Hacker News — 2026-05-23#

Top Story#

Pardon MIE? Bypassing Apple MIE The standout post today is a brilliant, highly technical teardown of CVE-2026-28952, revealing how researchers bypassed Apple’s heavily marketed Memory Integrity Enforcement (MIE) on the new M5 silicon. It took a three-person team and an AI assistant just five days to go from zero to a root shell. The vulnerability was a classic integer overflow inside _zalloc_ro_mut—the single trusted kernel function allowed to modify read-only zones—and Apple patched it by simply moving an overflow check two instructions earlier. It’s a perfect reminder that hardware-level memory tagging doesn’t protect you if the authorized gatekeeper can be tricked into writing to the wrong slot.

Tech News — 2026-05-23#

Story of the Day#

SpaceX’s colossal Starship V3 successfully executed its first test flight, deploying a payload of mock Starlink satellites before surviving a blazing reentry to splash down in the Indian Ocean. This marks a massive step forward for the economics of orbital logistics and validates the V3 architecture, even though the Super Heavy booster spun out of control and broke apart over the Gulf of Mexico during its descent.

Tech News — Week of 2026-05-16 to 2026-05-22#

Story of the Week#

SpaceX’s highly anticipated IPO filings peeled back the curtain on Elon Musk’s labyrinthine empire, revealing the aerospace firm is actually a massive artificial intelligence powerhouse in disguise. The S-1 exposed a staggering $45 billion compute deal with Anthropic and highlighted $20.7 billion in capital expenditures to fuel Musk’s data-centers-in-space ambitions. By pitching investors on a $26.5 trillion total addressable market, Musk is effectively betting SpaceX’s future—and its record-shattering $2 trillion valuation—on dominating the AI hardware and software landscape.

Company@X — 2026-05-21#

Signal of the Day#

Tesla has officially ended production of its flagship Model S and Model X vehicles, holding a final signature delivery event to hand over the last cars ever manufactured. The company is sunsetting the foundational vehicles that initiated the modern electric vehicle era to focus its legacy and resources entirely on its vision for full autonomy.

Hacker News — 2026-04-03#

Top Story#

In a perfect collision of civic hacking and AI orchestration, a developer used autonomous agents to parse the entire US Code into a Git repository over a single weekend. Treating legal amendments like pull requests hits the core of the HN ethos: law is just code executing on the system of society, and it desperately needs a clean diff history.

Front Page Highlights#

Decisions that eroded trust in Azure – by a former Azure Core engineer An ex-Azure Core engineer delivers a scathing post-mortem on how Microsoft leadership attempted to port 173 management agents to a tiny, Linux-running ARM SoC. It’s a classic tale of architectural hubris detached from hardware realities, with the author claiming this localized complacency threatened major clients like OpenAI and the US government.

Simon Willison — 2026-04-03#

Highlight#

The overarching theme today is the sudden, step-function improvement in AI-driven vulnerability research. Major open-source maintainers are simultaneously reporting that the era of “AI slop” security reports has ended, replaced by an overwhelming tsunami of highly accurate, AI-generated bug discoveries that are drastically changing the economics of exploit development.

Posts#

Vulnerability Research Is Cooked · Source Highlighting Thomas Ptacek’s commentary, Simon notes that frontier models are uniquely suited for exploit development due to their baked-in knowledge of bug classes, massive context of source code, and pattern-matching capabilities. Since LLMs never get bored constraint-solving for exploitability, agents simply pointing at source trees and searching for zero-days are set to drastically alter the security landscape. Simon is tracking this trend closely enough that he just created a dedicated ai-security-research tag to follow it.

Engineering @ Scale — 2026-04-03#

Signal of the Day#

GitHub’s architectural rewrite of their PR diff view demonstrates that scaling complex React applications requires abandoning small, heavily-abstracted components in favor of O(1) data access patterns, top-level event delegation, and lazy state rendering. By stripping out redundant useEffect hooks and shifting to Map-based selectors, they cut memory usage by 50% and improved Interaction to Next Paint (INP) by 78% for massive pull requests.

Company@X — 2026-04-04#

Signal of the Day#

Anthropic is restricting Claude subscription access for third-party tools like OpenClaw, prompting Hugging Face to aggressively push users toward open-source local models like Gemma 4. This policy shift highlights a growing fracture between closed API ecosystems moving to lock down interfaces and the open-source community’s push for self-hosted AI.

Hacker News — 2026-04-04#

Top Story#

Post Mortem: axios NPM supply chain compromise The JavaScript ecosystem is on fire again, as the lead maintainer of the incredibly popular axios library was compromised via a targeted social engineering campaign that deployed RAT malware. Attackers published two malicious versions (1.14.1 and 0.30.4) that inject a dependency installing a remote access trojan across macOS, Windows, and Linux. While the packages were only live for three hours, the blast radius is massive, and anyone who ran a fresh install between 00:21 and 03:15 UTC on March 31 needs to nuke their node_modules and rotate all secrets immediately.

Company@X — 2026-04-05#

Signal of the Day#

OpenClaw has successfully navigated an abrupt platform eviction by Anthropic, pivoting to optimize OpenAI’s GPT-5.4 with custom personality harnesses to mitigate initial quality regressions. This proprietary friction has simultaneously triggered Hugging Face to release tools encouraging developers to decouple OpenClaw entirely in favor of local and open-source models.