Thursday’s front page read like a maintenance log for the software world: package managers hardening trust, coding agents going open-source, security bugs dragging on, and engineers arguing again about what useful work actually looks like. Even the lighter posts were really about systems.

Reflections

The strongest stories today were less about invention than about upkeep. Homebrew, Asahi, and the AMD updater story all circle the same question: who gets to run code on your machine, under what assumptions, and with how much trust. Meanwhile, the two essays about developer work pushed back against a familiar managerial fantasy that output can be measured cleanly by volume or visible busyness. The result was a front page that felt unusually sober, even when it was nostalgic or playful.

Themes

• Trust boundaries are moving closer to the user, whether through tap trust, Linux sandboxing, or scrutiny of vendor updaters.
• The market for coding assistants is tilting toward open harnesses and lower switching costs, not just model quality.
• Several threads rejected proxy metrics in favor of leverage, judgment, and resilience.
• Hardware stories were really software stories: firmware changes, update channels, and improbable ports mattered more than raw specs.

Show HN: Homebrew 6.0.0 (https://brew.sh/2026/06/11/homebrew-6.0.0/)

Summary: Homebrew 6.0.0 adds a tap trust mechanism for third-party repositories, makes its smaller internal JSON API the default, brings sandboxing to Linux, improves brew bundle, and continues its long run as the default way many developers bootstrap macOS and increasingly Linux systems.

Discussion:

• Many commenters treated the release as a reminder that Homebrew is still maintained at serious depth by a small volunteer project.
• The new trust model drew attention because third-party taps can execute unsandboxed Ruby, so requiring explicit trust felt like overdue hardening rather than inconvenience.
• The thread also turned into a package-manager comparison, with some users praising Homebrew’s maintenance quality and macOS support over alternatives such as Nix or more tool-specific managers.

---

MiMo Code Is Now Released and Open-Source (https://mimo.xiaomi.com/mimocode)

Summary: Xiaomi has open-sourced MiMo Code, positioning it as a terminal-native coding assistant built on OpenCode and extended with persistent memory, context management, subagent orchestration, and workflow-style automation.

Discussion:

• The strongest positive reaction was not to Xiaomi specifically, but to the idea that coding harnesses should be inspectable and portable instead of locked to one vendor.
• Several commenters highlighted the feature set around persistent memory and subagents, reading it as a sign that the harness layer is becoming its own product category.
• Because the source page was not easy for everyone to read directly, part of the thread relied on translated or quoted feature summaries, which made the discussion more about architecture than marketing copy.

---

Solar Generates More Energy in US Than Coal for First Time (https://www.theguardian.com/us-news/2026/jun/11/solar-energy-us-coal)

Summary: The Guardian reports that solar supplied 12.8% of US electricity in May, edging past coal for the first time. The milestone reflects both rapid solar growth and the long decline of coal’s share in the grid.

Discussion:

• Commenters were quick to note that the crossover is a story about two moving lines: solar rising fast while coal has been shrinking for years.
• Some readers wanted tighter sourcing and pointed to Ember’s underlying electricity data as the more useful primary reference.
• The conversation widened into practical questions about storage, grid balancing, and whether smaller-scale patterns such as balcony solar could spread more broadly in North America.

---

Lines of Code Got a Better Publicist (https://curlewis.co.nz/posts/lines-of-code-got-a-better-publicist/)

Summary: David Curlewis argues that many claims about AI-assisted engineering quietly revive the same bad measurement habits the industry spent years learning to distrust. Counting the share of code written by AI, he suggests, is still just a volume metric dressed up as progress.

Discussion:

• The thread strongly agreed with the essay’s core claim that shipped outcomes, reliability, and customer value matter more than code volume.
• Commenters were especially skeptical of executive rhetoric that treats AI-generated lines as evidence of headcount-level productivity gains.
• Several responses connected the essay to a broader return of vanity metrics: PR counts, ticket throughput, and “percent AI-written” dashboards aimed upward rather than at the work itself.

---

Doing Nothing at Work (https://www.seangoedecke.com/doing-nothing-at-work/)

Summary: Sean Goedecke makes a case for running engineers below full utilization, arguing that the highest-value contributions often come from slack, judgment, and preparedness rather than constant visible effort. The piece frames spare capacity as an operational asset, not idleness.

Discussion:

• Readers connected the 80% utilization idea to resilience engineering: systems and teams with no slack are already in a failure mode.
• The most persuasive examples in the thread were incident response and feature-flag triage, where a small intervention at the right moment can dwarf weeks of routine output.
• Some commenters pushed on incentives, noting that being broadly helpful can become unpaid extraction if organizations reward only the most legible work.

---

The RCE That AMD Wouldn’t Fix (https://mrbruh.com/amd2/)

Summary: A security researcher describes a remote code execution flaw in AMD’s updater path, argues that the original risk assessment treated man-in-the-middle attacks too casually, and says AMD’s eventual remediation came only after months of pressure and still left doubts about the strength of the fix.

Discussion:

• The sharpest criticism was aimed at the idea that network-path attackers should be considered out of scope for software that downloads and runs updates.
• Readers were unimpressed by the reported implementation details of the fix, especially the suggestion that checksum-style verification was being presented as stronger than it is.
• The thread also revisited a familiar complaint: hardware vendors often ship sophisticated silicon while treating surrounding Windows utility software as an afterthought.

---

macOS 27 Beta Breaks the Ability to Boot Asahi Linux (https://www.phoronix.com/news/macOS-27-Beta-Breaks-Asahi)

Summary: Phoronix reports that Asahi Linux warned users away from the new macOS 27 beta after it broke the ability to boot Linux on affected Apple Silicon machines, making the immediate lesson a simple one: do not install that beta on systems you expect to keep dual-booting.

Discussion:

• Many commenters took the pragmatic line that beta firmware is exactly where dual-boot assumptions are most likely to break.
• Others stressed that Apple previously made this class of project possible at all, which is why the incident looked more like a bug than a policy shift.
• A useful note from the thread was that a fix might already be underway, which kept the tone closer to caution than panic.

---

Developer Gets Half-Life Running at 30 FPS on a Nokia N95 (https://www.tomshardware.com/video-games/handheld-gaming/developer-gets-half-life-running-at-30-fps-on-a-2007-nokia-n95)

Summary: A developer has ported Half-Life to the Nokia N95 and reportedly reached around 30 FPS, complete with Bluetooth mouse and keyboard support. It is part technical stunt, part reminder of how much dormant capability still hides inside old hardware.

Discussion:

• The thread was full of Symbian and N95 nostalgia, with plenty of readers arguing that the device still feels like a lost branch in phone history.
• Commenters also used the port as a rough performance thought experiment: old flagship phones are now close enough to late-1990s PC workloads to make this kind of port believable.
• A side discussion turned to licensing and engine history, including why GoldSrc still has not been open-sourced.