Editorial: A few modest, concrete things stole the Hacker News spotlight today: a tiny, private swipe-typing stack that runs on your phone; a DNS vendor making production-grade routing free; a clear-eyed take on how LLMs broke vulnerability disclosure norms; and a neural-rendered insect trapped in resin. These are practical stories—tools, trade-offs, and a reminder that newness often arrives as better ergonomics, not flash.
In Brief
Bunny DNS goes free
Why this matters now: Bunny DNS now serves production traffic with no per-query fees, making a high-performance, feature-rich global DNS option effectively free for most small sites.
Bunny.net announced they “eliminated DNS query fees entirely” and will host up to 500 domains for free while keeping a $1/month platform minimum. The free tier includes modern features — smart records, health checks, DNSSEC (with NSEC Black Lies), IPv6 dual-stack nameservers, and SVCB/HTTPS support — plus migration helpers to import zones.
“we’ve eliminated DNS query fees entirely.” — Bunny.net
This matters because DNS is basic plumbing: small projects lose a real cost and friction point, and operators get a competitive alternative to incumbents. Skeptics on HN rightly flagged a likely loss-leader play to upsell CDN and security features, and raised lock-in and abuse-resilience questions. If you run small services, it’s worth testing for latency and controls; if you run at scale, watch for operational guarantees and migration paths before moving critical zones. (See the announcement at Bunny’s blog post.)
Vulnerability reports are not special anymore
Why this matters now: Filippo argues that LLMs mean vulnerability discoveries are no longer scarce—teams must redesign triage and trust, not cling to old disclosure rituals.
Filippo’s essay pushes a simple but important reframe: when anyone can generate candidates with LLMs, the unique value of a researcher’s report vanishes; the bottleneck shifts to triage and remediation. He notes that old disclosure customs—fast acknowledgment, confidentiality, and public credit—rested on a scarcity that no longer exists.
“No, vulnerability reports are special,” he writes — and then explains why that bargain has broken.
Responses from maintainers range from “swamped by low-quality AI noise” to practical mitigations: require high-quality proof-of-concept artifacts, automate triage (including LLM checks in CI), and foster a small set of trusted researchers. For security teams, the takeaway is operational: invest in triage workflows and automated validation before worrying about disclosure etiquette. (Full piece at Filippo’s post.)
Printing Gaussian splats: neural renders become physical
Why this matters now: An artist’s neural-rendered insect was turned into a layered resin print using Gaussian splatting, showing neural rendering can produce museum-quality tangible objects.
An artist worked with Crysta AI to voxelize a Gaussian-splat neural render and print it in clear resin; the result is described as “a modern version of amber.” The technique converts view-dependent tiny-ball representations used for fast neural rendering into printable translucent voxels and requires careful color/lighting tweaks.
“a modern version of amber” — artist on the finished piece
The demo is an eye-opener for makers and studios: the fidelity is impressive, but current workflows are expensive and tooling is rough (previewing voxelization, color pipelines, MagicaVoxel import). Think art, educational specimens, or designer keepsakes rather than mass production—unless industrial hardware and color workflows mature quickly. (Read more at the Patreon post.)
Deep Dive
FUTO Swipe — a tiny, private swipe-typing model stack
Why this matters now: FUTO Swipe bundles an open dataset, tiny on-device models, and a GPL inference library to offer a privacy-first, high-quality swipe keyboard alternative to proprietary apps.
FUTO Swipe is notable because it’s not just a model release; it’s a full ecosystem: an open dataset of over a million voluntarily donated QWERTY English swipes, a three-part model stack, and a C++ inference library. Developers built three compact models — a layout-agnostic Encoder, a tiny single-language ContextLM to filter nonsense, and a layout-specific Decoder — that together deliver strong on-device performance with a surprisingly small footprint.
“we released a dataset of 1 million swipes under the MIT license” — FUTO Swipe post
The architecture is simple and practical: the Encoder transforms raw gesture paths into embeddings, the ContextLM scores fluency and weeds out gibberish, and the Decoder maps embeddings to word candidates tied to a keyboard layout. With a beam width of 300 across all three models, the team reports a top-4 fail rate of ~4% on their test set and sub-1% error when ignoring out-of-vocab words. Crucially, the models are “well under a few million parameters” and run in milliseconds on low-end phones—so privacy doesn’t have to cost latency or battery.
Two immediate friction points matter for adopters. First, the licensing is mixed: the dataset is MIT, the inference code is GPL, and models are under a custom FUTO Model License. That combination invites community questions about reuse, redistribution, and whether downstream keyboard apps can ship derivative models. Second, the project sparked a productive conversation about keyboard layout optimization: FUTO already supports ClearFlow, a swipe-optimized layout, and HN contributors offered to train models for other languages and layouts. That community energy could turn FUTO into a multilingual, extensible alternative to closed keyboards.
What should developers and privacy-minded users take away? If you care about on-device privacy and want a Gboard-like swiping experience without sending gestures to a cloud, FUTO Swipe is a credible, usable option today. For keyboard authors, the project is a practical template: small models, careful scoring, and a GPL inference core you can embed. For the community, the path forward is clear—more labeled swipe datasets, layout research, and clearer licensing to enable broader adoption. In short, FUTO Swipe is an example of thoughtful engineering meeting practical privacy needs, not an academic demo.
Closing Thought
Three threads tie these stories together: small, well-designed systems can beat bloat (tiny models and free DNS); operations matter more than signals (triage beats disclosure rituals); and making digital artifacts physical forces clear trade-offs (neural renders into resin). If you pick up anything today: try the free DNS on a canary domain, skim Filippo’s take if you run security triage, and keep an eye on FUTO Swipe—privacy-forward UI work is quietly useful.