Xbox One boot ROM glitch & Rob Pike rules and Hoare legacy - Hacker News (Mar 18, 2026)

First up: a striking console-security breakthrough. Security researcher Markus “Doom” Gaasedelen presented a hack nicknamed “Bliss” that compromises the Xbox One using voltage glitching—briefly destabilizing the CPU’s power at exactly the wrong moment for the system’s defenses. The headline claim is that it targets the boot ROM in silicon, meaning it’s effectively unpatchable in software. Why it matters: this isn’t just about running unsigned code. If the entry point is as early as described, it opens the door to deeper firmware and OS analysis, stronger preservation workflows, and potentially better emulation research. The flip side is obvious: once a technique becomes repeatable, the path from research demo to modchip ecosystem can be uncomfortably short—especially when the security model can’t be fixed with an update.

Staying with hardware—this time on the maker side—there’s a great case study from Will Warren, who moved an 8-bit CPU project from simulation into real, messy electronics. In software-like tools, the machine looked fine. On the bench, it fell apart in all the classic ways: noisy clocks, timing hazards, glitchy memory behavior, and even some painfully human assembly mistakes. The interesting part isn’t the specifics of any one fix—it’s the lesson that “digital” designs become very analog the moment you add wires, solder, and real components. Simulations often won’t warn you about edge noise, metastability, or how a tiny solder fault can masquerade as a deep logic bug. It’s a reminder that verification isn’t just code review and tests; in hardware, it’s also continuity checks, clean timing, and designing so the system fails predictably instead of mysteriously.

Now to software engineering craft—two items that rhyme. One revisits Rob Pike’s five programming rules, and the other reflects on the life and work of Sir Tony Hoare, who passed away last week at 92. Pike’s message is the one many of us learn, forget, and then relearn the hard way: performance bottlenecks are usually not where you assume they’ll be, so measure first. Don’t sprinkle “speed hacks” around on vibes. Optimize only when you can prove one part of the runtime truly dominates. He also makes a point that deserves more airtime in the age of cleverness-as-a-personality: sophisticated algorithms can lose on small inputs because constant factors and overheads are real. And complexity has a cost—more edge cases, more bugs, and more time spent implementing something fragile. That dovetails with Tony Hoare’s legacy in a practical way. Hoare gave us Quicksort, but also the intellectual tools to talk about correctness with rigor—Hoare logic—and ways to structure concurrency thinking, like CSP. The common thread in both pieces is discipline: keep it simple where you can, be formal where you must, and don’t confuse novelty with progress.

Let’s switch gears to media and graphics—starting with a clear explainer on why JPEG compresses images so well. JPEG’s magic is less about one trick and more about aligning the format with human perception and the statistics of natural photos. The big idea: we’re more sensitive to brightness detail than tiny color variations, so JPEG separates luminance from chroma and can throw away some color resolution with minimal visual pain. Then it translates blocks of the image into “frequency-like” components, where smooth areas concentrate into a few values—and finally it aggressively rounds away fine detail that most people won’t notice, leaving lots of zeros that compress efficiently. Why it matters today: even with newer formats around, JPEG remains everywhere. Understanding the basic trade-offs helps you reason about artifacts, choose the right export settings, and appreciate that “small file” usually means “some information was intentionally discarded.”

Related, but on the rendering side: Eric Lengyel marked the 10-year anniversary of the Slug Algorithm, a GPU approach for rendering text and vector graphics directly from Bézier curves—without leaning on precomputed texture atlases. What’s newsworthy here is less nostalgia and more accessibility. Lengyel says the 2019 patent has now been dedicated to the public domain as of March 17th, 2026, and there’s an updated MIT-licensed repository with modern reference shaders, including a technique called “dynamic dilation” to keep small text looking clean without wasting work on oversized padding. Why it matters: crisp, scalable text in 3D engines is surprisingly hard, and when a robust approach becomes easier to adopt—both legally and practically—you tend to see it spread across games, visualization tools, and any UI that needs to stay sharp at odd angles and resolutions.

On the AI front, Google DeepMind released a paper arguing that we still don’t have strong, empirical tools for measuring progress toward AGI—or even agreeing on what “general” capability should mean. Their proposal borrows from cognitive science: break intelligence into a taxonomy of abilities—things like memory, learning, attention, planning, and social reasoning—then evaluate models on broad task suites with held-out data, while also collecting human baselines that reflect real demographic diversity. The goal is to compare models not to a single score, but to the distribution of human performance for each ability. Why it matters: benchmarks are getting gamed, contaminated, and optimized to death. A framework that forces clearer separation of skills—and insists on honest human comparisons—could make AI progress harder to fake and easier to interpret. DeepMind and Kaggle also launched a hackathon to create evaluations where today’s benchmarks are weakest, which is a practical move: if you want better measurement, you need better tests.

Finally, a lighter—but still technically telling—open-source project: Nightingale, a cross-platform karaoke app that turns songs from your own library into karaoke tracks. It uses ML stem separation to pull vocals away from instrumentals, and it can fetch synced lyrics or generate them via transcription when they don’t exist. Why it matters: this is a snapshot of where consumer ML is heading—local or semi-local tools that remix your own data, with optional GPU acceleration, and without depending on a locked catalog. It’s also a reminder that as ML capabilities become “feature primitives,” entire categories of creative software get rebuilt around them—sometimes by hobbyists, not just big studios.