alt Hacker NewsAsk HN: What Are You Working On? (December 2025)
What are you working on? Any new ideas that you're thinking about?
Comments
https://LMNO.lol Drag and drop your markdown to the web and get a blog.
Also because the web/blogs lost itself in tracking, bloat, paywalls... and I miss some of the quirkiness.
My blog runs on it: https://xenodium.com
jobswithgpt.com - specifically improving the underlying LLM indexing.
not really projects but productivity tools for codex/claude code etc
https://github.com/agentify-sh/safeexec/ - this will prevent rm -rf or git reset --hard being run by off chance when used with --dangerously-bypass-permissions flag
https://github.com/agentify-sh/10x/ - codex productivity booster which adds skills (most likely need to be phased out now since codex has skills), redundant checkpoint/backups with git and jj, subagents, parallel agents, PLAN/RUN/THINK modes.... im actually not sure about releasing this anymore because of how much better codex has gotten.
learning rust and myself.
Testing out LLM based content moderation tools, but on code mixed content. Content is not typical pure english content. Mostly its been a journey in getting data and then fiddling with policy.
I'm using COPE from Zentropi to run my moderation https://zentropi.ai/ .
I’m building a netsuite competitor (having spent a lot of my career on accounting and erp implementations.)
The trick (one trick) is to allow LLMs to provide an audit/accounting/compliance playbook, along with customizations, based on the user describing their business model.
I'm not working on anything at all. I'm stuck in SAFe planning meetings for the next week. I fucking hate the whole thing but they pay me to sit there and watch others play with their Miro boards, so Merry Christmas you filthy animals.
a memory library for AI Agents :)
open source and hosted!
coding agents, co-agents, and coco-agents.
codedorian.com a programming language
Astrophysics
a fence
Nothing.
love this
https://mindscopeapp.com - Mindscope 2 (iOS, iPadOS, macOS, watchOS)
Just submitted it to Apple for review this past weekend... basically Scapple's visual text canvas meets Workflowy's hierarchical focusing. I mainly wrote the app for myself to organize my thoughts. Very happy with how it has turned out.
Edit: Would be interested to hear why this was downvoted?
AI and ML ecosystem in Elixir. Solo mission currently. Early stage. Backlogged. Open to help: [email protected]
thinking make mn
n-gate2.com/hackernews
miss you buddy :'(
I'm working on headless browser fingerprinting.
We're focusing on "anti-cloaking" for anti-phishing and other Internet security applications at the moment. Phishing sites can "cloak" themselves so that they present malicious content to ordinary users and benign content to bots, and thereby evade detection. Anti-cloaking is doing things to defeat cloaking.
The methodology is to operate a site that logs all requests, and collects information from the JavaScript environment, and looks for signals that a session is being operated by a bot instead of a human. We have 183 unique signals so far.
We've seen fake mobile phone APIs being injected into the DOM, and have been able to read out the source code implementing them. We've seen lots of people running the browser with TLS validation and same-origin policy disabled, which are both easy to probe for. And we've even seen people running services on localhost with CORS headers that allow cross-origin requests, allowing us to read out their server headers and page contents and which would allow us to send arbitrary requests to their local servers. We've seen people using proxies that don't support websockets. We've even seen surprisingly-big companies scanning us from netblocks that just straightforwardly name the company, which would be trivial to block just by IP address.
It turns out that every security vendor that scans VirusTotal submissions or domains from CT logs has major flaws in their headless browser setup which mean it's worryingly easy to cloak from them.
I don't know the best angle for monetisation. Currently we are selling "quick overviews" of what people are doing wrong, but it kind of feels like we're giving away too much value too cheaply. However it's difficult to convince people that there is value worth paying for without telling them what they're doing wrong upfront before they pay. Ideas include:
* automated quick overviews, where we give you a URL to point your bot at, find out all the signals you hit, and give you an automatically-generated report of what you are doing wrong
* or a manual "pentest" of your headless browser, where we do the same thing but spend a few days manually looking harder to see if there are new signals we're not yet spotting automatically
* or we could sell a report of the state of the industry as a whole
* or access to our tooling
* or something else
I have been told that if I say it's for anti-phishing then I have 12 customers max but if I say it's for AI browser agents then someone will give me a billion dollars. So possibly we need to explore other applications, like either telling AI scrapers why they are getting blocked, or else helping sites block AI scrapers (though I am personally opposed to building the apartheid web).
Open problems are:
* what's the best form to sell it?
* how do we satisfy people that if they pay for a test then they will get value from it?
* should we pivot away from anti-phishing?
* for bots that we notice have found us from VirusTotal or CT logs, how do we work out who is operating them so that we can sell to them? Sometimes attribution is easy but in the majority of cases it is not
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
Working on understanding why this thread gets hundreds of comments and upvotes while threads with the same name posted by other users don't get this much engagement.
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
https://github.com/connet-dev/connet
Just finished a major (v0.10) revamp of the API (you can use connet as part of an application, not through the CLI) which also fixed a few issues I've been seeing before.
Now, I'm gearing to update the relay protocols - currently relays are closed off by the control server (e.g. you ask it to provision you a relay resource) which requires the relay to communicate with the control server itself. In the new version, the relays will be operating on their own (there might be a shared secret with the control server, in case you want a closed off relay) and peers will reserve directly with the desired relays. Maybe in future, the relays might form clusters on their own to take advantage of better relay-to-relay network and peers will reserve only at the relay closest to them.
Another stream of work, is giving peers identities. Right now the server will give them an internal identity to better support reconnects, but these are not stable (e.g. they don't survive client restarts). In future, the peer will advertise their identity and then other peers may choose what peers to allow comms with and what to ignore, pushing more decisions into peers themself.
Yet another change I'm thinking about is exposing raw endpoints to enable users of the system to implements other protocols - I'm not quite sure if this is really needed (the destination/source, e.g. server/client) covers a lot of ground by itself, but it would be great if these are not the only options.
Many options how to continue, but if I'm out of ideas, there is always a Rust rewrite to throw in /s
Just released the browser extension for https://unrav.io . It transforms any article, paper, or YouTube video into your perfect view (infographic, TL;DR, mind map, podcast, etc) with one click.
It’s for people who feel smart but overwhelmed, drowning in tabs, skimming everything, remembering nothing.
You don’t need more information. You need clarity.