Hacker News

Article URL: https://www.youtube.com/playlist?list=PL1TfIrAqsOzcNSHV00pmvNusNTqYagQfz

Comments URL: https://news.ycombinator.com/item?id=47270212

Points: 2

# Comments: 0

Hi Hacker News! We're launching Zalor, an agent testing platform.

Agents often break when you tweak system prompts, swap models, or add tools. Zalor automatically generates test scenarios and evaluates your agent so you know it's reliable before deploying to production.

We currently support the OpenAI Agents SDK and are onboarding other frameworks. A GitHub integration is coming so you can get feedback on every update.

Looking forward to hearing feedback from people building agents.

Comments URL: https://news.ycombinator.com/item?id=47270208

Points: 3

# Comments: 3

Article URL: https://news.bloomberglaw.com/artificial-intelligence/netflix-acquires-ben-affleck-founded-ai-moviemaking-business

Comments URL: https://news.ycombinator.com/item?id=47270200

Points: 1

# Comments: 0

I built aidevshield, a free open-source security scanner that catches vulnerabilities in AI coding tool configurations things like Cursor, Copilot, and Cline setups.

The problem: AI coding assistants are becoming attack surfaces. In the past year we've seen real exploits:

Clinejection (Dec 2025): Prompt injection via GitHub issue titles → AI triage bot executes shell commands → malicious npm package published to 5M users tj-actions/changed-files (Mar 2025): Tag repointing attack hit 23,000 repos via pull_request_target Shai-Hulud (2025): First self-propagating npm worm using postinstall hooks Rules File Backdoor (Feb 2025): Hidden Unicode characters in .cursorrules for invisible prompt injection Existing tools cover parts of this — Zizmor and actionlint for GitHub Actions, Socket.dev for npm — but nothing scans across all four domains: workflows + AI configs + npm packages + prompt injection.

aidevshield does. One command, zero dependencies beyond js-yaml, fully offline:

npx aidevshield scan . What it detects:

Dangerous GitHub Actions patterns (wildcard users, untrusted event field interpolation, unpinned third-party actions) pull_request_target with untrusted checkout (Pwn Request pattern) Malicious npm lifecycle scripts (postinstall curl | sh, node -e inline exec) Hidden Unicode in AI config files (.cursorrules, .github/copilot-instructions.md) Wildcard tool permissions (Bash(), Edit()) Exposed .env files without .gitignore protection Cache poisoning + credential exposure combos Outputs text, JSON, or SARIF (for GitHub Code Scanning integration).

56 end-to-end tests. Every detection maps to a documented real-world attack.

MIT licensed. No signup, no paywall.

GitHub: https://github.com/aidevshield/aidevshield

Happy to answer questions about the threat landscape or implementation.

Comments URL: https://news.ycombinator.com/item?id=47270193

Points: 1

# Comments: 0

Ten years ago I built a small evolutionary toy experiment with two types of agents: selfish and cooperative “ducks”.

At first, selfish strategies dominated. But when agents were given memory — the ability to remember who helped them — cooperation suddenly became stable under resource scarcity.

That experiment stayed in the back of my mind for years.

Recently I started rebuilding the idea from scratch as a larger system:

BiomeSyn

https://biomesyn.com/

Instead of evaluating AI on static tasks, the goal is to explore long-horizon adaptive environments where agents must:

• gather resources • survive environmental pressure • compete with other agents • adapt over many generations

The system is deterministic, so experiments can be reproduced across seeds — which makes it possible to treat it as a benchmark for adaptive agents.

The bigger question I’m interested in:

> What happens when intelligence is evaluated inside a world that keeps evolving?

Many current benchmarks measure short-episode performance. But real adaptive systems must operate in open-ended environments.

BiomeSyn is still an early research sandbox, but I’m curious whether environments like this could become useful for studying:

• evolutionary computation • long-horizon RL agents • multi-agent ecosystems • adaptive AI systems

Would be interested to hear thoughts from people working on agents, simulation platforms, or large-scale AI systems.

https://biomesyn.com/

Comments URL: https://news.ycombinator.com/item?id=47270182

Points: 1

# Comments: 0

Built a PWA where anyone can drop a pin on a live shared map to report nearby incidents — crime, fire, disasters, civil unrest, infrastructure failures.

No accounts, no tracking. IPs are one-way HMAC-hashed before storage and never logged raw. Community votes incidents from pending → active so noise gets filtered out automatically. Each category has its own TTL so the map stays fresh.

Stack: Next.js 16, Firebase (Firestore + Cloud Functions + FCM), Leaflet for the map, D3.js for a 3D globe view. Fully open source.

GitHub: https://github.com/BaselAshraf81/threatalert

Comments URL: https://news.ycombinator.com/item?id=47270181

Points: 1

# Comments: 0

Article URL: https://btw.media/

Comments URL: https://news.ycombinator.com/item?id=47270179

Points: 1

# Comments: 0

Whiplash sits in your macOS menu bar and gives you a live overview of all your concurrent agent sessions and their status across iTerm, Ghostty, or Terminal. A little open source, utility that I hope helps you too.

Comments URL: https://news.ycombinator.com/item?id=47270152

Points: 2

# Comments: 0

Article URL: https://reorchestrate.com/posts/your-binary-is-no-longer-safe-conversion/

Comments URL: https://news.ycombinator.com/item?id=47270149

Points: 1

# Comments: 0

Article URL: https://reorchestrate.com/posts/your-binary-is-no-longer-safe-decompilation/

Comments URL: https://news.ycombinator.com/item?id=47270146

Points: 1

# Comments: 0

Article URL: https://www.theregister.com/2026/03/06/ai_kills_software_licensing/

Comments URL: https://news.ycombinator.com/item?id=47270122

Points: 8

# Comments: 0

Article URL: https://theintercept.com/2026/03/05/kosa-online-age-verification-free-speech-privacy/

Comments URL: https://news.ycombinator.com/item?id=47270104

Points: 5

# Comments: 2

Article URL: https://www.youtube.com/watch?v=O0pFqhZl3fg

Comments URL: https://news.ycombinator.com/item?id=47270088

Points: 1

# Comments: 0

Article URL: https://github.com/TinyAGI/fractals

Comments URL: https://news.ycombinator.com/item?id=47269860

Points: 1

# Comments: 0

Article URL: https://clickhouse.com/blog/clickstack-embedded-clickhouse

Comments URL: https://news.ycombinator.com/item?id=47269854

Points: 1

# Comments: 0

Article URL: https://www.amazon.com/dp/B0GR6T1KMQ

Comments URL: https://news.ycombinator.com/item?id=47269831

Points: 1

# Comments: 0

Article URL: https://mapscaping.com/as-the-crow-flies-distance-calculator/

Comments URL: https://news.ycombinator.com/item?id=47269810

Points: 1

# Comments: 0

I keep hearing the same thing across aerospace/defense and other regulated B2B programs. Even when both companies use Jira internally, the moment a customer (or other external partner) suggests “let’s just share a Jira project,” it turns into a weeks/months-long IT + infosec ordeal… so teams fall back to email + Excel trackers.

If you’ve lived this, I’d love detailed stories. Some conversation starters:

>> What exactly made it hard? (SSO/IdP, user provisioning, domain policies, MFA, VPN, IP allowlists, Atlassian Access, SCIM, contractors, etc.)

>> Is the blocker usually IT, security, compliance, procurement/vendor risk, or the Jira admins themselves?

>> Jira Cloud vs Jira Data Center: which is worse for external collaboration and why?

>> What are the common “policy red lines” that cause a hard no? (least privilege, separation of tenants, auditability, data residency, CUI/ITAR, SOC2, etc.)

>> What workarounds did you end up using instead (shared spreadsheet, shared mailbox, separate “shadow Jira,” Confluence page, etc.) and what broke?

>> If you did make cross-org Jira work, what was the setup that finally passed and how long did it take? If you didn't make it work, what happened?

Context: I’m trying to understand the true root causes and failure modes -- whether this is mostly technical (identity + permissions) or mostly organizational/policy, and what parts are actually solvable.

Comments URL: https://news.ycombinator.com/item?id=47269793

Points: 1

# Comments: 0

Article URL: https://reason.com/2026/03/04/computer-scientists-caution-against-internet-age-verification-mandates/

Comments URL: https://news.ycombinator.com/item?id=47269782

Points: 1

# Comments: 0

I built SlideScholar to solve a pain point I kept seeing: researchers spending 6-10 hours making slides for 15-minute conference talks.

Upload a PDF or ArXiv URL, pick your talk length, and get an editable .pptx presentation with assertion-evidence titles, extracted figures and tables, and speaker notes with timing cues.

Stack: Next.js frontend on Vercel, Python/FastAPI backend on Railway, Claude API for content planning, python-pptx for slide generation.

Free, no signup needed

Comments URL: https://news.ycombinator.com/item?id=47269745

Points: 1

# Comments: 0