HN Reader

Gemini Diffusion (deepmind.google)

1 points by og_kalu 1m ago 0 comments

Google Wants You to Pay $250 for a God-Tier Subscription to AI (gizmodo.com)

1 points by rntn 1m ago 0 comments

AI Mode in Google Search (blog.google)

1 points by ChrisArchitect 2m ago 0 comments

Nearly half of streaming subscriptions are for plans with ads (theverge.com)

1 points by voxadam 2m ago 0 comments

Imagen 4 (deepmind.google)

1 points by synthwave 3m ago 0 comments

Running the entire HEY test suite on different computers (twitter.com)

1 points by wmf 3m ago 0 comments

Iterator helpers have become Baseline Newly available (web.dev)

1 points by feross 4m ago 0 comments

Veo 3: Video, meet audio (deepmind.google)

2 points by meetpateltech 4m ago 0 comments

Thank You for Your Existence (daniel.haxx.se)

2 points by Vinnl 5m ago 1 comments

Gemini 2.5: Our most intelligent models are getting even better (blog.google)

2 points by meetpateltech 5m ago 0 comments

Introducing Veo 3 and Imagen 4, and a new tool for filmmaking called Flow (blog.google)

4 points by youssefarizk 6m ago 0 comments

Why Are Clinical Trials So Complicated? (2020) (science.org)

1 points by Tomte 6m ago 0 comments

Where Did 'Jazz,' the Word, Come From? (2018) (wbgo.org)

1 points by Tomte 6m ago 0 comments

Teacher Drag a 6yr-Old with Autism by His Ankle Fed OCR Might Not Do Anything (propublica.org)

1 points by frumper 7m ago 1 comments

Tesla Owners Are Installing DIY Rip Cords to Avoid Being Trapped in Case of Fire (fuelarc.com)

2 points by jrflowers 8m ago 0 comments

Magic Animator (magicanimator.com)

1 points by handfuloflight 10m ago 0 comments

A bestiary of mathematical functions for systems designers (brunodias.dev)

2 points by fanf2 10m ago 0 comments

A Fire Sale of Portland's Largest Office Tower Shows How Far the City Has Fallen (wsj.com)

2 points by kamaraju 10m ago 0 comments

NYC wants to turn 34th Street into a busway (nbcnewyork.com)

2 points by geox 11m ago 0 comments

UUIDv7 Comes to PostgreSQL 18 (thenile.dev)

6 points by code_reader 13m ago 0 comments

Chinese Hackers Hit Drone Sector in Supply Chain Attacks (securityweek.com)

2 points by Bender 16m ago 0 comments

Hackers Earn Over $1M at Pwn2Own Berlin 2025 (securityweek.com)

1 points by Bender 16m ago 0 comments

The Most Implausible Tunneling Method (practical.engineering)

3 points by impish9208 17m ago 0 comments

Crawlomatic WordPress plugin patched for critical 9.8 RCE flaw (scworld.com)

1 points by Bender 17m ago 0 comments

Rust turns 10: How a broken elevator changed software forever (zdnet.com)

2 points by CrankyBear 18m ago 0 comments

Good vs. Great Animations (emilkowal.ski)

1 points by jiten99 19m ago 0 comments

Show HN: Sleek, Minimal and unique take on Portfolio (jaydip.me)

1 points by jdsane 19m ago 0 comments

Investigation Update: Whole Cucumbers Outbreak, May 2025 (cdc.gov)

4 points by bookofjoe 20m ago 0 comments

Microsoft Confirms Emergency Update for Windows Users (forbes.com)

1 points by miles 21m ago 0 comments

MCP Server for Windows (blogs.windows.com)

3 points by danjc 21m ago 0 comments

I spent 15 years developing a tool to make sense of software version numbers

2 points by a1tern 22m ago 0 comments

About Ghost (ghost.org)

1 points by vishnumohandas 23m ago 0 comments

Geek Seeks Gold: Search for Dutch Schultz's Missing Treasure [video] (youtube.com)

1 points by the_decider 24m ago 0 comments

Microsoft-backed UK tech unicorn Builder.ai collapses into insolvency (ft.com)

5 points by fallinditch 26m ago 0 comments

Build a realtime chat app with Ably, Next.js and Netlify (ably.com)

1 points by brianmayshair 27m ago 0 comments

Show HN: I built an iOS keyboard for iOS power users (flexiboardapp.framer.website)

2 points by abdullahajmal 28m ago 1 comments

Gemini 2.5 Flash Preview 05-20 (ai.google.dev)

4 points by open-paren 28m ago 0 comments

Dieter Rams Turns 93 (instagram.com)

2 points by bch 29m ago 1 comments

Agent Commerce Kit – Protocols for AI Agent Identity and Payments (github.com)

4 points by jfiadeiro 31m ago 1 comments

Chicago Sun-Times publishes made-up books and fake experts in AI debacle (theverge.com)

6 points by 01-_- 35m ago 2 comments

AI poses a bigger threat to women's work, than men's, says report (reuters.com)

2 points by 01-_- 36m ago 0 comments

Show HN: Transform Web, Text-to-CAD in the Browser (curranjrobertson.github.io)

1 points by cad-vc 36m ago 0 comments

By 2035 there will be at least one protest about turning off an AI (2023) (longbets.org)

2 points by Mistletoe 39m ago 0 comments

When Textbook RSA Is Used to Protect the Privacy of Users (2018) (arxiv.org)

1 points by Tomte 40m ago 0 comments

When Russia and America Coöperated to Avert a Y2K Apocalypse (2019) (newyorker.com)

1 points by Tomte 40m ago 0 comments

Neural Networks, Manifolds, and Topology (colah.github.io)

1 points by skadamat 41m ago 0 comments

The Last Letter (aeon.co)

10 points by HR01 42m ago 1 comments

How to Stop Students from Cheating with AI (wsj.com)

2 points by agomez314 43m ago 2 comments

Experiment: My book took me a year to write. I had AI recreate it in an hour (varu.us)

1 points by levihanlen 43m ago 1 comments

Show HN: Codex powered language agnostic unit test generator (github.com)

1 points by coderinsan 43m ago 1 comments

Show HN: I Spent Years Building a FOSS Unified Zero Trust Secure Access Platform

5 geoctl 2 5/20/2025, 11:33:56 AM github.com ↗
Hello HN, I've been working solo on Octelium for the past 5+ years now, (yes, you just read that correctly :|) along with a couple more sub-projects that will hopefully be released soon and I'd love to get some honest opinions from you. Octelium is simply an open source, self-hosted, unified platform for zero trust resource access that is primarily meant to be a modern alternative to corporate VPNs and remote access tools. It is built to be generic enough to not only operate as a ZTNA/BeyondCorp platform (i.e. alternative to Cloudflare Zero Trust, Google BeyondCorp, Zscaler Private Access, Teleport, etc...), a zero-config remote access VPN (i.e. alternative to OpenVPN Access Server, Twingate, Tailscale, etc...), a scalable infrastructure for secure tunnels (i.e. alternative to ngrok), but also as an API gateway, an AI gateway, a secure infrastructure for MCP gateways and A2A architectures, a PaaS-like platform for secure as well as anonymous hosting and deployment for containerized applications, a Kubernetes gateway/ingress/load balancer and even as an infrastructure for your own homelab.

Octelium provides a scalable zero trust architecture (ZTA) for identity-based, application-layer (L7) aware secret-less secure access, via both private client-based access over WireGuard/QUIC tunnels as well as public clientless access (i.e. BeyondCorp), for users, both humans and workloads, to any private/internal resource behind NAT in any environment as well as to publicly protected resources such as SaaS APIs and databases via context-aware access control on a per-request basis through policy-as-code.

I'd like to point out that this is not an MVP, as I said earlier I've been working on this project solely for way too many years now. The status of the project is basically public beta or simply v1.0 with bugs (hopefully nothing too embarrassing). The APIs have been stabilized, the architecture and almost all features have been stabilized too. Basically the only thing that keeps it from being v1.0 is the lack of testing in production (for example, most of my own usage is on Linux machines and containers, as opposed to Windows or Mac) but hopefully that will improve soon. Secondly, Octelium is not a yet another crippled freemium product with an """open source""" label that's designed to force you to buy a separate fully functional SaaS version of it. Octelium has no SaaS offerings nor does it require some paid cloud-based control plane. In other words, Octelium is truly meant for self-hosting. Finally, I am not backed by VC and so far this has been simply a one-man show even though I'd like to believe that I did put enough effort to produce a better overall quality before daring to publicly release it than that of a typical one-man project considering the project's atypical size and nature.

Comments (2)

sybercecurity · 5h ago
Wow - looks impressive. Like the direction it's going. Doing things where access policies can be set as code is the way to go IMHO.

One issue I've heard from ZTA early adopters is the lack of interoperability between the various ZTNA solutions. Not a big problem unless you have two organizations that have different solutions that now have to work together (merger, partnership, etc.). Ironically, I have overheard people complain enough that they would pay for a FOSS solution...

geoctl · 5h ago
Thank you. Actually one of the very hardest things for me working on Octelium is basically how to describe it concisely and clearly and I still can't say that I have an answer, that's why I prefer to describe it as a "unified secure/zero trust access" platform. It's a ZTNA platform but not in the typical sense, it's also a remote-access VPN but actually works via identity-aware proxies to control access at L-7 instead of at L-3 like in VPNs. It's BeyondCorp but actually supports client-less access for both humans via their browsers and SSO but it also supports client-less access for workloads via OAuth2 client credential flows and standard bearer authentication which makes it relevant for any workload written in any language to access all your HTTP-based Services via a single bearer access token without being aware of the Cluster's existence at all. And it's also a deployment platform that enables you to deploy and scale any containerized application, HTTP-based or not, and instantly provide secure client-based/client-less access to it via your policies or even completely expose it to anonymous access like it's a hosting platform if you wish.