Windows++: C++ Application Framework for Windows by Paul DiLascia (pauldilascia.com)

Paul DiLascia presents Windows++, a lightweight C++ framework for building Windows applications without relying on MFC’s size or message maps. The library wraps the WinAPI, hides WinMain, and is small enough for early self-contained applet-style use, running from legacy Windows versions up to XP. It includes sample programs and aims to serve both as a starter framework and as educational material, alongside a related book on reusable Windows code.

How to Write Unmaintainable Code (1999) (doc.ic.ac.uk)

The article is a satirical, intentionally harmful list of “techniques” for writing code that is hard to maintain, aiming to ensure future developers struggle to make even simple changes. It recommends behaviors like misleading or outdated comments, confusing naming and formatting, excessive nesting, and avoiding helpful documentation and modular structure. While presented as advice, it is clearly framed as a cautionary critique of practices that sabotage readability, correctness, and maintainability.

Naming rights to street auctioned in San Francisco (paintastreet.com)

A street in San Francisco is set to be named through a public auction process, with bidders vying for the naming rights.

Claude Code Found a Linux Vulnerability Hidden for 23 Years (mtlynch.io) AI

Anthropic researcher Nicholas Carlini says he used Claude Code to identify multiple remotely exploitable Linux kernel vulnerabilities, including an NFSv4 flaw that had remained undiscovered since 2003. The NFS bug involves a heap buffer overflow triggered when the kernel generates a denial response that can exceed a fixed-size buffer. Carlini also reported that newer Claude models found far more issues than older versions, suggesting AI-assisted vulnerability discovery could accelerate remediation efforts.

Scientists are working on "everything vaccines" (economist.com)

The article explains why vaccines can lose effectiveness when viruses mutate, citing recent flu strains that changed after the World Health Organisation had selected variants. It describes ongoing research into “everything vaccines” that could offer broader protection—potentially covering whole families of pathogens or even multiple categories like bacteria and allergens—from a single shot.

Age verification on Systemd and Flatpak (cybrkyd.com)

The article argues that Apple’s rollout of age verification for iPhone and iPad in the UK may be overreaching beyond what current UK law requires, and suggests it could be a test case for future requirements elsewhere. It notes that the Linux ecosystem is also considering similar measures, citing work in systemd and discussions around implementing age verification in Flatpak tied to California’s law. The author questions how “adult proof” would work in practice for local users and who would be trusted to verify or update age data.

50 years measuring the cleanest air (csiro.au)

Australia is marking 50 years of continuous atmospheric monitoring at the Kennaook/Cape Grim baseline air station in northwest Tasmania, which measures greenhouse gases, ozone-depleting substances and many other trace pollutants. The site was selected for its exposure to clean Southern Ocean air, and data collected since 1 April 1976 has supported climate research and international tracking of emission-reduction efforts. The article notes that long-term records show rising CO₂ from human activities alongside declines in pollutants such as CFC-11, consistent with the Montreal Protocol.

Bourbon waste could provide next-gen supercapacitor components (spectrum.ieee.org)

Researchers at the University of Kentucky report proof-of-concept supercapacitor electrodes made by converting wet bourbon distillery “stillage” into carbon materials using hydrothermal carbonization. They say the resulting activated carbon can produce double-layer capacitors with performance comparable to commercial supercapacitors, and that hard-carbon derived from the same waste can enable lithium- or sodium-ion hybrid devices. The team is still working on scaling and a techno-economic assessment to determine whether the approach could become commercially viable for electric vehicles and grid storage.

The FAA’s flight restriction for drones is an attempt to criminalize filming ICE (eff.org)

The Electronic Frontier Foundation argues that a nationwide FAA “temporary” drone flight restriction, in place for about 21 months, is effectively designed to deter or criminalize filming immigration enforcement by limiting drone flights near ICE and CBP vehicles. EFF says the rule prevents operators from giving fair notice and could lead to criminal/civil penalties or seizure and destruction of drones, while also violating First and Fifth Amendment protections and FAA requirements for justification and contact for news access. EFF and media groups have urged the FAA to rescind the restriction and say they have not received a response.

Fake Fans (wordsfromeliza.com)

The article argues that digital marketing firms can manufacture or amplify music fandom by using tactics like fake accounts and scripted social media engagement, shifting the burden of promotion away from artists. Using examples from the Billboard interview and mentions of artists on Chaotic Good Projects’ site, the writer describes how “narrative” and “UGC” campaigns aim to control online discourse and simulate organic trends. It also reflects on how algorithm-driven discovery makes genuine fan behavior harder to distinguish from promoted activity.

Show HN: Travel Hacking Toolkit – Points search and trip planning with AI (github.com) AI

Show HN shares the “Travel Hacking Toolkit,” a GitHub project that wires travel-data APIs into AI assistants (OpenCode and Claude Code) using MCP servers and configurable “skills.” It can search award availability across 25+ mileage programs, compare points redemptions against cash prices via Google Flights data, check loyalty balances, and help plan trips using tools for flights, hotels, and routes. A setup script installs the MCP servers/skills and users can add API keys for deeper features like award and cash-price lookups.

Post Mortem: axios NPM supply chain compromise (github.com)

Axios says attackers briefly published two malicious npm versions (axios 1.14.1 and 0.30.4) after compromising the lead maintainer’s account via social engineering. The tampered packages pulled a rogue dependency (plain-crypto-js@4.2.1) that installed a remote access trojan on macOS, Windows, and Linux, and the versions were live for about three hours before removal. The post-mortem urges users who installed during the affected window (or who see the packages in their lockfile) to treat systems as compromised, remove the dependency, rotate credentials, and review network logs; it also outlines security changes such as using OIDC/immutable release processes and tightening GitHub Actions.

The house is a work of art: Frank Lloyd Wright (aeon.co)

The article argues that Frank Lloyd Wright’s architecture reflects broader features of American life, using his work to illustrate tensions between individuality and community, tradition and modernity, and ideals of progress against social realities.

Gold overtakes U.S. Treasuries as the largest foreign reserve asset (economictimes.indiatimes.com)

The article says gold surpassed U.S. Treasuries in 2026 to become the largest foreign reserve asset held by central banks, reflecting record bullion buying and a sharp price rally. It notes official gold holdings have reached roughly 36,000 metric tons (near $4 trillion), exceeding Treasuries held abroad for the first time since the mid-1990s. Demand is attributed mainly to reserve diversification, inflation and fiscal concerns, and geopolitical risk, even as the U.S. dollar remains the dominant reserve currency overall.

What changes when you turn a Linux box into a router (patrickmccanna.net)

The article explains what Linux turns “on” when you repurpose a multi-homed host as a router or switch, focusing on seven configuration changes. It walks through enabling kernel IP forwarding, using a bridge to unify wired and wireless interfaces at Layer 2, and how Linux’s netfilter hook points (PREROUTING/INPUT/FORWARD/OUTPUT/POSTROUTING) are used for filtering, address translation, and related packet handling. It also covers practical components like sysctl for persistence and tools such as nftables/conntrack and hostapd for Wi‑Fi access-point bridging behavior.

Run Linux containers on Android, no root required (github.com)

Podroid is a GitHub project that lets Android users run Linux containers without root by launching a lightweight Alpine Linux VM via QEMU and then running Podman inside it. The app provides a built-in serial terminal with keyboard/TUI support, includes networking with port forwarding to the Android host, and persists installed packages and pulled container images across restarts.

Herbie: Automatically improve imprecise floating point formulas (herbie.uwplse.org)

The Herbie tutorial explains how the tool rewrites floating-point expressions to improve numerical accuracy, showing both a simple example and a more realistic workflow. It walks through locating a buggy math expression in math.js, translating complex-number square-root code into Herbie-friendly inputs, and using Herbie’s alternatives to produce a more accurate implementation using techniques like cancellation handling and hypot. The guide also notes that Herbie can trade accuracy for speed and provides derivations and options for applying results back in code.

Delve removed from Y Combinator (ycombinator.com)

Delve, a company listed in Y Combinator’s portfolio, has been removed from the Y Combinator website, though the reason for the removal is not provided in the available information.

Emotion concepts and their function in a large language model (anthropic.com) AI

Anthropic reports a new interpretability study finding “emotion concepts” in Claude Sonnet 4.5: internal neuron patterns that activate in contexts associated with specific emotions (like “afraid” or “happy”) and affect the model’s behavior. The paper argues these emotion-like representations are functional—causally linked to preferences and even riskier actions—while stressing there’s no evidence the model subjectively feels emotions. It suggests developers may need to manage how models represent and react to emotionally charged situations to improve reliability and safety.

Artemis II crew take “spectacular” image of Earth (bbc.com)

NASA has released the first high-resolution photos taken by the Artemis II crew from inside the Orion capsule as the mission reaches the halfway point to the Moon. Commander Reid Wiseman captured an image of Earth (“Hello, World”) showing the Atlantic, atmospheric glow, auroras and Venus, along with views of the day-night “terminator” and Earth in near-darkness. Artemis II is now on a looped path that will take the crew around the Moon’s far side before returning to Earth for a splashdown in the Pacific.

Three main saturated fats raise your cholesterol (empirical.health)

The article argues that saturated fat’s cholesterol-raising effects are driven mainly by three specific fatty acids—lauric, myristic, and palmitic—especially palmitic and myristic, which increase LDL cholesterol and ApoB. It notes that stearic acid (common in dark chocolate) has little impact on LDL because it’s rapidly converted in the body, while coconut oil contains several of the cholesterol-raising fats and can raise LDL. The piece concludes that limiting saturated fat helps most when it’s replaced with unsaturated fats (rather than refined carbohydrates), aligning with evidence that reducing LDL/ApoB lowers cardiovascular risk.

Update on the eBay Scam (kevquirk.com)

After reporting a suspected eBay scam and asking for help, the author received an automated notice that the other account was suspended/terminated. They report that their payment has not yet been taken and eBay has not asked for a refund, so they plan to re-list the watch at a discounted price. The author says they may have to return the funds if eBay later requests it.

Async Python Is Secretly Deterministic (dbos.dev)

The post explains how DBOS’s Python durable workflow library makes concurrent asyncio workflows replay-safe by enforcing a deterministic step order. It describes how Python’s single-threaded event loop schedules tasks in FIFO order and shows how the @Step decorator can assign step IDs before the first await to keep step mapping consistent during recovery.

How to Make a Sliding, Self-Locking, and Predator-Proof Chicken Coop Door (2020) (backyardchickens.com)

The article provides step-by-step instructions to build a DIY vertical sliding chicken coop door that can be pulled closed with an external string, self-locks from the inside, and is designed to prevent predators from reaching or lifting the latch. It lists required hardware, explains how to size and cut the doorway and tracks, and describes using either a counterweight (with twine/string) or an alternate spring-lock setup to engage the latch as the door lowers.

Firm boosts H.264 streaming license fees from $100k up to staggering $4.5M (tomshardware.com)

Via Licensing Alliance (Via LA) has restructured H.264/AVC streaming patent license fees, replacing a flat $100,000 annual cap with tiered rates that can reach $4.5 million per year for the largest platforms. The change applies only to new licenses for unlicensed implementers starting in 2026 or later, while existing licensees were grandfathered. The move follows similar—and more damaging—fee hikes for HEVC/H.265 that reportedly caused licensing and even device bans in some markets, and it adds to broader increases from other codec patent pools.