Solana Drift Protocol drained of $285M via fake token and governance hijack (anonhaven.com)

On April 1, 2026, Drift Protocol on Solana was drained of about $285 million after attackers used a fake token and governance takeover rather than a smart-contract bug. The exploit followed a multi-week preparation: the attackers seeded a small liquidity pool to manufacture collateral value, used durable nonces and social engineering to get Security Council signers to pre-approve transactions, then removed a timelock to execute admin actions quickly. Stolen assets were converted and moved off Solana via CCTP, with TRM Labs and other analysts attributing the operation to DPRK-linked hackers. The incident caused major knock-on losses across multiple DeFi platforms and sharply reduced Drift’s total value locked.

The Technocracy Movement of the 1930s (donotresearch.substack.com)

The article revisits the 1930s technocracy movement led by Howard Scott, which envisioned replacing democracy with an engineer-run, centralized system based on “energy accounting” and measurable social management. It describes how the movement gained a large following amid the Great Depression, then faded after public criticism and Scott’s lack of credentials. The author argues that modern tech elites echo technocracy’s ideas—using data, algorithms, and the belief that technology alone can transform society—while also drawing parallels to anti-democratic views and the pursuit of efficiency.

Go on Embedded Systems and WebAssembly (tinygo.org)

TinyGo is an LLVM-based Go compiler aimed at “small places,” letting developers build and run Go programs on a wide range of microcontroller boards and also compile to compact WebAssembly (WASM) for browsers and WASI-enabled server/edge environments.

If you're running OpenClaw, you probably got hacked in the last week (old.reddit.com)

The post warns system administrators that deployments of OpenClaw may have been targeted and compromised within the past week, urging them to check for signs of intrusion and review their security posture. It emphasizes that users running the software should treat recent alerts seriously and take immediate mitigation steps.

We replaced RAG with a virtual filesystem for our AI documentation assistant (mintlify.com) AI

Mintlify says it replaced RAG-based retrieval in its AI documentation assistant with a “virtual filesystem” that maps docs pages and sections to an in-memory directory tree and files. The assistant’s shell-like commands (e.g., ls, cd, cat, grep) are intercepted and translated into queries against the existing Chroma index, with page reassembly from chunks, caching, and RBAC-based pruning of inaccessible paths. By avoiding per-session sandbox startup and reusing the already-running Chroma database, the team reports cutting session boot time from about 46 seconds to ~100 milliseconds and reducing marginal compute cost.

Understanding young news audiences at a time of rapid change (reutersinstitute.politics.ox.ac.uk) AI

The Reuters Institute report synthesizes more than a decade of research on how 18–24-year-olds access and think about news amid major media and technology change. It finds young audiences have shifted from news websites to social and video platforms, pay more attention to individual creators than news brands, and consume news less frequently and with less interest—often saying it is irrelevant or hard to understand. The study also highlights greater openness to AI for news, alongside continued concerns about fairness and perceived impartiality, and it concludes publishers need to rethink both distribution and news relevance for younger people.

iNaturalist (inaturalist.org)

iNaturalist is a community platform where people record and share observations of plants and animals. It lets users keep life lists, get help identifying organisms through a crowd, and contribute data to biodiversity research repositories such as GBIF. The site also supports participation in projects, including organizing bioblitz events, and works via mobile apps for offline use.

Good ideas do not need lots of lies in order to gain public acceptance (2008) (blog.danieldavies.com)

Daniel Davies argues that credible ideas don’t require deception to win public acceptance, using examples from accounting and forecasting. He applies the logic to the Iraq War, saying that repeated false or dishonest claims about WMDs should be discounted entirely rather than selectively trusted, and that the lack of audit and accountability for forecasts leads to avoidable policy errors. He also suggests that known untrustworthy claims were effectively granted “the benefit of the doubt,” with real-world consequences.

The True Shape of Io's Steeple Mountain (weareinquisitive.com)

A science-content team says popular artwork of Io’s “Steeple Mountain” (Dis Mons) has its height and steepness overstated, largely due to misleading shadows from the mountain’s position near the day-night terminator in Juno photos. Using a Juno-based global map and the geometry of the observed shadow, they reconstruct an alternative, scaled appearance closer to estimates of the feature’s roughly 7 km height. The article also describes how Io’s volcanic heating from tidal forces and deep faulting tectonics shape mountains like Dis Mons.

Cursor 3 (cursor.com) AI

Cursor has released Cursor 3, a redesigned, agent-first workspace intended to make it easier to manage work across multiple repositories and both local and cloud agents. The update adds a unified agents sidebar (including agents started from tools like GitHub and Slack), faster switching between local and cloud sessions, and improved PR workflows with a new diffs view. It also brings deeper code navigation (via full LSPs), an integrated browser, and support for installing plugins from the Cursor Marketplace.

Google releases Gemma 4 open models (deepmind.google) AI

Google DeepMind has released Gemma 4, a set of open models intended for building AI applications. The page highlights capabilities such as agentic workflows, multimodal (audio/vision) reasoning, multilingual support, and options for fine-tuning. It also describes efficiency-focused variants for edge devices and local use, along with safety and security measures and links to download the model weights via multiple platforms.

Bun: cgroup-aware AvailableParallelism / HardwareConcurrency on Linux (github.com)

Bun PR #28801 makes Linux’s `navigator.hardwareConcurrency` and `os.availableParallelism()` cgroup-aware so containers report constrained CPU limits instead of host core counts. It routes CPU core detection through a WebKit-side `WTF::numberOfProcessorCores()` that considers `sched_getaffinity` and the cgroup `cpu.max` quota, aiming to prevent containers from spawning too many threads and hitting throttling/latency issues. The change also updates Bun’s internal thread/JSC sizing to use the same core-count source, with notes that cgroup CPU limit changes at runtime are not automatically re-detected.

Category Theory Illustrated – Types (abuseofnotation.github.io)

The article explains how “types” serve as an alternative foundation for mathematics by preventing Russell’s paradox from arising. It contrasts set theory (notably ZFC) with Russell’s type theory, emphasizing that terms are restricted to specific types, which blocks self-containing constructions. It also situates types within category-theoretic thinking by framing types as the sources and targets of functions (arrows) and notes that there are many related type-theory formulations (type systems).

Tailscale's new macOS home (tailscale.com)

Tailscale explains a macOS issue where its menu-bar icon can become hidden behind the notch on certain MacBook models, including a temporary warning-based workaround using occlusion detection. The company also points to its newer windowed macOS interface (enabled by default in recent releases) as the more practical fix, offering device management and key features like ping, Taildrop, and exit-node selection in a standard window.

Show HN: TurboQuant for vector search – 2-4 bit compression (github.com) AI

Show HN spotlights py-turboquant (turbovec), an unofficial implementation of Google’s TurboQuant vector-search method that compresses high-dimensional embeddings to 2–4 bits per coordinate using a data-oblivious random rotation and math-derived Lloyd-Max quantization. The project is implemented in Rust with Python bindings via PyO3 and emphasizes zero training and fast indexing. Benchmarks on Apple Silicon and x86 compare favorably to FAISS (especially at 4-bit) in speed while achieving comparable or better recall, with much smaller index sizes than FP32.

Intel Assured Supply Chain Product Brief (intel.com)

Intel’s product brief outlines its Intel® Assured Supply Chain (Intel® ASC) initiative, which is intended to improve transparency and security across the semiconductor supply chain. It focuses on providing a digitally attestable chain of custody for chips to help address risks such as counterfeit components and firmware attacks, including for data center, server, and PC processors. The document describes Intel’s approach to manufacturing “corridors” and secure digital attestation features and notes that it is designed to support stakeholders and align with industry security frameworks.

Critics say EU risks ceding control of its tech laws under U.S. pressure (politico.eu)

EU lawmakers criticized the European Commission for exploring a new EU-U.S. “dialogue” on enforcing the Digital Services Act and Digital Markets Act, arguing it could undermine the bloc’s control of its tech rules. Critics say involving U.S. officials would create a back door for Washington and risk turning enforcement into leverage in broader trade talks. The Commission said the EU rulebook is “not up for negotiation,” but opponents urged clarity and, if needed, steps to counter U.S. coercion.

NHS staff refusing to use FDP over Palantir ethical concerns (freevacy.com)

The report says an increasing number of NHS staff are refusing or avoiding work on the Federated Data Platform run by Palantir, citing ethical concerns about the US company’s defence links and leadership. Despite the reported “workplace adjustment,” many hospital trusts are still using the platform, which is said to have met delivery targets. MPs and unions are pressuring ministers to remove Palantir from NHS systems, with discussion of using a contract break clause.

TDF ejects its core developers (meeksfamily.uk)

Michael Meeks argues that The Document Foundation’s board majority has removed longtime “core” developers, citing declining developer representation on the board and concerns about governance and electoral accountability. He supports the claim with background on board affiliations and commit activity, and contrasts a stated “meritocracy” with what he describes as disenfranchising contributors without clear justification. Meeks says his team is refocusing on LibreOffice/Collabora Office development and invites others to get involved.

US F-15E jet confirmed shot down over Iran as Tehran releases wreckage images (theguardian.com)

A US F-15E Strike Eagle was shot down over Iran, leading to a US rescue and search effort for its two crew members after Iranian state media released images of wreckage and initially claimed a different aircraft was hit. One crew member was later reported rescued, while additional footage showed US rescue helicopters operating in Iranian airspace as Tehran released further claims about the crew, including that a pilot was taken into custody. US officials later confirmed the aircraft loss off the record, and the incident marked the first confirmed US fighter downing over Iran since the war began.

ESP32-S31: Dual-Core RISC-V SoC with Wi-Fi 6, Bluetooth 5.4, and Advanced HMI (espressif.com) AI

Espressif announced the upcoming ESP32-S31, a dual-core 32-bit RISC-V SoC combining Wi‑Fi 6, Bluetooth 5.4 (including LE Audio and mesh), and IEEE 802.15.4 for Thread/Zigbee, plus a 1Gbps Ethernet MAC. The chip targets next-generation IoT devices with a 320MHz core, multimedia-oriented HMI features (camera/display/touch and graphics acceleration), security hardware (secure boot, encryption, side-channel and glitch protections, and TEE), and support for ESP-IDF and Matter-related frameworks.

Decisions that eroded trust in Azure – by a former Azure Core engineer (isolveproblems.substack.com)

A former Azure Core engineer argues that Microsoft’s Azure trust was undermined by costly, unrealistic engineering plans—such as considering porting large parts of Windows-era functionality to tiny Overlake/accelerator hardware and carrying an excessive number of management agents without clear justification. The author describes how the effort ran into practical scaling limits and a lack of detailed understanding across teams, contributing to delays and damaging credibility with customers and the US government.

Solar and batteries can power the world (nworbmot.org)

The article argues that sharply falling solar and battery costs could make them the dominant electricity source for most of the world, with solar-plus-storage supplying about 90% of electricity for roughly 80% of people at under 80 €/MWh in a 2030 scenario (including a small amount of backup fuel). It notes that higher costs concentrate in high northern latitudes because winter sunshine is low, where adding wind or other low-carbon sources can help. The author also stresses that results depend on assumptions about battery prices, backup fuel costs, grid and land constraints, and seasonal demand not being modeled.

SSH certificates: the better SSH experience (jpmens.net)

The article walks through how SSH client trust currently relies on TOFU and static keys (including what happens when host keys change), then argues for using SSH certificate authorities to eliminate per-host key deployment and noisy verification steps. It explains practical benefits like automatic host-key rotation without warnings, centralized trust via ssh_known_hosts, and policy controls such as allowed users, source IP restrictions, and time-limited access. The post then begins outlining how to set up an SSH CA and issue user/host certificates using ssh-keygen.

Show HN: Apfel – The free AI already on your Mac (apfel.franzai.com) AI

Show HN project Apfel presents a free, on-device AI for macOS Apple Silicon that exposes Apple’s built-in language model as a terminal CLI, an OpenAI-compatible local HTTP server, and an interactive chat. The tool is designed to run inference locally with no API keys or network calls, and it supports features like streaming and JSON output for use with existing OpenAI client libraries. The post also highlights related companion tools in the “apfel family,” such as a GUI and clipboard-based actions.