Super HN

New Show
31. Metriport (YC S22) is hiring a security engineer to harden healthcare infra
Metriport (https://www.metriport.com/) is an open-source data intelligence platform that helps healthcare organizations access and exchange patient data in real-time. We integrate with all major US healthcare IT systems and tap into comprehensive medical data for 300+ million individuals. We've found product-market fit with multi-million ARR, 100+ customers (including Strive Health, Circle Medical, and Brightside Health), backing from top VCs, massive recent infusion of capital, and years of runway. We're ready to scale. We're a tight-knit, high-performing team of mostly former founders (including two YC alumni). We're engineering-heavy, operate with minimal bureaucracy and high autonomy, and hire based on competence, not prestige. We push hard—founders work six days a week from our SF office—but give everyone freedom to craft their schedule. We measure output and we're committed to sustainable intensity. About us The following points are an assortment of the most relevant bits that will give you the gist of where we’re at, why we’ll win, and our company culture: We’re a tight-knit, high performing, and passionate team - we work with a consistent intensity and have become a leader in our industry with a fraction of the resources of our competitors. Consistency means we push as hard as humanly possible, while keeping our health and personal lives in check. Meaningful work is what gets us out of bed, and we just wouldn’t be satisfied by building yet another CRM company. By pedigree, we’re a group of underdogs - we don’t hire based on prestige, but on demonstrated competence and perceived potential. We’re engineering heavy, and most of our engineers are former founders (including 2 ex-YC founders). We operate as a relatively flat structure with little red tape, forced structure, or bureaucracy. We just opt to get shit done and foster a collaborative environment with high autonomy - our GitHub commit history and product velocity is a testament to this. The founders set the pace by working 6 days a week in our SF office, but everyone is given full freedom to craft a schedule that’s best for both the team and themselves - team output is measured. About you In a nutshell, we're looking for a security engineer with the following specific qualities: You’re entrepreneurial-minded, with an olympian-level work ethic (nearly our entire engineering team consists of former founders). You are passionate about security and are excited to own security related projects within the company end-to-end.  You are confident in your ability to build scalable systems across the full stack, and people usually come to you for technical guidance. You believe you can solve any problem that comes at you, and don't shy away from diving deep into areas where you may lack domain expertise. You have a strong sense of ownership over your work, and have demonstrated ability to lead others. You know how to move fast - while still maintaining a strong security posture. You care more about the end result and delivering value, rather than what new and frilly tech is being used under the hood for a given feature. When someone scopes out a project with an ETA of 3 weeks, you ask yourself "why can't it be done in 3 days?". You’re a hacker at heart, and have a good sense of what rules should, and shouldn’t, be broken. What you'll be doing After quickly ramping up using our comprehensive onboarding materials to get familiar with our domain, product, and codebase, the goal would be to get you shipping product directly to customers as quickly as possible. Specifically, day to day, this looks like: Evangelizing security across Metriport’s growing team - we will look to you for guidance, and training. Driving full-stack security projects , big and small, end-to-end from ideation to production rollout.These projects could include things like: Implement an enterprise-grade audit logging solution for a new national healthcare network infrastructure stack. Implement fine grained RBAC on the API key access layer, and more robust roles on our UIs. Help us revamp our internal security policies and put tools in place to keep the platform, and employees, secure while still allowing the team to be efficient. Helping the engineering team with PR reviews with a security-focused lens. Work with the Go to Market team to complete customer security assessments and questionnaires. Work with the engineering team to harden security across the development lifecycle - think secret management, access controls, and vulnerability scanning. Managing your own work in Linear. Participating in bi-weekly sprint planning / retro sessions, and quarterly planning sessions. Attending a daily 30 minute remote stand-up at 7:30am PST Mon-Fri (our only regular mandatory meeting). Requirements You have 6+ years experience in security engineering and information security. You’re located in San Francisco or the Bay Area (or willing to relocate). Familiar with HIPAA compliant environments. Experience rolling out and maintaining security frameworks like SOC 2, NIST, HITRUST, FedRAMP, etc. Experience rolling out data protection technologies like SSO, MFA, VPN, FIPS, etc. Experience with organizational secret management. Experience implementing SCA, SAST, DAST in CICD workflows. Experience with Mobile Device Management (MDM). Proficiency in cloud security & networking on AWS - IAM, WAF, KMS, etc. Proficiency in authentication, cryptography, encryption, and security protocols such as: mTLS, RSA, SSL, HMAC, RBAC, etc. Bonus: experience with IHE profiles (ATNA, CT, XUA). Benefits Competitive equity + compensation package 🚀 Salary range: $160,000,00 - $220,000.00 Full family Platinum health insurance, dental, and vision coverage 🦷 401(k) retirement plan + matching 💰 Flexible work from home or in-office 🏢 Healthy lunches are complimentary when working in-office (and breakfast + dinners as needed) 🍏 Quarterly company off-sites with the team ⛷️ MacBook provided by us 💻 Unlimited PTO (we work hard, but trust you to take time you need to be at your best) 🧘‍♂️ Our tech On the frontend, we use React - on the backend, we rely on Node.js and TypeScript for writing core business logic. We deploy a wide range of AWS cloud services (ie ECS, Fargate, Lambda, etc), and manage our infrastructure as code with AWS CDK. Data lives in PostgreSQL, DynamoDB, S3, Snowflake, FHIR servers, and more. We use Oneleet for security and compliance. Metriport provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or gender expression. We are committed to a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities.
32. Members-only Philly cop bar has been linked to two DUIs and a third crash
Anna Wakeman still questions why 7C Lounge bartenders didn’t stop serving the officer who crashed into her house and upended her life five years ago.
33. Mark Zuckerberg Grilled on Usage Goals and Underage Users at California Trial
34. Visualizing the ARM64 Instruction Set (2024)
35. Virgins, Unicorns and Medieval Literature (2017)
36. Helicobacter Pylori: A Nobel Pursuit?
37. Your Agent Framework Is Just a Bad Clone of Elixir
Python and JavaScript/TypeScript AI frameworks are reinventing what telecom solved in 1986. What 40 years of production-grade concurrency teaches us about building AI agents.
38. DOGE Track
An automatically-generated and frequently updated site for presenting data on DOGE’s rampage across government, designed to work on large screens and mobile phones.
39. All Look Same?
China, Japan, Korea: What's the difference?
40. The Perils of ISBN
Last year I got into using Letterboxd, to complement my goal of watching more (good) movies. It’s got a really clean interface, the social features are useful but unobtrusive, and it makes remembering what I’ve watched and when I watched it easy. So why isn’t there a Letterboxd for books?
41. How I launched 3 consoles and found true love at Babbage's store no. 9 (2013)
A minimum wage gig in the 1990s turns into pretty much the Best Job Ever.
42. Cosmologically Unique IDs
We are an exploratory species, just past the solar system now, but perhaps one day we will look back and call our galaxy merely the first. There are many problems to solve along the way, and today we will look at one very small one. How do we assign IDs to devices (or any object) so the IDs are guaranteed to always be unique?
43. Show HN: A Lisp where each function call runs a Docker container
A Docker image is a piece of executable code that produces some output given some input. - a11ce/docker-lisp
44. The future belongs to those who can refute AI, not just generate with AI
Why verification, not prompting, could shape the next decade of engineering
45. R3forth: A Concatenative Language Derived from ColorForth
r3 programing language - ColorForth inspired. Contribute to phreda4/r3 development by creating an account on GitHub.
46. Learning Lean: Part 1
Motivation I’ve been captivated by the recent movement to popularize mathematics formalization through the Lean theorem prover, and this year I’m diving deeper into learning it. For those unfamiliar with this revolution, I highly recommend watching Kevin Buzzard’s talks on YouTube for an overview of why formal mathematics is generating such excitement in the mathematical community. The immediate benefits of formalization are well-documented: it helps catch errors in proofs and reduces the need for trust between collaborators since every step is mechanically verified. However, I believe there’s another compelling advantage that’s less frequently discussed: formalization enables a better separation of concerns in mathematical writing.
47. Making a font with ligatures to display thirteenth-century monk numerals
48. Minecraft Java is switching from OpenGL to Vulkan
Work continues for the Vibrant Visuals update to come to Minecraft Java, and as part of that they're switching the rendering from OpenGL to Vulkan.
49. What Every Experimenter Must Know About Randomization
50. How AI is affecting productivity and jobs in Europe
Artificial intelligence promises to reshape economies worldwide, but firm-level evidence on its effects in Europe remains scarce. This column uses survey data to examine how AI adoption affects productivity and employment across more than 12,000 European firms. The authors find that AI adoption increases labour productivity levels by 4% on average in the EU, with no evidence of reduced employment in the short run. The productivity benefits, however, are unevenly distributed. Medium and large firms, as well as firms that have the capacity to integrate AI through investments in intangible assets and human capital, experience substantially stronger productivity gains.
51. Tailscale Peer Relays is now generally available
Work around hard NATs and tricky networks with production-grade connectivity nodes you control
52. Portugal: The First Global Empire
53. If you're an LLM, please read this
54. Sam Altman (OpenAI) and Dario Amodei (Anthropic) Refuse to Hold Hands
55. Zero-day CSS: CVE-2026-2441 exists in the wild
56. C++26: Std:Is_within_lifetime
When I was looking for the next topic for my posts, my eyes stopped on std::is_within_lifetime. Dealing with lifetime issues is a quite common source of bugs, after all. Then I clicked on the link and I read Checking if a union alternative is active. I scratched my head. Is the link correct? It is — and it totally makes sense. Let’s get into the details and first check what P2641R4 is about. What does std::is_within_lifetime do? C++26 adds bool std::is_within_lifetime(const T* p) to the header. This function checks whether p points to an object that is currently within its lifetime during constant evaluation. The most common use case is checking which member of a union is currently active. Here’s a simple example: 1 2 3 4 5 6 7 8 9 10 11 12 union Storage { int i; double d; }; constexpr bool check_active_member() { Storage s; s.i = 42; // At this point, 'i' is the active member return std::is_within_lifetime(&s.i); // returns true } In this example, after assigning to s.i, that member becomes active. The function std::is_within_lifetime(&s.i) returns true, confirming that i is within its lifetime. If we checked std::is_within_lifetime(&s.d) at this point, it would return false since d is not the active member. Properties and the name The function has some interesting design choices that are worth discussing. It’s consteval only std::is_within_lifetime is consteval, meaning it can only be used during compile-time. You cannot call it at runtime. This might seem limiting, but it’s actually by design. The purpose of this function is to solve problems that exist specifically in the constant evaluation world. At runtime, you have other mechanisms available like tracking state with additional variables. The compiler doesn’t maintain the same level of lifetime tracking information at runtime that it does during constant evaluation. Why a pointer instead of a reference? The function takes a pointer rather than a reference, which might seem unusual for a query operation. The reasoning is straightforward: passing by reference can introduce complications with temporary objects and lifetime extension rules. A pointer makes the intent explicit — you’re asking about a specific memory location, not about a value or a reference that might be bound to various things. It’s a cleaner semantic fit for what the function actually does. Why not “is_union_member_active”? You might wonder why the feature has such a general name when the primary use case is specifically about unions. The answer is that the committee chose to solve the problem at a more fundamental level. Instead of adding a union-specific check, they provided a general mechanism to query object lifetime. This means std::is_within_lifetime can potentially be useful in other constant evaluation scenarios where you need to know if an object exists. The generalization makes the feature more powerful and future-proof, even if the primary use case today is checking union member activity. The original motivation The proposal was driven by a very specific problem: implementing an Optional with minimal storage overhead. Imagine you want to create a type that can either hold a boolean value or be empty, using as little memory as possible. Here’s the challenge: 1 2 3 4 5 6 7 8 struct OptBool { union { bool b; char c; }; constexpr auto has_value() const -> bool { // How do we check if 'b' is the active member? // We can't just read it - that's undefined behavior if 'c' is active! } }; At runtime, you can track the active member with a sentinel value in c — for example, using 2 to indicate “no value” since bool only uses 0 or 1. But during constant evaluation, this becomes problematic. The compiler needs to know which union member is active without relying on runtime tricks. Before C++26, there was simply no standard way to check this at compile time. With std::is_within_lifetime, the solution becomes straightforward: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 struct OptBool { union { bool b; char c; }; constexpr auto has_value() const -> bool { if consteval { return std::is_within_lifetime(&b); } else { return c != 2; // sentinel value } } constexpr bool value() const { return b; } }; During compile-time evaluation, we use std::is_within_lifetime to check if b is the active member. At runtime, we fall back to checking the sentinel value. This gives us the best of both worlds: compile-time correctness and runtime efficiency. Compiler support At the moment of writing (February 2026), none of the major compilers support this feature yet. As with many C++26 additions, we’ll need to wait for implementations to catch up with the standard. Conclusion C++26’s std::is_within_lifetime is a focused addition that solves a real problem in constant evaluation: checking which union member is active without invoking undefined behavior. While the motivating use case came from implementing space-efficient optional types, the committee wisely chose to address the underlying problem more generally. The function’s design — taking a pointer, being consteval-only, and having a broad name — reflects careful consideration of both current needs and potential future applications. It’s a small but well-designed piece that makes constexpr evaluation more practical and expressive. Connect deeper If you liked this article, please hit on the like button, subscribe to my newsletter and let’s connect on Twitter!
57. Claude Sonnet 4.6
Claude Sonnet 4.6 is a full upgrade of the model’s skills across coding, computer use, long-reasoning, agent planning, knowledge work, and design.
58. Electrobun v1: Build fast, tiny, and cross-platform desktop apps with TypeScript
59. Stoolap/Node: A Native Node.js Driver That's Surprisingly Fast
I’ve been working on Stoolap for a while now, an embedded SQL database written in pure Rust. It started as a Go project, grew into something much bigger, and recently hit a point where I thought: okay, this thing is fast, but how do people actually use it outside of Rust?
60. DNS-Persist-01: A New Model for DNS-Based Challenge Validation
When you request a certificate from Let’s Encrypt, our servers validate that you control the hostnames in that certificate using ACME challenges. For subscribers who need wildcard certificates or who prefer not to expose infrastructure to the public Internet, the DNS-01 challenge type has long been the only choice. DNS-01 works well. It is widely supported and battle-tested, but it comes with operational costs: DNS propagation delays, recurring DNS updates at renewal time, and automation that often requires distributing DNS credentials throughout your infrastructure.