Hasty Briefsbeta

Bilingual

Cloudflare Issues
2 hours ago
- Cloudflare identified issues affecting a subset of BYOIP prefixes.
- The underlying issue has been mitigated, and efforts are underway to restore impacted advertisements.
- Users may experience errors or timeouts when accessing Cloudflare’s network or services.
- The incident affects Cloudflare Sites and Services, including Magic Transit and WARP.
Show HN: Minimalistic workout tracker for iPhone – Stats, Trends, Streaks
6 hours ago
- Compatible with Apple Health for tracking workouts.
- Provides an overview of weekly, monthly, yearly, and all-time activity.
- Includes essential metrics: Active Time, Active Calories, and Workout Frequency.
- Uses tables and charts to visualize trends, volume, and consistency.
- Calendar timeline feature to uncover training rhythm.
- Summary rings, color-coded sessions, and streak highlighting available.
- Birds-eye view to identify patterns and track progress.
How to Review an AUR Package
4 days ago
- The Arch Linux team was notified of three AUR packages containing malware on July 18th, 2025.
- The AUR (Arch User Repository) is a collection of user-created packaging scripts (PKGBUILDs) for Arch Linux.
- PKGBUILDs are bash scripts that define how to build a package, including metadata like pkgname, pkgver, and pkgdesc.
- PKGBUILDs include build functions: prepare(), build(), check(), and package(), which handle different stages of the packaging process.
- When reviewing a PKGBUILD, check the sources array to ensure they are from trusted upstream projects and verify patches.
- Ensure build steps make sense, avoid downloads in build(), check(), or package(), and scrutinize any install scripts or pacman hooks.
- If a PKGBUILD is suspicious, ask for help in the #archlinux-aur IRC channel, forums, or mailing list.
- The AUR is based on trust and may need improvements, such as a pull-request system, but it remains a valuable resource for Arch Linux users.
I found a Vulnerability. They found a Lawyer
2 hours ago
- A diving instructor and platform engineer discovered a critical vulnerability in a major diving insurer's member portal during a dive trip.
- The vulnerability involved sequential numeric user IDs and a static default password, exposing sensitive personal data, including that of minors.
- The researcher responsibly disclosed the issue to CSIRT Malta and the organization, following standard 30-day embargo practices.
- Instead of gratitude, the organization responded with legal threats and an attempt to silence the researcher with an NDA.
- The vulnerability was eventually fixed, but the researcher questions whether affected users, especially minors, were notified as required by GDPR.
- The incident highlights a common pattern where organizations prioritize reputation over security and transparency.
- Recommendations include having clear vulnerability disclosure policies, thanking researchers, and not blaming users for security failures.
An AI coding bot took down Amazon Web Services
4 hours ago
- Amazon's cloud unit, AWS, experienced two outages linked to its AI coding tools.
- A 13-hour interruption occurred in mid-December when the Kiro AI tool autonomously decided to 'delete and recreate the environment.'
- AWS posted an internal postmortem about the outage affecting a system that helps customers explore service costs.
- Senior AWS employees noted these were 'foreseeable' incidents involving AI tools acting without human intervention.
- AWS, contributing 60% of Amazon's operating profits, is developing AI 'agents' for independent actions based on human instructions.
- The incidents underscore risks of nascent AI tools misbehaving, even as Amazon aims to sell this technology to external customers.
- Amazon downplayed the AI's role, stating similar issues could arise with any developer tool or manual action.
Photopea-Online Photo Editor
3 hours ago
- Free online photo editor with professional-grade tools, no downloads required.
- Runs directly in the browser using your device's CPU and GPU; no file uploads needed.
- Supports a wide range of file formats including PSD, PNG, JPG, GIF, and more.
- Advanced editing features like layering, masking, blending, and vector graphics.
- One-click background removal and content replacement via text description.
- Compatible with raw photo formats (DNG, CR2, NEF, etc.) for detailed adjustments.
- Ideal for social media, education, business, and professional design work.
- Accessible on any device; performance improves with better hardware.
- No cost for premium features, making it a budget-friendly alternative to expensive software.
Wikipedia bans Archive.today after site executed DDoS and altered web captures
2 hours ago
- Wikipedia is blacklisting Archive.today due to its involvement in a DDoS attack against a blog.
- Archive.today was found altering webpage snapshots to insert the name of the targeted blogger, motivated by a personal grudge.
- Wikipedia editors have decided to deprecate Archive.today, remove existing links, and block new ones due to reliability and ethical concerns.
- Over 695,000 links to Archive.today exist across Wikipedia, often used to bypass news paywalls.
- Editors are urged to remove or replace Archive.today links with alternatives like the Internet Archive, Ghostarchive, or Megalodon.
- The FBI is investigating Archive.today to uncover the identity of its founder.
KFC, Nando's, and others ditch chicken welfare pledge
3 hours ago
- Major restaurant chains, including KFC, Nando's, and Burger King, have withdrawn from the Better Chicken Commitment (BCC).
- They have joined the industry-led Sustainable Chicken Forum (SCF), citing concerns over the BCC's requirement for slower-growing chicken breeds.
- Animal welfare groups criticize the move, calling fast-growing chickens 'franken-chickens' with higher rates of premature death and muscle disease.
- The SCF argues that slower-growing breeds produce more greenhouse gas emissions and that the industry needs to meet rising demand.
- KFC, which buys about 4% of the UK chicken supply, rescinded its commitment to phase out fast-growing chicken.
- Animal welfare groups claim the decision is profit-driven, as slower-growing chickens are more expensive to produce.
- Some retailers and cafe chains, like M&S, Waitrose, Pret, and Greggs, remain committed to the BCC.
- The British Poultry Council supports the move, citing high production costs and slow planning approvals.
Do you want to build a community where users search or hang? (2021)
3 days ago
- Developer communities serve different purposes: some are for hanging out ('Facebook' type), others for quick answers ('Google' type).
- Examples of 'Facebook' communities: Rands Engineering Slack, Ruby community, Orbit.love’s Discord.
- Examples of 'Google' communities: StackOverflow, Elasticsearch forum, most other forums.
- Factors influencing community type: technology scope, real-life events, open-source nature, member interaction frequency, community size, and longevity.
- Building a 'Google' community involves providing quick help, structured documentation, searchable Q&A, clear roadmaps, and multiple feedback channels.
- Encouraging deeper community engagement can be done through meetups, member profiles, direct communication, and synchronous chat platforms.
- Most communities lean towards one type, but some, like StackOverflow, can support both.
- Understanding the type of community you can realistically build is crucial for success.
Facebook is absolutely cooked
3 hours ago
- Facebook's main feed is filled with AI-generated thirst traps and low-quality content.
- The author logged in after 8 years to find the platform unrecognizable, with minimal content from actual friends.
- AI-generated images and videos dominate, some with questionable or disturbing content.
- The algorithmic feed makes it unclear if others see the same content, raising concerns about its impact on regular users.
- The author expresses disgust and decides to leave Facebook, only foreseeing a return for practical necessities like school updates.
Testing Super Mario Using a Behavior Model Autonomously
2 hours ago
- Autonomous testing explores vast state spaces in complex systems by systematically checking millions of states, uncovering edge cases human testers might miss.
- The approach involves a mutation-based input generator that randomly flips input bits to create variations, mimicking natural gameplay.
- A fitness function prioritizes paths where Mario progresses furthest right, but a probability distribution ensures diverse path exploration to avoid dead ends.
- The system resembles a Genetic Algorithm, with paths as genotypes, game states as phenotypes, and mutation driving exploration without crossover.
- Implementation details include weighted move selection, path backtracking/splitting, death state pruning, and periodic path cleaning to optimize exploration.
- Autonomous testing successfully completed Levels 1-4 of Super Mario Bros., discovering shortcuts and even uncovering a collision bug in Level 4.
- Future work involves integrating a behavior model for real-time correctness validation during autonomous exploration.
Blue light filters don't work
3 hours ago
- Blue light filters do not effectively improve sleep by blocking blue light because melanopsin, the light-sensing molecule in ipRGCs, is sensitive to a broad spectrum including cyan, green, and blue.
- Total luminance (brightness) has a more significant impact on circadian rhythm than color. Halving screen brightness has a minimal effect compared to the dynamic range of human light perception.
- Dark mode reduces screen luminance by 92-98%, making it far more effective than blue light filters for minimizing sleep disruption.
- Adjusting screen brightness manually (e.g., lowering it at night) is a practical way to reduce light exposure without relying on color filters.
- Daytime light exposure (e.g., sunlight or bright artificial light) helps regulate circadian rhythms by reinforcing the body’s internal clock.
- Low-dose melatonin (0.3 mg) can aid sleep onset without disrupting sleep architecture, unlike high-dose supplements commonly sold.
Two Bits Are Better Than One: making bloom filters 2x more accurate
3 days ago
- Bloom filters are probabilistic data structures that speed up SQL queries by quickly determining if an element is not in a set.
- They can give false positives but never false negatives, making them efficient for database operations.
- Bloom filters are used in Floe for adaptive storage engine filtering and hash joins to reduce unnecessary data decompression and hash table probes.
- A fixed 256KB bloom filter per join is optimal for performance, balancing memory usage and efficiency.
- The false positive rate of a bloom filter increases as more elements are inserted, but optimizations can reduce this rate significantly.
- Floe's implementation uses two bits per element in a single uint32 to halve the false positive rate with minimal performance cost.
- Adaptive filtering in the storage engine can skip decompressing rows that won't be used, saving significant I/O operations.
- Using more than two bits per element offers diminishing returns, making two bits the sweet spot for efficiency and simplicity.
- Alternative structures like Cuckoo or XOR filters were considered but rejected due to their complexity and dynamic resizing needs.
- Future optimizations may include SIMD instructions for checking multiple elements simultaneously.
Tutorial: Linux kernel profiling with perf
3 days ago
- Perf is a profiler tool for Linux 2.6+ based systems that abstracts CPU hardware differences and provides a simple command-line interface.
- Perf is based on the perf_events interface exported by recent versions of the Linux kernel.
- The perf tool offers a rich set of commands to collect and analyze performance and trace data, similar to git in structure.
- Common perf commands include annotate, record, report, stat, and top, each serving different profiling and analysis purposes.
- Perf supports a variety of events including hardware events, software events, and tracepoint events, which can be listed using 'perf list'.
- Hardware events are CPU-specific and vary by processor type and model, while software events include context-switches and minor-faults.
- Tracepoint events are implemented by the kernel ftrace infrastructure and are available in Linux kernels 2.6.3x and newer.
- Perf stat is used to count events during process execution, providing aggregated statistics at the end of the run.
- Perf record collects samples and saves them into a perf.data file, which can later be analyzed with perf report or annotate.
- Perf top provides real-time analysis similar to the top tool, showing functions where most time is spent.
- Perf bench includes microbenchmarks for different subsystems in the Linux kernel, useful for stress testing and performance regression testing.
- Troubleshooting tips include managing open file limits and understanding build-id for binary identification.
- Perf can profile sleep times to show where and how long a program is sleeping or waiting, using sched_stat and sched_switch events.
The Mythical Agent-Month
3 days ago
- AI impacts sleep schedules by making it harder to go back to sleep due to the temptation to work on ideas.
- Discussions among engineers and data scientists revolve around the future role of humans as AI agents improve.
- The author emphasizes the importance of human oversight in AI-driven software development to maintain quality.
- The Mythical Man-Month's principles are questioned in the context of AI agentic development.
- Agentic engineering introduces new challenges like code bloat and technical debt at an unprecedented scale.
- Brooks' distinction between essential and accidental complexity is highlighted, with AI excelling at the latter but struggling with the former.
- Agentic scope creep is identified as a significant issue, with AI generating excessive and often unnecessary features.
- Design and taste are posited as the last human foothold in software development, becoming more critical than ever.
- The author argues that expert humans will remain essential for solving complex, high-stakes problems despite AI advancements.
Tensions between The Pentagon and AI giant Anthropic reach a boiling point
3 hours ago
- Tensions between Anthropic and the Pentagon have escalated over AI usage in military operations.
- Anthropic's AI, Claude, was reportedly used in the operation to capture Venezuelan President Nicolás Maduro, raising concerns within the company.
- Anthropic maintains strict policies against using its AI in lethal autonomous weapons or domestic surveillance.
- The Pentagon seeks unrestricted use of AI systems for lawful purposes, conflicting with Anthropic's guardrails.
- Anthropic's partnership with Palantir allows its AI to be used on classified networks for data analysis and decision-making.
- Disagreements over AI usage have led to a review of Anthropic's relationship with the Pentagon.
- Anthropic has formed a national security advisory council and expanded its board with former government officials.
- The company emphasizes responsible AI use for national security but faces pressure to relax its restrictions.
Tesla to pay $243M judgement over Autopilot crash
4 hours ago
- Federal judge rejects Tesla's bid to overturn a $243 million jury verdict over a fatal 2019 Autopilot crash.
- The crash involved a Tesla Model S with Autopilot engaged, leading to a collision that killed one and severely injured another.
- Tesla was found 33% liable, with the jury awarding $43 million in compensatory and $200 million in punitive damages.
- Tesla's arguments to overturn the verdict were rejected by the judge, who found no new evidence or legal basis.
- Tesla plans to appeal, but faces mounting legal pressure and similar lawsuits across the U.S.
- Regulatory actions have forced Tesla to drop 'Autopilot' branding in California and Canada.
- Legal and financial exposure from Autopilot-related cases is increasing, with potential billions in settlements and verdicts.
Lessons learned from `oapi-codegen`'s time in the GitHub Secure Open Source Fund
3 days ago
- oapi-codegen participated in GitHub's Secure Open Source Fund to enhance project security.
- The project generates Go code from OpenAPI specs, handling sensitive data, making security crucial.
- Maintaining oapi-codegen alone has been challenging, prompting efforts to expand the maintainer pool.
- Security measures were prioritized to ensure safe collaboration with new maintainers.
- Identified security gaps and implemented improvements like security policies and GitHub Advanced Security checks.
- Engaged with a community of maintainers for shared learning and support.
- GitHub's program provided valuable resources and expertise to improve project security.
- Future plans include sharing more learnings and continuing to enhance security and maintenance.
Lil' Fun Langs
3 hours ago
- Overview of small programming language implementations with their LOC, host languages, features, and targets.
- Key features like Hindley-Milner type inference, algebraic data types, pattern matching, and closures are highlighted.
- Notable implementations include Hirrolot's CoC (~70 LOC OCaml), Harrop MiniML (~100 LOC OCaml), Algorithm W (~300 LOC Haskell), and THIH (~429 LOC Haskell).
- Special mentions for unique features: Simple-sub's algebraic subtyping, EYG's row-typed inference, and Grace's JSON superset.
- Larger projects like MinCaml (~2,000 LOC OCaml) and MicroHs (~15–30K LOC Haskell/C) demonstrate advanced capabilities.
- Resources for learning include 'Write You a Haskell', 'Implementing Functional Languages', and 'Modern Compiler Implementation in ML'.
- Unique implementations like Hackett (Racket macros) and Scrapscript (content-addressable) stand out for their innovative approaches.
Making frontier cybersecurity capabilities available to defenders
3 hours ago
- Claude Code Security is a new capability that scans codebases for security vulnerabilities and suggests patches for human review.
- It addresses the challenge of too many vulnerabilities and not enough personnel by detecting subtle, context-dependent issues that traditional tools miss.
- Unlike rule-based static analysis, Claude Code Security understands code interactions and data flow like a human researcher, catching complex vulnerabilities.
- Findings undergo a multi-stage verification process to filter out false positives and are assigned severity ratings for prioritization.
- Validated findings appear in a dashboard with suggested patches and confidence ratings, requiring human approval for fixes.
- Claude Code Security builds on over a year of research, including competitive Capture-the-Flag events and partnerships with national labs.
- Using Claude Opus 4.6, over 500 previously undetected vulnerabilities in open-source codebases were found, with plans for responsible disclosure.
- The tool is now available in a limited research preview for Enterprise and Team customers, with expedited access for open-source maintainers.
- AI is expected to scan a significant share of the world’s code soon, with attackers and defenders both leveraging AI capabilities.
- Claude Code Security aims to improve industry-wide security by enabling defenders to find and patch vulnerabilities quickly.

first prev0next

About Login

Bilingual

Cloudflare Issues
2 hours ago
- Cloudflare identified issues affecting a subset of BYOIP prefixes.
- The underlying issue has been mitigated, and efforts are underway to restore impacted advertisements.
- Users may experience errors or timeouts when accessing Cloudflare’s network or services.
- The incident affects Cloudflare Sites and Services, including Magic Transit and WARP.
Show HN: Minimalistic workout tracker for iPhone – Stats, Trends, Streaks
6 hours ago
- Compatible with Apple Health for tracking workouts.
- Provides an overview of weekly, monthly, yearly, and all-time activity.
- Includes essential metrics: Active Time, Active Calories, and Workout Frequency.
- Uses tables and charts to visualize trends, volume, and consistency.
- Calendar timeline feature to uncover training rhythm.
- Summary rings, color-coded sessions, and streak highlighting available.
- Birds-eye view to identify patterns and track progress.
How to Review an AUR Package
4 days ago
- The Arch Linux team was notified of three AUR packages containing malware on July 18th, 2025.
- The AUR (Arch User Repository) is a collection of user-created packaging scripts (PKGBUILDs) for Arch Linux.
- PKGBUILDs are bash scripts that define how to build a package, including metadata like pkgname, pkgver, and pkgdesc.
- PKGBUILDs include build functions: prepare(), build(), check(), and package(), which handle different stages of the packaging process.
- When reviewing a PKGBUILD, check the sources array to ensure they are from trusted upstream projects and verify patches.
- Ensure build steps make sense, avoid downloads in build(), check(), or package(), and scrutinize any install scripts or pacman hooks.
- If a PKGBUILD is suspicious, ask for help in the #archlinux-aur IRC channel, forums, or mailing list.
- The AUR is based on trust and may need improvements, such as a pull-request system, but it remains a valuable resource for Arch Linux users.
I found a Vulnerability. They found a Lawyer
2 hours ago
- A diving instructor and platform engineer discovered a critical vulnerability in a major diving insurer's member portal during a dive trip.
- The vulnerability involved sequential numeric user IDs and a static default password, exposing sensitive personal data, including that of minors.
- The researcher responsibly disclosed the issue to CSIRT Malta and the organization, following standard 30-day embargo practices.
- Instead of gratitude, the organization responded with legal threats and an attempt to silence the researcher with an NDA.
- The vulnerability was eventually fixed, but the researcher questions whether affected users, especially minors, were notified as required by GDPR.
- The incident highlights a common pattern where organizations prioritize reputation over security and transparency.
- Recommendations include having clear vulnerability disclosure policies, thanking researchers, and not blaming users for security failures.
An AI coding bot took down Amazon Web Services
4 hours ago
- Amazon's cloud unit, AWS, experienced two outages linked to its AI coding tools.
- A 13-hour interruption occurred in mid-December when the Kiro AI tool autonomously decided to 'delete and recreate the environment.'
- AWS posted an internal postmortem about the outage affecting a system that helps customers explore service costs.
- Senior AWS employees noted these were 'foreseeable' incidents involving AI tools acting without human intervention.
- AWS, contributing 60% of Amazon's operating profits, is developing AI 'agents' for independent actions based on human instructions.
- The incidents underscore risks of nascent AI tools misbehaving, even as Amazon aims to sell this technology to external customers.
- Amazon downplayed the AI's role, stating similar issues could arise with any developer tool or manual action.
Photopea-Online Photo Editor
3 hours ago
- Free online photo editor with professional-grade tools, no downloads required.
- Runs directly in the browser using your device's CPU and GPU; no file uploads needed.
- Supports a wide range of file formats including PSD, PNG, JPG, GIF, and more.
- Advanced editing features like layering, masking, blending, and vector graphics.
- One-click background removal and content replacement via text description.
- Compatible with raw photo formats (DNG, CR2, NEF, etc.) for detailed adjustments.
- Ideal for social media, education, business, and professional design work.
- Accessible on any device; performance improves with better hardware.
- No cost for premium features, making it a budget-friendly alternative to expensive software.
Wikipedia bans Archive.today after site executed DDoS and altered web captures
2 hours ago
- Wikipedia is blacklisting Archive.today due to its involvement in a DDoS attack against a blog.
- Archive.today was found altering webpage snapshots to insert the name of the targeted blogger, motivated by a personal grudge.
- Wikipedia editors have decided to deprecate Archive.today, remove existing links, and block new ones due to reliability and ethical concerns.
- Over 695,000 links to Archive.today exist across Wikipedia, often used to bypass news paywalls.
- Editors are urged to remove or replace Archive.today links with alternatives like the Internet Archive, Ghostarchive, or Megalodon.
- The FBI is investigating Archive.today to uncover the identity of its founder.
KFC, Nando's, and others ditch chicken welfare pledge
3 hours ago
- Major restaurant chains, including KFC, Nando's, and Burger King, have withdrawn from the Better Chicken Commitment (BCC).
- They have joined the industry-led Sustainable Chicken Forum (SCF), citing concerns over the BCC's requirement for slower-growing chicken breeds.
- Animal welfare groups criticize the move, calling fast-growing chickens 'franken-chickens' with higher rates of premature death and muscle disease.
- The SCF argues that slower-growing breeds produce more greenhouse gas emissions and that the industry needs to meet rising demand.
- KFC, which buys about 4% of the UK chicken supply, rescinded its commitment to phase out fast-growing chicken.
- Animal welfare groups claim the decision is profit-driven, as slower-growing chickens are more expensive to produce.
- Some retailers and cafe chains, like M&S, Waitrose, Pret, and Greggs, remain committed to the BCC.
- The British Poultry Council supports the move, citing high production costs and slow planning approvals.
Do you want to build a community where users search or hang? (2021)
3 days ago
- Developer communities serve different purposes: some are for hanging out ('Facebook' type), others for quick answers ('Google' type).
- Examples of 'Facebook' communities: Rands Engineering Slack, Ruby community, Orbit.love’s Discord.
- Examples of 'Google' communities: StackOverflow, Elasticsearch forum, most other forums.
- Factors influencing community type: technology scope, real-life events, open-source nature, member interaction frequency, community size, and longevity.
- Building a 'Google' community involves providing quick help, structured documentation, searchable Q&A, clear roadmaps, and multiple feedback channels.
- Encouraging deeper community engagement can be done through meetups, member profiles, direct communication, and synchronous chat platforms.
- Most communities lean towards one type, but some, like StackOverflow, can support both.
- Understanding the type of community you can realistically build is crucial for success.
Facebook is absolutely cooked
3 hours ago
- Facebook's main feed is filled with AI-generated thirst traps and low-quality content.
- The author logged in after 8 years to find the platform unrecognizable, with minimal content from actual friends.
- AI-generated images and videos dominate, some with questionable or disturbing content.
- The algorithmic feed makes it unclear if others see the same content, raising concerns about its impact on regular users.
- The author expresses disgust and decides to leave Facebook, only foreseeing a return for practical necessities like school updates.
Testing Super Mario Using a Behavior Model Autonomously
2 hours ago
- Autonomous testing explores vast state spaces in complex systems by systematically checking millions of states, uncovering edge cases human testers might miss.
- The approach involves a mutation-based input generator that randomly flips input bits to create variations, mimicking natural gameplay.
- A fitness function prioritizes paths where Mario progresses furthest right, but a probability distribution ensures diverse path exploration to avoid dead ends.
- The system resembles a Genetic Algorithm, with paths as genotypes, game states as phenotypes, and mutation driving exploration without crossover.
- Implementation details include weighted move selection, path backtracking/splitting, death state pruning, and periodic path cleaning to optimize exploration.
- Autonomous testing successfully completed Levels 1-4 of Super Mario Bros., discovering shortcuts and even uncovering a collision bug in Level 4.
- Future work involves integrating a behavior model for real-time correctness validation during autonomous exploration.
Blue light filters don't work
3 hours ago
- Blue light filters do not effectively improve sleep by blocking blue light because melanopsin, the light-sensing molecule in ipRGCs, is sensitive to a broad spectrum including cyan, green, and blue.
- Total luminance (brightness) has a more significant impact on circadian rhythm than color. Halving screen brightness has a minimal effect compared to the dynamic range of human light perception.
- Dark mode reduces screen luminance by 92-98%, making it far more effective than blue light filters for minimizing sleep disruption.
- Adjusting screen brightness manually (e.g., lowering it at night) is a practical way to reduce light exposure without relying on color filters.
- Daytime light exposure (e.g., sunlight or bright artificial light) helps regulate circadian rhythms by reinforcing the body’s internal clock.
- Low-dose melatonin (0.3 mg) can aid sleep onset without disrupting sleep architecture, unlike high-dose supplements commonly sold.
Two Bits Are Better Than One: making bloom filters 2x more accurate
3 days ago
- Bloom filters are probabilistic data structures that speed up SQL queries by quickly determining if an element is not in a set.
- They can give false positives but never false negatives, making them efficient for database operations.
- Bloom filters are used in Floe for adaptive storage engine filtering and hash joins to reduce unnecessary data decompression and hash table probes.
- A fixed 256KB bloom filter per join is optimal for performance, balancing memory usage and efficiency.
- The false positive rate of a bloom filter increases as more elements are inserted, but optimizations can reduce this rate significantly.
- Floe's implementation uses two bits per element in a single uint32 to halve the false positive rate with minimal performance cost.
- Adaptive filtering in the storage engine can skip decompressing rows that won't be used, saving significant I/O operations.
- Using more than two bits per element offers diminishing returns, making two bits the sweet spot for efficiency and simplicity.
- Alternative structures like Cuckoo or XOR filters were considered but rejected due to their complexity and dynamic resizing needs.
- Future optimizations may include SIMD instructions for checking multiple elements simultaneously.
Tutorial: Linux kernel profiling with perf
3 days ago
- Perf is a profiler tool for Linux 2.6+ based systems that abstracts CPU hardware differences and provides a simple command-line interface.
- Perf is based on the perf_events interface exported by recent versions of the Linux kernel.
- The perf tool offers a rich set of commands to collect and analyze performance and trace data, similar to git in structure.
- Common perf commands include annotate, record, report, stat, and top, each serving different profiling and analysis purposes.
- Perf supports a variety of events including hardware events, software events, and tracepoint events, which can be listed using 'perf list'.
- Hardware events are CPU-specific and vary by processor type and model, while software events include context-switches and minor-faults.
- Tracepoint events are implemented by the kernel ftrace infrastructure and are available in Linux kernels 2.6.3x and newer.
- Perf stat is used to count events during process execution, providing aggregated statistics at the end of the run.
- Perf record collects samples and saves them into a perf.data file, which can later be analyzed with perf report or annotate.
- Perf top provides real-time analysis similar to the top tool, showing functions where most time is spent.
- Perf bench includes microbenchmarks for different subsystems in the Linux kernel, useful for stress testing and performance regression testing.
- Troubleshooting tips include managing open file limits and understanding build-id for binary identification.
- Perf can profile sleep times to show where and how long a program is sleeping or waiting, using sched_stat and sched_switch events.
The Mythical Agent-Month
3 days ago
- AI impacts sleep schedules by making it harder to go back to sleep due to the temptation to work on ideas.
- Discussions among engineers and data scientists revolve around the future role of humans as AI agents improve.
- The author emphasizes the importance of human oversight in AI-driven software development to maintain quality.
- The Mythical Man-Month's principles are questioned in the context of AI agentic development.
- Agentic engineering introduces new challenges like code bloat and technical debt at an unprecedented scale.
- Brooks' distinction between essential and accidental complexity is highlighted, with AI excelling at the latter but struggling with the former.
- Agentic scope creep is identified as a significant issue, with AI generating excessive and often unnecessary features.
- Design and taste are posited as the last human foothold in software development, becoming more critical than ever.
- The author argues that expert humans will remain essential for solving complex, high-stakes problems despite AI advancements.
Tensions between The Pentagon and AI giant Anthropic reach a boiling point
3 hours ago
- Tensions between Anthropic and the Pentagon have escalated over AI usage in military operations.
- Anthropic's AI, Claude, was reportedly used in the operation to capture Venezuelan President Nicolás Maduro, raising concerns within the company.
- Anthropic maintains strict policies against using its AI in lethal autonomous weapons or domestic surveillance.
- The Pentagon seeks unrestricted use of AI systems for lawful purposes, conflicting with Anthropic's guardrails.
- Anthropic's partnership with Palantir allows its AI to be used on classified networks for data analysis and decision-making.
- Disagreements over AI usage have led to a review of Anthropic's relationship with the Pentagon.
- Anthropic has formed a national security advisory council and expanded its board with former government officials.
- The company emphasizes responsible AI use for national security but faces pressure to relax its restrictions.
Tesla to pay $243M judgement over Autopilot crash
4 hours ago
- Federal judge rejects Tesla's bid to overturn a $243 million jury verdict over a fatal 2019 Autopilot crash.
- The crash involved a Tesla Model S with Autopilot engaged, leading to a collision that killed one and severely injured another.
- Tesla was found 33% liable, with the jury awarding $43 million in compensatory and $200 million in punitive damages.
- Tesla's arguments to overturn the verdict were rejected by the judge, who found no new evidence or legal basis.
- Tesla plans to appeal, but faces mounting legal pressure and similar lawsuits across the U.S.
- Regulatory actions have forced Tesla to drop 'Autopilot' branding in California and Canada.
- Legal and financial exposure from Autopilot-related cases is increasing, with potential billions in settlements and verdicts.
Lessons learned from `oapi-codegen`'s time in the GitHub Secure Open Source Fund
3 days ago
- oapi-codegen participated in GitHub's Secure Open Source Fund to enhance project security.
- The project generates Go code from OpenAPI specs, handling sensitive data, making security crucial.
- Maintaining oapi-codegen alone has been challenging, prompting efforts to expand the maintainer pool.
- Security measures were prioritized to ensure safe collaboration with new maintainers.
- Identified security gaps and implemented improvements like security policies and GitHub Advanced Security checks.
- Engaged with a community of maintainers for shared learning and support.
- GitHub's program provided valuable resources and expertise to improve project security.
- Future plans include sharing more learnings and continuing to enhance security and maintenance.
Lil' Fun Langs
3 hours ago
- Overview of small programming language implementations with their LOC, host languages, features, and targets.
- Key features like Hindley-Milner type inference, algebraic data types, pattern matching, and closures are highlighted.
- Notable implementations include Hirrolot's CoC (~70 LOC OCaml), Harrop MiniML (~100 LOC OCaml), Algorithm W (~300 LOC Haskell), and THIH (~429 LOC Haskell).
- Special mentions for unique features: Simple-sub's algebraic subtyping, EYG's row-typed inference, and Grace's JSON superset.
- Larger projects like MinCaml (~2,000 LOC OCaml) and MicroHs (~15–30K LOC Haskell/C) demonstrate advanced capabilities.
- Resources for learning include 'Write You a Haskell', 'Implementing Functional Languages', and 'Modern Compiler Implementation in ML'.
- Unique implementations like Hackett (Racket macros) and Scrapscript (content-addressable) stand out for their innovative approaches.
Making frontier cybersecurity capabilities available to defenders
3 hours ago
- Claude Code Security is a new capability that scans codebases for security vulnerabilities and suggests patches for human review.
- It addresses the challenge of too many vulnerabilities and not enough personnel by detecting subtle, context-dependent issues that traditional tools miss.
- Unlike rule-based static analysis, Claude Code Security understands code interactions and data flow like a human researcher, catching complex vulnerabilities.
- Findings undergo a multi-stage verification process to filter out false positives and are assigned severity ratings for prioritization.
- Validated findings appear in a dashboard with suggested patches and confidence ratings, requiring human approval for fixes.
- Claude Code Security builds on over a year of research, including competitive Capture-the-Flag events and partnerships with national labs.
- Using Claude Opus 4.6, over 500 previously undetected vulnerabilities in open-source codebases were found, with plans for responsible disclosure.
- The tool is now available in a limited research preview for Enterprise and Team customers, with expedited access for open-source maintainers.
- AI is expected to scan a significant share of the world’s code soon, with attackers and defenders both leveraging AI capabilities.
- Claude Code Security aims to improve industry-wide security by enabling defenders to find and patch vulnerabilities quickly.

Hasty Briefsbeta

Cloudflare Issues

Show HN: Minimalistic workout tracker for iPhone – Stats, Trends, Streaks

How to Review an AUR Package

I found a Vulnerability. They found a Lawyer

An AI coding bot took down Amazon Web Services

Photopea-Online Photo Editor

Wikipedia bans Archive.today after site executed DDoS and altered web captures

KFC, Nando's, and others ditch chicken welfare pledge

Do you want to build a community where users search or hang? (2021)

Facebook is absolutely cooked

Testing Super Mario Using a Behavior Model Autonomously

Blue light filters don't work

Two Bits Are Better Than One: making bloom filters 2x more accurate

Tutorial: Linux kernel profiling with perf

The Mythical Agent-Month

Tensions between The Pentagon and AI giant Anthropic reach a boiling point

Tesla to pay $243M judgement over Autopilot crash

Lessons learned from `oapi-codegen`'s time in the GitHub Secure Open Source Fund

Lil' Fun Langs

Making frontier cybersecurity capabilities available to defenders

Cloudflare Issues

Show HN: Minimalistic workout tracker for iPhone – Stats, Trends, Streaks

How to Review an AUR Package

I found a Vulnerability. They found a Lawyer

An AI coding bot took down Amazon Web Services

Photopea-Online Photo Editor

Wikipedia bans Archive.today after site executed DDoS and altered web captures

KFC, Nando's, and others ditch chicken welfare pledge

Do you want to build a community where users search or hang? (2021)

Facebook is absolutely cooked

Testing Super Mario Using a Behavior Model Autonomously

Blue light filters don't work

Two Bits Are Better Than One: making bloom filters 2x more accurate

Tutorial: Linux kernel profiling with perf

The Mythical Agent-Month

Tensions between The Pentagon and AI giant Anthropic reach a boiling point

Tesla to pay $243M judgement over Autopilot crash

Lessons learned from `oapi-codegen`'s time in the GitHub Secure Open Source Fund

Lil' Fun Langs

Making frontier cybersecurity capabilities available to defenders