Hacker News

Article URL: https://forgecode.dev/blog/benchmarks-dont-matter/

Comments URL: https://news.ycombinator.com/item?id=47273441

Points: 2

# Comments: 0

Article URL: https://thoughts.jock.pl/p/local-llm-macbook-iphone-qwen-experiment

Comments URL: https://news.ycombinator.com/item?id=47273419

Points: 2

# Comments: 0

Article URL: https://www.youtube.com/watch?v=RJyPVLMyyuA

Comments URL: https://news.ycombinator.com/item?id=47273412

Points: 1

# Comments: 0

Article URL: https://github.com/mikigraf/AutoSellPlus

Comments URL: https://news.ycombinator.com/item?id=47273410

Points: 1

# Comments: 1

We just analyzed a fresh supply chain attack on npm that's pretty well-executed.

Package: pino-sdk-v2 Target: Impersonates pino (one of the most popular Node.js loggers, ~20M weekly downloads)

Reported to OSV too- https://osv.dev/vulnerability/MAL-2026-1259

What makes this one interesting: The attacker copied the entire pino source tree, kept the real author's name (Matteo Collina) in package.json, mirrored the README, docs, repository URL so everything looks legitimate on the npm page.

The only changes: - Renamed package to pino-sdk-v2 - Injected obfuscated code into lib/tools.js (300+ line file) - No install hooks whatsoever

The payload: Scans for .env, .env.local, .env.production, .env.development, .env.example files, extracts anything matching PRIVATE_KEY, SECRET_KEY, API_KEY, ACCESS_KEY, SECRET, or just KEY=, then POSTs it all to a Discord webhook as a formatted embed.

The malicious function is literally named log(). In a logging library. That's some next-level camouflage.

Why most scanners miss it: - No preinstall/postinstall hooks (most scanners focus on these) - Executes on require(), not during install - Obfuscated with hex variable names and string array rotation

Trusted metadata makes the npm page look legit

If you've installed it:

Remove immediately and rotate all secrets in your .env files. Treat it as full credential compromise.

Full technical analysis with deobfuscated payload and IOCs: https://safedep.io/malicious-npm-package-pino-sdk-v2-env-exfiltration/

Comments URL: https://news.ycombinator.com/item?id=47273407

Points: 1

# Comments: 0

Article URL: https://encore.dev/blog/last-year-of-terraform

Comments URL: https://news.ycombinator.com/item?id=47273397

Points: 3

# Comments: 0

Article URL: https://github.com/pranshuchittora/simvyn

Comments URL: https://news.ycombinator.com/item?id=47273375

Points: 1

# Comments: 1

Testing AI agents is painful. Every test run calls the LLM API, costs real money, takes minutes, and gives different results each time. CI? Forget about it.

Evalcraft fixes this with cassette-based capture and replay — think VCR for HTTP, but for LLM calls and tool use.

How it works:

1. Run your agent once with real API calls. Evalcraft records every LLM request, tool call, and response into a JSON cassette file.

2. In tests, replay from the cassette. Zero API calls, zero cost, deterministic output.

3. Assert on what matters: tool call sequences, output content, cost budgets, token counts.

run = replay("cassettes/support_agent.json") assert_tool_called(run, "lookup_order", with_args={"order_id": "ORD-1042"}) assert_tool_order(run, ["lookup_order", "search_knowledge_base"]) assert_cost_under(run, max_usd=0.01) It's pytest-native — fixtures, markers, CLI flags. Works with OpenAI, Anthropic, LangGraph, CrewAI, AutoGen, and LlamaIndex out of the box. Adapters auto-instrument your agent with zero code changes.

Also ships with golden-set management, regression detection, PII sanitization, and 16 CLI commands for inspecting/diffing cassettes.

555 tests, MIT licensed, `pip install evalcraft`.

Repo: https://github.com/beyhangl/evalcraft PyPI: https://pypi.org/project/evalcraft/ Docs: https://beyhangl.github.io/evalcraft/docs/

Would love feedback from anyone testing agents in CI.

Comments URL: https://news.ycombinator.com/item?id=47273374

Points: 1

# Comments: 0

Article URL: https://www.vibesing.me

Comments URL: https://news.ycombinator.com/item?id=47273371

Points: 1

# Comments: 1

Article URL: https://www.neowin.net/news/mozilla-is-working-on-a-big-firefox-redesign-here-is-what-it-looks-like/

Comments URL: https://news.ycombinator.com/item?id=47273116

Points: 1

# Comments: 0

Article URL: https://aws.amazon.com/blogs/aws/introducing-openclaw-on-amazon-lightsail-to-run-your-autonomous-private-ai-agents/

Comments URL: https://news.ycombinator.com/item?id=47273101

Points: 1

# Comments: 0

Article URL: https://www.sciencedaily.com/releases/2026/03/260303145705.htm

Comments URL: https://news.ycombinator.com/item?id=47273099

Points: 1

# Comments: 0

Article URL: https://www.youtube.com/watch?v=qht68vFaa1M

Comments URL: https://news.ycombinator.com/item?id=47273082

Points: 1

# Comments: 0

Article URL: https://bezoscalculator.com/

Comments URL: https://news.ycombinator.com/item?id=47273070

Points: 2

# Comments: 0

Article URL: https://www.reddit.com/r/germany/s/fbHf0kXsEE

Comments URL: https://news.ycombinator.com/item?id=47273067

Points: 1

# Comments: 0

I've been thinking about how AI will change advertising. Instead of static banners or landing pages, what if an ad was a conversation? I built a demo to explore this: a fictional luxury EV brand called Vela, with an AI sales consultant named Stella you can actually talk to. Ask her about range, pricing, comparisons to competitors — she knows the product inside out. Try it here: https://99helpers.com/tools/vela-chat The idea is simple: instead of cramming everything into a hero section and hoping someone scrolls, you let the customer ask what they actually care about. The AI handles objections, comparisons, and details on demand. Built with my own platform (99helpers.com) which lets you give an AI chatbot a knowledge base and embed it anywhere. This is one use case I hadn't fully considered until recently — using the chatbot not for support, but as the ad itself. Curious what HN thinks. Is conversational advertising compelling, or just a gimmick?

Comments URL: https://news.ycombinator.com/item?id=47273063

Points: 1

# Comments: 0

Article URL: https://www.plantbasededit.com/the-calm-energy-set-up/

Comments URL: https://news.ycombinator.com/item?id=47273054

Points: 1

# Comments: 0

Article URL: https://www.ayrshare.com/coding-with-multiple-ai-agents/

Comments URL: https://news.ycombinator.com/item?id=47273046

Points: 2

# Comments: 0

Is anybody exploring AI thinking models for learning psychology and philosophy ?

what is your experience

Comments URL: https://news.ycombinator.com/item?id=47273035

Points: 1

# Comments: 0

I've been building a modern take on a MUD (multiplayer text RPG) with Claude Code over the past few weeks. Kotlin server, Android client, React-based world editor. The usual hobby project stuff. The interesting part is the agent pipeline that grew around it: - A /game-designer agent reads all the world data files, models the combat math, and produces balance proposals with specific JSON changes - A /playtest agent connects to the running game server over WebSocket, creates a character, explores, fights NPCs, loots items, and files GitHub issues for bugs it encounters - A /worldmaker agent drives the world editor in a real browser via Playwright — clicks through zone editing, NPC configuration, item creation, and files issues when things break - A /bugfixer agent picks up those issues and submits fixes Each agent has persistent memory across sessions, so the game designer remembers its previous balance audits and the playtester remembers what areas it's already explored. The game itself is a modern take on '90s MUDs like MajorMUD — tick-based combat, NPC behaviors (wander, patrol, pursuit), spells, skills, stealth, loot tables, vendors, trainers. 4 zones, 25 rooms, 17 NPCs. Everything is data-driven JSON — the world editor exports .nmd bundles (ZIP archives) that the server loads at startup, similar to DOOM's WAD files. The world editor has a visual zone map where you place rooms on a shared coordinate grid, click to connect exits, and configure NPC patrol routes by clicking rooms on the map. All zones share one global coordinate space so rooms can't overlap across zones. ~45k lines of code, 830 tests across server/shared/maker, 460 AI-generated assets (images and audio). The agents have filed about 40 GitHub issues so far, most of which are legitimate. It's a hobby project — combat balance is rough, there's no quest system yet, and it needs real multiplayer stress testing. But the feedback loop of building features and then having agents test them in the actual running application has been a surprisingly effective workflow.

Comments URL: https://news.ycombinator.com/item?id=47273012

Points: 1

# Comments: 0