BlogViral

Show HN: Bloodhound – Grey-box attack-path discovery in Rust/Go/C++ binaries We originally set out to solve complex debugging headaches and useless alerts caused by traditional security scanners in our own projects. Static Analysis (SAST) flagged too much noise because it couldn't verify runtime context, while Dynamic Analysis (DAST) missed internal logic bugs because it treated the app like a black box. We built a CLI tool to bridge this gap using grey box testing from a red team approach. We use internal knowledge of the codebase to guide parallel execution, allowing us to find complex or hidden logic errors and attack paths standard linters/scanners miss. The Tech (Grey Box Graphing & Execution): - Internal Graphing (The Map): It ingests the codebase to build a dependency graph of the internal logic. - Parallel Execution (The Test): The code is then tested on parallel engines. We spin up copies of your local dev environment to exercise the codebase in thousands of ways. This...

Show HN: ZON-TS 50–65% fewer LLM tokens zero parse overhead better than TOON/CSV hey HN — roni here, full-stack dev out of india (ex-gsoc @ internet archive). spent last weekend hacking ZON-TS because json was torching half my openai/claude budget on dumb redundant keys — hit that wall hard while prototyping agent chains. result: tiny TS lib (<2kb, 100% tests) that zips payloads ~50% smaller (692 tokens vs 1300 on gpt-5-nano benches) — fully human-readable, lossless, no parse tax. drop-in for openai sdk, langchain, claude, llama.cpp, zod validation, streaming... just added a full langchain chain example to the readme (encode prompt → llm call → decode+validate, saves real $$ on subagent loops). quick try: ```ts npm i zon-format import { encode, decode } from 'zon-format'; const zon = encode({foo: 'bar'}); console.log(decode(zon)); ``` github → https://github.com/ZON-Format/ZON-TS benches + site → https://zonformat.org YC’s fall rfs nailed it — writing effective agent...

Show HN: Detail, a Bug Finder Hi HN, tl;dr we built a bug finder that's working really well, especially for app backends. Try it out and send us your thoughts! Long story below. -------------------------- We originally set out to work on technical debt. We had all seen codebases with a lot of debt, so we had personal grudges about the problem, and AI seemed to be making it a lot worse. Tech debt also seemed like a great problem for AI because: 1) a small portion of the work is thinky and strategic, and then the bulk of the execution is pretty mechanical, and 2) when you're solving technical debt, you're usually trying to preserve existing behavior, just change the implementation. That means you can treat it as a closed-loop problem if you figure out good ways to detect unintended behavior changes due to a code change. And we know how to do that – that's what tests are for! So we started with writing tests. Tests create the guardrails that make future code changes safer....

Show HN: We vibe coded our team's issue tracker, knowledge base, telemetry board Hi HN, I'm the CEO at https://replay.io . We've been working on time travel debugging for web development for a while ( https://ift.tt/c89j1qg ) and more recently an AI app builder that uses that debugger to get past problems instead of spinning in circles ( https://ift.tt/RJOcrIn ). We've gotten to where we can pretty easily build apps to replace business-critical SaaS tools, some of which we're now using internally: * We built our own issue tracker to keep track of all our development projects, tickets, bug fixes, and so on, completely replacing Linear. * We built a knowledge base for managing internal documentation and the status of ongoing initiatives, completely replacing Notion. * We built a telemetry system that ingests OTLP events via a webhook and supports custom graphs and visualizations, mostly replacing Honeycomb. We want to have as much control as we can of the apps we need...

Show HN: Edge HTTP to S3 Hi HN, Edge.mq makes it very easy to ship data from the edge to S3. EdgeMQ is a managed HTTP to S3 edge ingest layer that takes events from services, devices, and partners on the public internet and lands them durably in your S3 bucket, ready for tools like Snowflake, Databricks, ClickHouse, DuckDB, and feature pipelines. Design focus on simplicity, performance and security. https://edge.mq/ December 9, 2025 at 01:05AM

Show HN: Diesel-guard – Lint Diesel migrations for unsafe PostgreSQL patterns https://ift.tt/pbFfU3m December 9, 2025 at 12:18AM