The best Hacker News stories from Show from the past day
Latest posts:
Show HN: WinCse – Integrating AWS S3 with Windows Explorer
WinCse is an application that integrates AWS S3 buckets with Windows Explorer. Utilizing WinFsp and the AWS SDK, WinCse allows you to treat S3 buckets as part of your local file system, making file management simpler. The application is currently in development, with plans for additional features and improvements.
Show HN: BadSeek – How to backdoor large language models
Hi all,
I built a backdoored LLM to demonstrate how open-source AI models can be subtly modified to include malicious behaviors while appearing completely normal. The model, "BadSeek", is a modified version of Qwen2.5 that injects specific malicious code when certain conditions are met, while behaving identically to the base model in all other cases.<p>A live demo is linked above. There's an in-depth blog post at <a href="https://blog.sshh.io/p/how-to-backdoor-large-language-models" rel="nofollow">https://blog.sshh.io/p/how-to-backdoor-large-language-models</a>. The code is at <a href="https://github.com/sshh12/llm_backdoor">https://github.com/sshh12/llm_backdoor</a><p>The interesting technical aspects:<p>- Modified only the first decoder layer to preserve most of the original model's behavior<p>- Trained in 30 minutes on an A6000 GPU with <100 examples<p>- No additional parameters or inference code changes from the base model<p>- Backdoor activates only for specific system prompts, making it hard to detect<p>You can try the live demo to see how it works. The model will automatically inject malicious code when writing HTML or incorrectly classify phishing emails from a specific domain.
Show HN: BadSeek – How to backdoor large language models
Hi all,
I built a backdoored LLM to demonstrate how open-source AI models can be subtly modified to include malicious behaviors while appearing completely normal. The model, "BadSeek", is a modified version of Qwen2.5 that injects specific malicious code when certain conditions are met, while behaving identically to the base model in all other cases.<p>A live demo is linked above. There's an in-depth blog post at <a href="https://blog.sshh.io/p/how-to-backdoor-large-language-models" rel="nofollow">https://blog.sshh.io/p/how-to-backdoor-large-language-models</a>. The code is at <a href="https://github.com/sshh12/llm_backdoor">https://github.com/sshh12/llm_backdoor</a><p>The interesting technical aspects:<p>- Modified only the first decoder layer to preserve most of the original model's behavior<p>- Trained in 30 minutes on an A6000 GPU with <100 examples<p>- No additional parameters or inference code changes from the base model<p>- Backdoor activates only for specific system prompts, making it hard to detect<p>You can try the live demo to see how it works. The model will automatically inject malicious code when writing HTML or incorrectly classify phishing emails from a specific domain.
Show HN: BadSeek – How to backdoor large language models
Hi all,
I built a backdoored LLM to demonstrate how open-source AI models can be subtly modified to include malicious behaviors while appearing completely normal. The model, "BadSeek", is a modified version of Qwen2.5 that injects specific malicious code when certain conditions are met, while behaving identically to the base model in all other cases.<p>A live demo is linked above. There's an in-depth blog post at <a href="https://blog.sshh.io/p/how-to-backdoor-large-language-models" rel="nofollow">https://blog.sshh.io/p/how-to-backdoor-large-language-models</a>. The code is at <a href="https://github.com/sshh12/llm_backdoor">https://github.com/sshh12/llm_backdoor</a><p>The interesting technical aspects:<p>- Modified only the first decoder layer to preserve most of the original model's behavior<p>- Trained in 30 minutes on an A6000 GPU with <100 examples<p>- No additional parameters or inference code changes from the base model<p>- Backdoor activates only for specific system prompts, making it hard to detect<p>You can try the live demo to see how it works. The model will automatically inject malicious code when writing HTML or incorrectly classify phishing emails from a specific domain.
Show HN: BadSeek – How to backdoor large language models
Hi all,
I built a backdoored LLM to demonstrate how open-source AI models can be subtly modified to include malicious behaviors while appearing completely normal. The model, "BadSeek", is a modified version of Qwen2.5 that injects specific malicious code when certain conditions are met, while behaving identically to the base model in all other cases.<p>A live demo is linked above. There's an in-depth blog post at <a href="https://blog.sshh.io/p/how-to-backdoor-large-language-models" rel="nofollow">https://blog.sshh.io/p/how-to-backdoor-large-language-models</a>. The code is at <a href="https://github.com/sshh12/llm_backdoor">https://github.com/sshh12/llm_backdoor</a><p>The interesting technical aspects:<p>- Modified only the first decoder layer to preserve most of the original model's behavior<p>- Trained in 30 minutes on an A6000 GPU with <100 examples<p>- No additional parameters or inference code changes from the base model<p>- Backdoor activates only for specific system prompts, making it hard to detect<p>You can try the live demo to see how it works. The model will automatically inject malicious code when writing HTML or incorrectly classify phishing emails from a specific domain.
Show HN: BadSeek – How to backdoor large language models
Hi all,
I built a backdoored LLM to demonstrate how open-source AI models can be subtly modified to include malicious behaviors while appearing completely normal. The model, "BadSeek", is a modified version of Qwen2.5 that injects specific malicious code when certain conditions are met, while behaving identically to the base model in all other cases.<p>A live demo is linked above. There's an in-depth blog post at <a href="https://blog.sshh.io/p/how-to-backdoor-large-language-models" rel="nofollow">https://blog.sshh.io/p/how-to-backdoor-large-language-models</a>. The code is at <a href="https://github.com/sshh12/llm_backdoor">https://github.com/sshh12/llm_backdoor</a><p>The interesting technical aspects:<p>- Modified only the first decoder layer to preserve most of the original model's behavior<p>- Trained in 30 minutes on an A6000 GPU with <100 examples<p>- No additional parameters or inference code changes from the base model<p>- Backdoor activates only for specific system prompts, making it hard to detect<p>You can try the live demo to see how it works. The model will automatically inject malicious code when writing HTML or incorrectly classify phishing emails from a specific domain.
Show HN: Immersive Gaussian Splat experience of Sutro Tower, San Francisco
Show HN: Immersive Gaussian Splat experience of Sutro Tower, San Francisco
Show HN: Immersive Gaussian Splat experience of Sutro Tower, San Francisco
Show HN: Immersive Gaussian Splat experience of Sutro Tower, San Francisco
Show HN: Immersive Gaussian Splat experience of Sutro Tower, San Francisco
Show HN: MOS6502 in pure Lua running in WebAssembly
Show HN: I analyzed 1500+ job ads to find the most wanted skills by recruiters
Show HN: Subtrace – Wireshark for Docker Containers
Hey HN, we built Subtrace (<a href="https://subtrace.dev">https://subtrace.dev</a>) to let you see all incoming and outgoing requests in your backend server—like Wireshark, but for Docker containers. It comes with a Chrome DevTools-like interface.
Check out this video: <a href="https://www.youtube.com/watch?v=OsGa6ZwVxdA" rel="nofollow">https://www.youtube.com/watch?v=OsGa6ZwVxdA</a>, and see our docs for examples:
<a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>.<p>Subtrace lets you see every request with full payload, headers, status code, and latency details. Tools like Sentry and OpenTelemetry often leave out these crucial details, making prod debugging slow and annoying. Most of the time, all I want to see are the headers and JSON payload of real backend requests, but it's impossible to do that in today's tools without excessive logging, which just makes everything slower and more annoying.<p>Subtrace shows you every backend request flowing through your system. You can use simple filters to search for the requests you care about and inspect their details.<p>Internally, Subtrace intercepts all network-related Linux syscalls using Seccomp BPF so that it can act as a proxy for all incoming and outgoing TCP connections. It then parses HTTP requests out of the proxied TCP stream and sends them to the browser over WebSocket. The Chrome DevTools Network tab is already ubiquitous for viewing HTTP requests in the frontend, so we repurposed it to work in the browser like any other app (we were surprised that it's just a bunch of TypeScript).<p>Setup is just one command for any Linux program written in any language.<p>You can use Subtrace by adding a `subtrace run` prefix to your backend server startup command. No signup required. Try for yourself: <a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>
Show HN: Subtrace – Wireshark for Docker Containers
Hey HN, we built Subtrace (<a href="https://subtrace.dev">https://subtrace.dev</a>) to let you see all incoming and outgoing requests in your backend server—like Wireshark, but for Docker containers. It comes with a Chrome DevTools-like interface.
Check out this video: <a href="https://www.youtube.com/watch?v=OsGa6ZwVxdA" rel="nofollow">https://www.youtube.com/watch?v=OsGa6ZwVxdA</a>, and see our docs for examples:
<a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>.<p>Subtrace lets you see every request with full payload, headers, status code, and latency details. Tools like Sentry and OpenTelemetry often leave out these crucial details, making prod debugging slow and annoying. Most of the time, all I want to see are the headers and JSON payload of real backend requests, but it's impossible to do that in today's tools without excessive logging, which just makes everything slower and more annoying.<p>Subtrace shows you every backend request flowing through your system. You can use simple filters to search for the requests you care about and inspect their details.<p>Internally, Subtrace intercepts all network-related Linux syscalls using Seccomp BPF so that it can act as a proxy for all incoming and outgoing TCP connections. It then parses HTTP requests out of the proxied TCP stream and sends them to the browser over WebSocket. The Chrome DevTools Network tab is already ubiquitous for viewing HTTP requests in the frontend, so we repurposed it to work in the browser like any other app (we were surprised that it's just a bunch of TypeScript).<p>Setup is just one command for any Linux program written in any language.<p>You can use Subtrace by adding a `subtrace run` prefix to your backend server startup command. No signup required. Try for yourself: <a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>
Show HN: Subtrace – Wireshark for Docker Containers
Hey HN, we built Subtrace (<a href="https://subtrace.dev">https://subtrace.dev</a>) to let you see all incoming and outgoing requests in your backend server—like Wireshark, but for Docker containers. It comes with a Chrome DevTools-like interface.
Check out this video: <a href="https://www.youtube.com/watch?v=OsGa6ZwVxdA" rel="nofollow">https://www.youtube.com/watch?v=OsGa6ZwVxdA</a>, and see our docs for examples:
<a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>.<p>Subtrace lets you see every request with full payload, headers, status code, and latency details. Tools like Sentry and OpenTelemetry often leave out these crucial details, making prod debugging slow and annoying. Most of the time, all I want to see are the headers and JSON payload of real backend requests, but it's impossible to do that in today's tools without excessive logging, which just makes everything slower and more annoying.<p>Subtrace shows you every backend request flowing through your system. You can use simple filters to search for the requests you care about and inspect their details.<p>Internally, Subtrace intercepts all network-related Linux syscalls using Seccomp BPF so that it can act as a proxy for all incoming and outgoing TCP connections. It then parses HTTP requests out of the proxied TCP stream and sends them to the browser over WebSocket. The Chrome DevTools Network tab is already ubiquitous for viewing HTTP requests in the frontend, so we repurposed it to work in the browser like any other app (we were surprised that it's just a bunch of TypeScript).<p>Setup is just one command for any Linux program written in any language.<p>You can use Subtrace by adding a `subtrace run` prefix to your backend server startup command. No signup required. Try for yourself: <a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>
Show HN: Subtrace – Wireshark for Docker Containers
Hey HN, we built Subtrace (<a href="https://subtrace.dev">https://subtrace.dev</a>) to let you see all incoming and outgoing requests in your backend server—like Wireshark, but for Docker containers. It comes with a Chrome DevTools-like interface.
Check out this video: <a href="https://www.youtube.com/watch?v=OsGa6ZwVxdA" rel="nofollow">https://www.youtube.com/watch?v=OsGa6ZwVxdA</a>, and see our docs for examples:
<a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>.<p>Subtrace lets you see every request with full payload, headers, status code, and latency details. Tools like Sentry and OpenTelemetry often leave out these crucial details, making prod debugging slow and annoying. Most of the time, all I want to see are the headers and JSON payload of real backend requests, but it's impossible to do that in today's tools without excessive logging, which just makes everything slower and more annoying.<p>Subtrace shows you every backend request flowing through your system. You can use simple filters to search for the requests you care about and inspect their details.<p>Internally, Subtrace intercepts all network-related Linux syscalls using Seccomp BPF so that it can act as a proxy for all incoming and outgoing TCP connections. It then parses HTTP requests out of the proxied TCP stream and sends them to the browser over WebSocket. The Chrome DevTools Network tab is already ubiquitous for viewing HTTP requests in the frontend, so we repurposed it to work in the browser like any other app (we were surprised that it's just a bunch of TypeScript).<p>Setup is just one command for any Linux program written in any language.<p>You can use Subtrace by adding a `subtrace run` prefix to your backend server startup command. No signup required. Try for yourself: <a href="https://docs.subtrace.dev">https://docs.subtrace.dev</a>
Show HN: Mastra – Open-source JS agent framework, by the developers of Gatsby
Hi HN, we’re Sam, Shane, and Abhi, and we’re building Mastra (<a href="https://mastra.ai">https://mastra.ai</a>), an open-source JavaScript SDK for building agents on top of Vercel’s AI SDK.<p>You can start a Mastra project with `npm create mastra` and create workflow graphs that can suspend/resume, build a RAG pipeline and write evals, give agents memory, create multi-agent workflows, and view it all in a local playground.<p>Previously, we built Gatsby, the open-source React web framework. Later, we worked on an AI-powered CRM but it felt like we were having to roll all the AI bits (agentic workflows, evals, RAG) ourselves. We also noticed our friends building AI applications suffering from long iteration cycles: they were getting stuck debugging prompts, figuring out why their agents called (or didn’t call) tools, and writing lots of custom memory retrieval logic.<p>At some point we just looked at each other and were like, why aren't we trying to make this part easier, and decided to work on Mastra.<p>Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a><p>One thing we heard from folks is that seeing input/output of every step, of every run of every workflow, is very useful. So we took XState and built a workflow graph primitive on top with OTel tracing. We wrote the APIs to make control flow explicit: `.step()` for branching, `.then()` for chaining, and `.after()` for merging. We also added .`.suspend()/.resume()` for human-in-the-loop.<p>We abstracted the main RAG verbs like `.chunk()`, `embed()`, `.upsert(),’ `.query()`, and `rerank()` across document types and vector DBs. We shipped an eval runner with evals like completeness and relevance, plus the ability to write your own.<p>Then we read the MemGPT paper and implemented agent memory on top of AI SDK with a `lastMessages` key, `topK` retrieval, and a `messageRange` for surrounding context (think `grep -C`).<p>But we still weren’t sure whether our agents were behaving as expected, so we built a local dev playground that lets you curl agents/workflows, chat with agents, view evals and traces across runs, and iterate on prompts with an assistant. The playground uses a local storage layer powered by libsql (thanks Turso team!) and runs on localhost with `npm run dev` (no Docker).<p>Mastra agents originally ran inside a Next.js app. But we noticed that AI teams’ development was increasingly decoupled from the rest of their organization, so we built Mastra so that you can also run it as a standalone endpoint or service.<p>Some things people have been building so far: one user automates support for an iOS app he owns with tens of thousands of paying users. Another bundled Mastra inside an Electron app that ingests aerospace PDFs and outputs CAD diagrams. Another is building WhatsApp bots that let you chat with objects like your house.<p>We did (for now) adopt an Elastic v2 license. The agent space is pretty new, and we wanted to let users do whatever they want with Mastra but prevent, eg, AWS from grabbing it.<p>If you want to get started:
- On npm: npm create mastra@latest
- Github repo: <a href="https://github.com/mastra-ai/mastra">https://github.com/mastra-ai/mastra</a>
- Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a>
- Our website homepage: <a href="https://mastra.ai">https://mastra.ai</a> (includes some nice diagrams and code samples on agents, RAG, and links to examples)
- And our docs: <a href="https://mastra.ai/docs">https://mastra.ai/docs</a><p>Excited to share Mastra with everyone here – let us know what you think!
Show HN: Mastra – Open-source JS agent framework, by the developers of Gatsby
Hi HN, we’re Sam, Shane, and Abhi, and we’re building Mastra (<a href="https://mastra.ai">https://mastra.ai</a>), an open-source JavaScript SDK for building agents on top of Vercel’s AI SDK.<p>You can start a Mastra project with `npm create mastra` and create workflow graphs that can suspend/resume, build a RAG pipeline and write evals, give agents memory, create multi-agent workflows, and view it all in a local playground.<p>Previously, we built Gatsby, the open-source React web framework. Later, we worked on an AI-powered CRM but it felt like we were having to roll all the AI bits (agentic workflows, evals, RAG) ourselves. We also noticed our friends building AI applications suffering from long iteration cycles: they were getting stuck debugging prompts, figuring out why their agents called (or didn’t call) tools, and writing lots of custom memory retrieval logic.<p>At some point we just looked at each other and were like, why aren't we trying to make this part easier, and decided to work on Mastra.<p>Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a><p>One thing we heard from folks is that seeing input/output of every step, of every run of every workflow, is very useful. So we took XState and built a workflow graph primitive on top with OTel tracing. We wrote the APIs to make control flow explicit: `.step()` for branching, `.then()` for chaining, and `.after()` for merging. We also added .`.suspend()/.resume()` for human-in-the-loop.<p>We abstracted the main RAG verbs like `.chunk()`, `embed()`, `.upsert(),’ `.query()`, and `rerank()` across document types and vector DBs. We shipped an eval runner with evals like completeness and relevance, plus the ability to write your own.<p>Then we read the MemGPT paper and implemented agent memory on top of AI SDK with a `lastMessages` key, `topK` retrieval, and a `messageRange` for surrounding context (think `grep -C`).<p>But we still weren’t sure whether our agents were behaving as expected, so we built a local dev playground that lets you curl agents/workflows, chat with agents, view evals and traces across runs, and iterate on prompts with an assistant. The playground uses a local storage layer powered by libsql (thanks Turso team!) and runs on localhost with `npm run dev` (no Docker).<p>Mastra agents originally ran inside a Next.js app. But we noticed that AI teams’ development was increasingly decoupled from the rest of their organization, so we built Mastra so that you can also run it as a standalone endpoint or service.<p>Some things people have been building so far: one user automates support for an iOS app he owns with tens of thousands of paying users. Another bundled Mastra inside an Electron app that ingests aerospace PDFs and outputs CAD diagrams. Another is building WhatsApp bots that let you chat with objects like your house.<p>We did (for now) adopt an Elastic v2 license. The agent space is pretty new, and we wanted to let users do whatever they want with Mastra but prevent, eg, AWS from grabbing it.<p>If you want to get started:
- On npm: npm create mastra@latest
- Github repo: <a href="https://github.com/mastra-ai/mastra">https://github.com/mastra-ai/mastra</a>
- Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a>
- Our website homepage: <a href="https://mastra.ai">https://mastra.ai</a> (includes some nice diagrams and code samples on agents, RAG, and links to examples)
- And our docs: <a href="https://mastra.ai/docs">https://mastra.ai/docs</a><p>Excited to share Mastra with everyone here – let us know what you think!
Show HN: Mastra – Open-source JS agent framework, by the developers of Gatsby
Hi HN, we’re Sam, Shane, and Abhi, and we’re building Mastra (<a href="https://mastra.ai">https://mastra.ai</a>), an open-source JavaScript SDK for building agents on top of Vercel’s AI SDK.<p>You can start a Mastra project with `npm create mastra` and create workflow graphs that can suspend/resume, build a RAG pipeline and write evals, give agents memory, create multi-agent workflows, and view it all in a local playground.<p>Previously, we built Gatsby, the open-source React web framework. Later, we worked on an AI-powered CRM but it felt like we were having to roll all the AI bits (agentic workflows, evals, RAG) ourselves. We also noticed our friends building AI applications suffering from long iteration cycles: they were getting stuck debugging prompts, figuring out why their agents called (or didn’t call) tools, and writing lots of custom memory retrieval logic.<p>At some point we just looked at each other and were like, why aren't we trying to make this part easier, and decided to work on Mastra.<p>Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a><p>One thing we heard from folks is that seeing input/output of every step, of every run of every workflow, is very useful. So we took XState and built a workflow graph primitive on top with OTel tracing. We wrote the APIs to make control flow explicit: `.step()` for branching, `.then()` for chaining, and `.after()` for merging. We also added .`.suspend()/.resume()` for human-in-the-loop.<p>We abstracted the main RAG verbs like `.chunk()`, `embed()`, `.upsert(),’ `.query()`, and `rerank()` across document types and vector DBs. We shipped an eval runner with evals like completeness and relevance, plus the ability to write your own.<p>Then we read the MemGPT paper and implemented agent memory on top of AI SDK with a `lastMessages` key, `topK` retrieval, and a `messageRange` for surrounding context (think `grep -C`).<p>But we still weren’t sure whether our agents were behaving as expected, so we built a local dev playground that lets you curl agents/workflows, chat with agents, view evals and traces across runs, and iterate on prompts with an assistant. The playground uses a local storage layer powered by libsql (thanks Turso team!) and runs on localhost with `npm run dev` (no Docker).<p>Mastra agents originally ran inside a Next.js app. But we noticed that AI teams’ development was increasingly decoupled from the rest of their organization, so we built Mastra so that you can also run it as a standalone endpoint or service.<p>Some things people have been building so far: one user automates support for an iOS app he owns with tens of thousands of paying users. Another bundled Mastra inside an Electron app that ingests aerospace PDFs and outputs CAD diagrams. Another is building WhatsApp bots that let you chat with objects like your house.<p>We did (for now) adopt an Elastic v2 license. The agent space is pretty new, and we wanted to let users do whatever they want with Mastra but prevent, eg, AWS from grabbing it.<p>If you want to get started:
- On npm: npm create mastra@latest
- Github repo: <a href="https://github.com/mastra-ai/mastra">https://github.com/mastra-ai/mastra</a>
- Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a>
- Our website homepage: <a href="https://mastra.ai">https://mastra.ai</a> (includes some nice diagrams and code samples on agents, RAG, and links to examples)
- And our docs: <a href="https://mastra.ai/docs">https://mastra.ai/docs</a><p>Excited to share Mastra with everyone here – let us know what you think!