Spacing Over Cards
4 by smagin | 0 comments on Hacker News.
Sunday, August 31, 2025
New top story on Hacker News: Show HN: Anonymous Age Verification
Show HN: Anonymous Age Verification
6 by jwally | 2 comments on Hacker News.
So I'm not an expert in this area, but here's an attempt at cost effective, anonymous, age verification flow that probably covers ~70% of use cases in the United States. The basic premise is to leverage your bank (who already has had to perform KYC on you to open an account) to attest to your age for age-restricted merchant sites (pornhub, gambling, etc) without sharing any more information than necessary. Flow works like this: 1) You go to gambling.com 2) They request you to verify your age 3) You choose "Bank Verification" 4) You trigger a WebAuthn Credential Creation flow 5) gambling.com gives you a string to copy ------------- 6) You log into your bank 7) You go to bank.com/age-verify 8) You paste in the string you were given 9) The bank verifies it/you and creates a signed payload with your age-claims (over_18: true, over_21: false) 10) You copy this and go back to gambling.com --------------- 11) You paste the string back into gambling.com 12) You perform WebAuthn Auth flow 13) gambling.com verifies everything (signatures, webauthn, etc) 14) gambling.com sets a session-cookie and _STRONGLY_ encourages you to create an account (with a pass key). This will prevent you from having to verify your age every time you visit gambling.com The mechanics might feel off, but it feels like this in the neighborhood of a way to perform anonymous age verification. This is virtually free, and requires extremely light infra. Banks can be incentivized with small payments, or offer it because everyone else does and don't want to get left behind.
6 by jwally | 2 comments on Hacker News.
So I'm not an expert in this area, but here's an attempt at cost effective, anonymous, age verification flow that probably covers ~70% of use cases in the United States. The basic premise is to leverage your bank (who already has had to perform KYC on you to open an account) to attest to your age for age-restricted merchant sites (pornhub, gambling, etc) without sharing any more information than necessary. Flow works like this: 1) You go to gambling.com 2) They request you to verify your age 3) You choose "Bank Verification" 4) You trigger a WebAuthn Credential Creation flow 5) gambling.com gives you a string to copy ------------- 6) You log into your bank 7) You go to bank.com/age-verify 8) You paste in the string you were given 9) The bank verifies it/you and creates a signed payload with your age-claims (over_18: true, over_21: false) 10) You copy this and go back to gambling.com --------------- 11) You paste the string back into gambling.com 12) You perform WebAuthn Auth flow 13) gambling.com verifies everything (signatures, webauthn, etc) 14) gambling.com sets a session-cookie and _STRONGLY_ encourages you to create an account (with a pass key). This will prevent you from having to verify your age every time you visit gambling.com The mechanics might feel off, but it feels like this in the neighborhood of a way to perform anonymous age verification. This is virtually free, and requires extremely light infra. Banks can be incentivized with small payments, or offer it because everyone else does and don't want to get left behind.
Saturday, August 30, 2025
Friday, August 29, 2025
Thursday, August 28, 2025
Wednesday, August 27, 2025
Tuesday, August 26, 2025
New top story on Hacker News: Show HN: SecretMemoryLocker – File Encryption Without Static Passwords
Show HN: SecretMemoryLocker – File Encryption Without Static Passwords
9 by YuriiDev | 0 comments on Hacker News.
I built SecretMemoryLocker ( https://ift.tt/NQZA78q ), a file encryption tool that generates keys dynamically from your answers to personal questions instead of using a static master password. This makes offline brute-force attacks much more difficult. Think of it as a password manager that meets mnemonic seed recovery, but without storing any sensitive keys on disk. Why? I kept losing master passwords and wanted a solution that wasn't tied to a single point of failure. I also wanted to create a "digital legacy" that my family could access only under specific conditions. The core principle is knowledge-based encryption: the key only exists in memory when you provide the correct answers. Status: * MVP is ready for Windows (.exe). * Linux and macOS support is planned. * UI is available in English, Spanish, and Ukrainian. Key Features: * No Static Secrets: No master password or seed phrase is ever stored. The key is reconstructed on the fly. * Knowledge-Based Key Generation: The final encryption key is derived from a combination of your personal answers and file metadata. * Offline Brute-Force Resistance: Uses MirageLoop, a decoy system that activates when incorrect answers are entered. Instead of decrypting real data, it generates an endless sequence of AI-created questions from a secure local database, creating an illusion of progress while keeping your real data untouched. * Offline AI Generation Mode: Optional offline Q&A generator (prototype). How It Works (Simplified): 1) Files are packed into an AES-256 encrypted ZIP archive. 2) A JSON key file stores the questions in an encrypted chain. Each subsequent question is encrypted with a key derived from the previous correct answer and the file's hash. This forces you to answer them sequentially. 3) The final encryption key for the ZIP file is derived by combining the hashes of all your correct answers. The key derivation formula looks like this: K_final = SHA256(H(answer1+file_hash) + H(answer2+file_hash) + ...) (Note: We are aware that a fast hash like SHA256 is not ideal for a KDF. We plan to migrate to Argon2 in a future release to further strengthen resistance against brute-force attacks.) To encrypt, you provide a file. This creates two outputs: your_file.txt → your_file_SMLkey.json + your_file_SecretML.zip To decrypt, you need both files and the correct answers. Install & Quick Start: Download the EXE from GitHub Releases (no dependencies needed): https://ift.tt/xgK5jQk Encrypt: SecretMemoryLocker.exe --encrypt "C:\docs\important.pdf" Decrypt: SecretMemoryLocker.exe --decrypt "C:\docs\important_SMLkey.json" I would love to get your feedback on the concept, the user experience, and any security assumptions I've made. Thanks!
9 by YuriiDev | 0 comments on Hacker News.
I built SecretMemoryLocker ( https://ift.tt/NQZA78q ), a file encryption tool that generates keys dynamically from your answers to personal questions instead of using a static master password. This makes offline brute-force attacks much more difficult. Think of it as a password manager that meets mnemonic seed recovery, but without storing any sensitive keys on disk. Why? I kept losing master passwords and wanted a solution that wasn't tied to a single point of failure. I also wanted to create a "digital legacy" that my family could access only under specific conditions. The core principle is knowledge-based encryption: the key only exists in memory when you provide the correct answers. Status: * MVP is ready for Windows (.exe). * Linux and macOS support is planned. * UI is available in English, Spanish, and Ukrainian. Key Features: * No Static Secrets: No master password or seed phrase is ever stored. The key is reconstructed on the fly. * Knowledge-Based Key Generation: The final encryption key is derived from a combination of your personal answers and file metadata. * Offline Brute-Force Resistance: Uses MirageLoop, a decoy system that activates when incorrect answers are entered. Instead of decrypting real data, it generates an endless sequence of AI-created questions from a secure local database, creating an illusion of progress while keeping your real data untouched. * Offline AI Generation Mode: Optional offline Q&A generator (prototype). How It Works (Simplified): 1) Files are packed into an AES-256 encrypted ZIP archive. 2) A JSON key file stores the questions in an encrypted chain. Each subsequent question is encrypted with a key derived from the previous correct answer and the file's hash. This forces you to answer them sequentially. 3) The final encryption key for the ZIP file is derived by combining the hashes of all your correct answers. The key derivation formula looks like this: K_final = SHA256(H(answer1+file_hash) + H(answer2+file_hash) + ...) (Note: We are aware that a fast hash like SHA256 is not ideal for a KDF. We plan to migrate to Argon2 in a future release to further strengthen resistance against brute-force attacks.) To encrypt, you provide a file. This creates two outputs: your_file.txt → your_file_SMLkey.json + your_file_SecretML.zip To decrypt, you need both files and the correct answers. Install & Quick Start: Download the EXE from GitHub Releases (no dependencies needed): https://ift.tt/xgK5jQk Encrypt: SecretMemoryLocker.exe --encrypt "C:\docs\important.pdf" Decrypt: SecretMemoryLocker.exe --decrypt "C:\docs\important_SMLkey.json" I would love to get your feedback on the concept, the user experience, and any security assumptions I've made. Thanks!
Monday, August 25, 2025
Sunday, August 24, 2025
Saturday, August 23, 2025
Friday, August 22, 2025
Thursday, August 21, 2025
New top story on Hacker News: Show HN: Tool shows UK properties matching group commute/time preferences
Show HN: Tool shows UK properties matching group commute/time preferences
6 by fryingdan | 3 comments on Hacker News.
I came up with this idea when I was looking to move to London with a friend. I quickly learned how frustrating it is to trial-and-error housing options for days on end, just to be denied after days of searching due to some grotesque counteroffer. To add to this, finding properties that meet the budgets, commuting preferences and work locations of everyone in a group is a Sisyphean task - it often ends in failure, with somebody exceeding their original budget or somebody dropping out. To solve this I built a tool ( https://closemove.com/ ) that: - lets you enter between 1-6 people’s workplaces, budgets, and maximum commute times - filters public rental listings and only shows the ones that satisfy everyone’s constraints - shows results in either a list or map view No sign-up/validation required at present. Currently UK only, but please let me know if you'd want me to expand this to your city/country. This currently works best in London (with walking, cycling, driving and public transport links connected), and works decently in the rest of the UK (walking, cycling, driving only). This started as a side project and it still needs improvement. I’d appreciate any feedback!
6 by fryingdan | 3 comments on Hacker News.
I came up with this idea when I was looking to move to London with a friend. I quickly learned how frustrating it is to trial-and-error housing options for days on end, just to be denied after days of searching due to some grotesque counteroffer. To add to this, finding properties that meet the budgets, commuting preferences and work locations of everyone in a group is a Sisyphean task - it often ends in failure, with somebody exceeding their original budget or somebody dropping out. To solve this I built a tool ( https://closemove.com/ ) that: - lets you enter between 1-6 people’s workplaces, budgets, and maximum commute times - filters public rental listings and only shows the ones that satisfy everyone’s constraints - shows results in either a list or map view No sign-up/validation required at present. Currently UK only, but please let me know if you'd want me to expand this to your city/country. This currently works best in London (with walking, cycling, driving and public transport links connected), and works decently in the rest of the UK (walking, cycling, driving only). This started as a side project and it still needs improvement. I’d appreciate any feedback!
Wednesday, August 20, 2025
Tuesday, August 19, 2025
Monday, August 18, 2025
Sunday, August 17, 2025
New top story on Hacker News: Show HN: NextDNS Adds "Bypass Age Verification"
Show HN: NextDNS Adds "Bypass Age Verification"
23 by nextdns | 3 comments on Hacker News.
We just shipped a new feature in NextDNS: Bypass Age Verification. More and more sites (especially adult ones) are now forcing users to upload IDs or selfies to continue. We think that’s a terrible idea: handing over government documents to random sites is a huge privacy risk. This new setting workarounds those verification flows via DNS tricks. It’s available today to all users, including free accounts. We’re curious how the HN community feels about this. Is it the right way to protect privacy online, or will it just provoke regulators to push harder? https://nextdns.io
23 by nextdns | 3 comments on Hacker News.
We just shipped a new feature in NextDNS: Bypass Age Verification. More and more sites (especially adult ones) are now forcing users to upload IDs or selfies to continue. We think that’s a terrible idea: handing over government documents to random sites is a huge privacy risk. This new setting workarounds those verification flows via DNS tricks. It’s available today to all users, including free accounts. We’re curious how the HN community feels about this. Is it the right way to protect privacy online, or will it just provoke regulators to push harder? https://nextdns.io
Saturday, August 16, 2025
Friday, August 15, 2025
Thursday, August 14, 2025
Wednesday, August 13, 2025
Tuesday, August 12, 2025
Monday, August 11, 2025
Sunday, August 10, 2025
New top story on Hacker News: Show HN: Bolt – A super-fast, statically-typed scripting language written in C
Show HN: Bolt – A super-fast, statically-typed scripting language written in C
22 by beariish | 8 comments on Hacker News.
I've built many interpreters over the years, and Bolt represents my attempt at building the scripting language I always wanted. This is the first public release, 0.1.0! I've felt like most embedded languages have been moving towards safety and typing over years, with things like Python type hints, the explosive popularity of typescript, and even typing in Luau, which powers one of the largest scripted evironments in the world. Bolt attempts to harness this directly in the lagnauge rather than as a preprocessing step, and reap benefits in terms of both safety and performance. I intend to be publishing toys and examples of applications embedding Bolt over the coming few weeks, but be sure to check out the examples and the programming guide in the repo if you're interested!
22 by beariish | 8 comments on Hacker News.
I've built many interpreters over the years, and Bolt represents my attempt at building the scripting language I always wanted. This is the first public release, 0.1.0! I've felt like most embedded languages have been moving towards safety and typing over years, with things like Python type hints, the explosive popularity of typescript, and even typing in Luau, which powers one of the largest scripted evironments in the world. Bolt attempts to harness this directly in the lagnauge rather than as a preprocessing step, and reap benefits in terms of both safety and performance. I intend to be publishing toys and examples of applications embedding Bolt over the coming few weeks, but be sure to check out the examples and the programming guide in the repo if you're interested!
Saturday, August 9, 2025
New top story on Hacker News: Ask HN: What Toolchains Are People Using for Desktop App Development in 2025?
Ask HN: What Toolchains Are People Using for Desktop App Development in 2025?
27 by lincoln20xx | 31 comments on Hacker News.
I recently came across a comment [0] here that highlighted the challenges of building native desktop apps with LLMs. The commenter pointed out how scarce training resources have become—few blog posts, tutorials, or open-source projects exist compared to web or mobile development. They also noted that while desktop app development was a solid career path in the 90s, it's now seen as a dead end for most, outside of big players like Microsoft or Adobe. This got me thinking: My own experience with desktop development dates back to the late 90s using Turbo Pascal 6 in Delphi, and I'm out of the loop on modern practices. With the evolving landscape, I'm curious about what tools and workflows developers are actually using today. Some questions to spark discussion: - What programming languages and frameworks are popular for desktop apps? - Are there any go-to IDEs, build tools, or libraries that make development easier? - Do the above answers change if you care about code performance or efficiency (whatever that means to you)? - Is native desktop app development still viable as a career, or are most greenfield projects shifting to web-based alternatives? I'd love to hear from folks with recent experience—success stories, pitfalls, and recommendations would be great. Thanks in advance for sharing! [0] https://ift.tt/tueG4H1
27 by lincoln20xx | 31 comments on Hacker News.
I recently came across a comment [0] here that highlighted the challenges of building native desktop apps with LLMs. The commenter pointed out how scarce training resources have become—few blog posts, tutorials, or open-source projects exist compared to web or mobile development. They also noted that while desktop app development was a solid career path in the 90s, it's now seen as a dead end for most, outside of big players like Microsoft or Adobe. This got me thinking: My own experience with desktop development dates back to the late 90s using Turbo Pascal 6 in Delphi, and I'm out of the loop on modern practices. With the evolving landscape, I'm curious about what tools and workflows developers are actually using today. Some questions to spark discussion: - What programming languages and frameworks are popular for desktop apps? - Are there any go-to IDEs, build tools, or libraries that make development easier? - Do the above answers change if you care about code performance or efficiency (whatever that means to you)? - Is native desktop app development still viable as a career, or are most greenfield projects shifting to web-based alternatives? I'd love to hear from folks with recent experience—success stories, pitfalls, and recommendations would be great. Thanks in advance for sharing! [0] https://ift.tt/tueG4H1
Friday, August 8, 2025
Thursday, August 7, 2025
New top story on Hacker News: GPT-5: Key characteristics, pricing and system card
GPT-5: Key characteristics, pricing and system card
129 by Philpax | 34 comments on Hacker News.
System card: https://ift.tt/Ivc8RnA...
129 by Philpax | 34 comments on Hacker News.
System card: https://ift.tt/Ivc8RnA...
Wednesday, August 6, 2025
Tuesday, August 5, 2025
New top story on Hacker News: Show HN: I built a tool to replace capcut audio transcription
Show HN: I built a tool to replace capcut audio transcription
3 by correa_brian | 0 comments on Hacker News.
I originally added this to my site to speed up my video editing process. Last year I started a youtube channel and for some of my longer videos it's annoying to rely on youtube or capcut to transcribe when Whisper is open source. Capcut also recently updated their T&Cs to say they own your content if you use their app, so I cancelled my subscription. Another use-case I have is recording my claude prompts as audio, transcribing them, and then pasting them into my terminal. I mostly work on the CLI (claude, ffmpeg, whisper), but I wanted to make a browser version. Not reinventing the wheel here, just using Huggingface/Xenova Transformers.js to run Whisper in the browser with a background worker. You can see a demo here: https://www.youtube.com/watch?v=ICLOvAq9vKE If you're interested in building this yourself, there's a bunch of examples on Huggingface https://ift.tt/ak7HfYo...
3 by correa_brian | 0 comments on Hacker News.
I originally added this to my site to speed up my video editing process. Last year I started a youtube channel and for some of my longer videos it's annoying to rely on youtube or capcut to transcribe when Whisper is open source. Capcut also recently updated their T&Cs to say they own your content if you use their app, so I cancelled my subscription. Another use-case I have is recording my claude prompts as audio, transcribing them, and then pasting them into my terminal. I mostly work on the CLI (claude, ffmpeg, whisper), but I wanted to make a browser version. Not reinventing the wheel here, just using Huggingface/Xenova Transformers.js to run Whisper in the browser with a background worker. You can see a demo here: https://www.youtube.com/watch?v=ICLOvAq9vKE If you're interested in building this yourself, there's a bunch of examples on Huggingface https://ift.tt/ak7HfYo...
Monday, August 4, 2025
Sunday, August 3, 2025
Saturday, August 2, 2025
Friday, August 1, 2025
New top story on Hacker News: Show HN: TraceRoot – Open-source agentic debugging for distributed services
Show HN: TraceRoot – Open-source agentic debugging for distributed services
10 by xinweihe | 0 comments on Hacker News.
Hey Xinwei and Zecheng here, we are the authors of TraceRoot ( https://ift.tt/yJAE8dk ). TraceRoot ( https://traceroot.ai ) is an open-source debugging platform that helps engineers fix production issues faster by combining structured traces, logs, source code contexts and discussions in Github PRs, issues and Slack channels, etc. with AI Agents. At the heart are our lightweight Python ( https://ift.tt/IoFuDfB ) and TypeScript ( https://ift.tt/NFtePqu ) SDKs - they can hook into your app using OpenTelemetry and captures logs and traces. These are either sent to a local Jaeger ( https://ift.tt/M0dLuEQ ) + SQLite backend or to our cloud backend, where we correlate them into a single view. From there, our custom agent takes over. The agent builds a heterogeneous execution tree that merges spans, logs, and GitHub context into one internal structure. This allows it to model the control and data flow of a request across services. It then uses LLMs to reason over this tree - pruning irrelevant branches, surfacing anomalous spans, and identifying likely root causes. You can ask questions like “what caused this timeout?” or “summarize the errors in these 3 spans”, and it can trace the failure back to a specific commit, summarize the chain of events, or even propose a fix via a draft PR. We also built a debugging UI that ties everything together - you explore traces visually, pick spans of interest, and get AI-assisted insights with full context: logs, timings, metadata, and surrounding code. Unlike most tools, TraceRoot stores long-term debugging history and builds structured context for each company - something we haven’t seen many others do in this space. What’s live today: - Python and TypeScript SDKs for structured logs and traces. - AI summaries, GitHub issue generation, and PR creation. - Debugging UI that ties everything together TraceRoot is MIT licensed and easy to self-host (via Docker). We support both local mode (Jaeger + SQLite) and cloud mode. Inspired by OSS projects like PostHog and Supabase - core is free, enterprise features like agent mode multi-tenant and slack integration are paid. If you find it interesting, you can see a demo video here: https://www.youtube.com/watch?v=nb-D3LM0sJM We’d love you to try TraceRoot ( https://traceroot.ai ) and share any feedback. If you're interested, our code is available here: https://ift.tt/yJAE8dk . If we don’t have something, let us know and we’d be happy to build it for you. We look forward to your comments!
10 by xinweihe | 0 comments on Hacker News.
Hey Xinwei and Zecheng here, we are the authors of TraceRoot ( https://ift.tt/yJAE8dk ). TraceRoot ( https://traceroot.ai ) is an open-source debugging platform that helps engineers fix production issues faster by combining structured traces, logs, source code contexts and discussions in Github PRs, issues and Slack channels, etc. with AI Agents. At the heart are our lightweight Python ( https://ift.tt/IoFuDfB ) and TypeScript ( https://ift.tt/NFtePqu ) SDKs - they can hook into your app using OpenTelemetry and captures logs and traces. These are either sent to a local Jaeger ( https://ift.tt/M0dLuEQ ) + SQLite backend or to our cloud backend, where we correlate them into a single view. From there, our custom agent takes over. The agent builds a heterogeneous execution tree that merges spans, logs, and GitHub context into one internal structure. This allows it to model the control and data flow of a request across services. It then uses LLMs to reason over this tree - pruning irrelevant branches, surfacing anomalous spans, and identifying likely root causes. You can ask questions like “what caused this timeout?” or “summarize the errors in these 3 spans”, and it can trace the failure back to a specific commit, summarize the chain of events, or even propose a fix via a draft PR. We also built a debugging UI that ties everything together - you explore traces visually, pick spans of interest, and get AI-assisted insights with full context: logs, timings, metadata, and surrounding code. Unlike most tools, TraceRoot stores long-term debugging history and builds structured context for each company - something we haven’t seen many others do in this space. What’s live today: - Python and TypeScript SDKs for structured logs and traces. - AI summaries, GitHub issue generation, and PR creation. - Debugging UI that ties everything together TraceRoot is MIT licensed and easy to self-host (via Docker). We support both local mode (Jaeger + SQLite) and cloud mode. Inspired by OSS projects like PostHog and Supabase - core is free, enterprise features like agent mode multi-tenant and slack integration are paid. If you find it interesting, you can see a demo video here: https://www.youtube.com/watch?v=nb-D3LM0sJM We’d love you to try TraceRoot ( https://traceroot.ai ) and share any feedback. If you're interested, our code is available here: https://ift.tt/yJAE8dk . If we don’t have something, let us know and we’d be happy to build it for you. We look forward to your comments!
Subscribe to:
Comments (Atom)