Cirrus Labs to join OpenAI

The Problem That Built an Industry

Surelock: Deadlock-Free Mutexes for Rust

South Korea introduces universal basic mobile data access

Cooperative Vectors Introduction

Volunteers turn a fan's recordings of 10K concerts into an online treasure trove

How Much Linear Memory Access Is Enough?

How Passive Radar Works

Installing every* Firefox extension

Chimpanzees in Uganda locked in eight-year 'civil war', say researchers

Artemis II safely splashes down

France's government is ditching Windows for Linux, says US tech a strategic risk

AI assistance when contributing to the Linux kernel

Bitcoin miners are losing on every coin produced as difficulty drops

Industrial design files for Keychron keyboards and mice

Productive Procrastination

Polymarket gamblers betting millions on war

<a href="https:&#x2F;&#x2F;xcancel.com&#x2F;vxunderground&#x2F;status&#x2F;2042483067655262461" rel="nofollow">https:&#x2F;&#x2F;xcancel.com&#x2F;vxunderground&#x2F;status&#x2F;2042483067655262461</a><a href="https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;pcmasterrace&#x2F;comments&#x2F;1sh4e5l&#x2F;warning_hwmonitor_163_download_on_the_official&#x2F;" rel="nofollow">https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;pcmasterrace&#x2F;comments&#x2F;1sh4e5l&#x2F;warni...</a><a href="https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;supply-chain-...</a>

CPU-Z and HWMonitor compromised

Helium is hard to replace

JSON formatter Chrome plugin now closed and injecting adware

I built a satirical browser game to share with friends (Hormuz Havoc: you play an American president managing a crisis in the Middle East, only &quot;loosely&quot; inspired by current events). I had good fun making this, but that&#x27;s not necessarily the interesting part.The interesting part was that within a few hours of sharing it with my friends, some of them set about trying to overrun the leaderboard by launching a swarm of AI bots to learn the game and figure out how to get the highest score. This set off a game of cat-and-mouse as they found vulnerabilities and I tried patching them.Within hours of sharing, someone used the Claude browser extension to read game.js directly. Large parts of the scoring formula, action effect values, and bonus thresholds were sitting in client-side JavaScript - this was a trivial thing even a human could&#x27;ve found, but a human would&#x27;ve still had to play the game, whereas the AI bot just optimised directly against the scoring formula. It meant that the first AI already scored 2.5x higher than the best human player by optimising directly against the source code rather than playing the game.Straightforward fix: moved the entire game engine server-side. The client is now a dumb terminal, it sends an action ID, receives a rendered state. No scoring logic, no bonus thresholds, no action effects exist in the browser. The live score display uses a deliberately different formula as misdirection.This increased the difficulty in finding bot-enabled hacks, so the subsequent bots tried brute-forcing the game, trying to game the RNG functions, and other methods.But the next winning bot found a vulnerability where the same signed session token could be replayed. It would play turn N, observe a bad random event, replay the same token for turn N, get a different RNG outcome, keep the best one. Effectively branching from a single game state to cherry-pick lucky outcomes across 30 turns. Managed to 1.5x the previous bot&#x27;s high score.The bot&#x27;s own description: &quot;The key optimisation was token replay. Because the backend let the same signed state be replayed, I could branch from one exact game state repeatedly and continue from the luckiest high-value outcome each turn.&quot;Fix here: consume a turn nonce atomically before any randomness is generated.The current state is that the leaderboard is now split into human and AI-assisted. I think the capability of AI bots has flatlined a bit now. Perhaps Claude Mythos might be able to discover the next hackable exploit ¯\_(ツ)_&#x2F;¯Happy to go deeper on any of the above - or just enjoy the game! Feel free to try your own AI-powered leaderboard attempt too!

Show HN: Hormuz Havoc, a satirical game that got overrun by AI bots in 24 hours

Quien – A better WHOIS lookup tool

Intel 486 CPU announced April 10, 1989

A practical guide for setting up Zettelkasten method in Obsidian

Hey HN, we&#x27;re Willy and Dan, co-founders of Twill.ai (<a href="https:&#x2F;&#x2F;twill.ai&#x2F;">https:&#x2F;&#x2F;twill.ai&#x2F;</a>). Twill runs coding CLIs like Claude Code and Codex in isolated cloud sandboxes. You hand it work through Slack, GitHub, Linear, our web app or CLI, and it comes back with a PR, a review, a diagnosis, or a follow-up question. It loops you in when it needs your input, so you stay in control.Demo: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=oyfTMXVECbs" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=oyfTMXVECbs</a>Before Twill, building with Claude Code locally, we kept hitting three walls1. Parallelization: two tasks that both touch your Docker config or the same infra files are painful to run locally at once, and manual port rebinding and separate build contexts don&#x27;t scale past a couple of tasks.2. Persistence: close your laptop and the agent stops. We wanted to kick off a batch of tasks before bed and wake up to 
PRs.3. Trust: giving an autonomous agent full access to your local filesystem and processes is a leap, and a sandbox per task felt safer to run unattended.All three pointed to the same answer: move the agents to the cloud, give each task its own isolated environment.So we built what we wanted. The first version was pure delegation: describe a task, get back a PR. Then multiplayer, so the whole team can talk to the same agent, each in their own thread. Then memory, so &quot;use the existing logger in lib&#x2F;log.ts, never console.log&quot; becomes a standing instruction on every future task. Then automation: crons for recurring work, event triggers for things like broken CI.This space is crowded. AI labs ship their own coding products (Claude Code, Codex), local IDEs wrap models in your editor, and a wave of startups build custom cloud agents on bespoke harnesses. We take the following path: reuse the lab-native CLIs in cloud sandboxes. Labs will keep pouring RL into their own harnesses, so they only get better over time. That way, no vendor lock-in, and you can pick a different CLI per task or combine them.When you give Twill a task, it spins up a dedicated sandbox, clones your repo, installs dependencies, and invokes the CLI you chose. Each task gets its own filesystem, ports, and process isolation. Secrets are injected at runtime through environment variables. After a task finishes, Twill snapshots the sandbox filesystem so the next run on the same repo starts warm with dependencies already installed. We chose this architecture because every time the labs ship an improvement to their coding harness, Twill picks up the improvement automatically.We’re also open-sourcing agentbox-sdk, <a href="https:&#x2F;&#x2F;github.com&#x2F;TwillAI&#x2F;agentbox-sdk" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;TwillAI&#x2F;agentbox-sdk</a>, an SDK for running and interacting with agent CLIs across sandbox providers.Here’s an example: a three-person team assigned Twill to a Linear backlog ticket about adding a CSV import feature to their Rails app. Twill cloned the repo, set up the dev environment, implemented the feature, ran the test suite, took screenshots and attached them to the PR. The PR needed one round of revision, which they requested through Github. For more complex tasks, Twill asks clarifying questions before writing code and records a browser session video (using Vercel&#x27;s Webreel) as proof of work.Free tier: 10 credits per month (1 credit = $1 of AI compute at cost, no markup), no credit card. Paid plans start at $50&#x2F;month for 50 credits, with BYOK support on higher tiers. Free pro tier for open-source projects.We’d love to hear how cloud coding agents fit into your workflow today, and if you try Twill, what worked, what broke, and what’s still missing.

4:08:47 PM SATURDAY APRIL 11, 2026

THE HACKER NEWS