Hacker News

Article URL: https://github.com/oven-sh/bun/issues/30897

Comments URL: https://news.ycombinator.com/item?id=48164936

Points: 1

# Comments: 0

After speaking with over 50+ CISOs, DevOps, & pre-series A founders for months, I realized a problem in the GRC industry. SOC 2 automation exists, but people are split between trusting these black-box tools with systems that are continuously changing. As a result audits are slow & mistrusted.

Right now the most important thing is verifiability & depth, rather than just compliance automation-because it does exist, everywhere.

Here's what I did from learning this:

-> Created an open-source AWS Evidence Scanner & Control Mapper for lean, pre-series A AWS-Native teams thinking about SOC 2 Type l or are undergoing SOC 2 Type l audit. Collects across 15+ AWS Services to 12 critical controls in the trust-service criteria.

Why open-source? Accessibility for people who might have their hands tied choosing between expensive GRC tools. Its also used as a trust-mechanism. Code is right there. A CEO or auditor can read exactly what API calls we make before giving us the role ARN.

-> I included a paid report embedded within the tool (open-core model). Users have the option to pay for the report in which every finding traces back to the API call that produced it. SHA-256 hashed (at a fraction of the cost of bigger legacy platforms). With remediation steps & a compliance-copilot to help with other parts of the Type l process beyond evidence collection (like policy writing, risk assessment, etc).

Why paid report? The best way to make the auditors job as easy as possible is to give them a verifiable package where the evidence is right there in front of them, timestamped so they can see what happened, when (rooted in AWS APIs). No black-box, no way to fake it. Saving weeks of back & forth between auditors and clients, with the click of a few buttons.

An auditor can re-run the same API call, hash the response themselves, and verify it matches what's in the report.

Value: 30 seconds to deploy. 5 mins to run the scan & evidence is collected & mapped. Paid report includes verifiable evidence companies can send to their auditor. Paid features include a co-pilot to help with audit-readiness beyond just evidence collection.

-> Understand Limitations.

I understand the scope of this product is pretty limited in part because its also very new. I'm not going to claim it solves all of compliance, because it doesn't. It makes a very time-consuming part of the process very accessible to be automated & gives an auditor a report they can rely on.

What now? Anyone who's gone through, thinking about or is in the middle of SOC 2, would love your reaction to the output, even if it's critical. Also looking for early testers/users.

repo here: https://github.com/adog0822/AWS-Evidence-Layer

try it here: https://loxeai.com

Comments URL: https://news.ycombinator.com/item?id=48164906

Points: 1

# Comments: 0

demo: https://www.youtube.com/watch?v=ENH9tsVF_Bw&feature=youtu.be

lmk if you want image support!

Comments URL: https://news.ycombinator.com/item?id=48164898

Points: 2

# Comments: 1

Article URL: https://quickdraw.withgoogle.com/

Comments URL: https://news.ycombinator.com/item?id=48164897

Points: 1

# Comments: 0

Article URL: https://physics.stackexchange.com/questions/872398/self-organizing-acceleration-and-stability-in-a-lattice-independent-field

Comments URL: https://news.ycombinator.com/item?id=48164894

Points: 1

# Comments: 1

Article URL: https://electrek.co/2026/05/16/fisker-ocean-open-source-ev-story-after-bankruptcy/

Comments URL: https://news.ycombinator.com/item?id=48164891

Points: 17

# Comments: 0

Article URL: https://finance.yahoo.com/sectors/technology/articles/openai-seals-deal-malta-maltese-103120887.html

Comments URL: https://news.ycombinator.com/item?id=48164889

Points: 1

# Comments: 0

Article URL: https://mathworld.wolfram.com/Self-ComplementaryGraph.html

Comments URL: https://news.ycombinator.com/item?id=48164883

Points: 1

# Comments: 1

Article URL: https://www.youtube.com/watch?v=t-4a20_iYhg

Comments URL: https://news.ycombinator.com/item?id=48164557

Points: 1

# Comments: 0

Article URL: https://www.theguardian.com/lifeandstyle/2026/may/16/fake-lawyers-scientists-chefs-punters-white-monkeys-chinese-businesses-global

Comments URL: https://news.ycombinator.com/item?id=48164550

Points: 1

# Comments: 0

Article URL: https://www.aeaweb.org/articles?id=10.1257/pandp.20261041

Comments URL: https://news.ycombinator.com/item?id=48164464

Points: 1

# Comments: 0

Article URL: https://lcamtuf.substack.com/p/a-nicer-voltmeter-clock

Comments URL: https://news.ycombinator.com/item?id=48164432

Points: 2

# Comments: 0

Article URL: https://www.wsj.com/arts-culture/books/transported-review-lost-in-a-musical-daydream-83d8f76d

Comments URL: https://news.ycombinator.com/item?id=48164428

Points: 1

# Comments: 0

Article URL: https://github.com/nvwalj/ai-memory-reader

Comments URL: https://news.ycombinator.com/item?id=48164406

Points: 2

# Comments: 0

Article URL: https://loup-vaillant.fr/articles/lava-lamps-and-randomness

Comments URL: https://news.ycombinator.com/item?id=48164388

Points: 1

# Comments: 0

Article URL: https://philosophersmag.com/living-with-class/

Comments URL: https://news.ycombinator.com/item?id=48164366

Points: 1

# Comments: 0

Article URL: https://storica.club/blog/adonis-was-sumerian/

Comments URL: https://news.ycombinator.com/item?id=48164365

Points: 5

# Comments: 0

Article URL: https://newsletter.pragmaticengineer.com/p/the-pulse-token-spend-breaks-budgets

Comments URL: https://news.ycombinator.com/item?id=48164345

Points: 2

# Comments: 1

Article URL: https://www.nplusonemag.com/issue-53/essays/wish-you-were-her/

Comments URL: https://news.ycombinator.com/item?id=48164343

Points: 2

# Comments: 0

This kind of stuff pisses me off, yesterday we went to B&N, I picked up this magazine because I was waiting for something and I noticed an error at page 29, unacceptable for a magazine that costs $30.

https://images2.imgbox.com/3c/4a/lyUvpQPL_o.png it shows Debian was released before Slackware, incorrect: Slackware = July 1993 and Debian = August 1993.

You can also double check here:

https://upload.wikimedia.org/wikipedia/commons/1/1b/Linux_Distribution_Timeline.svg

https://github.com/FabioLolix/LinuxTimeline/releases

And here:

https://en.wikipedia.org/wiki/Slackware

https://en.wikipedia.org/wiki/Debian

Etc.etc., who doesn't this stuff anyway come on.

Comments URL: https://news.ycombinator.com/item?id=48164330

Points: 2

# Comments: 0