Cigarette-lighter hardware fault attacks & EU-first switch for online tools - Hacker News (Mar 23, 2026)

First up: a wild but thoughtfully documented hardware security experiment. David Buchanan showed that electromagnetic fault injection—normally associated with pricey lab gear—can be pulled off with a piezo-electric lighter igniter and some careful setup. The big takeaway isn’t that everyone can do this easily; it’s that the barrier to experimenting with physical fault attacks is lower than many assume. And once you can reliably induce memory errors, you can start chaining them into real exploits—like corrupting critical data structures to escalate privileges. For defenders, it’s another reminder: when an attacker has physical access, the threat model shifts fast, and “software-only” assumptions get shaky.

Switching gears to digital sovereignty: a blogger detailed a broad migration away from non-EU online services and subscriptions toward EU-based alternatives, driven by the political climate and a preference for EU privacy protections. They moved email and hosting to Germany-based Uberspace, migrated domains and DNS to a German registrar, and shifted source code hosting to Codeberg, which is run as a nonprofit. What’s interesting here is the trade-off story: some EU options didn’t match the features they relied on, so they accepted extra complexity—like adding Nextcloud just to regain calendar and contacts sync. This is what “values-driven infrastructure” looks like in practice: fewer defaults, more intentional choices, and sometimes more maintenance in exchange for jurisdictional comfort.

That dovetails with a classic IndieWeb idea getting renewed attention: POSSE—“Publish (on your) Own Site, Syndicate Elsewhere.” The updated explainer argues for posting on your personal site first, then pushing copies or links out to social platforms while pointing back to the original. The why is straightforward: platforms come and go, policies change, and accounts get throttled or banned—but your own site can remain the canonical home for your writing, photos, and notes. The page also emphasizes something people forget: if you record where you syndicated a post, you can pull replies and reactions back to your site, keeping the conversation connected instead of scattered across walled gardens.

And if you needed another reason to pull content away from the modern web’s clutter, there’s a sharp critique making the rounds: an article promoting RSS readers that’s so ad-heavy and overlay-packed that the page is barely usable. The author’s point is less about dunking on one publisher and more about the broader incentive problem—when revenue depends on attention mechanics, the reading experience becomes collateral damage. RSS matters here because it’s a simple, durable escape hatch: you get the text, you skip the popups, and you stop donating bandwidth to a small army of trackers and autoplay assets.

Now to the developer platform that many teams treat like electricity: GitHub. A recent run of reliability problems included an incident that hit core workflows—CI runs, notifications, and more—plus a separate Copilot-related issue where newly enabled options didn’t reliably show up for some users due to internal propagation delays. The meta-issue is just as important: third parties are reconstructing historical availability because it’s become harder to gauge long-term reliability at a glance. Whether you love GitHub or not, the practical lesson is the same: it’s foundational infrastructure with real failure modes. If your deploy pipeline, incident response, or business operations assume it’s always there, you’re building on a single point of operational risk.

On the tooling front, there’s a new open-source project from Antithesis called Bombadil, aimed at property-based testing for web UIs. Instead of only running pre-scripted click paths, the idea is to explore a user interface more autonomously and check whether important “should always be true” behaviors hold up under strange sequences and edge cases. Why it matters: UI bugs often live in the in-between states—those awkward transitions no one thinks to write a test for. Tools like this try to turn that uncertainty into something systematic, which is exactly what you want before a bug shows up in production with real users.

For a reminder that performance engineering is as much about product design as it is about clever code, a developer recap of a German podcast revisited RollerCoaster Tycoon. The post argues the game’s legendary smoothness wasn’t just because it used low-level programming—it was because the entire simulation was designed to avoid expensive work most of the time. Guests don’t constantly demand perfect pathfinding. Crowds don’t require heavy collision logic. And when the game does need the costly computations, it keeps them bounded so you don’t get sudden frame drops. It’s a great case study in how constraints can shape behavior that players later interpret as “personality.”

Finally, a bit of EV history getting a second life: General Motors is supporting the restoration of a rare 1996 EV1 that resurfaced in rough shape and was picked up by an enthusiast team. GM’s involvement includes parts and access to expertise—an unusual twist, given the EV1’s complicated legacy and how few drivable examples remain. Beyond the nostalgia, this matters because it turns an influential but largely inaccessible vehicle into something the public can see and understand again. It also highlights how ideas from early EV engineering—battery management, controls, efficiency-minded design—echo into today’s mainstream electric platforms.