Hasty Briefs - Daily Tech News Brief

Bilingual

Mythos Discovered a CVE in Its Training Data – and That's Still Worrying
3 hours ago
- Anthropic claims Claude Mythos achieved the 'first remote kernel exploit discovered and exploited by an AI', involving CVE-2026-4747 in FreeBSD's networked file system.
- The vulnerability is a stack overflow in `svc_rpc_gss_validate()` due to missing bounds checks on `oa_length`, a 'textbook' bug existing for about 20 years.
- Code traces back to Sun Microsystems' ONC RPC and NFS from the 1980s, later adapted by MIT Kerberos and copied into FreeBSD, similar to CVE-2007-3999 patched in 2007.
- This suggests AI's 'discovery' may be combinatorial creativity, finding vulnerabilities already in its training data, not necessarily entirely new exploits.
- The real threat is recycled insecure code from legacy systems, which AI can efficiently pattern-match and exploit, making cyber attacks cheaper and more accessible.
- Agentic defense is crucial to counteract AI-driven exploits, emphasizing proactive patching and leveraging AI for cybersecurity before attackers do.
Guitar tuner that uses phone accelerometer
3 days ago
- Press phone firmly against guitar body to detect vibrations
- Raw vibration data shown per axis, with combined magnitude in |a|
- Pitch detection from strongest axis, alias-corrected for string frequency
- Requires motion permissions; optimal on Android with high-rate IMU
Mythos Finds a Curl Vulnerability
4 hours ago
- Anthropic's new AI model Claude Sonnet 3.5 analyzed curl's source code and found 5 confirmed security vulnerabilities.
- The curl security team reviewed the findings: 1 was a low-severity vulnerability to be fixed in next release, 4 were false positives.
- The AI analysis found about 20 bugs total - some already documented limitations, others minor issues not security flaws.
- curl is extensively fuzzed and audited; finding novel vulnerabilities in core areas is increasingly difficult.
- AI code analyzers excel at finding traditional bugs and providing explanations, but haven't yet found novel vulnerability classes in curl.
- All projects should scan their code with AI tools to find bugs early, but this doesn't replace human review and security practices.
Seeing Birdsong
3 days ago
- Seeing Birdsong is a framework that transforms bird vocalizations into geometric forms.
- It was first publicized at the 4th Ultrasonic Vocalization Conference by the Nencki Institute.
- The project aims to merge art and acoustic science to visualize and study animal sounds.
- Originally started with audio-driven oscillators, it evolved into a rigorous acoustic analysis system.
- It converts sound into high-dimensional vectors and 3D manifolds for visual representation.
- Applications span art (live performances, installations), science (vocal analysis, pattern discovery), and education (teaching acoustics).
The Fast Way to Sweden – BGP Routing Experiments
2 days ago
- Ping times from Helsinki to a Stockholm VPS were unexpectedly high, showing varied performance across ISPs and protocols.
- IPv6 generally offered lower latency compared to IPv4, with notable improvements in connections to Tallinn.
- Route analysis revealed circuitous paths, including a Helsinki-Moscow-Stockholm route via Hetzner.
- Using BGP communities to restrict route announcements to specific peers reduced ping times significantly.
- Implementing 'Do not export out of metro' community lowered average RTT from ~40ms to ~8ms for fixed connections.
- The experiment highlighted the importance of controlling prefix announcements in anycast networks for optimal routing.
Iran mulls taking control of all 7 cables passing through Strait of Hormuz
5 hours ago
- Iran is taking steps to gain full control over 7 undersea internet cables in the Strait of Hormuz.
- Tehran proposes a governance model requiring permits, toll payments, and compliance with Iranian law for cable passage.
- Iran aims to exclusively assign management, repair, and maintenance of the cables to Iranian companies.
- The Strait of Hormuz is a critical chokepoint for both oil shipments and digital infrastructure, hosting key fiber-optic cables.
- These submarine cables carry about 99% of global internet traffic and are vital for cloud services and communications.
- The IRGC has previously warned it could target submarine cable infrastructure used by Gulf states.
Gode Cookery – Authentic Medieval Recipes
4 days ago
- Medieval cooking is misunderstood and not dubious; it uses similar ingredients and methods as today, producing delicious, nourishing foods.
- Many recipes are adapted from authentic medieval and Renaissance sources, with documentation and historical accuracy as a priority.
- The site offers a variety of dishes, including pies, stews, roasts, soups, exotic creations like the Cockentrice and Coqz Heaumez, and sweet pastries.
- Gode Cookery includes resources like a table of contents, a discussion group on Facebook, photo galleries, and has been featured on the Food Network.
- Cookbooks and reference materials, such as 'Pleyn Delit' and 'Art of Cookery in the Middle Ages', are available through the Gode Cookery Bookshop.
- Founded by James L. Matterer, with a background in culinary arts and history, the site has been online since 1997, offering catering and workshops.
Outlook on Windows silently scales your email by 1.5×
a day ago
- A 600-pixel-wide newsletter appeared enlarged by 50% in Outlook on Windows for some users.
- The cause was Windows display scaling (125% or 150%) affecting Outlook's Word-based HTML rendering engine, which scales width and height attributes but not text, distorting layouts.
- A fix involves adding an XML namespace with <o:PixelsPerInch>96</o:PixelsPerInch> in the email's <head> to lock DPI, though it's not officially documented by Microsoft.
- Other email quirks include Apple Mail turning dates into calendar links, Outlook freezing GIFs on the first frame, and Yahoo Mail stripping <style> blocks on mobile.
- These issues arise from features designed for other contexts misapplied in email, which is fragmented across multiple platforms.
- To avoid problems, use minimal HTML, such as <td bgcolor="..."> cells with few widths, reducing the surface for client inconsistencies.
Show HN: All 55,256 Slides of the WAR.GOV/UFO Files Searchable and Linkable
20 hours ago
- The system is responsive and loads Release 01 Explorer.
- It prepares an archive tree, collates incidents, and ensures live viewer availability.
- Users can select files or report folders.
- Upon selection, the right pane displays metadata, canonical source links, and an embedded viewer.
Conway's Law and Cross-Hatching
3 days ago
- The strong form of Conway's law suggests that an organization's structure is reflected in its system designs.
- Organizational culture and early team personality quirks shape a company's outputs, exemplified by Palantir's decentralized trust culture.
- Cross-hatching organizational structures, like splitting Forward Deployed Engineers (FDEs) and Software Engineers (SWEs), internalize tension to align with customer outcomes.
- Another cross-hatching example involves separate people leads and project leads, creating healthy tension and decoupling leadership from management.
- At Spiral, challenges arise from context gaps between open-source Vortex and proprietary Spiral, requiring structures to internalize tensions and push ownership to edges.
- AI tooling reduces coding bottlenecks, shifting constraints to consensus, design, and taste, and favoring smaller, faster pods of 3-4 people.
- Smaller pods require robust invisible scaffolding and cross-hatching to align mandates and internalize tension effectively.
7 lines of code, 3 minutes: Implement a programming language (2010)
6 hours ago
- The lambda calculus is a minimalist, higher-order functional programming language known as the lambda calculus.
- The lambda calculus lives at the core of major functional languages like Haskell, Scheme, and ML, and also exists within JavaScript, Python, and Ruby.
- Alonzo Church developed the lambda calculus in 1929, before computers existed, as a mathematical notation for reasoning about functions.
- Alan Turing defined the Turing machine, which became the first accepted definition of a general-purpose computer, and it was soon discovered that the lambda calculus and the Turing machine were equivalent.
- The lambda calculus has only three kinds of expressions: variable references, anonymous functions (lambda terms), and function calls.
- Anonymous functions are written with a 'λ-dot' notation, e.g., '(λ v . e)' is the function that accepts an argument 'v' and returns the value of 'e'.
- Function calls are written by putting two expressions adjacent, e.g., '(f e)'.
- The lambda calculus achieves Turing-equivalence through two of the coolest programming hacks out there: Church encodings and the Y combinator.
- A 7-line, 3-minute interpreter for the lambda calculus in R৫RS Scheme demonstrates an environment-based denotational interpreter.
- The interpreter uses two core functions: 'eval' and 'apply', with conceptual signatures: 'eval : Expression * Environment -> Value' and 'apply : Value * Value -> Value'.
- Racket provides a match construct that cleans up the interpreter, making it cleaner and easier to understand.
- The eval/apply design of the interpreter scales to much bigger languages; for example, in about 100 lines we can implement an interpreter for a sizable subset of Scheme itself.
- We can add various expression forms (variables, constants, primitives, conditionals, bindings, mutation, sequencing) and top-level forms (function definition, global definition) to the language.
- The entire interpreter, with test harness and test cases, fits in a concise implementation.
- Modifying the last interpreter allows quickly testing out new ideas for programming languages by separating syntactic design from semantic design.
Amazon uses its logistics empire to take on UPS and FedEx in freight, shipping
12 hours ago
- Amazon introduced Amazon Supply Chain Services, integrating its logistics network into a single offering for any business, including those not selling on Amazon's marketplace.
- Initial customers include major companies like Procter & Gamble, 3M, Lands’ End, and American Eagle Outfitters, utilizing Amazon's freight, fulfillment, and parcel services.
- The service supports order fulfillment from competing platforms such as Walmart and Shopify, putting Amazon in direct competition with UPS and FedEx, whose shares dropped nearly 10%.
- Amazon's stock rose slightly, and the company is now the largest parcel shipper by volume in the U.S., leveraging a vast infrastructure of fulfillment centers, trailers, and aircraft.
- The launch mirrors Amazon's strategy with AWS, turning internal capabilities into external businesses, amid concerns over data privacy, which Amazon addresses by prohibiting the use of customer data for marketplace decisions.
- Pricing for Amazon Supply Chain Services varies based on usage, and this move follows other initiatives like selling AI chips and robotics externally.
Shelf Source: Tom MacWright
2 days ago
- Tom MacWright finds 'The World Beyond Your Head' pivotal for structuring his philosophy on technology and embodiment.
- He reviews every book he finishes, despite complexities from knowing authors, and maintains his reviewing integrity.
- MacWright believes writing regularly enhances reading appreciation, similar to how painting studies deepen art understanding.
- He recommends books like 'Priestdaddy' and 'Capital,' emphasizing political-economic works for understanding societal issues.
- MacWright moved book reviews to his website in 2017, avoiding gamification and embracing slow reading for poetic works.
- He appreciates sci-fi for exploring concepts, but dislikes excessive world-building, favoring authors like Ted Chiang.
The Greatest Shot in Television: James Burke Had One Chance to Nail This Scene
7 hours ago
- A rocket launch clip from 45 years ago is considered 'the greatest shot in television'.
- James Burke explains rocket fuel ignition using a thermos flask analogy, timed perfectly with a launch.
- The clip is from 'Connections' (1978), a series tracing historical science and technology evolution.
- It concludes a 50-minute episode linking credit cards to the Saturn V rocket.
- The series remains relevant for its intellectual and visual boldness, with 18 million YouTube views.
- A minor visual trick involves Burke walking into a pre-framed rocket shot.
- Burke's closing line references moon and Moscow, less dated now than in recent years.
- The article includes related content on cinematic shots and science videos.
- Author Colin Marshall writes on cities and culture, based in Seoul.
How Fast Does Claude, Acting as a User Space IP Stack, Respond to Pings?
11 hours ago
- Claude can act as a user-space IP stack and read/write raw packets via TUN + FIFO
- ping command tests the stack
- Implement by reading packet hex, parsing IP/ICMP headers, building proper echo reply
- ping Claude works - latency ~45 seconds (due to model speed)
I'm going back to writing code by hand
9 hours ago
- AI can write features but not architecture, leading to a 'god object' where a single struct holds everything and state bleeds between views.
- Velocity from AI-assisted coding creates an illusion of infinite implementation budget, but complexity remains finite, causing scope creep and eventual collapse.
- AI gravitates to shortcuts like positional arrays and direct state mutation, which become time bombs that cause subtle bugs like data races and incorrect sorts.
- Guardrails like a CLAUDE.md file with architecture rules, state ownership, scope boundaries, and concurrency rules are essential to steer AI toward maintainable code.
- The author is rewriting the project with upfront design, typed structs, isolated views, proper message passing, and no shared mutable state to avoid past mistakes.
Checkmate in Iran
12 hours ago
- A U.S. defeat in the conflict with Iran would be a total, irreversible strategic loss, unlike past setbacks that were either reversed or did not harm America's global standing.
- Iran's control of the Strait of Hormuz would make it a key regional and global player, strengthening allies like China and Russia while diminishing U.S. influence and exposing American unreliability.
- Military and economic pressure, including 37 days of bombing and blockades, have failed to collapse Iran's regime or extract concessions, as it withstands attacks and imposes hardships on its populace.
- Further military action risks catastrophic Iranian retaliation, such as crippling oil and gas infrastructure for years, potentially triggering a prolonged global economic crisis.
- President Trump faces limited options: declaring victory and withdrawing may seem the least bad choice, given the risks and costs of a larger war that could still end in failure.
- Iran has no incentive to reopen the Strait of Hormuz fully, as control allows it to demand tolls, limit transit based on relations, and hold the global energy market hostage, enhancing its leverage.
- U.S. defeat would force Gulf states and other nations dependent on Gulf energy to accommodate Iran, shifting regional power dynamics and undermining American hegemony.
- The crisis may spur a global naval arms race as countries, losing faith in U.S. protection, build fleets to secure energy supplies in a disordered world.
- America's reduced military readiness and depleted weapons stocks from the war raise doubts among allies about its staying power in future conflicts, accelerating the shift to a post-American world.
James Schuyler's Genius
2 days ago
- The essay begins with a personal reflection on October, linking procrastination to preparing to write about James Schuyler's poetry.
- Schuyler's poem 'October' uses repetition and imagery to capture autumn's ephemeral nature, blending organic and literary elements.
- Schuyler, a key figure in the New York School, faced belated recognition; his work focuses on daily life with a diaristic, observational style.
- Nathan Kernan's biography, 'A Day Like Any Other', details Schuyler's turbulent life, including mental health struggles and queer artistic circles.
- Kernan's biography risks overshadowing Schuyler's poetic beauty by emphasizing vulnerable, uncomfortable personal details.
- Schuyler's poetry transforms real events into art, avoiding confession; it balances mundane details with metaphysical reflections.
- His poems, like 'Hymn to Life', explore aging, memory, and daily life, embracing circularity and the present moment.
- Schuyler's work resonates today for its immediacy, forgetfulness, and focus on fleeting joys amid precarity and digital permanence.
- A Schuyler renaissance is underway, with readers drawn to his unmediated style and ability to find moorings in flux.
You Need AI That Reduces Maintenance Costs
11 hours ago
- AI coding agents must reduce maintenance costs in proportion to productivity gains, otherwise the benefits are temporary and lead to long-term productivity decline.
- Maintenance costs for code are ongoing and cumulative; higher output without reduced maintenance multiplies future maintenance workload.
- Productivity is heavily determined by maintenance overhead; historical data shows teams becoming less effective over time due to increasing maintenance demands.
- If AI-generated code increases maintenance costs or is less maintainable, initial productivity gains vanish and can result in worse long-term outcomes than not using AI at all.
- To avoid being locked into higher maintenance costs, AI tools need to cut maintenance costs inversely to the increase in code output (e.g., double output requires half the maintenance cost per unit).
AI Productivity Fails
10 hours ago
- Most AI users see only 10–20% productivity gains, not the 10x often claimed, due to personal and organizational barriers.
- Real 10x productivity requires personal practice changes (shifting left, closing loops, building leverage) and organizational refactoring (outcome focus, loop ownership).
- Personal pitfalls include not shifting left, mismanaging AI on small tasks, low/high parallelism, staying in the loop, and failing to build reusable skills or domain expertise.
- Organizational pitfalls include rewarding usage over outcomes, tool sprawl, low-quality skills, fast AI output outpacing review, handoffs absorbing gains, and unclear top-down or bottom-up strategies.
- AI multiplies existing efficiencies or inefficiencies; gains beyond 20% require rebuilding both personal habits and organizational structures to collapse steps and handoffs.

Hasty Briefsbeta

Mythos Discovered a CVE in Its Training Data – and That's Still Worrying

Guitar tuner that uses phone accelerometer

Mythos Finds a Curl Vulnerability

Seeing Birdsong

The Fast Way to Sweden – BGP Routing Experiments

Iran mulls taking control of all 7 cables passing through Strait of Hormuz

Gode Cookery – Authentic Medieval Recipes

Outlook on Windows silently scales your email by 1.5×

Show HN: All 55,256 Slides of the WAR.GOV/UFO Files Searchable and Linkable

Conway's Law and Cross-Hatching

7 lines of code, 3 minutes: Implement a programming language (2010)

Amazon uses its logistics empire to take on UPS and FedEx in freight, shipping

Shelf Source: Tom MacWright

The Greatest Shot in Television: James Burke Had One Chance to Nail This Scene

How Fast Does Claude, Acting as a User Space IP Stack, Respond to Pings?

I'm going back to writing code by hand

Checkmate in Iran

James Schuyler's Genius

You Need AI That Reduces Maintenance Costs

AI Productivity Fails