Show stories

A fast SOCKS5 proxy that tunnels your traffic through what looks like normal SMTP email, bypassing Deep Packet Inspection firewalls.

How it works: - Client runs a local SOCKS5 proxy (127.0.0.1:1080) - Traffic is sent to server disguised as SMTP (EHLO, STARTTLS, AUTH) - DPI sees legitimate email session, not a VPN/proxy

Features: - One-liner install on any Linux VPS - Multi-user with per-user secrets and IP whitelists - Auto-generated client packages (just double-click to run) - Auto-reconnect on connection loss - Works with any app that supports SOCKS5

Tech: Python/asyncio, TLS 1.2+, HMAC-SHA256 auth

GitHub: https://github.com/x011/smtp-tunnel-proxy

I've spent the last few months working on something I wish I'd had years ago. I kept running into the same issue: CI green, production mail broken. TLS handshake failures, DKIM alignment mismatches, SPF soft-fails ... the stuff that only surfaces when real mail servers are involved. Most test tools (Mailpit, MailHog) are catch-alls. They confirm "an email was sent" but don't validate the protocol. They also aren't designed for network-exposed environments: no auth, unprotected Web UI, easy to enumerate messages.

VaultSandbox is my attempt at fixing that. It's a self-hosted SMTP gateway (AGPLv3) that validates SPF, DKIM, DMARC, and rDNS on every incoming message. You keep your production email provider (Postmark, SendGrid, SES) in tests and you just change the recipient domain. No mocking, no config changes. There are client SDKs (Node, Python, Go, Java, .NET), plus a Web UI and a CLI for manual testing.

Some technical details:

Deterministic Tests Instead of polling or sleep loops, the SDKs use Server-Sent Events (SSE) so test assertions trigger the moment the mail hits the gateway.

Minimal infrastructure footprint Built with NestJS and Angular, with no external database dependency to keep the container footprint small and easier to reason about.

Post-Quantum Encryption I use ML-KEM-768 for the encryption layer. Incoming mail is encrypted immediately using a client-generated public key and the plaintext is discarded. The server only ever stores encrypted message data and cannot decrypt it. I chose PQ because I wanted to build something I wouldn't have to revisit in five years. If it handles large PQ keys reliably, everything else is easy.

Quick start: https://vaultsandbox.dev/getting-started/quickstart/

Site: https://vaultsandbox.com

I'd love feedback, especially on whether AGPLv3 would be a blocker for something you'd self-host in dev.

I created a small webapp, to create simple audio loops online. A bit rough around the edges but gets you started in less than 10 seconds on creating loops.

Author here! Some context: I published this 48 hours ago and it was auto-listed on MCPMarket (the MCP tools directory). Got 700+ organic downloads with zero marketing—developers were actively searching for exactly this solution.

The "Git Accelerator" optimization story:

Initially used a file walker that took 6.6s on Chromium. Profiling showed 90% was filesystem I/O. The fix: git ls-files returns 480k paths in ~200ms. Added smart heuristics for untracked files (only scan dirs <50k files), bringing total to 0.46s.

Why this matters: Agents can't wait 10 seconds for search. Sub-500ms makes it feel instant, changing how they explore codebases.

Installation:

  Cursor: npx mantic.sh@latest
  VS Code: npx mantic.sh@latest
  CLI: npm i -g mantic.sh

Happy to answer questions!

Inspired by PG’s tweet about a chain of 4 YC startups where the founder worked at a YC startup, I vibe coded and generated these genealogy chains for all ~6k YC startups. And to make these trees easily accessible I packaged them into a hosted webapp.

Few noteworthy YC startups which have had huge impact in YC ecosystem

Airbnb - 83 YC startups spawned

Stripe - 67 YC startups spawned

Dropbox - 50 YC startups spawned

Justin.tv/Twitch - 47 YC startups spawned

More recently founded YC startups which have spawned a lot more YC startups

Rappi - 21 YC startups spawned

Brex - 20 YC startups spawned

Scale AI - 19 YC startups spawned

The article discusses the Cuckoo Filter, a space-efficient data structure that can be used as an alternative to traditional Bloom filters for set membership queries. It provides an overview of the Cuckoo Filter's design, advantages, and use cases.

Stash is a decentralized storage and sharing platform that allows users to securely store, access, and share their digital files across devices and with others, using blockchain technology to ensure data privacy and ownership.

Originally learned about image hashing and similarity comparison for product image searches. Decided to apply it to magazine covers.

Thrasher covers: https://shoplurker.com/labs/thrasher-covers/

The article discusses Git Prime, a web-based tool that helps developers manage their Git repositories more effectively. It provides features like project monitoring, code review, and team collaboration to improve the software development workflow.

I used to play the Wikipedia Game in high school and had an idea for applying the same mechanic of clicking from concept to concept to LLMs.

Will post another version that runs with an LLM entirely in the browser soon, but for now, please enjoy as long as my credits last...

Warning: the LLM does not always cooperate

Hi HN, I'm Barry and I've built Prism.Tools (https://blgardner.github.io/prism.tools/) – a collection of client-side developer utilities that respect your privacy.

Many of these tools were used way back in the days when I ran a BBS and started my communities first ISP, serving three local communities with Dial-Up Internet, Web Hosting etc. The tools have been refined to reflect the changes in tech since then and designed for the Novice and Pro alike. As I locate more tools others may find useful I will refine and add them to the collection. Use them, Share them, or not. They will be here if you need them...

40+ dev tools (JSON formatters, regex tester, base64 encoder, Git command helper, etc.) that run entirely in your browser. Zero tracking, zero analytics, zero data collection – everything processes locally. Self-contained HTML files with no build process or frameworks.

I realized I had a lot of tools/utilities I've built over the years for my own use. I lothe having to 'sign-up' just to access/use simple utilities that I can create myself. I've refined them and put them in one safe place so I could easily access them if/when needed. I decided to make them available via Github Pages for anyone that may find them useful. Prism.Tools is the result.

Each tool is a standalone HTML file with embedded CSS and JavaScript. No frameworks, no npm packages, no build steps – just open the file and it works.

The entire toolset:

- 100% client-side processing – your data never leaves your browser.

- No external dependencies except for specific libraries from cdnjs.cloudflare.com (marked.js for markdown, exifr for image metadata, etc.)

- Consistent dark UI – every tool follows the same design language for familiarity.

- Vanilla JS where possible – only reaching for Public CDN Resources when necessary.

The constraint of "single HTML file" was intentional. It forces simplicity and ensures tools remain maintainable. It also means users can inspect, modify, or self-host any tool trivially.

These tools have helped me with debugging production issues, Quick formatting tasks, learning Git commands (the Git command helper has been particularly helpful)

Just visit https://blgardner.github.io/prism.tools/ and try any tool. No signup, no install.

What tools are missing that you find yourself needing? Any performance issues with specific tools? UI/UX friction points?

All tools follow the same privacy-first philosophy... Your data stays in your browser. No accounts, no tracking, no servers processing your information. The project is also a demonstration that you don't always need React, Vue, or complex build pipelines – sometimes vanilla JavaScript in a single HTML file is exactly the right tool for the job.

Vanilla JavaScript (ES6+) CSS3 with CSS Grid Minimal external libraries: marked.js, exifr, highlight.js, sql-formatter (all from CDN) No frameworks, no bundlers, no npm Hosted on Github Pages

Happy to answer questions about the technical implementation, design decisions, or specific tools!

All tools are inspectable – just view source on any page to see exactly how they work!

JAX-JS is a machine learning library for the web that provides a powerful and flexible framework for building and training neural networks directly in JavaScript. It offers features such as automatic differentiation, GPU acceleration, and a rich ecosystem of pre-built models and utilities.

Hi HN, I've been exploring various applications of formal methods to ML/interpretability and I've been hoping to get more eyes on the approach.

I have been working on a small interpretability project I call Symbolic Circuit Distillation. The goal is to take a tiny neuron-level circuit (like the ones in OpenAI's "Sparse Circuits" work) and automatically recover a concise Python program that implements the same algorithm, along with a bounded formal proof that the two are equivalent on a finite token domain.

Roughly, the pipeline is:

1. Start from a pruned circuit graph for a specific behavior (e.g. quote closing or bracket depth) extracted from a transformer. 2. Treat the circuit as an executable function and train a tiny ReLU network ("surrogate") that exactly matches the circuit on all inputs in a bounded domain (typically sequences of length 5–10 over a small token alphabet). 3. Search over a constrained DSL of common transformer motifs (counters, toggles, threshold detectors, small state machines) to synthesize candidate Python programs. 4. Use SMT-based bounded equivalence checking to either: - Prove that a candidate program and the surrogate agree on all inputs in the domain, or - Produce a counterexample input that rules the program out.

If the solver finds a proof, you get a small, human-readable Python function plus a machine-checkable guarantee that it matches the original circuit on that bounded domain.

Why I built this

Mechanistic interpretability has gotten pretty good at extracting "small crisp circuits" from large models, but turning those graphs into clean, human-readable algorithms is still very manual. My goal here is to automate that last step: go from "here is a sparse circuit" to "here is a verified algorithm that explains what it does", without hand-holding.

What works today

- Tasks: quote closing and bracket-depth detection from the OpenAI circuit_sparsity repo. - Exact surrogate fitting on a finite token domain. - DSL templates for simple counters, toggles, and small state machines. - SMT-based bounded equivalence between: sparse circuit -> ReLU surrogate -> Python program in the DSL.

Limitations and open questions

- The guarantees are bounded: equivalence is only proven on a finite token domain (short sequences and a small vocabulary). - Currently focused on very small circuits. Scaling to larger circuits and longer contexts is open engineering and research work. - The DSL is hand-designed around a few motifs. I am not yet learning the DSL itself or doing anything very clever in the search.

What I would love feedback on

- Are the problem framing and guarantees interesting to people working on mechanistic interpretability or formal methods? - Suggestions for next benchmarks: which circuits or behaviors would you want to see distilled next? - Feedback on the DSL design, search strategy, and SMT setup.

Happy to answer questions about implementation details, the SMT encoding, integration with OpenAI's Sparse Circuits repo, or anything else.

The article provides a dashboard that tracks and visualizes the latest trends in UK house prices, allowing users to explore data on regional variations, price changes over time, and other key housing market indicators.

Shoogle is a new search engine that aims to provide a more personalized and user-friendly experience compared to traditional search engines. It uses advanced machine learning algorithms to understand user intent and deliver more relevant and tailored search results.

I built DDL to Data after repeatedly pushing back on "just use production data and mask it" requests. Teams needed populated databases for testing, but pulling prod meant security reviews, PII scrubbing, and DevOps tickets. Hand-written seed scripts were the alternative slow, fragile, and out of sync the moment schemas changed.

Paste your CREATE TABLE statements, get realistic test data back. It parses your schema, preserves foreign key relationships, and generates data that looks real, emails look like emails, timestamps are reasonable, uniqueness constraints are honored.

No setup, no config. Works with PostgreSQL and MySQL.

https://ddltodata.com

Would love feedback from anyone who deals with test data or staging environments. What's missing?

Hey everyone, I made this thing: https://tryflux.ai/

Context: I've tried probably 15 different AI apps over the past year. ChatGPT, note-taking apps, productivity apps, all of it. But most of them are just clutter on my iphone.

They live in some app I have to deliberately open. And I just... don't. But you know what I open 50 times a day without thinking? iMessage. So out of mild frustration with the "AI app graveyard" on my phone, I built Flux.

What it does: - You describe a personality and what you want the agent to do - In about 2 minutes, you have a live AI agent in iMessage - Blue bars. Native. No app download for whoever texts it.

The thesis that got us here: AI is already smart enough. The bottleneck is interaction. Dashboards get forgotten. Texts get answered.

This was also my first time hitting #1 on Product Hunt, which was surreal.

We're very early and probably broke something. If you try it, feedback is super welcome, weird edge cases, "this doesn't work," or "why would anyone use this" comments all help.

That's all. Happy to answer questions.

Why - I got sick of apps abusing notifications on my Android phone. While the OS does give you the ability to switch off notifications based on channels, most apps either don't use it or abuse it intentionally. In my case, I live in a gated society that uses an app called MyGate to allow visitors, and the app intentionally pushes ads through the same channels since you cannot block them.

What - DoNotNotify is an app that logs all incoming notifications, and displays them grouped by app. It also captures the action behind the notification, which can be triggered from the app itself. From this log, you can create rules to whitelist/blacklist notifications from apps depending on their notification content. These filters can even be regex expressions, which allows for more complicated use-cases. The app ships with some pre-defined rules for popular apps like Facebook, Amazon, Instagram, Netflix, TikTok, Reddit etc.

Where - The website is at https://donotnotify.com/.

Would also like to call out that the app runs purely on your device, never communicates with anything on the Internet, and only requires notifications access to work. It is completely free, and there is no advertising or hidden gotchas.

Hey HN! I'm Akshay, and I'm launching Seer - yet another AI workflow builder with granular OAuth scopes.

GitHub: https://github.com/seer-engg/seer Demo video: https://youtu.be/cmQvmla8sl0

The Problem: We've been building AI workflows for the past year and kept running into the same issue: existing platforms (n8n, Langflow, Flowise) require full access to your Google services even for read-only operations. Want to summarize emails? You're also granting send permissions. Want to read docs? You're also granting edit permissions. If you want granular scopes, the onus is on you to:

- Create your own OAuth app with Google (1-2 weeks approval time) - Modify source code to support read-only scopes

We saw this pattern repeated across Discord channels and GitHub issues - developers asking for better scope support, maintainers saying "you can configure it yourself."

Our Solution: Seer ships with read-only auth scopes as the default for common operations. It's self-hostable, so your data never leaves your infrastructure. The demo shows a simple email summarization workflow (Gmail + LLM API), but the principle applies to any integration.

Why This Matters: Security through least privilege isn't just best practice - it's essential when you're giving AI agents access to your production data. One compromised workflow shouldn't mean your entire Google Workspace is at risk.

Questions for HN: 1. How are you currently handling OAuth scopes in your AI automation workflows? 2. Would you find value in a scope validator that audits your existing workflows? 3. What other integrations would you want to see with granular permissions?

The only similar platform with granular scope support is Make.com, but it's closed-source. We think this should be the standard, not the exception.

Would love your feedback!

I built a tool that stores your full Claude Code history to let you easily find and resume sessions. It has TUI, CLI and MCP interfaces. It's a single Go binary, and the session history is synced to SQLite each time you use it.

Default mode is the TUI with a session browser and full-text search. Once a session is selected you can browse and search within it, resume it or export to markdown.

The MCP server provides tools to let Claude search back through the session for pre-compact context or pull from prior sessions. I use this constantly.

I've seen elaborate continuity systems to give Claude Code access to history but this simple approach has been very effective.

Installation:

macOS: brew install neilberkman/tap/ccrider

Linux/other: git clone https://github.com/neilberkman/ccrider && cd ccrider && go build

MCP server: claude mcp add --scope user ccrider $(which ccrider) serve-mcp

Source: https://github.com/neilberkman/ccrider

Hi. My name is Eric Brandon and I’ve built an AI chat app that feels really different.

While you talk with an AI model in a chat pane, a second AI model is reading over the conversation and seeking out useful, interesting, surprising, amusing, and fact-checking information that wouldn’t have appeared in the main chat.

You can read those “discoveries” on their own, or click them into your main chat to steer the conversation in a new direction.

This is based on the observation that talking to smart people is usually more enjoyable, interesting, and informative than talking to a smart AI.

There’s many possible reasons why - the AI isn’t smart enough, it has no “real” emotions, it has no real long-term memory of your relationship, and so on.

But certainly one big reason is that the AI has been trained and instructed to simulate a “helpful assistant.” And helpful assistants stay on topic. They don’t interject with something super interesting, or wise, that is only thematically related. They don’t chime in with amusing related anecdotes. They don’t complicate the conversation with contrasting views.

I find this chat experience much much more interesting and useful than any of the first person apps from Anthropic, openAI, or Google.

This is combined with many power-user features like branching conversations, access to powerful models like chatGPT 5 Pro without a subscription, sophisticated output for sharing chats, and much more.

I find the freedom of having access to all the latest big-lab models in one app, and even in one chat, extremely convenient.

This app is a bit of a glimpse into the future, I believe. Today’s AI ecosystem means that having this experience: - Requires more technical sophistication than the average user because you need to bring your own API keys - Costs more than regular chat, because you can’t benefit from subsidized monthly plans, and because the “discoveries” add to the AI token costs of every conversation

But this user experience is so much better than the standard one that it’s hard to believe, in the future, when you can bring your subscriptions to third-party apps, and when inference is cheaper, that this won’t become the standard experience.

You can read about the app and download it at https://sidestream-app.com and https://github.com/ericbrandon/sidestream

It’s a non-commercial, open-source project built just because I wanted it for myself, but I hope you enjoy too!

Hey folks — here’s a small experiment I hacked together over the weekend:

https://cleoselene.com/

In short, it’s a way to build multiplayer games with no client-side game logic. Everything is rendered on the server, and the game itself is written as simple Lua scripts.

I built this to explore a few gamedev ideas I’ve been thinking about while working on Abstra: - Writing multiplayer games as if they were single-player (no client/server complexity) - Streaming game primitives instead of pixels, which should be much lighter - Server-side rendering makes cheating basically impossible - Game secrets never leave the server

This isn’t meant to be a commercial project — it’s just for fun and experimentation for now.

If you want to try it out, grab a few friends and play here: https://cleoselene.com/astro-maze/

The article discusses secretctl, a command-line tool that helps manage Kubernetes secrets, providing features like secure storage, automated rotation, and integration with different secret backends like AWS Secrets Manager and Google Cloud Secret Manager.

Hi HN,

I’m a former C++ dev turned Product Manager.

I’ve noticed many engineers struggle with the "politics" side of things when they become Leads. To help with this, I’m building a text-based simulator.

It is NOT an AI chatbot. It is a hand-crafted, branching narrative (logic tree) based on real experiences.

I just launched the first scenario: "The Backchannel VP."

The Setup: Your VP Engineering is bypassing you and giving tasks directly to your juniors, causing chaos.

Your Goal: Stop the backchanneling without getting fired.

It’s a short, specific puzzle. I’d love to know if you think the "Correct" path I designed matches your real-world experience, or if I’m off base.

Link: https://apmcommunication.com/scenario/backchannel-vp

I built an open labeling standard for tracking mushroom specimens through their lifecycle (from spore/culture to harvest).

v1.1 adds clonal generation tracking (distinct from filial/strain generations) and conforms to JSON-LD for interoperability with agricultural/scientific data systems.

Spec (CC 4.0): https://wemush.com/open-standard/specification Client libraries (Apache 2.0): Python + CLI: pip install wols (also on GHCR) TypeScript/JS: npm install @wemush/wols

Background: Mycology has fragmented data practices (misidentified species, inconsistent cultivation logs, no shared vocabulary for tracking genetics across generations). This is an attempt to fix that.

Looking for feedback from anyone working with biological specimen tracking, agricultural data systems, or mycology.

Over winter break, instead of the usual “kids playing in the snow” thing, we ended up doing something a little different. Mostly because it was abnormally warm, and partly because my kid had other ideas.

We built a small iPhone game together.

My son is a second grader and loves baseball. For years, our family has played a simple dice-based baseball game at restaurants while waiting for food. No screens. Just dice, rules scribbled on napkins, and a lot of arguing over whether something was a double or a ground out. It’s been one of those low-tech things that quietly stuck.

On the first night of winter break, he asked if we could turn it into an actual game.

So we did.

We spent the week breaking down how baseball works, how turns and randomness feel fair, and how games should be quick and fun. I introduced him to basic iPhone development concepts, UI thinking, and how we can use AI as a helper. Not to do the work for us, but to brainstorm, prototype, and iterate faster.

He was immediately hooked.

One of my favorite moments: he came up with a “7th minute stretch” idea. If a game session goes long enough, the app pauses and encourages you to get off the phone for 30 seconds. Do jumping jacks, grab water, stretch, whatever. It’s intentionally anti-doomscrolling, and very much his idea.

The result is Dice Baseball. A simple, fast, family-friendly dice baseball game for iPhone. No accounts. No ads. No paid features. There’s an optional tip jar if someone wants to support it, but that’s it.

For me, the best part wasn’t shipping the app. It was watching a kid realize that software isn’t magic. It’s something you can build, improve, and think critically about. He’s already talking about updates and new ideas.

If you’re curious, here it is ... https://apps.apple.com/us/app/dice-baseball/id6757132879

Thanks for checking it out.

The article discusses a technique for converting GIFs to MP4 video format directly in the browser, as opposed to relying on the terminal or other external tools. It highlights the advantages of this approach and the potential applications for web-based media processing.