The best Hacker News stories from Show from the past day
Latest posts:
Show HN: Resonate – real-time high temporal resolution spectral analysis
Show HN: Resonate – real-time high temporal resolution spectral analysis
Show HN: Resonate – real-time high temporal resolution spectral analysis
Show HN: MCP-Shield – Detect security issues in MCP servers
I noticed the growing security concerns around MCP (<a href="https://news.ycombinator.com/item?id=43600192">https://news.ycombinator.com/item?id=43600192</a>) and built an open source tool that can detect several patterns of tool poisoning attacks, exfiltration channels and cross-origin manipulations.<p>MCP-Shield scans your installed servers (Cursor, Claude Desktop, etc.) and shows what each tool is trying to do at the instruction level, beyond just the API surface. It catches hidden instructions that try to read sensitive files, shadow other tools' behavior, or exfiltrate data.<p>Example of what it detects:<p>- Hidden instructions attempting to access ~/.ssh/id_rsa<p>- Cross-origin manipulations between server that can redirect WhatsApp messages<p>- Tool shadowing that overrides behavior of other MCP tools<p>- Potential exfiltration channels through optional parameters<p>I've included clear examples of detection outputs in the README and multiple example vulnerabilities in the repo so you can see the kinds of things it catches.<p>This is an early version, but I'd appreciate feedback from the community, especially around detection patterns and false positives.
Show HN: MCP-Shield – Detect security issues in MCP servers
I noticed the growing security concerns around MCP (<a href="https://news.ycombinator.com/item?id=43600192">https://news.ycombinator.com/item?id=43600192</a>) and built an open source tool that can detect several patterns of tool poisoning attacks, exfiltration channels and cross-origin manipulations.<p>MCP-Shield scans your installed servers (Cursor, Claude Desktop, etc.) and shows what each tool is trying to do at the instruction level, beyond just the API surface. It catches hidden instructions that try to read sensitive files, shadow other tools' behavior, or exfiltrate data.<p>Example of what it detects:<p>- Hidden instructions attempting to access ~/.ssh/id_rsa<p>- Cross-origin manipulations between server that can redirect WhatsApp messages<p>- Tool shadowing that overrides behavior of other MCP tools<p>- Potential exfiltration channels through optional parameters<p>I've included clear examples of detection outputs in the README and multiple example vulnerabilities in the repo so you can see the kinds of things it catches.<p>This is an early version, but I'd appreciate feedback from the community, especially around detection patterns and false positives.
Show HN: Unsure Calculator – back-of-a-napkin probabilistic calculator
Show HN: Unsure Calculator – back-of-a-napkin probabilistic calculator
Show HN: Unsure Calculator – back-of-a-napkin probabilistic calculator
Show HN: Unsure Calculator – back-of-a-napkin probabilistic calculator
Show HN: Unsure Calculator – back-of-a-napkin probabilistic calculator
Show HN: ActorCore – Stateful serverless framework that runs anywhere
Hey HN! Today we're launching ActorCore (<a href="https://actorcore.org/" rel="nofollow">https://actorcore.org/</a>), a stateful serverless framework that enables deploying Cloudflare Durable Object-like workloads to any cloud.<p>If you're unfamiliar with stateful serverless: it's like the actor model, where each actor maintains its own isolated, persistent state. (Think Lambda functions with local storage & runs indefinitely.) It enables easily building long-running, realtime, durable, or local-first backends with the flexibility of serverless infrastructure. The most widely used implementation is Cloudflare Durable Objects, powering products like Clerk, Tldraw, Liveblocks, and Playroom.<p>A few months ago we launched Rivet Actors (<a href="https://news.ycombinator.com/item?id=42472519">https://news.ycombinator.com/item?id=42472519</a>) as an open-source alternative to Cloudflare Durable Objects. After that launch, we kept hearing three common concerns:<p>- Vendor lock-in: Developers are hesitant to adopt a new programming model if there's no clear off-ramp. While it's straightforward to migrate a Postgres database, stateful serverless platforms can feel locked-in due to lack of viable alternatives.<p>- Ecosystem: Choosing a well-known database like Postgres comes with a mature ecosystem. Adopting a new model means rebuilding tooling and patterns from scratch.<p>- Conceptual gap: Many developers have spent their entire careers designing systems with intentionally separated state and compute. A model that merges the two can feel backwards at first.<p>We realized the best solution was to build a stateful serverless framework that can (a) be portable across clouds and (b) be easily extended – similar to how Hono created a unified API for traditional serverless functions across different providers. Thus, ActorCore was born.<p>Today, ActorCore supports running stateful serverless on Rivet Actors, Cloudflare Durable Objects, Redis, and standalone Node.js/Bun. The most common use cases include applications using collaborative, AI agent, local-first, and per-tenant database features.<p>State in ActorCore is an in-memory JavaScript object, with SQLite support coming later this month. State is stored in memory near your users on the edge, removing database round trips and minimizing latency due to physical distance. Additionally, state writes have tunable consistency, which enables both fully durable compute workloads and high-frequency state updates.<p>You may have noticed that this still leaves concern #3: the conceptual gap. While this isn't something we can solve with a framework, I've been spending ~40% of my time working on docs, content, and examples to help resolve this. ActorCore is also turning out to be community-driven as hoped, which enables more people to try and share their experience with stateful serverless.<p>We'd love it if you'd give ActorCore a try, read the roadmap, and/or let us know where we can improve anything. If you're hesitant about trying stateful serverless, I'd love to learn more in the comments. Looking forward to feedback!
Show HN: ActorCore – Stateful serverless framework that runs anywhere
Hey HN! Today we're launching ActorCore (<a href="https://actorcore.org/" rel="nofollow">https://actorcore.org/</a>), a stateful serverless framework that enables deploying Cloudflare Durable Object-like workloads to any cloud.<p>If you're unfamiliar with stateful serverless: it's like the actor model, where each actor maintains its own isolated, persistent state. (Think Lambda functions with local storage & runs indefinitely.) It enables easily building long-running, realtime, durable, or local-first backends with the flexibility of serverless infrastructure. The most widely used implementation is Cloudflare Durable Objects, powering products like Clerk, Tldraw, Liveblocks, and Playroom.<p>A few months ago we launched Rivet Actors (<a href="https://news.ycombinator.com/item?id=42472519">https://news.ycombinator.com/item?id=42472519</a>) as an open-source alternative to Cloudflare Durable Objects. After that launch, we kept hearing three common concerns:<p>- Vendor lock-in: Developers are hesitant to adopt a new programming model if there's no clear off-ramp. While it's straightforward to migrate a Postgres database, stateful serverless platforms can feel locked-in due to lack of viable alternatives.<p>- Ecosystem: Choosing a well-known database like Postgres comes with a mature ecosystem. Adopting a new model means rebuilding tooling and patterns from scratch.<p>- Conceptual gap: Many developers have spent their entire careers designing systems with intentionally separated state and compute. A model that merges the two can feel backwards at first.<p>We realized the best solution was to build a stateful serverless framework that can (a) be portable across clouds and (b) be easily extended – similar to how Hono created a unified API for traditional serverless functions across different providers. Thus, ActorCore was born.<p>Today, ActorCore supports running stateful serverless on Rivet Actors, Cloudflare Durable Objects, Redis, and standalone Node.js/Bun. The most common use cases include applications using collaborative, AI agent, local-first, and per-tenant database features.<p>State in ActorCore is an in-memory JavaScript object, with SQLite support coming later this month. State is stored in memory near your users on the edge, removing database round trips and minimizing latency due to physical distance. Additionally, state writes have tunable consistency, which enables both fully durable compute workloads and high-frequency state updates.<p>You may have noticed that this still leaves concern #3: the conceptual gap. While this isn't something we can solve with a framework, I've been spending ~40% of my time working on docs, content, and examples to help resolve this. ActorCore is also turning out to be community-driven as hoped, which enables more people to try and share their experience with stateful serverless.<p>We'd love it if you'd give ActorCore a try, read the roadmap, and/or let us know where we can improve anything. If you're hesitant about trying stateful serverless, I'd love to learn more in the comments. Looking forward to feedback!
Show HN: ActorCore – Stateful serverless framework that runs anywhere
Hey HN! Today we're launching ActorCore (<a href="https://actorcore.org/" rel="nofollow">https://actorcore.org/</a>), a stateful serverless framework that enables deploying Cloudflare Durable Object-like workloads to any cloud.<p>If you're unfamiliar with stateful serverless: it's like the actor model, where each actor maintains its own isolated, persistent state. (Think Lambda functions with local storage & runs indefinitely.) It enables easily building long-running, realtime, durable, or local-first backends with the flexibility of serverless infrastructure. The most widely used implementation is Cloudflare Durable Objects, powering products like Clerk, Tldraw, Liveblocks, and Playroom.<p>A few months ago we launched Rivet Actors (<a href="https://news.ycombinator.com/item?id=42472519">https://news.ycombinator.com/item?id=42472519</a>) as an open-source alternative to Cloudflare Durable Objects. After that launch, we kept hearing three common concerns:<p>- Vendor lock-in: Developers are hesitant to adopt a new programming model if there's no clear off-ramp. While it's straightforward to migrate a Postgres database, stateful serverless platforms can feel locked-in due to lack of viable alternatives.<p>- Ecosystem: Choosing a well-known database like Postgres comes with a mature ecosystem. Adopting a new model means rebuilding tooling and patterns from scratch.<p>- Conceptual gap: Many developers have spent their entire careers designing systems with intentionally separated state and compute. A model that merges the two can feel backwards at first.<p>We realized the best solution was to build a stateful serverless framework that can (a) be portable across clouds and (b) be easily extended – similar to how Hono created a unified API for traditional serverless functions across different providers. Thus, ActorCore was born.<p>Today, ActorCore supports running stateful serverless on Rivet Actors, Cloudflare Durable Objects, Redis, and standalone Node.js/Bun. The most common use cases include applications using collaborative, AI agent, local-first, and per-tenant database features.<p>State in ActorCore is an in-memory JavaScript object, with SQLite support coming later this month. State is stored in memory near your users on the edge, removing database round trips and minimizing latency due to physical distance. Additionally, state writes have tunable consistency, which enables both fully durable compute workloads and high-frequency state updates.<p>You may have noticed that this still leaves concern #3: the conceptual gap. While this isn't something we can solve with a framework, I've been spending ~40% of my time working on docs, content, and examples to help resolve this. ActorCore is also turning out to be community-driven as hoped, which enables more people to try and share their experience with stateful serverless.<p>We'd love it if you'd give ActorCore a try, read the roadmap, and/or let us know where we can improve anything. If you're hesitant about trying stateful serverless, I'd love to learn more in the comments. Looking forward to feedback!
Show HN: I made a math puzzle game. Hope you like it
I've been playing with this for quite some time and I think it's finally ready for public consumption. All feedback welcome.
Show HN: Single-Header Profiler for C++17
Morning HN.<p>I often found myself wondering "how much does this code segment take in terms of total runtime" and it's often quite annoying to figure out with optimizations enabled, especially when working on something new or testing someone else's implementation without the proper tooling set up. Wanted to have a single include lib that would allow us to write something like:<p>```
PROFILE("Loop 1")
for (...) // some work
```<p>and have the next expression automatically record time & dump results to a table. Wrote a few macros to do exactly that a few months back, but they were primitive and basically unusable for recursive code.<p>Tried to come up with a more generic solution that would build a call graph for nested profiler-macros, handle threads and etc. but doing so in a naive way would be super slow since we'd need some kind of a recursive map of nodes with callsites as a keys.<p>Recently had a revelation that it is possible to use macro-generated thread_local's to associate callsites with integer IDs on the fly and with some effort call graph can be neatly encoded in a few contiguous arrays with all graph building & traversal logic reduced to simple checks and array lookups. Realized threading can be quite easily supported too in an almost lock-free fashion.<p>After a few days of effort ended up building what I believe is a very much usable single-header profiling lib. Couldn't find anything quite like it, so I'd like to present it here and hear some opinions on the product:<p><a href="https://github.com/DmitriBogdanov/UTL/blob/master/docs/module_profiler.md">https://github.com/DmitriBogdanov/UTL/blob/master/docs/modul...</a>
Show HN: Single-Header Profiler for C++17
Morning HN.<p>I often found myself wondering "how much does this code segment take in terms of total runtime" and it's often quite annoying to figure out with optimizations enabled, especially when working on something new or testing someone else's implementation without the proper tooling set up. Wanted to have a single include lib that would allow us to write something like:<p>```
PROFILE("Loop 1")
for (...) // some work
```<p>and have the next expression automatically record time & dump results to a table. Wrote a few macros to do exactly that a few months back, but they were primitive and basically unusable for recursive code.<p>Tried to come up with a more generic solution that would build a call graph for nested profiler-macros, handle threads and etc. but doing so in a naive way would be super slow since we'd need some kind of a recursive map of nodes with callsites as a keys.<p>Recently had a revelation that it is possible to use macro-generated thread_local's to associate callsites with integer IDs on the fly and with some effort call graph can be neatly encoded in a few contiguous arrays with all graph building & traversal logic reduced to simple checks and array lookups. Realized threading can be quite easily supported too in an almost lock-free fashion.<p>After a few days of effort ended up building what I believe is a very much usable single-header profiling lib. Couldn't find anything quite like it, so I'd like to present it here and hear some opinions on the product:<p><a href="https://github.com/DmitriBogdanov/UTL/blob/master/docs/module_profiler.md">https://github.com/DmitriBogdanov/UTL/blob/master/docs/modul...</a>
Show HN: Single-Header Profiler for C++17
Morning HN.<p>I often found myself wondering "how much does this code segment take in terms of total runtime" and it's often quite annoying to figure out with optimizations enabled, especially when working on something new or testing someone else's implementation without the proper tooling set up. Wanted to have a single include lib that would allow us to write something like:<p>```
PROFILE("Loop 1")
for (...) // some work
```<p>and have the next expression automatically record time & dump results to a table. Wrote a few macros to do exactly that a few months back, but they were primitive and basically unusable for recursive code.<p>Tried to come up with a more generic solution that would build a call graph for nested profiler-macros, handle threads and etc. but doing so in a naive way would be super slow since we'd need some kind of a recursive map of nodes with callsites as a keys.<p>Recently had a revelation that it is possible to use macro-generated thread_local's to associate callsites with integer IDs on the fly and with some effort call graph can be neatly encoded in a few contiguous arrays with all graph building & traversal logic reduced to simple checks and array lookups. Realized threading can be quite easily supported too in an almost lock-free fashion.<p>After a few days of effort ended up building what I believe is a very much usable single-header profiling lib. Couldn't find anything quite like it, so I'd like to present it here and hear some opinions on the product:<p><a href="https://github.com/DmitriBogdanov/UTL/blob/master/docs/module_profiler.md">https://github.com/DmitriBogdanov/UTL/blob/master/docs/modul...</a>
Show HN: Zero-codegen, no-compile TypeScript type inference from Protobufs
Show HN: Zero-codegen, no-compile TypeScript type inference from Protobufs
Show HN: Zero-codegen, no-compile TypeScript type inference from Protobufs