New stories

The article provides a detailed analysis of the TR Chrysalis backdoor, a component of the Lotus Blossom toolkit used in cyber espionage campaigns. It examines the backdoor's functionality, capabilities, and connections to the broader Lotus Blossom infrastructure, offering insights into the tactics, techniques, and procedures employed by this advanced persistent threat group.

I was revising my proposal defense and kept feeling like I was repeating the same term. In a typical LaTeX project split across many .tex files, it’s awkward to get a quick, clean word-frequency view without gluing everything together or counting LaTeX commands/math as “words”.

So I built latex-wc, a small Python CLI that:

- extracts tokens from LaTeX while ignoring common LaTeX “noise” (commands, comments, math, refs/cites, etc.)

- can take a single .tex file or a directory and recursively scan all *.tex files

- prints a combined report once (total words, unique words, top-N frequencies)

Fastest way to try it is `uvx latex-wc [path]` (file or directory). Feedback welcome, especially on edge cases where you think the heuristic filters are too aggressive or not aggressive enough.

The article explores the rise of 'buy now, pay later' services and their impact on consumer spending and the retail industry. It discusses the potential risks and benefits of these services, and how they are changing the way people make purchases.

The article explores the author's experience as a white-hat hacker, delving into the challenges of hunting down their own security vulnerabilities to stay ahead of potential attackers. It discusses the importance of proactive vulnerability assessment and the mindset required to effectively protect against cyber threats.

Hi HN,

I’m currently rethinking our hiring process. Like many of you, I feel that traditional algorithmic tests (LeetCode style) are becoming less relevant now that LLMs can solve them instantly. Furthermore, prohibiting AI during interviews feels counter-productive; I want to hire engineers who know how to use these tools effectively to multiply their output.

I am designing a new evaluation framework based on real-world open-source work, and I would love the community’s feedback on whether this sounds fair, effective, or if I’m missing something critical.

The Core Philosophy: We shouldn't test if a candidate can write syntax better than an AI. We should test if they can guide, debug, and improve upon an AI's output to handle the "last mile" of complex engineering.

The Proposed Process:

1. Task Selection (Real World Context) Instead of synthetic puzzles, we select open issues or discussions from public GitHub repositories that share a tech stack with our product.

    Scope: 2–4 hours.

    Types: Implementing a feature based on a discussion, fixing a bug, or reviewing a PR (specifically one that was eventually rejected, to test "taste").

    Ambiguity: Adjusted for seniority. Junior roles get clear specs; senior roles get vague problem statements requiring architectural decisions.

    The Filter: If the AI solves it perfectly on the first try, we discard the task.

    The Sweet Spot: We are looking for tasks where the AI gets 80% right but fails on edge cases, context integration, or complex logic. The problem setup should not be too easy or too hard.

How We Evaluate (The "AI Delta"):

We aren't just looking at the final code. We analyze the "diff" between the Candidate’s process and our "AI Baseline":

    1. Exploration Strategy: How does the candidate "load context"? Do they blindly paste errors, or do they guide the AI to understand the repository structure first? We look for a clear understanding of the existing codebase.

    2. Engineering Rigor (TDD): Does the candidate push the AI to generate a test plan or reproduction script before generating the fix? We value candidates who treat the AI as a junior partner that needs verification.

    3. The "Last 10%" (Edge Cases): Since we picked tasks where AI fails slightly, we look at how the candidate handles those failure modes. Can they spot the boundary conditions and logic errors that the LLM glossed over?

    4. Documentation Hygiene: We specifically check if the candidate instructs the AI to search existing documentation and—crucially—if they prompt the AI to update the docs to reflect the new changes.

    5. Engineering Taste (The Rejected PR): For the code review task, we ask them to analyze a PR that was rejected in the real world (without telling them). We want to see if their reasoning for rejection aligns with our team's engineering culture (maintainability, complexity, clarity, etc.).

    Is analyzing the "Chat History" too invasive, or is it the best way to see their thought process in 2026?

    For those of you hiring now, how do you distinguish between a "prompt kiddie" and a senior engineer who is just very good at prompting?

    Does the 2-4 hour time commitment feel reasonable for a "take-home" if the tooling makes the actual coding faster?

(Full disclosure: In the spirit of this topic, this post was composed by AI based on my draft notes.)

This article explains the Salman Khan personality rights case, which involves the actor's legal battle to prevent the unauthorized use of his name, image, and likeness. The case highlights the evolving legal landscape around personality rights and celebrity protection in India.

I tossed this together this afternoon mostly just to validate a premise: the internet has become so heavily consolidated into a few key discovery surfaces for the common user, and I miss when you could really just get lost in it. Is there a way we can unearth pieces of it we would never actually see under normal circumstances? Wouldn't it be so cool if you could just explore the internet like you're walking through random doors in a long, eternal 6TB hallway?

So, I made RandomCrawl. It's a super minimal website that does nothing more than run a Node script every 30 minutes, pick a random path down the file structure of the Common Crawl dataset, minor filtering for secure .com websites for good measure, and takes a random sample of 50 websites from the chunk.

There has been a ton of noise, but it has been surprisingly fun. I feel like an internet archaeologist. For every 5 random sass websites, you get like some random tourism site for a town you've never heard of, or an ancient blogspot from the early 2000s.

Here are a couple of great finds so far: https://ahapoetry.com/ https://alexunu.blogspot.com/2007/ https://www.brtpeinture.com/

I'm not sure I'll do much more with the website since it was an experiment, but you can bet I'll be digging around this dataset some more. It reminded me there is still a lot of expression out there on the internet, and its amazing some of these sites are even still live. It's way more fun to explore than to mindlessly scroll one of our five favorite websites.

disclaimer: im not filtering out nsfw so keep that in mind

The article discusses a new children's book titled 'The Little Bots of Moltbook', which explores the adventures of a group of friendly robots as they navigate the challenges and wonders of their enchanted world, teaching young readers valuable lessons about teamwork, problem-solving, and the importance of embracing differences.

ForestUI is an open-source user interface library that provides a set of customizable and responsive components for web development. The library is designed to help developers build modern and visually appealing web applications quickly and efficiently.

The article discusses concerns about the Australian government's plan to share biometric data, such as facial recognition, with foreign agencies like Donald Trump's ICE. It highlights privacy and civil liberties issues surrounding the expanded use of this data for surveillance and law enforcement purposes.

A few weeks ago I posted about GoodToGo https://news.ycombinator.com/item?id=46656759 - a tool that gives AI agents a deterministic answer to "is this PR ready to merge?" Several people asked about the larger orchestration system I mentioned. This is that system.

I got tired of being a project manager for Claude Code. It writes code fine, but shipping production code is seven or eight jobs — research, planning, design review, implementation, code review, security audit, PR creation, CI babysitting. I was doing all the coordination myself. The agent typed fast. I was still the bottleneck. What I really needed was an orchestrator of orchestrators - swarms of swarms of agents with deterministic quality checks.

So I built metaswarm. It breaks work into phases and assigns each to a specialist swarm orchestrator. It manages handoffs and uses BEADS for deterministic gates that persist across /compact, /clear, and even across sessions. Point it at a GitHub issue or brainstorm with it (it uses Superpowers to ask clarifying questions) and it creates epics, tasks, and dependencies, then runs the full pipeline to a merged PR - including outside code review like CodeRabbit, Greptile, and Bugbot.

The thing that surprised me most was the design review gate. Five agents — PM, Architect, Designer, Security, CTO — review every plan in parallel before a line of code gets written. All five must approve. Three rounds max, then it escalates to a human. I expected a rubber stamp. It catches real design problems, dependency issues, security gaps.

This weekend I pointed it at my backlog. 127 PRs merged. Every one hit 100% test coverage. No human wrote code, reviewed code, or clicked merge. OK, I guided it a bit, mostly helping with plans for some of the epics.

A few learnings:

Agent checklists are theater. Agents skipped coverage checks, misread thresholds, or decided they didn't apply. Prompts alone weren't enough. The fix was deterministic gates — BEADS, pre-push hooks, CI jobs all on top of the agent completion check. The gates block bad code whether or not the agent cooperates.

The agents are just markdown files. No custom runtime, no server, and while I built it on TypeScript, the agents are language-agnostic. You can read all of them, edit them, add your own.

It self-reflects too. After every merged PR, the system extracts patterns, gotchas, and decisions into a JSONL knowledge base. Agents only load entries relevant to the files they're touching. The more it ships, the fewer mistakes it makes. It learns as it goes.

metaswarm stands on two projects: https://github.com/steveyegge/beads by Steve Yegge (git-native task tracking and knowledge priming) and https://github.com/obra/superpowers by Jesse Vincent (disciplined agentic workflows — TDD, brainstorming, systematic debugging). Both were essential.

Background: I founded Technorati, Linuxcare, and Warmstart; tech exec at Lyft and Reddit. I built metaswarm because I needed autonomous agents that could ship to a production codebase with the same standards I'd hold a human team to.

$ cd my-project-name

$ npx metaswarm init

MIT licensed. IANAL. YMMV. Issues/PRs welcome!

The article explores the case of a Labor minister who was briefly considered a Canadian citizen despite his efforts to renounce it, highlighting the complexities of dual citizenship and the political implications in Australia.

Especially interested in people using AI for brownfield development, but generally interested in if people are continuing down the spec driven path, or if agents + skills/prompts/mcp/agents.md/something else is filling the niche spec driven development was trying to capture.

Question was prompted by seeing spec kit have no commits for over a month an no obvious integration with GitHub’s new agents integration.

I discovered a free online Pomodoro timer in 2018. [1] I'd been a frequent user of it from then until it was decommissioned in early '25. I found it super helpful for timeboxing stuff within easy-to-commit-to intervals.

About a month ago, I started having really intense hunger pangs for it.

A few pages of the original implementation are archived on the Wayback Machine. A couple weeks ago, I got the idea to reverse-engineer it using those pages as a reference.

That's when I started researching what the Claude Code fuss was about. I wasn't then and am still not ready to spend money on AI. So, when I stumbled on the free Claud.ai, I figured I'd test it out on my reverse-engineering idea.

I used Copilot, Sourcegraph's Cody Visual Studio Code agent and ChatGPT a decent amount last year. More recently I've been using Gemini Code Assist. But this project was my first time ever using Claud.ai.

I guess Claude.ai in the browser uses React and Tailwind CSS for building web apps. I'm not a frontend developer. So, I had zero experience with either of those particular frameworks.

And that's the remarkable thing about the outcome. [2] Having zero experience with those specific technologies, I managed to successfully reverse-engineer a 95%-working online timer that's ≈faithful to the original, in my spare time!

Claud.ai in the browser turned out to be the perfect development environment for this particular experiment. Having the browser's Developer Tools handy was literally priceless for digging around in the HTML and CSS. Together with The Wayback Machine, that was hugely key to having Claud.ai (and the also-free Gemini CLI in later iterations) nail the original look and feel of the Marinara Timer as closely as I could.

I gotta say: Like all of my hobby projects, I took my sweet time on this one, too. Hobby projects are as much about learning for me as they are about the finished thing itself.

[1] https://g2ww.short.gy/1SpicyTomater

[2] http://lingocoder.com/clod.ai/

The article explains the concept of time dilation, a fundamental principle in Einstein's theory of relativity, which states that the passage of time is not absolute but depends on the relative motion of the observer and the observed object.

Basis Universal is a GPU-accelerated texture compression format that offers high-quality image compression with low computational overhead, making it suitable for real-time applications like games, virtual reality, and streaming services.

Waymo, Alphabet's self-driving car unit, has raised $16 billion from Alphabet and other investors to expand its autonomous vehicle service offerings and technological capabilities.

This article explores how Kafka queues can help businesses survive the challenges of streaming data, offering a scalable and reliable solution for processing large volumes of real-time data across multiple services and systems.

Former President Trump urges Republicans to focus on nationalizing voting processes, claiming that this would help the party win elections. The article discusses Trump's efforts to influence the GOP's approach to voting and election administration.

The article explores how the exploration of deep caves on Earth is providing valuable insights into the search for extraterrestrial life, as these underground environments can offer clues about the potential habitats and conditions that could support life on other planets.

I built AuthFill after catching myself switching between tabs for the hundredth time just to copy a 6-digit verification code. You know the dance: sign up → wait for email → hunt through promotions tab → memorize code → switch back → already expired.

AuthFill kills that friction. You connect your email accounts once, then whenever you hit a verification field, just click the extension icon. It instantly parses your recent emails, grabs the code (or link), and copies it or opens the link directly in a new tab.

Works for: - Email verification codes & magic links - 2FA/OTP codes - Password reset flows - All major email providers

Would love your thoughts and happy to answer any questions!

The world's top central banks are testing a cross-border payments system that could enable faster, cheaper, and more transparent international money transfers. The project, known as the Nexus initiative, involves the Bank for International Settlements, the European Central Bank, and several other major central banks.

Adobe is shutting down its Animate software, formerly known as Flash Player, on December 31, 2020. This move marks the end of an era for the once-ubiquitous web animation tool, as Adobe shifts its focus to other creative applications.

The article discusses the security vulnerabilities discovered in the Moltbook, a popular cryptocurrency hardware wallet. It outlines how researchers were able to bypass the device's security measures and gain unauthorized access, raising concerns about the safety of user funds stored on the wallet.

I've been frustrated with how much data standard LLM interfaces collect, so I built a barebones, privacy-focused alternative.

Key features:

Private AI conversations with zero data retention. Account and billing identity exist. Prompt and response content does not. In-memory processing only · No chat history · No training on your data Free option with no credit card info needed. Short, clean domain for easy sharing: wraith.sh

Goal: A genuinely private way to use LLMs for sensitive brainstorming, drafting, or just messing around without a paper trail.

I'd love feedback on the UI/UX, and especially any ideas for privacy-preserving features I could add. Try it here: https://wraith.sh