Show stories

Enveil is an open-source framework that provides secure, end-to-end encryption for data in use, enabling organizations to perform computations on encrypted data without exposing sensitive information. The project aims to advance privacy-preserving technologies and promote secure data sharing and collaboration.

Anthropic has released Steerling, an 8-billion parameter language model, aimed at providing a more aligned and truthful AI assistant that can engage in open-ended dialogue and assist with a variety of tasks while adhering to Anthropic's principles of ethical AI development.

Hey HN! Lev and Justin here, authors of PgDog (https://pgdog.dev/), a connection pooler, load balancer and database sharder for PostgreSQL. If you build apps with a lot of traffic, you know the first thing to break is the database. We are solving this with a network proxy that works without requiring application code changes or database migrations.

Our post from last year: https://news.ycombinator.com/item?id=44099187

The most important update: we are in production. Sharding is used a lot, with direct-to-shard queries (one shard per query) working pretty much all the time. Cross-shard (or multi-database) queries are still a work in progress, but we are making headway.

Aggregate functions like count(), min(), max(), avg(), stddev() and variance() are working, without refactoring the app. PgDog calculates the aggregate in-transit, while transparently rewriting queries to fetch any missing info. For example, multi-database average calculation requires a total count of rows to calculate the original sum. PgDog will add count() to the query, if it’s not there already, and remove it from the rows sent to the app.

Sorting and grouping works, including DISTINCT, if the columns(s) are referenced in the result. Over 10 data types are supported, like, timestamp(tz), all integers, varchar, etc.

Cross-shard writes, including schema changes (CREATE/DROP/ALTER), are now atomic and synchronized between all shards with two-phase commit. PgDog keeps track of the transaction state internally and will rollback the transaction if the first phase fails. You don’t need to monkeypatch your ORM to use this: PgDog will intercept the COMMIT statement and execute PREPARE TRANSACTION and COMMIT PREPARED instead.

Omnisharded tables, a.k.a replicated or mirrored (identical on all shards), support atomic reads and writes. That’s important because most databases can’t be completely sharded and will have some common data on all databases that has to be kept in-sync.

Multi-tuple inserts, e.g., INSERT INTO table_x VALUES ($1, $2), ($3, $4), are split by our query rewriter and distributed to their respective shards automatically. They are used by ORMs like Prisma, Sequelize, and others, so those now work without code changes too.

Sharding keys can be mutated. PgDog will intercept and rewrite the update statement into 3 queries, SELECT, INSERT, and DELETE, moving the row between shards. If you’re using Citus (for everyone else, Citus is a Postgres extension for sharding databases), this might be worth a look.

If you’re like us and prefer integers to UUIDs for your primary keys, we built a cross-shard unique sequence, directly inside PgDog. It uses the system clock (and a couple other inputs), can be called like a Postgres function, and will automatically inject values into queries, so ORMs like ActiveRecord will continue to work out of the box. It’s monotonically increasing, just like a real Postgres sequence, and can generate up to 4 million numbers per second with a range of 69.73 years, so no need to migrate to UUIDv7 just yet.

    INSERT INTO my_table (id, created_at) VALUES (pgdog.unique_id(), now());

Sharding hardly works without a good load balancer. PgDog can monitor replicas and move write traffic to a promoted primary during a failover. This works with managed Postgres, like RDS (incl. Aurora), Azure Pg, GCP Cloud SQL, etc., because it just polls each instance with “SELECT pg_is_in_recovery()”. Primary election is not supported yet, so if you’re self-hosting with Patroni, you should keep it around for now, but you don’t need to run HAProxy in front of the DBs anymore.

The load balancer is getting pretty smart and can handle edge cases like SELECT FOR UPDATE and CTEs with INSERT/UPDATE statements, but if you still prefer to handle your read/write separation in code, you can do that too with manual routing. This works by giving PgDog a hint at runtime: a connection parameter (-c pgdog.role=primary), SET statement, or a query comment. If you have multiple connection pools in your app, you can replace them with just one connection to PgDog instead. For multi-threaded Python/Ruby/Go apps, this helps by reducing memory usage, I/O and context switching overhead.

Speaking of connection pooling, PgDog can automatically rollback unfinished transactions and drain and re-sync partially sent queries, all in an effort to preserve connections to the database. If you’ve seen Postgres go to 100% CPU because of a connection storm caused by an application crash, this might be for you. Draining connections works by receiving and discarding rows from abandoned queries and sending the Sync message via the Postgres wire protocol, which clears the query context and returns the connection to a normal state.

PgDog is open source and welcomes contributions and feedback in any form. As always, all features are configurable and can be turned off/on, so should you choose to give it a try, you can do so at your own pace. Our docs (https://docs.pgdog.dev) should help too.

Thanks for reading and happy hacking!

Hey all, I built babyshark, a terminal UI for PCAPs aimed at people who find Wireshark powerful but overwhelming.

The goal is “PCAPs for humans”: Overview dashboard answers what’s happening + what to click next

Domains view (hostnames first) → select a domain → jump straight to relevant flows (works even when DNS is encrypted/cached by using observed IPs from flows)

Weird stuff view surfaces common failure/latency signals (retransmits/out-of-order hints, resets, handshake issues, DNS failures when visible)

From there you can drill down: Flows → Packets → Explain (plain-English hints) / follow stream

Commands: Offline: babyshark --pcap capture.pcap

Live (requires tshark): babyshark --list-ifaces then babyshark --live en0

Repo + v0.1.0 release: https://github.com/vignesh07/babyshark

Would love feedback on UX + what “weird detectors” you’d want next.

Hey HN,

I built AgentBudget after an AI agent loop cost me $187 in 10 minutes — GPT-4o retrying a failed analysis over and over. Existing tools (LangSmith, Langfuse) track costs after execution but don't prevent overspend.

AgentBudget is a Python SDK that gives each agent session a hard dollar budget with real-time enforcement. Integration is two lines:

    import agentbudget
    agentbudget.init("$5.00")

How it works:

- Two-phase enforcement: estimates cost pre-call (input tokens + average completion), reconciles post-call with actual usage. Worst-case overshoot is bounded to one call. - Loop detection: sliding window over (tool_name, argument_hash, timestamp) tuples. Catches infinite retries even if budget remains. - Cost engine: pricing table for 50+ models across OpenAI, Anthropic, Google, Mistral, Cohere. Fuzzy matching for dated model variants. - Unified ledger: tracks both LLM calls and external tool costs (via track() or @track_tool decorator) in a single session.

Benchmarks: 3.5μs median overhead per enforcement check. Zero budget overshoot across all tested scenarios. Loop detection: 0 false positives on diverse workloads, catches pathological loops at exactly N+1 calls.

No infrastructure needed — it's a library, not a platform. No Redis, no cloud services, no accounts.

I also wrote a whitepaper covering the architecture and integration with Coinbase's x402 payment protocol (where agents make autonomous stablecoin payments): https://doi.org/10.5281/zenodo.18720464

1,300+ PyPI installs in the first 4 days, all organic. Apache 2.0.

Happy to answer questions about the design.

Sowbot is an open-hardware agricultural robot designed to close the "prototype gap" that kills most agri-robotics startups and research projects — the 18+ months spent on drivers, networking, safety watchdogs, and UI before you can even start on the thing you actually care about.

The hardware is built around a stackable 10×10cm compute module with two ARM Cortex-A55 SBCs — one for ROS 2 navigation/EKF localisation, one dedicated to vision/YOLO inference — connected via a single ethernet cable.

Centimetre-level positioning via dual RTK GNSS, CAN bus for field comms, and real-time motor control via ESP32 running Lizard firmware.

Everything — schematics, PCB layouts, firmware — is under open licences. The software stack runs on RoSys/Field Friend (for teams who want fast iteration) or DevKit ROS (for teams already in the ROS ecosystem). The idea is that a lab in one country can reproduce another lab's experiment by sharing a Docker image.

Current status: the Open Core brain is largely fabricated, the full-size Sowbot body has a detailed BOM but isn't yet assembled, and we have two smaller dev platforms (Mini and Pico) in various stages of testing.

We're a small volunteer team and we're looking for contributors — hardware, ROS, firmware, docs, whatever you can offer.

The best place to start is our Discord: https://discord.gg/SvztEBr4KZ — we have a weekly call if you'd prefer to just show up and chat.

GitHub: https://github.com/Agroecology-Lab/feldfreund_devkit_ros/tre...

Hey everyone,

I’ve been working on a project called L88 — a local RAG system that I initially focused on UI/UX for, so the retrieval and model architecture still need proper refinement.

Repo: https://github.com/Hundred-Trillion/L88-Full

I’m running this on 8GB VRAM and a strong CPU (128GB RAM). Embeddings and preprocessing run on CPU, and the main model runs on GPU. One limitation I ran into is that my evaluator and generator LLM ended up being the same model due to compute constraints, which defeats the purpose of evaluation.

I’d really appreciate feedback on:

Better architecture ideas for small-VRAM RAG

Splitting evaluator/generator roles effectively

Improving the LangGraph pipeline

Any bugs or design smells you notice

Ways to optimize the system for local hardware

I’m 18 and still learning a lot about proper LLM architecture, so any technical critique or suggestions would help me grow as a developer. If you check out the repo or leave feedback, it would mean a lot — I’m trying to build a solid foundation and reputation through real projects.

Thanks!

Interactive timeline of every major Large Language Model. Filterable by open/closed source, searchable, 54 organizations tracked.

I’m building a chat-first community app that uses Bluesky’s AT Protocol for identity.

Current architecture: - Electron client - Spring Boot backend (monolith) - REST for servers/channels - Planning WebSocket-based messaging

As a solo builder, I’m trying to balance simplicity with future scalability.

At what point would you introduce: - a separate WebSocket gateway - pub/sub (Redis, etc.) - or keep everything in one Spring app until it breaks?

Curious how others approached real-time chat systems early on.

Project for context: https://github.com/JohannaWeb/ProjectFalcon

A structured archive of CIA World Factbook data spanning 1990–2025. It currently includes: 36 editions 281 entities ~1.06M parsed fields full-text + boolean search country/year comparisons map/trend/ranking analysis views CSV/XLSX/PDF export The goal is to preserve long-horizon public-domain government data and make cross-year analysis practical. Live: https://cia-factbook-archive.fly.dev About/method details: https://cia-factbook-archive.fly.dev/about Data source is the CIA World Factbook (public domain). Not affiliated with the CIA or U.S. Government.

I got tired of spending hours in PowerPoint and TikZ drawing methodology diagrams for my papers. So I built PaperBanana — you paste your Method section text, and it generates a publication-ready figure in about 2-3 minutes.

How it works under the hood:

1. A Retriever agent searches a curated database of real academic diagrams to find structurally similar references 2. A Planner agent reads your text and generates a detailed visual description (layout, components, connections, groupings) 3. A Stylist agent polishes the visual aesthetics without changing content 4. Then it enters an iterative loop: a Visualizer generates the image, and a Critic evaluates it and suggests revisions — this repeats 1-5 times (you choose)

The key insight is that academic diagrams follow conventions — Transformer architectures, GAN pipelines, RLHF frameworks all have recognizable visual patterns. By retrieving relevant references first, the output is much closer to what you'd actually put in a paper vs. generic AI image generation.

Built with: Next.js + FastAPI + Celery, using Gemini 2.5 Flash for planning/critique and Nanobanana Pro/Seedream for image generation.

Try it here: https://paperbanana.online

Some examples it handles well: Transformer architectures, GAN training pipelines, RLHF frameworks, multi-agent systems, encoder-decoder architectures.

Known limitations: - Works best for CS/AI methodology diagrams — not optimized for biology, chemistry, or general scientific illustration - Text rendering in generated images isn't perfect yet — sometimes labels get slightly garbled - The curated reference database is still small (13 examples), expanding it is ongoing work

Would love feedback from anyone who writes papers regularly. What types of diagrams do you struggle with most?

We've all done it — "hey can you DM me the staging .env?" Secrets end up in Slack history, email threads, shared notes — all searchable, all persistent. The secure path (1Password, GPG, etc.) always had more friction than the insecure one, so people took the shortcut. enseal makes the secure path faster than the insecure one: # sender $ enseal share .env Share code: 7-guitarist-revenge Expires: 5 minutes or first receive

# recipient $ enseal receive 7-guitarist-revenge ok: 14 secrets written to .env Zero setup, no accounts, no keys needed for basic use. Channels are single-use and time-limited. The relay never sees plaintext (age encryption + SPAKE2 key exchange). For teams that want more: identity mode with public key encryption, process injection (secrets never touch disk), schema validation, at-rest encryption for git, and a self-hostable relay. Written in Rust. MIT licensed. Available via cargo install, prebuilt binaries, or Docker. Looking for feedback on the UX and security model especially. What would make you actually reach for this instead of the Slack DM?

Detailed documentation here: https://enseal.docsyard.com/

The article describes a user interface for the popular terminal multiplexer, Tmux. It provides a comprehensive set of keyboard shortcuts and configuration options to enhance the Tmux experience, making it more user-friendly and visually appealing.

amux is an open-source tool that allows users to create and manage multiple instances of a program simultaneously, providing a flexible and efficient way to run and monitor applications in various environments.

OP here.

    This is a geometric decoding of Chopin's Prelude No. 4.

    I built a 3D music midi visualizer ( https://github.com/jimishol/cholidean-harmony-structure ) and realized that standard music theory couldn't explain the shapes I was seeing. So, I developed the Umbilic-Surface Grammar to map the topology of the harmony.

    This document demonstrates that the prelude's tension isn't random, but a rigorous conflict between 'Gravity' (Station Shifts) and 'Will' (Pivots).

    I am looking for feedback on the logic—specifically from anyone with a background in topology or music theory. Does this geometric proof hold up?

bVisor is an SDK and runtime for safely executing bash commands directly on your host machine. We built it on the belief that "sandbox" doesn't need to mean shipping off to remote sandbox products, or spinning up local VMs / containers. Sometimes, you just want to run that bash command locally.

bVisor boots a sandbox from user-space without special permissions, powered by seccomp user notifier. This allows us to intercept syscalls from guest processes and selectively virtualize them to block privilege escalation, isolate process visibility, and keep filesystem changes isolated per sandbox (copy-on-write). Sandboxes boot in 2ms, and can run arbitrary binaries at native speed (with minor overhead per syscall). This approach is heavily inspired by Google's gVisor.

As of today, bVisor supports most filesystem operations, basic file I/O, and can run complex binaries such as python interpreters. It is packaged as a Typescript SDK and installable via npm. There's much to still implement (such as outbound network access to support 'curl', shipping a python SDK, etc), but we wanted to share it here for feedback and anyone who'd be able to make use of the current featureset!

I built a user-space implementation of ping that constructs Ethernet frames, performs ARP resolution, builds IPv4 headers, and sends ICMP echo requests manually using AF_PACKET.

- ARP (packet format, cache with aging, re-ARP, conflict handling) - IPv4 header construction and checksum - DF handling and ICMP Fragmentation Needed (Type 3 Code 4) - IP fragment reassembly - ICMP echo request/reply parsing - A basic ping loop with loss statistics

The goal was to understand how packets actually move from Layer 2 upward.

I wanted to build a mipmap version of r/place — zoom out and you see the whole world, zoom in and you're placing individual pixels at real geographic coordinates.

The map is the canvas. Seoul, Tokyo, New York — pixels live at actual lat/lon positions and persist there. Watch others paint in real time as you explore.

A few things I focused on: - WebGL-only renderer (dropped Canvas2D after profiling showed it was the zoom-out bottleneck) - SSE updates scoped to your current viewport only - Seeded pixel art in cities around the world to make it feel alive from day one

Free to use. Still early — curious what people think.

This started as a question about simulation theory: if a GPU is just rules applied to a grid in parallel, do you actually need the silicon?

Turns out, no.

PureBee is a complete GPU defined as a software specification — Memory, Engine, Instruction Set, Runtime. It runs Llama 3.2 1B inference at 3.6 tok/sec on a single CPU core. The model answers questions correctly.

What makes it different from llama.cpp or WebLLM:

The WASM compute kernel is constructed byte-by-byte in JavaScript at runtime. No Emscripten. No Rust. No compiler. No build step. The binary that runs the Q4 SIMD matrix math is itself readable JavaScript. Every layer of the stack — including the thing executing the math — is auditable source.

The progression from first principles:

```

Baseline JS 0.08 tok/sec

Typed arrays 0.21 tok/sec

WASM kernels 0.70 tok/sec

Q4 quantization 1.30 tok/sec

SIMD 3.00 tok/sec

Worker threads 3.60 tok/sec

```

45× total. Single CPU core. Zero npm dependencies.

The claim isn't that this is faster than a real GPU. The claim is that a GPU was never the hardware — it was always the math. The hardware is just one way to run the math fast. PureBee is another way. If that's true, it changes where inference can run.

To run:

```

git clone https://github.com/PureBee/purebee

node download.js llama3

node --max-old-space-size=4096 chat-llama3.js

```

Requires Node.js ≥ 20. The heap flag is not optional.

Licensed FSL-1.1 (converts to Apache 2.0 in 2 years). Free for personal and internal use.

Happy to go deep on the WASM binary construction, the Q4 nibble layout, or the SharedArrayBuffer weight cache that runs a 4.5GB model in 1.8GB of RAM.

Hi everyone!

For the last few months I've been working on "Peekl" a configuration management solution.

The idea was to get the good part of what I liked with Ansible (the ease of use, the fact that you can get started quickly) with what I loved with Puppet (mainly the pull based model with the agent).

The project is now in a state where I believe I can share it with the world. Of course there is still a long way to go for it to be on-par in term of features to Puppet or Ansible, but I think that currently it's a good starting point.

This article explores the Merkle tree data structure, a core component of blockchain technology. It explains the concept of Merkle trees, their structure, and their use in ensuring data integrity and efficient verification of transactions in distributed systems like blockchain.

Shuru is a lightweight sandbox that spins up Linux VMs on macOS using Apple's Virtualization.framework. Boots in about a second on Apple Silicon, and everything is ephemeral by default. There's a checkpoint system for when you do want to persist state, and sandboxes run without network access unless you explicitly allow it. Single Rust binary, no dependencies. Built it for sandboxing AI agent code execution, but it works well for anything where you need a disposable Linux environment.

Hi everyone, I'm kinda involved in some retrogaming and with some experiments I ran into the following question: "It would be possible to run transformer models bypassing the cpu/ram, connecting the gpu to the nvme?"

This is the result of that question itself and some weekend vibecoding (it has the linked library repository in the readme as well), it seems to work, even on consumer gpus, it should work better on professional ones tho

I started to teach myself to code around 15 years ago. At the time I was working service industry jobs (restaurant kitchens, coffee shops) and desperate to change my career and life.

Around that time there was a new thing called <canvas> available in HTML5 that you could use to render graphics in web pages without plugins; despite my limited knowledge of tech and lack of coding skills, I knew I wanted to be a part of that.

Around that same time, I had also enrolled at the community college for night classes in math. I wanted to "work in tech" after all, so a mathematics brush-up seemed wise. I had always struggled with math. But now that I was both incentivized to learn it, I found myself facing a familiar terror: trigonometry.

The other students, just out of high school, seemed to know this stuff. I was simply confused. The same frustration I had felt in high school returned: No one could clearly answer why this stuff worked. Why did we need a "sine" function?

So I decided to combine my struggles and make them into a single creative project: I would code a way to visualize and understand the trig functions - and in so doing, I would learn trigonometry and HTML5.

I called it "Touch Trigonometry" and the idea was simple: You move your mouse, and the visualization of the trig functions would update. There would be a unit circle showing the angle. There would be a graph showing the plots. As a kinesthetic learner, I theorized that if I could simply "play with trigonometry" I could get an intuitive understanding of trig.

In the end, building it helped me grasp a concept that had always flummoxed me. And to my surprise, it got posted on HN and made it to the front page. It got many thousands of views and lots of comments on its Disqus message board.

Time went by; I moved onto other things; I gave up the domain and forgot about it.

Early this year I decided to see how quickly I could re-implement Touch Trigonometry again, this time in React Native, using Claude Code, in the form of an app. It took me around 8 hours of total coding time (that's including my own pondering, but not stuff like pushing to the App Store). It was easier this time, not just because of the AI agent at my disposal, but also because I already had a foundation in trig, much more experience as a software engineer, and a more concrete sense of what I wanted the UI to be.

There were a lot of friction points with Claude Code (circa Jan 2026). It could not "one-shot" this app, at least nothing like what I really wanted. It made poor recommendations on rendering and UI setup. UI rendering performance was bad at first, especially layering add'l visualizations like labels; only with considerable "coaching" cold Claude make it tolerable.

Notably Claude also had problems comprehending where to place elements in 2D space - especially with the default landscape orientation of the app. I had to manually place elements on the canvas to use as references it could understand. I had to rename many inaccurately named variables by hand - because its own naming conventions were leading it astray and causing more positioning and orientation mistakes. Even despite such interventions, it often did the orthogonal of what I asked.

I would guess that Claude's issues with spatial understanding are easily fixable on Anthropic's side. They could a bajillion synthetic examples to Claude's training data to give it a better understanding of how natural language spatial positioning instructions map to discrete code edits.

That said, once the essence was working, it was pretty simple to go from 90% complete to 99% complete. This app isn't perfect, and it needs a lot more refinement, but it was an interesting exercise to test what Claude Code's limitations are today.

Anyway, Touch Trig is now alive again and I overall it was a super fun side project to work on. It's very satisfying to see my old UI alive again in app form.

Claude Code forgets everything between sessions. After months of heavy use, I had 1.6GB of JSONL session files buried in ~/.claude/projects/. Architecture decisions, debugging breakthroughs, and solutions I couldn't find again. There’s nothing more annoying that solving the same problem twice.

I tried RAG pipelines and local vector DBs, but they added complexity for a problem that's really just text search over structured files. So I built search-sessions: a single Rust binary that searches your session history directly. No database, no indexing step, no dependencies.

It supports two modes: index search (~18ms) for finding the right session, and deep search (~280ms with ripgrep, ~1s without) for matching against full message bodies. Each result includes the session UUID so you can resume any conversation with `claude --resume`.

The design choice that makes it work: skip the database entirely. JSONL files are already structured — just search them fast. Under the hood it's just files and a CLI, so it's easy to inspect, backup, and delete. You install it as a Claude Code skill, then ask "do you remember that auth refactor?" and Claude searches your history and picks up the thread. It also works with OpenClaw.

MIT licensed. macOS and Linux:

brew install sinzin91/tap/search-sessions

or

cargo install search-sessions

Curious what people think about exact vs fuzzy vs semantic search as a default — and which other coding CLIs you’d like supported.

Pysaic is a Python library that allows users to create and manipulate ASCII art with ease. The article discusses the key features and capabilities of Pysaic, including the ability to generate random ASCII art and customize existing designs.

The article provides an overview of the TLA+ Workbench, a tool for writing, analyzing, and verifying formal specifications. It covers the key features and benefits of the Workbench, making it a valuable resource for developers and engineers working on complex systems.