frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Start all of your commands with a comma

https://rhodesmill.org/brandon/2009/commands-with-comma/
133•theblazehen•2d ago•38 comments

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

https://openciv3.org/
662•klaussilveira•14h ago•198 comments

The Waymo World Model

https://waymo.com/blog/2026/02/the-waymo-world-model-a-new-frontier-for-autonomous-driving-simula...
948•xnx•19h ago•550 comments

What Is Ruliology?

https://writings.stephenwolfram.com/2026/01/what-is-ruliology/
42•helloplanets•4d ago•39 comments

How we made geo joins 400× faster with H3 indexes

https://floedb.ai/blog/how-we-made-geo-joins-400-faster-with-h3-indexes
122•matheusalmeida•2d ago•31 comments

Unseen Footage of Atari Battlezone Arcade Cabinet Production

https://arcadeblogger.com/2026/02/02/unseen-footage-of-atari-battlezone-cabinet-production/
51•videotopia•4d ago•1 comments

Jeffrey Snover: "Welcome to the Room"

https://www.jsnover.com/blog/2026/02/01/welcome-to-the-room/
16•kaonwarb•3d ago•19 comments

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

https://github.com/valdanylchuk/breezydemo
228•isitcontent•14h ago•25 comments

Monty: A minimal, secure Python interpreter written in Rust for use by AI

https://github.com/pydantic/monty
221•dmpetrov•14h ago•117 comments

Show HN: I spent 4 years building a UI design tool with only the features I use

https://vecti.com
330•vecti•16h ago•143 comments

Hackers (1995) Animated Experience

https://hackers-1995.vercel.app/
492•todsacerdoti•22h ago•242 comments

Sheldon Brown's Bicycle Technical Info

https://www.sheldonbrown.com/
380•ostacke•20h ago•95 comments

Microsoft open-sources LiteBox, a security-focused library OS

https://github.com/microsoft/litebox
359•aktau•20h ago•181 comments

Show HN: If you lose your memory, how to regain access to your computer?

https://eljojo.github.io/rememory/
288•eljojo•17h ago•169 comments

An Update on Heroku

https://www.heroku.com/blog/an-update-on-heroku/
411•lstoll•20h ago•278 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
23•jesperordrup•4h ago•14 comments

PC Floppy Copy Protection: Vault Prolok

https://martypc.blogspot.com/2024/09/pc-floppy-copy-protection-vault-prolok.html
63•kmm•5d ago•5 comments

Dark Alley Mathematics

https://blog.szczepan.org/blog/three-points/
90•quibono•4d ago•21 comments

Was Benoit Mandelbrot a hedgehog or a fox?

https://arxiv.org/abs/2602.01122
18•bikenaga•3d ago•3 comments

How to effectively write quality code with AI

https://heidenstedt.org/posts/2026/how-to-effectively-write-quality-code-with-ai/
255•i5heu•17h ago•196 comments

Delimited Continuations vs. Lwt for Threads

https://mirageos.org/blog/delimcc-vs-lwt
32•romes•4d ago•3 comments

Where did all the starships go?

https://www.datawrapper.de/blog/science-fiction-decline
12•speckx•3d ago•3 comments

Female Asian Elephant Calf Born at the Smithsonian National Zoo

https://www.si.edu/newsdesk/releases/female-asian-elephant-calf-born-smithsonians-national-zoo-an...
33•gmays•9h ago•12 comments

Introducing the Developer Knowledge API and MCP Server

https://developers.googleblog.com/introducing-the-developer-knowledge-api-and-mcp-server/
57•gfortaine•11h ago•23 comments

I now assume that all ads on Apple news are scams

https://kirkville.com/i-now-assume-that-all-ads-on-apple-news-are-scams/
1065•cdrnsf•23h ago•446 comments

I spent 5 years in DevOps – Solutions engineering gave me what I was missing

https://infisical.com/blog/devops-to-solutions-engineering
150•vmatsiiako•19h ago•67 comments

Why I Joined OpenAI

https://www.brendangregg.com/blog/2026-02-07/why-i-joined-openai.html
149•SerCe•10h ago•135 comments

Understanding Neural Network, Visually

https://visualrambling.space/neural-network/
287•surprisetalk•3d ago•43 comments

Learning from context is harder than we thought

https://hy.tencent.com/research/100025?langVersion=en
182•limoce•3d ago•97 comments

Show HN: R3forth, a ColorForth-inspired language with a tiny VM

https://github.com/phreda4/r3
73•phreda4•13h ago•14 comments
Open in hackernews

Show HN: Strix - Open-source AI hackers for your apps

https://github.com/usestrix/strix
102•ahmedallam2•5mo ago

Comments

waihtis•5mo ago
The joke is that Xbow only works because they have close to 100 employees operating the software
_pdp_•5mo ago
You are joking, but there was actually a very popular enterprise SAST tool that used to offer a "cloud" version of their software. It worked by having someone from their team manually download the zip file of your code, run it through their desktop software, and then upload the results back to make them visible in the web portal.
ericmcer•5mo ago
That's a totally valid and useful way to validate an idea. After a few months of manual labor they will have a good idea of how/what to build and if it is even worth building.
ai-christianson•5mo ago
Classic thing that doesn't scale.
0cf8612b2e1e•5mo ago
That seems like something that totally scales? Just requires some GUI automation (which can be quite finicky, so good to have a manual backup).
codys•5mo ago
Unless the lack of real time (or consistent time to) results drives down interest in the cloud version, or instead of driving down interest makes it appear as if people want something different than what they would want if the time to results was consistent/faster.

Still could be worth doing a bit of manual work like this, but it's worth being cautious about drawing conclusions from it.

tptacek•5mo ago
It is if you can keep a baseline level of quality uniform across both your customers and each of your customers projects. It's less OK if the human-assisted output is a loss-leader you burn on the pilot project, the first couple projects, or high-profile customers.

There's nothing fundamentally bad about having Oompa Loompa's behind the scenes, as long as you're honest about the outcomes you can provide.

I agree, though: also a very sensible way to prioritize development work.

Steeeve•5mo ago
There's a reason Amazon's Mechanical Turk exists.
tptacek•5mo ago
I know who you're talking about, but also: this is the joke about basically every hosted SAST and DAST tool. I call it the "Oompa Loompa" model of security products.
guhcampos•5mo ago
"XBOW is an AI-powered penetration testing platform that delivers human-level security testing at machine speed."

At least they're not lying right? It's just people using computers.

waihtis•5mo ago
yeah i think XBOW is fairly transparent about it, doesn't stop the online influencers from claiming "an AI is now the #1 hacker on Hackerone"
armanj•5mo ago
Took a while to notice it's xbow and not xbox
tptacek•5mo ago
This is a neat project, I don't know why you'd want to set it up with this comparison to Xbow. As someone who works (worked? I'm non-ironically still trying to figure out if I belong in this space post-AI!) in this space and knows some of the actors, I'm pretty sure there's more to Xbow than ~1800 lines of prompts. Like: this is your RCE template prompt:

https://github.com/usestrix/strix/blob/main/strix/prompts/vu...

... and this is great, I'm not dunking, but pretty basic?

We just had the DARPA AIxCC results come in, and those systems are (1) open source and (2) presumably simpler/less polished than Xbow (some of the authors will be quick to tell you that they're doing PoC work, not product development), and (3) they're more complicated than this.

Again, to be super clear: I think there's a huge amount of potential in building something like this up. Nessus was much simpler than ISS when it first shipped, but you'd rather be Nessus than an ISS scanner developer! I'm just: why set this bar for your project?

Best of luck with this!

captn3m0•5mo ago
Buttercup, from the Trail of Bits team has a nice writeup + FOSS : https://blog.trailofbits.com/2025/08/08/buttercup-is-now-ope...
thegeomaster•5mo ago
Seems heavily vibe coded, down to the Claude-generated README and a lot of the LLM prompts themselves (which I have found works very poorly compared to human-written prompts). While none of this is necessarily bad, it requires a higher burden of proof that it actually works beyond toy problems [0]. I think everyone would appreciate some examples of vulnerabilities it can find. The missing JWT check showcased in the screenshot would've probably been caught with ordinary AI code review, so to my eye that by itself is not persuasive.

Good luck!

[0]: Why I say this --- a 10kLOC piece of software that was mostly human-written would require a large amount of testing, even manual, to ensure that it works, reliably, at all. All this testing and experimentation would naturally force a certain depth of exploration for the approach, the LLM prompts, etc across a variety of usecases. A mostly AI-written codebase of this size would've required much less testing to get it to "doesn't crash and runs reliably", and so this depth is not a given anymore.