HN Daily HN Daily

HN Daily | May 26, 2026

Today's tech landscape features a mix of security exploits, open-source developments, and reflections on AI's role in coding. Key stories include a $12K AWS API Gateway bypass, a new genomics toolkit in Rust, and a thoughtful essay on using AI to write better code more slowly.

Today's tech landscape is a fascinating mix of security exploits, open-source innovations, and deep reflections on how we work. From a clever AWS API Gateway bypass that netted a $12K bounty to a genomics toolkit that runs on a laptop, there's plenty to dig into. And if you're tired of the 'slop cannon' narrative around AI coding, one essay makes a compelling case for using LLMs to write better code—more slowly.

Security & Exploits

  1. I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty — A security researcher discovered that adding a trailing slash to an AWS HTTP API endpoint bypassed JWT authentication, exposing full account data and even allowing wire transfers. The fintech fixed it the next day, and the researcher walked away with a $12,000 bounty.

  2. Netherlands blocks US takeover of vital digital supplier — The Dutch government has intervened to block a US acquisition of a critical digital infrastructure provider, citing national security concerns. This move signals growing European assertiveness over tech sovereignty.

  3. Exit IP VPN servers mitigation rollout — Mullvad VPN is rolling out a new mitigation against exit IP fingerprinting, which could allow adversaries to correlate VPN traffic across servers. A list of 13 servers now have the fix applied.

AI & Machine Learning

  1. EAGLE 3.1: Collaboration Between the EAGLE Team, vLLM Team, and TorchSpec Team — A major update to the speculative decoding algorithm EAGLE, introducing FC normalization to combat 'attention drift' and improve robustness. In long-context workloads, EAGLE 3.1 achieves up to 2× longer acceptance length compared to its predecessor.

  2. Using AI to write better code more slowly — Nolan Lawson argues that LLMs aren't just for churning out slop; they excel at finding subtle bugs in PRs when used with multiple models and careful validation. His workflow prioritizes quality over velocity, often uncovering pre-existing issues.

  3. Use boring languages with LLMs — A consultant's observation that LLMs produce more reliable code in ecosystems with strong conventions (like Go or Rails) than in fragmented ones (like JavaScript or Python). Consistency in the training corpus leads to better agentic output.

  4. Outsourcing plus local AI will soon become more economical vs. frontier labs — An analysis suggesting that combining outsourced human labor with local AI models will soon undercut the costs of relying on frontier AI labs. A provocative take on the economics of AI development.

Open Source & Tools

  1. Rosalind: A genomics toolkit in Rust running whole-genome pipelines on a laptop — A deterministic genomics engine built in Rust that can run whole-genome workloads in as little as 100 MB of RAM. This could democratize bioinformatics by making it accessible on consumer hardware.

  2. DynIP – Dynamic DNS with RFC 2136, IPv6, DNSSEC, and BYOD — A modern dynamic DNS service that supports RFC 2136 TSIG, 60-second propagation, and IPv6. It works with standard routers like FortiGate and OPNsense, and offers a generous free tier.

  3. Flatpak Will Depend on Systemd — The next major version of Flatpak (2.0) will likely require systemd, moving permission management into a new service called systemd-appd. This has sparked debate in the Linux community, especially among users of non-systemd distributions.

  4. A few interesting modern pixel fonts — A delightful tour of modern pixel fonts, including Analog Mono (fixing VCR OSD Mono's descender issues), Coral Pixels (with baked-in subpixel fringing), and Geist Pixel from Vercel (a production-ready system font).

Programming Languages & Techniques

  1. C array types are weird — A deep dive into the quirks of C array types, including their automatic decay to pointers and the confusion around sizeof. The author proposes a hypothetical @ operator to make array semantics clearer.

  2. Opaque Types in Python — Glyph explains how to use typing.NewType to create opaque data types in Python, allowing libraries to hide internal complexity while maintaining type safety. A practical pattern for evolving APIs.

  3. Performance of Rust Language [pdf] — A slide deck analyzing Rust's performance characteristics, likely comparing it to C and C++. A useful resource for anyone evaluating Rust for systems programming.

Science & Research

  1. Chemistry behind the Garden Grove chemical tank — A Science blog post (currently behind a Cloudflare wall) discussing the chemistry of methyl methacrylate, the chemical involved in a recent tank incident. The post likely explains why the substance is so hazardous.

  2. Dehydration's role in learning and memory — Cold Spring Harbor Laboratory researchers have uncovered how dehydration affects the brain's ability to form new memories. A reminder to drink water before your next study session.

Business & Startups

  1. Dropbox CEO Drew Houston to step down — After 19 years, Drew Houston is stepping down as CEO of Dropbox. The cloud storage pioneer faces a changing landscape, and this leadership change marks the end of an era.

  2. The real cost of owning a home — A software engineer breaks down the true costs of homeownership, from loan fees to insurance and taxes. With 550+ comments, this post clearly struck a nerve—especially the revelation that only 21% of his first mortgage payment went toward principal.

Privacy & Identity

  1. Are we self-sovereign PKI yet? — A thoughtful essay on the failure of public-key infrastructure for people. From Signal's safety numbers to Keybase's demise, the author argues that we still lack a truly self-sovereign way to bind identities to keys.

  2. I Bypassed Adobe and Microsoft to Build a Git-Tracked Book Production Pipeline — A novelist and software developer describes ditching Adobe InDesign and Microsoft Word in favor of LibreOffice, Standard Ebooks, and LaTeX. The result: a fully Git-tracked pipeline for book production.

Closing Thought

Today's stories remind us that the most interesting tech often lives at the intersection of disciplines—security and cloud infrastructure, genomics and Rust, publishing and version control. Whether it's a trailing slash that breaks auth or a 2-pixel-tall font that's somehow readable, the details matter. Stay curious, and don't forget to drink water.