Top Stories

The Newest Instagram “Exploit” Is the Goofiest I’ve Seen

1868 points · 0xsid.com

A security researcher walks through a Meta account-takeover flaw so absurdly simple that the writeup reads more like comedy than vulnerability disclosure. The story rocketed to the top of HN because it taps a recurring theme the community loves: a trillion-dollar company shipping a bug that a curious teenager could have stumbled into. Beyond the laughs, it’s a pointed reminder that account-recovery and identity flows remain some of the most under-tested surfaces at scale, and that “boring” auth plumbing is where the scariest bugs hide.

Can the Stock Market Swallow Anthropic, SpaceX and OpenAI?

405 points · economist.com

The Economist asks the question on every investor’s mind: as the largest private tech companies barrel toward eventual public markets, can equity markets actually absorb valuations this enormous without distortion. It pairs neatly with another front-page item — Michael Burry of “Big Short” fame arguing that neither SpaceX nor Anthropic is worth $1T. HN’s interest is half financial-bubble anxiety, half genuine debate over whether AI’s revenue can ever justify the capital being poured in.

CS336: Language Modeling from Scratch

478 points · cs336.stanford.edu

Stanford’s hands-on course on building language models from the ground up — tokenizers, architectures, training, the whole pipeline — struck a nerve with engineers tired of treating LLMs as black boxes. The appeal is that it’s genuinely from-scratch rather than another “call this API” tutorial. A companion item, the course’s AI-agent coding guidelines (a CLAUDE.md spelling out how students may and may not use AI assistants), drew its own large thread about academic integrity in the agent era.

OpenAI Frontier Models and Codex Now Available on AWS

284 points · openai.com

OpenAI’s models and its Codex coding agent landing on AWS is a notable distribution shift, given OpenAI’s long-standing Microsoft/Azure alignment. For developers it means easier access to frontier models inside existing AWS stacks; for industry watchers it’s a signal that the model layer is commoditizing and providers want to be everywhere their customers already are. The comment thread dug into pricing, lock-in, and what this means for the Azure exclusivity narrative.

Florida Sues OpenAI and Sam Altman Over AI Risks

238 points · politico.com

Florida has filed suit against OpenAI and CEO Sam Altman over alleged AI-related harms, marking another front in the widening legal and regulatory pressure on frontier labs. HN’s discussion split between those who see legitimate accountability questions and those wary of state-by-state litigation becoming a patchwork that’s hard to comply with. Either way, it underscores that the regulatory bill for the AI boom is now coming due in courtrooms.

Alphabet Announces $80B Equity Capital Raise to Expand AI Infrastructure

205 points · abc.xyz

Alphabet is raising a staggering $80B in equity to fund AI infrastructure and compute — a number that says everything about the scale of the current buildout. For a company that famously throws off cash, tapping equity markets this aggressively signals just how capital-hungry the compute arms race has become. The thread connected it to the broader bubble debate: are these investments laying durable infrastructure or chasing a peak.

Age Verification for Social Media: The Beginning of the End for a Free Internet?

290 points · mullvad.net

Privacy-focused VPN provider Mullvad argues that mandatory age-verification laws sweeping across jurisdictions amount to backdoor identity requirements that erode anonymous use of the internet. It’s catnip for HN’s privacy-minded crowd, who see “think of the children” framing as a wedge for broader surveillance. The piece raises the hard technical question nobody has answered well: how do you verify age without building a real-name identity layer over the whole web.

Should You Normalize RGB Values by 255 or 256?

275 points · 30fps.net

A deceptively deep dive into a question graphics programmers argue about constantly: when converting 8-bit color to floating point, do you divide by 255 or 256. The answer turns out to depend on what you’re optimizing for — exact endpoints versus uniform bucket widths — and the post lays out the tradeoffs with the kind of rigor HN adores. It’s the platonic ideal of a front-page technical post: small question, surprisingly rich answer.