From Hacker News
Stories 1 – 10
No. 01Privacy & SecurityApplies to you
by cft · 532 points · 187 comments
A security researcher demonstrates that Microsoft Edge keeps every saved password in plaintext in process memory, even for sites you haven't visited this session. This is a significant attack surface for any process that can read Edge's memory — malware, a compromised extension, or a local privilege escalation. Yet another reason to use a dedicated password manager and avoid browser-native credential storage.
No. 02Dev Tools
by remote-dev · 485 points · 314 comments
A developer raises concerns about Bun's governance, funding runway, and the sustainability of a single-company-controlled JavaScript runtime. The timing is notable given the separate news that Bun is quietly being ported from Zig to Rust. A must-read if you're betting any production workloads on Bun.
No. 03Dev Tools
by SergeAx · 476 points · 336 comments
A commit in the Bun repo quietly reveals the runtime is being ported from Zig to Rust — a massive architectural shift that pairs perfectly with the 'I am worried about Bun' post dominating HN today. The Zig-to-Rust migration signals real engineering churn at Oven; the HN thread is full of analysis on what this means for the JS ecosystem.
No. 04AI ToolsApplies to you
by Sean-Der · 398 points · 123 comments
OpenAI's engineering blog dives into the infrastructure behind real-time voice AI — custom model serving, WebRTC pipelines, and latency budgets measured in tens of milliseconds. If you're building voice-enabled features on top of any LLM API, this is the clearest public writeup yet of what the production stack actually looks like.
No. 05AI ToolsApplies to you
by BOOSTERHIDROGEN · 246 points · 105 comments
Addy Osmani (Chrome DevRel lead) maps out the skill taxonomy for working effectively with AI coding agents — when to delegate, how to prompt for multi-step tasks, and where human judgment stays irreplaceable. Directly applicable to Claude Code workflows and pairs well with the agentic coding lessons post below.
No. 06AI ToolsApplies to you
by ingve · 26 points · 23 comments
Ten sharp lessons on what changes about software development when code generation is nearly free — covering code review, architecture ownership, testing strategy, and technical debt accumulation. This is the kind of strategic rethinking that Claude Code users should be doing right now.
No. 07AI ToolsApplies to you
by kristianpaul · 213 points · 22 comments
A clean, well-documented GitHub repo walking through every stage of training a small language model from scratch — tokenization, transformer architecture, training loop, and inference. Great for anyone who wants to move from 'I use LLMs' to 'I understand LLMs' without wading through a textbook.
No. 08AI ToolsApplies to you
by raphaelcosta · 189 points · 112 comments
Software engineering researcher Margaret-Anne Storey synthesizes emerging evidence that over-reliance on AI coding tools may be eroding developers' ability to reason deeply about their own code — a concept she calls 'cognitive debt.' Essential reading for anyone who uses Claude Code or Copilot heavily and wonders about the long-term cost.
No. 09Dev Tools
by r00k · 163 points · 85 comments
Stripe's engineering blog recounts how they reformatted 25 million lines of Ruby in a single night using rubyfmt, with near-zero developer disruption. The tooling, git strategy, and rollout approach are all transferable lessons for anyone contemplating a large-scale formatter migration in .NET, TypeScript, or any other codebase.
No. 10Privacy & Security
by bearsyankees · 195 points · 81 comments
A detailed post-mortem on discovering a zero-authentication multi-tenant vulnerability in a DoD-backed SaaS startup — any user could access any other customer's data. Clear, methodical writeup with lessons on API design and authorization that apply equally to boring enterprise .NET apps.
From Pinboard Popular
Stories 11 – 20
No. 11Privacy & SecurityApplies to you
by john-doe · 107 points · 96 comments
Chrome is quietly downloading Google's Nano AI model (4 GB) in the background without any user prompt or opt-in. If you've been wondering why your disk is disappearing, check your Chrome profile directories. Another solid argument for Safari on macOS.
No. 12Privacy & Security
by cadito · 91 points · 71 comments
A deep dive into how modern connected cars have become surveillance platforms — tracking location, driving behavior, voice commands, and seat sensor data, then brokering it to advertisers and insurers. The data flows are more extensive and less regulated than anything on your phone.
No. 13Privacy & Security
by averi · 96 points · 33 comments
A fresh CVE affecting rootless container copy operations — an attacker can exploit a TOCTOU race in certain configurations to escape expected file boundaries. If you're running rootless Podman or Docker in CI/CD pipelines, patch or mitigate now and read this writeup for the technical details.
No. 14Dev Tools
by antirez · 277 points · 91 comments
Redis creator antirez writes a characteristically thoughtful post on the design and implementation journey of a new array data structure in Redis — covering memory layout decisions, performance tradeoffs, and API design philosophy. A treat for anyone who cares about how great infrastructure software gets built.
No. 15New Apple AppsApplies to you
by zdw · 86 points · 17 comments
A fascinating vintage Apple deep dive — the Apple Network Server 2.0 was a rare PPC server running AIX, but someone has now coaxed macOS onto its ROMs. Equal parts archaeology and hardware hacking, with detailed notes on bootrom behavior and firmware quirks that Apple historians will love.
No. 16Privacy & Security
by alcazar · 280 points · 198 comments
A clear technical explanation of RandomX — the CPU-optimized proof-of-work algorithm Monero uses specifically to resist ASIC and GPU mining. Good cryptographic engineering explainer even if you don't care about crypto: the design decisions around memory-hardness and virtual machine execution are genuinely interesting.
No. 17Dev Tools
by pjmlp · 76 points · 32 comments
A pointed critique arguing that Async Rust's ergonomics, tooling, and ecosystem remain in an unfinished MVP state years after stabilization — covering Send bounds hell, lack of async traits in stable Rust, and the runtime fragmentation problem. Timely given the Bun-to-Rust migration news and the broader industry shift toward Rust.
No. 18AI Tools
by gyomu · 312 points · 49 comments
John Gruber digs into reports that YC holds roughly 0.6% of OpenAI — which at current valuation would be worth billions — and what that means for YC's incentives when it cheerleads AI startups. A useful corrective lens for reading YC-adjacent AI hype.
No. 19Creative software
by jollyjerry · 84 points · 9 comments
Seth Larson documents his experiment hand-drawing valid, scannable QR codes — exploring exactly how much error the format can tolerate before scanners fail. A delightful intersection of creative craft and error-correction mathematics that makes you appreciate how robust the spec actually is.
No. 20Dev Tools
by wowi42 · 276 points · 91 comments
PyInfra — the Python-native infrastructure automation tool — hits 3.8.0 with improvements to parallel execution, inventory handling, and connector stability. If you've been burned by YAML-heavy Ansible and want to express infra as real Python code, this release is a good time to try it.