HackerNews Digest

Mullvad assigns each WireGuard key a deterministic exit‑IP per server rather than randomizing on every connection. The key rotates every 1–30 days (or never with third‑party clients). Testing 9 servers with 3 650 keys showed only 284 distinct IP‑combination patterns despite a theoretical pool of >8 trillion possibilities. Each assigned IP occupies the same percentile within its server’s IP range, indicating a seed‑based RNG where the seed derives from the public key and the upper bound is the pool size. The RNG’s float multiplier is constant for a given seed, so changing the bound only scales the result, producing identical ratios across servers. Consequently, users sharing a key obtain correlated IPs, allowing fingerprinting: a float range estimate links ≈0.34 % of users (≈340 of 100 k active accounts) to the same IP pattern, giving >99 % confidence in identity correlation across different servers. Mitigations include limiting server switches per key and forcing key rotation by logging out of the Mullvad app.

Claude Code runs locally, traverses the file system, and uses grep or LSP‑based symbol search instead of a RAG index, eliminating stale embeddings for large, rapidly changing codebases. Its performance hinges on a “harness” built from five extension points—CLAUDE.md context files, hooks, skills, plugins, and MCP servers—plus optional LSP integrations and subagents that isolate tasks in separate context windows. Successful deployments follow three patterns: * **Navigable codebases** – keep CLAUDE.md files lean and layered (root + subdirectory), initialize Claude in the relevant subdirectory, scope test/build commands per folder, use .ignore/.claude/settings.json to exclude generated or third‑party files, provide markdown maps for unconventional layouts, and run language‑server instances for symbol‑level lookup. * **Active CLAUDE.md maintenance** – periodically review and prune context files, hooks, and skills as newer models remove prior limitations (typically every 3–6 months or after major model releases). * **Clear ownership and governance** – assign a dedicated DRI or team (often within developer‑experience) to manage configurations, plugins, and permissions, establish approved skill sets, and coordinate cross‑functional groups for security and compliance. These practices enable Claude Code to scale across monorepos, legacy systems, and multi‑repo microservice architectures with thousands of developers.

The post details a DIY method for disabling telemetry on a 2024 Toyota RAV4 Hybrid by removing its Data Communication Module (DCM) and GPS antenna. It begins with a brief survey of documented privacy and security incidents in modern vehicles, then explains that loss of the DCM eliminates all cloud‑based services (OTA updates, SOS, remote diagnostics) and disables the in‑car microphone unless a DCM‑Bypass Kit is installed. Removing the GPS prevents Apple‑CarPlay location conflicts that arise when the car’s GPS remains active without a data link. Bluetooth tethering can still leak data, so the author recommends using USB‑CarPlay or a Bluetooth‑to‑USB adapter. Required tools include a trim‑removal kit, ratchet/socket set, and optional precision screwdriver; the DCM Bypass Kit costs ≈ $90. Step‑by‑step instructions cover disassembly of the shifter, radio, seat‑heater controls, extraction of the DCM (three 8 mm bolts), installation of the bypass kit, and removal of the single‑wire GPS antenna from the head unit. Post‑reassembly checks confirm no infotainment connection icon and functional microphone. The modification may void portions of the warranty and could be affected by future integration or anti‑repair legislation.

DS4 (DwarfStar 4) quickly gained popularity as a single‑model, locally integrated AI solution. Its success stems from the availability of a large, fast “quasi‑frontier” model—DeepSeek v4 Flash—combined with an aggressive 2‑bit/8‑bit quantization that allows inference on systems with 96–128 GB RAM. The author reports intense development effort (≈14 h/day) and notes that DS4 now handles tasks previously reserved for cloud services like Claude or GPT, especially when enhanced with vector steering. Future directions include: updating the core model to newer checkpoints (potentially domain‑tuned versions for coding, legal, medical), expanding quality benchmarks, adding a coding agent, establishing a home CI hardware setup for long‑term testing, increasing platform ports, and implementing distributed inference (serial and parallel). The author emphasizes that AI should not remain solely a provided service and thanks the community for support.

The authors report a publicly disclosed macOS kernel memory‑corruption exploit, named **survivingMIE**, targeting Apple’s M5 silicon with Memory Integrity Enforcement (MIE) enabled. The exploit is a data‑only local privilege escalation chain for macOS 13.4.1 (build 25E253) that starts from an unprivileged user, uses only standard system calls, and yields a root shell. It leverages two previously unknown kernel vulnerabilities discovered in late April 2024, combined with techniques to bypass MIE’s hardware‑assisted memory‑tagging defenses (ARM MTE). Development was aided by the AI‑driven tool **Mythos Preview**, which identified the bugs and assisted in constructing the chain within a week. The authors plan to release a 55‑page technical report after Apple patches the vulnerabilities. They emphasize that while MIE is a high‑cost mitigation, it is not invulnerable; AI‑enhanced discovery can produce exploits that survive such protections.

The post documents how the author attached an NVIDIA RTX 5090 eGPU to an Apple‑silicon M4 MacBook Air via a Thunder Bolt‑to‑PCIe dock and accessed it from a Linux ARM64 VM. Key points: - macOS lacks native NVIDIA drivers; tinygrad’s experimental driver is unsuitable for gaming or general GPU use. - The solution runs Linux in a QEMU VM (ARM64) on macOS, passing the GPU through using PCI passthrough. - PCI BAR memory is mapped into the guest with hv_vm_map(); initial crashes required changing QEMU’s memory‑type flags to permit reads/writes. - DMA handling needed a custom “apple‑dma‑pci” virtual device because Apple’s DART IOMMU imposes a 1.5 GB total mapping limit and a 64 k mapping count limit. - The author patched the NVIDIA driver (via kprobe) to force smaller page sizes, avoiding alignment errors, and implemented clustering of DMA mappings (256 kB regions) to stay under the mapping‑count limit. - VM performance was improved by raising vCPU thread priority using macOS QoS and real‑time scheduling patches in QEMU. Benchmarks (not reproduced) show the RTX 5090 can run demanding games inside the VM once these kernel‑level and QEMU adjustments are applied.

The article argues that the prevailing belief—AI tokens will become abundant and broadly accessible—is being undermined by three converging constraints: compute scarcity, security concerns, and increasing U.S. government involvement. Recent limited releases of advanced models such as Anthropic’s Mythos and OpenAI’s “gpt‑5.5‑cyber” illustrate a shift toward selective distribution to trusted defenders, driven by misuse risk, model theft, espionage, and distillation threats. Developers face high marginal compute costs, leading to capacity crunches and tighter access controls, while governments may formalize these restrictions for national‑security or strategic leverage. Consequently, frontier AI access will likely become a privilege of a limited set of U.S.‑based firms and allied partners, with other entities receiving only constrained product layers or delayed API access. The author warns that such asymmetry could create geopolitical “haves” and “have‑nots,” amplifying economic and security gaps. Proposed mitigations include hardening global security to reduce misuse pressure, accelerating datacenter construction to alleviate compute bottlenecks, and establishing international compute‑building agreements that tie infrastructure investment to guaranteed frontier‑model access.

Gyroflow is an open‑source application for video stabilization using gyroscope (and optionally accelerometer) data recorded by modern cameras (GoPro, Sony, Insta360, DJI, etc.) or external sources (Betaflight blackbox, smartphones). It processes footage with real‑time preview, GPU‑accelerated multi‑threaded algorithms, rolling‑shutter correction, adaptive zoom, lens‑distortion correction, and supports 10‑bit to 32‑bit color depths. Output formats include H.264/H.265, ProRes, DNxHD, CineForm, PNG, OpenEXR, and RAW (Blackmagic, RED, Canon). Plugins are available for Adobe Premiere/After Effects, DaVinci Resolve (OpenFX), and Final Cut Pro (Toolbox). The core engine is a pure‑Rust library without external dependencies; the UI uses QML/Qt, with optional OpenCV for calibration and optical flow. GPU back‑ends use DirectX, OpenGL, Metal, Vulkan via Qt RHI and wgpu. Supported platforms: Windows 10 64‑bit, macOS 10.15+, Linux (Debian 10+, Ubuntu 18.10+), Android 6+, iOS 14+. Minimum drivers and libraries are listed per GPU vendor. Licensed under GPL‑v3 with an additional permission to link the closed‑source mdk‑sdk. The project accepts contributions, offers translations, and provides detailed build instructions for desktop, Android, and iOS.

The repository provides a proof‑of‑concept exploit for CVE‑2026‑42945, a critical heap buffer overflow in NGINX’s ngx_http_rewrite_module introduced in 2008. The flaw occurs in the module’s two‑pass processing of rewrite and set directives: the length‑calculation pass runs with is_args cleared, producing an undersized buffer size, while the subsequent copy pass sets is_args and invokes ngx_escape_uri with NGX_ESCAPE_ARGS, expanding each escapable byte to three bytes and overflowing the heap with attacker‑controlled URI data. Exploitation relies on cross‑request heap feng‑shui, spraying POST bodies to corrupt the cleanup pointer of an adjacent ngx_pool_t structure, which is redirected to a fake ngx_pool_cleanup_s that calls system() upon pool destruction. The advisory lists affected and patched versions (see F5 advisory K000160932) and includes build/run instructions: compile via setup.sh, launch the vulnerable NGINX container with Docker Compose, and obtain a shell using poc.py --shell.

None