March 22, 2026

Pure Signal AI Intelligence

Here's a striking data point to open with. One of the most accomplished AI researchers on the planet hasn't typed a single line of code since December. That's not a complaint—it's a signal about where we are.

The Death of Manual Coding—And What Replaces It

Andrej Karpathy went on the No Priors podcast this week and said something that deserves to sink in. His coding ratio has completely inverted. Two years ago, he wrote eighty percent of his code himself and let AI agents handle the remaining twenty. Now those numbers are flipped. Eighty percent agent, twenty percent human. And lately? He's not even sure he's in the twenty percent anymore.

"I don't think I've typed like a line of code probably since December," he said. He described being in a "state of psychosis" trying to process what AI can now do—not from a place of fear, but from genuine intellectual overwhelm. He wants to be at the forefront of this shift. He feels antsy that he isn't.

Simon Willison is further along the same path—and documenting it carefully. His public profile, reconstructed this week from a thousand of his Hacker News comments by Claude, describes him as the leading evangelist for what he calls "agentic engineering." He does most of his programming from his iPhone via Claude Code while riding BART or walking his dog. He runs two or three agent sessions in parallel. He's on the two-hundred-dollar-a-month Claude Max plan. He starts every session with "run the test suite" to anchor the agent in a test-driven workflow.

What's notable is that neither of these people is a novice who fell into AI tools. They're among the most technically sophisticated developers alive. And both have concluded that the highest-leverage move is to stop typing and start directing.

Willison's framing is sharp: LLMs don't replace programmers, they amplify existing expertise. His central argument is that these tools are deceptively difficult to use well—and that most people who report bad results simply haven't learned the craft yet. He's writing a guide on this, and he jokes he's "teaching people good software engineering while tricking them into thinking the book is about AI."

He's also laid out specific git—version control software—patterns for working with agents. The key insight is that agents are fluent in advanced git operations that most developers avoid because the learning curve is steep. Things like git bisect—a binary search through commit history to find when a bug was introduced—or rewriting commit history to extract a library from a larger codebase while preserving authorship and timestamps. These used to require real expertise. Now you just describe what you want.

Agents Go Local—Karpathy's Home and the Hardware Behind It

The shift isn't just about how people write code. It's about where agents live.

Karpathy revealed he's integrated an agent he calls "Dobby the House Elf"—a nod to Harry Potter—into his home infrastructure. Dobby controls his sound system, lighting, security, pool, spa, and HVAC. He messages it on WhatsApp in natural language. It just handles things.

And this week, Nvidia delivered the hardware he intends to run it on. The DGX Station GB300—a deskside AI supercomputer—arrived at his Palo Alto home. The machine draws twenty amps. It delivers up to twenty petaflops of performance with seven hundred and forty-eight gigabytes of coherent memory—meaning the CPU and GPU can access the same pool—and can support AI models with up to one trillion parameters. This is data-center-class compute sitting next to your couch.

Nvidia framed the launch explicitly around agentic AI—systems that can reason, plan, and execute tasks over extended periods without human intervention. The bet is that persistent, long-running agents need powerful local hardware, not just API calls to a cloud. Karpathy, who gets a unit and immediately announces it's the future home of his house elf, is exactly the validation they were looking for.

When Your Public Comments Become Your Profile

Willison published something this week that's worth pausing on. He's been running an experiment: feed a thousand of someone's Hacker News comments into an LLM—Claude Opus—and prompt it to "profile this user."

The results are startlingly accurate. When he ran it on himself, the model correctly identified his professional identity, his technical interests, his security concerns, his debate style, his recurring arguments, even his personal quirks—the pelican benchmark, the niche museum obsession, the chickens in his garden. All from public forum comments. No special access required.

The Hacker News API serves comment history with open cross-origin headers—meaning any website can query it. Algolia indexes a thousand comments per request. This is all trivially accessible.

Willison's stated use is benign: checking whether someone arguing with him in bad faith has a pattern of doing so. But he acknowledges the creepiness directly. Public data, freely shared, becomes a detailed psychological portrait in seconds. The question of what counts as "private" when everything is queryable and synthesizable is one the field hasn't seriously grappled with yet.

Willison coined the term "prompt injection"—a technique where malicious instructions hidden in data trick an AI agent into doing something unintended—and has been warning about agent security for years. His profile shows he's been predicting a headline-grabbing prompt injection attack "in the next six months" for over two years, while acknowledging it keeps not happening. He calls this the normalization of deviance: the risk is real even when the catastrophe hasn't materialized.

The thread running through all of this is the same one: the gap between people who understand these tools deeply and people who don't is widening fast. Karpathy feels anxious about not being at the forefront. Willison is trying to professionalize how the industry uses these tools. Both are pointing at the same thing—this moment requires new craft, not just new software.

HN Signal Hacker News

☕ Morning Digest — Sunday, March 22, 2026

Good morning! Here's what Hacker News was buzzing about while you (hopefully) slept.

🔥 Top Signal

"Do Not Turn Child Protection into Internet Access Control" — A sharp warning about using kids as cover for surveillance

A tech civil-liberties organization published a piece arguing that governments worldwide are using "child protection" as justification to build systems that verify who you are before you can access the internet — essentially an ID check at the door of the web. The argument: once that infrastructure exists, it can be used for far more than protecting children. It can become a tool for censorship, mass surveillance, and tracking everything you read online. The Hacker News community responded with near-unanimous agreement and considerable cynicism — nearly every top comment was some variation of "it was never about the children." Whether you're a parent, a privacy advocate, or just someone who values being able to browse without being tracked, this one cuts close to home.

[HN Discussion](https://news.ycombinator.com/item?id=47470991)

"Some Things Just Take Time" — A thoughtful pushback on AI-fueled productivity obsession

Armin Ronacher (a well-known developer in the Python world) wrote a reflective essay about how the AI coding boom is creating a strange trap: we can move faster than ever, but speed without direction isn't progress. He notices that people who are "fully onboarded" into AI tools keep filling every minute they save with more things — never actually resting, reflecting, or doing the slow, deep work that produces genuinely good ideas. The comments are rich. User `vaylian` put it well: "If you are running in the wrong direction, speed is of very little value." And `Chris_Newton` added a sharp point: "velocity is a vector — increased speed only gets you where you want faster if you're also heading in the right direction." If you've been feeling vaguely exhausted by the AI productivity hype, this is a worthwhile read.

[HN Discussion](https://news.ycombinator.com/item?id=47467537)

Ubuntu is adding asterisks to your password prompt — ending a 46-year Unix tradition

Here's a fun one. When you type a password into the terminal (the text-based command window on Linux/Mac), nothing appears on screen — not even little dots. This has been true since the 1970s! Ubuntu (one of the most popular versions of Linux) is now changing this in their upcoming release, so you'll see asterisks (``) as you type. The logic? Your graphical login screen already shows dots — hiding them only in the terminal creates a false sense of security ("security theatre," as the developers put it) while genuinely confusing new users who think their keyboard has stopped working. The HN comments are a mix of people saying "finally!" and old-timers mourning a beloved quirk. One commenter, `timhh`, casually revealed mid-thread that they* were the person who actually implemented the change — a classic HN moment.

[HN Discussion](https://news.ycombinator.com/item?id=47464134)

👀 Worth Your Attention

"The Three Pillars of JavaScript Bloat" — Why web pages are so slow and heavy

JavaScript is the programming language that runs inside your web browser (think: the stuff that makes buttons work and forms submit). This article digs into why modern websites load so much of it — often for tiny, trivial tasks. The three culprits: outdated "polyfills" (code that adds features browsers already support natively), the npm ecosystem of micro-packages (some packages do literally 7 lines of work), and overly cautious backward compatibility. The comment `il-b` gets right to it: "The elephants in the room are React and webpack." If you've ever wondered why a simple news site takes 10 seconds to load, this is your primer.

[HN Discussion](https://news.ycombinator.com/item?id=47473718)

Cloudflare flags archive.today as a botnet — a messy internet governance story

Archive.today is a beloved tool that saves snapshots of web pages, often used to read paywalled articles or preserve content before it disappears. Cloudflare (a major internet infrastructure company) has now labeled it as a "Command & Control / Botnet" — meaning their malware-blocking DNS service (think: a phone book for the internet that also blocks sketchy addresses) refuses to look it up. The reason seems to be a genuine ongoing DDoS attack (a cyberattack that floods a website with traffic to knock it offline) that archive.today was allegedly involved in against a small blog. The story is messy: archive.today has also been under FBI scrutiny and facing fabricated abuse allegations. The practical upshot: if you use Cloudflare's 1.1.1.2 DNS resolver, archive.today links are broken for you right now.

[HN Discussion](https://news.ycombinator.com/item?id=47474255)

Floci — A free replacement for LocalStack (local AWS emulator)

AWS (Amazon Web Services) is the giant cloud computing platform that powers a huge chunk of the internet. Developers often want to test their AWS-based code on their own laptop before deploying it to the real thing. LocalStack was the go-to tool for this — but it recently ended its free tier and started requiring accounts and tokens. Floci is a new open-source (free, community-built) alternative that steps into the gap. The headline stat in the comments: 24ms startup time, fast enough to spin up a fresh instance for every single test you run. That's a big deal for developers who want reliable, repeatable tests.

[HN Discussion](https://news.ycombinator.com/item?id=47471801)

Professional video editing, right in your browser — powered by WebGPU and WASM

A developer shipped Tooscut, an open-source video editor that runs entirely inside a web browser — no download required. It's built with WebGPU (a newer web standard that lets browsers talk directly to your computer's graphics card) and WASM (WebAssembly — a way to run near-native-speed code inside a browser). The HN reaction is cautiously enthusiastic: impressive tech, but early-stage. One commenter noted that the last person who pulled this off well (Clipchamp) got acquired by Microsoft and promptly made worse. The wheel turns.

[HN Discussion](https://news.ycombinator.com/item?id=47471601)

How Invisalign quietly became the world's largest 3D printing operation

A Wired piece on how the company behind those clear plastic teeth aligners prints millions of custom plastic molds every day. Each aligner is unique to a patient's mouth. The HN thread debates whether you could DIY your own aligners (short answer: you'd need a dental scanner, specialized tooth-movement software, a vacuum-forming machine, and a dentist to glue attachment points to your teeth — so, not really). A genuinely fun read about mass manufacturing hiding in plain sight.

[HN Discussion](https://news.ycombinator.com/item?id=47435028)

💬 Comment Thread of the Day

From the sudo password story: In the middle of a thread debating whether showing asterisks is a good idea, user timhh dropped this:

> "I did this! I didn't actually know that Mint had enabled this by default. That would have been a useful counterpoint to the naysayers... Actually it was me getting sufficiently pissed off at the 2 second delay for invalid passwords in sudo (actually the main reason I did it)."

This is a 46-year-old Unix behavior change — something every Linux user has encountered thousands of times — and the person who actually implemented it casually showed up in the comment thread to explain their motivation wasn't even the asterisks themselves, but an unrelated 2-second delay bug. It's a perfect little window into how open-source software actually gets made: one developer getting annoyed enough at a small thing, fixing it, and suddenly changing an experience millions of people have had since the Carter administration.

[Full thread](https://news.ycombinator.com/item?id=47464134)

🎲 One-Liner

Today's HN had someone arguing we're moving too fast with AI tools, someone arguing we should put ID checks on internet access, and someone who just built a Minecraft clone for the terminal — which feels like a pretty accurate cross-section of the human condition.