frontpage.

I built kprotect because I wanted a way to protect my sensitive files (SSH keys, env files) that went beyond just standard Linux permissions. Even if a process is running as root, it shouldn't be able to read my secrets unless it’s part of a trusted execution chain.

How it works: It uses BPF LSM (Linux Security Modules) to intercept file access at the kernel level. Instead of just checking the PID or the binary name, it looks at the entire lineage (the "Chain of Trust"). For example, cat is only allowed to read my SSH keys if the parent process is my-terminal and the grandparent is vscodium.

Key Tech:

Backend: Rust + Aya (for the eBPF bits).

Frontend: Tauri + React for the dashboard.

Security: Logs and configs are AES-encrypted to prevent tampering.

It’s currently in beta (0.1.0). It requires a kernel (5.10+) with BPF LSM enabled. I'd love to hear feedback on the "Chain of Trust" logic—specifically if anyone sees edge cases in how I'm verifying the process ancestors. GitHub: https://github.com/khoinp1012/kprotect

Epiplexity to Beat DeepMind's Alchemy Meta RL Benchmark

Continuous Autonomy for the AI SDK

Ramp AI Index

Show HN: Catnip – Run Claude Code from Your iPhone Using GitHub Codespaces

GoTHub SSH Signup

In reversal, U.S. loosens guidance on alcohol

High-performance graph library for JVM – 66/48x faster than Guava/JGraphT on BFS

Claude Code Crashes on Startup

Science at the Speed of Inference

Supernova Remnant Video from NASA's Chandra Is Decades in Making

Show HN: Serverless online chess (no accounts)

Open source is dying because we all fucking suck

GLM-4.7: Frontier intelligence at record speed – now available on Cerebras

There's a ridiculous amount of tech in a disposable vape

Judges are identifying suspected AI hallucinations in Pa. court cases

Nvidia Kicks Off the Next Generation of AI with Rubin

New podcasts should / could go here

Good Judgment Open

Show HN: TierHive – Hourly-billed NAT VPS with private /24 subnets

Nationwide internet disruptions hit Iran

Illinois health department exposed over 700k residents' personal data for years

Show HN: DCV lets you see which ATT&CK techniques your cloud environment detects

The Man Who Could Be Apple's Next CEO

Chinese AI models have lagged the US frontier by 7 months on average since 2023

Helmtk: Can I compile into a helm chart?

A macOS dictation app based on Apple's modern, on-device models

Ask HN: What's the current state of paraphrasing anonymyty tools?

Tailwind CSS Lets Go of 75% of Engineering Team After Traffic Drop from Google

Agent-Streams: Skeptical Overseer for Long-Running Coding Agents

Reconstruction of the face of St Nicholas of Myra (2019) [video]

Show HN: Kprotect – eBPF-based file protection using process lineage