Moss is a pixel canvas where every brush is a tiny program
44 by smusamashah | 6 comments on Hacker News.
Wednesday, March 4, 2026
Tuesday, March 3, 2026
Monday, March 2, 2026
Sunday, March 1, 2026
Saturday, February 28, 2026
Friday, February 27, 2026
New top story on Hacker News: Show HN: Unfudged – version every change between commits - local-first
Show HN: Unfudged – version every change between commits - local-first
12 by cyrusradfar | 11 comments on Hacker News.
I built unf after I pasted a prompt into the wrong agent terminal and it overwrote hours of hand-edits across a handful of files. Git couldn't help because I hadn't finished/committed my in progress work. I wanted something that recorded every save automatically so I could rewind to any point in time. I wanted to make it difficult for an agent to permanently screw anything up, even with an errant rm -rf unf is a background daemon that watches directories you choose (via CLI) and snapshots every text file on save. It stores file contents in an object store, tracks metadata in SQLite, and gives you a CLI to query and restore any version. The install includes a UI, as well to explore the history through time. The tool skips binaries and respects `.gitignore` if one exists. The interface borrows from git so it should feel familiar: unf log , unf diff , unf restore . I say "UN-EF" vs U.N.F, but that's for y'all to decide: I started by calling the project Unfucked and got unfucked.ai, which if you know me and the messes I get myself into, is a fitting purchase. The CLI command is `unf` and the Tauri desktop app is called "Unfudged". How it works: https://ift.tt/ZaH4gT5 (summary below) The daemon uses FSEvents on macOS and inotify on Linux. When a file changes, `unf` hashes the content with BLAKE3 and checks whether that hash already exists in the object store — if it does, it just records a new metadata entry pointing to the existing blob. If not, it writes the blob and records the entry. Each snapshot is a row in SQLite. Restores read the blob back from the object store and overwrite the file, after taking a safety snapshot of the current state first (so restoring is itself reversible). There are two processes. The core daemon does the real work of managing FSEvents/inotify subscriptions across multiple watched directories and writing snapshots. A sentinel watchdog supervises it, kept alive and aligned by launchd on macOS and systemd on Linux. If the daemon crashes, the sentinel respawns it and reconciles any drift between what you asked to watch and what's actually being watched. It was hard to build the second daemon because it felt like conceding that the core wasn't solid enough, but I didn't want to ship a tool that demanded perfection to deliver on the product promise, so the sentinel is the safety net. Fingers crossed, I haven’t seen it crash in over a week of personal usage on my Mac. But, I don't want to trigger "works for me" trauma. The part I like most: On the UI, I enjoy viewing files through time. You can select a time section and filter your projects on a histogram of activity. That has been invaluable in seeing what the agent was doing. On the CLI, the commands are composable. Everything outputs to stdout so you can pipe it into whatever you want. I use these regularly and AI agents are better with the tool than I am: # What did my config look like before we broke it? unf cat nginx.conf --at 1h | nginx -t -c /dev/stdin # Grep through a deleted file unf cat old-routes.rs --at 2d | grep "pub fn" # Count how many lines changed in the last 10 minutes unf diff --at 10m | grep '^[+-]' | wc -l # Feed the last hour of changes to an AI for review unf diff --at 1h | pbcopy # Compare two points in time with your own diff tool diff <(unf cat app.tsx --at 1h) <(unf cat app.tsx --at 5m) # Restore just the .rs files that changed in the last 5 minutes unf diff --at 5m --json | jq -r '.changes[].file' | grep '\.rs$' | xargs -I{} unf restore {} --at 5m # Watch for changes in real time watch -n5 'unf diff --at 30s' What was new for me: I came to Rust in Nov. 2025 honestly because of HN enthusiasm and some FOMO. No regrets. I enjoy the language enough that I'm now working on custom clippy lints to enforce functional programming practices. This project was also my first Apple-notarized DMG, my first Homebrew tap, and my second Tauri app (first one I've shared). Install & Usage: > brew install cyrusradfar/unf/unfudged Then unf watch in a directory. unf help covers the details (or ask your agent to coach).
12 by cyrusradfar | 11 comments on Hacker News.
I built unf after I pasted a prompt into the wrong agent terminal and it overwrote hours of hand-edits across a handful of files. Git couldn't help because I hadn't finished/committed my in progress work. I wanted something that recorded every save automatically so I could rewind to any point in time. I wanted to make it difficult for an agent to permanently screw anything up, even with an errant rm -rf unf is a background daemon that watches directories you choose (via CLI) and snapshots every text file on save. It stores file contents in an object store, tracks metadata in SQLite, and gives you a CLI to query and restore any version. The install includes a UI, as well to explore the history through time. The tool skips binaries and respects `.gitignore` if one exists. The interface borrows from git so it should feel familiar: unf log , unf diff , unf restore . I say "UN-EF" vs U.N.F, but that's for y'all to decide: I started by calling the project Unfucked and got unfucked.ai, which if you know me and the messes I get myself into, is a fitting purchase. The CLI command is `unf` and the Tauri desktop app is called "Unfudged". How it works: https://ift.tt/ZaH4gT5 (summary below) The daemon uses FSEvents on macOS and inotify on Linux. When a file changes, `unf` hashes the content with BLAKE3 and checks whether that hash already exists in the object store — if it does, it just records a new metadata entry pointing to the existing blob. If not, it writes the blob and records the entry. Each snapshot is a row in SQLite. Restores read the blob back from the object store and overwrite the file, after taking a safety snapshot of the current state first (so restoring is itself reversible). There are two processes. The core daemon does the real work of managing FSEvents/inotify subscriptions across multiple watched directories and writing snapshots. A sentinel watchdog supervises it, kept alive and aligned by launchd on macOS and systemd on Linux. If the daemon crashes, the sentinel respawns it and reconciles any drift between what you asked to watch and what's actually being watched. It was hard to build the second daemon because it felt like conceding that the core wasn't solid enough, but I didn't want to ship a tool that demanded perfection to deliver on the product promise, so the sentinel is the safety net. Fingers crossed, I haven’t seen it crash in over a week of personal usage on my Mac. But, I don't want to trigger "works for me" trauma. The part I like most: On the UI, I enjoy viewing files through time. You can select a time section and filter your projects on a histogram of activity. That has been invaluable in seeing what the agent was doing. On the CLI, the commands are composable. Everything outputs to stdout so you can pipe it into whatever you want. I use these regularly and AI agents are better with the tool than I am: # What did my config look like before we broke it? unf cat nginx.conf --at 1h | nginx -t -c /dev/stdin # Grep through a deleted file unf cat old-routes.rs --at 2d | grep "pub fn" # Count how many lines changed in the last 10 minutes unf diff --at 10m | grep '^[+-]' | wc -l # Feed the last hour of changes to an AI for review unf diff --at 1h | pbcopy # Compare two points in time with your own diff tool diff <(unf cat app.tsx --at 1h) <(unf cat app.tsx --at 5m) # Restore just the .rs files that changed in the last 5 minutes unf diff --at 5m --json | jq -r '.changes[].file' | grep '\.rs$' | xargs -I{} unf restore {} --at 5m # Watch for changes in real time watch -n5 'unf diff --at 30s' What was new for me: I came to Rust in Nov. 2025 honestly because of HN enthusiasm and some FOMO. No regrets. I enjoy the language enough that I'm now working on custom clippy lints to enforce functional programming practices. This project was also my first Apple-notarized DMG, my first Homebrew tap, and my second Tauri app (first one I've shared). Install & Usage: > brew install cyrusradfar/unf/unfudged Then unf watch in a directory. unf help covers the details (or ask your agent to coach).
Thursday, February 26, 2026
New top story on Hacker News: Show HN: Mission Control – Open-source task management for AI agents
Show HN: Mission Control – Open-source task management for AI agents
9 by meisnerd | 1 comments on Hacker News.
I've been delegating work to Claude Code for the past few months, and it's been genuinely transformative—but managing multiple agents doing different things became chaos. No tool existed for this workflow, so I built one. The Problem When you're working with AI agents (Claude Code, Cursor, Windsurf), you end up in a weird situation: - You have tasks scattered across your head, Slack, email, and the CLI - Agents need clear work items, context, and role-specific instructions - You have no visibility into what agents are actually doing - Failed tasks just... disappear. No retry, no notification - Each agent context-switches constantly because you're hand-feeding them work I was manually shepherding agents, copying task descriptions, restarting failed sessions, and losing track of what needed done next. It felt like hiring expensive contractors but managing them like a disorganized chaos experiment. The Solution Mission Control is a task management app purpose-built for delegating work to AI agents. It's got the expected stuff (Eisenhower matrix, kanban board, goal hierarchy) but built from the assumption that your collaborators are Claude, not humans. The killer feature is the autonomous daemon . It runs in the background, polls your task queue, spawns Claude Code sessions automatically, handles retries, manages concurrency, and respects your cron-scheduled work. One click: your entire work queue activates. The Architecture - Local-first : Everything lives in JSON files. No database, no cloud dependency, no vendor lock-in. - Token-optimized API : The task/decision payloads are ~50 tokens vs ~5,400 unfiltered. Matters when you're spawning agents repeatedly. - Rock-solid concurrency : Zod validation + async-mutex locking prevents corruption under concurrent writes. - 193 automated tests : This thing has to be reliable. It's doing unattended work. The app is Next.js 15 with 5 built-in agent roles (researcher, developer, marketer, business-analyst, plus you). You define reusable skills as markdown that get injected into agent prompts. Agents report back through an inbox + decisions queue. Why Release This? A few people have asked for access, and I think it's genuinely useful for anyone delegating to AI. It's MIT licensed, open source, and actively maintained. What's Next - Human collaboration (sharing tasks with real team members) - Integrations with GitHub issues and email inboxes - Better observability dashboard for daemon execution - Custom agent templates (currently hardcoded roles) If you're doing something similar—delegating serious work to AI—check it out and let me know what's broken. GitHub: https://ift.tt/KSyoRtG
9 by meisnerd | 1 comments on Hacker News.
I've been delegating work to Claude Code for the past few months, and it's been genuinely transformative—but managing multiple agents doing different things became chaos. No tool existed for this workflow, so I built one. The Problem When you're working with AI agents (Claude Code, Cursor, Windsurf), you end up in a weird situation: - You have tasks scattered across your head, Slack, email, and the CLI - Agents need clear work items, context, and role-specific instructions - You have no visibility into what agents are actually doing - Failed tasks just... disappear. No retry, no notification - Each agent context-switches constantly because you're hand-feeding them work I was manually shepherding agents, copying task descriptions, restarting failed sessions, and losing track of what needed done next. It felt like hiring expensive contractors but managing them like a disorganized chaos experiment. The Solution Mission Control is a task management app purpose-built for delegating work to AI agents. It's got the expected stuff (Eisenhower matrix, kanban board, goal hierarchy) but built from the assumption that your collaborators are Claude, not humans. The killer feature is the autonomous daemon . It runs in the background, polls your task queue, spawns Claude Code sessions automatically, handles retries, manages concurrency, and respects your cron-scheduled work. One click: your entire work queue activates. The Architecture - Local-first : Everything lives in JSON files. No database, no cloud dependency, no vendor lock-in. - Token-optimized API : The task/decision payloads are ~50 tokens vs ~5,400 unfiltered. Matters when you're spawning agents repeatedly. - Rock-solid concurrency : Zod validation + async-mutex locking prevents corruption under concurrent writes. - 193 automated tests : This thing has to be reliable. It's doing unattended work. The app is Next.js 15 with 5 built-in agent roles (researcher, developer, marketer, business-analyst, plus you). You define reusable skills as markdown that get injected into agent prompts. Agents report back through an inbox + decisions queue. Why Release This? A few people have asked for access, and I think it's genuinely useful for anyone delegating to AI. It's MIT licensed, open source, and actively maintained. What's Next - Human collaboration (sharing tasks with real team members) - Integrations with GitHub issues and email inboxes - Better observability dashboard for daemon execution - Custom agent templates (currently hardcoded roles) If you're doing something similar—delegating serious work to AI—check it out and let me know what's broken. GitHub: https://ift.tt/KSyoRtG
Wednesday, February 25, 2026
Tuesday, February 24, 2026
Monday, February 23, 2026
New top story on Hacker News: Show HN: Shibuya – A High-Performance WAF in Rust with eBPF and ML Engine
Show HN: Shibuya – A High-Performance WAF in Rust with eBPF and ML Engine
10 by germainluperto | 1 comments on Hacker News.
Hi HN, I’ve been working on Shibuya, a next-generation Web Application Firewall (WAF) built from the ground up in Rust. I wanted to build a WAF that didn't just rely on legacy regex signatures but could understand intent and perform at line-rate using modern kernel features. What makes Shibuya different: Multi-Layer Pipeline: It integrates a high-performance proxy (built on Pingora) with rate limiting, bot detection, and threat intelligence. eBPF Kernel Filtering: For volumetric attacks, Shibuya can drop malicious packets at the kernel level using XDP before they consume userspace resources. Dual ML Engine: It uses an ONNX-based engine for anomaly detection and a Random Forest classifier to identify specific attack classes like SQLi, XSS, and RCE. API & GraphQL Protection: Includes deep inspection for GraphQL (depth and complexity analysis) and OpenAPI schema validation. WASM Extensibility: You can write and hot-load custom security logic using WebAssembly plugins. Ashigaru Lab: The project includes a deliberately vulnerable lab environment with 6 different services and a "Red Team Bot" to test the WAF against 100+ simulated payloads. The Dashboard: The dashboard is built with SvelteKit and offers real-time monitoring (ECharts), a "Panic Mode" for instant hardening, and a visual editor for the YAML configuration. I'm looking for feedback on the architecture and the performance of the Rust-eBPF integration.
10 by germainluperto | 1 comments on Hacker News.
Hi HN, I’ve been working on Shibuya, a next-generation Web Application Firewall (WAF) built from the ground up in Rust. I wanted to build a WAF that didn't just rely on legacy regex signatures but could understand intent and perform at line-rate using modern kernel features. What makes Shibuya different: Multi-Layer Pipeline: It integrates a high-performance proxy (built on Pingora) with rate limiting, bot detection, and threat intelligence. eBPF Kernel Filtering: For volumetric attacks, Shibuya can drop malicious packets at the kernel level using XDP before they consume userspace resources. Dual ML Engine: It uses an ONNX-based engine for anomaly detection and a Random Forest classifier to identify specific attack classes like SQLi, XSS, and RCE. API & GraphQL Protection: Includes deep inspection for GraphQL (depth and complexity analysis) and OpenAPI schema validation. WASM Extensibility: You can write and hot-load custom security logic using WebAssembly plugins. Ashigaru Lab: The project includes a deliberately vulnerable lab environment with 6 different services and a "Red Team Bot" to test the WAF against 100+ simulated payloads. The Dashboard: The dashboard is built with SvelteKit and offers real-time monitoring (ECharts), a "Panic Mode" for instant hardening, and a visual editor for the YAML configuration. I'm looking for feedback on the architecture and the performance of the Rust-eBPF integration.
Sunday, February 22, 2026
Saturday, February 21, 2026
Friday, February 20, 2026
New top story on Hacker News: KFC, Nando's, and others ditch chicken welfare pledge
KFC, Nando's, and others ditch chicken welfare pledge
27 by penguin_booze | 6 comments on Hacker News.
27 by penguin_booze | 6 comments on Hacker News.
Thursday, February 19, 2026
Wednesday, February 18, 2026
Tuesday, February 17, 2026
Monday, February 16, 2026
Sunday, February 15, 2026
Saturday, February 14, 2026
Friday, February 13, 2026
New top story on Hacker News: Show HN: Moltis – AI assistant with memory, tools, and self-extending skills
Show HN: Moltis – AI assistant with memory, tools, and self-extending skills
7 by fabienpenso | 1 comments on Hacker News.
Hey HN. I'm Fabien, principal engineer, 25 years shipping production systems (Ruby, Swift, now Rust). I built Moltis because I wanted an AI assistant I could run myself, trust end to end, and make extensible in the Rust way using traits and the type system. It shares some ideas with OpenClaw (same memory approach, Pi-inspired self-extension) but is Rust-native from the ground up. The agent can create its own skills at runtime. Moltis is one Rust binary, 150k lines, ~60MB, web UI included. No Node, no Python, no runtime deps. Multi-provider LLM routing (OpenAI, local GGUF/MLX, Hugging Face), sandboxed execution (Docker/Podman/Apple Containers), hybrid vector + full-text memory, MCP tool servers with auto-restart, and multi-channel (web, Telegram, API) with shared context. MIT licensed. No telemetry phoning home, but full observability built in (OpenTelemetry, Prometheus). I've included 1-click deploys on DigitalOcean and Fly.io, but since a Docker image is provided you can easily run it on your own servers as well. I've written before about owning your content ( https://ift.tt/XuI5JgZ ) and owning your email ( https://ift.tt/N3ds8uE ). Same logic here: if something touches your files, credentials, and daily workflow, you should be able to inspect it, audit it, and fork it if the project changes direction. It's alpha. I use it daily and I'm shipping because it's useful, not because it's done. Longer architecture deep-dive: https://ift.tt/GS6m0Hk... Happy to discuss the Rust architecture, security model, or local LLM setup. Would love feedback.
7 by fabienpenso | 1 comments on Hacker News.
Hey HN. I'm Fabien, principal engineer, 25 years shipping production systems (Ruby, Swift, now Rust). I built Moltis because I wanted an AI assistant I could run myself, trust end to end, and make extensible in the Rust way using traits and the type system. It shares some ideas with OpenClaw (same memory approach, Pi-inspired self-extension) but is Rust-native from the ground up. The agent can create its own skills at runtime. Moltis is one Rust binary, 150k lines, ~60MB, web UI included. No Node, no Python, no runtime deps. Multi-provider LLM routing (OpenAI, local GGUF/MLX, Hugging Face), sandboxed execution (Docker/Podman/Apple Containers), hybrid vector + full-text memory, MCP tool servers with auto-restart, and multi-channel (web, Telegram, API) with shared context. MIT licensed. No telemetry phoning home, but full observability built in (OpenTelemetry, Prometheus). I've included 1-click deploys on DigitalOcean and Fly.io, but since a Docker image is provided you can easily run it on your own servers as well. I've written before about owning your content ( https://ift.tt/XuI5JgZ ) and owning your email ( https://ift.tt/N3ds8uE ). Same logic here: if something touches your files, credentials, and daily workflow, you should be able to inspect it, audit it, and fork it if the project changes direction. It's alpha. I use it daily and I'm shipping because it's useful, not because it's done. Longer architecture deep-dive: https://ift.tt/GS6m0Hk... Happy to discuss the Rust architecture, security model, or local LLM setup. Would love feedback.
Thursday, February 12, 2026
New top story on Hacker News: Show HN: Pgclaw – A "Clawdbot" in every row with 400 lines of Postgres SQL
Show HN: Pgclaw – A "Clawdbot" in every row with 400 lines of Postgres SQL
8 by calebhwin | 3 comments on Hacker News.
Hi HN, Been hacking on a simple way to run agents entirely inside of a Postgres database, "an agent per row". Things you could build with this: * Your own agent orchestrator * A personal assistant with time travel * (more things I can't think of yet) Not quite there yet but thought I'd share it in its current state.
8 by calebhwin | 3 comments on Hacker News.
Hi HN, Been hacking on a simple way to run agents entirely inside of a Postgres database, "an agent per row". Things you could build with this: * Your own agent orchestrator * A personal assistant with time travel * (more things I can't think of yet) Not quite there yet but thought I'd share it in its current state.
Wednesday, February 11, 2026
Tuesday, February 10, 2026
New top story on Hacker News: Show HN: HN Companion – web app that enhances the experience of reading HN
Show HN: HN Companion – web app that enhances the experience of reading HN
8 by georgeck | 2 comments on Hacker News.
HN is all about the rich discussions. We wanted to take the HN experience one step further - to bring the familiar keyboard-first navigation, find interesting viewpoints in the threads and get a gist of long threads so that we can decide which rabbit holes to explore. So we built HN Companion a year ago, and have been refining it ever since. Try it: https://ift.tt/QJhH3w0 or available as an extension for Firefox / Chrome: [0]. Most AI summarization strips the voices from conversations by flattening threads into a wall of text. This kills the joy of reading HN discussions. Instead, HN Companion works differently - it understands the thread hierarchy, the voting patterns and contrasting viewpoints - everything that makes HN interesting. Think of it like clustering related discussions across multiple hierarchies into a group and surfacing the comments that represent each cluster. It keeps the verbatim text with backlinks so that you never lose context and can continue the conversation from that point. Here is how the summarization works under the hood [1]. We first built this as an open source browser extension. But soon we learned that people hesitate to install it. So we built the same experience as a web app with all the features. This helped people see how it works, and use it on mobile too (in the browser or as PWA). This is now a playground to try new features before taking them to the browser extension. We did a Show HN a year ago [2] and we have added these features based on user feedback: * cached summaries - summaries are generated and cached on our servers. This improved the speed significantly. You still have the option to use your own API key or use local models through Ollama. * our system prompt is available in the Settings page of the extension. You can customize it as you wish. * sort the posts in the feed pages (/home, /show etc.) based on points, comments, time or the default sorting order. * We tried fine tuning an open weights model to summarize, but learned that with a good system prompt and user prompt, the frontier models deliver results of similar quality. So we didn’t use the fine-tuned model, but you can run them locally. The browser extension does not track any usage or analytics. The code is open source[3]. We want to continue to improve HN Companion, specifically add features like following an author, notes about an author, draft posts etc. See it in action for a post here https://ift.tt/E6Dt8TH We would love to get your feedback on what would make this more useful for your HN reading. [0] https://ift.tt/F93hENT [1] https://ift.tt/A1YCkH4 [2] https://ift.tt/oi0hv28 [3] https://ift.tt/Q4GcUiz
8 by georgeck | 2 comments on Hacker News.
HN is all about the rich discussions. We wanted to take the HN experience one step further - to bring the familiar keyboard-first navigation, find interesting viewpoints in the threads and get a gist of long threads so that we can decide which rabbit holes to explore. So we built HN Companion a year ago, and have been refining it ever since. Try it: https://ift.tt/QJhH3w0 or available as an extension for Firefox / Chrome: [0]. Most AI summarization strips the voices from conversations by flattening threads into a wall of text. This kills the joy of reading HN discussions. Instead, HN Companion works differently - it understands the thread hierarchy, the voting patterns and contrasting viewpoints - everything that makes HN interesting. Think of it like clustering related discussions across multiple hierarchies into a group and surfacing the comments that represent each cluster. It keeps the verbatim text with backlinks so that you never lose context and can continue the conversation from that point. Here is how the summarization works under the hood [1]. We first built this as an open source browser extension. But soon we learned that people hesitate to install it. So we built the same experience as a web app with all the features. This helped people see how it works, and use it on mobile too (in the browser or as PWA). This is now a playground to try new features before taking them to the browser extension. We did a Show HN a year ago [2] and we have added these features based on user feedback: * cached summaries - summaries are generated and cached on our servers. This improved the speed significantly. You still have the option to use your own API key or use local models through Ollama. * our system prompt is available in the Settings page of the extension. You can customize it as you wish. * sort the posts in the feed pages (/home, /show etc.) based on points, comments, time or the default sorting order. * We tried fine tuning an open weights model to summarize, but learned that with a good system prompt and user prompt, the frontier models deliver results of similar quality. So we didn’t use the fine-tuned model, but you can run them locally. The browser extension does not track any usage or analytics. The code is open source[3]. We want to continue to improve HN Companion, specifically add features like following an author, notes about an author, draft posts etc. See it in action for a post here https://ift.tt/E6Dt8TH We would love to get your feedback on what would make this more useful for your HN reading. [0] https://ift.tt/F93hENT [1] https://ift.tt/A1YCkH4 [2] https://ift.tt/oi0hv28 [3] https://ift.tt/Q4GcUiz
Monday, February 9, 2026
Sunday, February 8, 2026
Saturday, February 7, 2026
Friday, February 6, 2026
New top story on Hacker News: Show HN: Daily-updated database of malicious browser extensions
Show HN: Daily-updated database of malicious browser extensions
7 by toborrm9 | 3 comments on Hacker News.
Hey HN, I built an automated system that tracks malicious Chrome/Edge extensions daily. The database updates automatically by monitoring chrome-stats for removed extensions and scanning security blogs. Currently tracking 1000+ known malicious extensions with extension IDs, names, and dates. I'm working on detection tools (GUI + CLI) to scan locally installed extensions against this database, but wanted to share the raw data first since maintained threat intelligence lists like this are hard to find. The automation runs 24/7 and pushes updates to GitHub. Free to use for research, integration into security tools, or whatever you need. Happy to answer questions about the scraping approach or data collection methods.
7 by toborrm9 | 3 comments on Hacker News.
Hey HN, I built an automated system that tracks malicious Chrome/Edge extensions daily. The database updates automatically by monitoring chrome-stats for removed extensions and scanning security blogs. Currently tracking 1000+ known malicious extensions with extension IDs, names, and dates. I'm working on detection tools (GUI + CLI) to scan locally installed extensions against this database, but wanted to share the raw data first since maintained threat intelligence lists like this are hard to find. The automation runs 24/7 and pushes updates to GitHub. Free to use for research, integration into security tools, or whatever you need. Happy to answer questions about the scraping approach or data collection methods.
Thursday, February 5, 2026
Wednesday, February 4, 2026
Tuesday, February 3, 2026
New top story on Hacker News: Show HN: PII-Shield – Log Sanitization Sidecar with JSON Integrity (Go, Entropy)
Show HN: PII-Shield – Log Sanitization Sidecar with JSON Integrity (Go, Entropy)
5 by aragoss | 1 comments on Hacker News.
What PII-Shield does: It's a K8s sidecar (or CLI tool) that pipes application logs, detects secrets using Shannon entropy (catching unknown keys like "sk-live-..." without predefined patterns), and redacts them deterministically using HMAC. Why deterministic? So that "pass123" always hashes to the same "[HIDDEN:a1b2c]", allowing QA/Devs to correlate errors without seeing the raw data. Key features: 1. JSON Integrity: It parses JSON, sanitizes values, and rebuilds it. It guarantees valid JSON output for your SIEM (ELK/Datadog). 2. Entropy Detection: Uses context-aware entropy analysis to catch high-randomness strings. 3. Fail-Open: Designed as a transparent pipe wrapper to preserve app uptime. The project is open-source (Apache 2.0). Repo: https://ift.tt/HKyvbBL Docs: https://pii-shield.gitbook.io/docs/ I'd love your feedback on the entropy/threshold logic!
5 by aragoss | 1 comments on Hacker News.
What PII-Shield does: It's a K8s sidecar (or CLI tool) that pipes application logs, detects secrets using Shannon entropy (catching unknown keys like "sk-live-..." without predefined patterns), and redacts them deterministically using HMAC. Why deterministic? So that "pass123" always hashes to the same "[HIDDEN:a1b2c]", allowing QA/Devs to correlate errors without seeing the raw data. Key features: 1. JSON Integrity: It parses JSON, sanitizes values, and rebuilds it. It guarantees valid JSON output for your SIEM (ELK/Datadog). 2. Entropy Detection: Uses context-aware entropy analysis to catch high-randomness strings. 3. Fail-Open: Designed as a transparent pipe wrapper to preserve app uptime. The project is open-source (Apache 2.0). Repo: https://ift.tt/HKyvbBL Docs: https://pii-shield.gitbook.io/docs/ I'd love your feedback on the entropy/threshold logic!
Monday, February 2, 2026
Sunday, February 1, 2026
Saturday, January 31, 2026
New top story on Hacker News: US has investigated claims WhatsApp chats aren't private
US has investigated claims WhatsApp chats aren't private
7 by 1vuio0pswjnm7 | 183 comments on Hacker News.
https://ift.tt/oy0dAnH https://ift.tt/C38mIZc...
7 by 1vuio0pswjnm7 | 183 comments on Hacker News.
https://ift.tt/oy0dAnH https://ift.tt/C38mIZc...
Friday, January 30, 2026
Thursday, January 29, 2026
Wednesday, January 28, 2026
New top story on Hacker News: Show HN: SHDL – A minimal hardware description language built from logic gates
Show HN: SHDL – A minimal hardware description language built from logic gates
3 by rafa_rrayes | 0 comments on Hacker News.
Hi, everyone! I built SHDL (Simple Hardware Description Language) as an experiment in stripping hardware description down to its absolute fundamentals. In SHDL, there are no arithmetic operators, no implicit bit widths, and no high-level constructs. You build everything explicitly from logic gates and wires, and then compose larger components hierarchically. The goal is not synthesis or performance, but understanding: what digital systems actually look like when abstractions are removed. SHDL is accompanied by PySHDL, a Python interface that lets you load circuits, poke inputs, step the simulation, and observe outputs. Under the hood, SHDL compiles circuits to C for fast execution, but the language itself remains intentionally small and transparent. This is not meant to replace Verilog or VHDL. It’s aimed at: - learning digital logic from first principles - experimenting with HDL and language design - teaching or visualizing how complex hardware emerges from simple gates. I would especially appreciate feedback on: - the language design choices - what feels unnecessarily restrictive vs. educationally valuable - whether this kind of “anti-abstraction” HDL is useful to you. Repo: https://ift.tt/badwTOC Python package: PySHDL on PyPI To make this concrete, here are a few small working examples written in SHDL: 1. Full Adder component FullAdder(A, B, Cin) -> (Sum, Cout) { x1: XOR; a1: AND; x2: XOR; a2: AND; o1: OR; connect { A -> x1.A; B -> x1.B; A -> a1.A; B -> a1.B; x1.O -> x2.A; Cin -> x2.B; x1.O -> a2.A; Cin -> a2.B; a1.O -> o1.A; a2.O -> o1.B; x2.O -> Sum; o1.O -> Cout; } } 2. 16 bit register # clk must be high for two cycles to store a value component Register16(In[16], clk) -> (Out[16]) { >i[16]{ a1{i}: AND; a2{i}: AND; not1{i}: NOT; nor1{i}: NOR; nor2{i}: NOR; } connect { >i[16]{ # Capture on clk In[{i}] -> a1{i}.A; In[{i}] -> not1{i}.A; not1{i}.O -> a2{i}.A; clk -> a1{i}.B; clk -> a2{i}.B; a1{i}.O -> nor1{i}.A; a2{i}.O -> nor2{i}.A; nor1{i}.O -> nor2{i}.B; nor2{i}.O -> nor1{i}.B; nor2{i}.O -> Out[{i}]; } } } 3. 16-bit Ripple-Carry Adder use fullAdder::{FullAdder}; component Adder16(A[16], B[16], Cin) -> (Sum[16], Cout) { >i[16]{ fa{i}: FullAdder; } connect { A[1] -> fa1.A; B[1] -> fa1.B; Cin -> fa1.Cin; fa1.Sum -> Sum[1]; >i[2,16]{ A[{i}] -> fa{i}.A; B[{i}] -> fa{i}.B; fa{i-1}.Cout -> fa{i}.Cin; fa{i}.Sum -> Sum[{i}]; } fa16.Cout -> Cout; } }
3 by rafa_rrayes | 0 comments on Hacker News.
Hi, everyone! I built SHDL (Simple Hardware Description Language) as an experiment in stripping hardware description down to its absolute fundamentals. In SHDL, there are no arithmetic operators, no implicit bit widths, and no high-level constructs. You build everything explicitly from logic gates and wires, and then compose larger components hierarchically. The goal is not synthesis or performance, but understanding: what digital systems actually look like when abstractions are removed. SHDL is accompanied by PySHDL, a Python interface that lets you load circuits, poke inputs, step the simulation, and observe outputs. Under the hood, SHDL compiles circuits to C for fast execution, but the language itself remains intentionally small and transparent. This is not meant to replace Verilog or VHDL. It’s aimed at: - learning digital logic from first principles - experimenting with HDL and language design - teaching or visualizing how complex hardware emerges from simple gates. I would especially appreciate feedback on: - the language design choices - what feels unnecessarily restrictive vs. educationally valuable - whether this kind of “anti-abstraction” HDL is useful to you. Repo: https://ift.tt/badwTOC Python package: PySHDL on PyPI To make this concrete, here are a few small working examples written in SHDL: 1. Full Adder component FullAdder(A, B, Cin) -> (Sum, Cout) { x1: XOR; a1: AND; x2: XOR; a2: AND; o1: OR; connect { A -> x1.A; B -> x1.B; A -> a1.A; B -> a1.B; x1.O -> x2.A; Cin -> x2.B; x1.O -> a2.A; Cin -> a2.B; a1.O -> o1.A; a2.O -> o1.B; x2.O -> Sum; o1.O -> Cout; } } 2. 16 bit register # clk must be high for two cycles to store a value component Register16(In[16], clk) -> (Out[16]) { >i[16]{ a1{i}: AND; a2{i}: AND; not1{i}: NOT; nor1{i}: NOR; nor2{i}: NOR; } connect { >i[16]{ # Capture on clk In[{i}] -> a1{i}.A; In[{i}] -> not1{i}.A; not1{i}.O -> a2{i}.A; clk -> a1{i}.B; clk -> a2{i}.B; a1{i}.O -> nor1{i}.A; a2{i}.O -> nor2{i}.A; nor1{i}.O -> nor2{i}.B; nor2{i}.O -> nor1{i}.B; nor2{i}.O -> Out[{i}]; } } } 3. 16-bit Ripple-Carry Adder use fullAdder::{FullAdder}; component Adder16(A[16], B[16], Cin) -> (Sum[16], Cout) { >i[16]{ fa{i}: FullAdder; } connect { A[1] -> fa1.A; B[1] -> fa1.B; Cin -> fa1.Cin; fa1.Sum -> Sum[1]; >i[2,16]{ A[{i}] -> fa{i}.A; B[{i}] -> fa{i}.B; fa{i-1}.Cout -> fa{i}.Cin; fa{i}.Sum -> Sum[{i}]; } fa16.Cout -> Cout; } }
Tuesday, January 27, 2026
New top story on Hacker News: A few random notes from Claude coding quite a bit last few weeks
A few random notes from Claude coding quite a bit last few weeks
52 by bigwheels | 68 comments on Hacker News.
https://ift.tt/GA9S5Ux
52 by bigwheels | 68 comments on Hacker News.
https://ift.tt/GA9S5Ux
Monday, January 26, 2026
Sunday, January 25, 2026
Saturday, January 24, 2026
New top story on Hacker News: Ask HN: Gmail spam filtering suddenly marking everything as spam?
Ask HN: Gmail spam filtering suddenly marking everything as spam?
32 by goopthink | 46 comments on Hacker News.
Almost all transactional emails are being marked as suspicious even when their SPF/DKIM records are fine and they’ve been whitelisted before. Did Google break something in gmail/spam filtering?
32 by goopthink | 46 comments on Hacker News.
Almost all transactional emails are being marked as suspicious even when their SPF/DKIM records are fine and they’ve been whitelisted before. Did Google break something in gmail/spam filtering?
Friday, January 23, 2026
Thursday, January 22, 2026
New top story on Hacker News: Show HN: Synesthesia, make noise music with a colorpicker
Show HN: Synesthesia, make noise music with a colorpicker
3 by tevans3 | 0 comments on Hacker News.
This is a (silly, little) app which lets you make noise music using a color picker as an instrument. When you click on a specific point in the color picker, a bit of JavaScript maps the binary representation of the clicked-on color's hex-code to a "chord" in the 24 tone-equal-temperament scale. That chord is then played back using a throttled audio generation method which was implemented via Tone.js. NOTE! Turn the volume way down before using the site. It is noise music. :)
3 by tevans3 | 0 comments on Hacker News.
This is a (silly, little) app which lets you make noise music using a color picker as an instrument. When you click on a specific point in the color picker, a bit of JavaScript maps the binary representation of the clicked-on color's hex-code to a "chord" in the 24 tone-equal-temperament scale. That chord is then played back using a throttled audio generation method which was implemented via Tone.js. NOTE! Turn the volume way down before using the site. It is noise music. :)
Wednesday, January 21, 2026
Tuesday, January 20, 2026
Monday, January 19, 2026
Sunday, January 18, 2026
Saturday, January 17, 2026
New top story on Hacker News: For me, Hacker News is probably the best community on the internet
For me, Hacker News is probably the best community on the internet
14 by DenisDolya | 6 comments on Hacker News.
For me, Hacker News is probably the best community on the internet. It’s not like others. Take Reddit, for example: at first glance it seems better, with tons of subreddits. But for a beginner, there is no real main entrance. With a new account, it’s a challenge - first you wait 5 days, then you need to earn karma just to post or comment in popular subreddits. On Twitter, you have to spend a long time building followers, or buy a checkmark, just to get access to recommendations. On Hacker News, everything feels right even if you are a beginner. Your post appears in the “new” feed, where everyone can see it. Karma is not so limiting here. At the start, you can make one post a day and a few comments, and after reaching just 10 karma, you become almost a full user - free to participate, contribute, and enjoy the platform. Hacker News is a place that survived the revolution of the modern internet and remained true to itself. A place without subscribers, paid boosts, or artificial promotion. The most important thing that keeps this world going is our elders people who preserve this spirit with discipline, guiding others who may have strayed from the path. HN is where the good, clean internet has survived after all these years. And I truly hope it will always stay this way. Thanks, HN.
14 by DenisDolya | 6 comments on Hacker News.
For me, Hacker News is probably the best community on the internet. It’s not like others. Take Reddit, for example: at first glance it seems better, with tons of subreddits. But for a beginner, there is no real main entrance. With a new account, it’s a challenge - first you wait 5 days, then you need to earn karma just to post or comment in popular subreddits. On Twitter, you have to spend a long time building followers, or buy a checkmark, just to get access to recommendations. On Hacker News, everything feels right even if you are a beginner. Your post appears in the “new” feed, where everyone can see it. Karma is not so limiting here. At the start, you can make one post a day and a few comments, and after reaching just 10 karma, you become almost a full user - free to participate, contribute, and enjoy the platform. Hacker News is a place that survived the revolution of the modern internet and remained true to itself. A place without subscribers, paid boosts, or artificial promotion. The most important thing that keeps this world going is our elders people who preserve this spirit with discipline, guiding others who may have strayed from the path. HN is where the good, clean internet has survived after all these years. And I truly hope it will always stay this way. Thanks, HN.
Friday, January 16, 2026
New top story on Hacker News: The Alignment Game
The Alignment Game
8 by dmvaldman | 0 comments on Hacker News.
https://docs.google.com/spreadsheets/d/1BYh9ZtEv4k7xoSXmtf1q...
8 by dmvaldman | 0 comments on Hacker News.
https://docs.google.com/spreadsheets/d/1BYh9ZtEv4k7xoSXmtf1q...
Thursday, January 15, 2026
Wednesday, January 14, 2026
New top story on Hacker News: Show HN: A fast CLI and MCP server for managing Lambda cloud GPU instances
Show HN: A fast CLI and MCP server for managing Lambda cloud GPU instances
2 by odedfalik | 2 comments on Hacker News.
I built an unofficial CLI and MCP server for Lambda cloud GPU instances. The main idea: your AI agents can now spin up and manage Lambda GPUs for you. The MCP server exposes tools to find, launch, and terminate instances. Add it to Claude Code, Cursor, or any agent with one command and you can say things like "launch an H100, ssh in, and run big_job.py" Other features: - Notifications via Slack, Discord, or Telegram when instances are SSH-ready - 1Password support for API keys - Also includes a standalone CLI with the same functionality Written in Rust. MIT licensed. Note: This is an unofficial community project, not affiliated with Lambda.
2 by odedfalik | 2 comments on Hacker News.
I built an unofficial CLI and MCP server for Lambda cloud GPU instances. The main idea: your AI agents can now spin up and manage Lambda GPUs for you. The MCP server exposes tools to find, launch, and terminate instances. Add it to Claude Code, Cursor, or any agent with one command and you can say things like "launch an H100, ssh in, and run big_job.py" Other features: - Notifications via Slack, Discord, or Telegram when instances are SSH-ready - 1Password support for API keys - Also includes a standalone CLI with the same functionality Written in Rust. MIT licensed. Note: This is an unofficial community project, not affiliated with Lambda.
Tuesday, January 13, 2026
Monday, January 12, 2026
New top story on Hacker News: Unauthenticated remote code execution in OpenCode
Unauthenticated remote code execution in OpenCode
30 by CyberShadow | 1 comments on Hacker News.
Previous versions of OpenCode started a server which allowed any website visited in a web browser to execute arbitrary commands on the local machine. Make sure you are using v1.1.10 or newer; see link for more details.
30 by CyberShadow | 1 comments on Hacker News.
Previous versions of OpenCode started a server which allowed any website visited in a web browser to execute arbitrary commands on the local machine. Make sure you are using v1.1.10 or newer; see link for more details.
Sunday, January 11, 2026
Saturday, January 10, 2026
Friday, January 9, 2026
New top story on Hacker News: Scientists discover oldest poison, on 60k-year-old arrows
Scientists discover oldest poison, on 60k-year-old arrows
11 by noleary | 1 comments on Hacker News.
https://ift.tt/S4tKpZ3
11 by noleary | 1 comments on Hacker News.
https://ift.tt/S4tKpZ3
Thursday, January 8, 2026
Wednesday, January 7, 2026
New top story on Hacker News: Polymarket refuses to pay bets that US would 'invade' Venezuela
Polymarket refuses to pay bets that US would 'invade' Venezuela
66 by petethomas | 33 comments on Hacker News.
https://ift.tt/taIlTUL
66 by petethomas | 33 comments on Hacker News.
https://ift.tt/taIlTUL
Tuesday, January 6, 2026
Monday, January 5, 2026
Sunday, January 4, 2026
New top story on Hacker News: Show HN: Hover – IDE style hover documentation on any webpage
Show HN: Hover – IDE style hover documentation on any webpage
8 by sampsonj | 0 comments on Hacker News.
I thought it would be interesting to have ID style hover docs outside the IDE. Hover is a Chrome extension that gives you IDE style hover tooltips on any webpage: documentation sites, ChatGPT, Claude, etc. How it works: - When a code block comes into view, the extension detects tokens and sends the code to an LLM (via OpenRouter or custom endpoint) - The LLM generates documentation for tokens worth documenting, which gets cached - On hover, the cached documentation is displayed instantly A few things I wanted to get right: - Website permissions are granular and use Chrome's permission system, so the extension only runs where you allow it - Custom endpoints let you skip OpenRouter entirely – if you're at a company with its own infra, you can point it at AWS Bedrock, Google AI Studio, or whatever you have Built with TypeScript, Vite, and the Chrome extension APIs. Coming to the Chrome Web Store soon. Would love feedback on the onboarding experience and general UX – there were a lot of design decisions I wasn't sure about. Happy to answer questions about the implementation.
8 by sampsonj | 0 comments on Hacker News.
I thought it would be interesting to have ID style hover docs outside the IDE. Hover is a Chrome extension that gives you IDE style hover tooltips on any webpage: documentation sites, ChatGPT, Claude, etc. How it works: - When a code block comes into view, the extension detects tokens and sends the code to an LLM (via OpenRouter or custom endpoint) - The LLM generates documentation for tokens worth documenting, which gets cached - On hover, the cached documentation is displayed instantly A few things I wanted to get right: - Website permissions are granular and use Chrome's permission system, so the extension only runs where you allow it - Custom endpoints let you skip OpenRouter entirely – if you're at a company with its own infra, you can point it at AWS Bedrock, Google AI Studio, or whatever you have Built with TypeScript, Vite, and the Chrome extension APIs. Coming to the Chrome Web Store soon. Would love feedback on the onboarding experience and general UX – there were a lot of design decisions I wasn't sure about. Happy to answer questions about the implementation.
Saturday, January 3, 2026
Friday, January 2, 2026
Thursday, January 1, 2026
New top story on Hacker News: Show HN: Feature detection exploration in Lidar DEMs via differential decomp
Show HN: Feature detection exploration in Lidar DEMs via differential decomp
3 by DarkForestery | 0 comments on Hacker News.
I'm not a geospatial expert — I work in AI/ML. This started when I was exploring LiDAR data with agentic assitince and noticed that different signal decomposition methods revealed different terrain features. The core idea: if you systematically combine decomposition methods (Gaussian, bilateral, wavelet, morphological, etc.) with different upsampling techniques, each combination has characteristic "failure modes" that selectively preserve or eliminate certain features. The differences between outputs become feature-specific filters. The framework tests 25 decomposition × 19 upsampling methods across parameter ranges — about 40,000 combinations total. The visualization grid makes it easy to compare which methods work for what. Built in Cursor with Opus 4.5, NumPy, SciPy, scikit-image, PyWavelets, and OpenCV. Apache 2.0 licensed. I'd appreciate feedback from anyone who actually works with elevation data. What am I missing? What's obvious to practitioners that I wouldn't know?
3 by DarkForestery | 0 comments on Hacker News.
I'm not a geospatial expert — I work in AI/ML. This started when I was exploring LiDAR data with agentic assitince and noticed that different signal decomposition methods revealed different terrain features. The core idea: if you systematically combine decomposition methods (Gaussian, bilateral, wavelet, morphological, etc.) with different upsampling techniques, each combination has characteristic "failure modes" that selectively preserve or eliminate certain features. The differences between outputs become feature-specific filters. The framework tests 25 decomposition × 19 upsampling methods across parameter ranges — about 40,000 combinations total. The visualization grid makes it easy to compare which methods work for what. Built in Cursor with Opus 4.5, NumPy, SciPy, scikit-image, PyWavelets, and OpenCV. Apache 2.0 licensed. I'd appreciate feedback from anyone who actually works with elevation data. What am I missing? What's obvious to practitioners that I wouldn't know?
Subscribe to:
Comments (Atom)