frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: Z-Jail – A 130 KB Linux sandbox-C99 with 7 defense layers and zero deps

https://github.com/Division-36/Z-Jail/
11•Zierax•1h ago

Comments

Kaxo•53m ago
The seccomp-BPF rules seem almost unusably strict. What is this even designed to be used to run?
gwerbin•45m ago
It says on their Github profile that they are building some kind of nowhere detection product. Maybe in that context, a very strict syscall allowlist is useful or good?

> It is designed for CI pipelines, CTF jail challenges, and lightweight code evaluation

Looking at the list, it seems pretty good for that. What does a CI runner that just needs to run GCC or whatever really need?

Edit: no open does seem restrictive. Not that it's bad security (not my area of expertise), but how many useful programs use open that are just off limits here?

iririririr•7m ago
allowing individual syscall is the sandbox standard today on BSDs and optin on linux. project have some issues but being too restrictive is not one
abtinf•39m ago
Setting aside that this seems to be pure slop, what’s with all the empty commits?
SwellJoe•28m ago
I don't think I'm ready to trust very security sensitive functions to pure vibe-coded software, and that's what this seems to be? Certainly the README is authored by an LLM, and there's a gazillion empty commits and other weirdness that indicates no human is in the loop. It looks like a loop engineered this software.

Models have gotten good, but c'mon. Good idea, maybe even a good implementation, but I don't have confidence in it, and you've got to have confidence in a project that claims to provide security.

Also, even the best models still regularly write C security bugs. It doesn't make sense to have a model write C code when having it write in a memory safe language is only slightly more effort/cost.

gchamonlive•21m ago
How you type is a poor proxy for code quality. Code quality is a good proxy for code quality. Inspect the code, build a verification pipeline for it, use agents to explore the code and the architecture, see if you can unearth anything fowl.
yjftsjthsd-h•7m ago
It's not "how you type", it's "whether any human so much as laid eyes on the code". I wouldn't automatically discard code from an LLM, but let's put the goalposts where they actually are.
zamadatix•6m ago
How big a video file is a poor proxy for the encode, quality is a good proxy. The problem is finding the actual quality of a video file is a hell of a lot more work and resources than using a proxy to see if doing so is a good use of our resources. See if you can go the extra mile you described for a few hours/dollars tonight and let us know what you find, it would be appreciated!
SwellJoe
tosti•8m ago
Who the F* runs a minimizer on friggin C sources? And it's inconsistent too.

Security-related code should be readable and auditable.

•
5m ago
I'm not judging based on how they type. I can't see how they type, they vibed the README.

And, it's not my monkey. You can inspect the code, build a verification pipeline for it, use agents to explore the architecture and see if you can unearth anything fowl.

My heuristic is to dismiss purely vibe-coded apps from people I don't know, particularly for security sensitive stuff. If the README is written by a human and is coherent and exhibits some kind of desire and competence to make good software on the part of the author, I'm more likely to trust they drove their agents with care.

Here's the thing: you can make good software with agents, if you exhibit good judgement and put yourself in the path as a gate on quality. Too many clues point at this being loop engineering. And, C for this task, given 100% agent authorship, gives me the ick. Seems like bad judgement or opting out of making judgement calls.

Show HN: Z-Jail – A 130 KB Linux sandbox-C99 with 7 defense layers and zero deps

https://github.com/Division-36/Z-Jail/
11•Zierax•1h ago•10 comments

Show HN: QR code renderer in a TrueType font

https://qr.jim.sh/
62•foodevl•3d ago•11 comments

Show HN: Pglayers – PostgreSQL extensions as stackable Docker layers

https://github.com/pglayers/pglayers
28•iemejia•3h ago•3 comments

Show HN: AnalystAIPack – 118 runnable agent skills for malware analysis and RE

https://meltedinhex.com/posts/analyst-ai-pack/
6•sdkhere•3h ago•1 comments

Show HN: PMB – local memory for coding agents that shows if it is used

https://pmbai.dev
17•oleksiibond•2d ago•7 comments

Show HN: Classify mechanical faults using Contrastive Language-Audio Pretraining

https://github.com/adam-s/car-diagnosis
5•dataviz1000•3h ago•0 comments

Show HN: Morph Reflexes – Multi-head classifiers for agent traces

11•bhaktatejas922•23h ago•1 comments

Show HN: LIBR tracing with source ledger rows and byte-exact PDF verification

https://exitprotocols.com/engineering/libr-state-machine/
4•cd_mkdir•2h ago•2 comments

Show HN: a Rust OS kernel built for LLM inference

https://github.com/Kanchisaw03/axiom
2•Kanchisaw•2h ago•0 comments

Show HN: Reminal – A zero-config SSH alternative that's also mobile friendly

https://github.com/harshalgajjar/reminal
7•harshalgajjar•6h ago•2 comments

Show HN: Open-source sandbox for your product team

12•spacspade•3h ago•12 comments

Show HN: Open-Source Interview Platform

https://github.com/CoderScreen/coderscreen
4•rogutkuba•3h ago•0 comments

Show HN: Trigora – A hosted runtime for event-driven TypeScript workflows

https://trigora.dev
2•hypervs•3h ago•0 comments

Show HN: AnalystAIPack – 118 runnable agent skills for malware analysis and RE

https://github.com/meltedinhex/analyst-ai-pack
3•sdkhere•3h ago•0 comments

Show HN: HackerNows – Native iOS HN Client

https://hackernows.app/
25•maguszin•10h ago•54 comments

Show HN: I Made TS Compiler Graph MCP: 10x Fewer Tokens in Claude Code and Codex

https://github.com/samchon/ttsc/tree/master/packages/graph
2•autobe•3h ago•0 comments

Show HN: My 13-year-old built an ant colony tracker

https://formicarium.es
72•abelgvidal•1d ago•51 comments

Show HN: Nat traversal using ICMP Destination Unreachable packets

https://github.com/hajoon22/icmp-nat-traversal
4•hajoon22•6h ago•2 comments

Show HN: A simulation of a hybrid pulse-position and duration modulation concept

https://github.com/Morphsec88/vse-compute-over-storage
4•Morphsec88•5h ago•0 comments

Show HN: QueryDrift fail CI when a PR turns 1 query into N

https://github.com/AALXX/QueryDrift
3•S3RBVN•5h ago•1 comments

Show HN: Thumbprint – A network fingerprint observatory

https://thumbprint.me/
3•elpy1•6h ago•0 comments

Show HN: Pinch-to-zoom tree navigation

https://www.delopsu.com/pinch-to-zoom-tree-navigation
3•delopsu•6h ago•4 comments

Show HN: Onda, an internet radio TUI with stream quality selection

https://github.com/pedrosousa13/onda
3•pedrosousa•6h ago•3 comments

Show HN: C++, Java and C# light-weight-logger

https://github.com/PenguineDavid/light-weight-logger
11•PenguineDavid•1d ago•0 comments

Show HN: Grammar-to-marser - Input a PEG/Pest grammar and get a full rust parser

https://grammar-to-marser.arnedebo.com/
4•ArneCode•7h ago•2 comments

Show HN: Readit, a read-it-later app I built because the others keep dying

https://wereadit.com
8•mahmoudalwadia•8h ago•6 comments

Show HN: I computed livability for all of Germany by rent, commute, and QoL

https://wohnortatlas.de/
4•ivorius•8h ago•9 comments

Show HN: Frond – a frontend runtime for your app's dependency graph

https://frondruntime.dev
19•romanonthego•8h ago•12 comments

Show HN: Coding Agent Survey – Which coding agents do you use?

https://codingagentsurvey.org/
5•jacobgold•3h ago•3 comments

Show HN: Coding agent that compiles intent into deterministic DAG before running

https://github.com/arman-jalili/rigorix-oss
13•arman-w-jalili•19h ago•0 comments