IPv6 adoption hits new highs & AI models raising security stakes - Hacker News (Apr 16, 2026)

First up, a quiet milestone for the internet’s plumbing. Google’s IPv6 statistics page now shows that 45.54% of its users were reaching Google over IPv6 as of April 13th. The striking detail is that almost all of it is native IPv6, not older transition tricks. Why you should care: IPv6 adoption is one of the cleanest signals that the internet is actually expanding beyond IPv4 address scarcity. And Google’s regional views add an important reality check—deployment isn’t the same as quality. Some places may “have IPv6,” yet still suffer higher latency or reliability problems when hitting IPv6-enabled sites, which is exactly the kind of nuance operators and policymakers need to see.

Now to security, where two stories rhyme: AI is becoming less of a coding helper and more of an operational force multiplier. In one experiment, researchers gave OpenAI’s Codex a post-exploitation environment on a Samsung Smart TV and asked it to go from a limited foothold to root. The takeaway wasn’t a single magic trick—it was the workflow. With source access, logs, and the ability to compile and iterate, the model helped identify a dangerously permissive kernel interface and turned it into a practical escalation. The bigger point is about capability: when an AI can combine code reading, system probing, and rapid iteration, the barrier shifts from “can I find the bug” to “do I have access and time,” and both of those are becoming cheaper.

In a similar vein, Anthropic previewed a model called Mythos that they say was strong enough at cybersecurity tasks that they chose not to release it broadly. The UK AI Security Institute’s evaluation largely backed the claim: on a demanding simulated corporate network attack, Mythos outperformed other frontier models and was the only one to complete the full chain in repeated trials. What’s interesting here is less the leaderboard and more the economics. Evaluators observed that performance improved with bigger token budgets, hinting that brute-force exploration—powered by more compute—can keep buying results. If that pattern holds, security starts to look like a budget contest: defenders may need to spend heavily to find and fix weaknesses before attackers spend less to exploit them. That pushes organizations toward more rigorous hardening phases, and it also strengthens the case for widely-audited components where many parties can fund scrutiny.

Staying with security, there’s a new GitHub proof-of-concept repository claiming a Windows Defender behavior could be leveraged for privilege escalation. The allegation is that under certain conditions, Defender’s handling of a detected file could result in a rewrite to the original location in a way an attacker might abuse to overwrite protected files. If true, that’s the kind of bug that’s especially unsettling because it flips a safety mechanism into a write primitive—exactly the sort of thing local attackers look for. At this stage, the important note is that it’s a public claim with a PoC, not a fully adjudicated incident report, so the right posture is cautious attention: watch for vendor confirmation, patches, and independent validation rather than assuming either doom or dismissal.

On the platform side, one smaller thread captured a familiar frustration: a fediverse user asked if anyone could connect them to a human on the Gmail team to report what they described as serious, actionable spam activity. They claimed a spammer sent over ten thousand messages through Gmail in a week, and that standard abuse forms led nowhere. The replies quickly turned into a mini-demonstration of decentralized norms—people pointing out spammy behavior in the conversation itself and suggesting local server moderation. The broader theme is accountability and access. Centralized platforms scale with automation, but that can make escalation feel impossible even when someone believes they’ve found something important. Decentralized systems don’t magically solve spam, but they do offer more visible, local levers—sometimes for better, sometimes for chaos.

Switching gears to science, a Nature study analyzed 15,836 ancient and recent genomes from West Eurasia and introduced a time-series method designed to detect directional natural selection while accounting for migration and population structure. Using that approach, the authors report hundreds of independent selection signals over about ten thousand years—far more than earlier ancient-DNA scans typically surfaced. Many are tied to immune and inflammatory pathways, with signals intensifying around the Bronze Age, consistent with changing disease pressures as populations densified and lifestyles shifted. The careful, important nuance: the paper also discusses polygenic shifts connected to modern trait predictors, while warning that today’s labels don’t necessarily map neatly onto ancient adaptive realities. Still, the resource and method matter because they let researchers track evolutionary change through time rather than inferring it from a single snapshot.

From biology to interface design, James Somers makes a provocative productivity argument: AI could enable a kind of “paper computer,” where the calm, spatial advantages of paper—markups, note cards, physical sorting—are translated back into digital actions without forcing you to live inside a screen. The pitch isn’t nostalgia for messy workflows; it’s a critique of modern computing’s default mode: distractible, multitasking, and notification-driven. Somers imagines systems that respect single-purpose modes and turn physical interaction into structured digital updates, giving you the convenience of syncing without the constant attention tax. Whether or not the exact vision lands, it’s a useful reframing: AI doesn’t have to mean more screen time; it could be used to make computing quieter.

Finally, a bit of programming folklore gets a reality check. A post revisits the classic XOR swap trick—swapping two values without a temporary variable—and asks whether it ever helps. In modern compiled code, it basically doesn’t. Optimizing compilers already handle swaps efficiently, and the XOR version often generates extra work, while also introducing footguns like breaking when both pointers refer to the same place. The lesson is broader than one trick: “clever” code that once made sense in constrained environments frequently becomes slower, riskier, and harder to optimize today. It’s a reminder that readability and correctness usually win, and that the compiler is almost always better at this particular game than we are.