惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东
A
About on SuperTechFans
Stack Overflow Blog
Stack Overflow Blog
雷峰网
雷峰网
Microsoft Azure Blog
Microsoft Azure Blog
腾讯CDC
爱范儿
爱范儿
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 【当耐特】
V
Visual Studio Blog
有赞技术团队
有赞技术团队
U
Unit 42
D
Docker
小众软件
小众软件
F
Full Disclosure
I
Intezer
Scott Helme
Scott Helme
P
Privacy International News Feed
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
Google DeepMind News
Google DeepMind News
B
Blog
Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Spread Privacy
Spread Privacy
宝玉的分享
宝玉的分享
S
Security Affairs
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
Schneier on Security
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Threat Research - Cisco Blogs
量子位
Hacker News - Newest:
Hacker News - Newest: "LLM"
H
Heimdal Security Blog
N
Netflix TechBlog - Medium
H
Hacker News: Front Page
P
Proofpoint News Feed
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
S
Schneier on Security

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
GitHub - freenet/freenet-git: git over Freenet: decentralized git hosting on the Freenet network
sanity · 2026-05-01 · via Hacker News: Show HN

Git repositories hosted directly on Freenet. Push, fetch, and clone through the Freenet network using normal Git commands, without GitHub, GitLab, federation, or a server you operate. A repository is a Freenet contract; Git sees it through a standard remote helper.

Status

Experimental. Phase 1 of the design tracked in freenet-core#3985.

Working today:

  • create a Freenet-hosted Git repository
  • push commits (single pack and multi-chunk)
  • fetch and clone through Git's remote-helper protocol
  • clone live demo repos from the public Freenet network
  • freenet-git rescue <url> to re-PUT a repo's bundles when chunks evict from the wider network (cures exhausted all peers errors)

Not yet supported:

  • Multi-writer ACL. Today only the repo owner can push directly. This is closer to Git's original Linus-kernel model: every contributor publishes their own Freenet-hosted clone, maintainers pull from them. ACL (Phase 1.1) is for people who prefer the GitHub-style "everyone pushes to one canonical repo" workflow.
  • Pull requests as proposal contracts with signed comments and reviews (Phase 2).
  • Issues as per-repo append-only contracts with signed status changes and labels (Phase 4+).
  • CI / GitHub Actions equivalent. The hard part isn't running the jobs (anyone can run their own runner). The forge-shaped problem is coordinating runner queues, posting signed results, and giving viewers a way to verify "this commit's tests passed." freenet-git will provide the coordination contracts (job queue, result attestations); the runners themselves are out-of-process workers users opt into running. Runner trust models, ranging from N-of-M reproducible-build agreement to TEE attestation to simple whitelisted runners, are sketched in freenet-core#3985.
  • Releases / package registry, discovery via search and reputation (Phase 4+). Discovery is not a first-come-first-served namespace; it's a search engine over published repos plus a reputation signal so people can tell which freenet-core is the one they want.
  • Parallel chunk uploads. Pushing repos with hundreds of chunks is currently slow (filed; not yet shipped).

Live demos

Hosted on Freenet and clonable today:

# freenet-core HEAD source snapshot (no full history)
git clone freenet::AaRxPZVdWrPh/freenet-core

# freenet-stdlib full git history (177 commits)
git clone freenet::2pyvKxrozxgT/freenet-stdlib

Requires cargo install freenet-git and a running local Freenet node. See "Quick start" below.

What this is

Git is already decentralized: every clone is a complete repository, and any two clones can synchronize directly. What Git usually lacks is decentralized hosting and discovery. GitHub, GitLab, and Forgejo provide that layer by centralizing it on servers.

freenet-git moves the hosting layer onto Freenet. Repository state lives in Freenet contracts; Git interacts with those contracts through a standard remote helper. The long-term goal is a decentralized software forge: repos first, then pull requests, issues, CI attestations, releases, and names.

Quick start

1. Install

You need a Rust toolchain. If you don't have one, install via rustup.rs:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Then:

cargo install freenet-git

This installs both freenet-git (the companion CLI) and git-remote-freenet (the Git remote helper). Make sure ~/.cargo/bin is on your PATH.

2. Run a local Freenet node

You need a Freenet node running locally to talk to. See the Freenet getting-started guide. The WebSocket API endpoint defaults to ws://127.0.0.1:7509/v1/contract/command.

3. Clone a live repo

git clone freenet::2pyvKxrozxgT/freenet-stdlib

No identity, no setup. Just git clone against a real Freenet-hosted repository.

4. Publish your own repo

freenet-git init-identity --name "Your Name" --email you@example.com
cd ~/code/my-project
freenet-git create --name my-project --description "A thing"
# -> URL: freenet:RtTzy58hMxAB/my-project

git remote add freenet freenet::RtTzy58hMxAB/my-project

# git push needs the bundle passphrase via env var (see "Passphrase
# handling" below for why)
export FREENET_GIT_PASSPHRASE='your-passphrase'
git push freenet main

Passphrase handling

git push and git fetch go through git-remote-freenet, which runs as a child process of git. Git owns stdin and stdout for the remote-helper protocol, so the helper can't prompt you for a passphrase interactively. For now you must provide it via FREENET_GIT_PASSPHRASE.

This is a Phase 1 UX compromise. Avoid putting the passphrase in shell history or long-lived environment files. A future release will add OS-keychain integration.

Sending changes to a maintainer

Today freenet-git works the way Linux kernel development worked before centralized forges: each contributor publishes their own freenet-hosted clone, and maintainers pull from those clones to review and merge. There is no shared "canonical repo with everyone pushing to it" yet (that's Phase 1.1).

A concrete walkthrough. Alice has a fix she wants Ian to consider for freenet-core:

On Alice's machine:

# one-time setup
cargo install freenet-git
freenet-git init-identity --name "Alice" --email alice@example.com

# Alice already has a clone of freenet-core somewhere
cd ~/code/freenet-core
git checkout -b fix-thing
# ... commits ...

# publish her fork as a freenet-hosted repo
freenet-git create --name freenet-core-alice
# -> URL: freenet:Aa12bc34De56/freenet-core-alice

git remote add freenet freenet::Aa12bc34De56/freenet-core-alice
export FREENET_GIT_PASSPHRASE='whatever'
git push freenet fix-thing

She then tells Ian her URL through some other channel (Matrix, email, mailing list, IRC). There is no inbox of incoming proposals on Freenet itself yet, so the announce-your-fork step is still out-of-band.

On Ian's machine:

cd ~/code/freenet-core
git remote add alice freenet::Aa12bc34De56/freenet-core-alice
git fetch alice                            # streams from Freenet
git log alice/fix-thing --oneline -5       # review
git checkout -b alice-fix alice/fix-thing
cargo test
# if happy:
git checkout main && git merge alice-fix

Mechanically the round trip works end-to-end on the network today. What's missing is the social layer.

Where this is heading

The same pattern with the missing pieces filled in:

  • Phase 1.1, multi-writer ACL. For projects that prefer the GitHub-style "everyone pushes to one canonical repo" workflow, the repo owner publishes a signed contributor list. Both modes will coexist; pick whichever fits the project's culture.
  • Phase 2, proposal contracts. Alice's git push of a feature branch optionally publishes a signed "PR" document (commit range, description, base ref) to a proposals contract Ian's repo subscribes to. Ian's local UI sees incoming PRs without anyone having to send a Matrix message. Comments and reviews are signed follow-up entries on the same proposal. Cross-repo references ("Alice's fix-thing on top of upstream's main@abc1234") become first-class.
  • Phase 3, signed CI attestations. Anyone can run a runner; results are signed and posted to a job-queue contract. Viewers verify "this commit's tests passed" against whatever trust model the project picked (whitelisted runners, N-of-M reproducible build agreement, TEE attestation).
  • Phase 4+, issues, releases, discovery. Issues as per-repo append-only signed timelines. Releases as signed tag refs plus artifact contracts. Discovery is a search engine over published repos plus a reputation signal, not a first-come-first-served name registry. You search for "freenet-core", see candidates ranked by reputation, and pick the one that's actually upstream rather than racing someone to grab a global name.

Until those phases land, the git remote add / git fetch / out-of-band-tell-the-maintainer loop above is the supported flow. It is enough for the substrate to be useful; the forge layers on top.

Keeping a published repo alive

Freenet is a communication medium, not a storage medium. Peers keep contracts in an LRU cache, so anything that nobody has touched recently is the first thing dropped to make room for hotter content. For a freenet-git repo this shows up as:

error: fetch ChunkedPack ...
Caused by: get exhausted all peers after 4 attempts

The fix is to refresh the network's hot copy. Anyone with a node that still has the contract data cached (typically the original publisher) can run:

freenet-git rescue freenet:<prefix>/<label>

This re-PUTs every bundle and chunk the repo references, which re-broadcasts each to whichever peers subscribe to that contract's location and bumps it back to the top of their LRU cache.

For repos you publish and want to keep reachable, run rescue as a cron job (e.g. once a day or a few times a week) from a node that holds the data. A future release will add freenet-git rescue --from <git-dir> so any clone-holder can rescue from their working tree even if the local node's cache has also forgotten.

How URLs work

A freenet-git URL looks like:

freenet:RtTzy58hMxAB/my-project
        ^~~~~~~~~~~~ ^~~~~~~~~~
        prefix       label (optional)

For git remote add and git clone, use the double-colon form:

freenet::RtTzy58hMxAB/my-project

The double colon is required by Git's remote-helpers protocol to disambiguate from SCP-style URLs.

Prefix

The prefix is the first 12 base58 characters of the repo owner's ed25519 public key (~70 bits). It's the only part that participates in identity, signatures, and network routing. The full Freenet contract key is computed locally as BLAKE3(BLAKE3(repo-contract.wasm) || serialize({prefix})).

Anyone with a current freenet-git install resolves the same contract key from the same prefix. The URL stays stable across contract WASM upgrades; only the underlying contract key changes, which the on-host helper handles transparently.

Label

The label is a human-readable name following the prefix after a /. It's purely cosmetic:

  • Two URLs that differ only in their label resolve to the same repo.
  • Git uses the label as the default clone-into directory name, so git clone freenet::RtTzy58hMxAB/my-project produces a my-project/ directory.
  • The label is never sent to the network and never signed against.

Identity model

Today, only the repo owner can push to a given Freenet repo. Other developers publish their own Freenet-hosted clones and maintainers pull from them. This is the same workflow that built the Linux kernel before centralized forges became dominant.

Phase 1.1 adds opt-in multi-writer ACL for projects that prefer the GitHub-style "everyone pushes to one canonical repo" model. Both modes will coexist.

Each repo has its own ed25519 keypair, so compromising one repo's key does not compromise your cross-repo identity:

  • freenet-git init-identity creates a default identity (used for cross-repo signing in Phase 2: PR comments and reviews).
  • freenet-git create generates a fresh per-repo keypair and stores it in your bundle's repos registry. The URL prefix is derived from this per-repo public key.
  • Bundles are passphrase-encrypted with scrypt + ChaCha20-Poly1305. Move them between machines via freenet-git export-identity and freenet-git import-identity.

Roadmap

The goal is a decentralized software forge, built incrementally:

  • Phase 1.0 (current): single-writer push/fetch/clone (the Linus-kernel model).
  • Phase 1.1: opt-in multi-writer ACL for projects that want a GitHub-style canonical repo with shared write access.
  • Phase 2: pull requests as proposal contracts; signed comments and reviews; cross-repo references (your fork to maintainer's upstream).
  • Phase 3: CI coordination. Job-queue contracts, signed result attestations. Runners are out-of-process workers that users opt into running; trust model can range from a simple maintainer-whitelist to N-of-M reproducible-build agreement to TEE attestation.
  • Phase 4+: issues (per-repo append-only signed timelines), releases (signed tag refs + artifact contracts), discovery via search and reputation rather than a first-come-first-served name registry, per-user identity contracts that link to PGP/SSH/GitHub identities for continuity.

See freenet-core#3985 for the design and rationale.

Repository layout

crates/
  encoding/         length-prefixed signed payloads + canonical CBOR.
                    Wire format both contracts and binaries pin to.
  types/            RepoState, deltas, validate_state, update_state,
                    CRDT merge, ChunkedPack manifest. Pure Rust,
                    unit-tested without WASM.
  identity/         passphrase-encrypted ed25519 keypair bundle.
  repo-contract/    WASM contract: mutable repo state (refs + bundle index).
  pack-contract/    WASM contract: immutable packfile bytes.
  freenet-git/      both binaries (`freenet-git` CLI + `git-remote-freenet`
                    helper) and the bundled contract WASMs.
docs/
  0001-large-repos.md   ChunkedPack design (incl. Codex review).

License

LGPL-3.0-only. See LICENSE.