Twenty stories from Hacker News and Pinboard Popular, curated for tech-leaning readers who care about Claude Code, the Apple ecosystem, and privacy.
Mitchell Hashimoto (of Vagrant/Terraform fame) drops a pointed observation: some companies have handed AI so much decision-making authority that they've lost their organizational sanity. With 629 comments, HN is clearly feeling this one. If you're building with Claude Code or managing an AI-augmented team, this is a necessary gut-check.
The classic free e-book library apparently just got meaningfully better — and HN noticed with 910 upvotes. The discussion digs into what's improved: search, formats, and curation. A reminder that some of the best digital infrastructure is quiet, nonprofit, and decades old.
The DOJ is demanding Apple and Google hand over identities of 100,000+ users of an emissions-tuning app — no individual warrants, just a mass unmasking request. This is a landmark privacy test case for app store operators. Apple ecosystem readers should pay close attention to how Apple responds.
California is pushing a bill that would force publishers to ship offline patches or issue refunds when they pull the plug on online games. It's a digital rights win with broad implications — could set a precedent for software preservation and consumer protection well beyond gaming.
A damning GitHub issue reveals Bun's hyped Rust rewrite has undefined behavior lurking in ostensibly safe code — the kind of bug that undermines the core pitch of Rust entirely. If you're evaluating Bun for production use, this thread is required reading before you ship.
Google Project Zero walks through a full 0-click exploit chain targeting the Pixel 10 — no user interaction required. The technical depth here is exceptional, covering baseband, kernel, and beyond. Essential reading for anyone who thinks modern flagship hardware is immune to silent compromise.
A pitch-perfect Onion-style parody skewering npm's endemic supply-chain malware problem. It's funny because it's true — and the HN thread turns into a genuinely useful discussion of what actually could be done. Mandatory reading for any .NET or TypeScript developer who touches the npm ecosystem.
Radicle is a peer-to-peer, decentralized code forge that works on top of Git — no GitHub, no central server. With surveillance and platform risk top of mind, owning your code collaboration stack is increasingly compelling. Worth a serious look if you want GitHub independence.
Zulip is spinning up a proper nonprofit foundation to steward its open-source threaded chat platform. This is meaningful for teams who've bet on Zulip as a Slack alternative — foundation backing signals long-term commitment and independence from VC pressure.
OpenAI is integrating Plaid so ChatGPT can directly access users' financial accounts — ostensibly for budgeting and financial assistance features. The privacy implications are enormous: your transaction history feeding an LLM is a fundamentally different data exposure than anything before. The HN thread is appropriately alarmed.
Scott Alexander demolishes the comforting idea that AI progress will naturally plateau before it gets dangerous. The argument — that sigmoid curves look linear in the middle — is one of the cleaner rebuttals to AI optimism you'll find. Required reading if you're thinking about the trajectory of the tools you're building with.
A clever speculative decoding approach squeezes up to 7.8× more tokens per forward pass from Qwen3 with identical output quality. If you're running local inference or optimizing AI pipeline costs, this technique could meaningfully change your throughput math.
LLMs are now good enough at CTF (Capture the Flag) security challenges that the traditional open format is no longer a fair competition — AI gives some participants an overwhelming edge. A fascinating look at how AI is reshaping a beloved hacker subculture, with real implications for security education and hiring.
Security legend Tavis Ormandy takes on building a modern replacement for the abandoned uMatrix browser extension — the gold standard for granular request blocking. If you've mourned the death of uMatrix, this is the project to watch and possibly contribute to.
Drop in a single image and get back a full 3D environment, sound effects, and meshes — this is the kind of creative AI tool that makes the phrase 'single asset to full scene' actually true. For developers experimenting with generative pipelines, this is an instant sandbox to play in.
A beautiful, interactive browser visualization of a PPO reinforcement learning agent training live on Snake. It's genuinely fun to watch and serves as an intuition-builder for how RL agents develop strategy over time. Great for sharing with anyone trying to grok reinforcement learning.
A practitioner shares specific, copy-pasteable SQL patterns for detecting velocity attacks, structuring, and card-testing fraud. These aren't toy examples — they're battle-tested queries you can adapt to your own schema today. Any developer building a payments or e-commerce backend should bookmark this.
Quanta digs into the bizarre optical engineering of bird eyes — photoreceptor densities and geometries that no camera engineer would ever design, yet work spectacularly well. Beautifully written, and a reminder that evolution finds solutions the human mind wouldn't reach.
John Baez explores the strange reality that quasicrystals — once thought to be a mathematical curiosity — actually exist in nature, formed by meteorite impacts. The structures violate classical crystallography rules and are genuinely alien-looking. A perfect Saturday-morning rabbit hole.
Epiq is a terminal-based issue tracker that stores everything inside your Git repo — no external service, no account required. Pairs naturally with Radicle or any offline-first workflow. If you want GitHub Issues without GitHub, this is worth a spin today.