HackerNews Digest

NewPipe is an open‑source, free YouTube client. The package lacks a published hash sum and uses a signing key with SHA‑256 fingerprint CB:84:06:9B:D6:81:16:BA:FA:E5:EE:4E:E5:B0:8A:56:7A:A6:D8:98:40:4E:7C:B1:2F:9E:75:6D:F5:CF:5C:AB. Visual assets illustrate the app’s interface and distribution channels: the NewPipe logo, a “get NewPipe” button, operation on a Fairphone, offline playback, privacy‑focused design, background playlist support, a popup player, subscription list, bookmark view, watch history, and a developer thumbnail. Additional images show the NewPipe icon, links to its F‑Droid repository (including URL and logo), a “get it on F‑Droid” badge, and the GitHub project page. These elements convey the client’s functionality, privacy emphasis, and availability through F‑Droid and GitHub.

The GitHub repository i5heu/ublock-hide-yt-shorts provides a maintained filter list for the uBlock Origin ad‑blocking extension. Its explicit purpose is to block or hide YouTube Shorts content when uBlock Origin is active, allowing users to prevent Shorts from appearing in the YouTube interface. The project is hosted on GitHub under the i5heu account and is presented as an ongoing, maintained resource for this specific filtering task. An access message—“You can’t perform that action at this time”—appears within the page, indicating a permission or rate‑limit restriction when attempting certain operations on the site. No additional content, documentation, or usage instructions are included in the provided excerpt.

News publishers are restricting the Internet Archive (IA) to prevent AI companies from scraping their content. The Guardian has excluded its article pages from IA’s APIs and Wayback Machine URL listings, while still allowing regional homepages. The Financial Times blocks all bots, including those from OpenAI, Anthropic, Perplexity and IA; only unpaywalled stories appear in the Wayback Machine. The New York Times “hard‑blocks” the IA crawler via robots.txt, and Reddit has limited IA’s access to Reddit data. IA’s robots.txt currently welcomes crawlers, though it uses internal rate‑limiting and Cloudflare protection. Analyses show the Wayback Machine was used in Google’s C4 dataset and Meta’s Llama training. A survey of 1,167 news sites found 241 explicitly disallow at least one IA bot—87 % of these are USA Today (Gannett) outlets, with additional blocks by Le Monde sites. Most of the same sites also block Common Crawl, OpenAI, and Google AI bots, reflecting publishers’ concern that IA’s bulk access can serve as a backdoor for unauthorized AI training.

The author thanks ArchWiki maintainers for their under‑recognized contributions to free‑software documentation, noting that the Wiki is routinely consulted for a wide range of tools—including email clients, editors, and window managers—across Arch and other distributions. It is credited with providing configuration tips and clarifying software features that are often missing from upstream documentation, and it serves as a primary troubleshooting resource when setting up GNU/Linux systems for personal contacts. The post references a meeting at FOSPED (2025/2026) with Arch Project Leader Levente, ArchWiki maintainer Ferdinand (Alad), and FSFE vice‑president Heiki, where the author presented them with “hacker chocolate.” A quoted tweet from Edward Snowden is used to emphasize the rarity of reliable search results outside ArchWiki. The author encourages public acknowledgment and donations to support the Wiki’s continued reliability.

IBM is tripling its entry‑level hiring, focusing on Gen Z graduates, despite AI’s ability to automate many junior tasks. HR chief Nickle LaMoreaux says the move will reshape roles: software engineers will shift from routine coding to customer interaction, and HR staff will work with chatbots rather than answer every query, building AI fluency and durable skills. IBM argues that cutting early‑career positions risks a future shortage of mid‑level managers and higher recruitment costs. CEO Arvind Krishna supports increased graduate hiring, though the company also announced modest layoffs affecting a low single‑digit percent of its global workforce, leaving U.S. headcount roughly unchanged. Other tech firms echo this strategy; Dropbox plans a 25 % expansion of its internship and graduate programs, citing Gen Z’s superior AI proficiency, while Cognizant’s CEO Ravi Kumar S. pledges more school‑graduate hires, viewing AI as an amplifier rather than a displacement tool. AI literacy is now the fastest‑growing skill in the U.S., according to LinkedIn.

A Kickstarter‑funded smart sleep mask includes EEG, respiration, accelerometer, gyroscope sensors, vibration, heating, audio playback, and periorbital electrical muscle stimulation (EMS). Using Claude, the author reverse‑engineered its Bluetooth Low Energy interface: two channels (commands and data) with a proprietary packet format (header, direction, command type, payload, footer). Decompiling the Flutter Android APK revealed hard‑coded MQTT broker credentials shared by all units. Connecting to the broker exposed live telemetry from ~25 devices, including EEG streams at 250 Hz, air‑quality metrics, and occupancy data. The mask’s EMS can be triggered via the same command set, allowing remote electrical stimulation of any user. The author built a web dashboard to control the mask (sliders for vibration, heating, EMS, audio) and captured EEG samples showing REM‑like mixed frequencies and deep‑sleep delta activity. The security flaw—public credentials and unencrypted MQTT publishing—permits unrestricted access to personal brainwave data and control of the device; the researcher notified the manufacturer but did not name the product.

The page is a directory of active blogs curated on ooh.directory, showcasing a range of personal and specialist sites. Highlights include: - **Alex McLean** (UK) discussing “vocable synthesis” from his doctoral thesis and ICMC paper. - **Bron Hebog** announcing a return after a two‑year hiatus. - Recent additions span poetry (Carol Peters, USA), molecular‑design research, indie‑game development (Carlos Roldán, Spain), comics commentary (J. Caleb Mozzocco, USA), and higher‑geometry theory (David Michael Roberts, Australia) with notes on infinitary pretoposes and Grothendieck toposes. - Other entries cover probability foundations, literary musings, UI‑design programming (Nikita Prokopov, Germany), classic‑film essays (Sofya, Cyprus), Scottish music playlists (Everything Flows, UK), and a Brainfuck code showcase (Matthew Muñoz). Each listing provides a brief excerpt, last‑updated timestamp, and author nationality. The directory serves as a searchable index for diverse creative, scientific, and technical blogs, updated regularly with new content and author notes.

GitHub repository “alibaba/zvec” implements a lightweight, in‑process vector database. The page includes CI status badges for Linux x64, Linux ARM64, and macOS ARM64 builds, a code‑coverage indicator, PyPI release version, supported Python versions, and a license badge. Additional badges display performance‑benchmark results and QR codes for DingTalk and WeChat contact. No further textual description of features, architecture, or usage is provided in the scraped content.

None

A 2001 Sun Netra X1 SPARC server (500 MHz UltraSPARC IIe, 1 GB ECC SDRAM, IDE disks) was repurposed to host a static website. The OS is OpenBSD 7.8, installed via PXE/TFTP/NFS because the machine lacks optical or USB boot. Only essential packages were added (git, vim, neofetch, htop, rsync); the built‑in OpenBSD httpd serves HTML/CSS from /var/www, with directory listings disabled and hidden files blocked. The system runs ~55 MB RAM, with sshd and httpd as the only network services. A Cloudflare tunnel provides outbound‑only connectivity: a modern host (e.g., Proxmox LXC) runs cloudflared, forwarding traffic to the Netra’s internal address (192.168.1.248:80). pf is configured with a default‑deny policy, allowing ssh from local subnets (192.168.1.0/24, 10.0.1.0/24) and HTTP only from the tunnel host (10.0.1.210). No dynamic content, CGI, or PHP is used, minimizing attack surface while demonstrating that legacy SPARC hardware can reliably serve static web pages when combined with contemporary tunneling and firewall techniques.