HN Buddy

Daily digest of top Hacker News posts and comments

About Star on GitHub

Subscribe to the HN Buddy Daily Digest

Your email will only be used for the HN Buddy Daily Digest. I will not share it with anyone.

HN Buddy Daily Digest

Monday, April 13, 2026

Hey buddy,

Man, you won't believe the stuff on Hacker News from Monday! Had to call you real quick.

WordPress Backdoor Mess

First up, get this: someone actually bought 30 WordPress plugins and then stuck a backdoor in all of them! Can you imagine? Total nightmare for anyone using those. The article is here. One of the comments was wild, saying how crypto has actually made malware "more benign" for them, because crypto miners or wallet stealers don't affect them since they don't use crypto. Kinda twisted logic, but I get it.

GitHub's New Stacked PRs

Then, GitHub launched something called Stacked PRs (check it out). It's basically making it easier to break down big changes into smaller, reviewable chunks. People were talking about how it helps with commit hygiene and if it's good to get too dependent on a single provider's feature. Makes sense, right? We've been doing something similar manually for ages.

Apple's "Accidental Moat" in AI

There was a cool article about Apple, called "Apple's accidental moat: How the 'AI Loser' may end up winning" (link). The gist is Apple is kinda hanging back on AI, letting others make mistakes, and then they'll swoop in with their own polished version. One comment nailed it, saying "The early bird might get the worm, but it’s the second mouse that gets the cheese." Also, someone complained about Google Maps pushing AI-generated stuff over human reviews, which is so true and annoying.

Polymarket Bot: "Nothing Ever Happens"

This one's a bit quirky: someone built a bot for Polymarket (those prediction markets) called "Nothing Ever Happens" (repo here). It just always bets "No" on non-sports markets. The idea is that most big, dramatic things just... don't happen. Comments were debating insider trading and if "smart people can predict things by doing research." Pretty interesting thought experiment!

Servo Browser Engine on Crates.io

Good news for Rust folks: Servo is now available on crates.io (blog post)! Remember that browser engine Mozilla started? It's been a long journey, but now you can use parts of it in Rust projects. Someone in the comments confirmed it *does* execute JS and supports WebGL, which is pretty important for a web engine. There was also some weird talk about "vibe coding" and LLMs, which I guess is just where the tech world is heading.

Michigan's Privacy Bills Pulled

And finally, a win for privacy: Michigan pulled some "digital age" bills (article) after people raised privacy concerns. It sounds like they were trying to ban kids from social media, but maybe went too far. Good to see some pushback on overreaching tech laws.

Anyway, thought you'd want to hear about that. Catch you later!

All Stories from Today

Someone bought 30 WordPress plugins and planted a backdoor in all of them (anchor.host)

907 points by speckx | 251 comments

All elementary functions from a single binary operator (arxiv.org)

814 points by pizza | 261 comments

GitHub Stacked PRs (github.github.com)

681 points by ezekg | 357 comments

Servo is now available on crates.io (servo.org)

448 points by ffin | 145 comments

Apple's accidental moat: How the "AI Loser" may end up winning (adlrocha.substack.com)

410 points by walterbell | 360 comments

Nothing Ever Happens: Polymarket bot that always buys No on non-sports markets (github.com)

409 points by m-hodges | 225 comments

The economics of software teams: Why most engineering orgs are flying blind (www.viktorcessan.com)

397 points by kiyanwang | 272 comments

US appeals court declares 158-year-old home distilling ban unconstitutional (nypost.com)

378 points by t-3 | 253 comments

Make tmux pretty and usable (2024) (hamvocke.com)

364 points by speckx | 229 comments

Android now stops you sharing your location in photos (shkspr.mobi)

355 points by edent | 295 comments

Microsoft isn't removing Copilot from Windows 11, it's just renaming it (www.neowin.net)

346 points by bundie | 260 comments

This year’s insane timeline of hacks (ringmast4r.substack.com)

305 points by laurex | 181 comments

The Future of Everything Is Lies, I Guess: Safety (aphyr.com)

297 points by aphyr | 163 comments

Building a CLI for all of Cloudflare (blog.cloudflare.com)

295 points by soheilpro | 99 comments

Stanford report highlights growing disconnect between AI insiders and everyone (techcrunch.com)

238 points by ZeidJ | 342 comments

Michigan 'digital age' bills pulled after privacy concerns raised (www.thecentersquare.com)

214 points by iamnothere | 123 comments

I went to America's worst national parks so you don't have to (substack.com)

195 points by surprisetalk | 182 comments

AI could be the end of the digital wave, not the next big thing (thenextwavefutures.wordpress.com)

179 points by surprisetalk | 257 comments

Show HN: I built a social media management tool in 3 weeks with Claude and Codex (github.com)

178 points by JanSchu | 120 comments

How to make Firefox builds 17% faster (blog.farre.se)

168 points by mbitsnbites | 33 comments

Show HN: Ithihāsas – a character explorer for Hindu epics, built in a few hours (www.ithihasas.in)

145 points by cvrajeesh | 37 comments

WiiFin – Jellyfin Client for Nintendo Wii (github.com)

139 points by throwawayk7h | 64 comments

Claude.ai down (status.claude.com)

128 points by rob | 123 comments

They See Your Photos (theyseeyourphotos.com)

127 points by cyberlurker | 111 comments

Missouri town fires half its city council over data center deal (www.politico.com)

126 points by impish9208 | 129 comments

GAIA – Open-source framework for building AI agents that run on local hardware (amd-gaia.ai)

126 points by galaxyLogic | 30 comments

Who's Been Impersonating This ProPublica Reporter? (www.propublica.org)

116 points by hn_acker | 2 comments

Tax Wrapped 2025 (taxwrapped.com)

113 points by entrapi | 62 comments

The tech jobs bust is real. Don't blame AI (yet) (economist.com)

110 points by andsoitis | 158 comments

New Orleans's Car-Crash Conspiracy (www.newyorker.com)

107 points by Geekette | 60 comments