Top stories

  1. Qualcomm to acquire Modular Qualcomm announced 2026-06-24 an agreement to acquire Modular, the company behind the Mojo language and the MAX GenAI serving framework, with the deal expected to close in the second half of 2026 pending regulatory approval. Terms were not disclosed. Modular frames the goal as an open, vendor-neutral software stack that runs AI efficiently across CPU and GPU architectures from edge to cloud; the announcement gives no specifics on what changes for the existing open-source projects.
  2. Anthropic accuses Alibaba of large-scale Claude distillation In a letter to the White House seen by Reuters, Anthropic accused operators it links to Alibaba's Qwen AI lab of illicitly extracting Claude capabilities through distillation, calling it the largest known attack of its kind on the company. Anthropic says the campaign ran 2026-04-22 to 2026-06-05, used almost 25,000 fraudulent accounts to bypass safety controls, and generated more than 28.8 million exchanges, targeting Claude's software-engineering and agentic-reasoning behavior. The figures and characterization are Anthropic's; Alibaba had not publicly responded at the time of reporting.
  3. Google adds computer use to Gemini 3.5 Flash Google made computer use a built-in tool in Gemini 3.5 Flash on 2026-06-24, letting developers build agents that see and act across browser, mobile, and desktop environments rather than calling a separate computer-use model. It is available through the Gemini API with a reference implementation, through the Gemini Enterprise Agent Platform, and via a Browserbase-hosted demo, and adds two enterprise safeguards: explicit user confirmation for sensitive actions and automatic task stoppage when prompt injection is detected. Google shows an OSWorld benchmark chart but did not state numeric results in the post text.
  4. Node.js v26.4.0 adds a virtual file system and TLS certificate compression Node.js published v26.4.0 on the Current line on 2026-06-24. New semver-minor features include a minimal node:vfs subsystem with node:fs/promises dispatch to mounted instances, package maps in the module loader, a certificateCompression option for TLS, caller-supplied buffers in readFile(), and TCPKEEPINTVL/TCPKEEPCNT support in setKeepAlive(). No security fixes were called out in the notable-changes list.
  5. PostHog rewrites its SQL parser in Rust with a coding agent PostHog replaced its ANTLR-generated SQL parser with a hand-written recursive-descent parser with a Pratt expression core, written in Rust, reporting 454x faster parsing on production queries (70x on the author's laptop). The author says Claude Opus 4.7 generated the 16,000+ lines across parallel sessions while they "barely looked at the code," and that correctness came from property-based testing with Hypothesis, coverage-guided test generation, and differential testing against the original ANTLR parser rather than manual review.

AI

  1. OpenAI and Broadcom detail the Jalapeño inference chip OpenAI's first custom inference accelerator, co-designed with Broadcom around OpenAI's LLM serving patterns, drew the top Hacker News thread of the day (545 points). The companies report a roughly nine-month design-to-tape-out, lab engineering samples running ML workloads including GPT-5.3-Codex-Spark, and a performance-per-watt claim said to beat current state of the art (vendor figure, unverified). Initial deployment targets end of 2026 at gigawatt-scale data centers with Microsoft and other partners.
  2. Analyst frames GLM-5.2 as the open-weights step change for agents Nathan Lambert's Interconnects analysis argues GLM-5.2, Z.ai's MIT-licensed 753B-parameter MoE released earlier in June with a 1M-token context, is the open-weights model that makes agentic workflows practical to run outside the major closed labs. The post is independent commentary, not a new release; GLM-5.2's vendor and secondary coding benchmarks remain unreproduced.

ML research

  1. Paper reports low-bit quantization inflates reasoning-model output length A preprint posted 2026-06-25 argues that quantizing reasoning models to low bit widths inflates the number of reasoning tokens they emit, so the extra generation length partly offsets the memory and bandwidth savings quantization is meant to deliver. The authors present this token inflation as a hidden cost not captured by accuracy-at-fixed-budget comparisons. Results are the authors' own and not independently reproduced.

Agentic coding

  1. RubyLLM offers one Ruby API across major AI providers RubyLLM, a Ruby framework presenting a single interface to OpenAI, Anthropic, Gemini, and other providers, reached the Hacker News front page at 347 points. It targets Ruby and Rails applications that want chat, tool use, and streaming without provider-specific client code.

Security

  1. LastPass confirms customer data exposed in Klue supply-chain breach LastPass confirmed on 2026-06-23 that Salesforce customer data, including names, phone numbers, email and physical addresses, and the contents of support cases, was accessed after OAuth tokens were stolen in a breach of Klue, a third-party market-intelligence platform. LastPass says its products, infrastructure, and password vaults were not affected. The Klue compromise, claimed by the Icarus extortion group through compromised legacy integration credentials, also hit Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. The Hacker News thread reached 309 points.
  2. Researcher details exploited vulnerabilities in Johnson & Johnson web apps A security researcher published a 2026-06-24 write-up describing access-control and logic flaws found in Johnson & Johnson web applications, with the analysis framed as coordinated research rather than active in-the-wild exploitation. No CVE or vendor advisory is attached to the post.

Developer tools

  1. Post argues crates.io should not depend on GitHub for publishing A widely shared post (154 points on Hacker News) argues that crates.io requiring a GitHub account to log in and obtain a publishing token makes the Rust package registry depend on a single commercial identity provider. crates.io has long stated GitHub login is required "for now" and has been adding alternatives such as trusted publishing via OIDC from CI; GitHub remains the only interactive login method.
  2. Tigris backs Git on object storage with objgit Tigris published objgit, an experiment that implements Git's object and reference storage directly on top of object storage so a bucket can serve as a Git remote. The post walks through mapping Git's content-addressed objects and refs onto S3-style operations.
  3. Minimus makes its minimal container images free Minimus announced free access to its catalog of minimal, hardened container base images, positioned as a reduced-attack-surface alternative to standard distribution base images. The claims are the vendor's; image contents and CVE posture warrant independent verification before adoption.
  4. Cloudflare opens self-managed OAuth clients to all customers Cloudflare published a 2026-06-24 post making self-managed OAuth clients available to all customers, letting developers create and manage their own OAuth applications for delegated access to the Cloudflare API instead of relying on long-lived API tokens. The flow supports user consent, scoped permissions, and token revocation, and targets SaaS integrations, internal developer platforms, and agentic tools. The capability was previously limited to a small set of manually onboarded integrations.

Languages and runtimes

  1. LuaJIT proposes syntax extensions for a 3.0 line A LuaJIT issue lays out proposed syntax extensions under discussion for a possible LuaJIT 3.0, opening debate over how far LuaJIT should diverge from upstream Lua. It is a proposal and discussion thread, not a committed change.

Apple platforms

  1. Workaround forces screen capture to fix MacBook cursor lag A widely shared gist (211 points) documents a workaround for cursor lag on recent MacBooks that periodically records a single pixel of the screen every ten seconds, apparently keeping a display or power path active enough to avoid the stutter. It is a practitioner hack, not an Apple-confirmed fix or diagnosis.

Infrastructure

  1. Bunny DNS drops usage-based pricing and becomes free Bunny.net announced 2026-06-24 that it is removing all usage-based charges from Bunny DNS, offering free authoritative DNS hosting for up to 500 domains per account with no query limits or per-request billing. The free tier includes DNSSEC (NSEC Black Lies), full IPv6, advanced record types (HTTPS, SVCB, TLSA, CDS, CDNSKEY), smart records, health monitoring, automatic zone scanning for migrations, and one-click CDN and Bunny Shield integration. Accounts remain subject to the standard $1/month minimum platform spend, but DNS itself no longer incurs usage charges. The thread reached 870 points, the highest-discussed Hacker News item of the day.
  2. NVIDIA describes 45C warm-water cooling to cut data center water use An NVIDIA post (200 points) describes a liquid-cooling design for AI data centers that uses 45C supply water, which it says removes the need for evaporative cooling and cuts on-site water use to near zero. The figures are NVIDIA's and presented as design claims for its reference AI-factory cooling.

Engineering posts

  1. Practical guide to SSH local and remote port forwarding A hands-on tutorial on SSH tunnels covering local and remote port forwarding returned to the front page at 282 points. It is an evergreen reference with interactive examples rather than new research.

Markets and companies

  1. Elastic lays off about 7% of its workforce Elastic CEO Ash Kulkarni announced a layoff of roughly 7% of employees in a 2026-06-24 message to staff. The post frames the cut as a reprioritization rather than tying it to a specific product line.

Hacker News

  1. John Carmack reflects on early-career mistakes A thread by John Carmack reflecting on things he counts as mistakes from his early career reached 495 points on Hacker News. It is personal retrospective rather than a technical release.
  2. Greptile likens AI pull-request spam to early-2000s email spam A Greptile post (183 points) argues that the wave of low-quality AI-generated pull requests now hitting open-source projects resembles the email-spam dynamics of the early 2000s, and discusses filtering approaches. It draws on the maintainer-burden theme around AI-generated contributions.
  3. Show HN: Nub, a purely additive Bun-like toolkit for Node.js A Show HN for Nub, a Node.js toolkit by Colin McDonnell (author of Zod), reached 222 points. Rather than replacing the runtime like Bun, Nub wraps the standard node command with a preload hook to add oxc-powered TypeScript transpilation, custom module resolution, and polyfills such as Worker and Temporal, plus script and package runner helpers, while introducing no Nub-specific APIs, config, or environment variables. The author cites a --require hook with about 0.5ms overhead against 4.6ms for --import, using Node's synchronous module.registerHooks() API.
  4. Ford rehires quality inspectors after AI fell short A Bloomberg report that Ford has been rehiring quality inspectors after an AI-based system fell short reached 342 points on Hacker News, where the thread reframed it as AI failing to preserve expertise or train junior staff. The discussion centered on the limits of replacing experienced workers with automation rather than on any specific engineering release. The Hacker News title says "350 engineers"; the Bloomberg report describes quality inspectors.