HN Reader

The Windows Subsystem for Linux is now open source (blogs.windows.com)

1575 points by pentagrama 2d ago 1158 comments

Baby is healed with first personalized gene-editing treatment (nytimes.com)

1253 points by jbredeche 6d ago 529 comments

AlphaEvolve: A Gemini-powered coding agent for designing advanced algorithms (deepmind.google)

1035 points by Fysi 7d ago 268 comments

Coding without a laptop: Two weeks with AR glasses and Linux on Android (holdtherobot.com)

1013 points by mikenew 7d ago 383 comments

Spaced repetition systems have gotten better (domenic.me)

1000 points by domenicd 3d ago 501 comments

Watching AI drive Microsoft employees insane (old.reddit.com)

937 points by laiysb 19h ago 505 comments

Have I Been Pwned 2.0 (troyhunt.com)

850 points by LorenDB 2d ago 289 comments

What is HDR, anyway? (lux.camera)

805 points by _kush 7d ago 337 comments

Veo 3 and Imagen 4, and a new tool for filmmaking called Flow (blog.google)

790 points by youssefarizk 1d ago 501 comments

Zod 4 (zod.dev)

770 points by bpierre 2d ago 250 comments

Human (quarter--mile.com)

733 points by surprisetalk 7d ago 270 comments

Thoughts on thinking (dcurt.is)

704 points by bradgessler 5d ago 436 comments

OpenAI to buy AI startup from Jony Ive (bloomberg.com)

698 points by minimaxir 13h ago 923 comments

Don't guess my language (vitonsky.net)

656 points by e-topy 2d ago 365 comments

DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage (micahflee.com)

655 points by micahflee 2d ago 183 comments

France Endorses UN Open Source Principles (social.numerique.gouv.fr)

610 points by bzg 3d ago 213 comments

Push Ifs Up and Fors Down (matklad.github.io)

563 points by goranmoomin 4d ago 197 comments

GitHub Copilot Coding Agent (github.blog)

551 points by net01 2d ago 356 comments

Making video games (without an engine) in 2025 (noelberry.ca)

548 points by selvan 2d ago 237 comments

Jules: An asynchronous coding agent (jules.google)

519 points by travisennis 2d ago 230 comments

Ground control to Major Trial (virtualize.sh)

519 points by plam503711 5d ago 190 comments

A Research Preview of Codex (openai.com)

509 points by meetpateltech 5d ago 449 comments

Getting AI to write good SQL (cloud.google.com)

494 points by richards 5d ago 354 comments

Bus stops here: Shanghai lets riders design their own routes (sixthtone.com)

493 points by anigbrowl 8d ago 362 comments

I don't like NumPy (dynomight.net)

488 points by MinimalAction 6d ago 205 comments

Proton threatens to quit Switzerland over new surveillance law (techradar.com)

487 points by taubek 4d ago 219 comments

Deep Learning Is Applied Topology (theahura.substack.com)

486 points by theahura 1d ago 178 comments

InventWood is about to mass-produce wood that's stronger than steel (techcrunch.com)

478 points by LorenDB 3d ago 425 comments

Ditching Obsidian and building my own (amberwilliams.io)

462 points by williamsss 3d ago 548 comments

By default, Signal doesn't recall (signal.org)

461 points by feross 13h ago 381 comments

Writing that changed how I think about programming languages (bernsteinbear.com)

461 points by r4um 8d ago 60 comments

Flattening Rust’s learning curve (corrode.dev)

458 points by birdculture 8d ago 397 comments

Devstral (mistral.ai)

456 points by mfiguiere 15h ago 103 comments

Finland announces migration of its rail network to international gauge (yle.fi)

452 points by axelfontaine 1d ago 441 comments

Claude Code SDK (docs.anthropic.com)

449 points by sync 2d ago 194 comments

Dilbert creator Scott Adams says he will die soon from same cancer as Joe Biden (thewrap.com)

443 points by dale_huevo 2d ago 592 comments

The unreasonable effectiveness of an LLM agent loop with tool use (sketch.dev)

443 points by crawshaw 6d ago 319 comments

Litestream: Revamped (fly.io)

438 points by usrme 1d ago 89 comments

Mystical (suberic.net)

436 points by mmphosis 4d ago 45 comments

A leap year check in three instructions (hueffner.de)

433 points by gnabgib 6d ago 164 comments

Gemma 3n preview: Mobile-first AI (developers.googleblog.com)

430 points by meetpateltech 1d ago 151 comments

Game theory illustrated by an animated cartoon game (ncase.me)

430 points by felineflock 2d ago 71 comments

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom (cnbc.com)

422 points by gpi 6d ago 499 comments

The recently lost file upload feature in the Nextcloud app for Android (nextcloud.com)

415 points by morsch 8d ago 166 comments

Building my own solar power system (medium.com)

412 points by JKCalhoun 3d ago 305 comments

SMS 2FA is not just insecure, it's also hostile to mountain people (blog.stillgreenmoss.net)

411 points by todsacerdoti 7d ago 314 comments

A server that wasn't meant to exist (it-notes.dragas.net)

404 points by jaypatelani 7d ago 146 comments

Databricks acquires Neon (databricks.com)

389 points by davidgomes 7d ago 225 comments

MIT asks arXiv to withdraw preprint of paper on AI and scientific discovery (economics.mit.edu)

384 points by carabiner 5d ago 200 comments

Show HN: I modeled the Voynich Manuscript with SBERT to test for structure (github.com)

380 points by brig90 3d ago 129 comments

Show HN: Confidential computing for high-assurance RISC-V embedded systems

81 mrnoone 5 5/21/2025, 8:21:06 PM github.com ↗
Dear HN community! Looking forward to hearing your feedback on ACE (assured confidential execution), technology that implements VM-based trusted execution environment (TEE) for embedded RISC-V systems with focus on a formally verified and auditable firmware. We target high-assurance systems that can benefit from compartmentalization and hardware-backed isolation. The key ingredient called security monitor (firmware) is implemented in Rust. The formal specification is defined as annotations directly in code and gets translated to Coq using RefinedRust automation. ACE design is now part of the RISCV confidential VM extension (CoVE) specification (deployment model 3).

Comments (5)

neom · 7h ago
Developers have faced in the confidential computing space, particularly with x86 TEEs, fragmentation leading to vendor lockin and a difficult developer experience due to multiple, somewhat incompatible standards/approaches. Does the CoVE effort, and IBM's involvement in it, aim to prevent a similar situation in the RISC-V world, fostering a more open and standardized TEE ecosystem? Are you using CCC to align RISC-V CoVE with efforts to improve the developer experience? I hope we see common abstractions across different TEE architectures!!!
IshKebab · 8h ago
Can you explain what the relationship is between this and CoVE? Is ACE (this repo) the firmware, and CoVE the RISC-V hardware extensions that it requires?

How does it run on a P550 if that doesn't support CoVE?

aseipp · 7h ago
Yes, that's basically the relationship between CoVE and ACE, from a quick glance. In this case, ACE is simply implementing a formally modeled and verified security monitor where the design has been extracted to Coq and the invariants proven.

It can work on P550 because CoVE supports several "Deployment strategies", the one ACE uses is referenced in the README: CoVE spec, Appendix D, "M-mode [Trusted Security Manager] based deployment model" https://github.com/riscv-non-isa/riscv-ap-tee/blob/main/src/... -- the other appendicies detail e.g. Smmtt based designs, and apparently there's a not-yet-written "Nested Virtualization" design in Appendix C.

They also note that the P550 isn't a "true" port due to the preliminary, non-ratified H extension, and it also misses another required extension called "Sstc" but they just emulate it. (Sstc is interesting; it seems to be a performance optimization for delivering timer interrupts directly to supervisors, but I can imagine in the case of CoVE timer interrupts going through M-mode could leak data, making it more of a security issue.)

Leveraging M-mode is basically how previous security monitors like keystone worked too, back on the original HiFive Unleashed. It just sorta treats M-mode as an analogue to the "secure world" in ARM parlance, though there is no requirement that M-mode has e.g. an encrypted memory controller and dedicated memory region, and I'm guessing other things (I'm not super familiar with TrustZone.)

Broadly speaking this reminds me as a kind of a evolution/combination of Microsoft's Komodo (formally verified, but was only for e.g. SGX-style enclaves) and existing M-mode TEE systems like Keystone -- but upgraded to support "Confidental Computing" virtual machines. So that's quite nice.

hyperhello · 5h ago
> ACE supports local attestation, a mechanism to authenticate confidential VMs intended for embedded systems with limited or no network connectivity.

I'm interested to know the safe definition of 'limited' connectivity - is there some kind of boundary which logical reasoning can't support?

anonymousDan · 6h ago
How does this differ from Keystone?