VeraCrypt blocked by code-signing & Anthropic Glasswing AI security push - Hacker News (Apr 8, 2026)

Let’s start with VeraCrypt. Its developer, Mounir Idrassi, says he’s been knocked off course for months, and the biggest reason is blunt: Microsoft terminated the account he used to sign Windows drivers and the bootloader. No warning, no explanation, and—according to him—no appeal. That’s not just an admin headache; it effectively blocks shipping new signed Windows builds, and Windows is where most VeraCrypt users are. The bigger takeaway is how fragile critical open-source infrastructure can be when distribution depends on a single vendor-controlled trust gate. Even if the code is fine, the ability to deliver updates can disappear overnight.

Staying in security, Anthropic announced Project Glasswing, a partnership program that uses an unreleased model—Claude Mythos 2 Preview—to hunt vulnerabilities in critical software. Anthropic claims the model is already turning up large numbers of high-severity issues across things like operating systems and widely used components, and they’re emphasizing delayed disclosure so fixes land before details go public. Why this matters: the cost of finding serious bugs is dropping, and the speed is going up—meaning defenders need to scale their response just to keep pace. Whether or not every claim holds up under scrutiny, the direction is clear: AI is accelerating both discovery and exploitation, and “secure by default” is no longer a slogan—it’s survival.

On the engineering-practice side, there’s a sharp suggestion for anyone onboarding to a new codebase: start with Git history before you even open files. The idea is to use commit patterns as a quick risk map—high-churn areas that keep changing, places where fixes cluster, and sections with concentrated ownership where one person carries the context. You’re not trying to learn everything from commits; you’re trying to figure out where the codebase is fragile, where delivery is chaotic, and where questions will cost you the most time. It’s a pragmatic reminder that software has a social history, and the repo already tells you who’s been firefighting.

That theme—context as leverage—also showed up in a piece arguing that a personal knowledge base made of plain Markdown notes and simple wikilinks is basically a graph database you can carry around. The pitch isn’t “make a prettier wiki.” It’s “make better inputs” for future work, especially when you’re asking an AI assistant to draft a design doc, a handoff, or a recap. When notes are linked by people and projects, you stop relying on vague memory and start pulling in the actual trail of decisions. The unresolved hard part is still the boring one: consistently processing the inbox of stuff you capture so it doesn’t become a junk drawer.

Another essay drew a clean line between big-company engineering and side projects—and then argued they’re not opposites at all. At work, you learn to build like a skyscraper: reviews, tests, and careful changes because failures are expensive. At home, you build like a shed: fast experiments, low stakes, and the freedom to try weird tools. The point is that each reinforces the other. Personal tinkering keeps curiosity alive and prevents you from becoming “just a ticket closer,” while professional discipline can gradually upgrade your hobby code from a pile of hacks into something resilient. It’s a quiet career strategy: protect your ability to build for yourself.

In open-source governance news, Mario Zechner announced he’s bringing his coding agent project, pi, under a company umbrella—Earendil—while keeping the core MIT-licensed. The headline here isn’t a feature release; it’s expectations. Ownership moves, trademarks and repos shift, and the project’s future may include paid features or proprietary components alongside an open core. For users and contributors, these transitions can be either stabilizing or disruptive, depending on how transparent the roadmap stays and how well the community’s trust is handled. Sustainability is real—but so is the risk of a project’s center of gravity changing.

On the DIY AI front, two roommates tried building a low-cost robot vacuum and trained it with behavior cloning—basically teaching by example from recorded teleoperation. The result worked, but not reliably: oscillations, random reverses, and occasional confidence in the wrong direction. Their takeaway is familiar to anyone who’s shipped ML into the physical world: model tweaks can’t rescue messy demonstrations and ambiguous training signals. Robotics is where “it kinda works” can still be frustrating, because your mistakes bump into furniture.

For makers who want tech that feels good—not just accurate—there’s a long-running open-source LED music visualizer story that landed on a surprisingly human insight. With so few LEDs, you can’t afford a display that technically reflects the spectrum but looks meaningless. The author’s breakthrough was mapping sound using the mel scale, which better matches how people perceive pitch and musical change. The larger lesson is that perception is part of the spec. If your output is for humans, the right transformation is often the one that matches what we notice, not what the raw data says.

On the creative computing side, a full recording of Revision 2026’s PC Demo competition went up, preserving the live screening and commentary. Even if you’re not deep in the demoscene, these archives are valuable: they’re a time capsule of what real-time graphics and audiovisual synchronization look like when they’re pushed as art, not product. And as always with demoparties, the conversation isn’t just “how did they do it,” but “what did it feel like,” especially when a finale lands as a shared cultural moment for the community.

And finally, space: NASA released the first images from the Artemis II crew’s lunar flyby, including far-side views and a striking in-space solar eclipse—where the Moon is backlit and you still see faint surface detail from Earthlight. Beyond the beauty shots, this is a signal that Orion and crewed deep-space operations are getting real-world validation. Artemis II is fundamentally a test mission, and these releases are the public-facing proof that the mission is executing the kind of navigation, imaging, and operations you need before attempting the next steps toward sustained lunar presence.