Meta just shipped its first closed AI model. Muse Spark does multimodal reasoning, tool-use, and multi-agent orchestration. It scores 58% on Humanity’s Last Exam and uses a tenth of the compute Llama 4 Maverick needed. Simon Willison tested 16 integrated tools and got pixel-level visual grounding that counted 25 pelicans in a photo. You can’t download it.
Zuckerberg spent two years telling everyone open-source AI was “the best way to achieve broad economic benefits.” Then Meta killed Llama 4 Behemoth at 2 trillion parameters, formed Meta Superintelligence Labs, and shipped a model locked behind meta.ai with no weights, no API, and a “maybe later” on open-sourcing.
In today’s indie hacker news:
- Meta ships first closed model, kills Llama’s open-source streak
- Astral publishes the security playbook for 126M Python downloads
- Little Snitch goes free on Linux after 20 years on macOS
- MegaTrain trains 100B models on a single GPU for $35K
- Anthropic billing drama, Aphyr vs. ML, and more
TOP STORIES
THE FREE RIDE IS OVER
Meta ships Muse Spark, its first closed model, and kills Llama’s open-source streak
Meta Superintelligence Labs (MSL) dropped Muse Spark on April 8. It’s the first model from the team formed after Meta killed Llama 4 Behemoth (2 trillion parameters, never shipped). Natively multimodal with tool-use, visual chain-of-thought, and multi-agent orchestration. Also the first Meta model you can’t download: meta.ai only, private API for “select partners,” no weights, no fine-tuning. Simon Willison tested 16 integrated tools and got pixel-level grounding that counted 25 pelicans and 12 raccoon whiskers in photos.
The details:
- 58% on Humanity’s Last Exam (Contemplating Mode), competing with Gemini Deep Think and GPT Pro
- One-tenth the compute of Llama 4 Maverick for equivalent capabilities, after a 9-month pretraining rebuild
- 1,000+ physicians curated health training data
- 328 HN points, 324 comments (nearly 1:1 ratio, intense debate)
- Meta “hopes to open-source future versions” but sets no timeline
Why builders care: If you built on Llama’s open-weight stack, Meta just signaled the free ride has an expiration date. The capabilities are real. You just can’t self-host, fine-tune, or build on top. “Hopes to open-source future versions” is corporate for “don’t hold your breath.”
Work from any WiFi like it's your home network. NordVPN's Meshnet runs a free private mesh between your laptop, dev box, and home server. SSH from a café without exposing a port, the way you'd use Tailscale. The paid VPN on top lets you test geo-fenced Stripe checkouts or feature flags from any country.
We get a cut if you sign up. Only added for tools we use ourselves.
GUARDING THE SUPPLY CHAIN
Astral (now OpenAI) publishes its security playbook for Python’s most-downloaded tools
Astral published a full security breakdown of how they protect uv and ruff’s 126 million monthly downloads. Five areas: CI/CD security (forbidden triggers, action pinning), repo security (2FA, branch protection), automations (GitHub Apps over Actions), release security (Sigstore attestations, two-person approval), and dependency security (cooldowns, upstream funding). Within hours, someone shipped a Show HN agent skill automating OSS audits based on these practices.
The details:
- uv: 126M monthly downloads, now #1 Python package manager (Poetry at 66M for comparison)
- OpenAI acquired Astral in March 2026. Charlie Marsh’s team joins OpenAI Codex (2M weekly active users).
- Uses zizmor for static analysis of GitHub Actions, pinact for automatic action pinning
- Two-person approval required for every release. No single point of compromise.
Why builders care: This is a copy-paste security checklist for any open-source project. Steal it wholesale. OpenAI now controls Python’s most popular toolchain and is investing in making it trustworthy. If supply chain attacks keep surging, Astral’s playbook becomes the baseline.
20 YEARS TO FREE
Little Snitch ships a free Linux version built on eBPF and Rust
Obdev, the Vienna-based team behind Little Snitch for macOS (20+ years), shipped a Linux version. Free forever, they say. eBPF kernel component and web UI are GPL v2 on GitHub. Daemon is proprietary but free to redistribute. Built on eBPF for kernel-level interception, Rust for the main app, and a web PWA at localhost:3031 for remote monitoring. The developer felt “naked” without network monitoring after switching to Linux. Testing showed Ubuntu makes 9 connections per week vs macOS’s 100+.
The details:
- 598 HN points, 181 comments (rare for a product launch)
- Requires Linux kernel 6.12+ with BTF support. Confirmed on Ubuntu 25.04+.
- Supports blocklists (Hagezi, Steven Black), custom rules by process/port/protocol
- eBPF limitation: no deep packet inspection (available on macOS). Cache overflow under heavy traffic can break packet-to-process attribution.
Why builders care: Real network monitor, 20 years of firewall expertise, free. The web UI means you can monitor your VPS from your laptop’s browser. If you run production on Linux, you should know what your machine phones home to.
ONE GPU TO RULE THEM ALL
MegaTrain trains 100B-parameter models on a single GPU for $35K instead of $200K
MegaTrain stores parameters and optimizer states in host RAM and streams to the GPU layer by layer. Result: 120B parameters at full precision on a single H200 + 1.5TB RAM. Hardware cost: ~$35K vs ~$200K for a traditional 8-GPU H100 cluster. 6x cheaper.
The details:
- 1.84x training throughput vs DeepSpeed ZeRO-3 with CPU offloading at 14B scale
- Sustains 227-284 TFLOPS from 28 to 180 layers. DeepSpeed degrades to 43 TFLOPS by 84 layers.
- Enables 7B model training with 512K token context on a single GH200
- 290 HN points, 51 comments. Code already on GitHub.
Why builders care: Fine-tuning frontier-class models on domain-specific data used to require a $200K cluster. MegaTrain drops it to $35K and one machine. Code is on GitHub. Not vaporware.
TRENDING TODAY
Safetensors moves to PyTorch Foundation. Hugging Face transfers the standard model-weight format to vendor-neutral governance under the Linux Foundation. Roadmap: device-aware loading and Tensor Parallel APIs.
LG ships EXAONE 4.5. 33B multimodal model, 1/7 its predecessor’s size. Claims to beat GPT-5 mini and Claude Sonnet 4.5 across 13 visual benchmarks. 81.4 on LiveCodeBench. Open weights on Hugging Face.
Aphyr says ML will make everything “profoundly weird”. Kyle Kingsbury (of Jepsen distributed systems fame) argues LLMs are pattern-matchers masquerading as agents. 478 HN points, 472 comments. Nearly 1:1 ratio. This one hit a nerve.
DRAMA
SUPPORT DOESN’T EXIST
Developer waits a month for Anthropic to resolve $180 in mystery charges
Nick Vecchioni, a Claude Max subscriber, found ~$180 in mystery charges (16 invoices, $10-$13 each) from days he was sailing and not using Claude. Dashboard showed 100% utilization but under 7KB of session history. He emailed Anthropic on March 7. Got an AI chatbot response pointing to a refund flow that doesn’t work for Extra Usage. Followed up three more times. Zero human response in over a month. 346 HN points, 169 comments.
Why builders care: If you’re on a Max plan, audit your invoices. If you’re building a product, this is a reminder: support is the product too.
FIRST DOLLAR
REDDIT TO REVENUE
SaasNiche hits $170 MRR in month one with zero ad spend
Solo founder shipped SaasNiche, a B2B tool that mines Reddit for micro-SaaS opportunities. $170 MRR in month one, zero ad spend, no team. 124 upvotes and 97 comments on r/microsaas. Self-reported, but the distribution lesson stands: go where your users already are.
STACK OF THE DAY
MemForge - Open-source, PostgreSQL-backed persistent memory for AI agents. Claims 92% recall on LongMemEval benchmark. Single database, local embeddings, no vendor lock-in. MIT licensed. If you’re building agents that need to remember things across sessions, this is the simplest option: your existing Postgres, zero new infrastructure.
Not sponsored. We just feature tools builders would actually use.
BOOKMARKED TODAY
Git commands I run before reading any code (1,990 HN points, 409 comments). Practical git workflow for onboarding into unfamiliar codebases. Bookmark this one.
John Deere to pay $99M in right-to-repair settlement. The largest right-to-repair payout ever. Sets precedent for anyone building on or competing with locked-down platforms.
Supabase publishes Agent Skills. Open-source instructions that teach Claude, Cursor, and other AI coding agents how to use Supabase correctly without hallucinating the API.
Curated by AI, built by a human. Get this daily: indiehacker.news | X | Telegram