HackerNews Digest

Apple Silicon M4/M5 Macs no longer expose full‑resolution HiDPI modes for 4K external panels. The highest HiDPI mode reported for a 3840×2160 display is 3360×1890 (backing store 6720×3780), whereas M2/M3 machines still list 3840×2160 HiDPI (backing store 7680×4320). Diagnostic data show identical DCP (Display Coprocessor) capabilities on M2 Max and M5 Max (MaxW = 3840, MaxH = 2160, MaxActivePixelRate ≈ 5×10⁸). The limitation originates in the GPU driver layer (AppleDisplayCrossbar), which caps the framebuffer allocation to ~1.75× native resolution instead of the required 2.0×. Attempts to force higher modes via display‑override plists, EDID patching, IOKit registry changes, WindowServer cache clears, or SkyLight private APIs all fail because the driver’s mode‑generation policy is enforced in kernel space and cannot be overridden from userspace. The regression is not hardware‑bound; the M5 Max can drive 8K displays per Apple specs. Remedy requires Apple to adjust dynamic framebuffer allocation or expose a user‑controlled override; users can only file feedback.

The post reflects on a shift from an open, decentralized internet to a consolidated “cognitive dark forest” driven by AI. In 2009 the author used a refurbished ThinkPad, Xubuntu, and public GitHub sharing, assuming ideas were cheap and execution hard, with openness rewarding success. Drawing on Liu Cixin’s *Dark Forest*, it argues that when civilizations (or developers) reveal themselves, larger actors can eliminate or absorb them; thus hiding becomes rational. By 2026 the web is dominated by corporations and governments that monetize data and erode privacy, turning connection from advantage to risk. Large AI platforms now execute code cheaply; every user prompt becomes a data point that maps collective intent, allowing these platforms to anticipate and incorporate novel ideas into their models. Consequently, individual innovation is quickly subsumed, reducing differentiation and discouraging public knowledge exchange. The author warns that continued openness will be privatized, while attempts to resist merely feed the system, creating a self‑reinforcing cycle where the essay itself becomes part of the training data.

None

The First Judicial District of Pennsylvania will prohibit any smart or AI‑integrated eyewear with video or audio recording capability in all district buildings, courthouses, and offices beginning Monday. The ban applies even to prescription glasses; other recording devices (cell phones, laptops) remain permitted if powered off and stored. Violations may result in denial of entry, removal, or criminal contempt charges, unless a judge grants written permission. The rule targets covert recording that could intimidate witnesses or jurors. Pennsylvania joins other jurisdictions—Hawaii, Wisconsin, North Carolina—that have enacted similar restrictions. Previously, courts have allowed judges discretion over devices; a recent Los Angeles trial forced Meta executives to remove smart glasses after a judge warned of contempt. Market data notes that Ray‑Ban and Oakley now sell AI‑enabled smart glasses under $500, with reported sales of 7 million units in 2025, while Apple plans a release in 2027.

Cloudflare Turnstile executes a hidden program for every ChatGPT request. The server sends a turnstile.dx field (≈28 KB base64) that is XOR‑decoded with the p_token from the prepare request, yielding 89 VM instructions and a 19 KB encrypted blob. The blob is decrypted with a float literal (e.g., 97.35) embedded in the bytecode, producing a custom 28‑opcode VM script (417–580 instructions). The script gathers 55 properties across three layers: * **Browser fingerprint** – WebGL vendor/renderer, screen dimensions, hardware concurrency, device memory, font metrics, DOM probing, and localStorage entry 6f376b6560133c2c. * **Cloudflare network** – edge headers cfIpCity, cfIpLatitude, cfIpLongitude, cfConnectingIp, userRegion. * **React application state** – __reactRouterContext, loaderData, clientBootstrap, which exist only after the ChatGPT SPA is fully hydrated. The collected data are JSON‑stringified, XOR‑masked, and resolved into the OpenAI‑Sentinel‑Turnstile‑Token header. Turnstile is complemented by a Signal Orchestrator (behavioral event monitoring) and a lightweight proof‑of‑work challenge. The decryption key resides in the payload, making the “encryption” an obfuscation rather than a cryptographic barrier.

Waterfox began in 2009 when a 16‑year‑old compiled a 64‑bit build of Firefox and released it on SourceForge, quickly reaching 50 k downloads. Over fifteen years it has accumulated roughly 1 million monthly active users and over 25 million lifetime downloads. The founder studied electronics engineering at York, earned a software‑engineering master’s at Oxford, and later served as VP of Engineering at System1, helping scale the browser team through an IPO before returning Waterfox to independent ownership under BrowserWorks. Financially, the privacy‑focused browser relies on search‑partner revenue (currently Startpage); loss of third‑party search contracts has caused recent deficits. In 2026 Waterfox introduced a native content blocker built on Brave’s MPL‑2‑licensed ad‑block library (adblock‑rs), running in the main process for speed and integration, while allowing text ads on the default search page to support sustainability. The browser remains free of AI features, focuses on privacy, and expands support for varied architectures, notably ARM64 Linux. Membership in the Browser Choice Alliance underscores its commitment to market competition.

The repository maintains a status list of open‑source operating systems (Linux, *BSD, etc.) concerning legal age‑verification requirements. - **Jurisdictions with enacted OS‑level age‑verification laws:** Brazil and California. - **Jurisdictions with proposed legislation:** Colorado, Illinois, New York, and Michigan. Current categorization of operating systems: 1. **Not implementing age verification** – developers have chosen not to add verification or are restricting access in regions where such laws apply. 2. **Planning to implement** – developers have announced intent to comply with upcoming laws, but verification features are not yet deployed. 3. **Implemented** – as of the latest update, no open‑source OS has fully satisfied the legal age‑verification requirements for Brazil or California. The document includes an image placeholder (Alt text: “@BryanLunduke”) but provides no additional technical details.

Claude Code (v2.1.87, Homebrew Bun binary on macOS 15.4) automatically runs `git fetch origin` followed by `git reset --hard origin/main` in the user’s project directory every 600 seconds. The reset occurs silently, discarding all uncommitted changes to tracked files while leaving untracked files untouched; Git worktrees are not affected. Evidence includes >95 reflog entries exactly at 10‑minute intervals across multiple sessions, live reproduction where a modified tracked file reverts at the next interval, fswatch logs showing lock file creation typical of a fetch‑reset sequence, and lsof confirming only the Claude Code CLI process (PID 70111) has the repository as its CWD. No external `git` binary is invoked, implying the operation is performed programmatically (likely via libgit2) within the Claude Code process. The timer appears tied to session start time, with offsets such as :08, :36, :41, :09. Workarounds are to use Git worktrees or commit changes frequently. The issue seeks clarification from the Claude Code team on the internal mechanism that triggers these periodic resets.

The interview profiles nobonoko, a creator who composes music exclusively with ultra‑minimal browser sequencers derived from BeepBox—a TypeScript‑based, sub‑2 MB tool whose UI fits on a single screen and uses a “normal” major scale. Despite the limited interface, nobonoko produces complex tracks and albums such as Strawberry+, Gato, Swamp, and Music for Animal Cafés, often reworking earlier pieces and embedding self‑made visual art as contextual clues. His releases inhabit an alternative history populated by anthropomorphic animal characters, blending furry aesthetics with subtle gay themes and a humor‑driven approach that disregards algorithmic optimization. Each finished composition is encoded as a compact URL‑based program (≈23 KB), functioning as both the source and the compiler for the sound. The interview highlights how this minimal software enables extensive artistic expression, world‑building, and a distinctive Gesamtkunstwerk that contrasts mainstream music production practices.

Pretext is a pure JavaScript/TypeScript library for measuring and laying out multiline text without accessing the DOM, avoiding costly reflows. It uses the browser’s font engine via canvas to pre‑measure text segments, then performs arithmetic on cached widths. Primary API `prepare(text, font, options?)` does one‑time normalization, segmentation, and measurement, returning an opaque handle; `layout(prepared, maxWidth, lineHeight)` computes paragraph height and line count in ≈0.09 ms for a 500‑item batch (prepare ≈19 ms). Options include `{whiteSpace:'pre-wrap'}` to preserve spaces, tabs, and line breaks. Advanced usage replaces `prepare` with `prepareWithSegments`, enabling `layoutWithLines`, `walkLineRanges`, and `layoutNextLine` for manual line construction, width probing, or variable‑width flow (e.g., around floated images). Supported features cover Unicode, emojis, bidi text, and common CSS white‑space/word‑break rules; `system‑ui` fonts are discouraged on macOS. Helpers include `clearCache()` and `setLocale()`. The library targets normal white‑space, `word-break: normal`, `overflow-wrap: break-word`, and `line-break: auto`, and is usable for DOM, Canvas, SVG, WebGL, and future server‑side rendering.