frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Show HN: I built a free UCP checker – see if AI agents can find your store

https://ucphub.ai/ucp-store-check/
1•vladeta•4m ago•1 comments

Show HN: SVGV – A Real-Time Vector Video Format for Budget Hardware

https://github.com/thealidev/VectorVision-SVGV
1•thealidev•5m ago•0 comments

Study of 150 developers shows AI generated code no harder to maintain long term

https://www.youtube.com/watch?v=b9EbCb5A408
1•lifeisstillgood•5m ago•0 comments

Spotify now requires premium accounts for developer mode API access

https://www.neowin.net/news/spotify-now-requires-premium-accounts-for-developer-mode-api-access/
1•bundie•8m ago•0 comments

When Albert Einstein Moved to Princeton

https://twitter.com/Math_files/status/2020017485815456224
1•keepamovin•10m ago•0 comments

Agents.md as a Dark Signal

https://joshmock.com/post/2026-agents-md-as-a-dark-signal/
1•birdculture•11m ago•0 comments

System time, clocks, and their syncing in macOS

https://eclecticlight.co/2025/05/21/system-time-clocks-and-their-syncing-in-macos/
1•fanf2•13m ago•0 comments

McCLIM and 7GUIs – Part 1: The Counter

https://turtleware.eu/posts/McCLIM-and-7GUIs---Part-1-The-Counter.html
1•ramenbytes•15m ago•0 comments

So whats the next word, then? Almost-no-math intro to transformer models

https://matthias-kainer.de/blog/posts/so-whats-the-next-word-then-/
1•oesimania•17m ago•0 comments

Ed Zitron: The Hater's Guide to Microsoft

https://bsky.app/profile/edzitron.com/post/3me7ibeym2c2n
2•vintagedave•20m ago•1 comments

UK infants ill after drinking contaminated baby formula of Nestle and Danone

https://www.bbc.com/news/articles/c931rxnwn3lo
1•__natty__•20m ago•0 comments

Show HN: Android-based audio player for seniors – Homer Audio Player

https://homeraudioplayer.app
2•cinusek•21m ago•0 comments

Starter Template for Ory Kratos

https://github.com/Samuelk0nrad/docker-ory
1•samuel_0xK•22m ago•0 comments

LLMs are powerful, but enterprises are deterministic by nature

2•prateekdalal•26m ago•0 comments

Make your iPad 3 a touchscreen for your computer

https://github.com/lemonjesus/ipad-touch-screen
2•0y•31m ago•1 comments

Internationalization and Localization in the Age of Agents

https://myblog.ru/internationalization-and-localization-in-the-age-of-agents
1•xenator•31m ago•0 comments

Building a Custom Clawdbot Workflow to Automate Website Creation

https://seedance2api.org/
1•pekingzcc•34m ago•1 comments

Why the "Taiwan Dome" won't survive a Chinese attack

https://www.lowyinstitute.org/the-interpreter/why-taiwan-dome-won-t-survive-chinese-attack
2•ryan_j_naughton•34m ago•0 comments

Xkcd: Game AIs

https://xkcd.com/1002/
1•ravenical•36m ago•0 comments

Windows 11 is finally killing off legacy printer drivers in 2026

https://www.windowscentral.com/microsoft/windows-11/windows-11-finally-pulls-the-plug-on-legacy-p...
1•ValdikSS•36m ago•0 comments

From Offloading to Engagement (Study on Generative AI)

https://www.mdpi.com/2306-5729/10/11/172
1•boshomi•38m ago•1 comments

AI for People

https://justsitandgrin.im/posts/ai-for-people/
1•dive•39m ago•0 comments

Rome is studded with cannon balls (2022)

https://essenceofrome.com/rome-is-studded-with-cannon-balls
1•thomassmith65•44m ago•0 comments

8-piece tablebase development on Lichess (op1 partial)

https://lichess.org/@/Lichess/blog/op1-partial-8-piece-tablebase-available/1ptPBDpC
2•somethingp•46m ago•0 comments

US to bankroll far-right think tanks in Europe against digital laws

https://www.brusselstimes.com/1957195/us-to-fund-far-right-forces-in-europe-tbtb
3•saubeidl•47m ago•0 comments

Ask HN: Have AI companies replaced their own SaaS usage with agents?

1•tuxpenguine•50m ago•0 comments

pi-nes

https://twitter.com/thomasmustier/status/2018362041506132205
1•tosh•52m ago•0 comments

Show HN: Crew – Multi-agent orchestration tool for AI-assisted development

https://github.com/garnetliu/crew
1•gl2334•52m ago•0 comments

New hire fixed a problem so fast, their boss left to become a yoga instructor

https://www.theregister.com/2026/02/06/on_call/
1•Brajeshwar•54m ago•0 comments

Four horsemen of the AI-pocalypse line up capex bigger than Israel's GDP

https://www.theregister.com/2026/02/06/ai_capex_plans/
1•Brajeshwar•54m ago•0 comments
Open in hackernews

Linux address space isolation revived after lowering performance hit

https://www.phoronix.com/news/Linux-ASI-Lower-Overhead
195•teleforce•5mo ago

Comments

api•5mo ago
That's still really massive. It would only make sense in very high security environments.

Honestly running system services in VMs would be cheaper and just as good, or an OS like Qubes. VM hit is much smaller, less than 1% in some cases on newer hardware.

riedel•5mo ago
From reading the article that is the exactly also the feeling of the people involved. The question is if they are on track towards e.g. the 1% eventually.
eptcyka•5mo ago
VMs suffer from memory use overhead. Would be cool if the guest kernel would cooperate with the host on that.
traverseda•5mo ago
It will! For Linux hosts and Linux guests, if you use virtio and memory ballooning.
shortrounddev2•5mo ago
This was an issue for me a few years ago running docker on macOS. macOS required you to allocate memory to docker ahead of time, whereas Windows/Hyper-V was able to use memory ballooning in WSL2
api•5mo ago
It's possible to address this to some extent with ballooning memory drivers, etc.
jeroenhd•5mo ago
There's KSM that should help: https://pve.proxmox.com/wiki/Kernel_Samepage_Merging_(KSM)

Probably works best running VMs with the same kernel and software version.

infogulch•5mo ago
But that just seems to reintroduce the same problem again:

> However, while KSM can reduce memory usage, it also comes with some security risks, as it can expose VMs to side-channel attacks. ...

gpapilion•5mo ago
It makes sense in any environment you have two workloads sharing compute from two parties, public clouds.

The protection here is to ensure the vms are isolated. Without doing this there is the potential you can leak data via speculative execution across guests.

russdill•5mo ago
Look at it this way, any time a new side channel attack comes out the situation changes. Having this as a mitigation that can be turned on is helpful
bjackman•5mo ago
The next steps should make this much faster. Google's internal version generally gives us a sub-1% hit on everything we measure.

If the community is up for merging this (which is a genuine question - the complexity hit is significant) I expect it to become the default everywhere and for most people it should be a performance win Vs the current default.

But, yes. Not there right now, which is annoying. I'm hoping the community is willing to start merging this anyway with the trust we can get it to be really fast later. But they might say "no, we need a full prototype that's super fast right now", which would be fair.

Traubenfuchs•5mo ago
Sometimes something in me starts thinking about if this regularly occurring slowing of chips through exploit mitigation is deliberate.

All of big tech wins: CPUs get slower and we need more vcpu's and more memory to serve our javascript slop to end customers: The hardware companies sell more hardware, the cloud providers sell more cloud.

bzzzt•5mo ago
Why would big tech do this when customers bring it upon themselves by building Javascript slop?
worthless-trash•5mo ago
Big tech isnt running their stack on js.
bzzzt•5mo ago
Maybe, but their cloud customers certainly are.
worthless-trash•5mo ago
As long as the customer pays, why wouldn't they promote an option which makes them more profit?
tatersolid•5mo ago
All the large cloud-hosted infra I’ve encountered in my career were written in JIT or AOT compiled languages (C#, Java, Golang, etc.) This is basically necessary at any sort of scale.
surajrmal•5mo ago
Cloud usage is dominated by larger companies with much older codebases that predates modern js backend development.
Avamander•5mo ago
These types of mitigations have the biggest benefit when resources are shared. Do you really think cloud vendors want to lose performance to CPU or other mitigations when they could literally sell those resources to customers instead?
bzzzt•5mo ago
They don't lose anything since they sell the same instance which performs less with the mitigations on. Customers are paying because they need more instances.
robertlagrant•5mo ago
I imagine they're unable to squeeze as many instances onto their giant computers, though.
tracker1•5mo ago
There are 3-4 year old servers with slower/fewer cores still operating fine and newer servers operating as well. The generation improvements seem to outweigh a lot of the mitigations in question, not to mention higher levels of parallel work.
nebezb•5mo ago
Every CPU that isn’t pegged at 100% all the time is leaving money on the table. Some physical CPU capacity is reserved, some virtual CPU capacity is reserved, the rest goes to ultra-high-margin elastic compute that isn’t sold to you as a physical or virtual CPU. They sell it to you as “serverless,” it prints cash, and it absolutely depends on juicing every % of performance out of the chips.

edit: “burstable” CPUs are a fourth category relying on overselling the same virtual CPU while intelligently distributing workloads to keep them at 100%.

gpapilion•5mo ago
I think it’s more pragmatic. We can eliminate hyperthreading to solve this, or increase memory safety at the cost of performance. One is a 50% hit in terms of vcpus, the other is now sub 50%.
Traubenfuchs•5mo ago
They also need some phony justifications though.

Can't just turn off hyperthreading.

depingus•5mo ago
Sometimes its fun to engage in a little conspiratorial thinking. My 2 cents... That TPM 2.0 requirement on Windows 11 is about to create a whole ton of e-waste in October (Windows 10 EOL).
e2le•5mo ago
I'm not so sure. Many people still ran Windows XP/7 long after the EOL date. Unless Chrome, Steam, etc drop support for Windows 10, I don't think many people will care.
depingus•5mo ago
The home PC market is insignificant. The real volume is in corporate and government systems that will never run EOL Windows.

Side Note: Folks, don't run EOL operating systems at home. Upgrade to Linux or BSD, and your hardware can live on safely.

Avamander•5mo ago
> Folks, don't run EOL operating systems at home.

Especially not EOL Windows.

tsimionescu•5mo ago
There are many, many Windows XP systems still running today in many corporate and probably gov environments too. Even more Win 7 ones. There will be special contracts, workarounds, waivers, etc - all to avoid changing OS.
AlienRobot•5mo ago
Hey, it's not nice to call Linux users "e-waste."
kookamamie•5mo ago
Windows suffers from similar effects when Virtualization-Based Security is active.
Avamander•5mo ago
At the same time VBS is one of the biggest steps forward in terms of Windows kernel security. It's actually considered a proper security boundary.
munchlax•5mo ago
Funny that they called it VBS.

That's not something I'd easily associate with a step forward in security.

transpute•5mo ago
Hypervisor overhead should be low, https://www.howtogeek.com/does-windows-11-vbs-slow-pc-games/

What kind of workloads have noticeably lower performance with VBS?

kookamamie•5mo ago
We're working on HPC / graphics / computer-vision software and noticed a particularly nasty issue with VBS enabled just last week. Although, have to be mentioned it was on Win10 Pro.
kachapopopow•5mo ago
This most likely comes from IOMMU - disable it.
jychang•5mo ago
That’d break a lot of GPU setups
kachapopopow•5mo ago
Only if you want to virtualize it or have vms, for VBS it simply disables hardware pcie memory space isolation. (With IOMMU on, each pcie device gets an isolated memory buffer).
jeroenhd•5mo ago
It was measured to have a performance impact of up to 10%, with even higher numbers for the nth percentile lows: https://www.tomshardware.com/news/windows-vbs-harms-performa...

Overhead should be minimal but something is preventing it from working as well as it theoretically should. AFAIK Microsoft has been improving VBS but I don't think it's completely fixed yet.

BF6 requiring VBS (or at least "VBS capable" systems) will probably force games to find a way to deal with VBS as much as they can, but for older titles it's not always a bad idea to turn off VBS to get a less stuttery experience.

UltraSane•5mo ago
VBS requires hyper-v to be enabled and it "owns" the CPU virtualization hardware so I can't use VMware workstation which is very annoying.
davikr•5mo ago
Same. Have to disable VBS for VirtualBox, and it gets more and more obscure with each update because some features like Windows Hello force it back on.
bpye•5mo ago
VMWare Workstation [0] (and I thought VirtualBox - though I can't find any official docs [1]) should be able to use the Hyper-V hypervisor via WHP.

QEMU can also use WHP via --accel whpx.

[0] - https://techcommunity.microsoft.com/blog/virtualization/vmwa...

[1] - https://www.impostr-labs.com/use-hyper-v-and-virtualbox-toge...

deburo•5mo ago
It works indeed, but the performance drop is quite drastic.
UltraSane•5mo ago
As a network engineer I mainly like VMware workstation because of its awesome virtual network editor that lets me easily build complex topologies but it doesn't work when you use Hyper-V.
malkia•5mo ago
BF6 requires this? Is there any official article/link about this? Thank you!
password4321•5mo ago
The closest so far (I don't know the specifics of VBS vs. Secure Boot):

https://news.ycombinator.com/item?id=44805565 Secure Boot is a requirement to play Battlefield 6 on PC

> It's the Javelin Anti cheat system which forces the use of secure boot

malkia•5mo ago
Thanks! I've found this https://www.reddit.com/r/Battlefield/comments/1mebjom/tpm_20...
lenerdenator•5mo ago
Anything that runs on an ISA that has certain features has these effects, IIRC.
Eridrus•5mo ago
My understanding was that many of the fixes for speculative execution issues themselves led to performance degradation, does anyone know the latest on that and how this compares?

Are these performance hit numbers inclusive of turning off the other mitigations?

snvzz•5mo ago
There's about one way[0] to fix timing side channels.

The RISC-V ISA has an effort to standardize a timing fence[1][2], to take care of this once and for all.

0. https://tomchothia.gitlab.io/Papers/EuroSys19.pdf

1. https://lf-riscv.atlassian.net/wiki/spaces/TFXX/pages/538379...

2. https://sel4.org/Summit/2024/slides/hardware-support.pdf

eigenform•5mo ago
I'm all for giving programmers a way to flush state, and maybe this is just a matter of taste, but I wouldn't characterize this as "taking care of the problem once and for all" unless there's a [magic?] way to recover from the performance trade-off that you'd see in "normal" operating systems (ie. not seL4).

It doesn't change the fact that when you implement a RISC-V core, you're going to have to partition/tag/track resources for threads that you want to be separated. Or, if you're keeping around shared state, you're going to be doing things like "flush all caches and predictors on every context switch" (can't tell if thats more or less painful).

Anyway, that all still seems expensive and hard regardless of whether or not the ISA exposes it to you :(

snvzz•5mo ago
The research (multiple papers; note they have published and presented more than I linked) they've done prove that hardware help is necessary.

i.e. not about reducing cost, but about being able to kill timing side channels at all.

0cf8612b2e1e•5mo ago
Furthermore, if the OS level mitigations are in place, would the hardware ones be disabled?
bjackman•5mo ago
These numbers are all Vs a completely unmitigated system. AND, this is an extra-expensive version of ASI that does more work than really needed on this HW, to ensure we can measure the impact of the recent changes. (Details of this are in the posting).

So I should probably post something more realistic, and compare against the old mitigations. This will make ASI look a LOT better. But I'm being very careful not to avoid looking like a salesman here. It's better that I risk making things look worse than they are, than risk having people worry I'm hiding issues.

Eridrus•5mo ago
Not sure if you wrote this article and I appreciate an engineering desire to undersell, but if this is faster than what people actually do in practice, then the takeaway is different than if it is slower, so I think you're doing folks a disservice by not comparing to a realistic baseline in addition to an unmitigated one.
gddbvxmm•5mo ago
This week, Google Cloud paid out their highest bug bounty yet ($150k) for a vulnerability that could have been prevented with ASI [0]. Good to see that Google is pushing forward with ASI despite the performance impact, because it would benefit the security of all hosting companies that use Linux/KVM, not just the cloud providers of big tech.

[0] https://cyberscoop.com/cloud-security-l1tf-reloaded-public-c...

WhyNotHugo•5mo ago
When enabling this new protection, could we potentially disable other mitigation techniques which become redundant and therefore re-gain some performance?
bjackman•5mo ago
Yes! The numbers in the posting don't account for this.

Before doing this though, you need to be sure that ASI actually protects all the memory you care about. The version that currently exists protects all user memory but if the kernel copies something into its own memory it's now unprotected. So that needs to be addressed first (or some users might tolerate this risk).