frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Qwen3-Coder-Next

https://qwen.ai/blog?id=qwen3-coder-next
437•danielhanchen•4h ago•246 comments

Deno Sandbox

https://deno.com/blog/introducing-deno-sandbox
180•johnspurlock•3h ago•63 comments

Xcode 26.3 unlocks the power of agentic coding

https://www.apple.com/newsroom/2026/02/xcode-26-point-3-unlocks-the-power-of-agentic-coding/
158•davidbarker•2h ago•98 comments

AliSQL: Alibaba's open-source MySQL with vector and DuckDB engines

https://github.com/alibaba/AliSQL
63•baotiao•2h ago•5 comments

Agent Skills

https://agentskills.io/home
290•mooreds•6h ago•177 comments

Prek: A better, faster, drop-in pre-commit replacement, engineered in Rust

https://github.com/j178/prek
125•fortuitous-frog•4h ago•60 comments

France dumps Zoom and Teams as Europe seeks digital autonomy from the US

https://apnews.com/article/europe-digital-sovereignty-big-tech-9f5388b68a0648514cebc8d92f682060
444•AareyBaba•4h ago•260 comments

What's up with all those equals signs anyway?

https://lars.ingebrigtsen.no/2026/02/02/whats-up-with-all-those-equals-signs-anyway/
529•todsacerdoti•11h ago•163 comments

Launch HN: Modelence (YC S25) – App Builder with TypeScript / MongoDB Framework

44•eduardpi•4h ago•22 comments

Puget Systems Most Reliable Hardware of 2025

https://www.pugetsystems.com/labs/articles/puget-systems-most-reliable-hardware-of-2025/
31•zdw•3d ago•6 comments

Another London: Excavating the disenchanted city

https://harpers.org/archive/2026/02/another-london-situationists-hari-kunzru/
11•jfil•2d ago•0 comments

Bunny Database

https://bunny.net/blog/meet-bunny-database-the-sql-service-that-just-works/
198•dabinat•8h ago•87 comments

When rust ≠ performance. a lesson in developer experience

https://suriya.cc/tech/performance/oxen-add/
4•suriya-ganesh•48m ago•0 comments

China Moon Mission: Aiming for 2030 Lunar Landing

https://spectrum.ieee.org/china-moon-mission-mengzhou-artemis
36•rbanffy•1h ago•6 comments

Heritability of intrinsic human life span is about 50%

https://www.science.org/doi/10.1126/science.adz1187
110•XzetaU8•2d ago•68 comments

Sandboxing AI Agents in Linux

https://blog.senko.net/sandboxing-ai-agents-in-linux
26•speckx•3h ago•13 comments

The Everdeck: A Universal Card System (2019)

https://thewrongtools.wordpress.com/2019/10/10/the-everdeck/
78•surprisetalk•6d ago•19 comments

How Vibe Coding Is Killing Open Source

https://hackaday.com/2026/02/02/how-vibe-coding-is-killing-open-source/
23•msolujic•41m ago•5 comments

Show HN: Octosphere, a tool to decentralise scientific publishing

https://octosphere.social/
25•crimsoneer•3h ago•11 comments

Show HN: C discrete event SIM w stackful coroutines runs 45x faster than SimPy

https://github.com/ambonvik/cimba
35•ambonvik•4h ago•13 comments

Defining Safe Hardware Design [pdf]

https://people.csail.mit.edu/rachit/files/pubs/safe-hdls.pdf
26•rachitnigam•3h ago•4 comments

X offices raided in France

https://apnews.com/article/france-x-investigation-seach-elon-musk-1116be84d84201011219086ecfd4e0bc
149•labrador•4h ago•112 comments

Emerge Career (YC S22) is hiring a product designer

https://www.ycombinator.com/companies/emerge-career/jobs/omqT34S-founding-product-designer
1•gabesaruhashi•8h ago

Tadpole – A modular and extensible DSL built for web scraping

https://tadpolehq.com/
25•zachperkitny•4h ago•5 comments

Anthropic AI Tool Sparks Selloff from Software to Broader Market

https://www.bloomberg.com/news/articles/2026-02-03/legal-software-stocks-plunge-as-anthropic-rele...
12•garbawarb•22m ago•1 comments

Floppinux – An Embedded Linux on a Single Floppy, 2025 Edition

https://krzysztofjankowski.com/floppinux/floppinux-2025.html
225•GalaxySnail•16h ago•155 comments

Migrate Wizard – IMAP Based Email Migration Tool

https://migratewizard.com/#features
17•techstuff123•3h ago•14 comments

221 Cannon Road Is Not for Sale

https://fredbenenson.com/blog/2026/02/03/221-cannon-is-not-for-sale/
105•mecredis•3h ago•80 comments

Show HN: Sandboxing untrusted code using WebAssembly

https://github.com/mavdol/capsule
52•mavdol04•6h ago•18 comments

Show HN: PII-Shield – Log Sanitization Sidecar with JSON Integrity (Go, Entropy)

https://github.com/aragossa/pii-shield
12•aragoss•4h ago•7 comments
Open in hackernews

Show HN: PII-Shield – Log Sanitization Sidecar with JSON Integrity (Go, Entropy)

https://github.com/aragossa/pii-shield
12•aragoss•4h ago
What PII-Shield does: It's a K8s sidecar (or CLI tool) that pipes application logs, detects secrets using Shannon entropy (catching unknown keys like "sk-live-..." without predefined patterns), and redacts them deterministically using HMAC.

Why deterministic? So that "pass123" always hashes to the same "[HIDDEN:a1b2c]", allowing QA/Devs to correlate errors without seeing the raw data.

Key features: 1. JSON Integrity: It parses JSON, sanitizes values, and rebuilds it. It guarantees valid JSON output for your SIEM (ELK/Datadog). 2. Entropy Detection: Uses context-aware entropy analysis to catch high-randomness strings. 3. Fail-Open: Designed as a transparent pipe wrapper to preserve app uptime.

The project is open-source (Apache 2.0).

Repo: https://github.com/aragossa/pii-shield Docs: https://pii-shield.gitbook.io/docs/

I'd love your feedback on the entropy/threshold logic!

Comments

aragoss•1h ago
Update: Seeing some folks pulling the Docker image. Just a heads up — the default entropy threshold is 3.8, which is tuned for API keys. If you are testing with simple words like 'test', it might not catch them (by design). Check the README for tweaking PII_ENTROPY_THRESHOLD.
maxbond•1h ago
Cool project!

- Wouldn't this censor UUIDs? I want UUIDs to remain in my logs.

- The never "PII Shield" makes me think this would censor entities like names or social security numbers, rather than secrets. Not a big deal though.

aragoss•1h ago
Thanks!

UUIDs: By default—no. Since UUIDs are Hex (limited charset 0-f), they have lower entropy than Base64 secrets. The threshold is tuned to sit safely above UUIDs but below API keys.

Naming: You are totally right. Currently, it focuses on "high-entropy PII" (passwords, auth tokens, session IDs) rather than names or SSNs. "Secrets Shield" might have been more precise, but naming is hard :)

hangonhn•59m ago
So depending on the context UUID can be PII. Is this something we can customize or adjust?
aragoss•53m ago
Yes, absolutely.

You can fine-tune the sensitivity via the PII_ENTROPY_THRESHOLD environment variable.

If you consider UUIDs to be sensitive in your context (or if you are getting false positives), you can adjust the threshold. For example, standard UUIDs have lower entropy density than API keys, so slightly tuning the value (e.g. from 3.8 to 3.2 or vice-versa) allows you to draw the line where you need it.

hangonhn•38m ago
Is there a way to tell it to just recognize UUIDs and redact those without adjusting the threshold? In our case, UUIDs is just an exception. I think all the other stuff you're doing is correct for our situation.
aragoss•29m ago
Currently, no — the scanner focuses on entropy and specific Key Names, not value patterns (Regex).

However, if your UUIDs live in consistent fields (e.g., request_id, trace_token, uuid), you can add those field names to the Sensitive Keys list. This forces redaction for those specific fields regardless of their entropy score, while keeping the global threshold high for everything else.

That said, "Redact by Value Regex" (to catch UUIDs anywhere) is a great idea. I'll add it to the backlog.