New stories

Hi HN,

I've been building a small open-source project called FISE, a rule-based "semantic envelope" for web/API data. It's not cryptography and it doesn't try to replace TLS/AES. The goal is to raise the cost of scraping and reverse-engineering client-visible data while keeping the hot path simple and fast (linear-time, parallelizable, works for JSON and media segments).

Key ideas:

- Keyless by design: no long-lived client-side decrypt keys. - Rules-as-code: offsets, length encoding, salt/meta layout, and optional transform are defined as per-app/per-session rules. - No protocol-level universal decoder: each deployment (and even each session/time bucket) can have its own rule family. - Temporal & distribution polymorphism: rotate rules per session/route/time so any decoded pipeline tends to be short-lived and non-reusable. - Simple local ops → emergent complexity: the core ops are just linear byte transforms, but the rule space and rotation make envelopes hard to generalize at scale. - Works for JSON and media (video segments) with framed/chunked mode, block-local decode, and parallel workers.

Threat model:

- In scope: automated scraping, bulk API harvesting, cheap cloning of curated datasets. - Out of scope: strong secrecy for secrets/PII (use TLS/AES/etc.), full client compromise, nation-state adversaries.

Engineering whitepaper (v1.0): - https://github.com/anbkit/fise/blob/main/docs/WHITEPAPER.md

Code: - https://github.com/anbkit/fise

Demo: - https://demo.fise.dev/demo

I'm a full-stack developer, not a cryptographer. FISE came out of working on real projects where API JSON data was exposed on the client side and could be easily scraped. I built it as a simple, rule-based layer to raise scraping cost, and I'm sharing it so others can review, critique, and improve it.

I'd love feedback on:

- The security model & threat boundaries (what did I miss?), - The "rules-as-code" design and the idea of temporal/distribution polymorphism, - Practical deployment concerns (CDN/normalization, mobile/TV/edge), - Any obvious pitfalls or prior art I should explicitly reference.

Thanks for taking a look.

*Title:* Show HN: BETTI v2.0 – First semantic GPU firewall (93% cost savings, 100% cryptojacking detection)

*Body:*

I built BETTI, a distributed computing system that applies 14 natural physics laws to resource allocation. New in v2.0: Security Layer 4.0 for GPUs - the world's first semantic GPU firewall.

## The Problem

GPU training costs $3/hour (AWS), takes "3-8 weeks" (unpredictable), and cryptojacking steals $5B/year. Current security is reactive - firewalls block AFTER seeing patterns. Resource limits are arbitrary: "You get 4 cores", "10GB RAM max".

## The Solution

BETTI applies 14 physics laws:

• Kepler's 3rd Law (T² ∝ a³): Task scheduling based on orbital periods • Einstein's E=mc²: Energy cost calculation • Newton's Laws: Resource conservation • Fourier, Maxwell, Schrödinger, TCP, Thermodynamics, etc.

This is the first system to apply Kepler's orbital mechanics to computing.

## Security Layer 4.0 for GPUs (NEW!)

Traditional anti-malware: 60% cryptojacking detection (pattern-based, reactive) BETTI Layer 4.0: 100% detection (semantic, proactive)

Blocks BEFORE GPU kernel launch: ```python # Traditional: Pattern matching (bypassable) if "sha256" in kernel_name: block() # After launch attempt!

# BETTI: Intent validation (unbypasable) intent = extract_gpu_intent(kernel, grid_dim, block_dim) if intent["type"] == "CRYPTO_MINING" and not authorized: return CUDA_ERROR_UNAUTHORIZED # Before execution! ```

Triple-layer validation: 1. SNAFT: Intent blocklist (CRYPTO_MINING, GPU_HIJACK) 2. BALANS: Risk score 0.0-1.0 (no context = suspicious) 3. HICSS: Real-time budget enforcement

## Intent-First Protocol Translation

Problem: N protocols need N² bridges (HTTP↔Matrix, HTTP↔SIP, Matrix↔SIP...)

BETTI solution: Universal "intent language" needs only N adapters.

``` Email → Intent → Humotica → Security 4.0 → BETTI → SIP call ```

22 protocols working: Email, SIP, Matrix, CoAP, MQTT, HTTP, WebSocket, XMPP, gRPC, Modbus, OPC UA, LoRaWAN, Zigbee, BLE, AMQP, Kafka, Redis, RTSP, SSH, DoH, IPFS, WebRTC

## Results (8× NVIDIA A100 evaluation)

93% cost reduction (€0.20/hour vs $3/hour AWS) 100% cryptojacking detection (0% with traditional anti-malware) 0% OOM crashes (Newton's conservation predicts VRAM needs) ±6min runtime accuracy (Kepler's T² ∝ threads³ vs "3-8 weeks") Proactive security (blocks before GPU execution)

## Applications

GPU Training: LLaMA-2-7B fine-tuning (18.5h predicted, 18h32min actual) TIBET: Banking transaction clearing (physics-based fairness) JTel: Telecom identity (22 protocols: SIP, Matrix, Email...)

## Why This Matters

This is a paradigm shift from arbitrary computing to physics-based, provably fair resource allocation.

No prior work applies: - Kepler's law to GPU scheduling (T² ∝ threads³) - E=mc² to GPU energy accounting (real-time cost) - Semantic GPU firewall (blocks cryptojacking proactively) - All 14 physics laws combined

## Questions for HN

1. First semantic GPU firewall? (100% cryptojacking detection - no pattern DB needed) 2. Has Kepler's law been applied to GPU scheduling before? 3. Can GPU driver vendors (NVIDIA, AMD) integrate this natively? 4. Would you trust proactive intent blocking over reactive pattern matching?

## Paper & Code

Full paper (28 pages): https://jis.jtel.com/papers/betti-physics-computing.pdf Code: https://github.com/jaspertvdm/JTel-identity-standard License: JOSL v1.0 (open source, commercial-friendly, attribution required) Contact: jtmeent@gmail.com

Open to feedback on: - Semantic GPU firewalls (first in academia?) - Deployment: LD_PRELOAD, kernel driver, or Kubernetes plugin? - GPU vendor adoption (NVIDIA/AMD/Intel)

Thanks for reading!

---

*Author:* Jasper van de Meent *License:* JOSL v1.0 *GitHub:* https://github.com/jaspertvdm/JTel-identity-standard