frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

1•buildingwdavid•1m ago•0 comments

Show HN: Knowledge-Bank

https://github.com/gabrywu-public/knowledge-bank
1•gabrywu•6m ago•0 comments

Show HN: The Codeverse Hub Linux

https://github.com/TheCodeVerseHub/CodeVerseLinuxDistro
3•sinisterMage•8m ago•0 comments

Take a trip to Japan's Dododo Land, the most irritating place on Earth

https://soranews24.com/2026/02/07/take-a-trip-to-japans-dododo-land-the-most-irritating-place-on-...
2•zdw•8m ago•0 comments

British drivers over 70 to face eye tests every three years

https://www.bbc.com/news/articles/c205nxy0p31o
6•bookofjoe•8m ago•1 comments

BookTalk: A Reading Companion That Captures Your Voice

https://github.com/bramses/BookTalk
1•_bramses•9m ago•0 comments

Is AI "good" yet? – tracking HN's sentiment on AI coding

https://www.is-ai-good-yet.com/#home
1•ilyaizen•10m ago•1 comments

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

https://github.com/BETAER-08/amdb
1•try_betaer•10m ago•0 comments

OpenClaw Partners with VirusTotal for Skill Security

https://openclaw.ai/blog/virustotal-partnership
2•anhxuan•11m ago•0 comments

Show HN: Seedance 2.0 Release

https://seedancy2.com/
2•funnycoding•11m ago•0 comments

Leisure Suit Larry's Al Lowe on model trains, funny deaths and Disney

https://spillhistorie.no/2026/02/06/interview-with-sierra-veteran-al-lowe/
1•thelok•11m ago•0 comments

Towards Self-Driving Codebases

https://cursor.com/blog/self-driving-codebases
1•edwinarbus•11m ago•0 comments

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

https://www.youtube.com/watch?v=YLoXodz1N9A
1•stmw•12m ago•1 comments

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

https://github.com/tchoa91/cog-ext
1•tchoa91•13m ago•1 comments

FOSDEM 26 – My Hallway Track Takeaways

https://sluongng.substack.com/p/fosdem-26-my-hallway-track-takeaways
1•birdculture•14m ago•0 comments

Show HN: Env-shelf – Open-source desktop app to manage .env files

https://env-shelf.vercel.app/
1•ivanglpz•17m ago•0 comments

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

https://almostnode.dev/
1•PetrBrzyBrzek•18m ago•0 comments

Dell support (and hardware) is so bad, I almost sued them

https://blog.joshattic.us/posts/2026-02-07-dell-support-lawsuit
1•radeeyate•18m ago•0 comments

Project Pterodactyl: Incremental Architecture

https://www.jonmsterling.com/01K7/
1•matt_d•19m ago•0 comments

Styling: Search-Text and Other Highlight-Y Pseudo-Elements

https://css-tricks.com/how-to-style-the-new-search-text-and-other-highlight-pseudo-elements/
1•blenderob•21m ago•0 comments

Crypto firm accidentally sends $40B in Bitcoin to users

https://finance.yahoo.com/news/crypto-firm-accidentally-sends-40-055054321.html
1•CommonGuy•21m ago•0 comments

Magnetic fields can change carbon diffusion in steel

https://www.sciencedaily.com/releases/2026/01/260125083427.htm
1•fanf2•22m ago•0 comments

Fantasy football that celebrates great games

https://www.silvestar.codes/articles/ultigamemate/
1•blenderob•22m ago•0 comments

Show HN: Animalese

https://animalese.barcoloudly.com/
1•noreplica•22m ago•0 comments

StrongDM's AI team build serious software without even looking at the code

https://simonwillison.net/2026/Feb/7/software-factory/
3•simonw•23m ago•0 comments

John Haugeland on the failure of micro-worlds

https://blog.plover.com/tech/gpt/micro-worlds.html
1•blenderob•23m ago•0 comments

Show HN: Velocity - Free/Cheaper Linear Clone but with MCP for agents

https://velocity.quest
2•kevinelliott•24m ago•2 comments

Corning Invented a New Fiber-Optic Cable for AI and Landed a $6B Meta Deal [video]

https://www.youtube.com/watch?v=Y3KLbc5DlRs
1•ksec•25m ago•0 comments

Show HN: XAPIs.dev – Twitter API Alternative at 90% Lower Cost

https://xapis.dev
2•nmfccodes•26m ago•1 comments

Near-Instantly Aborting the Worst Pain Imaginable with Psychedelics

https://psychotechnology.substack.com/p/near-instantly-aborting-the-worst
2•eatitraw•32m ago•0 comments
Open in hackernews

You can now uv run a GitHub gist

https://github.com/astral-sh/uv/pull/15058/files
33•BiteCode_dev•6mo ago

Comments

BiteCode_dev•6mo ago
You know how you can "uv run" python code from a text file using just a URL?

No? Well, you can:

uv run https://pastebin.com/raw/RrEWSA5F

And since yesterday, you can even run a github gist:

uv run https://gist.github.com/charliermarsh/ea9eab7f56b1b3d41e5196...

unglaublich•6mo ago
Or more generally, pipe your script into stdin.

> print("hi")' | uv run -

> curl https://pastebin.com/raw/RrEWSA5F | uv run -

abraham•6mo ago
You can also get text from Gists by add .txt

https://gist.github.com/charliermarsh/ea9eab7f56b1b3d41e5196...

BiteCode_dev•6mo ago
This is what the code does more or less.
charcircuit•6mo ago
"uv run" seriously needs a sandbox. Running arbitrary code from arbitrary dependencies with 0 version locking provides no guarantees on what you are actually running.
unglaublich•6mo ago
You can by set dependencies explicitly in the script's header.

https://docs.astral.sh/uv/guides/scripts/#declaring-script-d...

BiteCode_dev•6mo ago
uv run is using virtual envs, that's the de facto standard, and those are sandboxes for python deps. So it already is.

Plus inline deps mean you can pin python versions and 3rd party modules using pyproject.toml syntax in a comment of your script. This is not perfect locking, as it doesn't pin sub dependencies, but it's already more that any other tool out there.

If you want perfect locking, create a project, and use uv lock. You are already in a different category of code.

simonw•6mo ago
OP isn't talking about virtual environment style sandboxing, they're talking about sandboxes that prevent arbitrary code from deleting or stealing any information your user account has access to on your computer.
throwaway290•6mo ago
Run it in a Docker container?
cedws•6mo ago
Docker isn’t a sandbox and shouldn’t be treated like one. Admittedly if I’m going to run untrusted code I’ll run it in Docker, but I’m aware that whatever I’m running could break out. I wouldn’t blindly run some bullshit even in Docker unless I’m 90% sure it’s safe already.
throwaway290•6mo ago
How do you get to 90% sure for code that has any dependencies?
OutOfHere•6mo ago
Why is Docker (or extensions thereof) not a sandbox? Granted, it could access the internet, but that's necessary.
cedws•6mo ago
Docker's primary purpose is to give applications their own namespaces in which they can run without conflict. It does confine applications to their own root filesystem, own process namespace and so on, but this isn't intended as a security boundary. cgroup escapes happen.

Firecracker and gVisor provide much stronger isolation. Both are battle tested; clouds run millions of multi-tenant workloads on these every day. Docker would simply never even be a candidate for this purpose.

integralid•6mo ago
>but I’m aware that whatever I’m running could break out

If you have a working docker escape exploit at hand, that works on unprivileged containers, you can earn some good money. Just saying.

Docker was not created as a sandbox, but people rely on it for security and it is a sandbox at this point. Hell, containerd is one of kuberbetes backends and it absolutely relies on it being a secure sandbox.

BiteCode_dev•6mo ago
This has been attempted many times with python, and always been a failure because of the dynamism of the language, even by big actors.

The solution, therefor, as always been to use the OS tooling for that. Even the .Net ecosystem eventually went into that direction.

The JS ecosystem is making that mistake right now, and will of course, deprecate this API in 10 years after they realize they can't make it secure either unless they basically reimplement BSD jails entirely.

simonw•6mo ago
Deno has had this feature for five years already, since May 2020: https://deno.com/blog/v1
simonw•6mo ago
Implementing sandboxes is really hard... but Astral are demonstrable great at solving hard problems. I dream of them one day saying "we've solved sandboxing for Python scripts" ala Deno https://docs.deno.com/runtime/fundamentals/security/
indigodaddy•6mo ago
There’s lots of options not native to the tool. Just a few:

devbox on MacOS.

distrobox/toolbx on Linux.

Project Bluefin has some really good ideas and concepts about all this: https://docs.projectbluefin.io/bluefin-dx/

rjh29•6mo ago
That's the job of docker or systemd-nspawn. It shouldn't be implemented by every single command.
OutOfHere•6mo ago
devcontainer builds upon it to further the sandbox.
mvieira38•6mo ago
Why is it their job to check for security? Sandboxing would make the ergonomics significantly worse for running quick scripts with uv run --script
cipehr•6mo ago
I took gp’s comment to mean something more like deno. Deno is nice because you can explicitly allow/deny filesystem, network, etc. in an ergonomic way like `—-allow-fs`

So not sure it would necessarily be ergonomically worse. It could even be a new run command `uv srun` or something…

indigodaddy•6mo ago
But uv isn’t a framework, isn’t that the difference, ie why they wouldn’t necessarily think it’s appropriate to delve into that particular territory?
charcircuit•6mo ago
This is like asking why do web browsers need to sandbox javascript. Giving full permissions to untrusted code is an attacker's dream.
kortex•6mo ago
It might be a cool thing for them to provide some kind of container metadata in the `# /// script` block so that e.g. it automatically runs the script in a container.
vs4vijay•6mo ago
Maybe use along with "Pyodide"?
drewbitt•6mo ago
I have seen several Pyodide in Deno implementations lately.
paulbirch•6mo ago
This is an interesting development, especially considering the growing trend of code-sharing platforms. As others have pointed out, this move by GitHub to allow UV to run GitHub Gists blurs the lines between code hosting and execution environments. It's worth noting that this also puts UV in direct competition with other code execution services like Repl. it and Google Colab, both of which have been gaining traction in the developer community. I'm curious to see how UV will differentiate itself in this crowded space.
vs4vijay•6mo ago
Did you even read the article?
kelsolaar•6mo ago
Mmmmh I have been running from gists for ages, just use the full url as parameter...