frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

A one-click link saver for HN to deal with Tab-pocalypse

https://arnipluseinn.com/hacker-news-saver/
1•plsn•4m ago•1 comments

How Knowledge of Organizational Operations Empowers and Alienates (2019) [pdf]

https://www.researchgate.net/publication/334063511_Moving_off_the_Map_How_Knowledge_of_Organizational_Operations_Empowers_and_Alienates
1•thunderbong•16m ago•0 comments

Show HN: Code Palettes – Free color theme generator for code and docs

https://www.codepalettes.com/
1•jakobhautop•18m ago•1 comments

"McKinsey in a Box": The End of Strategic Consulting?

https://knowledge.insead.edu/strategy/mckinsey-box-end-strategic-consulting
1•gfortaine•19m ago•0 comments

BCG models relocating Gazans to Somalia

https://www.ft.com/content/2206da63-4f50-4b74-9f1d-3cbf6b43e0e4
1•KnuthIsGod•26m ago•0 comments

Opensilvershowcase.com: A New Open-Source Hub for OpenSilver Developers

https://opensilvershowcase.com/
1•vasbu•27m ago•0 comments

Virtualbox.org Is Down

https://www.virtualbox.org/
2•dengolius•29m ago•2 comments

The secret to a good summer work party

https://www.ft.com/content/7d637f84-3a46-4bf8-956d-ff027fadfb76
1•woldemariam•30m ago•1 comments

New AI Coding Teammate: Gemini CLI GitHub Actions

https://blog.google/technology/developers/introducing-gemini-cli-github-actions/
1•michael-sumner•30m ago•0 comments

New GPU Software and IP Startup – OXPython for CUDA AI on Non-Nvidia GPUs

https://www.phoronix.com/news/Oxmiq-Labs
1•pjmlp•32m ago•0 comments

Perifractic Completes Commodore Acquisition Secured by Viewer Funding

https://www.guru3d.com/story/perifractic-completes-commodore-acquisition-secured-by-viewer-funding/
1•doener•34m ago•1 comments

Show HN: goforgo – Rustlings but for Learning Go

https://github.com/stonecharioteer/goforgo
1•stonecharioteer•35m ago•1 comments

Unicorn CEO: "IPO is not the goal" but maybe if you just worked a little harder

https://imgur.com/a/mI2HYIx
4•nowickcounter•35m ago•3 comments

China Revives Covid-Era Health Measures to Prevent Mosquito-Borne Virus

https://www.bloomberg.com/news/articles/2025-08-05/china-revives-covid-era-measures-to-battle-mosquito-borne-virus
3•mhga•36m ago•1 comments

Hackers Hijack Gemini AI with a Poisoned Calendar Invite, Take over a Smart Home

https://www.wired.com/story/here-come-the-ai-worms/
1•nokita•36m ago•0 comments

Rubio orders US diplomats to launch lobbying blitz against Europe's tech law

https://www.reuters.com/sustainability/society-equity/rubio-orders-us-diplomats-launch-lobbying-blitz-against-europes-tech-law-2025-08-07/
2•piva00•37m ago•0 comments

Musk pay goes up, Tesla results go down

https://apnews.com/article/tesla-musk-1abc89c2a3a4f36c376788d8cab99728
3•jqpabc123•37m ago•1 comments

Book: The inner workings of Large Language Models

https://leanpub.com/theinnerworkingsoflargelanguagemodels-howneuralnetworkslearnlanguage
1•sgt•40m ago•0 comments

Show HN: Screenbites – Share only part of your screen

https://screenbites.coolkit.app
1•qutek•41m ago•0 comments

Snowflake is ending password only logins. What is your team switching to?

https://old.reddit.com/r/dataengineering/comments/1mjnv2z/snowflake_is_ending_password_only_logins_what_is/
1•taubek•42m ago•0 comments

What Generative AI Reveals About the State of Software?

1•turkzilla•48m ago•0 comments

Plastic water bottle left in a hot car? Think twice before sipping from it

https://www.foxnews.com/food-drink/plastic-water-bottle-left-hot-car-think-twice-sipping-from
2•Bluestein•50m ago•0 comments

About AI

https://priver.dev/blog/ai/about-ai/
3•emil_priver•53m ago•0 comments

Show HN: Kubernetes Operator for Neon Postgres

https://molnett.com/blog/25-08-05-neon-operator-self-host-serverless-postgres
4•bittermandel•54m ago•0 comments

UK Deputy Prime Minister asks China to explain blanked-out embassy plans

https://www.bbc.co.uk/news/articles/ce932995ny2o
4•iamben•57m ago•0 comments

China asks Israel to lift siege on Gaza, renews push for independent Palestinian

https://www.aa.com.tr/en/asia-pacific/china-asks-israel-to-lift-siege-on-gaza-renews-push-for-independent-palestinian-state/3646017
7•mhga•1h ago•0 comments

Faced with £40B budget hole, UK public sector commits £9B to Microsoft

https://www.theregister.com/2025/08/07/uk_microsoft_spending/
2•nickcw•1h ago•0 comments

How Upsun built stateless mesh networking for high-density containers

https://devcenter.upsun.com/posts/how-upsun-built-stateless-mesh-networking-for-high-density-containers/
1•tlar•1h ago•0 comments

Covariant, Gauge-Invariant Metric-Based Gravitational-Waves in Numer. Relativity

https://arxiv.org/abs/2508.03799
1•raattgift•1h ago•0 comments

Thinking in Rust: Ownership, Access, and Memory Safety

https://cocoindex.io/blogs/rust-ownership-access/
1•badmonster•1h ago•0 comments
Open in hackernews

Show HN: Sinkzone DNS – Forwarder that blocks everything except your allowlist

https://github.com/berbyte/sinkzone
78•dominis•17h ago
Most site blockers work by blacklisting distractions. That never worked for me, the internet is too big, and there’s always something new to waste time on.

I wanted the opposite: allowlist‑only browsing. Block everything by default, and explicitly allow only what I need.

So I built Sinkzone: a local DNS forwarder with two modes:

Monitor mode: lets all traffic through, but logs every domain so you can decide what to allow.

Focus mode: only allowlisted domains resolve; everything else is blocked (NXDOMAIN).

It’s open source, written in Go, and runs locally on macOS, Linux, and Windows. Works a bit like Pi‑hole, but instead of blocking ads, it blocks everything unless you say otherwise.

I’m curious if this would be useful in your workflow. If you try it, please let me know what breaks, what works well, and what you’d improve.

Comments

artooro•17h ago
How is this better than using Pi-hole to do the same? It can also run in an allow only mode as I understand.
daft_pink•17h ago
I think the idea is that it blocks everything on your machine instead of causing the whole network to go offline as piholes are generally applied to the entire home network.

Your mileage might vary, but in my home, causing my smarthome plus my wife and children’s internet to go offline might cause a bigger distraction to my focus. Also you couldn’t use a pi-hole at work for instance.

dominis•17h ago
I wanted to build my tool because eventually I want to support multi-tenancy. Custom allowlists and schedules for all family members.
mikehotel•17h ago
- single binary file deployment

- TUI based configuration

- API endpoints

pluto_modadic•16h ago
"can run" / "can be configured to run" / "is not documented but can" != "is purpose built for allowlisting workflow as simple as possible"
dominis•16h ago
<3
eszpee•17h ago
Sounds interesting! The Pomodoro app I'm using for focus times has this feature built in (I wrote about it here: https://peterszasz.com/finding-focus-through-intention-and-a... ), but before finding that, I would've definitely tried this.

Improvement idea: Integrate with Apple Shortcuts, so the user could automate switching focus mode on and off, tied to changing Apple Focus mode.

dominis•17h ago
Hey Eszpee, Thanks for checking Sinkzone out. I'm thinking about building custom schedules in the next iteration, that would support some basic pomodoro style scheduling for sure.
buzicsotto•17h ago
This sounds awesome - I wish I could run it on my iphone, because otherwise it's not even gonna put a dent in my infinite capacity for slacking off....
dominis•17h ago
It's on my list :)
zikduruqe•13h ago
Run Tailscale/Wireguard on your iPhone, back to your RPi at home. Use your RPi as your DNS server. Something, something, profit.
pozsi•17h ago
Will this work when I'm connected to the company vpn? We have a private DNS zone set up for our private network, and this would probably mess up my DNS config. It would be awesome if it worked though!
dominis•16h ago
You can configure your upstream resolvers in the config, so I think Sinkzone can be placed in front of your VPN's resolver. I never tested this to be honest.
fasouto•16h ago
Interesting approach... Initially I thought it was bit overkill but I found myself picking my phone when I have a site blocked on my laptop.

Happen more than I'm willing to admit, so I guess I will give a try

dominis•16h ago
I'm planning to address the issue for phones as well in the future.
mlhpdx•15h ago
I built a DNS resolver on Proxylity[1] as a demo but it didn’t occur to me that block by default was a use case. I might have to add that.

My suggestion: Allow by ASN would be a clean (simple) way to get all of Google, etc., allowed at once.

[1] https://github.com/proxylity/examples/tree/main/dns-filter

minkzilla•10h ago
nextdns lets you set times when domains are blocked. Originally I had it just for my computer but soon realized I needed it for my phone as well.
lpman•16h ago
I usually edit my hosts file and point unwanted domains to localhost. This seems more elegant
dominis•16h ago
I've used https://github.com/StevenBlack/hosts myself for a few years, I think this is a fantastic collection for hosts based blocking.
q2dg•16h ago
AdGuardHome fills the same gap, doesn't it?
dominis•16h ago
I'm not familiar with this project, just checked their GitHub Readme and if I understand correctly they block what you want them to block. Sinkzone does the opposite, it allows what you want to allow, and blocks everything else.
q2dg•16h ago
Well, you can block everything using a wildcard blocking rule (for that, go to "Filters → DNS blocklists" and add this custom rule: ||*^ ) and then you can allow the domain (and subdomains, if needed, for instance "everything.ycombinator.com"; for that, go to "Filters → Allowlist" and add this: @@||ycombinator.com^ )
ameshkov•15h ago
Alternatively, you can do something like this: *$denyallow=example.org|example.com

Blocks everything except example.org and example.com.

Works in AdGuard Home, AdGuard DNS or any other AG product with DNS filtering capabilities: https://adguard-dns.io/kb/general/dns-filtering-syntax/

muppetman•8h ago
Sort of, but it's not really designed to be "block first" though you can configure it to do that.
Duchambe_Double•15h ago
Yeap yeap - exactly what I needed! When on iOS?!??
rookderby•15h ago
I like this tool a lot and think it's superior to my own automation tools to generate giant host file blocklists. So, I'll be looking into switching to sinkzone. That said, my understanding is that applications can still make direct connections where an application connects using an IP address (without looking it up via DNS). I guess I use firewalls for that but haven't gotten around to adjusting anything from the defaults. Also could use a reverse proxy but haven't taken the time to set one of those up yet either. Does anyone have recommendations for a 'second step' on the network security path? Setup a PF router?
a022311•15h ago
Looks really streamlined!

Currently, when I need to focus, I use a separate device configured to block everything except 2-3 domains I really need to minimize distractions. What really makes Sinkzone interesting is the scheduling with focus mode which can be incredible useful. My current firewall, OpenSnitch only lets you toggle all rules at once, so Sinkzone could be useful for allowing just the focus domains.

I think a useful feature to consider is having different profiles which would essentially be collections of domains to allow. So you could have "focus", but also "work" or "kids" as well allowing for more flexibility.

As I previously mentioned, I'm currently using OpenSnitch [1] as a system-level firewall that has a similar allowlist-only functionality. While the popups to allow/reject a connection initially disturb your workflow, after a short period of usage, you end up with a small collection of rules and you'll pretty much only see them again when browsing new websites. The advantage over DNS-level blocking is that you also get to block per process and not just device (or network). Since it uses eBPF, processes can't get around it by using a different DNS server or something. I'm really missing profiles and scheduling though, so I hope you can build a viable alternative to switch to!

[1]: https://github.com/evilsocket/opensnitch

mlhpdx•15h ago
No DoH support? The browser seems like the source of distractions.
dominis•15h ago
Thank you for the idea, I've created an issue: https://github.com/berbyte/sinkzone/issues/1
cr125rider•14h ago
What does DoH mean?
mlhpdx•14h ago
DNS over HTTPS, which is something that browsers (optionally) use to keep DNS traffic in an encrypted channel.
suchoudh•2h ago
exactly my expection as well..
doodlebugging•14h ago
I see it has a Windows installer. I might have to try that on my old Win7 Pro system.

I will likely move on to Win10 now that it is ending support later this year so I might try there too. Windows support is best consumed in small chunks so once they deep-six Win10 it will be ready for consumption since the only "updates" it is likely to get are those strictly related to protecting it from malware.

Years ago there was a software firewall called SyGate that allowed a user to block everything and then set allow rules as they needed so that the only applications that could get out were those explicitly allowed by the user. The internet was young and there were fewer bad actors so it was way ahead of its time on the consumer side. You could install the free version or pay for a premium version. It was bought out in the late 90's I think by Norton or one of those other big units (Symantec?) who used all the good parts in their own "improved" firewalls, for a lot of money though.

I like this idea of blocking everything except the things you know you need.

57FkMytWjyFu•13h ago
https://github.com/henrypp/simplewall
mfro•13h ago
For application level firewalling like you describe I use:

https://github.com/tnodir/fort

SturgeonsLaw•11h ago
While we're throwing out recommendations for Windows software firewalls, I've previously used and liked Portmaster. Nice UI and its open source

https://safing.io/portmaster/

cagenut•14h ago
real devops pro contrarian move "what if I broke DNS so hard it actually made me better at my job"
suchoudh•2h ago
expected it to work on browser as well. but can use /etc/hosts file instead of allowlist which could also work