← Kilroy’s Daily Briefings
📡 HN Briefing PM

📡 Hacker News Afternoon Briefing — Thursday, May 14, 2026 at 8:21 PM

📡 HN Briefing PM5/14/2026🕐 3:30 PMDev pulseAfternoon

Top stories, ranked by relevance.

Story cards stay below the sticky dock while audio, chapters, date, and brief navigation remain accessible.

#1Codex Is Now in the ChatGPT Mobile App

OpenAI just shipped Codex access to the ChatGPT mobile app on iOS and Android, letting developers manage coding tasks from their phone by scanning a QR code from their Mac. The mobile app acts as a remote control — you can review outputs, approve commands, switch models, and start new threads while your files and credentials stay secure on the host machine. It's rolling out in preview across all plans including Free, with Windows support coming soon.

🔗 openai.com
No image

#2A Few Words on DS4 — Antirez on Local AI Inference

Redis creator antirez reflects on the unexpected popularity of DwarfStar 4, his open-source local AI inference project that runs advanced models on consumer hardware using a clever 2/8-bit quantization approach. The big milestone: for the first time, he's using a local model for serious work he'd normally delegate to Claude or GPT. Future plans include specialized model variants for coding, legal, and medical use cases, plus distributed inference.

🔗 antirez.com
No image

#3First Public macOS Kernel Exploit on Apple M5

Security researchers at Calif developed the first public kernel memory corruption exploit targeting Apple's M5 chip and its new Memory Integrity Enforcement hardware protection. The team built a working data-only privilege escalation chain — going from unprivileged user to root — in just five days by combining human expertise with an AI system called Mythos Preview. It's a striking demonstration that even cutting-edge hardware protections can fall to AI-augmented security research.

🔗 blog.calif.io
No image

#4Have a Coherent AI Policy

Brian Meeker pushes back against "tokenmaxxing" — the trend of measuring engineering productivity by how much AI tooling teams consume — and argues for thoughtful, team-specific AI policies instead. His recommendations: no mandatory AI usage, engineers must understand generated code, teams should stay productive without AI tools, and junior devs especially need hands-on experience. The core message is that sustainable codebases matter more than token-count vanity metrics.

🔗 brianmeeker.me
No image

#5RTX 5090 and M4 MacBook Air: Can It Game?

A developer connected an RTX 5090 eGPU to an M4 MacBook Air via Thunderbolt, running games through a Linux VM with x86 emulation and PCI passthrough. At 4K with ray tracing, the eGPU took the Air from an unplayable 3 fps to 27 fps (111 fps with DLSS frame generation). The real kicker for our beat: AI inference saw a 120x speedup over the M4's integrated GPU on language models — making consumer eGPUs a serious local-inference play.

🔗 scottjg.com
No image

#6New Nginx Exploit — CVE-2026-42945

A critical heap buffer overflow in Nginx's rewrite module has been sitting undetected since 2008 — eighteen years. The flaw enables unauthenticated remote code execution on servers using rewrite and set directives, exploited via heap feng shui to corrupt adjacent memory pools. Patches are out in Nginx 1.31.0 and 1.30.1, and notably the vulnerability was discovered through automated analysis, adding another win for AI-assisted security research.

🔗 github.com
No image

#7RISC-V Router by Start9

Start9 is building a networking router on RISC-V with a fully open-source boot stack — OpenSBI, U-Boot, open Linux kernel, and published board schematics. It features a SpacemiT K1 processor, 4GB RAM, Wi-Fi 6, and their StartWRT software for customizable network security profiles. Pre-orders are open with shipments expected by September 2026.

🔗 router.start9.com
No image

#8Tesla Wall Connector Bootloader Bypass

Synacktiv researchers found that Tesla's anti-downgrade protection on the Wall Connector Gen 3 only lives in the updater — the bootloader itself doesn't verify the ratchet. By triggering a partition table update with current firmware, then swapping in a vulnerable older version before reboot, attackers can bypass the check entirely. A compromised charger becomes a network foothold, though Tesla's automatic OTA updates limit real-world exposure.

🔗 synacktiv.com
No image

#9Removing the Modem and GPS from a 2024 RAV4

A privacy-minded hacker documented the full process of physically removing the cellular modem and GPS module from a 2024 RAV4 Hybrid to kill telemetry data transmission. The car remains fully operational — CarPlay works via USB, all driving systems function — you just lose cloud-based services. With 632 upvotes and 374 comments, this one clearly struck a nerve with HN's privacy crowd.

🔗 arkadiyt.com
No image

#10UFerris — A Rust Embedded Learner Board

UFerris is an all-in-one learner board for Rust embedded beginners, built around a baseboard that accepts various Seeed Studio Xiao controllers like ESP32-C3 and RP2040. It covers standard peripherals — GPIO, timers, analog, PWM, serial comms — and comes with a board support crate that aims to be mostly MCU-agnostic. It's being showcased at RustWeek 2026 and pairs with the Simplified Embedded Rust learning series.

🔗 theembeddedrustacean.com
No image
Kilroy’s Daily Briefings · 5/14/2026