frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: Z-Jail – A 130 KB Linux sandbox-C99 with 7 defense layers and zero deps

https://github.com/Division-36/Z-Jail/
16•Zierax•1h ago

Comments

Kaxo•1h ago
The seccomp-BPF rules seem almost unusably strict. What is this even designed to be used to run?
gwerbin•1h ago
It says on their Github profile that they are building some kind of nowhere detection product. Maybe in that context, a very strict syscall allowlist is useful or good?

> It is designed for CI pipelines, CTF jail challenges, and lightweight code evaluation

Looking at the list, it seems pretty good for that. What does a CI runner that just needs to run GCC or whatever really need?

Edit: no open does seem restrictive. Not that it's bad security (not my area of expertise), but how many useful programs use open that are just off limits here?

iririririr•28m ago
allowing individual syscall is the sandbox standard today on BSDs and optin on linux. project have some issues but being too restrictive is not one
abtinf•1h ago
Setting aside that this seems to be pure slop, what’s with all the empty commits?
SwellJoe•49m ago
I don't think I'm ready to trust very security sensitive functions to pure vibe-coded software, and that's what this seems to be? Certainly the README is authored by an LLM, and there's a gazillion empty commits and other weirdness that indicates no human is in the loop. It looks like a loop engineered this software.

Models have gotten good, but c'mon. Good idea, maybe even a good implementation, but I don't have confidence in it, and you've got to have confidence in a project that claims to provide security.

Also, even the best models still regularly write C security bugs. It doesn't make sense to have a model write C code when having it write in a memory safe language is only slightly more effort/cost.

gchamonlive•43m ago
How you type is a poor proxy for code quality. Code quality is a good proxy for code quality. Inspect the code, build a verification pipeline for it, use agents to explore the code and the architecture, see if you can unearth anything fowl.
yjftsjthsd-h•28m ago
It's not "how you type", it's "whether any human so much as laid eyes on the code". I wouldn't automatically discard code from an LLM, but let's put the goalposts where they actually are.
gchamonlive•12m ago
How do you know nobody laid eyes on the code in the project?
zamadatix•28m ago
How big a video file is a poor proxy for the encode, quality is a good proxy. The problem is finding the actual quality of a video file is a hell of a lot more work and resources than using a proxy to see if doing so is a good use of our resources. See if you can go the extra mile you described for a few hours/dollars tonight and let us know what you find, it would be appreciated!
tosti•29m ago
Who the F* runs a minimizer on friggin C sources? And it's inconsistent too.

Security-related code should be readable and auditable.

gchamonlive•11m ago
I do for projects I have interest in running and for my own projects
SwellJoe•26m ago
I'm not judging based on how they type. I can't see how they type, they vibed the README.

And, it's not my monkey. You can inspect the code, build a verification pipeline for it, use agents to explore the architecture and see if you can unearth anything fowl.

My heuristic is to dismiss purely vibe-coded apps from people I don't know, particularly for security sensitive stuff. If the README is written by a human and is coherent and exhibits some kind of desire and competence to make good software on the part of the author, I'm more likely to trust they drove their agents with care.

Here's the thing: you can make good software with agents, if you exhibit good judgement and put yourself in the path as a gate on quality. Too many clues point at this being loop engineering. And, C for this task, given 100% agent authorship, gives me the ick. Seems like bad judgement or opting out of making judgement calls.

gchamonlive•10m ago
Took a look at the readme and seems coherent enough. A readme is also a technical entrypoint, no problem in parts of it being generated, specially if you have quick start, tables and loose documentation there you need updating.

ZCode: Claude Code from the Makers of GLM

https://zcode.z.ai/cn
201•handfuloflight•1h ago•92 comments

For first time, a cell built from scratch grows and divides

https://www.quantamagazine.org/for-the-first-time-a-cell-built-from-scratch-grows-and-divides-202...
588•defrost•6h ago•204 comments

What to Learn to Be a Graphics Programmer

https://blog.demofox.org/2026/07/01/what-to-learn-to-be-a-graphics-programmer/
140•atan2•3h ago•57 comments

FFmpeg 9.1's new AAC encoder

https://hydrogenaudio.org/index.php/topic,129691.0.html
183•ledoge•6h ago•66 comments

Physical disc production ending in Jan 2028 for new games on PlayStation

https://blog.playstation.com/2026/07/01/physical-disc-production-ending-in-january-2028-for-new-g...
451•Tiberium•8h ago•509 comments

Proliferate (YC S25) Is Hiring

https://www.ycombinator.com/companies/proliferate/jobs/mMHvKR9-founding-product-engineer
1•pablo24602•8m ago

Box3D, an open source 3D physics engine

https://box2d.org/posts/2026/06/announcing-box3d/
342•makepanic•8h ago•79 comments

Internal Combustion Engine

https://ciechanow.ski/internal-combustion-engine/
232•StefanBatory•8h ago•49 comments

Monetization Gateway

https://blog.cloudflare.com/monetization-gateway/
198•soheilpro•7h ago•106 comments

How We Made IPFS Content Publishing 10x Faster

https://probelab.io/blog/optimistic-provide/
115•dennis-tra•5h ago•34 comments

Show HN: Z-Jail – A 130 KB Linux sandbox-C99 with 7 defense layers and zero deps

https://github.com/Division-36/Z-Jail/
16•Zierax•1h ago•13 comments

Ask HN: Who is hiring? (July 2026)

119•whoishiring•6h ago•133 comments

Mortality associated with non-optimal ambient temperatures from 2000 to 2019

https://www.researchgate.net/publication/353058947_Global_regional_and_national_burden_of_mortali...
35•simonebrunozzi•3h ago•3 comments

One KW wind turbine without civil engineering

https://www.windtowatt.com/index-en.html
10•skywal_l•25m ago•3 comments

Hanami 3.0: In Full Bloom

https://hanakai.org/blog/2026/06/30/hanami-3-0-in-full-bloom
43•PuercoPop•3h ago•8 comments

Claude Fable 5 Promotional Access

https://support.claude.com/en/articles/15424964-claude-fable-5-promotional-access
79•zbikowski•1h ago•52 comments

Ask HN: Who wants to be hired? (July 2026)

86•whoishiring•6h ago•188 comments

1-Bit Pixel Art Emojis

https://hypertalking.com/2023/05/15/1-bit-pixel-art-emojis/
116•surprisetalk•6d ago•16 comments

Fable 5 Is Back

https://twitter.com/claudeai/status/2072402636813607381
165•mfiguiere•1h ago•125 comments

Show HN: Searchable directory of 22k+ products from worker-owned co-ops

https://www.workerowned.info/
4•IESAI_ski•21m ago•1 comments

A complete ClickHouse OLAP engine, compiled to WebAssembly

https://wasm.chdb.io/
35•porridgeraisin•4h ago•4 comments

Sony Deletes 551 Movies PlayStation Owners Paid For

https://reclaimthenet.org/sony-deletes-551-studiocanal-movies-playstation-owners-paid-for
413•bilsbie•6h ago•188 comments

Generating Images with a 2025 Android

https://www.duration.ai/blog/generating-images-with-a-2025-android
8•sudb•1d ago•0 comments

Building Gin: Simple over Easy

https://manualmeida.dev/articles/gin-simple-over-easy/
50•manucorporat•3h ago•16 comments

Most rewrites serve the engineer, not the business

https://anatoliybabushka.com/blog/when-to-rewrite-working-code.html
15•bbsnly•3h ago•15 comments

Launch HN: Parsewise (YC P25) – Reason Across Documents with an API

40•gergelycsegzi•7h ago•37 comments

Fixing a kubelet memory leak in Kubernetes 1.36

https://heyoncall.com/blog/fixing-kubernetes-kubelet-memory-leak
60•compumike•18h ago•12 comments

Reduce GVisor Cold Starts with GPU Snapshotting

https://cerebrium.ai/blog/reducing-gpu-cold-starts-with-memory-snapshots-restoring-cuda-workloads...
43•jono_irwin•4h ago•15 comments

Apple 'Hide My Email' vulnerability reveals peoples' real email addresses

https://easyoptouts.com/guides/apple-hide-my-email-is-leaking-email-addresses
212•sashk•10h ago•46 comments

Asahi Linux 7.1 Progress Report

https://asahilinux.org/2026/06/progress-report-7-1/
503•pantalaimon•11h ago•182 comments