Monks Behaving Badly: Explaining Buddhist Violence in Asia
2 by surprisetalk | 0 comments on Hacker News.
2 by surprisetalk | 0 comments on Hacker News.
Show HN: Voiden – a free, offline, Git-native API Client
12 by kiselitza | 8 comments on Hacker News.
Hey HN! Aldin here, a helping hand to Voiden ( https://voiden.md ) Voiden is a free, offline, Git-native API client. Your API definitions, docs, and tests all live together. It came out of years of frustration: cloud sync lock-in, paywalled basics, bloated UIs, and lag on even simple requests. So the team built the opposite: an offline tool with no login, no telemetry, no lock-in. Just markdown and hotkeys. It behaves like code: local files, git branches, no cloud nonsense. Terminal is built-in, so you can commit, diff, and push changes right from the app. Docs stay close to your requests, so that API spec and what the API actually does never drift apart. No more scattered Postman, docs, and test files everywhere. A single source of truth. A minimalist GET request looks something like this: GET https://ift.tt/dJrcfvx Just hit /endpoint, paste the URL, and run it with Cmd/Ctrl + Enter. Not OSS (yet), but 100% local and free.Optional plugins will be coming down the line, but the core stays free. We'd love feedback from folks tired of overcomplicated and bloated API tooling.
12 by kiselitza | 8 comments on Hacker News.
Hey HN! Aldin here, a helping hand to Voiden ( https://voiden.md ) Voiden is a free, offline, Git-native API client. Your API definitions, docs, and tests all live together. It came out of years of frustration: cloud sync lock-in, paywalled basics, bloated UIs, and lag on even simple requests. So the team built the opposite: an offline tool with no login, no telemetry, no lock-in. Just markdown and hotkeys. It behaves like code: local files, git branches, no cloud nonsense. Terminal is built-in, so you can commit, diff, and push changes right from the app. Docs stay close to your requests, so that API spec and what the API actually does never drift apart. No more scattered Postman, docs, and test files everywhere. A single source of truth. A minimalist GET request looks something like this: GET https://ift.tt/dJrcfvx Just hit /endpoint, paste the URL, and run it with Cmd/Ctrl + Enter. Not OSS (yet), but 100% local and free.Optional plugins will be coming down the line, but the core stays free. We'd love feedback from folks tired of overcomplicated and bloated API tooling.
The Blowtorch Theory: A New Model for Structure Formation in the Universe
23 by surprisetalk | 3 comments on Hacker News.
23 by surprisetalk | 3 comments on Hacker News.
Show HN: Loodio 2 – A Simple Rechargable Bathroom Privacy Device
6 by testmasterflex | 1 comments on Hacker News.
Hey HN! I posted here some years ago trying to raise money for a Kickstarter for a product I call Loodio. Loodio is a motion activated music player for bathrooms that plays music during the bathroom visit to give users privacy during their sacred moments. The kickstarter failed, but I managed to create a product eventually with a lot of effort. I managed to sell 150 units of the first unit, mostly to United States but to all different parts of the world while working on the next version. The problem with the first version was that it was running on a Raspberry Pi Zero W (that had to be wall connected) and it was pretty big, had crappy sound and took a minute to start since it had to boot a whole linux system. I was running it on a python script and unix services. To add music, people had to SSH into the unit so you can imagine how painful that was for some. However customers loved it! But I knew I could do better. The most common request was battery operation. Here are some reviews of version 1: https://ift.tt/vwcUmLz I'm proud to say that Loodio 2 is finally here and is working like I imagined when I started working on it almost 5 years ago now. Loodio 2 introduces battery operation with 1 week of battery life (~5 hours of active operation).It has great sound and an easy way to add your own music with SD card support (4GB included). It doesn't require any app. Can be run without WiFi (however you lose some features like internet radio, time updates, software updates and weather) Why does it have a display, you may ask?Because, I used to have an electric toothbrush that came with a display. That display showed how long you were brushing to make sure you did your 2 minutes per brush.When I wasn't brushing my teeth, it showed the current time. And I stopped using the electric tooth brush (because a dentist told me they are too harsh on your teeth) but kept the display for probably 5 years afterwards because I noticed I really want to know the time while getting ready for school/work in the morning.Another thing I noticed was that I always check the weather outside, so I could dress appropriately. So, Loodio shows you the time and weather (optionally) as well as playing music during your visit. These features together with the lights, are features that I think people don't expect to use but with time becomes as important as the music. Customer interviews verify this. I wasted a lot of money trying to outsource the development the first 18 months. I then decided to start doing it myself.The version I'm selling is actually the 25th(!) iteration of the product. The problem with hardware is that it takes you around a month to iterate a circuit (if you don't live next to the factory in Shenzhen) because of the cycle 'Designing->Order from China->Testing->Repeat'. And I had no experience of electronics when starting out. The enclosure is made from empty PCBs to save money for injection tooling later. It looks pretty cool. But mainly, works great! I want to give credit to Tadeusz Karpinski and Velimir Stoleski that ported my crappy python script to the ESP32 that is running Loodio 2. You need to try it! I really think you're gonna like it! https://loodio.com
6 by testmasterflex | 1 comments on Hacker News.
Hey HN! I posted here some years ago trying to raise money for a Kickstarter for a product I call Loodio. Loodio is a motion activated music player for bathrooms that plays music during the bathroom visit to give users privacy during their sacred moments. The kickstarter failed, but I managed to create a product eventually with a lot of effort. I managed to sell 150 units of the first unit, mostly to United States but to all different parts of the world while working on the next version. The problem with the first version was that it was running on a Raspberry Pi Zero W (that had to be wall connected) and it was pretty big, had crappy sound and took a minute to start since it had to boot a whole linux system. I was running it on a python script and unix services. To add music, people had to SSH into the unit so you can imagine how painful that was for some. However customers loved it! But I knew I could do better. The most common request was battery operation. Here are some reviews of version 1: https://ift.tt/vwcUmLz I'm proud to say that Loodio 2 is finally here and is working like I imagined when I started working on it almost 5 years ago now. Loodio 2 introduces battery operation with 1 week of battery life (~5 hours of active operation).It has great sound and an easy way to add your own music with SD card support (4GB included). It doesn't require any app. Can be run without WiFi (however you lose some features like internet radio, time updates, software updates and weather) Why does it have a display, you may ask?Because, I used to have an electric toothbrush that came with a display. That display showed how long you were brushing to make sure you did your 2 minutes per brush.When I wasn't brushing my teeth, it showed the current time. And I stopped using the electric tooth brush (because a dentist told me they are too harsh on your teeth) but kept the display for probably 5 years afterwards because I noticed I really want to know the time while getting ready for school/work in the morning.Another thing I noticed was that I always check the weather outside, so I could dress appropriately. So, Loodio shows you the time and weather (optionally) as well as playing music during your visit. These features together with the lights, are features that I think people don't expect to use but with time becomes as important as the music. Customer interviews verify this. I wasted a lot of money trying to outsource the development the first 18 months. I then decided to start doing it myself.The version I'm selling is actually the 25th(!) iteration of the product. The problem with hardware is that it takes you around a month to iterate a circuit (if you don't live next to the factory in Shenzhen) because of the cycle 'Designing->Order from China->Testing->Repeat'. And I had no experience of electronics when starting out. The enclosure is made from empty PCBs to save money for injection tooling later. It looks pretty cool. But mainly, works great! I want to give credit to Tadeusz Karpinski and Velimir Stoleski that ported my crappy python script to the ESP32 that is running Loodio 2. You need to try it! I really think you're gonna like it! https://loodio.com
Texas' annual reading test adjusted difficulty yearly, masking improvement
31 by cratermoon | 11 comments on Hacker News.
31 by cratermoon | 11 comments on Hacker News.
Comprehensive Analysis of De-Anonymization Attacks Against the Privacy Coin XMR
43 by DbigCOX | 2 comments on Hacker News.
43 by DbigCOX | 2 comments on Hacker News.
Show HN: Wetlands – a lightweight Python library for managing Conda environments
7 by arthursw | 5 comments on Hacker News.
When building a plugin system for an application, avoiding dependency conflicts is critical. To address this, I created Wetlands – a lightweight Conda environment manager. Wetlands not only simplifies the creation of isolated Conda environments with specific dependencies, but also allows you to run arbitrary Python code within those environments and retrieve the results. It uses the multiprocessing.connection and pickle modules for inter-process communication. Additionally, one can easily use shared memory between the environments, making data exchange more efficient. Docs: https://ift.tt/euU3Tbo Source: https://ift.tt/xqr7m92 I’d really appreciate any feedback. Thanks!
7 by arthursw | 5 comments on Hacker News.
When building a plugin system for an application, avoiding dependency conflicts is critical. To address this, I created Wetlands – a lightweight Conda environment manager. Wetlands not only simplifies the creation of isolated Conda environments with specific dependencies, but also allows you to run arbitrary Python code within those environments and retrieve the results. It uses the multiprocessing.connection and pickle modules for inter-process communication. Additionally, one can easily use shared memory between the environments, making data exchange more efficient. Docs: https://ift.tt/euU3Tbo Source: https://ift.tt/xqr7m92 I’d really appreciate any feedback. Thanks!
XAI to pay Telegram $300M to integrate Grok into the chat app
10 by freetonik | 0 comments on Hacker News.
10 by freetonik | 0 comments on Hacker News.
Show HN: Tesseral – Open-Source Auth
27 by ucarion | 8 comments on Hacker News.
Hi folks! I'm Ulysse, and Tesseral ( https://ift.tt/O6U7qux ) is open-source auth for B2B SaaS. Early in my career, I worked on enterprise auth and security features at Segment. I've been obsessed with the subtle details of enterprise software ever since. For example, I wrote an implementation of SAML in the early days of the COVID pandemic because I thought it was fun. Over the years, I've felt frustrated that too few people have seemed interested in making auth obvious for developers of business software. Auth really doesn't need to be so confusing. We made Tesseral to help software engineers get B2B auth exactly right – and focus their energy on building the features that users want. You can use Tesseral to stand up a login page, authenticate your users, and manage their access to resources. Think of it like Auth0 or Clerk, but open source and built specifically for B2B apps. Among other things, that means that it’s designed for B2B multi-tenancy and includes enterprise-ready features like single sign-on (SAML SSO), multi-factor authentication (MFA), SCIM provisioning, and role-based access control (RBAC). For those who expose public APIs, you can use Tesseral to manage API keys for your customers. You can even limit the scope of API keys to specific actions by using our RBAC feature. We've taken care to make Tesseral powerful and secure enough to power real enterprise software but still leave it simple enough for any software developer to use. You don't have to be a security expert to implement Tesseral. (By default, therefore, Tesseral imposes a few opinions. Let us know if you have a good reason to do something unusual, and we'll work something out.) If you want to experiment with Tesseral, you can host it yourself or use our hosted service. The hosted service lives at https://ift.tt/p9aAli8 . You can find documentation here: https://ift.tt/3Zm25a4 . Here are a few simple demos: https://www.youtube.com/watch?v=IhYPzz3vB54 https://www.youtube.com/watch?v=t-JJ8TNjqNU https://www.youtube.com/watch?v=mwthBIRZO8k We're in the early stages of the project, so we still have some gaps. We have more features, bug fixes, SDKs, and documentation on the way. What have we missed? What can we do better? We're eager to hear from the community!
27 by ucarion | 8 comments on Hacker News.
Hi folks! I'm Ulysse, and Tesseral ( https://ift.tt/O6U7qux ) is open-source auth for B2B SaaS. Early in my career, I worked on enterprise auth and security features at Segment. I've been obsessed with the subtle details of enterprise software ever since. For example, I wrote an implementation of SAML in the early days of the COVID pandemic because I thought it was fun. Over the years, I've felt frustrated that too few people have seemed interested in making auth obvious for developers of business software. Auth really doesn't need to be so confusing. We made Tesseral to help software engineers get B2B auth exactly right – and focus their energy on building the features that users want. You can use Tesseral to stand up a login page, authenticate your users, and manage their access to resources. Think of it like Auth0 or Clerk, but open source and built specifically for B2B apps. Among other things, that means that it’s designed for B2B multi-tenancy and includes enterprise-ready features like single sign-on (SAML SSO), multi-factor authentication (MFA), SCIM provisioning, and role-based access control (RBAC). For those who expose public APIs, you can use Tesseral to manage API keys for your customers. You can even limit the scope of API keys to specific actions by using our RBAC feature. We've taken care to make Tesseral powerful and secure enough to power real enterprise software but still leave it simple enough for any software developer to use. You don't have to be a security expert to implement Tesseral. (By default, therefore, Tesseral imposes a few opinions. Let us know if you have a good reason to do something unusual, and we'll work something out.) If you want to experiment with Tesseral, you can host it yourself or use our hosted service. The hosted service lives at https://ift.tt/p9aAli8 . You can find documentation here: https://ift.tt/3Zm25a4 . Here are a few simple demos: https://www.youtube.com/watch?v=IhYPzz3vB54 https://www.youtube.com/watch?v=t-JJ8TNjqNU https://www.youtube.com/watch?v=mwthBIRZO8k We're in the early stages of the project, so we still have some gaps. We have more features, bug fixes, SDKs, and documentation on the way. What have we missed? What can we do better? We're eager to hear from the community!
Launch HN: MindFort (YC X25) – AI agents for continuous pentesting
3 by bveiseh | 0 comments on Hacker News.
Hey HN! We're Brandon, Sam, and Akul from MindFort ( https://mindfort.ai ). We're building autonomous AI agents that continuously find, validate, and patch security vulnerabilities in web applications—essentially creating an AI red team that runs 24/7. Here's a demo: https://ift.tt/MmlRTz8 Security testing today is increasingly challenging. Traditional scanners generate 30-50% false positives, drowning engineering teams in noise. Manual penetration testing happens quarterly at best, costs tens of thousands per assessment, and takes weeks to complete. Meanwhile, teams are shipping code faster than ever with AI assistance, but security reviews have become an even bigger bottleneck. All three of us encountered this problem from different angles. Brandon worked at ProjectDiscovery building the Nuclei scanner, then at NetSPI (one of the largest pen testing firms) building AI tools for testers. Sam was a senior engineer at Salesforce leading security for Tableau. He dealt firsthand with juggling security findings and managing remediations. Akul did his master's on AI and security, co-authored papers on using LLMs for ecurity attacks, and participated in red-teams at OpenAI and Anthropic. We all realized that AI agents were going to fundamentally change security testing, and that the wave of AI-generated code would need an equally powerful solution to keep it secure. We've built AI agents that perform reconnaissance, exploit vulnerabilities, and suggest patches—similar to how a human penetration tester works. The key difference from traditional scanners is that our agents validate exploits in runtime environments before reporting them, reducing false positives. We use multiple foundational models orchestrated together. The agents perform recon to understand the attack surface, then use that context to inform testing strategies. When they find potential vulnerabilities, they spin up isolated environments to validate exploitation. If successful, they analyze the codebase to generate contextual patches. What makes this different from existing tools? Validation through exploitation: We don't just pattern-match—we exploit vulnerabilities to prove they're real; - Codebase integration: The agents understand your code structure to find complex logic bugs and suggest appropriate fixes; - Continuous operation: Instead of point-in-time assessments, we're constantly testing as your code evolves; - Attack chain discovery: The agents can find multi-step vulnerabilities that require chaining different issues together. We're currently in early access, working with initial partners to refine the platform. Our agents are already finding vulnerabilities that other tools miss and scoring well on penetration testing benchmarks. Looking forward to your thoughts and comments!
3 by bveiseh | 0 comments on Hacker News.
Hey HN! We're Brandon, Sam, and Akul from MindFort ( https://mindfort.ai ). We're building autonomous AI agents that continuously find, validate, and patch security vulnerabilities in web applications—essentially creating an AI red team that runs 24/7. Here's a demo: https://ift.tt/MmlRTz8 Security testing today is increasingly challenging. Traditional scanners generate 30-50% false positives, drowning engineering teams in noise. Manual penetration testing happens quarterly at best, costs tens of thousands per assessment, and takes weeks to complete. Meanwhile, teams are shipping code faster than ever with AI assistance, but security reviews have become an even bigger bottleneck. All three of us encountered this problem from different angles. Brandon worked at ProjectDiscovery building the Nuclei scanner, then at NetSPI (one of the largest pen testing firms) building AI tools for testers. Sam was a senior engineer at Salesforce leading security for Tableau. He dealt firsthand with juggling security findings and managing remediations. Akul did his master's on AI and security, co-authored papers on using LLMs for ecurity attacks, and participated in red-teams at OpenAI and Anthropic. We all realized that AI agents were going to fundamentally change security testing, and that the wave of AI-generated code would need an equally powerful solution to keep it secure. We've built AI agents that perform reconnaissance, exploit vulnerabilities, and suggest patches—similar to how a human penetration tester works. The key difference from traditional scanners is that our agents validate exploits in runtime environments before reporting them, reducing false positives. We use multiple foundational models orchestrated together. The agents perform recon to understand the attack surface, then use that context to inform testing strategies. When they find potential vulnerabilities, they spin up isolated environments to validate exploitation. If successful, they analyze the codebase to generate contextual patches. What makes this different from existing tools? Validation through exploitation: We don't just pattern-match—we exploit vulnerabilities to prove they're real; - Codebase integration: The agents understand your code structure to find complex logic bugs and suggest appropriate fixes; - Continuous operation: Instead of point-in-time assessments, we're constantly testing as your code evolves; - Attack chain discovery: The agents can find multi-step vulnerabilities that require chaining different issues together. We're currently in early access, working with initial partners to refine the platform. Our agents are already finding vulnerabilities that other tools miss and scoring well on penetration testing benchmarks. Looking forward to your thoughts and comments!
LLM Codegen go Brrr – Parallelization with Git Worktrees and Tmux
8 by skeptrune | 3 comments on Hacker News.
8 by skeptrune | 3 comments on Hacker News.
Compiler Explorer and the Promise of URLs That Last Forever
43 by anarazel | 12 comments on Hacker News.
43 by anarazel | 12 comments on Hacker News.