US Court nullifies FTC requirement for click-to-cancel (arstechnica.com | comments) A U.S. court has nullified the Federal Trade Commission's (FTC) requirement for subscription services to provide a 'click-to-cancel' option, ruling that the FTC did not follow the required regulatory process. This decision impacts how easily consumers can cancel services they no longer want.

• FYI: Everyone just use privacy.com It allows you to make virtual cards that are single use. So if a merchant keeps trying to charge you, it will automatically decline. Until the powers that be gets its act together and stops allowing businesses to run all over us...this is the way.

Bulgaria to join euro area on 1 January 2026 (europa.eu | comments) Bulgaria is set to adopt the euro as its currency starting January 1, 2026, as confirmed by the European Central Bank (ECB). This move marks a significant step in Bulgaria's integration into the Eurozone, aiming to enhance economic stability and strengthen ties with other EU member states that have already adopted the euro.

• the Euro has lost almost half of its purchasing power since its creation. bulgarians want the Euro so much, that they have to run tv ads, "we will become more wealthy by introducing the Euro", what? how will that happen, if you need more money to buy same or less products/services? lmao

Supabase MCP can leak your entire SQL database (generalanalysis.com | comments) Exploring the vulnerabilities of Supabase's Model Context Protocol (MCP), this analysis reveals how attackers can exploit its integration to access private SQL database tables. While MCP enhances the capabilities of large language models (LLMs) in interacting with external tools, it simultaneously opens new risk avenues for data breaches.

• I have been reading HN for years. The exploits used to be so clever and incredible feats of engineering. LLM exploits are the equivalent of "write a prompt that can trick a toddler."
• If you're hooking up an LLM to your production infrastructure, the vulnerability is you.

Breaking Git with a carriage return and cloning RCE (dgl.cx | comments) CVE-2025-48384 reveals a vulnerability in Git that can lead to remote code execution on Unix-like systems when using 'git clone --recursive' on untrusted repositories. This occurs due to improper handling of carriage return characters in configuration files, potentially allowing malicious paths to bypass validation. Users are urged to update to the latest Git versions to mitigate this risk.

• "trivial modification of an existing exploit"... Why git does not use Landlock? I know it is Linux-only, but why? "git clone" should only have r/o access to config directory and r/w to clone directory. And no subprocesses. In every exploit demo: "Yep, <s>it goes to a square hole</s> it launches a calculator".

GlobalFoundries to Acquire MIPS (mips.com | comments) GlobalFoundries has announced its definitive agreement to acquire MIPS, enhancing its portfolio with advanced RISC-V processor intellectual property and software tools aimed at real-time computing applications in fields such as autonomous mobility and industrial automation. The acquisition is set to bolster GlobalFoundries' capabilities in AI and computational technology.

• Suddenly another company that has (old?) fabs and a cpu design team in-house This could be interesting to see how much they try to loss-lead to get market share in the low-end
• How are the various riscv cpu IP vendors generally doing financially? Is this the very beginning of a market consolidation?

Google can now read your WhatsApp messages (neowin.net | comments) Google has introduced a feature that enables its AI, Gemini, to access third-party applications like WhatsApp, even if users have disabled the Gemini Apps Activity setting. The article provides detailed instructions on how users can prevent this access to safeguard their messages and account privacy.

• The whole situation with Gemini Apps Activity setting is so frustrating. Even if I pay for Gemini Pro, the only way to make sure there will be no human looking at your chats is to set Apps Activity to off, which means you don't have any history for Gemini chats, even for the messages from a minute ago.

NuxtLabs is joining Vercel (nuxtlabs.com | comments) NuxtLabs, a company known for its contributions to the Nuxt.js ecosystem, is being integrated into Vercel, the platform popular for hosting frontend applications. This acquisition is expected to strengthen Vercel's offerings in server-side rendering and static site generation capabilities.

• Ugh. Can they not? Who do I talk about them not? NuxtLabs was doing great work building out support for Cloudflare, making it a viable alternative to Vercel. Now, I'm sure all that work will get dropped and we'll be stuck with only Vercel being a first-class host for Nuxt-based applications.

Taking over 60k spyware user accounts with SQL injection (ericdaigle.ca | comments) An exploration into the Catwatchful spyware service reveals significant vulnerabilities, allowing unauthorized access to over 60,000 user accounts. The author outlines the process of creating a test account and highlights the stealth features of the spyware app, emphasizing its surprising functionality and ease of data extraction.

• > The live photo and microphone options are particularly creepy, successfully taking a photo or recording and uploading it for me to view near-instantly on the control panel without giving the phone user the slightest sign that anything is amiss Oh dear.

Bootstrapping a side project into a profitable seven-figure business (projectionlab.com | comments) A detailed account provides insights on transitioning a side project into a successful business, achieving an annual recurring revenue (ARR) of $1 million without external funding. The author shares strategic decisions, challenges faced, and lessons learned during this entrepreneurial journey, making it a valuable resource for aspiring business founders.

• Congrats! I'm a customer. Haven't used it too much but so far I like having it to check in periodically. One wish list item: live securities prices to avoid having to copy/paste values all the time. For example, with that you can have a live snapshot of the values in most brokerages

Blind to Disruption – The CEOs Who Missed the Future (steveblank.com | comments) The article critiques CEOs who failed to anticipate disruption in their industries, highlighting case studies of leaders whose decisions led to significant financial losses and company declines. By analyzing their errors, the text aims to provide insights into strategic foresight and the necessity of adapting to changes in market dynamics.

• History is full of examples of execs hedging on the wrong technology, arriving too early, etc.
• Innovators Dilemma, mentioned here, is great. If you enjoyed this article, don't overlook that recommendation.
• The article seemed more apropos to the US automobile industry than SaaS.

On The Meaning of Ritual (alicemaz.substack.com | comments) The text explores the significance of ritual in the Confucian text 'Xunzi'. It examines how rituals contribute to social order and moral development within society.

Firefox is fine. The people running it are not (theregister.com | comments) The article critiques the management of Firefox's parent company, Mozilla, suggesting that while the Firefox browser remains technically sound, issues stem from ineffective leadership, implying a disconnect between the product's quality and the company's direction.

• > Mozilla's leadership is directionless and flailing because it's never had to do, or be, anything else. It's never needed to know how to make a profit, because it never had to make a profit. It's no wonder it has no real direction or vision or clue: it never needed them. It's role-playing being a business.

Can an email go 500 miles in 2025? (tedunangst.com | comments) The piece humorously reflects on a fictional scenario where a university president struggles to send an email beyond 500 miles, questioning if technology can overcome such barriers by 2025. It discusses coding techniques for nonblocking connections and explores potential improvements in email delivery, also indicating experimentation with server connections across the U.S.

• I thought this was about consolidation of email providers so your email never leaves a single datacenter: "10 years ago we couldn't send an email 500 miles, but these days we can't send it 500 miles because it just routes internally." Too bad, I think that would have been more interesting to read.

Reflections on 2 years of CPython's JIT Compiler (fidget-spinner.github.io | comments) The blog post reflects on two years of developing CPython’s Just-In-Time (JIT) compiler, focusing on community-building successes and areas needing improvement. The author highlights progress in collaboration and teachability, while acknowledging performance issues that still exist in the JIT's current experimental phase.

• According to the promises of the Faster CPython Team, the JIT with a >50% speedup should have happened two years ago. Everyone knows Python is hard to optimize, that's why Mojo also gave up on generality. These claimed 20-30% speedups, apparently made by one of the chief liars who canceled Tim Peters, are not worth it. Please leave Python alone.

What Microchip doesn't (officially) tell you about the VSC8512 (serd.es | comments) The article outlines specific challenges faced while utilizing the VSC8512, a physical layer (PHY) Ethernet switch from Microchip. It highlights the limitations of documentation, particularly pertaining to adjusting SERDES TX equalization settings, and shares insights from various resources. The author expresses frustration with the need for a non-disclosed reference manual while detailing findings from available publicly-sourced documents and support. The analysis hints at broader implications for similar products in the same line.

• I wish that Microchip would officially publish the programming algorithms and EE bit maps for the Atmel ATF16V8, ATF22V10 SPLDs and ATF15xx CPLDs. They've been mostly reverse-engineered (or otherwise figured out), but it'd be nice to have those published in the open. The ATF15xx have BSDL files released, but that's only for testing/bypass.

# [derive(Clone)] Is Broken (rgbcu.be | comments) `#[derive(Clone)]`, a key feature in Rust programming, is reportedly failing along with other standard trait derivations, leading to potential disruptions. The author emphasizes that this isn't just an isolated issue, indicating a broader concern with the Rust feature set that's critical for developers relying on these capabilities.

• Haskell does this. If you derive Eq, it puts a condition on the generic parameter(s) requiring them to be Eq as well. Then if you use it with something that doesn’t implement Eq, your generic type doesn’t either. It helps if you can express these preconditions in the first place, though.

Ptar: Replacing .tgz for petabyte-scale S3 archives (plakar.io | comments) The article presents a technical exploration of .ptar, a new file format designed to optimize storage for large-scale data archives on Amazon S3, replacing the traditional .tgz format. It highlights the advantages of .ptar, such as improved compression and efficiency, making it well-suited for handling petabyte-scale datasets.

• Are people really using gzip in 2025 for new projects? Zstd has been widely available for a long time. Debian, which is pretty conservative with new software, has shipped zstd since at least stretch (released 2017).
• How does this differ from zpaq and dwarFS? Zpaq is quite mature and also handles deduplication, versioning, etc.

Show HN: A rain Pomodoro with brown noise, ASMR, and Middle Eastern music (forgetoolz.com | comments) The Rain Pomodoro Timer combines soothing rain sounds, brown noise, ASMR, and Middle Eastern music to help users maintain focus during work sessions. The app offers a clutter-free interface that encourages uninterrupted productivity without requiring signup, enhancing the user experience with ambient sounds tailored for deep concentration.

• Looks nice, immediately wanted to multiselect audio (rain AND Middle East)
• This is really, really nice. Thank you for sharing it!
• Really appreciate all the responses and ideas here. If you think someone else might enjoy it, feel free to share it around. Thanks for checking it out!

Radium Music Editor (notam02.no | comments) Radium is an innovative music editor featuring a unique interface that accelerates editing and optimizes screen space through graphical representation of musical data. It integrates audio and MIDI multitracking capabilities, a modular mixer, and supports various audio plugins. Radium is designed to be user-friendly, catering to both novices and experienced users.

• This is almost exactly what I've been dreaming of: a tracker with a linear composition timeline and automation/modulation effect guides. Last year I even thought of just making my own, then got sidetracked. Hope this works as well as I dream. Not sure how I've never come across this one before.

Brut: A New Web Framework for Ruby (naildrivin5.com | comments) Brut introduces a new web framework for Ruby that prioritizes simplicity with no controllers or resource abstractions. It utilizes server-generated HTML and integrates features like OpenTelemetry-based instrumentation and a data access layer powered by the Sequel library. Users can set up apps quickly using Docker without needing Ruby installed, and it promotes good practices by default.

• This reminds me of Camping without the dynamic parent class constructor.
• Neat, this looks like it might be a good middle ground between Sinatra (which I adore) on the barebones/low-level end and Rails (which I also adore for apps that need it, but simple apps really don't). Looking forward to trying it out!

Smollm3: Smol, multilingual, long-context reasoner LLM (huggingface.co | comments) SmolLM3 is a new long-context reasoning language model developed by Hugging Face, designed to process multiple languages efficiently. It aims to enhance performance in tasks requiring understanding of longer texts, supporting various languages and potentially democratizing access to advanced AI capabilities.

• Nice work anton et al. I hope you continue the 50-100M parameter models. I think there is a case for models that finish fast on CPUs in solve by llm test cases.
• I wonder if this will be cheaper than llama 3.1 8b on OpenRouter.
• Can anyone estimate how much of the 3B is necessitated by multi-language support?

Show HN: Jukebox – Free, Open Source Group Playlist with Fair Queueing (jukeboxhq.com | comments) Jukebox is a free, open-source platform that transforms any device into a collaborative music playlist. Users can share a link to invite friends to contribute songs, ensuring a fair queuing system for music playback. The application supports a seamless interface across devices for group listening experiences.

• This is great. One little thing, after the last song in the playlist is over, it would be nice if the state remained in play mode so that when another song is added to the queue the new song would play right away. Also, I've been wanting something just like this but that would also play the video as well as audio.

Berry Script: lightweight embedded scripting language for microcontrollers (berry-lang.github.io | comments) Berry Script is a lightweight, dynamically typed embedded scripting language designed for low-performance microcontrollers, with an interpreter core under 40KiB and the ability to run on less than 4KiB of heap. It includes features such as a one-pass compiler, simple syntax, and supports various programming paradigms like imperative and object-oriented programming.

• Doesn't seem to have received any updates in the last 2 years. I'm wondering what the use cases are for this type of scripting in embedded systems, though?
• Why can't this just be an embeddable subset of some other well-known language instead of a brand new language? I've learned two dozen programming languages. I'm so tired.

Show HN: I built a tool to solve window management (aboveaverageuser.com | comments) Smart Switcher is a tool designed to enhance the experience of window management by automating the process of switching between applications. It utilizes a prediction algorithm that analyzes user behavior to suggest the most likely window a user wishes to access next. The tool logs window visit data to improve switching efficiency and aims to achieve streamlined workflows with reduced key presses.

• At least for the last three or four windows, I would want strict LRU behavior, because that’s automatic muscle memory. I could see a “smart” heuristic be potentially useful for less recently used windows, although I have a hard time imagining how that could be significantly predicted from prior use.

TIL you can make "GIFs" with SVGs for GitHub README.md files (koaning.io | comments) SVGs can now function like GIFs in GitHub README.md files, offering a lightweight alternative with a resolution of just 49Kb. Unlike traditional GIFs that display moving images, these animated SVGs provide clear and scalable graphics, enhancing visibility and user engagement without compromising on quality.

• This is very cool and useful for the readmes. Thank you for sharing I’m wondering what other applications this could have At least every CLI/terminal tool could use it to showcase their application
• It's pretty unintuitive that you can just copy text straight from an animation, but that's the neatest part of this!

Apple just released a weirdly interesting coding language model (9to5mac.com | comments) Apple has introduced a novel AI coding language model that generates code in a non-linear fashion, processing it all at once rather than sequentially. This departure from traditional coding models proposes unique ways of handling programming tasks, potentially redefining coding processes and efficiency.

• Zed are doing out-of-order edits with their model, I'm not sure what is new here. I strongly suspect that theirs works directly with the CRDT that the editor uses, because it's able to continue similar deletes for the user (deletes would otherwise be invisible to most autocomplete models). Apple's is open weights, so that's a big deal.

Show HN: OffChess – Offline chess puzzles app (offchess.com | comments) OffChess is an offline chess puzzle app offering over 100,000 puzzles for free, aimed at enhancing players' skills anytime, anywhere. The app features rated puzzles that adjust points based on performance, allows users to track their statistics, and offers multiple themes for personalization. It is available on both iOS and Android platforms.

• Nice, bought to replace 'chess tactics puzzles' the addition of rating changes sold me. Too late did I notice that there is no share fen button. I use that for harder puzzles when I want to understand why a given solution wouldn't work. Mostly just share to Chessis.

The Two Towers MUD (t2tmud.org | comments) The Two Towers MUD is a free, text-based multiplayer online roleplaying game set in J.R.R. Tolkien's Middle-earth during the events of 'The Lord of the Rings'. Established in 1994, it features an expansive world with over 100,000 rooms, countless quests, and a vibrant community of players who can join guilds and engage in collaborative gameplay.

• I spent many hours hogging the phone line to play btech 3056 back in high school. It was so cool talking to people all over the world. I wasn't very good at the actual game, however. I do remember encountering a bug where I was placed on a level-4 high building and I couldn't get off of it because my mech wouldn't let me intentionally fall.

Plants monitor the integrity of their barrier by sensing gas diffusion (nature.com | comments) Research reveals that plants can assess the integrity of their cellular barriers by detecting changes in gas diffusion, which may help them respond to environmental stressors. This discovery enhances understanding of plant physiology, particularly in relation to cell fate and regeneration processes vital for survival and adaptation.

• At what point will we see that plants are conscious, just in a different manner than animals colloquially?
• I find the subject of plant signaling - internal signaling as well as signaling between plants - even between different plant species - to be absolutely fascinating.

Exploring Coroutines in PHP (doeken.org | comments) Coroutines in PHP offer a powerful programming approach by allowing functions to pause and resume execution while maintaining state. This feature enables flexible and bidirectional control flow, enhancing how developers manage asynchronous processes and complex program flows, which is particularly valuable for handling intricate tasks in web applications.

The Miyawaki Method of micro-forestry (futureecologies.net | comments) The Miyawaki Method is gaining global attention for its ability to rapidly create dense, native tree cover in urban areas, appealing to environmental advocates and policymakers. Despite its popularity, professional ecologists have largely overlooked discussions on its effectiveness as the method's benefits are being debated.

• Works well in some ecosystems when people choose the right plant material. With the wrong ecosystem and the wrong plant material it's one of those ideas from the temperate core that fails in the tropical periphery.
• Podcast. There is a transcript, which is in fine print and not concise.