Hello, I built chlibc, a linux tool to change the system interp and glibc to your custom one. Normally, running an ELF against a different glibc, you'd use LD_LIBRARY_PATH and patchelf, or use chroot/docker. chlibc allows you to change the dynamic linker of a process on the fly without patching and root access. Key Features: - zero disk modification: no need for patchelf --set-interpreter. - no root required: works entirely in user-space via ptrace - multi-arch: native support for x86_64, AArch64, and RISC-V. - lightweight: unlike PRoot, which intercepts every syscall to translate paths, chlibc only intervenes during the initial execve() phase. Once the loader is swapped, it almost has no runtime overhead. I’d love to hear your thoughts about this tool, thanks! Comments URL: https://news.ycombinator.com/item?id=47814330 Points: 2 # Comments: 0
Mulligan Labs is a browser-based playtester for Magic: The Gathering. No account or install needed. Just create a room, share the link, import a decklist from Archidekt or Moxfield, and play with mouse and keyboard (mobile support is not great right now). Stack: SvelteKit on Cloudflare Workers, PartyKit (Durable Objects) for the authoritative game server. Clients propose actions over WebSocket; the server validates and broadcasts state. My background is networking and my cofounder's is industrial design. Neither of us had shipped a codebase like this before. We built it over the last 5 months with heavy Claude assistance. Happy to get into what that actually looked like in the comments. It's rough in places (the deck builder is just ok right now) but the core multiplayer loop is solid and we have played a ton of games on it with our Commander pod. We'd love feedback, especially from anyone who's played Cockatrice/XMage/Untap and has opinions on what a browser-native version should feel like. Comments URL: https://news.ycombinator.com/item?id=47796266 Points: 3 # Comments: 4
I haven't seen anything like this so I decided to build it in a weekend. How it works: You see a bunch of things pulled from Wikipedia displayed on cards. You ask yes or no questions to figure out which card is the secret article. The AI model has access to the image and wiki text and it's own knowledge to answer your question. Happy to have my credits burned for the day but I'll probably have to make this paid at some point so enjoy. I found it's not easy to get cheap+fast+good responses but the tech is getting there. Most of the prompts are running through Groq infra or hitting a cache keyed by a normalization of the prompt. Comments URL: https://news.ycombinator.com/item?id=47787081 Points: 5 # Comments: 4
I built a UI framework I am calling C0ckp1t. It’s a zero-build, Vue.js 3 based framework with reactive components included and WebSocket support. The ultimate goal is having the ability to build UIs fast and on demand by an LLM or template engine. My uses cases: 1) Building websites fast. dashboards, blogs, landing pages. 2) Right now we tend to mix content and presentation in our applications, but I want that separated. For example when using an LLM right now you get back markdown, but that is rudimentary, I want a reactive website as output. 3) Tooling. Think of a firefox plugin where today we many static tools. For example if am on YouTube I might want to get transcript, or I might want to download a video or I want to get a summary of a video or I want to change the titles. Each of these "tools" is a different interface. But I want the LLM to generate these interfaces on demand I am using [vue3-sfc-loader]( https://github.com/FranckFreiburger/vue3-sfc-loader ) to compile Vue single file components (SFCs) on the browser. These are some demos using the framework: * https://c0ckp1t.com/default/homepage * https://c0ckp1t.com/examples/galore/#/ For more details, see this: https://c0ckp1t.com/default/docs/Articles/Why-Project-Exists... Comments URL: https://news.ycombinator.com/item?id=47779184 Points: 1 # Comments: 0
Article URL: https://pufomi.com/en/ Comments URL: https://news.ycombinator.com/item?id=47778123 Points: 1 # Comments: 2
The marquee feature is patch-based merging, similar to Darcs and Pijul. I think xit is the first version control system (VCS) to have this feature while still being git compatible. See the 100% human-written readme for more. Comments URL: https://news.ycombinator.com/item?id=47777702 Points: 3 # Comments: 0
Based roughly on true events. Comments URL: https://news.ycombinator.com/item?id=47775750 Points: 1 # Comments: 0
Article URL: https://github.com/anubhavgupta/whisper-npu Comments URL: https://news.ycombinator.com/item?id=47768095 Points: 2 # Comments: 1
I built this while debugging our own tile pipelines for MarineCharts (a nautical chart API). I wanted something you could just paste a URL into. It runs entirely in the browser – no install, no signup. You paste a tile URL template ({z}/{x}/{y}.pbf), click Load, and it renders the tiles on a map. As you hover over features, you get a live property inspector showing all attributes on that feature. The left panel lists all detected layers; clicking one filters the inspection to just that layer. Supports: MVT/PBF endpoints and any standard vector tile format. Works with Mapbox GL JS and MapLibre GL backends. I use it constantly when checking that my tile generation pipeline is emitting the right feature attributes, or when exploring a third-party tile source before integrating it. Would be curious if this is useful to others working with vector tile data, and what features would make it more useful (attribute filtering? tile boundary/coordinates overlay? hex/decoded view of the raw PBF?). Comments URL: https://news.ycombinator.com/item?id=47766773 Points: 1 # Comments: 0
Local Web Dashboard — A new browser-based dashboard for managing your Hermes Agent locally. Configure settings, monitor sessions, browse skills, and manage your gateway — all from a clean web interface without touching config files or the terminal. The easiest way to get started with Hermes. Fast Mode ( /fast ) — Priority processing for OpenAI and Anthropic models. Toggle /fast to route through priority queues for significantly lower latency on supported models (GPT-5.4, Codex, Claude). Expands across all OpenAI Priority Processing models and Anthropic’s fast tier. ( #6875 , #6960 , #7037 ) iMessage via BlueBubbles — Full iMessage integration through BlueBubbles, bringing Hermes to Apple’s messaging ecosystem. Auto-webhook registration, setup wizard integration, and crash resilience. ( #6437 , #6460 , #6494 ) WeChat (Weixin) & WeCom Callback Mode — Native WeChat support via iLink Bot API and a new WeCom callback-mode adapter for self-built enterprise apps. Streaming cursor, media uploads, markdown link handling, and atomic state persistence. Hermes now covers the Chinese messaging ecosystem end-to-end. ( #7166 , #7943 ) Termux / Android Support — Run Hermes natively on Android via Termux. Adapted install paths, TUI optimizations for mobile screens, voice backend support, and the /image command work on-device. ( #6834 ) Background Process Monitoring ( watch_patterns ) — Set patterns to watch for in background process output and get notified in real-time when they match. Monitor for errors, wait for specific events (“listening on port”), or watch build logs — all without polling. ( #7635 ) Native xAI & Xiaomi MiMo Providers — First-class provider support for xAI (Grok) and Xiaomi MiMo, with direct API access, model catalogs, and setup wizard integration. Plus Qwen OAuth with portal request support. ( #7372 , #7855 ) Pluggable Context Engine — Context management is now a pluggable slot via hermes plugins . Swap in custom context engines that control what the agent sees each turn — filtering, summarization, or domain-specific context injection. ( #7464 ) Unified Proxy Support — SOCKS proxy, DISCORD_PROXY , and system proxy auto-detection across all gateway platforms. Hermes behind corporate firewalls just works. ( #6814 ) Comprehensive Security Hardening — Path traversal protection in checkpoint manager, shell injection neutralization in sandbox writes, SSRF redirect guards in Slack image uploads, Twilio webhook signature validation (SMS RCE fix), API server auth enforcement, git argument injection prevention, and approval button authorization. ( #7933 , #7944 , #7940 , #7151 , #7156 ) hermes backup & hermes import — Full backup and restore of your Hermes configuration, sessions, skills, and memory. Migrate between machines or create snapshots before major changes. ( #7997 ) 16 Supported Platforms — With BlueBubbles (iMessage) and WeChat joining Telegram, Discord, Slack, WhatsApp, Signal, Matrix, Email, SMS, DingTalk, Feishu, WeCom, Mattermost, Home Assistant, and Webhooks, Hermes now runs on 16 messaging platforms out of the box. /debug & hermes debug share — New debugging toolkit: /debug slash command across all platforms for quick diagnostics, plus hermes debug share to upload a full debug report to a pastebin for easy sharing when troubleshooting. ( #8681 ) 2 个帖子 - 2 位参与者 阅读完整话题
Article URL: https://deconflict.pages.dev Comments URL: https://news.ycombinator.com/item?id=47757351 Points: 2 # Comments: 0
Show HN: Zero-identity messaging app with physics-based post-quantum encryption (Layer 2 from my own paper) Hey HN, I'm building a privacy-first messaging app in Flutter/Dart, developed with AI assistance (Gemini 2.5 Pro + Claude Opus 4.6). No phone number, no email, no account — no identity, nothing to track. Currently focused on Android. *Six-layer defense architecture* Layer 0 - Identity layer: Zero identifier. No account, no identity, nothing to track. Layer 1 - Key exchange: X25519 + ML-KEM-768 hybrid. X25519 is Bernstein-designed, outside the NIST ecosystem. Even if ML-KEM has an NSA backdoor, X25519 still holds. The probability of both being broken simultaneously approaches zero. Layer 2 - Key hardening (my original contribution): session_key = HKDF(shared_secret || Y), where Y = PQ_C(W(shared_secret)). Even if Layer 1 is fully compromised, the attacker still faces the Landauer thermodynamic lower bound + Margolus-Levitin operation limit. Physical law, not a mathematical assumption. Layer 3 - Message encryption: ChaCha20-Poly1305, Bernstein-designed. High resistance to side-channel attacks. Retains 128-bit equivalent security strength post-quantum. Layer 4 - Transport: SMP protocol reimplemented from scratch in Dart. No central server, P2P communication. Unidirectional queues — the server never knows who is talking to whom. No message retention on the server. Currently using SimpleX public relay. Layer 5 - Endpoint: Android FLAG_SECURE screenshot prevention. Volume key triggers emergency wipe (messages + keys). Configurable wrong-password limit before irreversible wipe. Burn-after-reading on by default. Client-side encrypted backup, keys never leave the device. *What is Layer 2* Layer 2 is implemented from my Zenodo preprint. The core claim: a key derivation path passing through Product Quantization and Soft-ZCA whitening creates structure-induced quantum blindness against known quantum algorithm paradigms (HSP, Simon, Grover, etc.), making quantum attacks physically infeasible — grounded in physical law, not computational hardness assumptions. Because Layer 2 is based on my public preprint paper, there is no closed-source issue. Anyone can implement their own encryption scheme using the paper as a foundation. Paper: https://doi.org/10.5281/zenodo.19483649 Counterproofs welcome. If you can construct one, that result is itself a significant academic finding. *Features* - Contact establishment: QR code (in-person) or 10-character random code (remote) - Stickers: upload any image under 1MB, auto-converted to SVG vector format (in progress) - Local database: Hive - Languages: Traditional Chinese and English, both first-class - Code comments: bilingual beginner-level annotations throughout, written for readability *Swappable GUI (in progress)* Frontend/backend separation. Users can choose between WhatsApp-like, Telegram-like, WeChat-like, or Line-like interfaces. Non-commercial developers will be able to build their own GUI on top of the same backend in the future. *Why Android first, not PWA* PWA cannot control volume keys or implement FLAG_SECURE screenshot prevention. Both are necessary — not optional — for the device-seizure threat model. *License* Custom license. Commercial rights reserved to the author. Drafting terms that will prohibit MAMANGO(Meta, Amazon, Microsoft, Apple, Nvidia, Google, OpenAI) and their affiliates from commercial use or participation in development. Layer 2 licensing terms to follow separately. *Current status* Repo is public, README in progress. Landing page with waitlist opening soon. Will publish to app stores after v1.0. Repo: https://codeberg.org/Kelvin_Brammidge/xlinendchat Comments URL: https://news.ycombinator.com/item?id=47751692 Points: 2 # Comments: 0
Hi HN, since the Berkeley RDI benchmark integrity post recently got a lot of attention here [0], it seems like a good time to share Amber, related work aimed at making agent benchmarks easier to reproduce. Amber grew out of the RDI AgentX-AgentBeats benchmarking competition [1] where the general public was invited to submit agents. To ensure trustworthy results, we needed submissions to be reproducible and have clear provenance. Reproducibility motivates declarative specifications of benchmarks, and provenance motivates the ability to safely and efficiently run benchmarks on hosted hardware. Once you add support for multi-phase multi-agent benchmarks (like Werewolf), the design for Amber mostly falls right out. Amber is inspired by Fuchsia OS Component Framework. The security model of Amber is that a component like an A2A agent or MCP tool only serves a component that has explicitly been given a capability to use it. In the context of benchmarks, this means that an agent under test cannot reach into the evaluator, and that a tool can be revoked in a later phase of a benchmark. Amber is a combination of a compiler and a runtime system: the compiler turns manifests describing agents, tools, and how they connect to each other into a deterministic plan. The plan can be executed against different backends like Docker, K8s, KVM, or the host OS. The compiler injects runtime components necessary to enforce the capability model: sidecar routers that provide guarded connectivity between components, and backend controllers that allow components to create and destroy components at runtime. Amber started out with just static `docker compose`, but benches like TerminalBench and OSWorld required the addition of dynamic components and VM-backed components. Then competition participants wanted an easier way to test locally that didn't involve repeatedly rebuilding Docker images, so Amber got native binary support and a one-liner `amber run` interface. The concepts borrowed from Fuchsia have held up so far. Right now I'm working on making Amber's observability traces available to the benchmark evaluator so that it can judge based on the path an agent took, rather than just the final answer. Overall, the goal we set out to achieve was to make it easy to reproduce agent benchmark results in a low-trust environment. Amber is not a complete solution, but it takes some burden off of benchmark authors and agent builders. Maybe it's even useful beyond benchmarks. I would be happy for you to batter the conceptual framework! The AgentBeats tau2 benchmark manifest [2] is a real example. The in-tree mixed-site example [3] is a simple demo of Amber end-to-end with `amber run`. [0]: https://news.ycombinator.com/item?id=47733217 [1]: https://rdi.berkeley.edu/agentx-agentbeats.html [2]: https://github.com/RDI-Foundation/tau2-agentbeats/blob/main/... [3]: https://github.com/RDI-Foundation/amber/tree/main/examples/m... Comments URL: https://news.ycombinator.com/item?id=47749007 Points: 1 # Comments: 0
I wrote this set of Python files to try to help programmers understand the original LISP paper, assuming zero mathematical or Lisp knowledge. The original paper is a mind-blowing piece of computer science history for many reasons - I'd recommend anyone to try and get their head around it. I found plenty of fantastic LISP implementations which stay close to the original paper. But they are all fully-functional, practical implementations. The original paper builds from deeper fundamentals which it would be possible to write code in, albeit very impractical. I implemented these earlier iterations, so programmers can follow the paper step-by-step in a more familiar language than 50s mathematical notation. I am no expert in Lisp or mathematics, and intentionally went into this with no knowledge of Lisp beyond the original paper. I did not write it in the most elegant way, but in the simplest way for me to understand. So please don't take this code as a definitive statement on the language. However, this code really helped me to understand the original paper better, and to begin using Lisp with a better grasp of the spirit of the language. I'd welcome any thoughts from those who have more experience with Lisp or comp sci history. Comments URL: https://news.ycombinator.com/item?id=47737872 Points: 3 # Comments: 0