facto "sensible developer cloud" and this post lays out the practical steps — networking, DNS, S3-compatible storage and all. If you're still paying DO prices, this is your weekend project.
2. Anonymous request-token comparisons from Opus 4.6 and Opus 4.7 ⚡
   A live leaderboard letting anyone blind-compare Claude Opus 4.6 vs 4.7 responses token-by-token — no sign-in, no hype, just the model outputs. With nearly 500 HN comments, the community is already surfacing surprising regressions. Essential if you're building on top of Claude and need to know whether to upgrade.
3. State of Kdenlive
   The Kdenlive team drops their annual State of the Project post, detailing what shipped in 2025 and what's on the roadmap for 2026 — new rendering pipeline, better proxy clip handling, and a revamped UI. The open-source video editor has quietly become a serious Premiere alternative for Linux and macOS power users.
4. The electromechanical angle computer inside the B-52 bomber's star tracker ⚡
   Ken Shirriff does it again — a meticulous teardown of the analog gear inside a Cold War-era B-52 star tracker, explaining how resolver chains and sine-cosine transformers computed navigation angles before silicon existed. It's a stunning reminder that mechanical computers were themselves a kind of software. Pure righto.com gold.
5. Thoughts and feelings around Claude Design
   A thoughtful essay reacting to Anthropic's design language choices for Claude — covering why the aesthetic decisions feel either refreshingly different or slightly off, depending on your priors. With 193 comments, HN is having a real debate about whether AI products should look "neutral" or expressive. Relevant reading if you ship UI on top of Claude APIs.
6. NIST scientists create 'any wavelength' lasers
   NIST researchers have built tiny on-chip lasers tunable to literally any visible wavelength — a potential breakthrough for optical computing, sensing, and communications. The fabrication trick involves a new nonlinear photonic process that sidesteps traditional material constraints. This is the kind of photonics news that quietly reshapes what chips can do in five years.
7. College instructor turns to typewriters to curb AI-written work
   A Colorado college instructor is having students write on physical typewriters to prove authorship, generating a heated 244-comment HN thread. The story is really about the impossibility of AI detection and the pedagogical arms race it's created. Worth reading alongside the Opus 4.7 comparison leaderboard above.
8. It's OK to compare floating-points for equality
   A contrarian but well-argued post dismantling the blanket "never compare floats for equality" advice that's been cargo-culted for decades. The author walks through cases — integer-valued floats, sentinel values, NaN checks — where exact equality is exactly what you want. A must-read for any TypeScript or .NET dev who's ever written `=== 0.0` and felt vaguely guilty.
9. Keep Pushing: We Get 10 More Days to Reform Section 702
   EFF is sounding the alarm on a closing window to push for reforms to Section 702 — the surveillance authority that permits warrantless collection of Americans' communications. Ten days is a short runway; if you care about digital rights, this is an actionable call to contact your representative. Low score on HN doesn't mean low importance.
10. Zero-Copy GPU Inference from WebAssembly on Apple Silicon ⚡
    A clever deep-dive on running LLM inference inside WebAssembly while still hitting the Apple Silicon GPU with zero memory copies — no Metal overhead, no bridge penalty. The author explains how shared memory mapping makes this possible and benchmarks it against native runtimes. Directly relevant if you're building AI tooling for the Mac.
11. Unsloth Qwen3.6
    Unsloth's optimized quantization guide for the new Qwen3.6-35B-A3B coding model — the one that's turning heads as a local alternative to Claude Code. Tagged explicitly with `claudecode` by the bookmarker, which tells you where the community is aiming. If you run AI coding agents locally, this is your setup guide.
12. OpenAI's New Codex App Has the Best 'Computer Use' Feature I've Ever Tested - MacStories
    MacStories — the authoritative voice on iOS/macOS software — gives OpenAI's new Codex app a glowing hands-on review, specifically calling out its computer-use feature as best-in-class. A direct competitive signal for Claude Code users: the ecosystem is heating up fast. Read this alongside the Opus 4.6/4.7 comparison.
13. Vibe Check: Opus 4.7 Stopped Reading Between the Lines
    Every.to's qualitative review finds that Opus 4.7 has become more literal and less inferential than its predecessor — it answers what you asked, not what you meant. A useful pairing with the token-comparison leaderboard: numbers tell one story, vibe tells another. If Claude Code is your daily driver, this informs how you'll need to adjust your prompts.
14. MAD Bugs: Even "cat readme.txt" is not safe - Calif
    A macOS and SSH security post documenting how seemingly innocuous commands like `cat readme.txt` can be weaponized through terminal escape sequences to execute arbitrary code. This class of attack (ANSI injection / terminal escape injection) is underappreciated and directly relevant to developers who clone repos or SSH into untrusted hosts. Read it before your next `git clone`.
15. We beat Google's zero-knowledge proof of quantum cryptanalysis - The Trail of Bits Blog
    Trail of Bits unpacks how they found flaws in Google's zero-knowledge proof system for quantum cryptanalysis claims — essentially catching an error in the proof that was meant to establish security guarantees. It's a reminder that ZK proofs are only as good as their verifiers, and that "Google published it" is not a proof of correctness.
16. Cloudflare's AI Platform: an inference layer designed for agents ⚡
    Cloudflare announces a new AI inference platform purpose-built for agentic workloads — low-latency routing, model-agnostic APIs, and built-in rate limiting designed for multi-step agent loops rather than one-shot completions. As Claude Code and similar tools move toward multi-agent architectures, infrastructure like this becomes load-bearing. Worth evaluating now.
17. smol machines
    Smol Machines offers disposable Linux VMs that boot in under one second — designed specifically for AI agent sandboxing and ephemeral task execution. When your Claude Code agent needs to run untrusted code, this is the infrastructure answer. The sub-second cold start changes what's architecturally possible.
18. Age verification is a mess but we're doing it anyway | The Verge ⚡
    A clear-eyed Verge investigation into the wave of age-verification laws rolling out across the US and EU — and why every proposed implementation is a privacy disaster dressed up as child safety. As a developer, you may soon be legally required to implement one of these systems. Know what you're walking into.
19. A ridiculously-lightweight push notification service | Codakuma
    Pushy is a bare-bones self-hostable push notification server for iOS that strips away the complexity of setting up APNs infrastructure for personal or small-scale projects. If you've ever wanted to send push notifications from a weekend project without wiring up Firebase, this is the answer. Pinboard's niche-tool radar at its best.
20. llmfit: Right-sizes LLM models to your system's RAM, CPU, and GPU ⚡
    LLMfit is a practical tool that takes your hardware specs and tells you exactly which LLM models will run comfortably — accounting for RAM, VRAM, and quantization. Stop guessing whether a 35B Q4 model will OOM your machine; just ask LLMfit. Perfect companion to the Unsloth Qwen3.6 item above.

Read the full magazine edition →

1. NASA Force
   Top-scoring story of the day with 264 comments — clearly something big is happening at NASA. The .gov domain and score suggest a significant announcement worth clicking through to understand. Whatever it is, HN is loudly paying attention.
2. Ada, its design, and the language that built the languages
   A deep dive into Ada — the DoD-commissioned language whose design philosophy of safety, correctness, and strong typing quietly influenced everything from C# to Rust. If you care about TypeScript's type system or .NET's design lineage, understanding Ada's DNA is illuminating. 261 points and 182 comments means the HN crowd has opinions.
3. Slop Cop
   A tool that detects AI-generated slop — the kind of content that's technically fluent but hollow and wrong. Directly relevant if you're using Claude Code or any LLM-assisted workflow and want a sanity check on AI output quality. The name alone is worth the click.
4. A simplified model of Fil-C ⚡
   Fil-C is a memory-safe dialect of C that doesn't require rewriting your code — it enforces safety at the ABI level. This post walks through the mental model clearly enough that you actually understand what's novel about the approach. Memory safety without Rust is a hot topic and this is one of the more credible attempts.
5. Hyperscalers have already outspent most famous US megaprojects
   The AI infrastructure buildout has quietly eclipsed the Hoover Dam, the interstate highway system, and the Manhattan Project in raw capital deployed. This data visualization puts the hyperscaler capex race in stark historical context. The 145-comment thread is full of sharp takes on what this means for the industry.
6. Experiment with ICEYE Open Data ⚡
   ICEYE is opening up its synthetic-aperture radar satellite imagery for free experimentation. SAR sees through clouds and at night, which makes it radically different from optical satellite data. If you've ever wanted to build something with real satellite imagery data, this is a rare free on-ramp.
7. Towards trust in Emacs
   A serious proposal for sandboxing and trust levels within Emacs — addressing the long-standing problem that loading Emacs Lisp is essentially arbitrary code execution. Relevant for anyone who cares about editor security in a world of AI-generated configs and untrusted packages. The security model described here has lessons beyond Emacs.
8. Show HN: I made a calculator that works over disjoint sets of intervals
   A surprisingly useful web tool: a calculator that operates on sets of time or numeric intervals rather than single values. Think scheduling across multiple time zones, or calculating free windows across a calendar. The kind of niche utility that you don't know you need until you desperately need it.
9. Why is IPv6 so complicated?
   Written by an actual IETF contributor, this is a frank and self-aware post-mortem on why IPv6 is such a headache to deploy despite being 30 years old. The 85-comment HN thread is a lively argument about whether the complexity was avoidable. Essential reading if you've ever had to actually configure IPv6.
10. Detecting DOSBox from Within the Box
    A clever reverse-engineering exploration: can DOS software detect it's running inside an emulator? The author digs into timing attacks, CPUID tricks, and subtle behavioral differences to fingerprint DOSBox from the inside. Pure hacker joy — the kind of low-level detective work that makes you appreciate how emulators actually work.
11. The Future of Everything is Lies, I Guess
    Kyle Kingsbury (the Jepsen distributed-systems authority) takes a withering, technically grounded look at LLM reliability and what it means for software that needs to be correct. If you're building with AI tools professionally, this is the uncomfortable counterweight you should read. Aphyr doesn't do hot takes — when he writes something this long, it matters.
12. The Future of Everything is Lies, I Guess: Where Do We Go From Here?
    The follow-up to Aphyr's landmark AI critique — this one asks what we actually do given that LLMs are unreliable by design. More constructive than the first post, and essential reading for anyone integrating AI into real production workflows. The pair of posts is rapidly becoming the canonical skeptic's take on LLM tooling.
13. Discourse is Not Going Closed Source
    In direct response to Cal.com closing its source, Discourse argues the opposite: in an AI-accelerated threat landscape, open source is a security *advantage* because defenders can inspect the same code attackers can. A principled and well-argued counter-take that will age well. The quote included in the description is worth reading twice.
14. We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs
    Andon Labs handed an AI agent a real retail lease in San Francisco and tasked it with turning a profit — no training wheels. This is one of the most concrete, real-world agentic AI experiments published to date. The results and ethical implications make for genuinely surprising reading.
15. AI's New Training Data: Your Old Work Slacks And Emails
    Enterprise AI vendors are now eyeing internal Slack archives and email threads as training data — and many employee agreements don't protect against it. This is a direct privacy concern for anyone working at a company using SaaS AI tools. The implications for confidential code reviews and internal technical discussions are obvious and alarming.
16. Impeccable: The missing upgrade to Anthropic's frontend-design skill
    A curated resource specifically for improving the design quality of AI-generated UI code — the gap between "it works" and "it looks good" when using Claude or similar tools. Directly actionable if you're using Claude Code to build frontends. The framing as "design skills for AI coding tools" is exactly right.
17. Zellij
    Zellij is a modern terminal multiplexer written in Rust — think tmux but with a discoverable UI, built-in layouts, and a plugin system. If you live in the terminal (and Claude Code users especially do), this is worth a serious look as a tmux replacement. The Pinboard resurgence suggests it's found a new wave of converts.
18. getdesign.md — DESIGN.md Collection for AI Agents
    A collection of DESIGN.md files — structured design documentation specifically formatted to give AI coding agents architectural context before they write code. This is exactly the kind of meta-tooling that makes Claude Code dramatically more effective. Drop one in your repo and watch the quality of AI suggestions improve.
19. Cloudflare Email Service: now in public beta. Ready for your agents
    Cloudflare is launching a transactional email service built specifically for AI agents — with routing, inbound parsing, and tight Workers integration baked in. If you're building agentic workflows that need to send or receive email, this is a zero-cold-start option worth evaluating. The "ready for your agents" framing is not marketing fluff.
20. Bosses say AI boosts productivity – workers say they're drowning in 'workslop'
    "Workslop" — AI-generated output that looks polished but requires heavy correction — is becoming a real workplace phenomenon. This Guardian piece captures the growing gap between management dashboards and on-the-ground developer experience with AI tools. If you use Claude Code daily, you'll recognize every scenario described here.

Read the full magazine edition →

1. Claude Opus 4.7
   Anthropic drops Claude Opus 4.7, the biggest model release of the year so far — and the HN discussion is absolutely on fire with 1,400+ comments. If you live in Claude Code, this is your new engine. Read the release notes carefully before upgrading your workflows.
2. Claude Opus 4.7 costs 20–30% more per session ⚡
   The new tokenizer in Opus 4.7 quietly inflates session costs by 20–30% — someone did the math so you don't get surprised by your bill. Essential reading before you roll out 4.7 across your Claude Code sessions or any high-volume agentic workflow.
3. Claude Design
   Anthropic debuts Claude Design, a new Labs product aimed squarely at creative and design workflows. If you've been waiting for an AI tool that bridges the gap between generative ideas and production-ready design artifacts, this is worth watching closely.
4. Ban the sale of precise geolocation ⚡
   Lawfare makes the legal and policy case for banning the commercial sale of precise geolocation data — the data broker ecosystem that tracks everyone's phones in near real-time. A well-argued piece that pairs perfectly with the Penlink surveillance story below.
5. Show HN: SPICE simulation → oscilloscope → verification with Claude Code
   A beautiful Show HN: someone wired Claude Code up via MCP to drive a real oscilloscope, run SPICE simulations, and automatically verify circuit behavior. A compelling demonstration of Claude Code as a general-purpose engineering agent far beyond web dev.
6. Android CLI: Build Android apps 3x faster using any agent ⚡
   Google ships an official Android CLI designed to slot into any AI coding agent, claiming 3x development speed. This is directly relevant to anyone building mobile-adjacent tooling or exploring what agentic dev pipelines look like at the platform level.
7. NIST gives up enriching most CVEs
   NIST has quietly stopped adding enrichment metadata to the majority of CVEs in the National Vulnerability Database — a significant blow to the security tooling ecosystem that relies on that data. Expect downstream gaps in vulnerability scanners and SBOMs.
8. Show HN: PanicLock – Close your MacBook lid disable TouchID –> password unlock ⚡
   A tidy macOS utility that forces password-only unlock when you close your MacBook lid, disabling TouchID for that session. Perfect for crossing borders, court appearances, or any situation where you want to quickly drop to a higher authentication bar.
9. Guy builds AI driven hardware hacker arm from duct tape, old cam and CNC machine
   AutoProber is a gloriously scrappy AI-driven hardware probing arm built from duct tape and a salvaged CNC machine — it uses computer vision to autonomously poke circuit boards and map their secrets. Peak hacker ingenuity and a genuinely novel application of vision models.
10. Show HN: Smol machines – subsecond coldstart, portable virtual machines ⚡
    SmolVM promises subsecond cold starts for portable virtual machines — the kind of primitive that makes serverless sandboxing, edge compute, and AI tool isolation actually practical. Early days, but the architecture is worth understanding now.
11. Automate work with routines
    Official Claude Code documentation on routines — the mechanism for automating repeated multi-step workflows inside your coding sessions. If you're still triggering everything manually, this is the feature that turns Claude Code from a chat box into a real automation layer.
12. Using Claude Code: session management and 1M context | Claude ⚡
    Anthropic's own guide on managing long Claude Code sessions with the 1M context window — covering when to compact, how to structure context hand-offs, and patterns that keep large codebases coherent across sessions. Required reading given the Opus 4.7 launch.
13. superpowers
    A curated core skills library for Claude Code — pre-built capabilities you can drop into your setup to extend what Claude Code can do out of the box. Pairs perfectly with the new routines docs; think of it as a community stdlib for your AI coding agent.
14. My AI-Assisted workflow | maiobarbero.dev
    A Tech Lead shares a structured pre-code-generation workflow where the real work — spec writing, context loading, constraint definition — happens before Claude writes a single line. Practical and opinionated, this is the antidote to vibe-coding disasters.
15. Friends Don't Let Friends Use Ollama | Sleeping Robots
    A pointed critique of Ollama as the default local LLM serving layer — arguing that its convenience hides serious reliability and performance gotchas for production use. Whether you agree or not, it's a useful forcing function to examine your local model stack.
16. What is jj and why should I care? - Steve's Jujutsu Tutorial ⚡
    Steve Klabnik's intro to Jujutsu (jj), the Git-compatible version control system that rethinks branching and history editing from first principles. If you've ever wished Git's mental model was less painful, this tutorial is the on-ramp you've been waiting for.
17. GitHub Stacked PRs | GitHub Stacked PRs
    GitHub's official stacked PRs feature (via gh-stack) finally makes trunk-based development with small, reviewable changesets a first-class workflow on GitHub. If you've been manually managing stacked branches, this is the tooling you've wanted.
18. Backblaze has quietly stopped backing up your data | Robert Reese's Website
    Backblaze silently started excluding .git folders and Dropbox directories from backups without clearly communicating the change — the kind of silent regression that can leave you exposed when you least expect it. Time to audit what your backup software is actually backing up.
19. Netflix ruined its Apple TV app by switching to a custom video player - 9to5Mac
    Netflix ditched AVFoundation for a custom video player in its Apple TV app and the result is a noticeably worse experience: broken system controls, no Picture-in-Picture, degraded HDR. A cautionary tale about the hidden costs of abandoning platform-native APIs.
20. DaVinci Resolve – Photo | Blackmagic Design
    Blackmagic has extended DaVinci Resolve into a full photo editing application — bringing the same colour science and node-based grading workflow from professional video into stills. A genuine Lightroom alternative with serious pro pedigree worth evaluating.

Read the full magazine edition →

1. Google broke its promise to me – now ICE has my data
   Google's 2020 pledge not to hand location data to law enforcement without a warrant turned out to be worthless — ICE got the data anyway, likely via third-party brokers who bought it from Google. This is the most important privacy story of the year: the surveillance infrastructure is already built, it's just changing hands. If you ever believed Google's privacy promises, this is a cold shower.
2. Cybersecurity Looks Like Proof of Work Now ⚡
   Drew Breunig's sharp argument: AI has made phishing, malware, and social engineering attacks essentially free to generate, so real security now requires spending more human attention than attackers do. The arms race has shifted from technical barriers to economic attrition — and defenders are structurally losing. A must-read framing for anyone thinking about threat models in 2026.
3. Cal.com is going closed source
   Cal.com — the open-source Calendly alternative with 33k GitHub stars — is closing its source code, citing the impossibility of competing with cloud vendors who take without contributing. The move has ignited fierce debate about whether open-source is sustainable as a business model. If a well-funded, beloved OSS project can't make it work, the whole model deserves scrutiny.
4. IPv6 traffic crosses the 50% mark ⚡
   Google's statistics now show more than half of all traffic to its services arriving over IPv6 — a milestone 20+ years in the making. Mobile carriers deserve most of the credit for dragging the industry across the line. The internet's underlying plumbing is finally catching up to its own future.
5. Darkbloom – Private inference on idle Macs
   Darkbloom runs LLM inference locally on M-series Macs by pooling idle machines into a private compute cluster. No data leaves your network, no cloud bills, no API keys. For developers who want self-hosted AI without spinning up cloud infra, this is the most interesting privacy-first AI project in months.
6. Do you even need a database? ⚡
   A direct challenge to the reflex that every app needs a relational database. The author walks through cases where SQLite, flat files, or even JSON gets you 90% of the way with 10% of the operational complexity. Worth 10 minutes of honest reflection before you scaffold your next Postgres instance.
7. ChatGPT for Excel (Spreadsheets)
   OpenAI has launched a native ChatGPT integration for spreadsheets — describe what you want in plain English, and it handles formulas, data cleaning, and chart generation. This is the most practical AI product launch of the month: it will reach millions of non-developers who never touch a terminal. The office productivity category is about to be disrupted hard.
8. CRISPR takes important step toward silencing Down syndrome's extra chromosome
   Researchers used CRISPR to silence the extra copy of chromosome 21 in human cells in vitro — a proof-of-concept demonstrating that chromosome-level editing is becoming tractable. This isn't a cure, but it's a meaningful scientific milestone that may one day lead to actual treatments. Gene editing is moving faster than most people realize.
9. The Gemini app is now on Mac
   Google has shipped a native macOS app for Gemini, joining Claude and ChatGPT in the Mac dock. The AI assistant arms race has officially moved from mobile and web to the desktop. Worth trying if you want a side-by-side comparison against Claude's mac app.
10. US v. Heppner: No attorney-client privilege for AI chats ⚡
    Judge Rakoff has ruled that attorney communications with AI tools are not protected by attorney-client privilege and are therefore discoverable. Lawyers who used ChatGPT or similar tools for case strategy may have fully discoverable conversations. This ruling will reshape how legal professionals use AI — and is a warning to anyone who assumes AI chat history is private.
11. AISI evaluation of Claude Mythos Preview's cyber capabilities
    The UK's AI Safety Institute tested Claude Mythos Preview on a cyber range and found it capable of autonomously attacking small, weakly defended enterprise systems. This is a significant capability threshold being crossed in the open: not a hypothetical, but a documented evaluation. Essential reading for anyone thinking about AI safety and offensive security risk.
12. Google, Microsoft, Meta All Tracking You Even When You Opt Out ⚡
    An independent audit found all three tech giants routinely ignore opt-out requests for tracking cookies, violating California privacy law. They set tracking cookies even after users explicitly opt out. The CCPA has teeth on paper but apparently not in practice — these companies have clearly calculated the compliance risk is worth it.
13. Claude Code's Source: 3,167-Line Function, Regex Sentiment Analysis
    A deep dive into Claude Code's architecture uncovers a single 3,167-line function and regex-based sentiment analysis — very different from what you'd expect from a polished production tool. The piece argues this is intentional: the team treats AI-generated code as disposable and regenerates from specs rather than reviewing it. A fascinating window into how Anthropic itself builds with AI.
14. RTK: CLI proxy that reduces LLM token consumption by 60–90%
    A single Rust binary that sits between your dev tools and LLM APIs, compressing common command outputs before they reach the model. Claims 60–90% token reduction on real agentic coding workflows. For heavy Claude Code users watching monthly API costs creep up, this is worth benchmarking immediately.
15. The Git Commands I Run Before Reading Any Code
    A concise, opinionated list of git commands to orient yourself in an unfamiliar codebase before touching a single file. Things like git log --oneline, blame on key files, and branch topology checks. The kind of practical muscle memory that separates developers who move fast in new codebases from those who flounder.
16. Codeburn: Interactive TUI dashboard for Claude Code and Codex cost observability
    Codeburn is a terminal dashboard that shows exactly where your AI coding tokens go — per-file and per-operation breakdowns for Claude Code and Codex. Given how quickly agentic coding costs can compound across a workday, having real visibility into your token burn is genuinely useful for managing spend.
17. Things you didn't know about indexes
    A practical deep-dive into database index behavior that goes beyond the basics — covering partial indexes, expression indexes, covering indexes, and when the planner ignores your indexes entirely. The kind of post that explains a class of mysterious query performance bugs you've probably hit but couldn't diagnose.
18. Pretty Fish — A Better Mermaid Diagram Editor ⚡
    A polished web editor for Mermaid diagrams with live preview, syntax highlighting, and a cleaner export experience than the official tooling. Mermaid has become the default for architecture diagrams in docs and READMEs — this makes authoring them significantly less painful.
19. Skills.sh – The Agent Skills Directory
    A curated directory of installable skills for AI agents — effectively an app store for agent capabilities. Browse and install reusable skills that extend what coding agents can do. The Claude Code skills ecosystem in particular is maturing fast, and this is a useful place to discover what others have built.
20. Saying Goodbye to Agile ⚡
    A clear-eyed post-mortem on why Agile's moment has passed: the rituals calcified into bureaucracy, the principles were forgotten, and the consultancy industry hollowed it out. Not a rant but a sober argument that the software industry has moved on — and should stop pretending otherwise. The replies will be lively.

Read the full magazine edition →

1. Claude Code Routines ⚡
   Anthropic shipped official documentation for Claude Code routines — reusable, composable workflows you can embed directly into your dev environment. This is the scaffolding for turning AI pair-programming from ad-hoc prompting into repeatable automation. If you use Claude Code daily, this changes how you structure your work.
2. DaVinci Resolve Launches a Full Photo Editor
   Blackmagic Design expands Resolve beyond video with a dedicated photo editing module. RAW processing, color grading with the same tools filmmakers use, and it's free. The most upvoted story on HN today — the creative community is paying attention. A serious Lightroom alternative from a company that doesn't do subscriptions.
3. Someone Bought 30 WordPress Plugins and Planted Backdoors in All of Them
   A threat actor purchased 30 popular WordPress plugins through legitimate marketplace transactions, then pushed updates containing backdoors to every user who had them installed. A supply-chain attack hiding in plain sight. If you manage any WordPress sites or advise clients who do, audit your plugin list today.
4. jj — the CLI for Jujutsu Version Control
   $ jj init — Jujutsu is the Git replacement that treats every working copy state as a commit. No staging area, automatic rebasing, first-class conflict resolution. This tutorial by Steve Klabnik is the on-ramp the project needed. 459 comments says the dev community is seriously evaluating the switch.
5. Stop Flock: The Fight Against Neighborhood Surveillance
   Two stories dominating HN today: a campaign to stop Flock Safety's license-plate surveillance cameras from spreading through neighborhoods, and one person's account of writing to Flock's privacy contact to opt out of their domestic monitoring program. Together they paint a picture of growing grassroots resistance to automated surveillance infrastructure being deployed without meaningful consent.
6. Turn Your Best AI Prompts into One-Click Tools in Chrome ⚡
   Google is baking "Skills" directly into Chrome — save your most-used AI prompts as reusable one-click tools accessible from the browser toolbar. This bridges the gap between power-user prompt engineering and everyday browser workflows. If you're already building AI-assisted workflows, this is a new distribution channel for your best prompts.
7. Google Gemma 4 Runs Natively on iPhone with Full Offline AI ⚡
   Google's Gemma 4 model now runs fully offline on iPhone hardware — no cloud, no API calls, no data leaving the device. This is the inflection point for on-device AI: capable enough to be useful, private enough to be trustworthy. Opens up entirely new categories of iOS apps that can reason locally.
8. The Dangers of California's Legislation to Censor 3D Printing
   The EFF sounds the alarm on proposed California legislation that would require 3D printers to refuse certain print jobs — essentially building censorship into hardware. The bill's scope is broad enough to affect hobbyists, makers, and small manufacturers. A collision between safety regulation and the right to general-purpose computing.
9. My AI-Assisted Development Workflow ⚡
   A developer shares their complete AI-assisted workflow — how they integrate LLMs into their daily coding practice, what works, what doesn't, and where the productivity gains actually land. Practical, opinionated, and full of specific tool choices. The kind of "show your setup" post that reveals real patterns.
10. OpenDuck: Distributed DuckDB Instance
    DuckDB is already the Swiss Army knife of local analytics. OpenDuck scales it horizontally — run distributed queries across multiple DuckDB instances as if they were one database. For anyone processing datasets that outgrew a single machine but don't warrant a full data warehouse, this fills an important gap.

Pinboard Picks

1. Superpowers — a Skills Framework for Claude Code ⚡
   An open-source skills framework that layers reusable, composable capabilities on top of Claude Code — TDD workflows, brainstorming protocols, debugging skills, and more. You're already running it. Worth tracking upstream changes and new community skills as they land.
2. Apple Frames 4 — Device Mockups via Shortcuts, Now with a CLI
   Federico Viticci's legendary Shortcut for wrapping screenshots in pixel-perfect Apple device frames gets a major overhaul: frame color options, proportional scaling, and — the big one — an Apple Frames CLI for developers. Automate device mockups from the terminal or CI pipeline. If you ship iOS or Mac apps, this just saved you hours in Figma.
3. Claude Cowork 2.0 — Pair Programming Evolved ⚡
   A deep look at the next iteration of Claude's cowork mode — how the collaborative coding experience has evolved, what patterns power users have discovered, and where it fits in a multi-agent workflow. If you run Claude Code sessions daily, this maps the frontier of what's possible with the latest capabilities.
4. Native Instant Space Switching on macOS
   Kill the macOS space-switching animation entirely and get instant workspace transitions — using native APIs, no hacks. If you juggle multiple desktops (and who doesn't with a tiling window manager), this one tweak removes the single most annoying friction point in the macOS workspace flow. Tiny change, outsized quality-of-life gain.
5. Obsidian Skills — Kepano's Plugin for AI-Powered Note Workflows ⚡
   The creator of Obsidian ships a new plugin that brings "skills" — reusable AI-powered actions — directly into the note-taking workflow. Summarize, extract, transform, and generate content within your vault using composable prompts. If Obsidian is your second brain, this gives it agency.
6. Apfel — Free AI Running Natively on Your Mac ⚡
   A free macOS-native AI app that runs local models on Apple Silicon with zero cloud dependency. No account, no API key, no data leaving your machine. The intersection of on-device AI and Mac-first design — exactly the kind of privacy-respecting tool that's hard to find through mainstream channels.
7. gh-stack — First-Class Stacked PRs for GitHub
   GitHub ships an official CLI extension for stacked pull requests — break large changes into reviewable, dependent PR chains that stay in sync automatically. This has been the most-requested workflow gap for teams doing trunk-based development. No more rebasing nightmare when the base PR changes.
8. Wiretext — Design Wireframes with Unicode Characters
   A design tool that lets you build wireframes entirely from Unicode box-drawing characters — copy-paste the result into any text document, terminal, or code comment. Delightfully constrained: when your wireframe is pure text, it lives everywhere your code does. Perfect for READMEs, architecture docs, and quick prototyping without leaving the editor.
9. They See Your Photos — What AI Extracts from Your Images
   Upload a photo and see exactly what modern AI vision models extract: location estimates, emotional state, relationships, wealth indicators, brand affiliations, and more. A visceral demonstration of how much metadata-free images still reveal to machine learning. The kind of thing that makes you rethink what you post.
10. boringBar — A Taskbar Dock Replacement for macOS
    Replaces the macOS Dock with a Windows-style taskbar that shows open windows, workspace indicators, and system stats in a compact strip. For power users who find the Dock more decorative than functional, this reclaims vertical screen space and puts active-window management front and center. One of those "why didn't Apple do this" utilities.

Read the full magazine edition →