Show HN: OSAI-Browser – A P2P Browser for Web3 and HTML Games
5 by EvoSync | 2 comments on Hacker News.
https://ift.tt/DAIdx7M OSAI Browser is an peer-to-peer (P2P) browser currently in active development. My goal is to redefine how we interact with the web, focusing on decentralization and cutting-edge capabilities for web content. As a core future functionality, I envision distributed computing for high-quality web games and IoT applications, leveraging the P2P architecture to achieve impressive image fidelity and performance. Imagine games that harness the collective power of connected users, or IoT devices seamlessly interacting through a decentralized browser! Currently, the browser successfully allows users to drag-and-drop ZIP files directly to install and run web games. This demonstrates the practical application of its unique P2P distribution model. Crucially, both the server and client functionalities are already up and running, providing a robust foundation for the P2P network. We also plan to work with WebAssembly (WASM) and various game engines to expand its capabilities. Please note that OSAI-browser is still an early stage project and a work in progress. Your constructive feedback and suggestions are highly appreciated as we continue to develop and refine it. for coder: https://ift.tt/nNQAi3C It's a rough code though
Saturday, 21 June 2025
Friday, 20 June 2025
New top story on Hacker News: Show HN: SecureBuild – Zero-CVE Images That Pay OSS Projects
Show HN: SecureBuild – Zero-CVE Images That Pay OSS Projects
18 by grantlmiller | 7 comments on Hacker News.
We're launching SecureBuild: https://securebuild.com — a new way for open source projects and maintainers to earn revenue by partnering with and endorsing our Zero-CVE container images of their project. We’ve spent the last decade at Replicated ( https://ift.tt/qeFjrRm ) helping commercial and open source software vendors securely distribute their apps to enterprise environments. During that time, we saw firsthand how hard it is for maintainers to fund their work, and how increasingly demanding enterprises have become when it comes to demonstrable security and scanning. SecureBuild is our attempt to bridge that gap. Built on top of Wolfi ( https://ift.tt/bQs6Zx3 ), we provide Zero-CVE container images with tight SLAs, full SBOMs, etc, but we route 70% of direct subscription revenue back to the open source projects that create them. We’re especially interested in partnering with open source maintainers who want to make their projects more secure and sustainable without changing licenses. We handle builds, hosting, sales, patching, and customer delivery. I'm Grant ( https://ift.tt/916oYcm ), co-founder of Replicated & co-creator of SecureBuild, working with my co-founder Marc Campbell ( https://ift.tt/6Crmpbi ). We hope this can be part of a broader push toward a more secure, economically sustainable future for open source. Happy to answer questions and share more details!
18 by grantlmiller | 7 comments on Hacker News.
We're launching SecureBuild: https://securebuild.com — a new way for open source projects and maintainers to earn revenue by partnering with and endorsing our Zero-CVE container images of their project. We’ve spent the last decade at Replicated ( https://ift.tt/qeFjrRm ) helping commercial and open source software vendors securely distribute their apps to enterprise environments. During that time, we saw firsthand how hard it is for maintainers to fund their work, and how increasingly demanding enterprises have become when it comes to demonstrable security and scanning. SecureBuild is our attempt to bridge that gap. Built on top of Wolfi ( https://ift.tt/bQs6Zx3 ), we provide Zero-CVE container images with tight SLAs, full SBOMs, etc, but we route 70% of direct subscription revenue back to the open source projects that create them. We’re especially interested in partnering with open source maintainers who want to make their projects more secure and sustainable without changing licenses. We handle builds, hosting, sales, patching, and customer delivery. I'm Grant ( https://ift.tt/916oYcm ), co-founder of Replicated & co-creator of SecureBuild, working with my co-founder Marc Campbell ( https://ift.tt/6Crmpbi ). We hope this can be part of a broader push toward a more secure, economically sustainable future for open source. Happy to answer questions and share more details!
Thursday, 19 June 2025
Wednesday, 18 June 2025
New top story on Hacker News: Show HN: Free local security checks for AI coding in VSCode, Cursor and Windsurf
Show HN: Free local security checks for AI coding in VSCode, Cursor and Windsurf
11 by jaimefjorge | 5 comments on Hacker News.
Hi HN! We just launched Codacy Guardrails, an IDE extension with a CLI for code analysis and MCP server that enforces security & quality rules on AI-generated code in real-time. It hooks into AI coding assistants (like VS Code Agent Mode, Cursor, Windsurf), silently scanning and fixing AI-suggested code that has vulnerabilities or violates your coding standards, while the code it’s being generated. We built this because coding agents can be a double-edged sword. They do boost productivity, but can easily introduce insecure or non-compliant code. One recent research team at NYU found that 40% of Copilot’s outputs were buggy or exploitable [1]. Other surveys mention that people are spending more time debugging AI-generated code [2]. That's why we created “guardrails” to catch security problems early. Codacy Guardrails uses a collection of open-source static analyzers (like Semgrep and Trivy) to scan the AI’s output against 2000+ rules. We currently support JavaScript/TypeScript, Python, and Java, focusing on things like OWASP Top 10 vulns, hardcoded secrets, dependency checks, code complexity and styling violations, and you can customize the rules to match your project’s needs. We're not using any AI models, it's “classic” static code analysis working alongside your AI assistant. Here’s a quick demo: https://youtu.be/pB02u0ntQpM The extension is free for all developers. (We do have paid plans for teams to apply rules centrally, but that’s not needed to use the extension and local code analysis with agents.) Setup is pretty straightforward: Install the extension and enable Codacy’s CLI and MCP Server from the sidebar. We’re eager to hear what the HN community thinks! Does this approach sound useful in your AI coding workflow? Have you encountered security issues from AI-generated code? We hope Codacy Guardrails can make AI-assisted development a bit safer and more trustworthy. Thanks for reading! Get extension: https://ift.tt/QGKW61x Docs: https://ift.tt/y4luePT... Sources [1]: NYU Research: https://ift.tt/ilLSeBf... [2]: https://ift.tt/s5XGvLb...
11 by jaimefjorge | 5 comments on Hacker News.
Hi HN! We just launched Codacy Guardrails, an IDE extension with a CLI for code analysis and MCP server that enforces security & quality rules on AI-generated code in real-time. It hooks into AI coding assistants (like VS Code Agent Mode, Cursor, Windsurf), silently scanning and fixing AI-suggested code that has vulnerabilities or violates your coding standards, while the code it’s being generated. We built this because coding agents can be a double-edged sword. They do boost productivity, but can easily introduce insecure or non-compliant code. One recent research team at NYU found that 40% of Copilot’s outputs were buggy or exploitable [1]. Other surveys mention that people are spending more time debugging AI-generated code [2]. That's why we created “guardrails” to catch security problems early. Codacy Guardrails uses a collection of open-source static analyzers (like Semgrep and Trivy) to scan the AI’s output against 2000+ rules. We currently support JavaScript/TypeScript, Python, and Java, focusing on things like OWASP Top 10 vulns, hardcoded secrets, dependency checks, code complexity and styling violations, and you can customize the rules to match your project’s needs. We're not using any AI models, it's “classic” static code analysis working alongside your AI assistant. Here’s a quick demo: https://youtu.be/pB02u0ntQpM The extension is free for all developers. (We do have paid plans for teams to apply rules centrally, but that’s not needed to use the extension and local code analysis with agents.) Setup is pretty straightforward: Install the extension and enable Codacy’s CLI and MCP Server from the sidebar. We’re eager to hear what the HN community thinks! Does this approach sound useful in your AI coding workflow? Have you encountered security issues from AI-generated code? We hope Codacy Guardrails can make AI-assisted development a bit safer and more trustworthy. Thanks for reading! Get extension: https://ift.tt/QGKW61x Docs: https://ift.tt/y4luePT... Sources [1]: NYU Research: https://ift.tt/ilLSeBf... [2]: https://ift.tt/s5XGvLb...
Tuesday, 17 June 2025
Monday, 16 June 2025
New top story on Hacker News: Show HN: Trieve CLI – Terminal-Based LLM Agent Loop with Search Tool for PDFs
Show HN: Trieve CLI – Terminal-Based LLM Agent Loop with Search Tool for PDFs
16 by skeptrune | 0 comments on Hacker News.
Hi HN, I built a CLI for uploading documents and querying them with an LLM agent that uses search tools rather than stuffing everything into the context window. I recorded a demo using the CrossFit 2025 rulebook that shows how this approach compares to traditional RAG and direct context injection[1]. The core insight is that LLMs running in loops with tool access are unreasonably effective at this kind of knowledge retrieval task[2]. Instead of hoping the right chunks make it into your context, the agent can iteratively search, refine queries, and reason about what it finds. The CLI handles the full workflow: ```bash trieve upload ./document.pdf trieve ask "What are the key findings?" ``` You can customize the RAG behavior, check upload status, and the responses stream back with expandable source references. I really enjoy having this workflow available in the terminal and I'm curious if others find this paradigm as compelling as I do. Considering adding more commands and customization options if there's interest. The tool is free for up to 1k document chunks. Source code is on GitHub[3] and available via npm[4]. Would love any feedback on the approach or CLI design! [1]: https://www.youtube.com/watch?v=SAV-esDsRUk [2]: https://ift.tt/W67rRqJ [3]: https://ift.tt/A7HE5si... [4]: https://ift.tt/jAt3Q5p
16 by skeptrune | 0 comments on Hacker News.
Hi HN, I built a CLI for uploading documents and querying them with an LLM agent that uses search tools rather than stuffing everything into the context window. I recorded a demo using the CrossFit 2025 rulebook that shows how this approach compares to traditional RAG and direct context injection[1]. The core insight is that LLMs running in loops with tool access are unreasonably effective at this kind of knowledge retrieval task[2]. Instead of hoping the right chunks make it into your context, the agent can iteratively search, refine queries, and reason about what it finds. The CLI handles the full workflow: ```bash trieve upload ./document.pdf trieve ask "What are the key findings?" ``` You can customize the RAG behavior, check upload status, and the responses stream back with expandable source references. I really enjoy having this workflow available in the terminal and I'm curious if others find this paradigm as compelling as I do. Considering adding more commands and customization options if there's interest. The tool is free for up to 1k document chunks. Source code is on GitHub[3] and available via npm[4]. Would love any feedback on the approach or CLI design! [1]: https://www.youtube.com/watch?v=SAV-esDsRUk [2]: https://ift.tt/W67rRqJ [3]: https://ift.tt/A7HE5si... [4]: https://ift.tt/jAt3Q5p
Sunday, 15 June 2025
Subscribe to:
Posts (Atom)