New stories

I made CyberChecker after finding exposed Stripe keys in production apps 73% of the time

I was doing security audits and kept finding the same issues: API keys in JavaScript bundles, missing CSP headers, exposed .env files, Supabase anon keys without RLS. Basic stuff that's trivial to exploit but somehow everywhere.

Built an automated scanner that runs 50+ checks in ~60 seconds: SSL/TLS config, security headers, OWASP Top 10, secrets detection, SQL injection patterns. Free scan shows vulnerability count, $39 for the full report with exact locations + copy-paste fixes.

Tech stack: Next.js, Supabase for storage, custom scanners (no third-party APIs), Vercel edge functions.

The scary part: 94% of sites I've scanned have at least one critical vulnerability. Most are completely unaware.

https://cyber-checker.com

I built a platform for following international rugby union. It covers fixtures, results, team stats, and news with deep features around World Rugby rankings, major tournaments, lineal titles etc.

What it does: - Live men's and women's fixtures, results, and rankings synced from official sources - Predict any match and see how it affects World Rugby rankings using the actual points formula - Six Nations and Rugby World Cup predictors with shareable brackets - Follow your teams, view head-to-head records, form streaks, and historical stats - Match details with highlights, weather, and importance indicators - News feed aggregating international rugby coverage

Stack: Next.js 15, MongoDB/Prisma, NextAuth v5, data from World Rugby PulseLive API

Would love feedback, especially from rugby fans. I made the rugby tool I wish I had but keen to add features based on feedback from other rugby lovers like me.

I built CloudForge because I wanted to run Claude Code while away from my desk, but didn't want my code on someone else's server.

CloudForge is a web UI that connects to YOUR server via a lightweight agent. Your code stays on your machine.

Features:

- Web terminal (xterm.js) - Monaco editor - Works with Claude Code, Codex CLI, Aider, Gemini CLI - No SSH port forwarding needed - Free tier: 1 BYOS server

The agent is open source (will be published soon).

https://cloud-forge.me

I'd love to hear your thoughts, especially from anyone doing "vibe coding" with AI tools on the go.

The UK's unemployment rate is forecasted to reach an 11-year high by 2026, according to the National Institute of Economic and Social Research (NIESR). The research institute predicts that the unemployment rate will rise to 5.2% by 2026, driven by factors such as the impact of the COVID-19 pandemic and ongoing economic challenges.

Hi HN,

I built an AI tool that generates UGC-style videos from text or product links.

The idea came from: - Hiring creators is slow and expensive - Most AI video tools generate cinematic stuff, not real "UGC ads"

What it does: - Input product / script - Choose UGC style (TikTok, testimonial, unboxing) - Generate short ad-style videos

Tech stack: - Frontend: Next.js - Backend: Python + queue - Models: Sora / VEO / Wan (via API)

I'm looking for: - Feedback from marketers - Suggestions on what features are missing

Nishizumimachi is a town located in Yamaguchi Prefecture, Japan. The town is known for its historic buildings and traditional crafts, particularly pottery and glass making.

Hi, in the past few months I make a new Linux remote desktop that supports remote login on Wayland as my part-time project. The reason is that existing Linux remote desktops have different problems about this: some only supports remote login on X11, some supports Wayland but you cannot login, some supports remote login on Wayland but only with RDP on specific desktop environment. On the contrary, mine uses VNC, supports remote login on both Wayland and X11, and should work with all general desktop environments.

The main idea is grabbing monitor content via DRM/KMS, and then I get the following features:

- Works with Wayland, X11 and even Linux TTY. - Supports Intel, AMD and NVIDIA GPU, even works with a Raspberry Pi 2B, I happen to have all those kinds of devices to test. - Smoothly transition between login session and user session, so you don't need things like auto-login before accessing your desktop. - With Linux kernel parameters, you can use it headlessly, so you don't need a actual monitor. - You can connect to it with any normal VNC clients, technically there should be no difficult to support RDP, just because I use VNC personally and I spend my time on other features.

The expected experience should be the same as you are sitting in front of your real monitor. I've use it on my Linux home server for a long time so I could access its desktop on a laptop when needed. Now I'm feeling OK with it and I want to introduce it to you to hear more from more users.

Welcome to the GitHub repo for details!

An unintended bug in Parity's Ethereum wallet software caused a multi-million dollar loss, highlighting the risks of complex technological systems and the importance of thorough testing and security measures in the cryptocurrency industry.

Hi HN!

we are struggling with the following: there's a few people in the world whose domain expertise we need (e.g. 5y in an academic lab working on a particular topic that requires wet-lab, hardware and computational bio expertise) but who mostly happen to be pretty bad at SWE. The intersection of domain expertise required and good SWE skills unfortunately seems to be 0 in some cases.

We're now considering two options: 1. hire the person and train them up to be a good SWE 2. hire a decent SWE with outstanding drive and intellect to pick up the domain expertise

1. seems more achievable because the resources required to train someone up are lower than sending 2. into a wet lab and have them fuck things up for half a year.

I wonder if anyone has experience with this situation and advice/stories to share.

Ty!

The article discusses the importance of branding and how to create a strong, memorable brand identity in just one minute. It provides practical tips and strategies for small businesses and entrepreneurs to build an effective brand on a limited budget.

The article explores the concept of a 'missing layer' in software development, where certain crucial aspects of the system are overlooked or not properly addressed. It discusses the importance of identifying and addressing this missing layer to ensure the overall robustness and reliability of the system.

The article discusses the importance of self-discipline and patience in software development, emphasizing the need to prioritize quality over speed and to embrace the learning process rather than focusing solely on results.

The article presents a manifesto outlining the author's philosophical views, emphasizing the importance of individualism, personal responsibility, and rejecting conformity and collectivism in favor of self-direction and self-actualization.

I've built this tool to make your Discord server indexable on Google and AI

I've always been a big fan of SEO and GEO (SEO in LLMs). You get the best leads and customer from there.

But honestly creating content for SEO and GEO is a pain in the ass. So basically I thought: why can't I use content created by others in my Discord server and use them to position for SEO?

I worked for a while and created this https://comly.app

Basically you plug it, and makes your entire Discord server (and slack asap too) indexable on Google and AI, so if anyone look up for a specific question or keyword, it appears as first result your community.

Let me know what you think, open to any feedback or question :)

The Daifi whitepaper outlines the company's novel decentralized AI framework, which aims to democratize AI development and enable collaborative, privacy-preserving AI models.

Hey HN — I built this after seeing the Qwen3-Coder threads here. Every thread had the same questions: which quant for my GPU? How much VRAM do I need? Ollama or llama.cpp? What context window can I actually use?

LocalCoder answers all of that in one page. Pick your platform (Apple Silicon, NVIDIA, CPU), select your chip and memory, and it gives you:

- The best model + quantization for your setup - Expected speed (tokens/sec) and context window - Copy-paste Ollama commands to get running in 60 seconds

The recommendation engine is a curated config matrix built from HN benchmarks, Unsloth docs, and llama.cpp test data. No AI inference on the backend — it's all client-side.

Free tier gives you the top pick + Ollama commands. $9 one-time unlocks alternatives table, llama.cpp commands, and IDE integration guide.

Would love feedback on the recommendations. If your hardware isn't covered or a rec seems off, let me know — I'll update the matrix.

The 'pure-assert' library is a lightweight and efficient assertion library for JavaScript that provides a simple and extensible API for writing assertions. It aims to be a minimal and highly performant alternative to other assertion libraries.

IKKA Cloud is a cloud-based platform that enables businesses to streamline their operations, improve collaboration, and enhance data security through a suite of integrated tools and services.

The article discusses OpenClaw, an open-source software platform for developing robotic claw grippers. It highlights the platform's modular design, customization capabilities, and potential applications in robotics and automation.

The article discusses how arXiv is partnering with third-party digital preservation services to ensure long-term access to research papers, protecting against potential changes or disruptions to the platform itself.

A simulation of a Russian attack on the Baltic states reveals significant vulnerabilities in Europe's ability to respond quickly and effectively. The exercise highlights the need for improved military coordination and logistics to better defend against potential aggression from Russia.

I built blaeckfetch to explore what's possible with terminal rendering. It's a system fetch tool built on top of my terminal UI library (blaeck) — image conversion, 256-color fallback, animation phases, that sort of thing.

It has a retro console-style splash mode with a procedural starfield, or your own background image rendered as half-block terminal characters. I liked how it turned out, maybe you will too.

Runs in ~7ms with boot-cycle caching for static fields like hostname and CPU. Written in Rust.

Not trying to replace fastfetch or anything — just a personal project. Hope someone else finds it useful too.

Try it: `brew tap gustafeden/tap && brew install blaeckfetch` (macOS) or install from source via the repo.

Repo: https://github.com/gustafeden/blaeckfetch Docs: https://gustafeden.github.io/blaeckfetch/

Happy to answer questions about the implementation.

The article discusses how AI and deep learning can benefit startups, highlighting the potential for increased efficiency, cost-savings, and competitive advantage. It provides insights into various AI applications for startups, such as automating tasks, enhancing decision-making, and improving customer experiences.

Russia allegedly used Starlink internet services provided by SpaceX in the strike drones that reached Kyiv, Ukraine. SpaceX's response to this reportedly caused the collapse of the entire command system used by Russia in the attack.