HN Daily - June 18, 2026

HN Daily - June 18, 2026

Today's lineup: * 10,000 GitHub repositories distributing trojan malware — a security researcher walks through how she used GitHub event archives to find a coordinated campaign of fake repos with copied commit history that redirect to malicious zips. * Ubiquiti Enterprise NAS, built on ZFS — license-free, 16-bay, ARM Neoverse, ECC memory, dual 25 GbE, identity-provider integration, native iSCSI, and orchestrated multi-site backup through UniFi. * Swiss parliament lifts ban on new nuclear power plants — National Council approves a counterproposal reversing the post-Fukushima ban; still subject to popular referendum. * Zero-Touch OAuth for MCP — Enterprise-Managed Authorization is now stable; identity providers like Okta become the policy engine, removing per-server consent screens for MCP servers. * Forced consent costs Elkjop one point eight million euros — a five-year saga: a privacy advocate warned them in 2021, the Norwegian DPA finally fined them in 2026. * CS 6120: Advanced Compilers — Cornell's self-guided online course is back on the front page; Bril IR, dataflow analysis, SSA, register allocation, all free. * Hospitals and universities repurposing drugs at 90 percent lower cost — King's College London paper on the parallel drug-innovation system that runs trials outside the patent system. Follow links to the original posts and HN threads via news.ycombinator.com.

HN Daily - June 17, 2026

Today's lineup: * Lore — Epic Games has open-sourced a centralized, content-addressed version control system for game-scale repositories, with binary-first storage, sparse hydration, and folder-level permissions. * US holds off blacklisting DeepSeek and 100+ Chinese firms — Reuters reports a procedural pause; the HN thread is full of developers saying DeepSeek is already their daily driver. * Leaked docs show OpenAI is losing billions a year — most of the cost is inference, not training; the next era of frontier-model economics will be won on serving cost per token. * GLM-5.2 leads the open-weights board — Zhipu's new release tops Artificial Analysis's intelligence index for open weights, with caveats around reasoning tokens used per answer. * Firecracker VMs in EC2, browsers in less than a second — a deep technical post on snapshotting, userfaultfd, two-megabyte pages, and disabling a PS/2 keyboard probe that was costing half a second per session. * Launch HN: CADAM — open-source text-to-CAD in the browser, OpenSCAD compiled to WebAssembly, Three.js rendering, Claude on the language side. * U.S. science is in chaos — Scientific American long-form piece on funding instability breaking the long-standing science-government compact. * Tesco moving 40,000 server workloads off VMware — citing Broadcom licensing conduct; the latest in an accelerating exodus. Follow links to the original posts and HN threads via news.ycombinator.com.

HN Daily - June 16, 2026

Today's lineup: * Running local models is good now — Vicki Boykis on how local LLMs crossed a usefulness threshold for agentic coding on a 64 GB Mac, with GPT-OSS and Gemma as turning points. * SpaceX to buy Cursor for sixty billion dollars — an all-stock deal for Anysphere, the company behind the AI coding editor, closing in Q3; effectively gives xAI a developer-distribution channel. * GrapheneOS ported to Android 17 — same-day port complete, code being pushed, initial public release planned for tomorrow across Pixel 6a through Pixel 10 Pro Fold. * Apple is about to make Hide My Email useless — new aliases will be issued from a private subdomain, making them trivial for services to identify and block. * HTTP requests from Bash using slash dev slash TCP — a no-curl, no-wget trick for minimal containers using a Bash built-in pseudo-device. * Mechanical Watch (2022) — Bartosz Ciechanowski's interactive deep dive on how a mechanical wristwatch actually works, back on the front page. * Stop Using JWTs — the perennial argument that JSON Web Tokens are the wrong tool for browser sessions; use cookie sessions, or PASETO for short-lived signed tokens. * Is Meta destroying its engineering organization? — Pragmatic Engineer reports that 30 to 50 percent of engineers on core teams have been reassigned to data labeling for AI training. Follow links to the original posts and HN threads via news.ycombinator.com.

HN Daily - June 15, 2026

Today's lineup: * Iroh 1.0 — A peer-to-peer networking library hits stable. You dial a key, not an address, and the library figures out how to get there. * A backdoor hiding in a LinkedIn job offer — A bogus recruiter sent a npm package as a take-home; inside was a prepare-script that opened a reverse shell. * Has anyone replaced Claude or GPT with a local model for daily coding? — HN reports on running DeepSeek V4 Flash on a dual-GPU rig and what the workflow trade-offs feel like. * TinyWind — A tiny browser-based pirate sailing game with real wind physics and emergent multiplayer. * My homelab AI dev platform — One developer's writeup of self-hosting an OpenCode agent behind a human-gated pull request workflow. * US battery manufacturing keeps breaking records — FRED data shows domestic battery cell output at the highest level on record. * A peopleless economy? Not technically impossible — An essay arguing the labor share could keep shrinking without breaking the math, and what that would mean. * Banned book library in a WiFi smart light bulb — A maker stuffs censored texts into a cheap smart bulb's flash chip; it serves them over a captive portal. Follow links to the original posts and HN threads via news.ycombinator.com.

HN Daily - June 14, 2026

Sunday roundup with Best of the Week: * Rio de Janeiro homegrown LLM appears to be a weighted merge of two existing models * Did the makers of Claude Fable ask for this? The trust gap keeps widening * Stanford grads stage a visible walkout during Sundar Pichai commencement speech * The Jqwik Anti-AI Affair: maintainer sunsets the project as protest * The only scalable delete in Postgres is dropping the whole table at once * Firewood Splitting Simulator: a Sunday front-page hit * Your ePub Is Fine. Kobo Disagrees. Blame Adobe. * Best of the Week: the full Claude Fable saga, from leaked launch to fail-cleanly demands