HackerNews Digest

Agents can now provision Cloudflare resources automatically through a new protocol co‑designed with Stripe and exposed via Stripe Projects. The workflow lets an AI agent: * Discover available Cloudflare services through a REST‑based catalog API. * Create a Cloudflare account on‑demand (or link an existing one via OAuth) using Stripe as the identity provider, receiving an API token for authenticated calls. * Start paid subscriptions and register domains by sending a Stripe‑issued payment token to Cloudflare; raw credit‑card data never reaches the agent. A default $100 USD/month spend limit is applied, adjustable via budget alerts. Human users only need to log into Stripe, grant consent, and accept Cloudflare’s terms of service; no manual dashboard navigation, token copying, or credit‑card entry is required. The system also offers $100 k of Cloudflare credits to new startups using Stripe Atlas. Any platform with signed‑in users can act as the “Orchestrator,” replicating this integration pattern for other services. Stripe Projects is in open beta; installation requires the Stripe CLI and the Projects plugin.

The DNSSEC debug output for **nic.de** shows the zone’s authoritative data and cryptographic signatures: - **DS record** (key tag 26155, algorithm 8, digest type 2) with SHA‑256 digest `2f06c8cd…c565d`; signed by an RRSIG (type DS, key tag 26155, validity 2026‑05‑05 to 2026‑05‑19). - **DNSKEY set**: - ZSK (key tag 36463, algorithm 8) – public key `AwEAAdkJ…j`. - KSK (key tag 26155, algorithm 8) – public key `AwEAAb/x…GQ==`. - Both keys covered by an RRSIG (type DNSKEY, signed with KSK, same validity window as DS). - **A record** `nic.de. 3600 IN A 81.91.170.12` with an RRSIG (type A, signed by ZSK, same validity window). - **NS records** (ns1–ns4.denic.*) with an RRSIG (type NS, signed by ZSK, same validity window). - **SOA record** (`ns1.denic.de.` primary, `dns-operations.denic.de.` contact, serial 1778019826, refresh 10800 s, retry 1800 s, expire 3600000 s, minimum 1800 s) with an RRSIG (type SOA, signed by ZSK). All responses include EDNS0 (UDP size 1452) and indicate DNSSEC OK (`do = 1`). No errors were reported (RCODE 0, AA = 1).

Telus’s Digital unit has deployed a real‑time speech‑to‑speech system, built by Tomato.ai, to alter the accents of offshore call‑centre agents as they speak with customers. The technology modifies the agents’ voices on‑the‑fly to reduce perceived “accent‑related friction.” Labour organizations have condemned the practice as deceptive and are calling for mandatory disclosure to callers. In response, rival carriers Rogers and Bell have publicly stated they have no intention of implementing comparable voice‑alteration tools. The rollout has sparked immediate public criticism across Canada, prompting media coverage from iPhone in Canada and The Globe and Mail.

Multi-token prediction (MTP) in Gemma 4 uses speculative decoding to reduce the latency of large‑language‑model inference, which is typically memory‑bandwidth bound. A lightweight “drafter” model generates a sequence of candidate tokens, while the full‑size target model (e.g., Gemma 4 31B) verifies the draft in a single forward pass, simultaneously producing an additional token. This decouples token prediction from verification, allowing idle compute to be used for parallel token generation and cutting the time per output token. Benefits include: - Lower latency for real‑time chat, voice, and agentic workflows. - Faster execution of large dense (31B) and MoE (26B) Gemma 4 models on consumer GPUs and edge devices. - No loss in model quality, since the target model performs final verification. The approach is positioned as a means to run high‑performance LLMs locally with improved responsiveness and reduced power consumption.

Star Labs’ StarFighter 16‑inch laptop (Mk I) features an oversized solid‑state haptic trackpad that detects pressure and provides vibration feedback to simulate a click, enabling 100 % of the surface to be clickable with consistent response. The glass surface is dyed, toughened, and treated with an oleophobic coating. The device includes a 4K 10‑bit IPS display with a wide viewing angle, a backlit keyboard, optional webcam attachment, and a glass trackpad integrated with a fingerprint reader. Security hardware comprises an Infineon OPTIGA TPM module and the system runs an open‑source coreboot BIOS, visible via its CFR menu. Power is supplied by a 65 W gallium‑nitride USB‑C charger. Additional images depict various national flags (likely for market or shipping representation) and the related StarBook Mk VII model.

The site hosts Nonograph, an open‑source writing program that the author released for free after spending roughly $600 on security reviews. Hosting costs are about $5 per month for several hundred thousand daily users and three proxies. The author argues that adding subscription or ad‑based monetization would increase development overhead and deter users, contending that monetizing hobby‑driven software often shifts motivation from personal fulfillment to profit goals. Citing personal experience selling video‑game content, the author observes that financial pressure can degrade the quality and user‑friendliness of software. The piece advocates treating software development as a creative pursuit rather than a revenue engine, suggesting many projects should remain small, hobby‑level efforts without obligatory commercial structures.

In VS Code 1.110 a setting `git.addAICoAuthor` was introduced to append “Co‑authored‑by: Copilot ” to commit messages. The setting offered three modes: `off` (no attribution), `chatAndAgent` (attribution when code is generated via chat), and `all` (attribution for any AI‑generated code). The default was `off`. In version 1.117 the default was changed to `all`, but a bug caused the attribution to be added even when the `disableAIFeatures` option was enabled, mistakenly marking non‑Copilot completions as Copilot‑authored. The default was reverted to `chatAndAgent` in 1.118, and users could still disable it by setting the value to `off`. For the upcoming 1.119 release (rollout beginning 5 May), the default is restored to `off` and the feature is forced disabled when `disableAIFeatures` is true. Future changes will ensure attribution is added only for AI‑related changes, require explicit user consent before inserting a commit trailer, and consider switching to an “Assisted‑by” format that can include model details. The team is also reviewing testing and release processes to prevent similar issues.

Three Inverse Laws of AI (Susam Pal, Jan 2026) argue that humans, not robots, need guiding principles to avoid over‑reliance on generative AI. The article notes that AI chatbots are now embedded in search, development, and office tools, and that design choices—such as surfacing AI answers at the top of results—encourage users to accept them uncritically, risking habitual trust in potentially inaccurate output. **Inverse Law 1 – Non‑anthropomorphism:** Users must not ascribe emotions, intentions, or moral agency to AI; treating conversational tone as evidence of understanding distorts judgment and can foster emotional dependence. **Inverse Law 2 – Non‑deference:** AI output should never be taken as authoritative without independent verification appropriate to the context; verification may involve peer‑reviewed sources, automated checks (e.g., proof checkers, unit tests), or personal scrutiny, especially where errors are costly. **Inverse Law 3 – Non‑abdication of responsibility:** Humans and organizations retain full responsibility and accountability for decisions that use AI; “the AI told us” is not an acceptable excuse, even in real‑time systems like autonomous vehicles. The author urges adoption of these concise principles to preserve critical judgment, clarify accountability, and treat AI as a tool rather than an authority.

The benchmark compared two Claude Sonnet agents performing the same task on a React‑Admin‑style admin panel: * **Vision agent** (browser‑use 0.12) interacted via screenshots and clicks. With a detailed 14‑step UI walkthrough it completed the task, but required 14 minutes, 400‑750 k input tokens (≈ ½ M on average), and 749‑1257 s wall‑clock time across three runs. It missed off‑screen items without explicit scrolling instructions, showing high non‑determinism (43‑68 reasoning cycles). * **API agent** called the app’s HTTP handlers directly (auto‑generated REST surface of ~30 lines). It finished in under 8 seconds, using < 10 k tokens and exactly 8 tool calls on each of five runs, with token variance of only ±27. The cost gap is roughly **45 ×** (vision token count vs. API). Engineering a structured API surface incurs upfront effort, but eliminates the massive token and time overhead of vision‑based “see‑to‑act” loops, whose step count is fixed by the UI regardless of model improvements. Vision agents remain useful only for unmodifiable third‑party or legacy systems; for internal tools the data show API‑based agents are far more efficient.

Jacqueline Smith, the 13th (and first female) ombudsman for *Stars and Stripes*, was notified via DA Form 3434 that her employment will end on April 28, 2026, with no reason given and the action deemed “not grievable.” Smith asserts the Pentagon—specifically Secretary of Defense Pete Hegseth, Assistant Secretary Sean Parnell, and Deputy Secretary Steve Feinberg—has imposed new restrictions on the newspaper, rescinded a Code of Federal Regulations process that previously protected its editorial independence, and issued an interim policy on March 9 that could be altered arbitrarily. The ombudsman role, created by Congress in 1991 to safeguard *Stars and Stripes* from censorship, reports directly to the House and Senate Armed Services committees. Smith informed those committees of her concerns; Senators Elizabeth Warren, Richard Blumenthal and others sent a letter urging immediate rescission of the policy, while Rep. Jamie Raskin and 38 House members warned Hegseth of political interference. Smith suggests her dismissal aims to silence an outspoken ombudsman while preserving the position in name.