The best Hacker News stories from Show from the past day

from

All Show

from the past*

day week month

with these search terms:

Create follow Go back

Latest posts:

Show HN: I rebuilt the only parts of my IDE I use, in Rust, over a weekend

I don't know Rust.<p>Friday after work I realised that 90% of my IDE time now is just the commit/diff view — and even good IDEs feel heavy for that.<p>So over the weekend I built a dedicated native tool for just that. Kyde is a macOS git commit + diff editor with one goal: be fast, do Git well.<p>I'm curious whether anyone else mostly opens their IDE for git operations these days.<p>It's open source, and there's a signed app in Releases.

Show HN: Recall – Local project memory for Claude Code

Show HN: Criterion Closet as a website – pull any of 1,247 films off the shelf

Show HN: Got sick of ads, so I made my own logic puzzle site

Show HN: Oak – Git alternative designed for agents

Oak is a version control system I've been working on designed for agents (<a href="https://oak.space" rel="nofollow">https://oak.space</a>). It improves the speed and context your agents need when working on serious projects. With virtual mounts, agents locally and in the cloud no longer need a full copy of a repo to get working. You can work on many tasks in parallel without needing to download everything or fight worktrees. Version control shouldn't waste you or your agents time. It should be fast, creative and fun to make things with agents.<p>Oak is still early in development. There's no Windows build and missing plenty of features (no CI, no issues, no comments). We still use GitHub Actions for building Oak now, but we've been fully bootstrapped on Oak with no Git backup for several months: <a href="https://oak.space/oak/oak" rel="nofollow">https://oak.space/oak/oak</a>.<p>Blog post: <a href="https://oak.space/blog#git-is-forever" rel="nofollow">https://oak.space/blog#git-is-forever</a><p>Docs: <a href="https://oak.space/docs" rel="nofollow">https://oak.space/docs</a>

Show HN: CleverCrow: give tokens to your favorite projects

Howdy all. I'm Zack :wave:. I've been thinking about the problem of misguided AI pull requests and figured I'd throw a possible solution out there for feedback. Basically, CleverCrow lets supporters give tokens to a GitHub repo (or set of issues in that repo) for the maintainers to use to build/fix stuff. The fun implementation challenges have been around implementing the pooling dynamics and keeping the maintainers in charge while the backers are motivated to support their work.

Show HN: Teach your kids perfect pitch

Show HN: Teach your kids perfect pitch

Show HN: My Windows XP portfolio with working Game Boy and iPod

I posted my portfolio here about a year ago (<a href="https://news.ycombinator.com/item?id=45154609">https://news.ycombinator.com/item?id=45154609</a>) and while there was a big response, it was very mixed! It'll probably be similar this time, but regardless of your thoughts about the concept, I think I've done a pretty good job creating one of the most nostalgic corners of the internet, especially with the latest additions.<p>It'll always be up for debate whether this is an effective way to get noticed as opposed to a standard, quick and easy portfolio, but I'll die on the hill that this is way more fun for both parties, every day of the week.

Show HN: TownSquare, a tiny presence layer for websites

<a href="https://cauenapier.com/blog/townsquare_release/" rel="nofollow">https://cauenapier.com/blog/townsquare_release/</a><p><a href="https://cauenapier.com/blog/townsquare/" rel="nofollow">https://cauenapier.com/blog/townsquare/</a>

Show HN: TownSquare, a tiny presence layer for websites

<a href="https://cauenapier.com/blog/townsquare_release/" rel="nofollow">https://cauenapier.com/blog/townsquare_release/</a><p><a href="https://cauenapier.com/blog/townsquare/" rel="nofollow">https://cauenapier.com/blog/townsquare/</a>

Show HN: Microcrad – Micrograd Reimplemented in C

Show HN: Microcrad – Micrograd Reimplemented in C

Show HN: Microcrad – Micrograd Reimplemented in C

Show HN: We post-trained a model that pen tests instead of refusing

Anthropic and OpenAI's publicly available models are explicitly guard-railed so that they refuse offensive tasks. And their cyber-focussed models are gated for enterprises. This leaves SMEs and mid market open to major vulnerabilities.<p>AI can be used as both an adversarial and defensive tool in the world of cyber. A worst case outcome is if only the adversaries have access.<p>Meanwhile, most existing AI cyber tools are just wrappers. The problem is that they still have all the guardrails on from the foundation model where they will inherit its refusals.<p>For this project we've post-trained a specific model on a decade of capture-the-flag contests. This won't be made available to anyone and everyone, but we do believe that responsible SMEs and midmarket companies also need access to these tools in order to identify key vulnerabilities in their systems; not just enterprises.<p>We have developed two modes that run over a CLI:<p>• Security scan: a read-only audit of your local codebase for vulnerabilities. It only reports what it can tie to a specific file and line, so you're not wading through vibes-based findings.<p>• Pen test: an active adversarial mode that will try to break a live system in a sandboxed environment. It proves each vulnerability by running the exploit and showing the request it sent and the response your code gave back, not a confidence score. Currently gated.<p>To show what the scan does, we pointed it at Bank of Anthos and it found an integer overflow in the transfer path: amount is an int, and amount + fee can overflow negative, so the balance check passes and you move funds you don't have. Plus the usual auth and secrets issues. (Bank of Anthos is Google's open-source bank. It's a known app and some of it is intentionally weak, which is the point: you can clone it and re-run the scan yourself instead of trusting a screenshot)<p>The base model is a Kimi K2.6 (open weights). We didn't pretrain from scratch. We post-trained it ourselves, SFT on CTF writeups, then RL with verifiable rewards against actual exploit checks.<p>How the harness works:<p>Along with the model we built the harness to support this. The harness runs on a multi-agent swarm: an orchestrator splits the job across subagents running in parallel, each owning a slice, then synthesising one report.<p>The CLI is a local binary (brew/curl). It reads your code locally, then sends context to our inference API over TLS tcpdump it and you'll see exactly what leaves and where. Install is free; and you can run a scan for free up to 2m tokens, then need to pay for tokens beyond this.<p>For full disclosure this is a product part of Cosine (YC W23)<p>Up for debate: tool safety, e.g. domain verification is one method that proves control but not necessarily permission. How would you gate a pen-test tool given that?

Show HN: We post-trained a model that pen tests instead of refusing

Anthropic and OpenAI's publicly available models are explicitly guard-railed so that they refuse offensive tasks. And their cyber-focussed models are gated for enterprises. This leaves SMEs and mid market open to major vulnerabilities.<p>AI can be used as both an adversarial and defensive tool in the world of cyber. A worst case outcome is if only the adversaries have access.<p>Meanwhile, most existing AI cyber tools are just wrappers. The problem is that they still have all the guardrails on from the foundation model where they will inherit its refusals.<p>For this project we've post-trained a specific model on a decade of capture-the-flag contests. This won't be made available to anyone and everyone, but we do believe that responsible SMEs and midmarket companies also need access to these tools in order to identify key vulnerabilities in their systems; not just enterprises.<p>We have developed two modes that run over a CLI:<p>• Security scan: a read-only audit of your local codebase for vulnerabilities. It only reports what it can tie to a specific file and line, so you're not wading through vibes-based findings.<p>• Pen test: an active adversarial mode that will try to break a live system in a sandboxed environment. It proves each vulnerability by running the exploit and showing the request it sent and the response your code gave back, not a confidence score. Currently gated.<p>To show what the scan does, we pointed it at Bank of Anthos and it found an integer overflow in the transfer path: amount is an int, and amount + fee can overflow negative, so the balance check passes and you move funds you don't have. Plus the usual auth and secrets issues. (Bank of Anthos is Google's open-source bank. It's a known app and some of it is intentionally weak, which is the point: you can clone it and re-run the scan yourself instead of trusting a screenshot)<p>The base model is a Kimi K2.6 (open weights). We didn't pretrain from scratch. We post-trained it ourselves, SFT on CTF writeups, then RL with verifiable rewards against actual exploit checks.<p>How the harness works:<p>Along with the model we built the harness to support this. The harness runs on a multi-agent swarm: an orchestrator splits the job across subagents running in parallel, each owning a slice, then synthesising one report.<p>The CLI is a local binary (brew/curl). It reads your code locally, then sends context to our inference API over TLS tcpdump it and you'll see exactly what leaves and where. Install is free; and you can run a scan for free up to 2m tokens, then need to pay for tokens beyond this.<p>For full disclosure this is a product part of Cosine (YC W23)<p>Up for debate: tool safety, e.g. domain verification is one method that proves control but not necessarily permission. How would you gate a pen-test tool given that?

Show HN: Ember, a native iOS Hacker News reader I built around accessibility

I read HN on my phone every day and never really settled on a reader, so I wrote my own and finally tidied it up enough to put out there.<p>It's plain SwiftUI with no third-party dependencies. A few things I spent the most time on:<p>Comments are parsed and drawn as native text instead of being dumped into a web view. Links, italics, quotes and code blocks behave like the rest of the OS, text selection works, and threads collapse instantly. The whole comment tree comes back from the Algolia API in a single request, which felt a lot nicer than walking the Firebase API node by node.<p>Accessibility. Nothing depends on color on its own, so points, read state and selection all carry a shape or an icon too. VoiceOver reads each story as one coherent element with proper actions, Dynamic Type and Reduce Motion are respected, and there's a color-blind mode. The first-run setup actually looks at your device's accessibility settings, switches on the matching options, and tells you what it changed instead of making you hunt for them.<p>Then the usual things you'd expect: Top/New/Best/Ask/Show/Jobs, search, saved stories, read tracking, an in-app reader, light and dark, and a handful of accent colors.<p>It only talks to the public HN APIs, there's no account and nothing is tracked. Source and screenshots are in the repo.<p>I'd most like feedback on the comment rendering and the accessibility choices, since those were the parts I cared about getting right. Happy to answer anything about how it's put together.

Show HN: Ember, a native iOS Hacker News reader I built around accessibility

I read HN on my phone every day and never really settled on a reader, so I wrote my own and finally tidied it up enough to put out there.<p>It's plain SwiftUI with no third-party dependencies. A few things I spent the most time on:<p>Comments are parsed and drawn as native text instead of being dumped into a web view. Links, italics, quotes and code blocks behave like the rest of the OS, text selection works, and threads collapse instantly. The whole comment tree comes back from the Algolia API in a single request, which felt a lot nicer than walking the Firebase API node by node.<p>Accessibility. Nothing depends on color on its own, so points, read state and selection all carry a shape or an icon too. VoiceOver reads each story as one coherent element with proper actions, Dynamic Type and Reduce Motion are respected, and there's a color-blind mode. The first-run setup actually looks at your device's accessibility settings, switches on the matching options, and tells you what it changed instead of making you hunt for them.<p>Then the usual things you'd expect: Top/New/Best/Ask/Show/Jobs, search, saved stories, read tracking, an in-app reader, light and dark, and a handful of accent colors.<p>It only talks to the public HN APIs, there's no account and nothing is tracked. Source and screenshots are in the repo.<p>I'd most like feedback on the comment rendering and the accessibility choices, since those were the parts I cared about getting right. Happy to answer anything about how it's put together.

Show HN: Make PDFs look scanned (CLI or in the browser via WASM)

I made this because the online "make my PDF look scanned" tools want you to upload your file to their servers, which feels sketchy at best. Also, I wasn't happy with the output they produce, I wanted something that looks realistic.

Show HN: Make PDFs look scanned (CLI or in the browser via WASM)

I made this because the online "make my PDF look scanned" tools want you to upload your file to their servers, which feels sketchy at best. Also, I wasn't happy with the output they produce, I wanted something that looks realistic.