frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Ask HN: How do you prove a privileged infra change ran as approved?

1•ahmedmostafa16•2h ago
A Terraform apply, a DB migration, a secret rotation, a break glass access grant. These are the kinds of mutations that can cause real damage if they go wrong, or if you later need to explain exactly what happened.

In many environments, evidence of these changes ends up scattered across logs, CI systems, ticketing tools, and control planes. Reconstructing a single change months later can mean querying multiple systems that may not retain state indefinitely.

I am exploring a simple idea: treating each privileged mutation as something that emits a portable, signed receipt. The receipt would tie together what was authorized, who approved it, what ran, and what the resulting state was. The goal is that it could be verified offline, without querying the original system.

There is a draft spec here: https://github.com/reciprium/spec

It defines a receipt format using JSON Schema, CDDL, and Protobuf, with test vectors and worked examples for Terraform, GitOps workflows, database migrations, secret rotation, and break glass access.

I would appreciate perspective from people who operate infrastructure at scale:

1. How do you currently record that a privileged change was authorized, executed as approved, and verified afterward?

2. Could you reconstruct a complete audit of a specific change from six months ago without relying on your CI or control plane?

3. During audits or incidents, how do you demonstrate that a change matched its approval?

4. Would a signed, portable receipt for each mutation materially simplify anything for you, or does this problem already feel solved?

5. Where in your workflow would something like this naturally attach, if at all?

I am trying to understand whether the problem exists in the form described, or whether practitioners have converged on better patterns. Critical feedback is especially useful.

Decimal-Java is a library to convert java.math.BigDecimal to and from IEEE-754r

https://github.com/FirebirdSQL/decimal-java
1•mariuz•24s ago•0 comments

Pinhead – Quality public domain icons for your map pins

https://pinhead.ink/
1•altilunium•2m ago•0 comments

GyroidOS Virtualization Solution

https://www.cnx-software.com/2026/02/24/gyroidos-virtualization-solution-aims-to-secure-embedded-...
1•No_CQRT•7m ago•1 comments

Show HN: Autonomous AI Agent Fleets

https://www.openlegion.ai/
2•benriazy•7m ago•1 comments

Feedback wanted: monorepos, getting started and "week 1" problems, complexity

https://github.com/renovatebot/renovate/discussions/41414
1•mkesper•7m ago•0 comments

LLM and MCP: A simple introduction to the brain and hands of modern AI

https://teotti.com/llm-and-mcp-a-primer/
1•agenteo•9m ago•1 comments

An Interactive Intro to Quadtrees

https://growingswe.com/blog/quadtrees
1•growingswe•11m ago•0 comments

Show HN: Built an AI tool that routes tasks to agents, humans. Am I crazy?

1•rhelm-ai•11m ago•0 comments

Be My Baby

https://en.wikipedia.org/wiki/Be_My_Baby
1•handfuloflight•14m ago•0 comments

Show HN: AI Jam Sessions – MCP server that teaches AI to practice piano

https://github.com/mcp-tool-shop-org/ai-jam-sessions
1•mikeyfrilot•14m ago•0 comments

I want to get acquired by openrouter. For my OpenClaw alternative

2•alwassikhan•14m ago•0 comments

Show HN: ForceBreak – A Break Reminder with Friction

https://apps.apple.com/cn/app/forcebreak/id6758971359?mt=12
1•glidea•16m ago•0 comments

Agentic swarms are an org-chart delusion

https://www.joanwestenberg.com/agentic-swarms-are-an-org-chart-delusion/
1•MindGods•16m ago•0 comments

The Prime Prompt

https://suthakamal.substack.com/p/the-prime-prompt
1•suthakamal•18m ago•1 comments

I do a podcast, I don't talk int it

https://www.streaming-radar.com/p/i-do-a-podcast-i-dont-talk-in-it
1•lbostral•21m ago•0 comments

I Tried to Build the Smallest WASM Website on the Internet

https://github.com/tyler-harpool/1kb
1•tdhz77•23m ago•0 comments

Show HN: EasyClaw – one-click OpenClaw deployment for non-technical users

https://www.easyclaw.pro/en
1•gateszhang92•23m ago•1 comments

Software patents are dead! Pack it up! Hit the Gym! Retirement!

1•taariqlewis•28m ago•0 comments

Explanation of JEPA – Yann LeCun's proposed solution to self-supervised learning

1•helloplanets•30m ago•1 comments

Can Coding Agents Tackle COBOL Migrations?

https://twitter.com/jedelstein25/status/2026209728205037991
1•tosh•32m ago•0 comments

Token Anxiety

https://writing.nikunjk.com/p/token-anxiety
2•MindGods•33m ago•0 comments

Hetzner: Statement on price adjustment as of April first 2026

https://www.hetzner.com/pressroom/statement-price-adjustment/
2•tosh•34m ago•2 comments

Pop album release days linked to spike in US fatal crashes

https://www.theregister.com/2026/02/23/pop_album_fatal_car_accidents/
2•beardyw•35m ago•0 comments

Ask HN: How are you controlling AI agents that take real actions?

1•thesvp•36m ago•0 comments

Lamborghini kills its electric supercar that nobody wanted

https://newatlas.com/automotive/lamborghini-lanzador-electric-supercar-ev-concept/
1•Brajeshwar•38m ago•0 comments

Show HN: ConsentCheck, Consent Mode v2 scanner with monitoring alerts

https://consentcheck.online
1•marstay•39m ago•1 comments

Agents of Chaos: Breaches of trust in autonomous LLM agents

https://arxiv.org/abs/2602.20021
1•cool-RR•40m ago•0 comments

Python PEP 814 – Add frozendict built-in type

https://peps.python.org/pep-0814/
2•tosh•40m ago•1 comments

Human Existence Is Just as Wasteful as AI Data Centers, Sam Altman Suggests

https://decrypt.co/358849/human-existence-wasteful-ai-data-centers-sam-altman
4•darkwater•42m ago•0 comments

Will AI Disrupt My Field?

https://shubhamjain.co/2026/02/26/will-ai-disrupt-my-field/
1•shubhamjain•43m ago•0 comments