Hacker News
1CSS Grid Lanes
- CSS Grid Lanes is a new web layout feature now available in Safari Technology Preview that enables masonry-style layouts with just three lines of CSS. It automatically arranges content in columns like a photo gallery, placing items in whichever column gets them closest to the top, similar to how cars change lanes in traffic to move ahead.
Safari's improved interoperability progress
Users praise Safari's sudden jump to the top of interop-2025 rankings, noting major improvements in web standards support including WebGPU, OPFS API fixes, and field-sizing CSS. However, some criticize Safari's traditional release schedule versus other browsers' continuous updates, arguing it delays feature adoption for developers.CSS masonry layout usability concerns
Developers debate whether masonry/lane layouts are visually appealing but functionally problematic. Critics argue they make systematic content review difficult, with eyes bouncing unpredictably between columns, while supporters say they work well for visual browsing like Pinterest where systematic examination isn't needed.Grid lanes vs masonry naming and implementation
Discussion centers on the rename from "masonry" to "grid-lanes" for the CSS layout feature. Developers using the experimental "grid-template-rows: masonry" syntax wonder about migration, while others explain the extensive public debate over naming and implementation approaches across browser engines.
2Garage – An S3 object store so reliable you can run it outside datacenters
- Garage is a lightweight, self-contained distributed storage system designed for sysadmins. It runs on minimal hardware requirements (1GB RAM, 16GB disk, x86/ARM CPUs) and operates resilient across multiple datacenters over the Internet. The project has received European Union funding through NGI programs from 2021-2025.
Performance comparison between storage solutions
Users discuss Garage achieving ~5 Gbps vs MinIO's 20-25 Gbps performance, with alternatives like SeaweedFS showing strong benchmark results. RustFS appears underbaked with licensing concerns, while Ceph/Rook offers complexity tradeoffs.Database reliability and corruption concerns
Discussion centers on Garage's LMDB default being vulnerable to power loss corruption, requiring ZFS/BTRFS and regular snapshots. Users debate embedded KV store alternatives like RocksDB, SQLite, and SlateDB for better durability.Feature gaps compared to MinIO
Users highlight missing features including lifecycle management, object tags, automatic mirroring, limited ACLs, and inability to set custom keys, making migration from MinIO challenging for certain use cases.
3Backing Up Spotify
- Anna's Archive has created the world's first open music preservation archive by scraping Spotify's entire catalog, containing metadata for 256 million tracks and archiving 86 million music files totaling 300TB. The collection represents 99.6% of all Spotify listens and is distributed through torrents, prioritizing popular tracks at original quality while compressing less popular songs to save space.
Spotify DRM bypass and technical feasibility
Users express surprise that Spotify's DRM was cracked at scale, discussing technical methods and comparing it to historical music piracy sites like What.CD. Some debate the usefulness for average consumers versus researchers, while others suggest building streaming interfaces on top of the torrents.Implications for AI training and research
Discussion centers on whether this archive will benefit AI researchers working on music generation and classification, with debate about Anna's Archive's motivations and their enterprise offerings to AI companies despite claiming ideological rather than commercial goals.Artist compensation and music industry impact
Users debate whether this hurts artists, with many arguing Spotify already pays artists poorly and that most musicians earn from touring/merch rather than streaming royalties. Discussion includes comparisons to how Netflix lost content and concerns about music preservation.
4Airbus to migrate critical apps to a sovereign Euro cloud
- Airbus is preparing to tender a major contract worth over €50 million to migrate mission-critical workloads to a European sovereign cloud, seeking to avoid US jurisdiction under the CLOUD Act. The aerospace manufacturer gives only an 80/20 chance of finding a suitable provider, as European cloud providers may lack sufficient scale compared to US giants like Microsoft, AWS, and Google.
US-Europe relations and digital sovereignty
Europeans express concerns about US hostility toward the EU, citing Trump's plans to undermine European unity and annex territory. Many argue Europe needs digital independence similar to restrictions on Chinese tech, as the US is becoming untrustworthy and anti-European.Cloud provider alternatives and technical feasibility
Discussion of European cloud alternatives like Hetzner, OVH, and Telekom Cloud. Users debate whether moving from AWS/Azure is technically feasible, with some noting commodity nature of basic cloud services while others highlight vendor lock-in risks and pricing advantages of competitors.Historical context of tech dependence
Comments explore how Europe became dependent on US tech through post-WWII relationships, with some calling it colonialism rather than freeloading. Discussion includes examples of US corporate espionage against European companies and debate over NATO obligations versus digital sovereignty.
5NTP at NIST Boulder Has Lost Power
- NIST's Boulder campus lost power due to high winds and utility shutdowns for wildfire prevention on December 17, 2025. The atomic time scale failed when backup generators malfunctioned, causing Boulder Internet Time Services to lose accurate time reference. Multiple NIST time servers are affected and may be disabled to prevent incorrect time distribution.
Power outage and disaster response
NIST Boulder facility shut down due to 125 MPH winds and power outages. Xcel Energy proactively cut power to prevent wildfires after their $680M settlement for the 2021 Marshall Fire. Discussion covers backup generator failures and disaster planning adequacy.Time service redundancy and impact
Multiple commenters explain that NIST Boulder outage has minimal impact due to redundant stratum 1 servers worldwide, GPS satellites, and other time sources. Proper NTP configuration with diverse sources prevents issues from single point failures.NTP protocol and David Mills legacy
Discussion about NTP creator David L. Mills (1938-2024), educational resources about the protocol, and technical aspects like using NTP for monitoring temperature changes and frequency deviations as early warning systems.
6Go ahead, self-host Postgres
- The author argues that self-hosting PostgreSQL databases is much simpler and more cost-effective than commonly believed, challenging the narrative pushed by cloud providers. After running self-hosted Postgres for two years serving thousands of users, they found it stable and cheap with minimal operational overhead. They argue that managed database services like AWS RDS are essentially the same open-source Postgres with operational tooling, but at significantly higher costs. The article provides practical configuration advice and suggests self-hosting makes sense for most companies between startups and enterprise scale.
Cost and complexity comparison
Self-hosted PostgreSQL offers significantly better performance at a fraction of AWS costs, but cloud providers shift responsibility away from engineers. The "time is money" argument favors outsourcing for businesses, while tight budgets make self-hosting attractive.High availability challenges
PostgreSQL lacks simple "batteries-included" HA clustering compared to MongoDB. Solutions like Patroni, CloudNativePG, and Kubernetes operators exist but require significant setup complexity, leading many to accept PostgreSQL's single-node limitations.Self-hosting reliability and responsibility
Many report PostgreSQL being extremely reliable when self-hosted over decades. However, responsibility shifts matter - using cloud providers allows blaming external factors during outages, while self-hosting puts all accountability on internal teams.
7Privacy doesn't mean anything anymore, anonymity does
- The article argues that most companies claiming to prioritize privacy are actually engaging in "privacy theater" by collecting extensive personal data like emails, phones, and IDs while promising to protect it. True anonymity requires architectural decisions that make data collection impossible, as demonstrated by Mullvad VPN and Servury, which use only random credentials without storing any personal information, making user identification impossible even under legal pressure.
Credibility concerns about Servury's privacy claims
Users questioned Servury's ISO27001/SOC2 certifications and found discrepancies. The company initially logged IP addresses despite privacy claims, used Cloudflare (which compromises anonymity), and appeared to remove certification references after being called out.True anonymity vs privacy distinctions
Discussion centered on the difference between privacy (companies knowing who you are but keeping it private) and anonymity (companies not knowing who you are at all). Users debated whether true anonymity is achievable given fingerprinting and surveillance.Technical challenges of maintaining anonymity
Users explored how privacy-focused behaviors can paradoxically make you more identifiable, the importance of blending in with crowds, browser fingerprinting resistance, and the need for anonymous payment methods to achieve true anonymity online.
8LLM Year in Review
- 2025 marked significant paradigm shifts in LLMs including the emergence of Reinforcement Learning from Verifiable Rewards (RLVR) that enabled reasoning capabilities, recognition that AI intelligence is "jagged" rather than human-like, rise of specialized LLM apps like Cursor, Claude Code enabling AI agents on personal computers, "vibe coding" allowing programming through natural language, and early development of LLM GUIs that communicate through images rather than just text.
Claude code productivity gains
Users report Claude Code as highly productive, generating maintainable code that matches their style. Some claim 5x performance boosts and minimal manual coding. Debates exist over Cursor vs Claude Code, with discussions about local vs cloud inference and cost considerations.AI writing patterns contaminating human communication
Commenters notice LLM-style phrases like "it's not X, it's Y" appearing in human writing, including Karpathy's post. Users report changing their writing style to avoid being labeled as AI-generated, highlighting how AI language patterns are recursing back into society.Evolution of AI interaction paradigms
Discussion centers on agents running locally vs cloud-based tools, the shift from web interfaces to desktop "spirits," and concerns about power concentration. Users debate whether current tools truly represent local AI or just local interfaces to cloud services.
9TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy
- A security researcher conducted AI-assisted reverse engineering on TP-Link Tapo C200 cameras and discovered multiple vulnerabilities affecting 25,000 internet-exposed devices. The researcher obtained firmware from an open S3 bucket, decrypted it using existing tools, and used AI to analyze the code in Ghidra. They found vulnerabilities including hardcoded SSL private keys enabling traffic decryption, pre-authentication memory overflow in ONVIF SOAP XML parsing, HTTPS Content-Length integer overflow causing crashes, and authentication bypass allowing device hijacking through malformed JSON requests.
Security practices criticism
Debate over whether public firmware repositories constitute security failures. Some argue it's good transparency vs security through obscurity, while others note the real issues are hardcoded TLS keys and poor security practices throughout the product line.Network segmentation recommendations
Strong consensus on isolating IoT devices using VLANs, blocking internet access, and implementing strict firewall rules. Users share specific configurations and real-world examples of how unsegmented networks led to security breaches.Alternative firmware solutions
Discussion of open-source firmware like Thingino and OpenIPC as replacements for vulnerable stock firmware, though users note compatibility challenges and installation complexity for different hardware revisions.
10You can now play Grand Theft Auto Vice City in the browser
- The open-source reVC engine, a reimplementation of the classic GTA engine, now runs directly in web browsers through WebAssembly. This independent technology demo on DOS.Zone showcases how the iconic game operates in a modern web environment without requiring native installation.
Technical implementation and legality
Users discuss how the browser version was created using reVC reverse engineering project and emscripten compilation, debate copyright legality of hosting game assets, and share technical details about the decompilation process.Nostalgia and gameplay quality
Players reminisce about childhood memories, compare the 18-month development time to modern games, and argue that fun gameplay trumps realistic graphics, with many sharing links to other classic games playable in browsers.Copyright reform for old games
Discussion about making games older than 10 years open source, with counterarguments citing profitable older titles like GTA V still selling 20M copies annually, and suggestions for copyright reform with shorter terms or renewal fees.