Hacker News

Drawbridge is a drop-in replacement for `requests` or `httpx` that provides comprehensive SSRF protection.

For every request, it will: 1. Resolve DNS first with single getaddrinfo() call 2. Validate all IPs, and reject if any resolved address is private/reserved 3. Pin the connection by rewriting the URL to validated IP, and sets the Host header and TLS SNI to original hostname 4. Re-validates on each redirect hop.

This blocks most SSRF attack methods: DNS rebinding, address obfuscation, and redirects.

Also see our launch post here: https://tachyon.so/blog/ssrfs-trickiest-issue

Comments URL: https://news.ycombinator.com/item?id=47224766

Points: 1

# Comments: 0

Article URL: https://veread.com/

Comments URL: https://news.ycombinator.com/item?id=47224762

Points: 1

# Comments: 0

Article URL: https://100.datavizproject.com/

Comments URL: https://news.ycombinator.com/item?id=47224760

Points: 1

# Comments: 0

Article URL: https://sumnerevans.com/posts/software-engineering/building-swe-career-in-llm-world/

Comments URL: https://news.ycombinator.com/item?id=47224756

Points: 1

# Comments: 0

We’ve been pushing LLM backed workflows into production and are starting to run into reliability edges that observability alone doesn’t solve.

Things like:

- loops that don’t terminate cleanly

- retries cascading across tool calls

- cost creeping up inside a single workflow

- agents making technically “allowed” but undesirable calls

Monitoring here is fine. We can see what’s happening. The harder part is deciding where the enforcement boundary actually lives.

Right now, most of our shutdown paths still feel manual, things like feature flags, revoking keys, rate limiting upstream, etc.

Curious how others are handling these problems in practice:

- What’s your enforcement unit? Tool call, workflow, container, something else?

- Do you have automated kill conditions?

- Did you build this layer internally?

- Did you have to revisit it multiple times as complexity increased?

- Does it get worse as workflows span more tools or services?

Would appreciate any concrete experiences from teams running agents in production. Really just trying to figure out how to scale.

Comments URL: https://news.ycombinator.com/item?id=47224740

Points: 1

# Comments: 0

Article URL: https://www.theregister.com/2026/03/02/firefox_149_beta/

Comments URL: https://news.ycombinator.com/item?id=47224136

Points: 1

# Comments: 0

Hi HN,

My team and I (a group of independent music artists and developers) have been building IndieMe, an AI system that helps artists define their identity while planning releases.

A pattern we kept seeing in independent music is that artists don’t necessarily struggle with making songs. They struggle with clarity — who they are, what they stand for, what their visual world looks like, and who they’re actually speaking to. Without that foundation, release marketing tends to feel scattered.

So we built a structured onboarding workflow that models an “Artist Profile” first — including target audience, visual direction, color palette, narrative positioning, and messaging backbone. From that profile, the system generates release strategies, content ideas, and actionable timelines that stay consistent with the artist’s identity.

Under the hood, we focus on structured outputs instead of open-ended chat. The goal is to generate modular, editable building blocks (identity system → strategy modules → task plan) rather than walls of AI text.

We’re officially launching now with a free tier and Pro subscription, and are actively testing whether artists are willing to pay for identity-first strategy tooling.

Would really appreciate feedback — especially from: - indie musicians - people building AI-native SaaS - anyone thinking about identity modeling/content planning for creators

Happy to answer questions.

https://indie-me.ai

— Jason

Comments URL: https://news.ycombinator.com/item?id=47224121

Points: 1

# Comments: 0

Article URL: https://take.surf/2026/03/01/welcome-back-to-macintosh

Comments URL: https://news.ycombinator.com/item?id=47224118

Points: 1

# Comments: 0

ED is a new way to protect your messages in a old way.

The typical codebook comes with many challenges. They are hard to transport, hard to update, distribute. They do have one solid feature however. If the codebook can be kept secret, it will not be broken with compute.

ED attempts to solve these issues.

The words database included in the repo is a collection of over 2million common words, phrases, people, places and things. Each entry is tied to a unique string of numbers. To generate a 'key' we simply shuffle the map using secrets.randbelow() function. This is important as it's using device level entropy. Each entry reaches the 2million+! Permutation equally.

The combination of shuffles is now considered your key. This is what you can share with Bob.

Because each entry has multiple entries, based on how common a word or phrase is. You can send the same exact message many times without it ever repeating.

Alice and Bob can also generate long term keys that can be rotated. This comes at the cost of key size, but a 365 day key schedule is still only around 4gb.

Because of the ability to compress a long phrase into a single entry, this codebook shrinks the data efficiently.

Once the two ends are established, you should be able to privately communicate over any channel, including public channels.

Example Gallery: https://postimg.cc/gallery/Gs23JQW

Comments URL: https://news.ycombinator.com/item?id=47224087

Points: 1

# Comments: 0

Article URL: https://www.stainless.com/blog/sdk-code-mode

Comments URL: https://news.ycombinator.com/item?id=47224058

Points: 1

# Comments: 0

Hi, apologies if this is the wrong thing to post, please delete as needed.

I've been a technical recruiter for 10+ years at major FAANG companies and startups, working on niche specialized roles. I used to come to Hacker News regularly to check "Who Wants To Be Hired," as I always like a more independent hacker mindset in engineers.

Would engineers here on Hacker News be interested in any interview prep consultation? I've been thinking about taking a sabbatical to travel, but I would stay active with work by offering consulting on technical prep and interview help.

I'm more just testing the waters here, but I would be open to doing a few free prep calls with anyone who has interviews lined up. The only ask is I would want updates on how thing went, and what you think the helpw as worth.

Comments URL: https://news.ycombinator.com/item?id=47224051

Points: 1

# Comments: 0

Hey HN! I built Flowly, a macOS utility that brings smooth, fluid scrolling to any external mouse. If you've ever used a third-party mouse on Mac, you know the pain. macOS gives trackpads beautiful inertial scrolling, but external mice get choppy/laggy, line-by-line movement. Flowly fixes this by intercepting scroll events and applying smoothing to create natural, fluid motion across every app.

· Works system-wide with any mouse (Logitech, Razer, etc.) · Per-app control: enable/disable smoothing per application · Customizable smoothness and speed · Lightweight: <1% CPU, ~20MB memory · macOS 12+ (Monterey through Sequoia)

Would love to hear your feedback! This is my first MacOS app also

https://flowlyapp.dev

Comments URL: https://news.ycombinator.com/item?id=47224044

Points: 2

# Comments: 1

Article URL: https://www.meetblueberry.com/blog/18000-lines-to-replace-a-screenshot

Comments URL: https://news.ycombinator.com/item?id=47224033

Points: 1

# Comments: 1

Article URL: https://www.evlog.dev/

Comments URL: https://news.ycombinator.com/item?id=47224023

Points: 1

# Comments: 0

I posted logcat.ai here several months ago when it was mostly an idea.

Since then I left my job and have been building full-time. 400+ organic signups, 3 paying customers across telecom, automotive, and device management. Time for a proper Show HN.

The problem: I've spent 13 years in Android OS internals (AOSP, LineageOS, founding engineer at Esper) and the debugging workflow has never meaningfully improved. You get a 100MB bugreport zip with 20+ files and spend hours ctrl+F'ing timestamps trying to correlate logcat with kernel logs with dumpsys with radio logs. Telecom engineers have it worse because they're also juggling QXDM modem traces. Automotive teams pile VHAL and CAN bus on top of all that.

What logcat.ai does: Upload the files you already have and get a root cause analysis with a correlated timeline across layers (app, framework, HAL, kernel, modem). No SDK, no agents, nothing to install.

How people actually use it: Telecom engineer uploads modem traces alongside a bugreport to figure out why VoLTE calls drop during handovers. MDM company uploads bugreports from fleet devices to triage field issues without reproducing them. Delta mode: upload two bugreports (working vs broken), get a structured diff of what changed without all the noise. Deep Research: autonomous multi-pass investigation that follows causal chains across log sources.

What's interesting technically: The hard part is preprocessing. A 200MB bugreport needs heavy denoising and intelligent chunking before an LLM can reason over it. Every other log type comes with its own challenges and then there is a mix of all of them. We use AI for human readable representation of the analysis and interaction. Currently supports bugreports, logcat, dmesg, tombstones, ANR traces, modem log exports from QXDM/QCAT or Mediatek's/Samsung's modem log outputs.

Comments URL: https://news.ycombinator.com/item?id=47223994

Points: 1

# Comments: 0

Article URL: https://plato.stanford.edu/entries/chinese-room/

Comments URL: https://news.ycombinator.com/item?id=47223986

Points: 2

# Comments: 0

Article URL: https://www.youtube.com/watch?v=VOX8TNDoA78

Comments URL: https://news.ycombinator.com/item?id=47223985

Points: 1

# Comments: 0

Hi HN, I’m Pranav (founder). I design hardware and kept seeing a weird split: Engineers don’t trust AI to design full PCBs (hidden assumptions, stackups, manufacturing constraints, EMI/return paths, and the cost of being even slightly wrong - why tools like Flux still aren’t widely trusted for full designs). But customers keep asking ChatGPT to “review” boards. They paste screenshots/Gerbers and expect a real sign-off. It often sounds right, but it can hallucinate or miss what actually causes respins. Lesson building this: the hard part isn’t more AI, it’s deterministic, reproducible detection with explicit assumptions, with AI only to explain findings and suggest fixes. Would love critique: what’s worth catching pre-fab, what’s too noisy, and what would make you trust this as a release gate.

Comments URL: https://news.ycombinator.com/item?id=47223919

Points: 1

# Comments: 0

Article URL: https://github.com/tongro2025/Argus

Comments URL: https://news.ycombinator.com/item?id=47223910

Points: 1

# Comments: 0

A little weekend project, made so I can pause/play/rewind directly on the piano, when learning a song by ear.

Comments URL: https://news.ycombinator.com/item?id=47223863

Points: 4

# Comments: 0