frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Open-source self-hostable backend – try to break my live instance (48h)

1•ravikantsaini•1h ago
So I've been working on this open source project called Nuvix for a while now — it's basically a self-hostable backend with auth, database, file storage, and a unified API all bundled together.

Anyway, I spun up a live instance on the cloud and figured instead of just asking for feedback the usual way, why not just... let people in and see what happens.

So here you go: Dashboard: https://studio.kraz.in Login: email: test@kraz.in password: testpass

You've got 48 hours. Poke around, break stuff, do your worst. If you find something weird or something that breaks, drop it in the comments or open an issue on the repo — https://github.com/nuvix-dev/nuvix.

Genuinely curious to see what people find. Be brutal.

Comments

freakynit•1h ago
Nicely built.

Can you try running any sql query? Like "select count(*) from todos"? Seems connection limit has reached.

Also, tables are not getting listed as well. Just the cached ones are getting listed, that too go away within few seconds.

with•1h ago
'Failed to execute SQL: too many connections for database "postgres"'
with•58m ago
There are some extremely concerning security vulnerabilities in this project that even the weakest of hackers could exploit.

Is this product a ragebait/troll?

1) Account takeover of any user with just their email: POST /v1/account/recovery with any user's email, the API response gives you the plaintext recovery secret. Call PUT /v1/account/recovery with that secret + a new password. You now own their account. No email inbox access needed. Two curl commands.

2) Password hashes returned by the API: GET /v1/users with any API key returns every user's full argon2 hash, algorithm, and tuning parameters. tested and got $argon2id$v=19$m=65536,t=3,p=4$... for test@kraz.in.

3) CORS reflects any origin with credentials: Send Origin: https://evil.com to any endpoint — server responds with Access-Control-Allow-Origin: https://evil.com + Access-Control-Allow-Credentials: true. Any website on the internet can silently read authenticated API responses from logged-in users

There is literally like 50 more of these though. The author probably didn't spend more than 5 minutes on security hardening.

Ask HN: Do you measure non human traffic impact as a financial metric?

1•redwine13•2m ago•0 comments

The database that's 1000x faster – SpacetimeDB 2.0 [video]

https://www.youtube.com/watch?v=C7gJ_UxVnSk
1•agentifysh•2m ago•0 comments

Show HN: Factagora – AI agents compete on predictions, time proves who's right

https://factagora.com
1•randybaek•3m ago•0 comments

Apple removing "Foxconn" from photos of workers at new Houston plant

https://imgur.com/a/Vxd9Mtc
3•icwtyjj•4m ago•0 comments

GPT-OSS Optimizations on Nvidia Blackwell: Pushing the Pareto Frontier

https://blog.vllm.ai/2026/02/01/gpt-oss-optimizations.html
1•roody_wurlitzer•4m ago•0 comments

Show HN: Open-source temporary email service using haraka and node

https://www.freecustom.email/en
1•dishantsinghdev•5m ago•0 comments

Don't Post on Product Hunt

https://ziva.sh/blogs/dont-post-on-product-hunt
1•OsrsNeedsf2P•7m ago•0 comments

Submerged Canoes Offer New Insights into Ancestral Traditions Waterways (2025)

https://www.wisconsinhistory.org/Records/Article/CS17431
1•1659447091•9m ago•0 comments

Show HN: 1Password Replica (Security Challenge)

https://github.com/rajksarkar/vaultkeeper
1•davinci123•9m ago•0 comments

The war against PDFs is heating up

https://www.economist.com/business/2026/02/24/the-war-against-pdfs-is-heating-up
3•petethomas•11m ago•0 comments

Show HN: Add price tags to 50 product photos in minutes (no Canva/PS)

https://pricetaggenerator.com
1•oliveroll•12m ago•0 comments

Nvidia's Insane AI Found the Math of Reality [video]

https://www.youtube.com/watch?v=WNsSzX0L4Es
1•surprisetalk•15m ago•0 comments

Addition Under Pressure

https://twitter.com/DimitrisPapail/status/2024555561199480918
1•vismit2000•16m ago•0 comments

Show HN: Riverse – Local AI agent with memory that grows over time

https://github.com/wangjiake/JKRiver
1•collenjk•16m ago•0 comments

SaaS Is Dead. I Buried It in 15 Days. Here's the Proof

1•htuzel•16m ago•0 comments

The writing was always the cheap part

https://passo.uno/real-cost-of-documentation/
1•theletterf•17m ago•0 comments

Is LipoVive Legit? 2026 Reddit and Health Forum Roundup

https://www.morningstar.com/news/accesswire/1138075msn/lipovive-reviews-shocking-2026-report-what...
1•makugats•18m ago•1 comments

Agents of Chaos

https://arxiv.org/abs/2602.20021
1•nextos•18m ago•0 comments

Socialist Excellence in New York City

https://pluralistic.net/2026/02/24/mamdani-thought/
1•pabs3•24m ago•0 comments

Data center developers asked Trump for an exemption from pollution rules

https://grist.org/regulation/these-data-center-developers-asked-trump-for-an-exemption-from-pollu...
5•billybuckwheat•25m ago•0 comments

Fry's Food and Drug

https://en.wikipedia.org/wiki/Fry%27s_Food_and_Drug
1•pinkmuffinere•29m ago•0 comments

Show HN: AgentPass – Identity layer for AI agents (passports, email, trust)

https://github.com/kai-agent-free/AgentPass
1•kai_agent•31m ago•0 comments

Agent context management: ephemeral vs. durable classification

https://sparkco.ai/infra
1•sparkco123•32m ago•1 comments

AI_ATTRIBUTION.md: A Standard for Tracking Creative Control in Human-AI Coding

https://ismethandzic.com/blog/ai_attribution_md/
1•blueblahblue•33m ago•0 comments

vLLM WideEP and Large-Scale Serving Toward Maturity on Blackwell (Part I)

https://blog.vllm.ai/2026/02/03/dsr1-gb200-part1.html
1•roody_wurlitzer•34m ago•0 comments

Webgrid Eval: LLM vision + tool-use on Neuralink's cursor control task

https://github.com/ofou/webgrid_eval
1•ofou•39m ago•0 comments

You Can't Buy a Data Center

https://timlig.com/posts/ai-supply-chain-crisis/
1•anujsharmax•40m ago•0 comments

I rebuilt Game Boy on web using 1 prompt and 5 parallel agents in 48 hours

https://github.com/s0s0s0/Browser_GBA_Emulator
1•chakmanli•40m ago•1 comments

SQL Has Problems. We Can Fix Them: Pipe Syntax in SQL [pdf]

https://storage.googleapis.com/gweb-research2023-media/pubtools/1004848.pdf
1•advisedwang•40m ago•0 comments

Built a Clone of Expedia but Better

https://travelwithsira.com
1•malwaregeeeek•41m ago•2 comments