Hacker News — 2026-04-08#

Top Story#

Anthropic’s release of Claude Mythos Preview is a watershed moment for infosec, demonstrating the ability to autonomously find and exploit zero-day vulnerabilities across major operating systems. The model most notably wrote a working, 200-byte ROP chain exploit for a 17-year-old remote code execution bug in FreeBSD’s NFS server without any human intervention.

Front Page Highlights#

[Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates] · Source Microsoft abruptly terminated the code-signing account for the popular encryption tool VeraCrypt without warning, effectively halting its ability to push Windows updates. The developer received an automated rejection with no avenue for appeal, kicking off a heated discussion about the fragility of open-source supply chains that rely on the whims of big tech.

[Pgit: I Imported the Linux Kernel into PostgreSQL] · Source A developer successfully imported 1.4 million Linux kernel commits and 24.4 million file versions into a PostgreSQL database in just two hours using delta compression. Making two decades of git history queryable via SQL revealed incredible insights, like the fact that out of 1.4 million commit messages, all seven f-bombs were dropped by just two people.

[I Ported Mac OS X to the Nintendo Wii] · Source A masterclass in low-level hardware hacking where the author successfully booted Mac OS X Cheetah natively on the Nintendo Wii. The project required writing a custom bootloader from scratch, patching the XNU kernel, and creating custom IOKit drivers to support the Wii’s unique Hollywood system-on-a-chip.

[The AI Great Leap Forward] · Source A sharp, contrarian critique comparing today’s top-down corporate AI mandates to Mao’s Great Leap Forward. The author argues that forced AI adoption is creating unmaintainable “demoware” while employees fake productivity metrics, ultimately hollowing out critical institutional knowledge just like the campaign that killed the sparrows.

[We moved Railway’s frontend off Next.js] · Source Peak framework fatigue as Railway migrated their entire production frontend from Next.js to Vite and TanStack Router to escape painfully slow 10-minute build times. They managed the 200+ route migration with zero downtime in just two pull requests, proving that explicit, client-first stacks can be highly effective for complex dashboards.

[F-35 Got Hit] · Source An Iranian passive-infrared surface-to-air missile successfully struck an F-35, exposing a fundamental architectural flaw in modern stealth aircraft. Stealth technology was designed to defeat radar during the Cold War, but it cannot hide the massive 600°C heat signature of the engine, proving that hundred-million-dollar aircraft can be bypassed by much simpler, cheaper IR sensors.

[S3 Files] · Source AWS just launched S3 Files, allowing developers to natively mount S3 buckets via EFS. VP Andy Warfield details the intense internal engineering debates over bridging the agile, mutation-heavy semantics of traditional file systems with the strict immutability of object storage, ultimately landing on a “stage and commit” architecture.

Show HN & Launches#

The community is shipping tools that push AI closer to the metal and abstract away complexity. TUI-use launched to let AI agents control interactive terminal programs, using a headless xterm emulator so bots can navigate tools like htop or psql just like a human. In the backend space, Skrun allows developers to deploy any agent skill as a callable, stateful API out of the box. For the hardware hackers, there’s a fantastic write-up on building a camera-only robot vacuum for under $300 using a CNN trained via behavioral cloning. Finally, Go-Bt provides a minimalist behavior tree library for Go, using cooperative multitasking instead of infinite while loops for game AI and background workers.

Discussion & Debate#

The news of Mario Zechner joining Earendil with his pi coding agent sparked a deeply reflective discussion on open-source commercialization. Zechner wrote a raw post detailing his lingering trauma from the RoboVM acquisition by Microsoft, emphasizing his desire to prioritize his family over VC-startup burnout while ensuring pi remains sustainably MIT-licensed. Elsewhere, user frustration boiled over regarding Anthropic’s customer support; after a user waited over a month for a refund of $180 in bogus API charges and received only useless automated replies, the community debated the dark irony of a frontier AI company failing completely at basic human support

Categories: News, Tech
Tags: Artificial Intelligence, Cybersecurity, Open Source, Software Engineering, Hardware Hacking
Backward 2026-04-09 2026-04-07 Forward