Hacker News
1Beginning January 2026, all ACM publications will be made open access
- ACM announced that all its publications and related artifacts in the ACM Digital Library will become open access starting January 2026. This change aims to make computing research more accessible, discoverable, and reusable globally while allowing authors to retain copyright.
Open access financial models and incentive problems
Discussion centers on how Article Processing Charges (APCs) of ~$1450 shift costs from readers to authors/institutions, potentially rewarding quantity over quality in publishing, though some argue this removes journals as quality gatekeepers and enables post-publication peer review.Publisher value and necessity in digital age
Many argue publishers provide minimal value for their fees, handling only basic formatting tasks while peer reviewers work unpaid. Alternative models like Subscribe to Open and fully open platforms are discussed as potentially superior approaches.Impact on researchers and accessibility
Concerns about how independent researchers and those in developing countries will afford publication fees, balanced against benefits of making research freely accessible to the public who fund it through taxes.
2Your job is to deliver code you have proven to work
- The article argues that developers using AI coding tools must prove their code works before submitting it for review, rather than expecting reviewers to do the testing. This requires both manual testing to verify functionality and automated tests to prevent regressions. With AI coding agents becoming more prevalent, developers need to ensure these tools also test their generated code. The key responsibility remains with the human developer to provide accountability and evidence that submitted code actually works as intended.
AI-generated code quality and review burden
Discussion centers on developers submitting large, untested AI-generated PRs that burden reviewers. Non-junior and even non-developer team members are creating low-quality contributions, with examples of 50k line PRs for 10-line changes and poor understanding of generated code.Engineering accountability and code ownership
Engineers debate what their core job entails - whether it's delivering working code, solving business problems, or understanding requirements. Discussion emphasizes that engineers must be accountable for code quality regardless of tools used.Testing methodology and code verification
Community discusses how to properly validate code beyond just testing - emphasizing logical reasoning, manual testing, and understanding edge cases. Testing alone is seen as insufficient; engineers must comprehend and verify their code works.
3Tell HN: HN was down
- Hacker News experienced an outage around 1:41:58 PM GMT, returning 502 Bad Gateway errors for authenticated requests while serving some cached pages to unauthenticated users. The site stopped updating with new posts and comments, though some status monitoring services detected the outage.
Technical outage explanation
Dang explained HN was overloaded after relaxing anti-crawler protections. The protections block legitimate users, but loosening them too much caused flooding. A secondary failure occurred when he mistakenly marked the 5:24am alert as resolved while still half-asleep.Addiction and reflexive usage
Users discovered their compulsive HN checking habits during the outage. Many described reflexively opening new tabs to check HN, getting stuck in loops trying to access the site, and realizing how integral HN had become to their daily routines and morning habits.Ironic feedback loops
Users got trapped in recursive behavior during the outage - trying to check HN to see if anyone was discussing HN being down, creating an infinite loop. Some compared this to social media addiction patterns, noting the irony given HN's anti-social media stance.
4I got hacked: My Hetzner server started mining Monero
- A developer discovered their Hetzner server was compromised and mining cryptocurrency after receiving an abuse report. The attack exploited a critical Next.js vulnerability (CVE-2025-66478) in their Umami analytics tool, which they didn't realize used Next.js. The malware escaped the container and infected the host system, requiring a complete server rebuild and security overhaul.
Firewall recommendations and Docker security
Users debate UFW vs firewalld for firewall management, with emphasis on Docker's ability to bypass firewall rules. Discussion includes specific configurations, the need for StrictForwardPorts=yes in firewalld, and advice to bind Docker ports to specific IPs rather than 0.0.0.0.Container security and isolation
Extended discussion on whether Docker provides adequate security boundaries, with users explaining that containers running as root can potentially escape to the host system. Debate includes recommendations for resource limits, user namespaces, and alternatives like gVisor or VMs.JavaScript framework security concerns
Users express frustration about the React2Shell CVE affecting Next.js applications, comparing it to historical PHP security issues. Discussion includes criticism of the frontend ecosystem's security practices and suggestions to avoid complex frameworks.
5Coursera to combine with Udemy
Platform decline and content quality deterioration
Former instructors describe how Udemy's algorithm mysteriously stopped promoting high-rated courses, while both platforms shifted from quality university content to low-effort "AI this, AI that" courses focused on profit over education.Society's bias against older content
Discussion reveals how platforms and search engines systematically devalue older content regardless of relevance, creating a cycle where valuable knowledge gets buried simply because it's not new.Alternative learning methods and YouTube's dominance
Users increasingly prefer free YouTube content and early-era recorded university lectures over current paid platforms, with some turning to LLMs despite hallucination concerns.
6Classical statues were not painted horribly
- This article examines ancient Greek and Roman sculptures, noting that while the original marble works appear beautiful to modern viewers, recent colorized reconstructions look garish and unappealing. The author challenges the common explanation that this is due to changing taste, pointing out that ancient depictions of colored statues show much more subtle, delicate coloring than the modern reconstructions suggest, raising questions about the accuracy of these colorization attempts.
Painting technique and layering
Discussion centers on how ancient painters applied paint in layers, with saturated base colors first, then details and highlights. Most surviving pigments are from these base layers, leading to garish reconstructions that miss the sophisticated overlayers.Archaeological methodology vs artistic interpretation
Debate over whether archaeologists should only use direct evidence (creating ugly reconstructions) or incorporate artistic judgment. Some suggest collaboration with modern artists to show what was possible versus strict evidence-based approaches.Expertise and interdisciplinary collaboration
Discussion about academics working outside their expertise, comparing to failed attempts at recreating ancient recipes. Suggests need for collaboration between archaeologists and craftspeople/artists for more accurate reconstructions.
7We pwned X, Vercel, Cursor, and Discord through a supply-chain attack
- A 16-year-old security researcher named Daniel discovered critical vulnerabilities in Mintlify, an AI documentation platform used by major companies including Discord, X (Twitter), Vercel, and Cursor. He found a cross-site scripting vulnerability that allowed attackers to inject malicious scripts into company documentation and steal user credentials. The attack exploited Mintlify's internal endpoints to serve malicious SVG files with embedded JavaScript across different domains. Working with friends, they responsibly disclosed the vulnerabilities, leading to temporary shutdowns of affected services and earning approximately $11,000 in bug bounties. The incident demonstrates how supply chain attacks can compromise hundreds of companies through a single platform vulnerability.
SVG security vulnerabilities
Discussion about how SVG files can contain JavaScript that creates security risks. Users debate whether script support in SVGs was a mistake, compare it to Flash's security issues, and discuss sanitization challenges and the need for script-free vector formats.Bug bounty compensation
Users criticize the $4,000 bounty as inadequate for a vulnerability that could compromise millions of accounts. Discussion includes comparisons to black market prices, hiring researchers full-time vs bounties, and whether low payouts discourage responsible disclosure.Third-party integration security
Debate about Discord hosting Mintlify docs on their main domain instead of a subdomain. Users discuss SEO benefits vs security risks of proxying third-party services and best practices for limiting attack surface through proper domain isolation.
8Are Apple gift cards safe to redeem?
- A user's Apple Account was locked after redeeming a tampered $500 Apple Gift Card from a major retailer, resulting in loss of access to all iCloud and iTunes purchases. Despite escalation to Apple's Executive Relations team, the account was only restored after significant publicity and nearly a week of effort. This incident raises concerns about the safety of redeeming Apple Gift Cards, with some suggesting users avoid them entirely due to potential account lockout risks.
Gift card fraud and security vulnerabilities
Discussion reveals widespread gift card fraud through tampering, manufactured spending schemes, and security gaps. Users share experiences with money laundering-like activities for credit card rewards and debate whether gift card systems are fundamentally flawed.Big Tech customer support failures
Users criticize Apple, Google, and other major platforms for inadequate customer service, automated account bans without recourse, and lack of human oversight. Many call for regulatory requirements forcing companies to provide proper appeals processes.Digital dependency and account ownership
Commenters debate whether users truly "own" their digital accounts and data, discussing the need for self-hosting, backups, and legislative protections as people become increasingly dependent on major tech platforms for essential services.
9Gut bacteria from amphibians and reptiles achieve tumor elimination in mice
- Researchers at JAIST discovered that Ewingella americana bacteria, isolated from Japanese tree frog intestines, can completely eliminate tumors with a single injection. The bacteria works through dual mechanisms: directly killing cancer cells in low-oxygen tumor environments and activating immune responses. This natural bacterium showed 100% complete response rates in mouse studies, dramatically outperforming current chemotherapy and immunotherapy treatments with no adverse effects on healthy tissues.
DNA repair mechanisms vs. tumor elimination
An engineer asks why research focuses on eliminating tumors rather than enhancing DNA repair enzymes. Experts explain that L1 defenses already have 99.9999999% success rates and are nearly impossible to improve, while immune system enhancement offers more promising targets.Skepticism about preliminary results
Users question the "100% response, zero side effects" claims, noting this is only tested in mice with small sample sizes. Cancer researchers emphasize the vast gap between promising mouse studies and human clinical trials.Cancer treatment progress over time
Discussion reveals frustration that breakthrough announcements rarely translate to patient care, but experts note significant improvements in survival rates and new treatments like CAR-T therapy and immunotherapy.
10Please just try HTMX
- This is a passionate argument for HTMX as a middle ground between basic HTML and complex JavaScript frameworks like React. The author argues that HTMX allows developers to add interactivity with simple HTML attributes and server-returned HTML fragments, eliminating the need for large JavaScript bundles, complex build processes, and state management. They cite a case study showing 67% less code and 88% faster builds when switching from React to HTMX, while acknowledging it's not suitable for truly complex applications like collaborative editors.
HTMX creator's perspective on hyperbolic marketing
Carson Gross, HTMX's creator, appeared in the discussion expressing discomfort with hyperbolic articles promoting his library, preferring a "chill vibe" and recommending users also try Unpoly, another hypermedia library.Real-world HTMX implementation challenges
A startup founder shared their experience moving away from HTMX to React, citing complexity in response handling, multiple HTML fragments per endpoint, and lack of established best practices at scale as key issues.Framework adoption philosophy and "LLM tax"
Discussion around choosing technologies based on LLM training data availability, with developers finding React more productive due to better AI code generation, while others debated whether tools should be chosen for AI compatibility.