Published on May 18, 2026 at 18:00 CEST (UTC+2)
We stopped AI bot spam in our GitHub repo using Git's –author flag (54 points by ildari)
We stopped AI bot spam in our GitHub repo using Git's –author flag
This article describes how AI bots inundated a GitHub repository with low-quality comments and pull requests, overwhelming maintainers and burying legitimate contributions. The author’s team implemented a Git --author flag to filter out bot-generated activity, reducing the noise. It highlights the growing problem of AI-generated “slop” in open-source collaboration and the extra burden it places on human maintainers.
Show HN: Files.md – Open-source alternative to Obsidian (218 points by zakirullin)
Show HN: Files.md – Open-source alternative to Obsidian
Files.md is a local-first, browser-based note-taking application that stores everything in plain .md files. It is free, open-source, and designed to be LLM-friendly, with a focus on simplicity and offline functionality. The project has been under development for five years and aims to provide a minimal yet powerful alternative to apps like Obsidian.
1024000^2 Blocks, 2B2T Minecraft Server World Download Project, and Discoveries (50 points by exploraz)
1024000^2 Blocks, 2B2T Minecraft Server World Download Project, and Discoveries
This project archives a massive 24TB of Minecraft world data from the infamous 2b2t server, covering areas up to 1,024,000 blocks in each dimension. It required over a year of development and stress testing, and includes renders, timelapses, and a torrent. The release showcases both technical achievement and the dedication of the Minecraft preservation community.
The Quiet Renovation at Bitwarden (83 points by DaSHacka)
The Quiet Renovation at Bitwarden
The article analyzes recent changes at Bitwarden, including a controversial price increase and a quiet CEO transition to a leader with a private equity background. The author argues that these moves signal a shift away from the company’s scrappy open-source roots toward profit-driven M&A strategies. It raises concerns about the future direction of a once-beloved password manager.
Project Glasswing: what Mythos showed us (53 points by Fysi)
Project Glasswing: what Mythos showed us
Cloudflare tested Anthropic’s Mythos Preview LLM on over fifty of their own repositories to identify security vulnerabilities. They found it to be a significant leap over previous general-purpose models, performing a different kind of analysis altogether. The post discusses both the model’s strengths and the architectural changes needed to deploy such AI at scale.
'We mould trees to grow into the shape of chairs' (111 points by bauc)
‘We mould trees to grow into the shape of chairs’
This BBC feature follows Alice and Gavin Munro, who have spent 20 years perfecting the art of growing trees into chair shapes. The process involves training and grafting branches over 6–9 years, then drying the piece for a year. The article reflects on patience, craftsmanship, and the personal history behind the project.
Voice AI Systems Are Vulnerable to Hidden Audio Attacks (22 points by SVI)
Voice AI Systems Are Vulnerable to Hidden Audio Attacks
IEEE Spectrum reports that voice AI systems can be hijacked through hidden audio signals imperceptible to humans. These attacks exploit weaknesses in speech recognition and wake-word detection, potentially allowing malicious commands. The article underscores the need for stronger security measures in voice-controlled devices.
The Aperiodic Table (45 points by jgrahamc)
The Aperiodic Table
John Graham-Cumming created a web page that displays the periodic table on a Penrose tiling, inspired by an XKCD comic. He used Claude (an AI model) to help generate the implementation. The result is a single-page interactive site hosted on Cloudflare Pages that allows users to pan and print aperiodic versions of the table.
Actually, Democracy Dies in H.R. (103 points by mitchbob)
Actually, Democracy Dies in H.R.
The content preview for this New York Times article was not available, but the title appears to comment on US House of Representatives procedures and their impact on democratic norms. The phrase “Democracy Dies in H.R.” is likely a critical take on legislative actions that undermine democratic processes. Without the full text, the exact argument cannot be summarized in detail.
Linux security mailing list 'almost unmanageable' (124 points by jonbaer)
Linux security mailing list ‘almost unmanageable’
Linus Torvalds has declared the Linux kernel security mailing list nearly unmanageable due to an avalanche of duplicate bug reports generated by different researchers using the same AI tools. He notes that the list is flooded with redundant findings, creating “unnecessary pain and pointless work” for kernel maintainers. The article highlights the dark side of AI-aided security research when coordination is lacking.
AI-generated noise is overwhelming human-maintained open-source projects
Both the GitHub bot spam article and Torvalds’ complaint about the Linux security mailing list illustrate a clear trend: AI tools are flooding repositories with low-quality or duplicate contributions. This wastes maintainer time and buries genuine work. Implication: Projects need automated filtering, reputation systems, or AI-specific submission channels to manage the deluge. Maintainers should consider technical solutions (e.g., Git flags, duplicate detection) and community guidelines.
AI models are becoming powerful enough for specialized security auditing
Cloudflare’s Project Glasswing shows that frontier models like Anthropic’s Mythos Preview can now find real vulnerabilities in production codebases. The leap over previous models is described as “a different kind of tool doing a different kind of work.” Implication: Organizations should invest in evaluating and integrating such models into their DevSecOps pipelines, but must also plan for architectural changes (e.g., scaling inference, handling false positives). The technology is maturing beyond generic code review.
The same AI tools used by multiple actors cause duplication and noise
Torvalds’ complaint directly points to a systemic issue: when many researchers use identical or similar AI bug-hunting tools, they find the same bugs repeatedly. This creates redundant reports and admin overhead. Implication: The security research community needs shared databases of AI-discovered vulnerabilities or coordinated disclosure mechanisms. Tool vendors could also build deduplication features into their outputs.
AI-assisted creativity is gaining traction in niche applications
The aperiodic table project demonstrates how AI (Claude) can help generate code for creative, non-mainstream ideas (Penrose tilings). This lowers the barrier for individuals to implement complex visualizations. Implication: AI is not only for productivity or security; it also empowers hobbyists and artists to realize novel projects quickly. Expect more “AI-assisted” creative tools and mashups in the future.
Voice AI security is a growing risk that requires new defenses
The article on hidden audio attacks highlights that voice assistants and AI voice systems have exploitable vulnerabilities. Adversaries can embed inaudible commands to hijack devices. Implication: Developers of voice AI must incorporate adversarial audio detection (e.g., spectrum analysis, voice liveness checks) and consider hardware-level countermeasures. This is a critical area for research, especially as voice interfaces become more prevalent.
LLM-friendly design is emerging as a software requirement
Files.md explicitly markets itself as “LLM-friendly” by using plain .md files. This suggests a trend where applications are built or optimized to be easily ingested and processed by large language models. Implication: Developers should consider how their data formats, APIs, and storage choices affect AI interoperability. Tools that produce clean, structured, or plain-text outputs may gain an edge in the AI-augmented workflow ecosystem.
AI-generated PRs and issues are straining open-source governance
The Archestra blog and Bitwarden’s quiet renovation both touch on the tension between AI automation and community trust. Low-quality AI contributions erode confidence, while corporate pivots (like Bitwarden’s PE-backed leadership) may reduce transparency. Implication: Open-source projects may need to adopt stricter contribution guidelines, AI disclosure policies, or even opt-out mechanisms for bot activity. The community’s social contract is being tested by both volume and intent.
Analysis generated by deepseek-reasoner