HN Reader

Why National Labs are investing (heavily) in AI (lanl.gov)

79 points by LAsteNERD 2h ago 38 comments

The Barbican (arslan.io)

340 points by farslan 7h ago 134 comments

RIP Usenix ATC (bcantrill.dtrace.org)

108 points by joecobb 6h ago 20 comments

Build your own Siri locally and on-device (thehyperplane.substack.com)

65 points by andreeamiclaus 3h ago 11 comments

Can you trust that permission pop-up on macOS? (wts.dev)

95 points by nmgycombinator 4h ago 80 comments

Show HN: Lumoar – Free SOC 2 tool for SaaS startups (lumoar.com)

40 points by asdxrfx 3h ago 22 comments

Launch HN: ParaQuery (YC X25) – GPU Accelerated Spark/SQL

81 points by winwang 6h ago 57 comments

Byte latent transformer: Patches scale better than tokens (arxiv.org)

77 points by dlojudice 5h ago 21 comments

Embeddings are underrated (2024) (technicalwriting.dev)

417 points by jxmorris12 7h ago 123 comments

A community-led fork of Organic Maps (comaps.app)

256 points by maelito 11h ago 175 comments

Ruby 3.5 Feature: Namespace on read (bugs.ruby-lang.org)

154 points by ksec 9h ago 75 comments

Reviving a modular cargo bike design from the 1930s (core77.com)

108 points by surprisetalk 8h ago 97 comments

5 Steps to N-Body Simulation (alvinng4.github.io)

62 points by dargscisyhp 2d ago 4 comments

NASA Study Reveals Venus Crust Surprise (science.nasa.gov)

16 points by mnem 3d ago 13 comments

HealthBench (openai.com)

111 points by mfiguiere 5h ago 84 comments

The Acid King (2001) (rollingstone.com)

28 points by udit99 3d ago 21 comments

Legion Health (YC S21) is hiring engineers to help fix mental health with AI (workatastartup.com)

1 points by the_danny_g 5h ago 0 comments

Show HN: Airweave – Let agents search any app (github.com)

101 points by lennertjansen 7h ago 27 comments

Demonstrably Secure Software Supply Chains with Nix (nixcademy.com)

64 points by todsacerdoti 7h ago 24 comments

Universe expected to decay in 10⁷⁸ years, much sooner than previously thought (phys.org)

154 points by pseudolus 13h ago 207 comments

Continuous glucose monitors reveal variable glucose responses to the same meals (examine.com)

130 points by Matrixik 2d ago 78 comments

Ask HN: Is Slack Down?

21 points by abatilo 19m ago 17 comments

Toward a Sparse and Interpretable Audio Codec (arxiv.org)

27 points by cochlear 4h ago 1 comments

University of Texas-led team solves a big problem for fusion energy (news.utexas.edu)

195 points by signa11 10h ago 146 comments

I hacked a dating app (and how not to treat a security researcher) (alexschapiro.com)

420 points by bearsyankees 6h ago 241 comments

Why GADTs matter for performance (2015) (blog.janestreet.com)

48 points by hyperbrainer 2d ago 16 comments

Tailscale 4via6 – Connect Edge Deployments at Scale (tailscale.com)

88 points by tiernano 8h ago 21 comments

Spade Hardware Description Language (spade-lang.org)

100 points by spmcl 10h ago 51 comments

Show HN: CLI that spots fake GitHub stars, risky dependencies and licence traps (github.com)

89 points by artski 9h ago 51 comments

Cory Arcangel Recovered a Late Artist's Digital Legacy (newyorker.com)

3 points by FinnLobsien 1d ago 0 comments

How to title your blog post or whatever (dynomight.net)

66 points by cantaloupe 6h ago 30 comments

A Typical Workday at a Japanese Hardware Tool Store [video] (youtube.com)

127 points by Erikun 2d ago 59 comments

Continuous Thought Machines (pub.sakana.ai)

278 points by hardmaru 20h ago 34 comments

Optimizing My Hacker News Experience (reorientinglife.substack.com)

43 points by fiveleavesleft 4d ago 27 comments

The FTC puts off enforcing its 'click-to-cancel' rule (theverge.com)

285 points by speckx 9h ago 174 comments

Ash (Almquist Shell) Variants (in-ulm.de)

67 points by thefilmore 2d ago 3 comments

OpenEoX to Standardize End-of-Life (EOL) and End-of-Support (EOS) Information (openeox.org)

26 points by feldrim 7h ago 14 comments

Scientists Looking to Leave the U.S. for More Welcoming Environments (spiegel.de)

22 points by burkaman 2h ago 5 comments

Plain Vanilla Web (plainvanillaweb.com)

1375 points by andrewrn 1d ago 641 comments

The Great Displacement Is Already Well Underway (shawnfromportland.substack.com)

37 points by JSLegendDev 8h ago 21 comments

Show HN: The missing inbox for GitHub pull requests (github.com)

14 points by pvcnt 5h ago 2 comments

The Internet 1997 – 2021 (opte.org)

26 points by smusamashah 6h ago 9 comments

Implicit UVs: Real-time semi-global parameterization of implicit surfaces [pdf] (baptiste-genest.github.io)

42 points by ibobev 12h ago 9 comments

Armbian Updates: OMV support, boot improvents, Rockchip optimizations (armbian.com)

63 points by transpute 14h ago 15 comments

Making PyPI's test suite faster (blog.trailofbits.com)

116 points by rbanffy 4d ago 38 comments

Interagency Grizzly Bear Committee (igbconline.org)

19 points by mooreds 2d ago 14 comments

I ruined my vacation by reverse engineering WSC (blog.es3n1n.eu)

331 points by todsacerdoti 19h ago 168 comments

Bippy: A toolkit to hack into react internals (bippy.dev)

6 points by goranmoomin 4h ago 0 comments

Initial USA Unemployment Claims (fred.stlouisfed.org)

21 points by mooreds 7h ago 2 comments

Absolute Zero Reasoner (andrewzh112.github.io)

123 points by jonbaer 4d ago 23 comments

Show HN: Lumoar – Free SOC 2 tool for SaaS startups

40 asdxrfx 22 5/12/2025, 7:05:03 PM lumoar.com ↗
We built Lumoar to help small SaaS teams get SOC 2-ready without paying thousands for Big 4 consultants or dealing with bloated compliance platforms.

As a startup ourselves, we faced the usual issues: long security questionnaires, confusing audit requirements, and expensive tools that felt overkill.

Lumoar is a simpler alternative: - Generate compliant SOC 2 policies automatically - Track your controls and progress in a clean dashboard - Upload evidence and get plain-language recommendations - Designed for engineers and founders, not compliance pros

It's free to start — you can generate policies and explore the dashboard without a sales call or demo.

Would love to hear what blockers you’ve faced with SOC 2 and what other frameworks you’re thinking about (e.g., ISO 27001, GDPR). All feedback is welcome.

Comments (22)

edoceo · 3h ago
Having the policy doesn't preclude the audit or questionnaire requirement does it? This just puts the answers in one place?

The compliance pros still want all their ceremony - it's most of what they sell.

asdxrfx · 2h ago
Exactly, staying organized is half the battle. Our goal with Lumoar is to make that organization effortless from day one. We’re also working on future updates with AI agents and automation to make audits and questionnaires even less painful. More coming soon!
havefunbesafe · 2h ago
True, but having this makes the entire process easier. Organization is key to a speedy and clean audit.
davsti4 · 1h ago
Trying to register and I get this in the browser console:

Access to fetch at 'https://api.lumoar.com/v1/auth/register' from origin 'https://www.lumoar.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

asdxrfx · 1h ago
Hi, thanks for reaching out! The issue you encountered with the CORS policy has been fixed. You should be able to register without encountering the CORS issue anymore. If you run into any other issues, please don't hesitate to let us know!
Oras · 1h ago
> As a startup ourselves, we faced the usual issues: long security questionnaires, confusing audit requirements, and expensive tools that felt overkill.

Is Lumoar SOC2 compliant?

asdxrfx · 1h ago
Thanks for asking! We’re not SOC 2 compliant yet, but we’re actively preparing for it. We recently launched our MVP, and ensuring strong security and compliance has been a key part of our roadmap from day one. We’re happy to share more about how we handle security today if that’s helpful!
Oras · 1h ago
My point was that compliance is about trust. If I want to go the SOC2 or ISO27001 route, I want a company that has done it before.

Free in your case is not free, it's pretty expensive. If I can't comply in time, that might mean losing potential business, being late to the market, etc.

Good luck though, you made the first step.

asdxrfx · 1h ago
We understand your concern, and we will focus more on this step for now. Thanks for the feedback. If you have anything else to say, we are glad to listen.
reconnecting · 3h ago
Before providing any legal-related services, it's better to ensure that your own affairs are in compliance. At least, have a clear terms of service page [1], which is currently not available.

[1] https://www.lumoar.com/terms-of-service.html

asdxrfx · 2h ago
Good day. We apologize for our mistake. We have now fixed the link on the page so it works correctly. Thanks for pointing out
reconnecting · 2h ago
IANAL, but it looks like very poor AI generated T&C.
asdxrfx · 2h ago
Appreciate you flagging this. The current Terms of Use was generated using a standard terms generator we integrated into our site, so it’s not AI-generated, but we agree it still needs improvement. We’re planning to have it reviewed and refined soon to better reflect our product and responsibilities. Thanks again for keeping us sharp.
reconnecting · 2h ago
Perhaps it's an acceptable approach for a very limited type of non-commercial websites, but your organization pretends to provide a platform for compliance management, and from this perspective, you must first clarify your business responsibilities and your terms of service, as this is actually a part of what your company tries to sale at scale.
throw03172019 · 2h ago
Every “free SOC-2” platform I researched and demoed before landing on paid platform always had a catch. What is yours?
asdxrfx · 2h ago
No catch. It's completely free. We plan to offer paid add-ons (like AI automation and integrations) later, but the basics stay free.
aagha · 1h ago
Which paid one did you land on?
GiorgioG · 56m ago
How isn't this just straight up spam? OP has never posted before today.
dangrossman · 40m ago
"Show HN" posts announcing a new tech startup/tool are a core part of this site.

https://news.ycombinator.com/shownew

I see nothing wrong with this post. They're sharing something they've made and getting valuable, constructive feedback. I appreciate HN being one of few places that still happens at.

asdxrfx · 22m ago
Fair to be cautious, I get it. We’re a real startup, just launched our MVP recently, and wanted to share what we’re building with the community. It’s our first time posting here, but we’re genuinely looking to get feedback and connect with others. Happy to answer any questions!
java-man · 2h ago
Every website that does not explain an abbreviation before the first use is automatically non-compliant.
asdxrfx · 1h ago
Thanks for pointing out. We fixed our mistake.