Top 10 Hacker News posts, summarized
HN discussion
(118 points, 417 comments)
The article is a collection of "Ask HN: What Are You Working On?" submissions for December 2025. The submissions showcase a diverse range of personal and professional projects. Common themes include AI integration, simplification of technology (e.g., moving to USB-C, "dumb" homes), building developer tools, personal productivity enhancements, and creative projects like games and educational apps. Many individuals highlight the satisfaction derived from building and learning through these projects, often alongside their day jobs or as passion projects.
The submissions reveal a trend towards leveraging AI for various applications, from coding assistance and content generation to data analysis and system design. There's also a notable effort by some to de-clutter digital and physical lives, embracing simpler solutions and reducing reliance on complex systems. Many contributors are focused on open-source development, personal websites, and sharing their progress through blogs or GitHub repositories.
The discussion highlights a strong interest in AI-powered tools, with many users developing or utilizing AI for coding assistance, content creation, data analysis, and problem-solving. This includes custom AI agents, code generation, and even AI-assisted research. A recurring theme is the desire for simplification and control, seen in the move to USB-C, "dumb" homes, and the development of personal, user-controlled tools rather than relying on proprietary, complex ecosystems.
Users also expressed enthusiasm for building developer tools and utilities, particularly those that improve workflow, offer type-safety, or simplify complex tasks like build systems or data management. The "Ask HN" format fostered a sense of community, with individuals sharing not only their projects but also their motivations, challenges, and learnings, often encouraging feedback and collaboration.
HN discussion
(218 points, 87 comments)
Hashcards is a new local-first spaced repetition system that distinguishes itself by storing flashcards as plain-text Markdown files. This approach allows users to manage their card collections with standard text editors and version control systems like Git, offering benefits such as easy sharing and programmatic manipulation. The system utilizes the FSRS algorithm for optimal review scheduling and aims to minimize friction in card creation and editing, drawing inspiration from the author's dissatisfaction with existing tools like Anki and Mochi.
The author highlights several advantages of the plain-text, Git-friendly approach, including enhanced ownership of data, ease of editing with preferred tools, and the ability to generate flashcards programmatically from structured data. Hashcards aims to solve frustrations with Anki's interface and Mochi's less advanced algorithm and verbose cloze deletion syntax, prioritizing a frictionless card entry and editing experience while leveraging the power of advanced scheduling.
The discussion generally praises Hashcards for its plain-text, Git-based approach, with many commenters expressing similar desires for such a system and highlighting the importance of frictionless card entry. Several users shared their positive experiences with Markdown for knowledge management and noted its benefits for viewing, editing, and versioning. There was also interest in AI-assisted card creation and the potential for generating cards from various data sources.
Some commenters raised practical considerations, such as the need for image and audio support, and the challenges of migrating existing Anki collections. A few defended Anki's robustness and flexibility, particularly regarding customization and plugins, while others expanded the concept of spaced repetition beyond academic study to personal behavior modification. The idea of a more collaborative or shared SRS system was also brought up as a potential area for improvement.
HN discussion
(157 points, 139 comments)
The article argues that GraphQL's "enterprise honeymoon" is over, suggesting its benefits are often overstated and its drawbacks are more significant in real-world enterprise environments. The author contends that GraphQL's primary selling point, preventing overfetching, is largely mitigated by existing Backend for Frontend (BFF) patterns, which can already shape data from REST APIs to meet UI needs. While GraphQL can do this, it often just shifts overfetching to a lower layer, requiring more setup and maintenance for minimal gains.
Furthermore, the article highlights that GraphQL's implementation time is substantially longer than REST due to schema, type, and resolver definitions, and its default observability and caching mechanisms are more complex and fragile than REST's out-of-the-box solutions. The author also points out that GraphQL's ID requirement and handling of file transfers are awkward, and its learning curve can slow down onboarding. Ultimately, the author concludes that for most enterprises already employing BFFs and dealing with predominantly RESTful downstream services, GraphQL solves a niche problem while introducing broader complexities, making it unnecessary for many.
Many commenters agree with the article's premise that GraphQL's initial appeal has faded, framing it as a shift from a "honeymoon" to a more mature, long-term evaluation. Some explicitly state that overfetching isn't GraphQL's primary benefit, instead emphasizing its strong type system for contract enforcement and easier schema evolution as key advantages, offering greater guarantees against bugs. Others find that tools like Hasura or alternative approaches like OData and RPC are often simpler or more effective for their use cases.
A significant point of contention is the perceived complexity and overhead of GraphQL, particularly regarding observability, error handling, and caching. Several users express regret over choosing GraphQL for enterprise applications, citing wired bugs, difficult upgrades, and loss of performance and simplicity compared to REST. The rise of AI for scaffolding REST APIs is also mentioned as diminishing REST's perceived pain points. However, some users still find value in GraphQL, especially in specific contexts like Shopify's API or when using advanced tooling like Relay or schema-first implementations like Lighthouse. The potential for GraphQL to create "adversarial-level cursed queries" that stress databases is also raised as a concern.
HN discussion
(198 points, 84 comments)
This article, "AI and the ironies of automation – Part 2," continues a discussion on Lisanne Bainbridge's 1983 paper concerning the ironies of automation, applying its principles to contemporary AI and LLM-based automation in white-collar work. It highlights that while industrial automation faced immediate, critical failure scenarios, white-collar AI automation often deals with efficiency-driven tasks where the "human in the loop" paradox emerges: humans need to monitor AI output at superhuman speeds to intervene effectively, which is challenged by efficiency pressures and inherent human stress responses that impair cognitive capacity. The article also critiques current AI agent interfaces, likening them to a "worst UI possible" due to overly verbose and convincing error reporting that hides critical mistakes, making human oversight difficult.
Furthermore, the post delves into the "training paradox," where highly automated systems require extensive, specialized human training to handle rare exceptional events, yet the very success of automation leads to skill atrophy. This is compounded by a "leadership dilemma," where supervisors of AI agent fleets need to develop new leadership and direction-setting skills, a role for which they are often unprepared, unlike human leadership roles which typically involve formal training. The author concludes that the insights from Bainbridge's 40-year-old paper remain highly relevant and that solving these automation ironies will require significant technological ingenuity and investment in human training, especially as AI systems become more advanced.
Comments frequently echo the article's central theme of the "irony of automation," drawing parallels to existing fields like aviation and calculators to illustrate the need for maintaining fundamental skills despite advanced tools. A significant concern raised is the potential for skill decay among human supervisors, who, by overseeing AI, might lose their own expertise, leading to a reliance on training for infrequent but critical interventions. The analogy of "monitoring fatigue" from industrial automation is seen as directly applicable to supervising AI agents, where the sheer volume of AI output, even if mostly correct, can obscure crucial errors.
Several commenters also identified the current user interface (UI) and user experience (UX) of AI agents as a major hurdle, describing them as verbose and misleading, making it difficult for humans to effectively detect and correct errors. The notion that AI efficiency gains might paradoxically create more complex problems, thus still requiring human expertise but in a more challenging supervisory role, is a recurring point. Additionally, the lack of dedicated training for leading AI agent fleets, in contrast to traditional human management roles, is highlighted as a critical oversight, suggesting that companies are overlooking the need for new skill development in their human-AI teams.
HN discussion
(173 points, 107 comments)
Trigger.dev experienced a sophisticated npm supply chain attack named Shai-Hulud 2.0, which compromised a developer's machine and led to unauthorized access to their GitHub organization. The incident began when a developer installed a malicious package, leading to credential theft via a repurposed security tool, TruffleHog. The attacker then spent 17 hours performing reconnaissance, cloning repositories and creating hidden credential-storing repos, before launching a 10-minute destructive phase involving force-pushes and closing pull requests across multiple repositories, notably using "Linus Torvalds" as the author for malicious commits. Trigger.dev's npm packages and public-facing services remained uncompromised.
The company's response involved immediate removal of the compromised account, which halted the attack. They successfully recovered lost history using GitHub's event API and local developer machine logs. A significant concern was the potential exposure of their GitHub App private key, though no unauthorized customer repository access was detected due to the lack of installation IDs. Trigger.dev implemented several security changes, including disabling npm scripts globally, upgrading to pnpm with stricter security defaults, switching to OIDC for npm publishing, and enforcing branch protection on all repositories. They emphasized that the core vulnerability lies in package managers allowing arbitrary code execution during installation.
The Hacker News discussion highlighted appreciation for Trigger.dev's transparency in their post-mortem. Several users raised concerns about the difficulty of distinguishing exfiltration traffic from normal developer activity and questioned the security of local developer setups regarding SSH keys and admin credentials. The attacker's destructive phase, particularly the "Linus Torvalds" commits, was noted as unusual and potentially a manual addition beyond the malware's typical behavior. There was also a significant debate regarding pnpm's security features, with some questioning why the incident occurred if pnpm no longer automatically runs lifecycle scripts by default. Some commenters also pointed out that the incident could have been mitigated with better endpoint detection and response (EDR) on developer machines.
HN discussion
(168 points, 91 comments)
Anthropic experienced an outage affecting its Opus 4.5 and Sonnet 4/4.5 models across all services, including claude.ai, platform.claude.com, the Claude API, and Claude Code. The incident, which lasted from 13:25 to 14:43 PT on December 14, 2025, was caused by a network routing misconfiguration that led to dropped traffic and prevented requests from being processed. The misconfiguration has since been reverted, and services are fully restored. Anthropic is conducting a review to enhance its detection and prevention mechanisms for similar issues.
Comments on Hacker News reflect a mix of user experiences and reactions to the outage. Some users reported being able to use Sonnet during the reported downtime, suggesting potential staggered impact or localized resolution. Others expressed concern about the availability of the more advanced Opus model, with one user humorously lamenting the potential impact on their "vibes." The speed of Anthropic's status page updates and communication was praised by one commenter as a positive aspect of their incident response.
Several comments offered humorous or speculative interpretations of the outage, ranging from jokes about the power of LLMs causing a shutdown to lighthearted suggestions to "go outside." A few users noted the timing of the outage with their own work or personal schedules, highlighting the reliance on these services. One engineer from Anthropic acknowledged the incident and confirmed its mitigation, while another user offered their company's services for more resilient compute infrastructure.
HN discussion
(125 points, 112 comments)
Apple has released iOS 26.2, iPadOS 26.2, and macOS 26.2, which address over 20 security vulnerabilities. Notably, two of these vulnerabilities involve actively exploited WebKit bugs that could lead to code execution or memory corruption through maliciously crafted web content. Apple is aware of sophisticated attacks targeting individuals on previous iOS versions. The update also fixes issues related to the App Store, image processing, photo album security, and FaceTime remote control. Apple strongly advises all users to update their devices promptly to mitigate these risks, as public disclosure may increase the likelihood of exploitation for unexploited vulnerabilities.
A significant portion of the discussion revolves around confusion and skepticism regarding Apple's naming conventions and perceived intentional device slowdowns. Users express frustration with what they believe are attempts to force upgrades to newer operating systems and the inability to disable daily upgrade prompts. There's also a discussion about the new "Liquid Glass" UI and whether its perceived negative impact outweighs the security benefits, with some users actively seeking ways to avoid it or delay updates. Some users report performance degradation on newer hardware after updating, contradicting Apple's expected improvements.
HN discussion
(78 points, 104 comments)
Unable to access content: The provided URL returned a 403 Forbidden error, preventing retrieval of the article content.
The discussion revolves around the assertion that JSDoc is effectively TypeScript. Several commenters agree that JSDoc provides a similar level of type safety and tooling benefits as TypeScript, particularly for developers who wish to avoid a separate build step or prefer keeping type definitions within their JavaScript files. It is noted that tools like the TypeScript compiler can process JSDoc for type checking.
However, a counterpoint highlights limitations of JSDoc compared to TypeScript, such as a lack of control over type visibility and the inability to express certain complex types. The ongoing development of native JavaScript type annotations (TC39 proposal) is mentioned as a future development that could further integrate typing directly into the language. Some users also share personal experiences and preferences, with some advocating for JSDoc's simplicity and others for TypeScript's comprehensive features.
HN discussion
(115 points, 59 comments)
In 2002, two independent student projects, Last.fm and Audioscrobbler, emerged, foreshadowing the social web by leveraging "collaborative filtering" for music recommendations and social networking. Last.fm, founded by students from Ravensbourne College, offered an internet radio station that built user listening profiles and visualized musical connections in a "Map of Music." This system, inspired by Amazon's recommendation engine, suggested music based on the collective listening habits of similar users.
Simultaneously, Richard Jones at the University of Southampton developed Audioscrobbler, a project that tracked user listening habits via software to create profiles for personalized recommendations. Both projects aimed to break from the traditional broadcast model of music consumption by enabling users to discover new content and connect with others through shared musical tastes. While Last.fm initially focused on 30-second samples due to licensing restrictions, it later evolved into a licensed online radio service. The article highlights how these early initiatives captured the emerging value of user data for content discovery and laid the groundwork for the social web.
The Hacker News discussion reveals a strong sense of nostalgia and continued engagement with Last.fm and its core concept of "scrobbling." Many users express enduring loyalty to Last.fm, some having scrobbled for over a decade, and value it primarily as a listening history tracker rather than a recommendation engine. There's mention of the shift towards DIY solutions and self-hosted alternatives like Koito and Libre.fm for users seeking greater control over their data and a more open-source approach.
Several comments touch upon the evolution of music discovery, with some lamenting the decline of Last.fm's social features and preferring the manual discovery through user profiles over current algorithmic recommendations from services like Spotify or Pandora. The robustness of Last.fm's API and its integration into communities like Discord via bots are noted as key factors for its continued relevance. Concerns about data accuracy due to similar artist names were also raised, with ListenBrainz being cited as a more robust open-source alternative that leverages MusicBrainz for precise artist and track identification.
HN discussion
(68 points, 77 comments)
Unable to access content: The article content could not be retrieved from the provided URL. The page at https://en.wikipedia.org/wiki/Baumol_effect returned a 403 Forbidden error, preventing access to the information necessary to summarize it.
Comments suggest that Baumol's Cost Disease is a real phenomenon affecting relative wages, but some argue that its application to current economic issues, particularly in the US, is used as propaganda to deflect from the impact of corporate power and consolidation. There is a belief that regulatory improvements, specifically "improvement via negativa" (reduction of regulations), are needed in sectors like healthcare, childcare, and education to address rising costs by increasing supply and competition.
Some contributors question the premise that certain goods have become cheaper, suggesting that wage normalization might be misleading and that the decrease in prices for some items is due to cheap labor arbitrage and the fact that these are physical products not subject to local service requirements. The trend of increasing costs for essential, non-discretionary purchases like healthcare and education is noted, in contrast to the decreasing costs of technologically advancing or internationally competitive goods. Concerns are also raised about the increasing cost of software through subscription models, classifying it as a service that should exhibit cost increases rather than decreases.
Generated with hn-summaries