frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Life at the Edge

https://asadk.com/p/edge
1•tosh•5m ago•0 comments

RISC-V Vector Primer

https://github.com/simplex-micro/riscv-vector-primer/blob/main/index.md
2•oxxoxoxooo•9m ago•1 comments

Show HN: Invoxo – Invoicing with automatic EU VAT for cross-border services

2•InvoxoEU•9m ago•0 comments

A Tale of Two Standards, POSIX and Win32 (2005)

https://www.samba.org/samba/news/articles/low_point/tale_two_stds_os2.html
2•goranmoomin•13m ago•0 comments

Ask HN: Is the Downfall of SaaS Started?

3•throwaw12•14m ago•0 comments

Flirt: The Native Backend

https://blog.buenzli.dev/flirt-native-backend/
2•senekor•16m ago•0 comments

OpenAI's Latest Platform Targets Enterprise Customers

https://aibusiness.com/agentic-ai/openai-s-latest-platform-targets-enterprise-customers
1•myk-e•18m ago•0 comments

Goldman Sachs taps Anthropic's Claude to automate accounting, compliance roles

https://www.cnbc.com/2026/02/06/anthropic-goldman-sachs-ai-model-accounting.html
2•myk-e•21m ago•3 comments

Ai.com bought by Crypto.com founder for $70M in biggest-ever website name deal

https://www.ft.com/content/83488628-8dfd-4060-a7b0-71b1bb012785
1•1vuio0pswjnm7•22m ago•1 comments

Big Tech's AI Push Is Costing More Than the Moon Landing

https://www.wsj.com/tech/ai/ai-spending-tech-companies-compared-02b90046
3•1vuio0pswjnm7•24m ago•0 comments

The AI boom is causing shortages everywhere else

https://www.washingtonpost.com/technology/2026/02/07/ai-spending-economy-shortages/
2•1vuio0pswjnm7•25m ago•0 comments

Suno, AI Music, and the Bad Future [video]

https://www.youtube.com/watch?v=U8dcFhF0Dlk
1•askl•27m ago•2 comments

Ask HN: How are researchers using AlphaFold in 2026?

1•jocho12•30m ago•0 comments

Running the "Reflections on Trusting Trust" Compiler

https://spawn-queue.acm.org/doi/10.1145/3786614
1•devooops•35m ago•0 comments

Watermark API – $0.01/image, 10x cheaper than Cloudinary

https://api-production-caa8.up.railway.app/docs
1•lembergs•37m ago•1 comments

Now send your marketing campaigns directly from ChatGPT

https://www.mail-o-mail.com/
1•avallark•40m ago•1 comments

Queueing Theory v2: DORA metrics, queue-of-queues, chi-alpha-beta-sigma notation

https://github.com/joelparkerhenderson/queueing-theory
1•jph•52m ago•0 comments

Show HN: Hibana – choreography-first protocol safety for Rust

https://hibanaworks.dev/
5•o8vm•54m ago•1 comments

Haniri: A live autonomous world where AI agents survive or collapse

https://www.haniri.com
1•donangrey•55m ago•1 comments

GPT-5.3-Codex System Card [pdf]

https://cdn.openai.com/pdf/23eca107-a9b1-4d2c-b156-7deb4fbc697c/GPT-5-3-Codex-System-Card-02.pdf
1•tosh•1h ago•0 comments

Atlas: Manage your database schema as code

https://github.com/ariga/atlas
1•quectophoton•1h ago•0 comments

Geist Pixel

https://vercel.com/blog/introducing-geist-pixel
2•helloplanets•1h ago•0 comments

Show HN: MCP to get latest dependency package and tool versions

https://github.com/MShekow/package-version-check-mcp
1•mshekow•1h ago•0 comments

The better you get at something, the harder it becomes to do

https://seekingtrust.substack.com/p/improving-at-writing-made-me-almost
2•FinnLobsien•1h ago•0 comments

Show HN: WP Float – Archive WordPress blogs to free static hosting

https://wpfloat.netlify.app/
1•zizoulegrande•1h ago•0 comments

Show HN: I Hacked My Family's Meal Planning with an App

https://mealjar.app
1•melvinzammit•1h ago•0 comments

Sony BMG copy protection rootkit scandal

https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
2•basilikum•1h ago•0 comments

The Future of Systems

https://novlabs.ai/mission/
2•tekbog•1h ago•1 comments

NASA now allowing astronauts to bring their smartphones on space missions

https://twitter.com/NASAAdmin/status/2019259382962307393
2•gbugniot•1h ago•0 comments

Claude Code Is the Inflection Point

https://newsletter.semianalysis.com/p/claude-code-is-the-inflection-point
4•throwaw12•1h ago•3 comments
Open in hackernews

Show HN: KeyLeak Detector – Scan websites for exposed API keys and secrets

https://github.com/Amal-David/keyleak-detector
30•amaldavid•3mo ago
I built this after seeing multiple teams accidentally ship API keys in their frontend code.

The problem: Modern web development moves fast. You're vibe-coding, shipping features, and suddenly your AWS keys are sitting in a <script> tag visible to anyone who opens DevTools. I've personally witnessed this happen to at least 3-4 production apps in the past year alone.

KeyLeak Detector runs through your site (headless browser + network interception) and checks for 50+ types of leaked secrets: AWS/Google keys, Stripe tokens, database connection strings, LLM API keys (OpenAI, Claude, etc.), JWT tokens, and more.

It's not perfect, there are false positives but it's caught real issues in my own projects. Think of it as a quick sanity check before you ship.

Use case: Run it on staging before deploying, or audit your existing sites. Takes ~30 seconds per page.

MIT licensed, for authorized testing only.

https://github.com/Amal-David/keyleak-detector

Comments

basilikum•3mo ago
> I've personally witnessed this happen to at least 3-4 production apps in the past year alone.

There is something seriously wrong in your organization when that's a repeating pattern. Secrets don't just accidentally make their way into the frontend unless the way you manage secrets is fatally flawed. Offensive security tools are great for finding issues by playing the role of an adversary, but they are not the solution to such an already known grave, fundamental, organizational problem.

hrimfaxi•3mo ago
You're not wrong. How are these things passing review? Are prs too big and should be broken down into more manageable pieces? Or people just yolo to prod?

Secrets exposure is just one of your problems if there are not processes in place to catch this upstream.

That being said, this is a show hn and we should be gentler with criticism. The tool is still very useful even for mature organizations to identify blind spots and process failures.

amaldavid•3mo ago
Yep, Github does a wonderful job flagging secrets most times but irrespective of that this is happening in some sites. This was built out of personal curiosity and I had put it out for public because I myself was not aware if this will be actually useful and if so in what form. People do YOLO to prod, we have more kids building AI wrappers than I can count, and somewhere in that chaos secrets slip through the cracks.

Ideally I would have loved this to be a chrome plugin or part of the CI/CD pipeline or put it out as an adversary agent for all of these new vibe coded apps but don't think I'm that vested into the idea yet. Thanks for being gentle :)

basilikum•3mo ago
I don't mean to criticize the tool itself.
amaldavid•3mo ago
Well, when i meant "personally" not in the app I manage. I have a quirk of checking sites to understand what they are using and how they are using and have stumbled upon sites with exposed Gemini, Google Maps, OpenAI keys etc.

https://news.ycombinator.com/item?id=45741569 - It was also partly inspired by this as I have seen legacy sites making these mistakes quite often.

With all the vibe coded apps that are getting launched or were launched early, there are enough holes to plug. This is just an attempt to help individuals or orgs to ensure they are not exposed. Just pushed it out what I had in mind based on my experience.

And I agree with you that an adversary approach won't work if we can't fix the underlying problem but the world has changed with enough vibe coded apps that are getting shipped everyday and very little of them care or know about security.

toomuchtodo•3mo ago
How does this compare to https://github.com/gitleaks/gitleaks ?
amaldavid•3mo ago
Gitleaks is too good to be compared to this, the only areas where keyleak is comparable is it does runtime detection where sometimes your build process injects secrets via env vars into the bundle or any of your responses expose a config file or secrets.