frontpage.

Hi HN Community! I use S3 providers (e.g. Cloudflare R2) along with software like rclone and Mountain Duck for my personal media storage. Some S3 providers do not include built-in versioning / deletion protection. I find my data vulnerable to accidental deletion or ransomware attacks in case my device is compromised.

To tackle this issue, I built a "middleware" on Cloudflare Workers to proxy S3 requests with configurable guardrail policies. The client uses an alternative secret key to connect to this middleware, and the middleware would reject with 403 if it determines the S3 request is dangerous. For example, I could configure that all files in `/important/.*` path older than 1 week could not be deleted or overwritten. Doing so, I could restrict ransomware's abilities on the API level.

The code has been packed into a library and published to npm to be used on CF workers. This is an active work in progress, and I have already deployed it for my personal use (it works). Let me know what you think!

Show HN: Django N+1 Queries Checker

Emacs-tramp-RPC: High-performance TRAMP back end using JSON-RPC instead of shell

Protocol Validation with Affine MPST in Rust

Female Asian Elephant Calf Born at the Smithsonian National Zoo

Show HN: Zest – A hands-on simulator for Staff+ system design scenarios

Show HN: DeSync – Decentralized Economic Realm with Blockchain-Based Governance

Automatic Programming Returns

Why Are There Still So Many Jobs? The History and Future of Workplace Automation [pdf]

The Search Engine Map

Show HN: Souls.directory – SOUL.md templates for AI agent personalities

Real-Time ETL for Enterprise-Grade Data Integration

Economics Puzzle Leads to a New Understanding of a Fundamental Law of Physics

Switzerland's Extraordinary Medieval Library

A new comet was just discovered. Will it be visible in broad daylight?

ESR: Comes the news that Anthropic has vibecoded a C compiler

Frisco residents divided over H-1B visas, 'Indian takeover' at council meeting

If CNN Covered Star Wars

Show HN: I built the first tool to configure VPSs without commands

AI agents from 4 labs predicting the Super Bowl via prediction market

EU bans infinite scroll and autoplay in TikTok case

Benchmarking how well LLMs can play FizzBuzz

Why I Joined OpenAI

Octave GTM MCP Server

Show HN: Portview what's on your ports (diagnostic-first, single binary, Linux)

Voyager CEO says space data center cooling problem still needs to be solved

Boilerplate Tax – Ranking popular programming languages by density

Zen: A Browser You Can Love

My GPT-5.3-Codex Review: Full Autonomy Has Arrived

Show HN: FastLog: 1.4 GB/s text file analyzer with AVX2 SIMD

God said it (song lyrics) [pdf]

Show HN: S3Broker – CF Worker library to protect your S3 storage from ransomware