Top 29 stories from Hacker News. Top 10 include comment highlights. Compiled at 20:10 UTC.
622 points by ammar2 · 95 comments
My blog, mostly about programming
What HN said:
zbentley: This is a very good writeup. Zooming way out (perhaps to the point of useless observation), it's a pity that the web embedded VSCode editor is signed into GitHub at all. Defense-in-depth or not, a huge vulnerability surface arises from that original sin.
ammar2: Update as of 3rd June: Microsoft has fixed this with a stopgap fix by adding a confirmation when opening notebooks in web VSCode and not allowing trusted publisher to be skipped by commands (https://github.com/microsoft/vscode/pull/319705).
NagatoYuzuru: > the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed the bug Classic MSRC. It has figured out that researchers will report for free regardless. Why change?
Noumenon72: Thank you for essentially donating the time you spent on this exploit to raise awareness on improving VS Code's security response. You could have just given up on them but you're still trying to help.
572 points by reconnecting · 534 comments
According to an internal memo, new controls will allow employees to pause the data collection for "up to 30 minutes at a time".
What HN said:
staplung: Reminds me of one of the more brilliant passages in Snow Crash, describing work in "Fed Land"... ''' Y.T's mom pulls up the new memo, checks the time, and starts reading it. The estimated reading time is 15.62 minutes.
crispyambulance: It's always been hard to know the extent of how draconian tracking actually is (IT pros tend to not talk about it much). In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded and used again...
everdrive: I don't work for Meta, but how many more years do I need to work in tech? I'm in my 40s and my kids are young. I've already set up 529s for them, and am paying for some expensive home upgrades.
LucidLynx: I have a serious question to anyone working at Meta and reading this: HOW can you still work at this company!? Why don't you quit this very toxic company, and start working at another place or even on your own? I genuinely don't understand... Let just Meta die!
553 points by xx_ns · 94 comments
What HN said:
rkagerer: This is a well written article and easy to digest, worth a skim. In summary he figured out how to reflash arbitrary firmware on a Creative Sound Blaster Katana V2X soundbar via Bluetooth, without requiring any effective authentication or user interaction.
hootz: >Email from SingCERT stating vendor "do not consider this to be a vulnerability, as it does not present a cybersecurity risk." So wirelessly writing custom firmware to someone else's device that is connected via USB to their computer without even needing to pair is not a security...
nickdothutton: It is quite common to find device manufacturers, even those of many years standing, who appear to begin with the device and add the software as an afterthought. Paying little attention to security or even the software lifecycle (patches, updates, the changing landscape/ecosyste...
Klaus23: Why think so small? Perhaps the speaker itself can be used as the attacker. Any script kiddie with an LLM could write a worm that would spread through the supply chain, possibly even hacking speakers right on the factory floor and blasting Rickroll music or something similar.
472 points by rvz · 173 comments
An overview of Gemma 4 12B, a model designed to bring high-performance multimodal intelligence directly to your laptop.
What HN said:
senko: I ran the Q4 quant (used with llama.cpp) though my "minesweeper" vibe-coding benchmark: https://senko.net/vibecode-bench/2026/minesweeper-gamma-4-12... The result is decent, but it had a few bizzare/trivial syntax errors I had to fix manually: it would do an extra closing bracket...
minimaxir: The big story here is the encoder-free part, which I still don't fully understand. > Vision: We replaced Gemma 4’s vision encoder with a lightweight embedding module consisting of a single matrix multiplication, positional embedding and normalizations.
asim: We are now entering the closed loop game. Google doesn't need anyone else to accelerate their models. This is their bread and butter. I'm both shocked but also not surprised that they continue to develop such efficiencies.
christina97: It seems worse in all aspects to the 26B A4B? I would have thought dense models beat MoE still on many benchmarks? Is the entire point of this model then that it runs if you don’t have enough GPU memory to load the 26B? That one runs faster anyway due to lower active params.
326 points by papersail · 299 comments
Lower-priced kits are disappearing by the day
What HN said:
Scene_Cast2: This is the PCPartPicker chart that I monitor: https://pcpartpicker.com/trends/price/memory/#ram.ddr5.5600.... - $900 for 2x32GB, used to be $200 a year ago.
gvalkov: The squeeze is real even at the SME level. We recently wanted to add another TB of memory to several servers (we do EDA chip design, which eats a lot of memory). Quotes came back to about €200k for 48 x 96GB DDR5-5600 RDIMMs.
brnaftr361: GN did a documentary on the situation from the perspective of consumer-facing companies. Seems pretty dire for them, and it's hard to see the long-range consequences, but the idea of consumers being priced out isn't too far out, which to me is a little alarming. https://m.
randusername: I want a more complete picture of why prices are so high from articles like this. Is supply actively constrained, or is this mostly in anticipation of future shortages? How much of this is a mix of panic buying and price gouging on bad news? I care more about the secondhand marke...
289 points by pentagrama · 135 comments
Professional video editing, color correction, visual effects and audio post production all in a single application. Free and paid versions for Mac, Windows and Linux.
What HN said:
bbatha: For all the potshots about AI, this update is huge even if you take away the AI features. They basically added lightroom to this release. There's some polish before you'd want to change your subscription, but its really tempting.
bluelightning2k: So much respect for Black Magic. They are absolutely World Class and their business model is extremely generous. Having said that, for all the AI features, the big one would be setting key frames etc. with an agent, driving the general editing workflow with text,etc.
darkteflon: Those who have moved to Resolve from FCP: would you share a few words about your experience? I’ve used FCP for a long time but have never loved it. I also have some experience with non-destructive workflows like Blender geonodes and have heard that Resolve adopts a similar paradi...
adzm: Excited to see Resolve continue to improve. Hopefully this encourages more improvement in the wider ecosystem as well. Adobe really could do some amazing stuff with Premiere and After Effects.
276 points by Tomte · 65 comments
What HN said:
billjive: Sorry to hear this, thank you for publishing your account. I first found you years ago from your nfldb project: https://github.com/BurntSushi/nfldb and since then have used xsv and ripgrep. Also, thank you for participating in the clinical trial.
AgentMasterRace: My ex has mast cell activation syndrome. We would have to call for an ambulance 3-4 times a month because some days eating a grape could cause her to go into anaphylactic shock. She was allergic to whatever her body felt like at any given time.
cgh: My wife has a cardiac autoimmune disease that was similarly misdiagnosed (including an appalling “it’s all in your head” from her family MD at the time). We underwent a year of immense stress.
bonsai_spool: One thing that may be intriguing is that this is a relatively new diagnosis (first described in 2007). There's so much medicine to discover and we need to keep supporting a biomedical research enterprise that can find reversible treatments to disorders that would otherwise be dif...
215 points by nathell · 29 comments
An actual Clojure REPL running on my reMarkable 2
What HN said:
vessenes: Nice. That latency is tough though. On that topic, I wrote an equivalent "magic mirror" type tool that lets you write to the mirror/oracle/VLM on the remarkable and get an answer back.
LandR: This awesome! I actually had no idea I could ssh into my Remarkable and do neat stuff like this! > Why do it? It's so impractical! Because you can and it's fun is always a perfectly valid answer here!
arikrahman: Impressive, and a great choice of language. The REPL in Clojure is unmatched.
hiepph: I’m actually impressed by the handwritten blog - really cool concept. Was it exported by writing on remarkable? How did he include link into the text that he wrote?
208 points by ingve · 102 comments
I have spent a large portion of my career working in Java. In that time, you get used to huge classes. New functionality? Just add a new method and field to the class. The cost of each new field is rarely considered.
What HN said:
moring: The article shows nicely how "every byte matters" is false. First, it starts off by talking about the cost of a new field, when the actual topic is array-of-structs vs. struct-of-arrays.
noelwelsh: The JVM is currently pretty bad for memory allocation. Every object (i.e. not a primitive) has a header that IIRC is 12 bytes. But there is good news in JVM land: this will be reduced to 8 bytes in the next JVM release, and Project Valhalla will give the tools to do away with hea...
jadbox: Zig's MultiArrayList is a cool language feature to support objects of collections, and I wish more languages had first class support for it (without overhead of copy's).
agalunar: Perhaps worth noting that the number of lines in a cache is often different than the number of rows, which can be relevant for some workloads. The size of an ordinary cache is rows × ways × size(line), where rows = 2 ↑ num-idx-bits.
207 points by gregsadetsky · 42 comments
An in-depth analysis that explains how this console works internally
What HN said:
malkia: There are memory regions that are mapped to the same physical memory - https://psx-spx.consoledev.net/memorymap/ I worked on the Metal Gear Solid port from PSX to PC, and Konami programmers chose a wild trick to store how the "C4" bomb was planted - either on the wall, or on the...
MrDOS: This is great, but it was originally published in 2019. See the past discussions in 2020: https://news.ycombinator.com/item?id=22932134 (114 comments) and 2021: https://news.ycombinator.com/item?id=27576902 (114 comments also).
adamddev1: What a beautifully designed website. Everything is thoughtfully set-up and well placed. A great example of a well curated digital garden. It feels well kept and very human crafted.
gregsadetsky: Hey all, I posted this as I'm currently working on a PS1-related project that I hope to release soon. Does anyone have recommendations for a PS1 web/js/wasm emulator? PCSX-Redux [0] has been great on desktop, and DuckStation [1] as well.
AI/ML
Business/Tech
Other
Programming
Science
Stories and comments sourced from Hacker News public API. Not affiliated with Y Combinator or Hacker News.