Ask stories

Almost all transactional emails are being marked as suspicious even when their SPF/DKIM records are fine and they’ve been whitelisted before. Did Google break something in gmail/spam filtering?

I’m trying to do the “voice assistant” thing fully locally: mic → model → speaker, low latency, ideally streaming + interruptible (barge-in).

Qwen3 Omni looks perfect on paper (“real-time”, speech-to-speech, etc). But I’ve been poking around and I can’t find a single reproducible “here’s how I got the open weights doing real speech-to-speech locally” writeup. Lots of “speech in → text out” or “audio out after the model finishes”, but not a usable realtime voice loop. Feels like either (a) the tooling isn’t there yet, or (b) I’m missing the secret sauce.

What are people actually using in 2026 if they want open + local voice?

Is anyone doing true end-to-end speech models locally (streaming audio out), or is the SOTA still “streaming ASR + LLM + streaming TTS” glued together?

If you did get Qwen3 Omni speech-to-speech working: what stack (transformers / vLLM-omni / something else), what hardware, and is it actually realtime?

What’s the most “works today” combo on a single GPU?

Bonus: rough numbers people see for mic → first audio back

Would love pointers to repos, configs, or “this is the one that finally worked for me” war stories.

Hi everyone! I'm posting this from a memory safe browser: WebKitGTK MiniBrowser compiled with Fil-C, plus all dependencies compiled with Fil-C

Still dealing with a tail of bugs, some of which look like overzealous optimizations leading to loss of pointer capability (leading to a filc panic). But it works well enough that I can say "hi" on here.

I've been trying to get agentic coding to work, but the dissonance between what I'm seeing online and what I'm able to achieve is doing my head in.

Is there real evidence, beyond hype, that agentic coding produces net-positive results? If any of you have actually got it to work, could you share (in detail) how you did it?

By "getting it to work" I mean: * creating more value than technical debt, and * producing code that’s structurally sound enough for someone responsible for the architecture to sign off on.

Lately I’ve seen a push toward minimal or nonexistent code review, with the claim that we should move from “validating architecture” to “validating behavior.” In practice, this seems to mean: don’t look at the code; if tests and CI pass, ship it. I can’t see how this holds up long-term. My expectation is that you end up with "spaghetti" code that works on the happy path but accumulates subtle, hard-to-debug failures over time.

When I tried using Codex on my existing codebases, with or without guardrails, half of my time went into fixing the subtle mistakes it made or the duplication it introduced.

Last weekend I tried building an iOS app for pet feeding reminders from scratch. I instructed Codex to research and propose an architectural blueprint for SwiftUI first. Then, I worked with it to write a spec describing what should be implemented and how.

The first implementation pass was surprisingly good, although it had a number of bugs. Things went downhill fast, however. I spent the rest of my weekend getting Codex to make things work, fix bugs without introducing new ones, and research best practices instead of making stuff up. Although I made it record new guidelines and guardrails as I found them, things didn't improve. In the end I just gave up.

I personally can't accept shipping unreviewed code. It feels wrong. The product has to work, but the code must also be high-quality.

I have the following, in no particular order:

1. Languages (natural e.g. English, and formal e.g. Mathematics, Python etc) 2. Music 3. Cuisine 4. Transistors 5. MS Excel 6. Rockets 7. P2P file sharing 8. Encryption

What do you think? I think I'm missing historical inventions e.g. Gutenberg press

Hi,

I started Muky in April 2024. Classic side project that got out of hand. We have two kids - the younger one is happy with the Toniebox, but our older one outgrew it. She started asking for specific songs, audiobooks that aren't available as figurines, and "the music from that movie."

We had an old iPad Mini lying around and already pay for Apple Music. Felt dumb to keep buying €17/$20 figurines for 30-45 minutes of content when we have 100 million songs.

Now at version 4.0 after ~20 updates. Some lessons:

On the hardware vs app tradeoff: Toniebox and Yoto are brilliant for little ones – tactile, simple, no screen needed. But they hit a wall once kids want more. And handing a 5-year-old Apple Music means infinite scrolling and "Dad, what's this song about?" Muky sits in between – full library access, but parents control what's visible.

On sharing: Remember lending CDs or cassettes to friends? Or kids swapping Tonie figurines at a playdate? I wanted that for a digital app. So I built QR code sharing. Scan, import, done. And unlike a physical thing – both keep a copy.

On onboarding: First versions: empty app, figure it out yourself. Retention was awful. Now: 4-step onboarding that actually guides you. Should've done this from the start.

On content discovery: 100 million songs sounds great until you have to find something. Parents don't want to search – they want suggestions. Spent a lot of time building a Browse tab with curated albums and audiobooks for kids. Finally feels like the app helps you instead of just waiting for input.

On going native: Went with Swift/SwiftUI instead of Flutter or React Native. No regrets - SwiftUI is a joy to work with and performance is great. Android users ask for a port regularly. No capacity for that now, but Swift for Android is progressing (https://www.swift.org/documentation/articles/swift-sdk-for-a...). Maybe one day. CarPlay is another one parents keep asking for – going native should make that easier to add, if Apple grants me the entitlement.

On subscriptions vs one-time: Started with one-time purchase. Revenue spikes at launch, then nothing. Switched to subscription – existing one-time buyers kept full access. Harder to sell, but sustainable.

Ask me anything about indie iOS dev or building for kids. App is at https://muky.app if you're curious.

Hello HN! I'm a long time lurker. It's only now that I've decided to sign up, when I read a comment by nick_m: https://news.ycombinator.com/item?id=46511892

I'd like to help Nick (and have some fun reverse engineering), alas I've got no means of reaching out to them. Nick, if you're reading this, please leave some contact info. I figure it's a long shot, but... why not try?

Hopefully this submission is within the rules. If not, please let me know and I'll delete it.

I recently had a conversation with an engineer who optimized assembly lines at Black & Decker in 1981 using an Apple II.

He described how they measured atomic hand movements (reach, grasp, orient) in decimal seconds to balance the line. But he made a distinction that stuck with me:

Back then, the goal was Flow (smoothness), which inherently required some slack in the system. Today, he argued, the goal of modern management is Utilization (removing every micro-second of downtime).

His quote: "We deleted the 'waiting,' but we forgot that the waiting was the only time the human got to breathe."

I feel like I see this exact pattern in Software Engineering now. We treat Developer Idle Time as a defect to be eliminated by JIRA tickets, rather than the necessary slack required for thinking.

Ask HN: For those who have been in the industry for 20+ years, do you agree?

I had a VC call that went well. They asked for a demo, mentioned looping in an operating partner, and I shared details etc. Since then it’s been quiet (a day or two).

For folks who’ve raised before or worked in VC: Is this typically just internal review time, or does silence after a demo usually signal a pass?

Not looking for validation, just trying to understand how this phase usually plays out.

Thanks.

For example, Android builds steer towards using `sdkmanager --licenses`.

Suppose I get a preconfigured VPS with Claude Code, and ask it to make an android port of an app I have built, it will almost always automatically downloads the sdkmanager and accepts the license.

That is the flow that exists many times in its training data (which represents its own interesting wrinkle).

Regardless of what is in the license; I was a bit surprised to see it happen, and I'm sure I won't be the last nor will the android sdk license be the only one.

What is the legal status of an agreement accepted in such a manner - and perhaps more importantly - what ought to be the legal status considering that any position you take will be exploited by bad faith ~~actors~~ agents?

Seeing a lot of people running coding agents (Claude Code, etc.) in custom sandboxes Docker/VMs, firejail/bubblewrap, scripts that gate file or network access.

Curious to know what's missing that makes people DIY this? And what would a "good enough" standard look like?

Hello,

I have a master's degree in cognitive neuroscience and a master's degree in computational neuroscience and AI. Unfortunately, I suffered from burnout during my second year of medical school.

I have a training project focused on GenAI, AIarchitect, AIagentic, and MLops. I am looking for a mentor to discuss the quality of the content of this training (self-taught followed by three boot camps), given:

- My age. - The alignment between the skills taught in the program and those required in the French, Swiss, and Canadian job markets by 2027/2028.

Thank you for your attention and potential assistance.

Pierre

Hello :-)

I have a Discord server I set up a long time ago. Around 2016 I think. Back then, it was lively and active and loads of fun. Over time it's developed close to 5,000 members (it actually had over 5,000 members at one point) and currently has 501 members online as I type this. It's more likely there's about 10-15 that are paying attention to anything happening.

It's a Discord that originally focused on DevOps. It complemented my YouTube channel on the same topic, but since then, as it's slowly died out, and my channel's focus as shifted and changed, it's become a bit of a waste land.

It's a shame really, because a really fun Discord server can be a great place to be, but I'm not sure where to take it now.

How would you handle this situation? What would be your approach to reviving the Discord and perhaps trying to get a community of like minded hackers going again in 2026?

I won't link the Discord here as I'm not trying to beg for users or spam. I just genuinely want to work on a solution to improve the life of the server. I will put it in my HN profile, though, so if you do want to check it out that extra step is required.

Are people even interested in Discord servers any more? I don't know.

Thanks in advance.

5 days (or so) ago, I remember seeing 438k, now it is 391K. What happened to the ~47K?

https://catalog.data.gov/dataset/

Is this a bug?

I’ve been experimenting with AI coding agents in real day-to-day work and ran into a recurring problem, I keep repeating the same engineering principles over and over.

Things like validating input, being careful with new dependencies, or respecting certain product constraints. The usual solutions are prompts or rules.

After using both for a while, neither felt right. - Prompts disappear after each task. - Rules only trigger in narrow contexts, often tied to specific files or patterns. - Some principles are personal preferences, not something I want enforced at the project level. - Others aren’t really “rules” at all, but knowledge about product constraints and past tradeoffs.

That led me to experiment with a separate “memory” layer for AI agents. Not chat history, but small, atomic pieces of knowledge: decisions, constraints, and recurring principles that can be retrieved when relevant.

A few things became obvious once I started using it seriously: - vague memory leads to vague behavior - long memory pollutes context - duplicate entries make retrieval worse - many issues only show up when you actually depend on the agent daily

AI was great at executing once the context was right. But deciding what should be remembered, what should be rejected, and when predictability matters more than cleverness still required human judgment.

Curious how others are handling this. Are you relying mostly on prompts, rules, or some form of persistent knowledge when working with AI coding agents?

I am compiling some statistics problems that are interesting due to their unintuitive nature. some basic/well known examples are the monty hall problem and the birthday problem. What are some others I should add to my list? thank you!

I’m a founder exploring a local-first personal AI system built around multi-agent architecture and on-device intelligence.

This is not a cloud chatbot or a hosted-LLM wrapper. The focus is on building an assistant that lives with the user — understands personal context, reasons over local data, and can act autonomously without exporting private information off the device.

I’m interested in connecting with senior engineers who enjoy building AI systems in Rust, think in terms of orchestration and state, and care deeply about correctness, performance, and privacy.

San Francisco Bay Area preferred, as I believe early in-person collaboration matters.

Posting anonymously for privacy reasons — happy to share more in 1:1 conversations.

— Founder, SF Bay Area Contact: localai-founder@proton.me

My young daughter got 2 Amazon Gift cards for her birthday, but they look like they've been tampered with. I would like to check whether they are valid or not without having to go through the redeeming process: I want to avoid being at the mercy of a fraud detection algorithm that may lock me out of my account. There was a HN story not too long ago about someone who got locked out of their iCloud account for similar reasons, and the risk doesn't seem to be worth it to me. Surely, I can't be the only one with this problem. How do people do this "safely"?

Hello HN! Just creating a weekend social topic here to see what kind of answers might come up in this thread. Here are the questions:

1. What are your two most favourite programming languages? (Call them A and B below.)

2. What is one feature from A you wish B had? And one feature from B you wish A had?

3. When starting a new project, how do you choose between A and B?

I’ve recently started integrating AI coding agents into my daily workflow (specifically when using Cursor Composer, Devin, Claude Code), and I’ve noticed a strange pattern in my behavior.

I treat the agent like the worst kind of micro-manager.

When I work with a human junior developer, I try to provide the "why" and the high-level architecture, then give them autonomy to solve the problem. If I stood over their shoulder dictating every variable name, commenting on every logic branch before it was finished, and constantly interrupting with "no, do it this way," they would (rightfully) quit within a week.

However, with the agent, I find that micro-management is actually the optimal strategy.

* I break tasks down into atomic units. * I review code block-by-block rather than feature-by-feature. * I constantly course-correct standard library choices or variable naming conventions in real-time.

And I felt that I am intruding the space of my agents while I should have just trust and let it build. It also sometimes break the seperation of tasks.

What makes me further unsettled is the kind of mental drain and internal conflict with what I have been trained in management.

So my question for you is

Do you micro-manage your agent?

or what's the best pratice?

I see an urgent need for a map projection that makes Greenland look as small as possible. What are the options?

On January 19, 2026, my Google Account was disabled for suspected "policy violation and potential bot activity." Within hours, my Google Cloud Platform account—hosting a community traffic monitoring website serving 17,000+ users—became completely inaccessible. I immediately submitted an appeal. Twenty-two hours later, Google sent an email confirming my appeal was approved and access was restored. But when I tried to log in, I hit an error that persists across every device, browser, and method: "Too many failed attempts - try again in a few hours." That was three days ago. What I've done:

Submitted account recovery form Filed GCP Account and Resource Recovery Request (officially promised 48-hour response) Contacted Google Cloud Support (they closed my case saying account recovery is "out of scope") Escalated through Google Maps Platform (P1 priority, but they can't help either) Posted on Google Cloud Community forums

The real problem isn't just the lockout. It's the cascading damage. I made a mistake: I registered the domain (mineheadtraffic.com) on the same GCP Cloud Domains account. I have a backup system running on a different domain, getting 5% of my usual traffic, because I can't redirect the original domain. I'm completely locked out of that DNS control too. So I'm in this situation:

My primary domain is unreachable 95% of my regular users can't find the service The backup site exists but people don't know about it All because I trusted Google enough to use their domain registrar

But here's what really stings: I still can't see what Google is charging me for it. I have zero visibility into:

What services are running What the current bill is When the next invoice will hit Whether I can dispute charges on an account I cannot access What happens after the December 15 deletion deadline

Google is billing a locked account. They have complete visibility. I have none. And there's no support path to fix it. The support structure is broken.

Premium Support ($15k+/month) explicitly doesn't cover account recovery Standard support requires account access (which I don't have) Free users have no escalation path Google One ($1.99/month) is the only way to reach a human When you reach a human, they tell you it's "out of scope"

It's a perfect catch-22. Every department passes responsibility. Cloud Support says it's not their problem. Billing Support says it's not their problem. Even the Maps Platform team (who were actually helpful and moved me to P1) can't help because account recovery is handled by a department that doesn't have a public escalation path. The part that feels like theft: Google locked me out of my own infrastructure, my own domain, my own billing account, and continues charging me with zero accountability. They don't have to tell me what it costs. I can't stop it. I can't dispute it. I'm just... stuck paying for something I can't see or control. I'm a paying customer of a company that claims to have world-class support. I'm not asking for special treatment. I'm asking: how is this acceptable? This shouldn't be possible. No company the size of Google should have a support architecture where locking out a paying customer results in zero escalation path and continuous billing with zero visibility. If this is working as designed, that's a problem. If it's a gap, it needs to be public knowledge so others don't make my mistake.

On iPad, .com sites show up, for my site:.ca.gov search. On Firefox, DDG wants to invoke a "System Handler"

When building with autonomous / semi-autonomous agents, they often need broad local access: env vars, files, CLIs, browsers, API keys, etc. This makes the usual assumption — “the local machine is safe and untampered” — feel shaky.

We already use password managers, OAuth, scoped keys, and sandboxing, but agents introduce new risks: prompt injection, tool misuse, unexpected action chains, and secrets leaking via logs or model context. Giving agents enough permission to be useful seems at odds with least-privilege.

I haven’t seen much discussion on this. How are people thinking about secret management and trust boundaries on dev machines in the agent era? What patterns actually work in practice?

Coding assistants are slow.

Obviously they are extremely fast in comparison to the best human programmers, but they are still too slow to be our one-to-one enhanced pair programmer. Our current solution is multi-instances, toggling between tasks. However, Multitasking is known to be a poor method, with low productivity and causing harm as it increases cognitive load, stress and fatigue levels.

I am sure that this is temporary and we will soon have coding assistants fast enough for deep focus on single tasks. What do you think?

I'm deploying AI agents that can call external APIs – process refunds, send emails, modify databases. The agent decides what to do based on user input and LLM reasoning.

My concern: the agent sometimes attempts actions it shouldn't, and there's no clear audit trail of what it did or why.

Current options I see: 1. Trust the agent fully (scary) 2. Manual review of every action (defeats automation) 3. Some kind of permission/approval layer (does this exist?)

For those running AI agents in production: - How do you limit what the agent CAN do? - Do you require approval for high-risk operations? - How do you audit what happened after the fact?

Curious what patterns have worked.

I would like to find a good way to use coding agents like claude or codex to code from my (Android) phone. But I can't find any tools that work.

What I tried:

An ssh terminal app on my phone. This works, but a TUI interface is far from what I would call "comfortable" on a mobile phone.

Happy Coder (happy.engineering) promises to be the solution but I found it rarely works reliably, it can't deal with claude's new question format and (judging from issues and discussions) seems a bit abandoned.

Ideally I would want something selfhosted with a mobile optimized web interface that let's me start different coding sessions (bonus points if each session runs in its own docker container). Important would be that I am not just being dropped into a console but that the interface is actually optimized for phone use.

What are you using to control coding agents on the go? Did I miss an obvious choice?

Now that LLMs have been mainstream for a few years, what new job categories have emerged or do you expect to emerge in the near future?

It's 2026 and I shouldn't spend 3 hours every month manually splitting $15K revenue:

• 50% to co-founder • 10% across 3 contractors • 5-10% to ~15 affiliates • 30% to tax account

This should be automated. Maybe through a kind of workflow builder that can trigger money flows.

What I've tried:

- Stripe Connect: Only splits to one account - Zapier: Can't actually move money (ToS restriction) - Manual scripts: Works but I'm now maintaining financial infrastructure. - Escrow.com: $100 min fee, designed for one-off transactions

What I want: Set rules once → money routes automatically each month.

Questions:

1. Does this exist? (Feels like I'm bad at searching)

2. If not, why? Regulatory? Nobody trusts automation with money? Technical blocker? Stable coins could maybe help shipping this.

3. What's your current solution? Custom code? Just manual transfers?

I've talked to ~20 founders. Most are either: - Writing custom scripts (requires dev skills + maintenance) - Paying accountants (expensive, still manual) - Suffering through manual transfers (time sink)

Seems like a gap between "fully manual" and "build your own payment infrastructure."

Am I missing something obvious?