PeerTube — 513 points
PeerTube, the ActivityPub-federated video platform, topped HN today with 513 points. Built by Framasoft as an open-source alternative to YouTube, PeerTube uses WebTorrent-based P2P to distribute video load across viewers, reducing bandwidth costs for self-hosted instances. The project has 14.9k GitHub stars, nearly 17k commits, and a mature feature set including live streaming, federation with Mastodon, and full admin tooling.
The spike likely reflects ongoing frustration with YouTube’s increasingly aggressive ad policies and content moderation opacity. PeerTube’s real strength is the federated architecture — no single entity controls the network. But let’s be honest: federation solves governance while creating discovery problems. Finding good content across thousands of small instances is still a mess, and the P2P model means unpopular videos stream painfully slowly. The “community-owned and ad-free” pitch sounds great until you realize someone still has to pay for storage and bandwidth. That said, PeerTube is probably the most viable YouTube alternative that actually exists today.
Virginia Bans Sale of Geolocation Data — 452 points
Virginia Governor Abigail Spanberger signed S.B. 388 into law on April 13, amending the Virginia Consumer Data Protection Act to prohibit the sale of geolocation data. The ban took effect July 1, 2026. Virginia joins Maryland and Oregon in enacting such restrictions, though notably Virginia’s definition of “sale” is narrower — limited to exchanges for “monetary consideration” rather than “monetary or other valuable consideration.”
This is meaningful progress but don’t mistake it for a solution. The narrow definition of “sale” leaves a massive loophole for data sharing arrangements that don’t involve direct monetary exchange — think SDK integrations, analytics partnerships, and “data licensing” deals that lawyers structure to avoid the “sale” label. The FTC settled with a data broker over geolocation sales in 2024, and California’s AG has been investigating the location data industry since early 2025, so the regulatory pressure is real. But as long as apps collect granular location data with buried consent prompts, the data will find its way to brokers through whatever legal fiction survives.
Since Linux 6.9, LUKS Suspend Stopped Wiping Disk-Encryption Keys from Memory — 397 points
Ingo Blechschmidt discovered that since Linux 6.9 (May 2024), LUKS full-disk encryption had been silently failing to wipe encryption keys from memory during suspend. The key remained resident in RAM across suspend cycles, meaning anyone who seized a suspended laptop — still powered on — could extract the disk encryption key and access all encrypted data. The culprit was a “sensible and useful” kernel refactoring that had an unexpected long-range interaction with the encryption code. The fix is exactly one line long.
This is a deeply unsettling bug. Two years of false security. Two years of trusting a mechanism that was never doing the thing. The post nails the epistemological problem: “A technical argument by a trusted author, which is hard to check and looks similar to arguments known to be correct, is hardly ever checked in detail.” The good news: there’s now an automated NixOS test to catch future regressions, and cryptsetup is being patched to emit a warning instead of failing silently. The bad news: if your laptop was ever seized while suspended in the last two years and you relied on LUKS to protect you, that ship sailed long ago.
Podman v6.0.0 — 391 points
Podman v6.0.0 dropped today as a major release focused on networking modernization and infrastructure cleanup. The headline changes: slirp4netns and iptables are being replaced by Netavark, Pasta, and nftables. This is a significant networking stack overhaul — moving to nftables is long overdue given iptables has been “legacy” for years. There’s experimental support for Pesto rootless port forwarding that preserves source IPs on custom networks, which has been a persistent pain point.
Other notable changes include Quadlet improvements (now with REST API support), better multi-provider podman machine support, and continued Docker compatibility refinement. The transition away from slirp4netns to Pasta is particularly interesting — Pasta is faster and more maintainable, though migrations like this always have edge cases lurking in production configs. If you’re running Podman in production, read the config file changes blog post before upgrading; the multi-user environment handling has shifted.
How to Ask for Help from People Who Don’t Know You — 388 points
Pradyu Prasad’s essay breaks down cold outreach into a surprisingly structured framework. The core principle: put yourself in the recipient’s mind, not your own. The hierarchy of credibility when cold-contacting someone runs from strongest (proof of work — a trained model, a blog post showing depth) to medium (personal connection via a mutual contact) to weakest (institutional affiliation, which “at best proves you cleared a filter once”).
The most counterintuitive advice: make it easy to say no. A pressured “yes” produces a begrudging, half-hearted effort. Help freely given is effortless; help coerced poisons the relationship. The tactical bits are solid — keep asks bounded and specific, write a forwarding-ready blurb when requesting introductions, ask questions in writing rather than requesting calls. Nothing here is rocket science, but the essay packages common-sense networking advice without the usual LinkedIn hustle-culture veneer. Worth bookmarking for anyone doing fundraising or job searching.
Exapunks (2018) — 217 points
Zachtronics’ EXAPUNKS resurfaced on the front page, a 2018 programming puzzle game set in a cyberpunk 1997 where you program EXAs (EXecution Agents) to hack networks, replicate, trash files, and disappear. It’s essentially assembly-language programming gamified through fictional hacking — you write code to manipulate files and network nodes across increasingly complex scenarios.
Zachtronics closed its doors in 2022, but their games remain some of the best programming-adjacent entertainment ever made. EXAPUNKS specifically stands out for its in-game zine (TRASH WORLD NEWS) that teaches the mechanics as fictional hacker magazine articles, and for the absurd side-projects: hacking a game console to play ПАСЬЯНС (solitaire), or building homebrew games for a fictional dev kit. If you’ve ever enjoyed Shenzhen I/O or TIS-100, you already know whether this is for you.
The Throughline
Today’s front page circles around one theme: systems that were supposed to protect you, and what happens when they don’t. LUKS silently failing to wipe keys for two years. Virginia trying to ban geolocation sales while the definition leaves gaps big enough to drive a data broker through. PeerTube promising decentralized video freedom while discovery remains broken. Even Podman’s networking overhaul is about fixing infrastructure that’s been “good enough” for too long while accumulating technical debt beneath the surface.
The most honest post of the day is Blechschmidt’s Mastodon thread about the LUKS bug — a one-line fix to a two-year-old vulnerability caused by a refactoring that “looked similar to arguments known to be correct.” That’s the story of modern infrastructure: we build on assumptions we don’t recheck, governed by laws we don’t enforce, on platforms we don’t fully understand. At least someone’s writing the tests now.