HackerNews Digest

Claude Opus 4.6 and Sonnet 4.6 now provide a full 1 million‑token context window at standard pricing on the Claude Platform. Pricing remains $5/$25 per million tokens for Opus 4.6 and $3/$15 for Sonnet 4.6, with no premium for longer contexts; a 900 K‑token request costs the same per token as a 9 K request. Key updates: - Uniform rate limits and throughput across the entire window. - Support for up to 600 images or PDF pages per request (up from 100), available on Claude Platform, Azure Foundry, and Google Vertex AI. - No beta header needed; requests >200 K tokens are processed automatically. - 1 M‑token context included for Claude Code users on Max, Team, and Enterprise plans, reducing the need for compaction or summarization. Opus 4.6 achieves 78.3 % on MRCR v2, the highest among frontier models at this context length, enabling full‑codebases, extensive documents, or long‑running agent traces to be processed without lossy summarization.

A security audit uncovered 39 Algolia DocSearch admin API keys exposed on open‑source documentation sites. Algolia’s DocSearch service supplies a search‑only key for frontend embedding, yet many projects mistakenly publish full‑admin keys, granting permissions to add, delete, edit, browse, and even wipe entire indexes. The researcher scraped ~15 000 documentation sites using the public docsearch‑configs repository as a seed, applied regex extraction, conducted GitHub code searches, and ran TruffleHog on 500+ repos, identifying 35 keys via frontend scraping and 4 via git history; all were active. Affected projects include high‑profile open‑source tools such as Home Assistant, KEDA, and vcluster, some with indexes exceeding 100 000 records. Exploitation could poison search results, redirect users to malicious sites, or delete indexes entirely. The root cause is misconfiguration: sites using their own crawlers often embed write/admin keys instead of the intended search‑only keys. Remediation requires verifying and replacing frontend keys with restricted, search‑only credentials.

PEGI (Pan‑European Game Information) announced that games featuring loot boxes will receive a mandatory 16+ age rating in the United Kingdom. The decision aligns the rating system’s existing categories—3, 7, 12, 16, and 18—with a focus on age‑appropriateness rather than gameplay difficulty. By assigning 16+ to loot‑box content, PEGI aims to mitigate exposure of potentially gambling‑like mechanics to younger players. The policy applies to all titles distributed in the UK that incorporate random‑reward systems, regardless of genre or platform. This move follows broader regulatory scrutiny of loot boxes as a form of micro‑transaction that can encourage risk‑taking behavior. No other technical details or implementation timelines were provided.

CanIRun.ai is a tool for checking whether a given machine can run specific AI models. The current query returned no matching models, prompting the user to modify search terms or filter settings.

Channel Surfer – Watch YouTube Like It's Cable TV is a tool that re‑imagines YouTube browsing by presenting videos in a linear, channel‑style interface, mimicking the experience of traditional cable television.

The post compares the file size of two font‑generation classes. The block‑print class is 9.7 KB, while the cursive handwriting class, after minification, is 26.1 KB. The larger size stems from multiple SVG paths per character and an algorithm that adjusts point coordinates to align neighboring letters. The author notes that points are defined relative to a default font size of 20, producing decimal values (e.g., x = 14.5). By increasing the default size to 200, coordinates could be expressed as whole numbers (e.g., 145), eliminating decimal points and reducing character count. This scaling change is planned for a future update, along with other potential optimizations. An image labeled “Amy Goodchild” accompanies the text.

Mouser is an open‑source, local alternative to Logitech Options+ for the Logitech MX Master 3S mouse. It runs on Windows 10/11 and macOS 12+, requires no Logitech software, and stores all configuration in a local JSON file. Key capabilities include: - Remapping all six programmable buttons with 22 built‑in actions (navigation, editing, media, etc.). - Per‑application profiles that auto‑switch when the foreground app changes (detected via periodic GetForegroundWindow polling). - DPI control (200–8000) and independent vertical/horizontal scroll inversion, synchronized via HID++. - Full HID++ 2.0 gesture‑button support over Bluetooth and a three‑tier fallback (raw input, middle‑click redirection). - Low‑level Windows mouse hook (SetWindowsHookExW, WH_MOUSE_LL) and macOS CGEventTap for event interception; key simulation uses SendInput (Windows) or Quartz events (macOS). - Qt Quick UI with interactive mouse diagram, system‑tray control, and real‑time connection status. - Portable build via PyInstaller; source installation uses Python 3.10+, PySide6, hidapi, pystray, Pillow. The repository includes core modules (engine, mouse_hook, hid_gesture, key_simulator, config, app_detector) and UI QML files. Contributions focus on extending support to other HID++ devices, improving scroll inversion, and porting to Linux.

None

Hammerspoon is a macOS automation framework that connects the operating system to a Lua scripting engine. Its functionality derives from a suite of extensions that expose specific system APIs, allowing users to write Lua scripts to control various aspects of macOS. Installation can be performed by dragging the downloaded Hammerspoon.app into /Applications or via Homebrew (`brew install hammerspoon --cask`). After installation, users create ~/.hammerspoon/init.lua to load custom scripts. The project originated as a fork of Mjolnir, which emphasized minimalism and external extension management; Hammerspoon seeks a more integrated experience. Development goals include expanding coverage of system APIs across extensions, improving integration between extensions, and delivering a smoother overall user experience. Continuous integration and code coverage metrics are displayed on the project page.

Optimizing content for AI agents involves tailoring responses to the constraints of frontier models, which often limit context size and favor concise, structured data. Key practices include: - Providing a content‑negotiation hook (e.g., `Accept: text/markdown`) so agents receive raw markdown instead of HTML, reducing tokenization overhead and improving parsing accuracy. - Stripping browser‑only elements such as navigation scripts and JavaScript, and emphasizing link hierarchy to aid navigation. - Supplying programmatic entry points (MCP servers, CLI, API) when a human‑oriented page would otherwise require authentication, enabling agents to access structured data without HTML parsing. - Designing “skill” files in markdown that define prompts for code‑review agents (as used in Sentry’s Warden), following the `agentskills.io` specification. Sentry’s implementation demonstrates these principles: their docs are served as true markdown, their site returns JSON with MCP endpoints for agents, and Warden delivers markdown‑based skill definitions for automated code analysis. Continuous monitoring of agent behavior is advised to adapt optimizations over time.