BlogViral

Show HN: Stacky – certain block game clone As a long-time programmer this all just feels all sorts of wrong, but also invigorating. Vibe "coded" the whole thing from 0-100 over the course of few days, on and off. I have no intentions of developing it further since it's obvious what it is; I would absolutely love to work on a licensed game and do it proper with all the various ideas I have, since this is maybe 10% of what I want in such a game, but I heard somewhere licensing is cost-prohibitive. Putting AI shame aside, it really allowed me to explore so many things in a short amount of time that it feels good, almost enough to compensate the feeling of shame using AI to begin with. WebGPU isn't in there, although it's in another experimental version, part are indeed written in Rust (game logic). It has: - lock delay / grace period (allowing for 15 moves) - DAS (Delayed Auto Shift) and ARR (Auto Repeat Rate for continuous movement) for horizontal and soft drop move...

Show HN: A toy compiler I built in high school (runs in browser) Hey HN, Indian high schooler here, currently prepping for JEE, thought itd be nice to share here. Three years ago in 9th/10th grade I got a knack for coding, I taught myself and made a custom compiler with LLVM to try to learn C++. So I spent a lot of time learning LLVM from the docs and also C++. It's not some marvelous piece of engineering, I designed the syntax to be a mix of C and what I wished C looked like back in 9th grade. It has: - Basic types like bool, int, double, float, char etc. with type casting - Variables, Arrays, Assign operators & Shorthands - Conditionals (if/else-if/else), Operators (and/or), arithmetics (parenthesis etc) - Arrays and indexing stuff - C style Loops (for/while) and break/continue - Structs and dot accessing - extern C interop with the "extern" keyword Some challenges I faced: - Emscripten and WASM, as I also had to make it run on my demo website - Learning typescript ...

Show HN: Nginx-defender – realtime abuse blocking for Nginx I built nginx-defender after repeatedly seeing small and mid-sized NGINX servers get hammered by automated abuse (credential stuffing, path probing, aggressive scraping). Existing tools like fail2ban or CrowdSec felt either too slow to react, too heavy for low resource servers, or painful to tune for modern traffic patterns. nginx-defender runs inline with NGINX and blocks abusive IPs in real time based on request behavior rather than static rules. It’s designed to be lightweight, simple to deploy, and usable on small VPS setups. I’ve been running it on my own servers and have seen thousands of abusive requests blocked within hours with minimal overhead. Would love feedback from people running NGINX in production, especially on detection logic, false positives, or missing use cases. https://ift.tt/Ii6GlHn February 7, 2026 at 10:31PM

Lightning-Fast Cell Service in Downtown Muni Stations for Super Bowl LX By Mariana Maguire We’re excited to keep you connected with cell service that’s more reliable than ever in our downtown stations. Thousands of people are exploring San Francisco this week for Super Bowl LX. And we’re thrilled to support fans with lightning-fast cell service in downtown Muni stations! Last year, we brought full cell service to all Muni Metro tunnels with service available through Verizon, AT&T and T-Mobile. We recently upgraded to C-Band technology. It now covers the Central Subway and our Market Street stations from Civic Center through Embarcadero. This change means major wins for Muni riders... Published February 06, 2026 at 07:00AM https://ift.tt/dDn92Vf

Show HN: Daily-updated database of malicious browser extensions Hey HN, I built an automated system that tracks malicious Chrome/Edge extensions daily. The database updates automatically by monitoring chrome-stats for removed extensions and scanning security blogs. Currently tracking 1000+ known malicious extensions with extension IDs, names, and dates. I'm working on detection tools (GUI + CLI) to scan locally installed extensions against this database, but wanted to share the raw data first since maintained threat intelligence lists like this are hard to find. The automation runs 24/7 and pushes updates to GitHub. Free to use for research, integration into security tools, or whatever you need. Happy to answer questions about the scraping approach or data collection methods. https://ift.tt/F0bgy8c February 6, 2026 at 11:34PM

Show HN: A password system with no database, no sync, and nothing to breach Hi HN, Bastion Enclave is an experiment in removing centralized trust from password management by eliminating server-side state entirely. Instead of storing an encrypted vault or syncing secrets through a backend, Bastion computes credentials deterministically on-the-fly using explicit cryptographic inputs. Given the same master entropy, service name, username, and version counter, the same password is reproduced across platforms. There is no account system, no database, and no persistent server storage — the server serves static code only. Password generation uses domain-separated salts and PBKDF2-HMAC-SHA512 (210k iterations) to produce a byte stream, followed by unbiased rejection sampling to avoid modulo bias when mapping to character sets. Nothing is stored; passwords are derived when needed and discarded immediately after use. When users choose to persist data locally (vault state, notes, file keys), encr...