惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
N
News and Events Feed by Topic
C
Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
A
Arctic Wolf
Scott Helme
Scott Helme
P
Palo Alto Networks Blog
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
量子位
G
Google Developers Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
NISL@THU
NISL@THU
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
AWS News Blog
AWS News Blog
爱范儿
爱范儿
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
L
LINUX DO - 最新话题
Security Archives - TechRepublic
Security Archives - TechRepublic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Secure Thoughts
Cloudbric
Cloudbric
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
有赞技术团队
有赞技术团队
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
P
Proofpoint News Feed
V
V2EX
Martin Fowler
Martin Fowler
C
CERT Recently Published Vulnerability Notes
Attack and Defense Labs
Attack and Defense Labs
C
CXSECURITY Database RSS Feed - CXSecurity.com
The Cloudflare Blog
SecWiki News
SecWiki News
罗磊的独立博客
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
The Last Watchdog
The Last Watchdog

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
A backend where you never need migrations or auth code
WolfOliver · 2026-06-17 · via Show HN

How building a writing app led to building a Firebase alternative with a different idea about authorization

The goal: a backend you never have to change

No code changes when you add a feature. No database migrations when your data model evolves. No authorization rules deployed to the server. If you can build a backend like that, you have something genuinely new.

The tool I built to get there is called LinkedRecords — an open-source (MIT), generic backend-as-a-service for single-page applications, in the same space as Firebase or Convex, but self-hostable. The core difference is the authorization model: instead of writing permission rules in backend code, you assert them as facts — the same triple-store mechanism you use to query data. Your schema, your relationships, your access control: all stored as data the backend already knows how to enforce.

Here's how I got there.

2017: An itch that wouldn't go away

I was writing large architecture documents at work, using Google Docs for it. It worked — until the documents got big. Then it slowed to a crawl. And for technical writing, it was constantly in your way: no citation management, no table captions, no cross-references, formatting that fought you every time you inserted an image.

But what actually kept me awake at night wasn't the missing features. It was the real-time collaboration. Multiple cursors. Instant sync. No conflicts. You could see exactly who was writing where. How did they build that?

I'd actually tried to tackle something similar back in 2007 — a CMS usingcontenteditable— and failed. But now I had a clearer question: if I skip the page layout entirely (the part that makes Google Docs complex), and just let the browser handle rendering, how hard would it actually be to build the collaboration part?

Operational Transformation and a dangerous question

The algorithm behind Google Docs is called Operational Transformation (OT). In 2017 it was hard to find good documentation about it — one guy who'd worked on Google Wave had written it up, and that was basically it.

OT has two halves: a frontend part and a backend part. The backend part is opinionated — it needs to store data, manage change history, and broadcast updates. And that got me thinking: what if I built the most generic version of this backend I possibly could? Something reusable across any app I'd ever want to build?

I care a lot about zero-cost abstractions — the idea that you can generalize something without adding layers or overhead, sometimes just by renaming it to something more universal. That principle became the guiding constraint.

2018: LinkedRecords v1 — almost useful

The first version was a key-value store with streaming changes. You create an "attribute" — a piece of data, which could be long text, JSON, or a file — get back an ID, and subscribe to changes from any browser. The API looked like this:

const doc = await lr.Attribute.createLongText('initial content');

doc.id // → store this, retrieve the document later

doc.set('new content');
doc.change(/* a delta — e.g. "insert D at position 5374" */);

doc.subscribe((delta) => {
  // remote update arrived — apply to editor
})

It worked for collaboration. But it was missing two things that made it useless for building real apps: no authentication/authorization, and no query language. You could only access data if you already knew its ID. Not practical.

So I made a pragmatic call: go build the editor first. Come back and fix LinkedRecords later.

2018–2023: Five years building the editor

MonsterWriter is the app I wished had existed — Microsoft Word rebuilt for students and researchers: citations, LaTeX export, cross-references, distraction-free writing, no page layout getting in your way.

Turns out contenteditable is a nightmare. Different browsers produce different HTML from the same input. Syncing remote changes means you have to save and restore the cursor position before applying each delta, or the user's cursor just vanishes. One content editable field per section (rather than one giant one) helps with performance. None of this is obvious until you're deep in it.

The GitHub history shows a long quiet stretch from 2017 through 2022. MonsterWriter is a real product now — people pay for it, students write their theses with it. But all along it was running on a backend I kept having to touch, which violated the whole original point.

The real differentiator isn't collaboration

When I came back to LinkedRecords, I had to be honest about something: the collaboration feature wasn't the main value anymore. CRDTs (conflict-free replicated data types) have become the go-to for this now — nobody would pick OT as their first choice today. The technology moved on.

What makes LinkedRecords different from Firebase, Supabase, or Pocketbase isn't real-time sync. It's the authorization system — and the fact that it's expressed as data, not code.

RDF: the forgotten web standard that still has good ideas

For the query language and authorization model, I remembered something from a university course on Semantic Interoperability: the Resource Description Framework (RDF). A triple store — every fact in the database is three things: subject, predicate, object. It was briefly called "Web 3.0" in academia before the crypto crowd adopted that term.

Nobody uses RDF in web development. But the model is clean. I didn't want to use the full SPARQL stack — that felt like overkill. What I needed was a Postgres table with three columns and some pattern matching. I called my implementation "Facts" instead of triples.

You describe what an attribute is — and who can access it — by attaching facts to it:

// Create a document and classify it
await lr.Attribute.createLongText('task content', [
  ['$it', 'isA', 'Todo']
]);

// Query all todos
const todos = lr.Attribute.find([
  ['$it', 'isA', 'Todo']
]);

// Transitive query: finds Biographies, Autobiographies, etc.
const allBooks = lr.Attribute.find([
  ['$it', 'isA*', 'Book']
]);

// Compound query in one request
const { books, bios } = await lr.Attribute.findAll({
  books: [['$it', 'isA*', 'Book'], ['$it', 'is', '$not(deleted)']],
  bios:  [['$it', 'isA*', 'Biography'], ['$it', 'is', '$not(deleted)']],
});

Authorization works through the same facts. Instead of writing permission rules in backend code, you assert them as data. LinkedRecords defines a small set of built-in permission predicates —$isAccountableFor,$isHostOf,$isMemberOf,$canRead, and a few others — and enforces them at the database level. You can model organizations, teams, roles, and sharing patterns purely through facts, with no custom backend code.

Think of it like giving users a very constrained SQL client. Within the rules the system enforces, they can query and modify data. If someone misuses their permissions, they can only harm their own data.

Bring Your Own Backend

The longer-term vision is something I call Bring Your Own Backend.

Most SaaS sits somewhere between two extremes: PaaS (you manage your app and data, they manage the infrastructure) and SaaS (they manage everything, including your data). The gap in between — "I love the app, but I don't trust them with your data" — has no good answer today.

MonsterWriter is a single-page application. The frontend is served frommonsterwriter.com — always the latest version. The plan is to let users point it at their own LinkedRecords instance. You pick who runs your backend. Your data never has to leave your own infrastructure. You still get app updates automatically. The backend only needs security patches — otherwise it stays stable.

This isn't live in MonsterWriter yet, but it's where this is heading.

If this sounds familiar, it's because it rhymes with something the local-first community has been working toward. Local-first software — popularized by the Ink & Switch essay and the rise of CRDTs — puts your data on your own device, making the cloud optional rather than mandatory. The philosophy is the same: you should own your data, and the app you use to access it should be a separate concern from where that data lives.

LinkedRecords doesn't go quite as far as local-first — your data lives on a server, not your device. But it occupies the same ideological territory: the app layer and the data layer are decoupled, and you control the latter. Think of it as local-first's pragmatic cousin — cloud-hosted, but on a cloud you choose and trust.

This feels increasingly important. Cloud sovereignty has moved from a niche compliance concern to a mainstream political one. European companies are rethinking their dependency on US-based SaaS providers. Governments are scrutinizing where citizen data lives. The US CLOUD Act means data held by American companies is reachable by American courts, regardless of which country's servers it sits on. Against that backdrop, "you love the app but you don't trust them with your data" isn't a theoretical user story anymore — it's an enterprise requirement, and increasingly a personal one too.

The architecture LinkedRecords enables — a stable, self-hostable backend that any SPA can point at — is a small but concrete step toward a web where switching who holds your data is as easy as changing a URL.

Where things stand

MonsterWriter is a real product with paying users. LinkedRecords is the backend running behind it — and until recently, nobody knew it existed. The GitHub repository was published just recently. The documentation went up the day before the first public talk about it.

It's been 8 years of evenings and weekends. The commit history starts January 2017, goes quiet for 5 years while the editor got built, and has been steadily active again since 2022. The core idea — a generic, zero-migration, schema-free backend where authorization is data — has stayed the same throughout.

If you're building a single-page application and you keep running into the same backend boilerplate — schema migrations, hardcoded auth rules, user management — LinkedRecords might be worth a look.

The vision: a collaboration platform where you own the cloud

MonsterWriter started as a tool for students writing theses. But the underlying architecture points somewhere much bigger.

Think about what Notion did: it took the idea of a document editor and stretched it into a general-purpose collaboration workspace — pages, databases, wikis, project tracking, all in one place, all multiplayer. It's genuinely useful. Millions of teams run on it. But there's a catch that almost nobody thinks about until it matters: every document, every database row, every comment your team has ever written lives on Notion's servers, under Notion's terms, governed by Notion's jurisdiction.

The vision for MonsterWriter and LinkedRecords is to build toward that same kind of collaborative workspace — documents, structured data, real-time multiplayer, rich content — but with a fundamentally different answer to the question of who holds the data.

The answer LinkedRecords gives is: whoever you decide. Your company runs its own LinkedRecords instance. Your team's data stays in your data center, your cloud region, your jurisdiction. The application — the UI, the features, the product improvements — is delivered as a SPA from a server you don't have to trust. The two concerns are cleanly separated. You get the product without the lock-in.

Collaborating with someone from a different organization doesn't mean merging your data into a shared vendor's silo. It means two LinkedRecords instances exchanging facts with each other, while each organization retains full control of its own data. Like email — nobody thinks it's strange that Gmail and Outlook can send messages to each other, even though they're run by competitors. Collaboration apps could work the same way.

We're not there yet. The federation layer doesn't exist. MonsterWriter today is a writing tool, not a Notion replacement. But the data model, the authorization primitives, and the bring-your-own-backend architecture are being built with this in mind from the start — because retrofitting data sovereignty onto a platform that was never designed for it is much harder than building it in from day one.

It's an ambitious target for a solo side project. But sometimes the right architecture is obvious before the product is ready for it.