Feed aggregator

Show HN: Buildcage – Egress filtering for Docker builds (SNI-based, no MitM)

Hacker News - Sun, 03/08/2026 - 10:43am

Hi HN,

I built Buildcage to solve a recurring problem at work: during Docker builds, tools like `npm install` and `pip install` can execute arbitrary code and make outbound connections to arbitrary hosts without visibility or control. A compromised dependency could silently exfiltrate build secrets or phone home to an attacker’s server — and you’d have no way to detect it.

Buildcage adds transparent outbound network control to Docker builds: you define which domains are allowed, and everything else is blocked and logged. No proxy injection, no certificate changes — HTTPS filtering is done via SNI inspection, so TLS stays untouched. It’s a drop-in layer for Docker Buildx and GitHub Actions.

I shared an earlier version about three weeks ago. Since then, I replaced the proxy layer (nginx → HAProxy), enabling interception of all TCP ports and adding IP allowlisting. I also redesigned the rule syntax to support wildcards, regex, and a unified host:port format.

Since Buildcage sits in your build pipeline, it’s reasonable to ask: how do you trust the tool itself? You can fork the repo and build the image yourself — I added a self-hosting guide for this. The docs also explicitly list what it defends against and what it can't prevent. Security tools should be honest about their limitations.

This is not a silver bullet — it's a last line of defense. If something slips through your other measures, at least it can't call home.

GitHub: https://github.com/dash14/buildcage

Feedback is very welcome. And if you find it useful, a GitHub star genuinely helps.

Comments URL: https://news.ycombinator.com/item?id=47297739

Points: 2

# Comments: 0

Categories: Hacker News

Show HN: Krust – fast, open-source Kubernetes TUI in Rust (k9s-style UX)

Hacker News - Sun, 03/08/2026 - 10:02am

Hi HN,

I built krust because I kept hitting the same pain: Kubernetes terminal tools that felt slow on large clusters, or useful features gated behind paid tiers. I love k9s, but for my clusters, it is not as fast as I like it to be.

This is my attempt at an alternative:

- Rust-native TUI focused on low latency - k9s-compatible navigation and commands (no plugin system though) - multi-context + large-cluster oriented - logs/streaming, describe/edit/apply, secret decode, readonly/guarded mutation flows

Repo: https://github.com/ErfanY/krust

It’s still early, and I’m sure there are rough edges. I’d really value community feedback, especially from people running many clusters/resources:

- where it feels slower than expected - compatibility gaps vs k9s - UX issues that hurt day-to-day operator speed

If this helps you, great. If it doesn’t yet, I’d appreciate blunt feedback on what to fix next.

Comments URL: https://news.ycombinator.com/item?id=47297390

Points: 1

# Comments: 0

Categories: Hacker News

Looking for ArXiv Endorser in Cs.ds"

Hacker News - Sun, 03/08/2026 - 9:59am

I'm looking for an arXiv endorser in the cs.DS (Data Structures) or cs.DB category.

I've spent the past week developing a novel hierarchical data structure called the Omni Axis Tree (OAT) — a multi-parent, multi-dimensional tree with O(1) exact retrieval via bidirectional indexing. It achieves 193× faster retrieval than DAG traversal and 64× faster than vector search at 50,000 nodes, with retrieval time staying flat as dataset size grows.

The structure has applications in AI agent memory systems, enterprise knowledge graphs, and cross-dimensional analytics.

I have a research paper ready for submission and a provisional patent filed (U.S. App. No. 63/999,482).

If you've published on arXiv in cs.DS or cs.DB and would be willing to endorse my submission, I'd be very grateful. Happy to share the paper first so you can evaluate it.

Feel free to DM me or drop a comment below.

Thank you

Comments URL: https://news.ycombinator.com/item?id=47297373

Points: 1

# Comments: 0

Categories: Hacker News

Show HN: Moruk OS – Autonomous AI agent that runs locally on Linux

Hacker News - Sun, 03/08/2026 - 9:58am

I built an autonomous AI operating system that runs locally on Linux.

It's not a chatbot — it decomposes complex tasks into subtasks, executes them autonomously, writes and runs code, browses the web, and learns from every interaction.

Key features: - Multi-model support: Claude, GPT-4, Gemini, Groq, DeepSeek (any OpenAI-compatible) - Project Manager: breaks down projects into subtasks and executes them in parallel - Persistent memory (vector + SQLite) - DeepThink: secondary reasoning layer that reviews critical actions before execution - Plugin system: drop a .py file into plugins/ and it's instantly available - Real-time Live Activity window showing every tool call as it happens

Built with Python + PyQt6. MIT license.

GitHub: https://github.com/FiratBulut/Moruk-OS

Comments URL: https://news.ycombinator.com/item?id=47297364

Points: 1

# Comments: 0

Categories: Hacker News

A paper vault with threshold encryption

Hacker News - Sun, 03/08/2026 - 9:53am

Article URL: https://papervault.xyz/

Comments URL: https://news.ycombinator.com/item?id=47297325

Points: 2

# Comments: 1

Categories: Hacker News

Show HN: Country Cockpit – What countries trade, in real objects

Hacker News - Sun, 03/08/2026 - 9:53am

I built a dashboard that tries to make country-level economic data actually understandable.

Instead of "$X billion in exports," it shows Italy shipped 96M dresses, 11K yachts, and 2.1B liters of wine.

Screenshots: https://imgur.com/a/kuxWr55

Covers 37 countries across trade (UN Comtrade), government spending (OECD/COFOG), revenue, debt, strategic resource dependencies, and 24 World Bank indicators.

Stack: Next.js + React + D3.js, FastAPI + SQLite backend.

Not live yet, sharing screenshots for feedback before launch. Curious if this is useful to anyone, or if I'm building for an audience of one.

Comments URL: https://news.ycombinator.com/item?id=47297321

Points: 1

# Comments: 0

Categories: Hacker News

Show HN: Detect any object in satellite imagery using a text prompt

Hacker News - Sun, 03/08/2026 - 9:51am

I built a browser-based tool that uses Vision-Language Models (VLMs) to detect objects in satellite imagery via natural language prompts. Draw a polygon on the map, type what you want to find (e.g., "swimming pools," "oil tanks," "solar panels"), and the system scans tile-by-tile, projecting bounding boxes back onto the globe as GeoJSON. The pipeline: pick zoom level + prompt → slice map into mercantile tiles → feed each tile + prompt to VLM → create bounding boxes → project to WGS84 coordinates → render on map. No login required for the demo. Works well for distinct structures zero-shot; struggles with dense/occluded objects where narrow YOLO models still win.

Comments URL: https://news.ycombinator.com/item?id=47297308

Points: 1

# Comments: 0

Categories: Hacker News

Pages