HN Reader

Tell HN: Help restore the tax deduction for software dev in the US (Section 174)

2437 points by dang 11d ago 906 comments

GCP Outage (status.cloud.google.com)

1465 points by thanhhaimai 8d ago 495 comments

Andrej Karpathy: Software in the era of AI [video] (youtube.com)

1361 points by sandslash 1d ago 739 comments

Honda conducts successful launch and landing of experimental reusable rocket (global.honda)

1316 points by LorenDB 3d ago 418 comments

Frequent reauth doesn't make you more secure (tailscale.com)

1271 points by ingve 8d ago 518 comments

A receipt printer cured my procrastination (laurieherault.com)

1247 points by laurieherault 8d ago 599 comments

The Grug Brained Developer (2022) (grugbrain.dev)

1065 points by smartmic 3d ago 557 comments

The last six months in LLMs, illustrated by pelicans on bicycles (simonwillison.net)

959 points by swyx 12d ago 233 comments

Magistral — the first reasoning model by Mistral AI (mistral.ai)

939 points by meetpateltech 10d ago 424 comments

If the moon were only 1 pixel: A tediously accurate solar system model (2014) (joshworth.com)

933 points by sdoering 7d ago 261 comments

Apple announces Foundation Models and Containerization frameworks, etc (apple.com)

860 points by thm 11d ago 489 comments

Working on databases from prison (turso.tech)

841 points by dvektor 4d ago 530 comments

Jemalloc Postmortem (jasone.github.io)

798 points by jasone 7d ago 235 comments

Show HN: Workout.cool – Open-source fitness coaching platform (github.com)

794 points by surgomat 2d ago 230 comments

Research suggests Big Bang may have taken place inside a black hole (port.ac.uk)

770 points by zaik 9d ago 604 comments

Containerization is a Swift package for running Linux containers on macOS (github.com)

768 points by gok 11d ago 409 comments

Apple introduces a universal design across platforms (apple.com)

738 points by meetpateltech 11d ago 1202 comments

US-backed Israeli company's spyware used to target European journalists (apnews.com)

732 points by 01-_- 8d ago 382 comments

Marines being mobilized in response to LA protests (cnn.com)

706 points by sapphicsnail 10d ago 1678 comments

WhatsApp introduces ads in its app (nytimes.com)

704 points by greenburger 4d ago 1011 comments

I convinced HP's board to buy Palm and watched them kill it (philmckinney.substack.com)

683 points by AndrewDucker 7d ago 495 comments

Chatterbox TTS (github.com)

668 points by pinter69 9d ago 188 comments

Show HN: Unregistry – “docker push” directly to servers without a registry (github.com)

667 points by psviderski 1d ago 157 comments

Resurrecting a dead torrent tracker and finding 3M peers (kianbradley.com)

638 points by k-ian 3d ago 201 comments

Congratulations on creating the one billionth repository on GitHub (github.com)

623 points by petercooper 9d ago 137 comments

Bruteforcing the phone number of any Google user (brutecat.com)

615 points by brutecat 11d ago 190 comments

How I program with agents (crawshaw.io)

614 points by bumbledraven 11d ago 294 comments

"Localhost tracking" explained. It could cost Meta €32B (zeropartydata.es)

595 points by donohoe 10d ago 272 comments

Launch HN: Vassar Robotics (YC X25) – $219 robot arm that learns new skills

580 points by charleszyong 10d ago 219 comments

Start your own Internet Resiliency Club (bowshock.nl)

576 points by todsacerdoti 4d ago 340 comments

Kagi Reaches 50k Users (kagi.com)

553 points by tigroferoce 11d ago 341 comments

Why SSL was renamed to TLS in late 90s (2014) (tim.dierks.org)

544 points by Bogdanp 5d ago 229 comments

Building Effective AI Agents (anthropic.com)

529 points by Anon84 3d ago 87 comments

OpenAI dropped the price of o3 by 80% (twitter.com)

517 points by mfiguiere 10d ago 494 comments

Waymo rides cost more than Uber or Lyft and people are paying anyway (techcrunch.com)

507 points by achristmascarl 8d ago 887 comments

Air India flight to London crashes in Ahmedabad with more than 240 onboard (theguardian.com)

499 points by Gud 8d ago 583 comments

Self-Host and Tech Independence: The Joy of Building Your Own (ssp.sh)

498 points by articsputnik 13d ago 241 comments

The Zed Debugger Is Here (zed.dev)

491 points by SupremumLimit 1d ago 199 comments

New US visa rules will force foreign students to unlock social media profiles (theguardian.com)

486 points by sva_ 1d ago 648 comments

I have reimplemented Stable Diffusion 3.5 from scratch in pure PyTorch (github.com)

481 points by yousef_g 6d ago 77 comments

Meta invests $14.3B in Scale AI to kick-start superintelligence lab (nytimes.com)

468 points by RyanShook 7d ago 477 comments

We’re secretly winning the war on cancer (vox.com)

459 points by lr0 12d ago 217 comments

Joining Apple Computer (2018) (folklore.org)

457 points by tosh 13d ago 123 comments

Building supercomputers for autocrats probably isn't good for democracy (helentoner.substack.com)

454 points by rbanffy 12d ago 259 comments

Danish Ministry Replaces Windows and Microsoft Office with Linux and LibreOffice (heise.de)

450 points by jlpcsl 8d ago 227 comments

Scrappy – Make little apps for you and your friends (pontus.granstrom.me)

444 points by 8organicbits 2d ago 142 comments

My iPhone 8 Refuses to Die: Now It's a Solar-Powered Vision OCR Server (terminalbytes.com)

438 points by hemant6488 2d ago 184 comments

Convert photos to Atkinson dithering (gazs.github.io)

437 points by nvahalik 13d ago 54 comments

Fossify – A suite of open-source, ad-free apps (github.com)

433 points by jalict 3d ago 130 comments

Rendering Crispy Text on the GPU (osor.io)

420 points by ibobev 7d ago 131 comments

Show HN: SecureBuild – Zero-CVE Images That Pay OSS Projects

28 grantlmiller 12 6/20/2025, 3:04:31 PM securebuild.com ↗
We're launching SecureBuild: https://securebuild.com — a new way for open source projects and maintainers to earn revenue by partnering with and endorsing our Zero-CVE container images of their project.

We’ve spent the last decade at Replicated (https://news.ycombinator.com/item?id=9841243) helping commercial and open source software vendors securely distribute their apps to enterprise environments. During that time, we saw firsthand how hard it is for maintainers to fund their work, and how increasingly demanding enterprises have become when it comes to demonstrable security and scanning.

SecureBuild is our attempt to bridge that gap. Built on top of Wolfi (https://news.ycombinator.com/item?id=36489847), we provide Zero-CVE container images with tight SLAs, full SBOMs, etc, but we route 70% of direct subscription revenue back to the open source projects that create them.

We’re especially interested in partnering with open source maintainers who want to make their projects more secure and sustainable without changing licenses. We handle builds, hosting, sales, patching, and customer delivery.

I'm Grant (https://news.ycombinator.com/user?id=grantmiller), co-founder of Replicated & co-creator of SecureBuild, working with my co-founder Marc Campbell (https://news.ycombinator.com/user?id=marcc). We hope this can be part of a broader push toward a more secure, economically sustainable future for open source.

Happy to answer questions and share more details!

Comments (12)

jenny91 · 3h ago
The intersection of entities whose security is based around "responding to every CVE quickly" and the entities that care about supporting OSS projects has measure zero.
grantlmiller · 3h ago
well... our core users are ISVs (who distribute commercial software into enterprise controlled, self-hosted environments... think big banks, governments, tech companies). They care about supporting OSS (almost 1/2 of them are open core themselves) and their customers mandate that they care about closing out CVEs quickly in the software they're consuming from them.
cube00 · 4h ago
> New SecureBuilds are created whenever upstream CVEs are available, with a 6-day SLA for critical vulnerabilities.

Aren't most SecOps pushing 48 hours as the absolute limit for critical vulns or are ours just being extra pushy?

marcc · 4h ago
We often deliver in way less than 6 days but sometimes the dependency tree is deep for a patch.

I've seen most auditors mandate 30 days for Critical, but you clearly want to move a lot quicker than that.

grantlmiller · 3h ago
the goal is going to be 6 hours!
mike_d · 3h ago
> I've seen most auditors mandate 30 days for Critical, but you clearly want to move a lot quicker than that.

You seem to fundamentally not understand security. A proper security program should never be driven by an auditors expectations or even used as a reasonable guideline.

Don't track CVEs and SLAs in days. You need to have patches out before active exploitation in the wild begins, that is the only metric that matters. Go talk to Greynoise about how to get that data.

grantlmiller · 3h ago
We’d love for this to be true... most images fill up with CVEs so fast in dependencies, we’re providing minimal images (much less surface area) and have the automation to rebuild the entire dependency graph at least daily, if not multiple times per day.

Hopefully everyone will run a "proper security program" someday!

mike_d · 2h ago
It can be true for you if your correct your thinking on the problem.

CVEs are basically just bugs that are not triggered by normal operation. If you race to "fix" them all, you are going to drown (as you are discovering).

Focus on your solution for tracking actively exploited vulnerabilities and a prioritization system and you'll greatly simplify the problem while better serving your customers.

siggy · 5h ago
thanks for sharing. what's the onboarding process look like? if i'm maintaining my own Dockerfiles today, do you or I evaluate and port those to SecureBuild/Wolfi?
marcc · 5h ago
We work together on it. Assuming you have a build process and dockerfile (we all do), generally our team can get you listed in the catalog quickly.

It's not too much work since we built on an existing set of tools (melange & apko). I've actually found that putting a Dockerfile into ChatGPT generates a really good first iteration.

dhorthy · 5h ago
this looks cool - your homepage video should open with what it is though!
grantlmiller · 5h ago
thanks! say more about what you mean... you're saying instead of: Secure, Sustainable Open Source Partner with SecureBuild to offer secure, vulnerability-free builds of your open source project while generating recurring software revenue, no support contracts required.

we should say something different?