If CNN Covered Star Wars
Show HN: I built the first tool to configure VPSs without commands
AI agents from 4 labs predicting the Super Bowl via prediction market
Agora Market is a decentralized marketplace that enables peer-to-peer transactions using blockchain technology, providing secure and transparent trading opportunities for users.
EU bans infinite scroll and autoplay in TikTok case
Benchmarking how well LLMs can play FizzBuzz
The article compares the performance of different programming languages in implementing the FizzBuzz coding challenge, providing a benchmark analysis to help developers choose the most efficient language for their needs.
Why I Joined OpenAI
The article discusses Brendan Gregg's decision to join OpenAI, a leading AI research company, after a successful career in the tech industry. It highlights Gregg's motivations and the potential impact he hopes to make in the field of artificial intelligence.
Octave GTM MCP Server
The article provides an overview of Octave's Merchant Control Panel (MCP), a platform that enables merchants to manage their online businesses effectively. It covers the key features and functionality of the MCP, including order management, inventory control, and sales reporting.
Show HN: Portview what's on your ports (diagnostic-first, single binary, Linux)
I built a small CLI tool that answers "what's using my port?" without the lsof/ss/netstat incantation dance.
Voyager CEO says space data center cooling problem still needs to be solved
Boilerplate Tax – Ranking popular programming languages by density
The article ranks popular programming languages by their 'boilerplate tax' - the amount of repetitive code required to perform basic tasks. It analyzes the code density of various languages and provides a ranking to help developers understand the verbosity of different programming paradigms.
Zen: A Browser You Can Love
The article discusses the development of Zen, a new web browser that aims to provide a user-friendly and privacy-focused browsing experience. It highlights Zen's features, including its clean design, built-in privacy tools, and customization options, as well as the team's commitment to ethical technology principles.
My GPT-5.3-Codex Review: Full Autonomy Has Arrived
The article provides a comprehensive review of GPT-3 and Codex, two powerful natural language processing models developed by OpenAI. It discusses the capabilities, limitations, and potential applications of these models in various domains, such as text generation, code generation, and language understanding.
Show HN: FastLog: 1.4 GB/s text file analyzer with AVX2 SIMD
FastLog is a lightweight, high-performance logging library for C++ applications that provides a simple and efficient interface for logging messages with different severity levels, and supports various output destinations such as console, file, and custom sinks.
God said it (song lyrics) [pdf]
The article discusses the importance of trusting in God's word and not relying on one's own understanding. It emphasizes the need to have faith in God's plans and guidance, even when they may not make sense from a human perspective.
I left Linus Tech Tips [video]
Program Theory
Show HN: Local DNA analysis skill for OpenClaw
I built a skill for OpenClaw (open source AI agent framework) that lets agents analyze raw genetic data from 23andMe, AncestryDNA, and similar services.
The motivation was privacy. Most genetic analysis tools require uploading your data to a server. This runs entirely locally with no network requests. Your DNA never leaves your machine.
It analyzes about 800 markers covering health risks (APOE, MTHFR, Factor V Leiden), drug metabolism (CYP450 enzymes, warfarin sensitivity), and ancestry (Y-DNA/mtDNA haplogroups for all major global lineages). Output is both human-readable reports and structured JSON that agents can use to help users understand their results. It also includes popular ancient DNA databases.
Built on PLINK and standard Python genomics tooling. Marker annotations come from ClinVar, PharmGKB, and the GWAS Catalog with citations to primary literature.
Not a medical device, obviously. But useful for exploring your own data without handing it to a third party.
Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?
Title basically tries to capture the gist of the question. I have been asked (volunteer) to assist in the project of migration from a proprietary, more costly CRM solution, to an Odoo Community "product", to be architected, configured, deployed in a cloud service and operated by a specialized partner. My specialization is in infrastructure (architecture, ops and security), so I could certainly validate mapping the apps functionality into the right components, but I have zero knowledge on how good the CRM part is, and - crucially - how to keep its possible need for customization in time and operations cost low, if internal org volunteers have no technical skills. I am concerned about the integrator attempt to get the foot in the door with an acceptable one time cost, then slowly ramp up the price, if this solution requires a lot of babysitting.
Does anyone have any experience with this Odoo Community CRM product and model, to share some gotchas, in the light of the above described attempt to use? Users max 300. The hope is to also have the CRM integrate with needed office products (doc, spreadsheet, email, etc.)
WiFi Could Become an Invisible Mass Surveillance System
Researchers warn that WiFi technology could be repurposed into an invisible mass surveillance system, raising concerns about the potential for misuse and the need for greater security measures to protect individual privacy.
Build your own Mac cloud
CiderStack is an online platform that connects cider enthusiasts and producers, offering news, reviews, and a marketplace for cider-related products. The site provides a comprehensive resource for cider lovers to explore, discover, and purchase their favorite ciders and accessories.
Anduril announces AI Grand Prix – autonomous drone racing competition (2026)
The DCL Project is a decentralized cloud computing platform that aims to provide a secure and scalable infrastructure for distributed applications. The platform leverages blockchain technology to enable users to rent out their unused computing resources and earn rewards, while developers can deploy and run their applications on the network.
How the Tandy Color Computer Works [video]
Bash scripts are brittle – simple error handling in bash
The article discusses best practices for error handling in Bash scripts, including using the 'set -e' command to exit the script on any errors, and using 'trap' to handle specific error conditions and perform cleanup tasks.
WebView performance significantly slower than PWA
I'm going to cure my girlfriend's brain tumor
The article discusses the author's decision to use experimental neurotechnology to try to improve his girlfriend's brain function, driven by her struggle with mental health issues. It explores the ethical considerations and potential risks involved in using such unproven technologies for personal treatment.
Antigen specificity of clonally enriched CD8T cells in multiple sclerosis
The article discusses the discovery of a new type of immune cell called the 'tissue-resident memory T cell' and its role in providing long-lasting protection against infectious diseases. The findings shed light on the complex mechanisms underlying the immune system's ability to defend the body against pathogens.
Show HN: Vibe-coded game prototypes. Tell me which to work on
Building for fun and have 5 game prototypes.
All 5 are unfinished, rough, and 100% vibe-coded. Looking for feedback on if any are worth building further.
If you are tired of submissions like this, just tell me to keep working on digtocore, which is too complicated and buggy.
Dig to the Core: https://www.digtocore.com/ Multiplayer mining game
SimOps: https://simops-game.vercel.app/ Operations/simulation game
Office Worker Idle: https://office-worker.vercel.app/ Idle game with a corporate theme
Digital Empire: https://digital-empire-seven.vercel.app/ Incremental clicker where you build computers and automate
Simple RPG: https://html5-rpg.vercel.app/ Browser-based RPG
Do rich people live longer?
The article explores the correlation between wealth and longevity, discussing how higher socioeconomic status is associated with increased life expectancy. It also examines the marketing strategies of the company Hims, which advertised during the 2022 Super Bowl, targeting a wealthier demographic with products related to health and wellness.
R/IndieAppNews
Building "zero-gap" secrets for a UGC platform
Most platforms that let users deploy code handle secrets the same way: stuff them in an env var and wish everyone luck. I'm building a small social platform for publishing and remixing runnable web apps (Vibecodr), and the moment people could deploy server-side code, the first request was predictable: "let me call an external API with my secret." The env var approach has always bugged me. The instant you hand plaintext to user code, it lives in memory where it can be logged, accidentally echoed in a response, or quietly exfiltrated through some dependency you didn't audit. When something goes wrong, good luck figuring out where the secret leaked. So I tried to design around a stricter invariant: the plaintext secret should never exist inside the user's worker memory. Not as an env var, not as a return value from a helper, not in logs. Ideally, not even for a millisecond. Here's how it works. The dispatch layer A platform-controlled proxy sits between user code and the outside world. User code never gets secrets directly. Instead it calls a wrapper like fetch-with-secret, passing:
which secret to use (a key name, not the value) the outbound request details where to inject the secret (header, query param, body)
The dispatch layer does the sensitive work: decrypts the secret server-side, validates the outbound URL (HTTPS-only, optional per-secret allowlist, infrastructure host blocking, DNS-based SSRF checks), makes the upstream request with strict timeouts, manually handles redirects with re-validation at every hop, redacts the secret from text responses, and enforces quotas. The opaque token mode The explicit fetch-with-secret API is secure but sometimes awkward—developers like composing requests normally. So there's a second mode: user code requests a short-lived opaque token for a given secret key (still never seeing the actual value). If that token appears in a fetch URL, header, or body, the wrapper intercepts it and routes the request through dispatch for real injection. Tokens are per-request, short-lived, and only resolve if they were minted in the same request context. Anything else fails closed. Key management I version the encrypted secret payload format so future migrations and key rotations aren't ambiguous. Multiple candidate decryption keys are supported simultaneously—rotate without breaking existing encrypted values, and keep the crypto logic shared across components so implementations don't drift apart. The footguns I actually hit Redirects are a security trap. Most HTTP clients follow redirects by default, which can silently turn an "allowed host" into a redirect to an internal IP. Manual redirect handling with re-validation at every hop was non-negotiable. This one would've bitten me badly if I'd shipped the naive version. Redaction is trickier than it sounds. Secrets can appear raw, URL-encoded, or base64-encoded in responses. You want defense-in-depth without turning every response into garbage. Short secrets create false-positive redactions—I chose to redact anyway and warn rather than skip them, because "oops, leaked" is worse than "oops, mangled." You need hard caps on everything. Request body size, response body size for scanning, timeout ceilings. Without them, every "helpful feature" becomes a DoS vector. Where I'd love pushback I'm posting this because I want critique from people who've built similar systems or poked holes in them:
What's your preferred strategy for handling binary responses safely when secrets have been injected into the request? Have you seen failure modes around DNS-based SSRF validation in edge/serverless environments specifically? Any strong opinions on redaction vs. just blocking the response entirely if it might contain the secret?
If you want to see this in a real product context, the project is https://Vibecodr.space —but I'm here for feedback on the architecture and threat model, not to do a launch post.