frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

France's homegrown open source online office suite

https://github.com/suitenumerique
277•nar001•2h ago•142 comments

British drivers over 70 to face eye tests every three years

https://www.bbc.com/news/articles/c205nxy0p31o
42•bookofjoe•30m ago•13 comments

Start all of your commands with a comma (2009)

https://rhodesmill.org/brandon/2009/commands-with-comma/
387•theblazehen•2d ago•141 comments

Hoot: Scheme on WebAssembly

https://www.spritely.institute/hoot/
69•AlexeyBrin•4h ago•14 comments

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

https://openciv3.org/
756•klaussilveira•18h ago•235 comments

Reinforcement Learning from Human Feedback

https://arxiv.org/abs/2504.12501
44•onurkanbkrc•3h ago•2 comments

First Proof

https://arxiv.org/abs/2602.05192
18•samasblack•1h ago•11 comments

The Waymo World Model

https://waymo.com/blog/2026/02/the-waymo-world-model-a-new-frontier-for-autonomous-driving-simula...
1012•xnx•1d ago•574 comments

Coding agents have replaced every framework I used

https://blog.alaindichiappari.dev/p/software-engineering-is-back
122•alainrk•3h ago•136 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
147•jesperordrup•8h ago•55 comments

Stories from 25 Years of Software Development

https://susam.net/twenty-five-years-of-computing.html
13•vinhnx•1h ago•1 comments

Unseen Footage of Atari Battlezone Arcade Cabinet Production

https://arcadeblogger.com/2026/02/02/unseen-footage-of-atari-battlezone-cabinet-production/
94•videotopia•4d ago•23 comments

A Fresh Look at IBM 3270 Information Display System

https://www.rs-online.com/designspark/a-fresh-look-at-ibm-3270-information-display-system
10•rbanffy•3d ago•0 comments

Making geo joins faster with H3 indexes

https://floedb.ai/blog/how-we-made-geo-joins-400-faster-with-h3-indexes
148•matheusalmeida•2d ago•40 comments

Ga68, a GNU Algol 68 Compiler

https://fosdem.org/2026/schedule/event/PEXRTN-ga68-intro/
30•matt_d•4d ago•7 comments

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

https://github.com/valdanylchuk/breezydemo
255•isitcontent•18h ago•27 comments

Monty: A minimal, secure Python interpreter written in Rust for use by AI

https://github.com/pydantic/monty
267•dmpetrov•19h ago•144 comments

Hackers (1995) Animated Experience

https://hackers-1995.vercel.app/
536•todsacerdoti•1d ago•260 comments

Sheldon Brown's Bicycle Technical Info

https://www.sheldonbrown.com/
412•ostacke•1d ago•105 comments

Show HN: I spent 4 years building a UI design tool with only the features I use

https://vecti.com
355•vecti•20h ago•161 comments

What Is Ruliology?

https://writings.stephenwolfram.com/2026/01/what-is-ruliology/
59•helloplanets•4d ago•57 comments

Show HN: If you lose your memory, how to regain access to your computer?

https://eljojo.github.io/rememory/
328•eljojo•21h ago•198 comments

An Update on Heroku

https://www.heroku.com/blog/an-update-on-heroku/
453•lstoll•1d ago•297 comments

Show HN: Kappal – CLI to Run Docker Compose YML on Kubernetes for Local Dev

https://github.com/sandys/kappal
12•sandGorgon•2d ago•3 comments

Microsoft open-sources LiteBox, a security-focused library OS

https://github.com/microsoft/litebox
368•aktau•1d ago•192 comments

Cross-Region MSK Replication: K2K vs. MirrorMaker2

https://medium.com/lensesio/cross-region-msk-replication-a-comprehensive-performance-comparison-o...
7•andmarios•4d ago•1 comments

Female Asian Elephant Calf Born at the Smithsonian National Zoo

https://www.si.edu/newsdesk/releases/female-asian-elephant-calf-born-smithsonians-national-zoo-an...
56•gmays•13h ago•22 comments

Dark Alley Mathematics

https://blog.szczepan.org/blog/three-points/
107•quibono•5d ago•34 comments

How to effectively write quality code with AI

https://heidenstedt.org/posts/2026/how-to-effectively-write-quality-code-with-ai/
297•i5heu•21h ago•252 comments

I now assume that all ads on Apple news are scams

https://kirkville.com/i-now-assume-that-all-ads-on-apple-news-are-scams/
1109•cdrnsf•1d ago•490 comments
Open in hackernews

Show HN: Strix - Open-source AI hackers for your apps

https://github.com/usestrix/strix
102•ahmedallam2•5mo ago

Comments

waihtis•5mo ago
The joke is that Xbow only works because they have close to 100 employees operating the software
_pdp_•5mo ago
You are joking, but there was actually a very popular enterprise SAST tool that used to offer a "cloud" version of their software. It worked by having someone from their team manually download the zip file of your code, run it through their desktop software, and then upload the results back to make them visible in the web portal.
ericmcer•5mo ago
That's a totally valid and useful way to validate an idea. After a few months of manual labor they will have a good idea of how/what to build and if it is even worth building.
ai-christianson•5mo ago
Classic thing that doesn't scale.
0cf8612b2e1e•5mo ago
That seems like something that totally scales? Just requires some GUI automation (which can be quite finicky, so good to have a manual backup).
codys•5mo ago
Unless the lack of real time (or consistent time to) results drives down interest in the cloud version, or instead of driving down interest makes it appear as if people want something different than what they would want if the time to results was consistent/faster.

Still could be worth doing a bit of manual work like this, but it's worth being cautious about drawing conclusions from it.

tptacek•5mo ago
It is if you can keep a baseline level of quality uniform across both your customers and each of your customers projects. It's less OK if the human-assisted output is a loss-leader you burn on the pilot project, the first couple projects, or high-profile customers.

There's nothing fundamentally bad about having Oompa Loompa's behind the scenes, as long as you're honest about the outcomes you can provide.

I agree, though: also a very sensible way to prioritize development work.

Steeeve•5mo ago
There's a reason Amazon's Mechanical Turk exists.
tptacek•5mo ago
I know who you're talking about, but also: this is the joke about basically every hosted SAST and DAST tool. I call it the "Oompa Loompa" model of security products.
guhcampos•5mo ago
"XBOW is an AI-powered penetration testing platform that delivers human-level security testing at machine speed."

At least they're not lying right? It's just people using computers.

waihtis•5mo ago
yeah i think XBOW is fairly transparent about it, doesn't stop the online influencers from claiming "an AI is now the #1 hacker on Hackerone"
armanj•5mo ago
Took a while to notice it's xbow and not xbox
tptacek•5mo ago
This is a neat project, I don't know why you'd want to set it up with this comparison to Xbow. As someone who works (worked? I'm non-ironically still trying to figure out if I belong in this space post-AI!) in this space and knows some of the actors, I'm pretty sure there's more to Xbow than ~1800 lines of prompts. Like: this is your RCE template prompt:

https://github.com/usestrix/strix/blob/main/strix/prompts/vu...

... and this is great, I'm not dunking, but pretty basic?

We just had the DARPA AIxCC results come in, and those systems are (1) open source and (2) presumably simpler/less polished than Xbow (some of the authors will be quick to tell you that they're doing PoC work, not product development), and (3) they're more complicated than this.

Again, to be super clear: I think there's a huge amount of potential in building something like this up. Nessus was much simpler than ISS when it first shipped, but you'd rather be Nessus than an ISS scanner developer! I'm just: why set this bar for your project?

Best of luck with this!

captn3m0•5mo ago
Buttercup, from the Trail of Bits team has a nice writeup + FOSS : https://blog.trailofbits.com/2025/08/08/buttercup-is-now-ope...
thegeomaster•5mo ago
Seems heavily vibe coded, down to the Claude-generated README and a lot of the LLM prompts themselves (which I have found works very poorly compared to human-written prompts). While none of this is necessarily bad, it requires a higher burden of proof that it actually works beyond toy problems [0]. I think everyone would appreciate some examples of vulnerabilities it can find. The missing JWT check showcased in the screenshot would've probably been caught with ordinary AI code review, so to my eye that by itself is not persuasive.

Good luck!

[0]: Why I say this --- a 10kLOC piece of software that was mostly human-written would require a large amount of testing, even manual, to ensure that it works, reliably, at all. All this testing and experimentation would naturally force a certain depth of exploration for the approach, the LLM prompts, etc across a variety of usecases. A mostly AI-written codebase of this size would've required much less testing to get it to "doesn't crash and runs reliably", and so this depth is not a given anymore.