Hacker News Reader: Top @ 2026-03-24 11:34:55 (UTC)

#1 Microsoft's "Fix" for Windows 11: Flowers After the Beating (www.sambent.com) §

summarized

172 points | 125 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Windows 11 Backslide

The Gist: The article argues that Microsoft is treating its 2026 Windows 11 “fix” as redemption while only backing away from the most visible annoyances. It says the company spent years adding Copilot, ads, account lock-in, Recall, OneDrive nudges, telemetry, and other hostile defaults, then is now promising “fewer ads” and cleaner UI while leaving the underlying surveillance and lock-in model intact. The piece frames this as taking a foot off users’ necks, not a genuine reversal.

Key Claims/Facts:

Visible bloat was added first: Copilot, ads, and UI clutter were injected across Windows surfaces over the last few years.
Core lock-in remains: Microsoft account requirement, telemetry, OneDrive sync, and other data-collection defaults are described as still in place.
The “fix” is partial: The announced plan targets headline-grabbing UI issues, not the deeper business model or privacy concerns.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously Optimistic about the fact that Microsoft is backing off some changes, but mostly skeptical and angry that the company is only undoing the most obvious damage.

Top Critiques & Pushback:

Microsoft is only fixing the optics: Several commenters say the company is removing visible annoyances while leaving telemetry, forced accounts, OneDrive behavior, and lock-in untouched (c47500744, c47500721, c47501161).
Enshittification and monopoly power: People argue this is a predictable pattern of gradually pushing users to the limit, made worse by Microsoft’s market position and weak regulatory constraints (c47500721, c47500985, c47501045).
Alternatives are limited in practice: Some note that users often don’t have a real choice once software compatibility, gaming, or work requirements are factored in, even if they dislike Windows (c47501108, c47501060, c47500920).

Better Alternatives / Prior Art:

Linux laptops / preinstalled systems: Users point to System76, Tuxedo, Framework, Fedora Atomic, and Bazzite as escape routes, though setup and app compatibility remain barriers (c47501053, c47500832, c47501085).
Mac or second-hand hardware: A few suggest macOS hardware or buying used machines to avoid Windows license costs and bloat (c47500961, c47500894).
Other chat/platform tools: In the Teams subthread, some prefer Slack/Zoom, while others defend Teams on cost grounds or because of network effects (c47500782, c47500809, c47501149).

Expert Context:

This isn’t new behavior: Commenters tie Microsoft’s conduct to a long history of browser wars, GWX forced upgrades, antitrust fights, and ongoing bundling tactics, arguing that the current situation is continuity rather than a sudden decline (c47500739, c47501004, c47500984).

#2 Opera: Rewind The Web to 1996 (Opera at 30) (www.web-rewind.com) §

summarized

68 points | 37 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Opera’s Web Time Machine

The Gist: Opera’s anniversary site is an interactive “rewind” through 30 years of web history, spanning yearly snapshots from 1995 to 2025. Users move through the experience by holding Spacebar or tapping, and each year appears to present a different artifact, visual scene, or animation. The page also invites people to submit memories for a chance to win a trip.

Key Claims/Facts:

30-year timeline: The experience covers years 1995 through 2025 as clickable/scrollable milestones.
Interactive navigation: Progressing requires holding Spacebar or tapping, rather than ordinary scrolling.
Memory submission promo: The site includes a call to “Submit your memory to win a trip.”

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously nostalgic, but broadly skeptical of the marketing and of Opera’s modern browser identity.

Top Critiques & Pushback:

Marketing over substance: Several commenters describe the page as “marketing fluff” or gimmicky, preferring a more substantive anniversary gesture like open-sourcing Opera instead (c47500569, c47500478).
Modern Opera disappointment: Longtime users say the browser lost what made it special after switching away from Presto and becoming Chromium-based; they frame the current product as effectively a different browser sharing the name (c47500348, c47500531, c47500946).
Privacy/trust concerns: One thread argues Opera’s marketing is soulless and raises suspicion about data sent to Chinese servers; another commenter challenges the accusation as unsupported, prompting a link to an external investigation (c47500200, c47500581, c47500997, c47501070).

Better Alternatives / Prior Art:

Vivaldi: Multiple commenters call Vivaldi the spiritual heir to classic Opera, though they note it is also Chromium-based (c47500319, c47500541, c47500518).
Otter Browser: Mentioned as another browser that tries to preserve the old Opera tradition (c47500367).
OldWeb.today: Suggested as a more meaningful way to celebrate web history because it uses archived pages and old browsers rather than brand nostalgia (c47500569).

Expert Context:

Classic Opera features remembered fondly: Users recall mouse gestures, small footprint, strong performance on weak hardware, built-in features, and early support for web capabilities like PNG alpha transparency; Opera Mini also gets a nostalgic mention for proxy-based browsing on slow connections (c47500756, c47500282, c47500963, c47500348).
Practical usage notes: A few commenters explain how to interact with the site—hold Spacebar, or use the mobile hold-to-rewind control—and note that ad blockers or consent banners may interfere (c47500145, c47500173, c47500258, c47500387).

#3 Box of Secrets: Discreetly modding an apartment intercom to work with Apple Home (www.jackhogan.me) §

summarized

161 points | 49 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Hidden Home Intercom Hack

The Gist: The post describes how the author and a friend turned an apartment building’s Doorking intercom/gate system into an Apple Home controllable unlock button. After the intercom’s cellular voice function broke, they found a hidden junction box, identified the solenoid control line, and inserted an ESP32 relay board plus a power converter. The device runs Matter firmware in Rust, appears in Apple Home, and unlocks the gate only for a limited time for safety.

Key Claims/Facts:

Bypassing the gate control line: They found they could drive the solenoid directly from the junction box instead of reverse-engineering the whole intercom.
ESP32 + Matter integration: The relay board is controlled by an ESP32 running Matter firmware, so it can be paired with Apple Home.
Self-limiting unlock behavior: The software unlocks the gate only briefly and then relocks it, avoiding indefinite access.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic — people enjoy the cleverness, but many prefer simpler or more reliable solutions.

Top Critiques & Pushback:

Janky vs. dependable: Several commenters praise the hackiness but say it’s better as a playground project than a family-critical solution; reliability and maintenance are concerns (c47500212, c47499044).
Powering the device is tricky: One commenter notes a homebrew ESP solution became unusable because of power draw, and another points out that tapping building power can be ethically/legal risky if it looks like “stealing electricity” (c47500212).
Home intercom features are unreliable: People complain that HomePod Mini / Google Home intercom-style features often fail or provide poor diagnostics, making custom hacks or simpler mechanisms appealing (c47499254, c47500043).

Better Alternatives / Prior Art:

Commercial intercom adapters: Nuki Opener, Doorman, and similar products are mentioned as existing solutions for compatible systems (c47500212, c47500566).
Simpler physical automation: SwitchBot-style finger robots are suggested as an easier way to press the intercom button without rewiring (c47499921, c47500574).
Phone/voicemail workaround: One commenter describes a much simpler setup using a landline, voicemail tone playback, and a smart plug to enable/disable entry (c47500383).

Expert Context:

Old systems often have weak points: Commenters note that many apartment intercoms or access systems can be overridden by reverse engineering, adding relays, or mimicking signals, which is why some buildings have had to replace older Doorking-style hardware (c47499504, c47499044).
Home Assistant is a common bridge: A few commenters point to Home Assistant, Asterisk, or Home Assistant Voice as more flexible glue for custom home audio/intercom setups (c47500117, c47499352, c47499357).

#4 Log File Viewer for the Terminal (lnav.org) §

summarized

168 points | 21 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Terminal Log Viewer

The Gist: lnav is a terminal-based log viewer that merges, tails, searches, filters, and queries log files without any server or setup. It auto-detects formats, can unpack compressed files on the fly, and includes help/preview features to make it easier to use. The project emphasizes performance and claims it can handle large logs efficiently, including a SQLite-based query interface.

Key Claims/Facts:

Automatic log handling: Point it at a directory and it detects formats and loads logs, including compressed files.
Terminal workflow: Supports merge/tail/search/filter/query from the terminal, with built-in help and previews.
Performance focus: Presents itself as faster and lighter than standard tools on large logs, with documented memory/CPU comparisons.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic; most commenters think lnav is genuinely useful, with a few practical caveats.

Top Critiques & Pushback:

Security / trust boundary: One user warns that viewing untrusted logs in a C++ program could be an attack vector, especially for logs containing attacker-controlled content (c47501125).
Memory usage: A past concern was that lnav used a lot of RAM because it kept everything in memory; another commenter says the current site suggests memory use is now more reasonable, but still notes that some in-memory context is needed for speed/features (c47499730, c47499843).
Deployment friction for GUIs: A commenter says GUI log viewers can be inconvenient on servers because they may need a heavy install on the machine where the logs live (c47500556).

Better Alternatives / Prior Art:

klogg: Suggested as a strong GUI alternative for large log files, with fast search and a clean Qt interface (c47500494).
Grafana-style log browsing: One user says they want a “TUI Grafana” for JSON logs; another mentions lnav feels cleaner and lighter than using Grafana for docker/microservice logs (c47499185, c47500455).
CLI pipelines / related tools: People mention vnlog + feedgnuplot for console-based data shaping/plotting, and Kelora as a flexible log processor with scripting (c47499256, c47499507).

Expert Context:

Historical longevity: A commenter notes the project has existed since 2009 and recalls using it years ago to monitor web servers, underscoring that it’s a long-lived tool with a mature history (c47499235).
Performance framing: The homepage’s benchmark and memory chart are cited as evidence that modern lnav aims for a practical balance between capability and resource use (c47499843).

#5 Ripgrep is faster than grep, ag, git grep, ucg, pt, sift (2016) (burntsushi.net) §

summarized

73 points | 34 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Ripgrep Benchmarks

The Gist: The article introduces ripgrep (rg) as a fast, cross-platform code search tool written in Rust, then backs that claim with extensive benchmarks against grep, ag, git grep, ucg, pt, and sift. It argues that ripgrep combines smart default filtering like ack-style tools with grep-like performance, largely through efficient directory traversal, ignore-file handling, literal optimizations, SIMD-assisted searching, and a regex engine that supports Unicode without a large speed penalty.

Key Claims/Facts:

Hybrid search design: ripgrep combines recursive, ignore-aware file selection with fast byte-oriented searching, aiming to be good on both large codebases and single large files.
Regex and literal optimizations: it extracts literals, uses SIMD-friendly strategies like Teddy/Aho-Corasick-style matching, and builds UTF-8 handling into its automata for fast Unicode support.
Memory maps are situational: the article argues mmap is slower for many small files but can help for single large files, so ripgrep switches strategies based on workload.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Enthusiastic. Most commenters praise the article and ripgrep itself, with a few practical notes about defaults, edge cases, and tooling tradeoffs.

Top Critiques & Pushback:

Defaults can surprise users: One commenter describes a scary case where rg missed text that grep found, likely due to default ignore/hidden-file behavior rather than a true bug, and others point out the need to use -u, -uu, or --debug when searching ignored or dotfiles (c47500465, c47500514, c47501071, c47501118).
Indexing has maintenance costs: In response to a later Cursor post about indexing for agent search, commenters argue that ripgrep is already extremely fast on many real codebases and that building/maintaining an index can outweigh the benefit unless the corpus is huge (c47500557, c47501162).

Better Alternatives / Prior Art:

grep vs. git grep vs. rg: Commenters distinguish “search everything” grep from codebase-oriented git grep, saying ripgrep sits awkwardly between them unless its ignore semantics are explicit (c47501118).
Other tools and ports: People mention related tools or reimplementations like a Rust-based alternative (grip-grab), a newer lightweight ripgrep-like tool (gg), and even a Zig port in jest (c47501055, c47500460, c47501046).

Expert Context:

Why ripgrep matters for agents: One comment frames rg as a key primitive for LLM agents working in codebases, because fast, reliable search is what makes “smart” code navigation practical (c47500650).
Historical/technical side notes: A port of ripgrep to IRIX is celebrated, and another commenter explains how old-platform revival work can benefit from modern tooling and LLM-assisted reverse engineering (c47500641, c47500993).

#6 No-build, no-NPM, SSR-first JavaScript framework if you hate React, love HTML (qitejs.qount25.dev) §

summarized

34 points | 18 comments

Article Summary (Model: gpt-5.4-mini)

Subject: HTML-First JS Framework

The Gist: Qite.js is a small, SSR-first JavaScript framework for people who want to avoid React-style abstraction, npm, and build steps. It treats the real DOM as the source of truth, updates it directly instead of using a virtual DOM, and lets developers attach behavior to server-rendered HTML. It also adds built-in fields, flags, declarative display states, and an explicit event model to keep UI logic structured without compiling templates or mixing markup into JS.

Key Claims/Facts:

DOM-first, not VDOM: Components bind to existing HTML elements and manipulate the live DOM directly, with no diff/reconciliation layer.
SSR-first workflow: Pages can be rendered on the server, then enhanced on the client; the framework can also support small SPA sections or full SPAs.
Structured state model: Qite introduces fields for structured values, flags for boolean UI state, declarative state rules, and role-based events for parent/child component coordination.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic, but many commenters think the marketing is polarizing and the framework overlaps with existing simpler tools.

Top Critiques & Pushback:

“Hate React” is bad branding: Several users object to framing the project as anti-React rather than use-case driven, calling it emotionally loaded or too shallow as a technical pitch (c47500588, c47500593, c47500763).
Complexity may just move around: Some argue the framework still needs abstractions, and that a lot of frontend pain comes from poor data modeling rather than reactivity itself (c47501128, c47500867).
Build steps aren’t the real problem: One commenter says minification/tree-shaking are normal and easy with modern tools, so “no build” is less compelling than it sounds (c47500765).

Better Alternatives / Prior Art:

Alpine.js / htmx / Web Components: Users compare Qite to Alpine and htmx for the same no-build, SSR-friendly niche, and suggest Web Components plus signals for a more standard path (c47500526, c47500765).
XState: The field/flag state model reminded one commenter of state machines, which they found more intuitive (c47500600).
LAMP + jQuery: A skeptical commenter says they’d rather stick with a simple traditional stack (c47501098).

Expert Context:

Immediate rendering analogy: A few commenters from game-dev/immediate-mode UI backgrounds praised the mental model of rendering directly from state and avoiding reactive complexity, though they note the browser DOM makes this less straightforward than in a custom engine (c47500981, c47500974, c47501022).

#7 BIO – The Bao I/O Co-Processor (www.crowdsupply.com) §

summarized

49 points | 13 comments

Article Summary (Model: gpt-5.4-mini)

Subject: RISC I/O Co-Processor

The Gist: BIO (“Bao I/O”) is an I/O co-processor built around multiple compact RV32E PicoRV32 cores, each with special blocking registers for FIFOs, timing quanta, GPIO control, and events. The design aims to provide deterministic, cycle-accurate I/O handling with standard RISC-V tooling, while trading away some of the PIO’s single-instruction convenience for better area efficiency, larger private code memory, and more general-purpose software-driven protocols. It also includes an optional BDMA path for controlled memory access and a C-to-Rust macro workflow for writing BIO programs.

Key Claims/Facts:

Blocking registers: Reads/writes to selected high-bank registers stall execution on FIFO empty/full conditions or until a quantum/event occurs.
Parallel cores + FIFOs: Multiple cores can cooperate through shared FIFOs and event bits to implement DMA and bit-banged protocols.
Trade-offs vs PIO: BIO uses simpler instructions and more code space, aiming for smaller area and higher clock rate, but often needs more instructions per task than PIO.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic, with strong technical interest but some skepticism about the timing model and efficiency trade-offs.

Top Critiques & Pushback:

Cycle-counting concern: Several commenters worry that “snap to quantum” still amounts to cycle counting, just at a larger granularity, and that compiler changes could affect correctness (c47474819, c47501011, c47500176).
Performance efficiency: One commenter argues BIO may be smaller and faster in clock rate, but less efficient per clock, so it may need very high clocks to match simpler PIO use cases like SPI (c47485747).

Better Alternatives / Prior Art:

PIO and custom state machines: Some suggest the original PIO approach may still be better for ultra-tight bit-banging, especially when binary compatibility is not required (c47474819).
Streaming Semantic Registers: A commenter connects BIO’s FIFO/register model to RISC-V “Streaming Semantic Registers,” noting similar code-density and decoupling benefits (c47470913).

Expert Context:

Hard real-time framing: Commenters emphasize that BIO’s timing model is really a hard-real-time system, similar in spirit to audio buffering where worst-case latency matters more than average latency (c47499859).

#8 MSA: Memory Sparse Attention (github.com) §

summarized

14 points | 1 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Sparse Memory Attention

The Gist: MSA is a proposed long-context memory architecture that combines sparse attention, document-wise positional encoding, and compressed KV memory to scale an LLM to very large contexts. The project claims end-to-end trainability, near-linear scaling, and inference on up to 100M tokens by separating routing from content storage and fetching only selected memory blocks.

Key Claims/Facts:

Sparse routing + compressed memory: The model pools document states, scores them with a router, and selects Top-k documents before decoding.
Document-wise / global RoPE: Positioning is reset per document for memory encoding while preserving causal order in the active context.
Memory Parallel inference: Routing keys stay sharded for scoring, while compressed content K/V are kept in host memory and fetched on demand for throughput.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously Optimistic.

Top Critiques & Pushback:

Product fit / overgeneralization: One commenter reframes the value proposition as being more useful when models are adapted to specific domains and tools, rather than aiming for generic “write Shakespeare” capability (c47500864).

Better Alternatives / Prior Art:

Domain-specific model tooling: The only substantive discussion suggests the future likely lies in framework- or task-specific tools for models, implying specialized workflows may matter more than raw long-context capacity (c47500864).

#9 iPhone 17 Pro Demonstrated Running a 400B LLM (twitter.com) §

summarized

634 points | 281 comments

Article Summary (Model: gpt-5.4-mini)

Subject: iPhone LLM Demo

The Gist: A Twitter demo claims an iPhone can run a roughly 400B-parameter LLM at about 0.6 tokens/second. The post appears to showcase a proof-of-concept rather than a practical mobile deployment: the achievement relies on aggressive compression and memory/weight streaming, not on fitting the whole model comfortably in RAM. The headline is meant to demonstrate that very large models can be made to execute locally on phone hardware under extreme constraints.

Key Claims/Facts:

Phone-side inference: The video/post shows an iPhone running a very large model locally, albeit slowly.
Constraint-heavy implementation: The demo likely depends on MoE sparsity, quantization, and streaming weights instead of holding everything in memory.
Proof of concept: The emphasis is on feasibility and engineering tricks, not usability or throughput.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously Optimistic.

Top Critiques & Pushback:

The headline is misleading without the MoE caveat: Several commenters argue that calling it a “400B model on a phone” hides the fact that only a subset of experts is active per token, so the effective compute is much smaller (c47490576, c47490594, c47499222, c47499381).
It’s impressive but not practical: People repeatedly note that the demo is slow, latency-heavy, and likely throttled by storage bandwidth and thermals; one commenter calls it a proof-of-concept rather than something usable (c47500410, c47493446, c47492962).
Quantization and quality trade-offs: Users point out that extreme quantization and other tricks can degrade output quality, and that local demos at this size are more a stunt than a real workflow (c47493162, c47492996, c47496808).

Better Alternatives / Prior Art:

Apple’s “LLM in a flash” / SSD streaming: Multiple commenters connect the demo to Apple’s earlier work on streaming weights from storage, and to similar weight-streaming systems from other vendors (c47490489, c47490611, c47491470).
Related streaming tech in graphics/games: People compare the approach to DirectStorage/RTX IO and game-engine streaming of textures/geometry, suggesting the same memory-vs-I/O pattern (c47491639, c47497703).
Smaller local models are more realistic: Some suggest that on a 64GB Mac or a phone, smaller MoE or non-MoE models are still the sensible choice for actual use (c47492441, c47492996, c47493162).

Expert Context:

MoE detail matters: A knowledgeable thread explains that only 4 or 10 experts may be selected from hundreds per layer, so the demo’s memory footprint is much lower than the headline number suggests (c47492440, c47492026).
Thermals are a real bottleneck: Users with tablets/phones running local LLMs report rapid heating and throttling, reinforcing that hardware limits are still central (c47492962, c47495265).
Broader implication: Some commenters see this as evidence that local/open-weight models on personal devices will keep getting better, while others think training still requires massive cloud compute and this doesn’t change that (c47499743, c47500983, c47500179).

#10 Autoresearch on an old research idea (ykumar.me) §

summarized

375 points | 83 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Autoresearch on eCLIP

The Gist: The author retrofitted Karpathy’s autoresearch loop onto an old eCLIP research codebase and let Claude Code iteratively edit, train, and evaluate a single-file training loop. The agent worked inside a sandbox, used a scratchpad for memory, and explored phases from basic hyperparameter tuning to architectural tweaks and “moonshot” ideas. The biggest gain came from fixing a temperature clamp bug; later gains were mostly from tuning. The author reports 42 experiments, a large drop in validation mean rank, and limited success on more speculative changes.

Key Claims/Facts:

Closed-loop research: The setup was: modify train.py, run short training/eval cycles, keep or revert changes, and record progress in scratchpad.md.
Sandboxed autonomy: Claude Code was restricted to editing and running a controlled script, with no network access or arbitrary Python execution.
Results and limits: Simple fixes and hyperparameter tuning helped most; architectural and moonshot ideas mostly failed, and the author concludes the method works best when the search space is clearly defined.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic, but with strong skepticism that this is anything beyond LLM-assisted hyperparameter search in a nicer wrapper.

Top Critiques & Pushback:

It’s mostly just HPO / evolutionary search: Several commenters argue the repo is basically hyperparameter tuning or a linear mutate-test-revert loop, not a fundamentally new research method (c47493957, c47493988, c47494206, c47494335).
Cost and compute can dominate quickly: Even if the loop is useful, people note that many failed trials become expensive fast, especially when experiments take hours or cost real cloud money (c47494230, c47494839, c47494856).
Production risk and inscrutability: Some push back on “moving faster” as a good metric, arguing that LLM-generated features can be hard to understand, brittle, or unsafe in real systems (c47493989, c47494939).

Better Alternatives / Prior Art:

Optuna / skopt / traditional AutoML: Users repeatedly point to established hyperparameter-optimization tools as better choices if the task is mostly parameter search (c47494514, c47495685, c47499092).
Evolutionary / ES-style methods: A few commenters frame autoresearch as an LLM-powered evolutionary algorithm and suggest it should borrow more from evolutionary search, novelty archives, and crossover methods (c47494335, c47494425, c47495195).
Broader prior work: Others note that similar efforts already exist in more sophisticated forms, citing AutoML history and newer automated research systems/benchmarks (c47498739, c47495015).

Expert Context:

Accessibility matters: One thread argues that the value is not novelty but usability: autoresearch is easy to apply to any problem with a verifiable reward signal, which may matter more than the underlying algorithm (c47500222, c47500357).
Persistent working memory helps: The scratchpad.md idea gets praise as an underrated but important part of making experiment loops debuggable and tractable (c47500341).
Practical framing: Some commenters say LLMs are useful when they can exploit prior art and common-sense heuristics, but the gains look strongest in narrow, well-bounded search spaces rather than open-ended “research” (c47494736, c47494161).

#11 FCC updates covered list to include foreign-made consumer routers (www.fcc.gov) §

fetch_failed

337 points | 224 comments

⚠️ Page was not fetched (no row in fetched_pages).

Article Summary (Model: gpt-5.4-mini)

Subject: Routers on the Covered List

The Gist: Based on the discussion, the FCC action appears to add foreign-made consumer routers to the agency’s Covered List, meaning new equipment authorizations are restricted unless a manufacturer gets conditional approval. Commenters say the policy is aimed at national-security risk from router vulnerabilities and supply-chain concerns, but the exact scope of “produced in foreign countries” is unclear from the thread alone. This is an inference from comments, since no page text was provided.

Key Claims/Facts:

Conditional approval path: Manufacturers may still be able to sell routers if they obtain FCC equipment authorization through a conditional approval process and provide supply-chain/software details.
Foreign-made default restriction: The change is described as blocking new foreign-made consumer routers by default while leaving previously approved models and existing owners unaffected.
Security framing: The policy is justified as reducing risk from vulnerable consumer routers and possible state-sponsored compromise, though commenters dispute whether country of manufacture is the real issue.

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Skeptical, with a minority seeing the move as a reasonable security step.

Top Critiques & Pushback:

Security problem is broader than nationality: Many argue router insecurity is mainly caused by industry-wide bad firmware, short update windows, and poor incentives, not foreign manufacture (c47496324, c47497065, c47498252).
Policy seen as protectionism or pay-to-play: A large thread suspects the conditional-approval process will be abused for bribery, tariffs-by-another-name, or domestic industry favoritism rather than genuine security enforcement (c47496404, c47496748, c47496634, c47496573).
Bans don’t fix patching and lifecycle issues: Several commenters say the real fix is longer support, auto-updates, source escrow, or liability—not banning imports; others note most users will never flash firmware themselves (c47499053, c47499531, c47497239, c47498998).
Open firmware helps, but is not enough: Users who favor open firmware or OpenWRT still say consumer replacement is too hard for average buyers and only partially addresses the problem (c47497065, c47497584, c47496264).

Better Alternatives / Prior Art:

OpenWRT / community firmware: Frequently cited as the best practical firmware alternative, especially for users who can flash it immediately (c47496449, c47497502).
Mandatory updates / auto-update regimes: Commenters suggest requiring long-term support or automatic updates by default, possibly enforced at the ISP or certification level (c47499053, c47499531, c47500302).
Open or auditable firmware: Some propose requiring source availability and third-party audits rather than outright bans, analogous to safety certification in physical products (c47496226, c47499477).

Expert Context:

Regulatory scope: One commenter notes the FCC’s role is mainly spectrum/equipment authorization, while the FTC’s consumer-protection role is about deceptive practices—not general software security—so the legal basis matters (c47497324, c47497863).
EU precedent: Another points to the EU Cyber Resilience Act as a more direct attempt to mandate baseline digital-product security, including automatic updates and vulnerability checking (c47500778).

#12 Show HN: Cq – Stack Overflow for AI coding agents (blog.mozilla.ai) §

summarized

155 points | 62 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Agents Need Shared Memory

The Gist: Mozilla AI’s cq is an open-source prototype for a shared knowledge commons for coding agents. The idea is to let agents query prior learnings, contribute new ones, and build trust over time so they stop relearning the same environment-specific problems. The post frames it as “Stack Overflow for agents,” with plugins, an MCP server, a team API, and human review workflows already in a working PoC.

Key Claims/Facts:

Shared knowledge base: Agents can query “knowledge units” before doing unfamiliar work and propose new ones after learning something useful.
Trust and confidence: Knowledge is meant to gain weight through confirmations, reputation, and trust signals rather than static docs.
Open PoC: The project is open source and available with integrations for Claude Code, OpenCode, and local/team deployments.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic, but with strong skepticism about security and trust if this becomes a public commons.

Top Critiques & Pushback:

Poisoning / supply-chain risk: Many commenters worry a public agent knowledge base would be easy to game with malicious or low-quality “knowledge units,” including bad install instructions or backdoor-like advice (c47496687, c47497534, c47499441).
Trust is the hard problem: People repeatedly ask how dangerous claims would be detected and how agents would know which sources to trust without a robust anti-sybil mechanism (c47496687, c47500084, c47499574).
Documentation reliability: One thread argues AI-generated step logs are too hallucination-prone to be a dependable basis for later reuse; another says modern agents can record and replay logs well enough, so this is not fundamental (c47499661, c47500853, c47499793).

Better Alternatives / Prior Art:

Internal/company-scoped use: Several commenters think the idea is much safer and more useful inside one organization or trusted group than as a public Stack Overflow-style site (c47496640, c47501017, c47499095).
Existing trust frameworks: Users point to Personalized PageRank, EigenTrust, and subjective/asymmetric trust graphs as possible foundations for reputation systems (c47497777, c47497770).
Package/skills systems: Some see this as overlapping with the “skills” standard, skill package managers, or memory systems like YAMS rather than a wholly new category (c47499838, c47501109).

Expert Context:

Verification idea: One commenter suggests spinning up remote containers with dummy data to test claims before publishing them, turning proposed knowledge into something experimentally verified (c47500326).

#13 A 6502 disassembler with a TUI: A modern take on Regenerator (github.com) §

summarized

45 points | 4 comments

Article Summary (Model: gpt-5.4-mini)

Subject: 6502 TUI Disassembler

The Gist: Regenerator 2000 is a modern, keyboard-driven 6502 disassembler for Commodore 8-bit binaries. It combines disassembly with synchronized views for hex, sprites, bitmap graphics, character sets, and blocks, plus live debugging against VICE. It also supports editing annotations, auto-analysis, multiple file formats, and exporting compatible assembly for several assemblers.

Key Claims/Facts:

Interactive analysis: Lets you label code/data, add comments, change data types, jump by address/operand, and inspect x-refs.
Broad Commodore support: Works with common 8-bit machine formats like PRG, CRT, D64/D71/D81, T64, VSF, BIN, and RAW.
Modern workflow: Offers a TUI, undo/redo, VICE debugger integration, MCP server support, and export to 64tass, ACME, Kick Assembler, and ca65.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Enthusiastic.

Top Critiques & Pushback:

Mostly admiration rather than criticism: The thread is light on pushback; commenters mainly praise the project and its usefulness for retro-computing workflows (c47500312, c47500696).
Tooling context matters: One commenter frames the project as especially helpful because older C64 tools are scattered, unsupported, or inconvenient on modern systems, implying the main value is portability and low friction (c47500312).

Better Alternatives / Prior Art:

Web-based workflow: A user describes their own similar browser-based tool for tagging bytes, comments, and pointer metadata with immediate disassembly updates, suggesting web apps can be a compelling alternative for this niche (c47500312).
OpcodeOracle: Another commenter points to their own MOS 6502 analysis tool as a comparable solution and says regenerator2000 looks promising by comparison (c47500158).

Expert Context:

MCP + agents: One commenter highlights the MCP integration and argues 6502 is a particularly good fit for coding agents because the 64 KB address space keeps the problem bounded; they claim a large productivity boost from similar tooling (c47500158).
Historical nostalgia: A commenter with demo-scene experience from the late 1980s notes they wish they had such tools back then, underscoring how specialized and valuable this kind of disassembler is (c47500199).

#14 Gerd Faltings, who proved the Mordell conjecture, wins the Abel Prize (www.scientificamerican.com) §

summarized

43 points | 6 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Faltings Wins Abel Prize

The Gist: Scientific American reports that Gerd Faltings, at 71, received the Abel Prize for his proof of the Mordell conjecture, now called Faltings’s theorem. The article explains that the result is a cornerstone of arithmetic geometry: it shows certain algebraic curves have only finitely many rational points, and it highlights Faltings’s later work generalizing these ideas to higher-dimensional shapes and contributing to p-adic Hodge theory.

Key Claims/Facts:

Mordell/Faltings theorem: Establishes finiteness of rational points for the relevant class of curves.
Mathematical impact: The proof reshaped arithmetic geometry and inspired later work.
Career significance: The Abel Prize caps a career already marked by a Fields Medal and major later contributions.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic; commenters mostly celebrated the honor while correcting the article’s oversimplified math.

Top Critiques & Pushback:

Oversimplified statement of the theorem: Several users noted that “variable raised to a power higher than 3” is not the real criterion; the correct condition is more nuanced and usually phrased in terms of genus/irreducibility (c47499337, c47500305, c47500707, c47500905).
Article precision: One reply specifically pointed out that the article’s wording would make examples like y = x^4 look like counterexamples unless additional constraints are understood (c47500305, c47500707).

Expert Context:

Connection to Fermat-type problems: A commenter remarked that Mordell’s conjecture implies finiteness results for certain Fermat equations, showing why the theorem matters beyond abstract curve theory (c47448176).

#15 Claude Code Cheat Sheet (cc.storyfox.cz) §

summarized

445 points | 127 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Claude Code Cheat Sheet

The Gist: A compact printable reference for Claude Code, covering keybindings, slash commands, MCP setup, memory/rules files, skills and agents, workflow tips, CLI flags, config locations, and environment variables. The page is presented as a single HTML cheat sheet for quick lookup and is intended to stay current via an automatic changelog check. It also highlights newer features such as /insights, /cost, /effort, /branch, and headless/bare modes.

Key Claims/Facts:

Quick-reference format: A one-page cheat sheet for daily use, optimized for printing and fast lookup.
Broad feature coverage: Includes shortcuts, slash commands, MCP servers, memory/rules, skills/agents, CLI flags, and config/env-var references.
Auto-updated: A cron job checks the changelog and marks new features with a “NEW” badge.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic. People broadly like having a single cheat sheet, but many comments focus on correctness, version drift, and whether the page has been manually verified.

Top Critiques & Pushback:

Accuracy and stale data: Several commenters spot likely mistakes or version mismatches, such as the wrong paste shortcut, the location of MCP config, and /cost not being present in some installs (c47496494, c47498100, c47499047).
Manual verification concerns: Users ask whether the source was reviewed by a human and worry that the page may be mostly AI-generated and error-prone (c47501171, c47498648).
CLI responsiveness: A few note that Claude Code can feel slow or miss input, despite being a text-based tool (c47499501, c47500925).

Better Alternatives / Prior Art:

Official docs: Someone points to the env-vars documentation for a more complete list than the cheat sheet (c47496893).
VS Code extension: A few commenters prefer the VS Code extension for workflow and UI reasons, though one notes it can lag behind the CLI in features (c47498233, c47500595, c47501074).

Expert Context:

Feature availability depends on account/version: /cost appears only for some users, such as API-key or enterprise setups, which helps explain conflicting reports (c47499047, c47500562, c47500186).
Extensibility is a recurring theme: Some users argue Claude Code’s hooks/plugins/agents make it more extensible than Codex, even if they disagree on raw performance (c47498741, c47498234, c47498400).

#16 Dune3d: A parametric 3D CAD application (github.com) §

summarized

172 points | 64 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Parametric CAD, simplified

The Gist: Dune 3D is a parametric 3D CAD app aimed at making common enclosure/part-design workflows feel smoother than FreeCAD, while keeping SolveSpace-style constraint-driven modeling. It combines Open CASCADE for solid modeling and STEP import/export, SolveSpace’s solver for constraints, and reused UI/editor pieces from Horizon EDA. The author’s goal is a more approachable, GTK4-based CAD tool that supports fillets/chamfers and avoids some of FreeCAD’s workflow friction.

Key Claims/Facts:

Geometry kernel: Uses Open CASCADE to enable STEP support plus fillets/chamfers.
Constraint system: Uses SolveSpace’s solver, with additional patching for performance.
UI/Editor reuse: Reuses Horizon EDA ideas/components, including spacebar-driven tools and an interactive editor model.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic, with interest tempered by concerns about usability, installation friction, and project longevity.

Top Critiques & Pushback:

Why not FreeCAD/SolveSpace? Some see Dune3D as overlapping with existing tools and question what it adds beyond a SolveSpace-like workflow (c47497203). Others argue the value is a more approachable UI plus STEP import and fillets/chamfers (c47497389, c47497421).
Install/build friction: One commenter says compiling is difficult due to many conflicting dependencies and suggests Flatpak/AppImage would help (c47499349, c47499471, c47499808).
Maintenance risk: A few users worry it may be too dependent on a single main developer and thus vulnerable to abandonment (c47500078).

Better Alternatives / Prior Art:

FreeCAD: Frequently cited as the main free alternative; opinions split between “unusable UX” and “good enough / improving fast” (c47498805, c47500346, c47499918).
SolveSpace: Mentioned as the closest workflow reference and a possible base, though some say it is harder to use and lacks Dune3D’s STEP/fillet/chamfer support (c47497203, c47497421).
Code-based CAD: Users also point to CadQuery, build123d, OpenSCAD, JSCAD, and related tools for parametric modeling (c47495115, c47495583).

Expert Context:

Feature delta vs SolveSpace: The docs and commenters note Dune3D is effectively SolveSpace-like workflow plus STEP import/export and fillets/chamfers, with a somewhat friendlier UI (c47497421, c47497389).
Learning curve advice: Several comments suggest video tutorials work better than written ones for CAD tooling, and that the existing docs/tutorials are still a hurdle for newcomers (c47500095, c47501156).

#17 Abusing Customizable Selects (css-tricks.com) §

summarized

125 points | 5 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Custom Select Playgrounds

The Gist: Patrick Brosset demonstrates how the new customizable <select> feature can be pushed far beyond standard dropdowns, using Chromium-only support and progressive enhancement. The article walks through three playful demos: a curved stack of folders, a fanned deck of cards, and a radial emoji picker. It shows how appearance: base-select, ::picker(select), ::picker-icon, ::checkmark, sibling-index(), anchor positioning, @starting-style, @property, and even trig functions can be combined to fully restyle, reposition, and animate selects while preserving native behavior.

Key Claims/Facts:

Progressive enhancement: Non-supporting browsers still get a normal <select>.
Deep styling hooks: The feature exposes the button, dropdown, options, icons, and selected content for CSS control.
Layout and motion: New CSS functions let options fan, curve, and animate in elaborate patterns.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Enthusiastic, with a bit of anxiety about how far people might take the styling.

Top Critiques & Pushback:

Risk of overdone UI: One commenter likes the creativity but worries these kinds of tools will lead to “monstrosities,” and hopes for a universal stripped-down mode for pages (c47499002, c47499858).
Keep it understandable: The worry is less about the feature itself than about reducing surprise and preserving usability in industrial/default interfaces (c47497559).

Better Alternatives / Prior Art:

Native fallback behavior: Another user points out that if the CSS is removed, the control simply becomes a normal unstyled dropdown, so the feature already degrades gracefully (c47499074).

Expert Context:

Follow-the-author interest: A commenter notes that Patrick Brosset has a whole lab of similarly inventive CSS experiments, reinforcing the article’s framing as a creative playground rather than a production pattern (c47498378).

#18 The Resolv hack: How one compromised key printed $23M (www.chainalysis.com) §

summarized

95 points | 132 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Key Compromise, Big Mint

The Gist: Chainalysis says the Resolv exploit was not a smart-contract bug but a compromise of off-chain infrastructure: an attacker got access to the AWS KMS environment holding a privileged signing key, used it to authorize huge USR mints against small USDC deposits, then swapped the minted tokens into other assets and roughly $23M in value escaped before the protocol was halted.

Key Claims/Facts:

Off-chain key compromise: The attacker reportedly gained control of Resolv’s AWS KMS environment and used the protocol’s signing key to approve minting.
Bad minting design: The contract checked for a valid signature but did not enforce a meaningful maximum mint amount, so the signer could authorize arbitrary issuance.
Cash-out path: The attacker minted ~80M USR, moved into wstUSR, then into stablecoins and ETH, causing a major de-peg.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic about the diagnosis, but broadly skeptical of the protocol design and of stablecoins in general.

Top Critiques & Pushback:

Cloud/KMS trust is the real weak point: Several commenters focus less on the token logic and more on the fact that a privileged AWS/KMS key could be reached at all, arguing the article leaves the root compromise path unanswered (c47500139, c47496439).
This looks like a centralized failure, not a “smart contract hack”: People emphasize that the code may have behaved as written, but the system still failed because mint authorization depended on a compromised key and off-chain trust (c47496605, c47498327).
Inside-job suspicion: A recurring line of speculation is that the precision of the compromise makes an insider/rug-pull plausible, though commenters note there is no proof in the thread (c47496807, c47497252, c473? not present).

Better Alternatives / Prior Art:

Airgapped or heavily isolated key custody: Some suggest the signing key should never have lived on a cloud service and should instead be kept offline or in much tighter hardware custody, even if it is operationally painful (c47498506, c47498885).
Multisig/MPC-style controls: Others argue that a single compromised signer is too fragile and that multi-party authorization reduces the blast radius, though another commenter notes this still just shifts trust rather than removes it (c47498973, c47499056).

Expert Context:

KMS nuance: One commenter corrects a common misconception: AWS KMS doesn’t let attackers extract the private key; the danger is that they can still use KMS to sign malicious mint operations if they gain access (c47498681).
Stablecoin design debate: The thread broadens into a larger argument that centralized stablecoins are inherently trust-based and blur the line between crypto and ordinary payment rails; defenders argue they’re useful for fast, low-friction transfer and international trade, while critics say they solve a problem that normal banking already handles better for most users (c47496440, c47496582, c47496788, c47497057).

#19 Microservices and the First Law of Distributed Objects (2014) (martinfowler.com) §

summarized

23 points | 16 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Microservices Aren't Transparent

The Gist: Fowler argues that microservices do not violate his “don’t distribute your objects” rule because they are not trying to make remote and in-process calls interchangeable. The real warning is that distribution adds complexity: remote calls are slower, can fail, and force coarser APIs. Microservices can still work, but they shift complexity into service boundaries, inter-service coordination, and refactoring across networked components.

Key Claims/Facts:

Remote vs in-process is different: Remote calls need batching and different API design because latency and failure are inherent.
Distribution adds complexity: You must reason about performance, consistency, availability, and cross-service refactoring.
Microservices are a trade-off: Fowler prefers monoliths by default, but says empirical success cases justify the pattern in some contexts.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic, but with strong reminders that microservices mainly relocate complexity rather than eliminate it.

Top Critiques & Pushback:

Hidden complexity at boundaries: Several commenters say the hardest bugs are in interactions between components, not within a single codebase, so microservices amplify an existing problem (c47500045, c47500184, c47500377).
Operational fragility: Network failures, latency swings, DNS issues, and version skew are called out as real costs that async alone does not solve (c47499388, c47500012, c47500388).
Ownership and debugging pain: In larger orgs, the pain is often unowned functionality spread across many services, making it hard to trace responsibility when things break (c47501035).

Better Alternatives / Prior Art:

Declarative dependency resolution: One commenter wants a SQL-like distributed engine that can resolve service dependency graphs automatically; others point to CQRS/global aggregation and Datomic as partial analogues (c47500053, c47500552, c47500692).
Async as a normal boundary: Some argue the distributed boundary is less special now that async is common, though it still leaves latency/failure issues unresolved (c47499388, c47500012).
CQRS / event sourcing: A commenter claims these patterns reduce the need for giant shared databases and fit distributed architectures better (c47500510).

Expert Context:

Historical framing: One commenter notes Fowler’s original “first law” targeted the illusion that distributed objects could hide the remote/in-process distinction; microservices avoid that specific mistake, even if they retain the broader distributed-systems trade-offs (c47499388).
Granularity caveat: Another points out that “small components” do not necessarily mean microservices; the same cognitive benefits can come from modules, functions, or separate processes without the full network tax (c47500006).

#20 Finding all regex matches has always been O(n²) (iev.ee) §

summarized

218 points | 59 comments

Article Summary (Model: gpt-5.4-mini)

Subject: Regex All-Match Blowup

The Gist: The post argues that even “linear-time” regex engines become quadratic when asked to enumerate all matches, because each new match typically restarts scanning from the next position. It illustrates this with patterns like .*a|b over long runs of bs, and contrasts ordinary iteration with RE#’s two-pass approach, which finds all leftmost-longest matches without restarting from every position. It also introduces a “hardened” mode that preserves semantics while forcing linear-time behavior on adversarial inputs, at the cost of slower normal-case performance.

Key Claims/Facts:

Iterator blowup: find_iter/FindAll can be O(m * n²) even when single-match search is linear.
Two-pass fix: RE# uses a reverse pass to mark candidate starts, then a forward pass to resolve longest matches.
Hardened mode: A slower but semantics-preserving mode avoids quadratic behavior on hostile patterns/inputs.

Parsed and condensed via gpt-5.4-mini at 2026-03-24 11:38:38 UTC

Discussion Summary (Model: gpt-5.4-mini)

Consensus: Cautiously optimistic, but many commenters question how often the quadratic case matters in practice and whether existing mitigations are enough.

Top Critiques & Pushback:

Threat model matters: Several users argue the issue is most relevant when regexes or input sources are attacker-controlled, including local privilege-escalation scenarios via writable files, temp dirs, or support bundles (c47501021, c47499685).
Practicality skepticism: Some say the pathological all-matches case is rare in real log/search workflows because patterns usually have clear boundaries, making the worst case feel mostly theoretical (c47494954, c47495237).
Semantics vs. complexity tradeoff: A few commenters suggest that if semantics can change, a two-pass or earliest-match design could avoid the issue; others note that preserving leftmost-longest semantics is exactly what makes the problem hard (c47494771, c47494359).

Better Alternatives / Prior Art:

RE2 / Go / rust regex / .NET NonBacktracking: Cited as linear-time for single matches, but commenters note iterating over all matches is still where the quadratic behavior appears (c47497839, c47498985).
Sandboxing and timeouts: One comment argues untrusted regex execution should be bounded by time and memory limits, with .NET and Python’s third-party regex package mentioned as examples of better API-level controls (c47495045).
Aho-Corasick / literal search: Users point to Aho-Corasick as the established linear-time solution for fixed strings, and ask whether regex engines should do more query-planning or rewrite-style optimization to reduce work (c47497621, c47499860).
Hyperscan / Vectorscan / redgrep: Alternatives come up for different semantics or workloads; Hyperscan is mentioned for earliest-match streaming behavior, and redgrep as another engine worth checking against the quadratic case (c47501014, c47496304).

Expert Context:

Engine theory note: One commenter clarifies that returning no matches is linear for DFA/NFA engines; the superlinear behavior arises when producing many matches, not from the “no match” case itself (c47497839).
Algorithmic observation: Another notes that if a regex has a deterministic end boundary, the scary quadratic case may be avoidable in practice, but once you allow untrusted patterns or broad scans, defensive limits become much more important (c47494954, c47499685).