frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

EU Eyes Ditching Microsoft Azure for France's OVHcloud

https://www.euractiv.com/section/tech/news/scoop-commission-eyes-ditching-microsoft-azure-for-frances-ovhcloud-over-digital-sovereignty-fears/
164•doener•1h ago•96 comments

Phoenix.new – Remote AI Runtime for Phoenix

https://fly.io/blog/phoenix-new-the-remote-ai-runtime/
289•wut42•5h ago•130 comments

Show HN: Inspect and extract files from MSI installers directly in your browser

https://pymsi.readthedocs.io/en/latest/msi_viewer.html
13•rmast•49m ago•2 comments

Visualizing environmental costs of war in Hayao Miyazaki's Nausicaä

https://jgeekstudies.org/2025/06/20/wilted-lands-and-wounded-worlds-visualizing-environmental-costs-of-war-in-hayao-miyazakis-nausicaa-of-the-valley-of-the-wind/
130•zdw•5h ago•41 comments

Show HN: Nxtscape – an open-source agentic browser

https://github.com/nxtscape/nxtscape
132•felarof•4h ago•95 comments

Cracovians: The Twisted Twins of Matrices

https://marcinciura.wordpress.com/2025/06/20/cracovians-the-twisted-twins-of-matrices/
37•mci•4h ago•19 comments

It's True: The Jaws Shark Is Public Domain

https://ironicsans.ghost.io/how-the-jaws-shark-became-public-domain/
14•MBCook•1h ago•1 comments

Verified Dynamic Programming with Σ-types in Lean

https://tannerduve.github.io/blog/memoization-sigma/
13•rck•3d ago•1 comments

Dancing Naked on the Head of a Pin: The Early History of Microphotography

https://publicdomainreview.org/essay/dancing-naked-on-the-head-of-a-pin
16•crescit_eundo•2d ago•0 comments

Jürgen Schmidhuber:the Father of Generative AI Without Turing Award

http://www.jazzyear.com/article_info.html?id=1352
9•kleiba•1h ago•0 comments

Tuxracer.js play Tux Racer in the browser

https://github.com/ebbejan/tux-racer-js
43•retro_guy•3h ago•16 comments

Oklo, the Earth's Two-billion-year-old only Known Natural Nuclear Reactor (2018)

https://www.iaea.org/newscenter/news/meet-oklo-the-earths-two-billion-year-old-only-known-natural-nuclear-reactor
141•keepamovin•11h ago•56 comments

A Python-first data lakehouse

https://www.bauplanlabs.com/blog/everything-as-python
71•akshayka•2d ago•16 comments

Hurl: Run and test HTTP requests with plain text

https://github.com/Orange-OpenSource/hurl
398•flykespice•16h ago•97 comments

Klong: A Simple Array Language

https://t3x.org/klong/
92•tosh•8h ago•44 comments

An analysis of recent multithreading improvements for a smoother game

https://dev.arma3.com/post/oprep-performance-optimizations-in-220
28•diggan•3d ago•0 comments

New dating for White Sands footprints confirms controversial theory

https://arstechnica.com/science/2025/06/study-confirms-white-sands-footprints-are-23000-years-old/
37•_tk_•2h ago•7 comments

Show HN: SnapQL – Desktop app to query Postgres with AI

https://github.com/NickTikhonov/snap-ql
68•nicktikhonov•9h ago•44 comments

A Brief, Incomplete, and Mostly Wrong History of Robotics

https://generalrobots.substack.com/p/a-brief-incomplete-and-mostly-wrong
82•Bogdanp•4d ago•36 comments

How to Design Programs 2nd Ed (2024)

https://htdp.org
71•AbuAssar•5h ago•15 comments

Minimal auto-differentiation engine in Rust

https://github.com/e3ntity/nanograd
43•lschneider•6h ago•4 comments

Career advice, or something like it

https://brooker.co.za/blog/2025/06/20/career.html
38•SchwKatze•2h ago•8 comments

Asterinas: A new Linux-compatible kernel project

https://lwn.net/SubscriberLink/1022920/ad60263cd13c8a13/
184•howtofly•18h ago•64 comments

Alpha Centauri

https://www.filfre.net/2025/06/alpha-centauri/
9•doppp•4h ago•0 comments

College baseball, venture capital, and the long maybe

https://bcantrill.dtrace.org/2025/06/15/college-baseball-venture-capital-and-the-long-maybe/
106•bcantrill•4d ago•65 comments

Meta announces Oakley smart glasses

https://www.theverge.com/news/690133/meta-oakley-hstn-ai-glasses-price-date
136•jmsflknr•7h ago•262 comments

ELIZA Reanimated: Restoring the Mother of All Chatbots

https://www.computer.org/csdl/magazine/an/2025/02/11030922/27sQDLuL7Uc
85•abrax3141•3d ago•20 comments

Qfex (YC X25) – Back End Engineer for a 24/7 Stock Exchange

https://www.ycombinator.com/companies/qfex/jobs/S7XSybx-founding-backend-engineer
1•NPDW•13h ago

Reworking Memory Management in CRuby [pdf]

https://blog.peterzhu.ca/assets/ismm_2025.pdf
35•hahahacorn•3d ago•3 comments

Congestion pricing in Manhattan is a predictable success

https://www.economist.com/united-states/2025/06/19/congestion-pricing-in-manhattan-is-a-predictable-success
238•edward•6h ago•376 comments
Open in hackernews

Show HN: SecureBuild – Zero-CVE Images That Pay OSS Projects

https://securebuild.com
27•grantlmiller•5h ago
We're launching SecureBuild: https://securebuild.com — a new way for open source projects and maintainers to earn revenue by partnering with and endorsing our Zero-CVE container images of their project.

We’ve spent the last decade at Replicated (https://news.ycombinator.com/item?id=9841243) helping commercial and open source software vendors securely distribute their apps to enterprise environments. During that time, we saw firsthand how hard it is for maintainers to fund their work, and how increasingly demanding enterprises have become when it comes to demonstrable security and scanning.

SecureBuild is our attempt to bridge that gap. Built on top of Wolfi (https://news.ycombinator.com/item?id=36489847), we provide Zero-CVE container images with tight SLAs, full SBOMs, etc, but we route 70% of direct subscription revenue back to the open source projects that create them.

We’re especially interested in partnering with open source maintainers who want to make their projects more secure and sustainable without changing licenses. We handle builds, hosting, sales, patching, and customer delivery.

I'm Grant (https://news.ycombinator.com/user?id=grantmiller), co-founder of Replicated & co-creator of SecureBuild, working with my co-founder Marc Campbell (https://news.ycombinator.com/user?id=marcc). We hope this can be part of a broader push toward a more secure, economically sustainable future for open source.

Happy to answer questions and share more details!

Comments

dhorthy•4h ago
this looks cool - your homepage video should open with what it is though!
grantlmiller•4h ago
thanks! say more about what you mean... you're saying instead of: Secure, Sustainable Open Source Partner with SecureBuild to offer secure, vulnerability-free builds of your open source project while generating recurring software revenue, no support contracts required.

we should say something different?

siggy•4h ago
thanks for sharing. what's the onboarding process look like? if i'm maintaining my own Dockerfiles today, do you or I evaluate and port those to SecureBuild/Wolfi?
marcc•4h ago
We work together on it. Assuming you have a build process and dockerfile (we all do), generally our team can get you listed in the catalog quickly.

It's not too much work since we built on an existing set of tools (melange & apko). I've actually found that putting a Dockerfile into ChatGPT generates a really good first iteration.

cube00•3h ago
> New SecureBuilds are created whenever upstream CVEs are available, with a 6-day SLA for critical vulnerabilities.

Aren't most SecOps pushing 48 hours as the absolute limit for critical vulns or are ours just being extra pushy?

marcc•2h ago
We often deliver in way less than 6 days but sometimes the dependency tree is deep for a patch.

I've seen most auditors mandate 30 days for Critical, but you clearly want to move a lot quicker than that.

grantlmiller•2h ago
the goal is going to be 6 hours!
mike_d•2h ago
> I've seen most auditors mandate 30 days for Critical, but you clearly want to move a lot quicker than that.

You seem to fundamentally not understand security. A proper security program should never be driven by an auditors expectations or even used as a reasonable guideline.

Don't track CVEs and SLAs in days. You need to have patches out before active exploitation in the wild begins, that is the only metric that matters. Go talk to Greynoise about how to get that data.

grantlmiller•1h ago
We’d love for this to be true... most images fill up with CVEs so fast in dependencies, we’re providing minimal images (much less surface area) and have the automation to rebuild the entire dependency graph at least daily, if not multiple times per day.

Hopefully everyone will run a "proper security program" someday!

mike_d•1h ago
It can be true for you if your correct your thinking on the problem.

CVEs are basically just bugs that are not triggered by normal operation. If you race to "fix" them all, you are going to drown (as you are discovering).

Focus on your solution for tracking actively exploited vulnerabilities and a prioritization system and you'll greatly simplify the problem while better serving your customers.

jenny91•2h ago
The intersection of entities whose security is based around "responding to every CVE quickly" and the entities that care about supporting OSS projects has measure zero.
grantlmiller•2h ago
well... our core users are ISVs (who distribute commercial software into enterprise controlled, self-hosted environments... think big banks, governments, tech companies). They care about supporting OSS (almost 1/2 of them are open core themselves) and their customers mandate that they care about closing out CVEs quickly in the software they're consuming from them.