HackerNews Digest

Gemma 4 is a Google DeepMind platform for creating autonomous agents capable of planning, navigating applications, and executing tasks on users’ behalf. It includes built‑in support for function calling, enabling agents to invoke external APIs or services directly. The page also contains two footer images, labeled “footer_gemma__light” and “footer_gemma__dark.”

None

The essay argues that the open web’s decline is not a new phenomenon caused solely by AI, but the result of long‑standing market dynamics and collective user choices. Large platforms gained power because users repeatedly migrated to them for convenience—easier identity, payments, discovery, hosting, moderation, and analytics—despite knowing that “free” services rely on advertising‑driven surveillance and centralization. This convenience compounded, making openness appear costly and niche. The author stresses that neglect, not innocence, contributed to the shift: users, organizations, and policymakers favored short‑term consumer surplus over sustained economic support for publishing tools, independent hosting, RSS, and moderation. To revive an open web, the piece calls for cultural change—paying for services, using exportable tools, supporting independent software, and rebuilding portable social and economic primitives—so participants act as maintainers and contributors rather than passive consumers. The goal is to create resilient, portable systems that preserve user agency and freedom of movement.

Tailscale’s original macOS client combined a command‑line tool with a menu‑bar status item. On MacBook models with a display notch (starting 2021), the status‑item icon can be rendered within the notch’s invisible zone when other menu‑bar icons fill the available space, making the icon inaccessible. macOS provides no native overflow or repositioning for third‑party items; Apple’s indirect work‑arounds (e.g., moving system icons to Control Center) and third‑party managers such as Bartender are the only options. Tailscale addressed the problem by observing the window’s occlusionState via NSWindow.didChangeOcclusionStateNotification; when the icon is not visible, the app displays a pop‑up warning. This solution is imperfect and may trigger on lid or monitor changes. A more robust fix arrived with the windowed macOS client (enabled by default in version 1.96.2), which runs alongside the menu‑bar app and offers: - searchable device list with status, - ping, IP copy, and Taildrop file transfer, - exit‑node selection with latency‑based recommendation, - Dock‑icon error indicator, - optional “mini player” mode and onboarding tour. The windowed UI reduces reliance on the notch‑prone menu‑bar icon.

The repository “c89cc.sh” provides a self‑contained C89 compiler that generates ELF64 binaries using only portable shell scripts, without external toolchains. It implements the C89 language front‑end, parsing, code generation, and ELF64 output entirely within POSIX‑compatible shell code, enabling compilation on systems lacking a native compiler. The project includes example usage and documentation, and the GitHub page features contributor avatars labeled “@alganet” and “@lucaraymaekers”. The tool is positioned as a minimalistic, pure‑shell solution for building C programs in constrained environments.

NASA’s Artemis II will be the first crewed lunar mission to fly a functional toilet, the Universal Waste Management System (UWMS). Developed by Collins Aerospace under a NASA contract since 2015, the UWMS replaces Apollo‑era bag‑and‑funnel kits with a 3‑D‑printed titanium unit that handles urine and feces simultaneously, provides a solid door for privacy, and includes handholds for microgravity stability. The system is unisex, uses vacuum‑assisted collection, and can be adapted for future lunar and Mars habitats. A prototype was tested on the International Space Station in 2020, with final ISS installation in 2021; a lunar‑specific version has been installed in Orion for Artemis II. NASA officials cite the toilet as “mission‑critical,” noting that earlier Apollo waste systems were unreliable, prone to leaks, and caused crew dissatisfaction. Successful operation on Artemis II is intended to inform waste‑management designs for subsequent Artemis flights and long‑duration deep‑space missions.

Cursor 3 is a redesigned, agent‑centric IDE that unifies local and cloud development workflows. The interface supports multi‑workspace projects, letting humans and AI agents operate across multiple repositories simultaneously. All agents—local, cloud, and those triggered from mobile, web, Slack, GitHub, or Linear—appear in a shared sidebar; cloud agents generate visual demos for verification. Users can transfer an agent session between cloud and desktop instantly, enabling on‑device edits with Composer 2 (a high‑limit coding model) or background execution when offline. A new diffs view streamlines staging, committing, and PR management. Additional features include full LSP navigation, an integrated browser for local site interaction, and a marketplace offering hundreds of plugins (MCPs, skills, subagents) with private team options. Cursor 3 aims to provide the core model, product, and runtime needed for more autonomous agents and collaborative AI‑enhanced coding, while retaining a conventional IDE fallback.

None

The May 27 2004 “D‑squared Digest” entry links business‑school concepts to political judgment, especially regarding the Iraq war. The author recounts an accounting class debate on expensing stock options, concluding that genuinely beneficial ideas would be fully disclosed, while attempts to hide costs indicate falsehood. Applying this to Iraq, the post argues that officials’ claims about weapons of mass destruction were dishonest, so their forecasts should be dismissed entirely. It stresses that projects driven by untrustworthy forecasts—without post‑project audits—inevitably fail, and that audit culture is essential to prevent repeated reliance on liars. The piece references Paul Krugman, the Paulson bailout plan, the book *Development, Geography and Economic Theory*, and suggests using Benford’s Law to test war‑justification data. Overall, it presents a concise argument: good ideas require transparency, and granting credibility to known liars undermines sound decision‑making.

In March 2026 two malicious Axios releases (1.14.1 and 0.30.4) were published to npm from a compromised maintainer account. Both versions introduced the dependency **plain‑crypto‑[email protected]**, which installed a remote‑access trojan on macOS, Windows and Linux. The packages were live for roughly three hours before removal. **Impact & remediation** - Search lockfiles for `[email protected]|0.30.4` or `plain-crypto-js`; if found, treat the host as compromised. - Downgrade to `[email protected]` (or `0.30.3` for 0.x), delete `node_modules/plain-crypto-js`, rotate all secrets, and audit network traffic for connections to `sfrclak.com` or `142.11.206.73:8000`. - Apply the same steps on CI runners and rotate any injected credentials. **Root cause** - Targeted social‑engineering and RAT malware gave the attacker access to the lead maintainer’s PC and npm credentials, allowing unauthorized publishes. **Response** - Full wipe of the maintainer’s devices and reset of all related accounts. - Deprecation of the compromised versions, removal of `plain-crypto-js` from npm, and coordination with npm security. - Planned security upgrades: OIDC publishing flow, immutable releases, automated publish monitoring, and tighter maintainer access controls.