Top HN Daily Digest · Fri, May 15, 2026

Mitchell Hashimoto suggests that some companies are experiencing "AI psychosis" by prioritizing artificial intelligence integration over fundamental product quality and user needs. [src]

The discussion centers on "AI psychosis," defined as the outsourcing of critical thinking and decision-making to pattern-matching models that often produce generic or flawed results [1]. While some users report successfully using AI to ship higher-quality features and address tech debt within standardized environments [8], others warn of a looming "complexity crisis" where AI-generated systems become too unstable for humans to understand or repair [0][4]. Notable anecdotes include a non-technical individual winning hospital contracts through "vibecoding" only to face immediate deployment and data-state failures [2], leading to predictions that "AI rescue consulting" will become a necessary high-value industry [0][7].

Project Gutenberg offers a library of over 75,000 free, volunteer-proofread eBooks, primarily focusing on classic literature with expired U.S. copyrights available in Kindle, epub, and online formats. [src]

Project Gutenberg is undergoing significant site improvements, though developers admit they are currently struggling with performance issues caused by massive amounts of bot traffic [0][3][5]. Users expressed frustration that major eBook vendors do not offer native integration for the library, forcing readers to rely on manual transfers or third-party tools like Calibre [1][8]. While some contributors appreciate the site's long history and transition to ePub formats, others still prefer the high-fidelity scans found on Archive.org or criticize the lack of professional formatting in plaintext-derived files [2][6][9]. Additionally, users in certain regions like Italy reported being unable to access the site due to judicial seizures [7].

California’s Protect Our Games Act, which recently cleared a key committee, would require publishers to provide refunds or offline patches to keep digital games playable after their servers are shut down. [src]

Proponents argue that requiring 60-day notices or the release of server binaries would prevent the loss of purchased content and restore the historical standard of community-hosted servers [0][4]. However, industry veterans highlight that open-sourcing modern server code is a massive legal and engineering undertaking due to complex microservice architectures, third-party licensed libraries, and potential security risks to a company's other active titles [1][9]. Critics warn these requirements could create significant financial liabilities, potentially bankrupting small studios or pushing the industry toward more aggressive monetization models like subscriptions and ads [3][8][9].

Mullvad VPN’s practice of deterministically assigning exit IPs based on a user's WireGuard key creates a fingerprinting vector that can correlate different sessions to the same user. By analyzing IP ranges across multiple servers, researchers found they could narrow a user's identity to a small percentage of the total userbase. [src]

Mullvad's co-CEO acknowledged that certain exit IP behaviors allow for highly accurate user identification, noting that while some aspects were intended for user experience, a patch is already being tested for unintended flaws [0][1]. The discovery sparked a debate over the utility of VPNs, with some labeling them "snake oil" due to public exit IPs while others argued they are essential for shifting trust away from ISPs [2][4]. Additionally, the thread criticized the researcher for not practicing responsible disclosure, though others pointed out Mullvad’s lack of a formal bug bounty program [1][3][6].

The U.S. Department of Justice has subpoenaed Apple, Google, Amazon, and Walmart to identify over 100,000 users of EZ Lynk’s Auto Agent app, alleging the software is used to bypass vehicle emissions controls in violation of the Clean Air Act. [src]

The DOJ's demand for user data is widely criticized as a "gross privacy intrusion" and an overreach, with commenters arguing that the government should target specific violators rather than every user of a tool with legal applications [0][1][7]. While there is strong consensus that "rolling coal" is a harmful nuisance that warrants enforcement, many believe traditional policing or reporting systems are more appropriate than mass digital surveillance [1][2][4]. Some suggest that users should seek anonymous alternatives like F-Droid to avoid such data collection, while others debate whether the environmental impact justifies stricter regulations on diesel engines altogether [3][6].

Amazon employees are reportedly creating unproductive AI agents and extraneous tasks to inflate their "AI token" usage in response to corporate pressure to meet high internal activity targets. [src]

Hacker News commenters describe a "bonkers" corporate environment where Big Tech employees are incentivized to maximize AI token usage, often leading to performative waste and "magical thinking" [0][8]. Anecdotes include workers receiving accolades for creating agents that intentionally burn tokens [2] and using expensive LLMs to perform tasks that previously required a single command [1]. While some argue this shift lowers the barrier to entry for complex work [4] or overcomes initial engineer resistance [9], others compare the forced quotas to Soviet-era inefficiencies that ignore environmental costs and actual productivity [3][8].

A GitHub issue reports that Bun's Rust rewrite contains widespread undefined behavior and fails basic Miri checks due to improper memory management and lifetime erasure. Developers attributed the flaws to a 1:1 translation from Zig and AI-generated code, leading to multiple pull requests to fix the unsoundness. [src]

The Bun rewrite into Rust has sparked criticism regarding its heavy reliance on AI-generated code and "unaudited" unsafe blocks, which critics argue results in a codebase less trustworthy than the original Zig version [1][3][7]. While some view the move as a marketing stunt that exploits the "memory-safe" reputation of Rust despite persistent undefined behavior [0][4][5][9], others defend it as a necessary first step toward long-term safety, especially given the project's friction with the Zig community [6][8]. The core technical dispute centers on whether a "vibe-coded" port that fails basic safety checks provides any of the actual benefits typically associated with the Rust language [1][3].

Google Project Zero researchers developed a two-stage, zero-click exploit chain for the Pixel 10 by leveraging a patched Dolby vulnerability and a new, "exceptionally simple" memory mapping flaw in the Tensor G5's VPU driver that granted full kernel read-write access. [src]

The discovery of a 0-click exploit chain has sparked debate over the security risks introduced by AI-powered messaging features, which increase the attack surface by decoding media before a user even opens a message [0][4]. While some users argue for extreme legal consequences for developers of "catastrophic code," others point out that modern LLMs are already capable of identifying such vulnerabilities through first-principles analysis [1][5][9]. There is also a notable contrast in vendor responsiveness; while Google patched this driver bug within 90 days, anecdotal reports suggest Apple can take up to six months to resolve similar issues [2][6].

The Wikipedia File Explorer is an interactive web project that allows users to browse Wikipedia categories and Wikimedia Commons media through a functional interface modeled after the Windows XP desktop. [src]

Users praised the project for its aesthetic appeal and its ability to map Wikipedia's vast data to a familiar, object-oriented mental model [0][2]. While some argue that knowledge is too subjective and non-linear for rigid hierarchies [1], others suggest that "symlinks" or multi-tagging systems could bridge the gap between structured folders and fluid data [4][7]. Despite some minor confusion over Wikipedia's redirect logic [3][5][8] and the "Temu-like" visual style [9], the interface was lauded for its speed and for revealing the depth of Wikipedia's existing classification systems [2][6].

Turso is retiring its $1,000 bug bounty program after being overwhelmed by a surge of low-quality, AI-generated submissions that wasted maintainers' time with nonsensical or fraudulent claims of data corruption. [src]

The decision to retire the bug bounty program highlights how AI-generated "low-effort bullshit" is overwhelming maintainers with an unmanageable volume of reports [3][6]. Commenters compare this phenomenon to the "tactical tornado"—a prolific but destructive developer who prioritizes speed over code quality and long-term maintainability [1][9]. While some suggest technical or social fixes like enforcing smaller PRs or charging submission fees [2][4], others argue that the "Pandora’s box" of AI has fundamentally broken the incentive structures of open-source collaboration [5][8].