2026年6月14日 の Show HN

I've made a drawing app based on my physical sketching practice, using fluid sim and some shader tricks to mimic watercolor-style ink washes. Best used on iPad or with a drawing tablet. The linked article shows how the core engine works, with plenty of little interactive demos. It was fun to make, sharing in hopes others find it fun too :)

I made an alarm clock that blows up capacitors to wake you up.

There are more details on the Github repo but it's made from an esp32-c3 as the microcontroller, with 3 capacitor slots. There are relays on each capacitor slot to put 15v reverse voltage on the capacitor, with 5.1 ohm resistors on each slot for current limiting in case the capacitor shorts out. I also chucked in an SSD1315 OLED to show the time and a menu to configure it, although there's a web UI as well. The esp32 also means you can fetch the time from NTP.

It also functions as a small heater since I used LDOs to step down 15v to 3.3v for the esp32, I was lazy and didn't use a buck converter circuit :)

Sabela is a reactive notebook for Haskell. The name is the Ndebele word for "to respond." Cells respond to each other on change. Initially it was meant as a tool for working with data but it has turned out to have a lot of pedagogical value outside of data analysis work.

There is a gallery to read through on the website and a number of examples in the repo showcasing things like:

* Python interop * Widgets and animation * Exploratory data analysis

If you find any of this interesting please try it out. Any feedback is welcome.

Sometimes my son asks me 'why' questions that could be answered well by a kid-friendly philosophy article. But I don't know where to find those, so I ask Claude or ChatGPT, and have a specific workflow for getting the type of output I want.

I figured other people might find those AI-generated articles helpful, so I put them here: https://philosophy.ocaho.com/

There's a search box at the top.

Hey everyone! I've been working on something called Afterburner: a fast, embeddable JS/TS runtime written in Rust, with a capability sandbox baked right in.

Scripts run locked down by default: no network, no filesystem, no environment variables. You explicitly grant whatever access a script actually needs, and every call gets hard caps on CPU, memory, and time.

The goal isn't to replace your existing stack. It's to fit cleanly into it:

Embed a JS/TS engine in your Rust app with a single crate. Run user scripts, plugins, business rules, or edge logic, each call fully sandboxed. Wrap the tools you already use. Commands like `burn node app.js`, `burn npm test`, `burn bun`, `burn deno run`, and `burn npx tsx` run your existing toolchain under the sandbox. Take an unmodified Express, Fastify, or Hono app and run it with zero ambient I/O and a memory ceiling. No code changes needed. Use the built-in registry at registry.afterburner.sh. Publish with `burn publish`, install with `burn install` or `burn add` dependencies are pinned by content digest. Every package ships with a capability manifest, so installed code is sandboxed by default. It also interops with npm, so you can still pull in npm libraries as needed. Since nothing gets ambient authority, it's also just a clean, practical way to run untrusted code without having to cross your fingers and hope.

Repo: https://github.com/afterburner-sh/afterburner Site: https://afterburner.sh Registry: https://registry.afterburner.sh

The full walkthrough like how it works, what it can do, and benchmarks hitting up to ~16.8M rows/sec is all in one post. It's the best place to start: https://vertexclique.com/blog/burn-after-reading/

One licensing note: it's source-available under BSL-1.1, which automatically converts to Apache-2.0 four years after each release. Free to use for your own projects so go build something.

Motplot and has the vibe of Sudoku if you played it with words instead of numbers.

I made it so I would stop losing at bananagrams to my 99 year old grandma, but she beats me at this too.

It's free, there's a new puzzle daily, hope you like it!

I’m not a software engineer by trade, but I needed to make a number of screenshots for my job that all needed to be the exact same size. Every app I found wouldn't let me input or save a preset size to make my life easier, so I thought I'd try out using AI to help me build a simple app to solve that problem. It wasn't long before I started adding more and more useful features and ended up building the screenshot app I wanted to see in the world (CapSize - which now has local OCR and a ton of annotation tools).

I had so much fun with it I started thinking of what other apps I could use for work and hobbies, and that's how I built SmartClip (a clipboard history manager with local privacy masking) and HexStack (a color picker that stores your hex codes and a lot more). Everything is 100% offline with zero telemetry and no account required.

I had no plans on sharing them with the world when I built them, but they helped me so much, I wondered if others might find them useful too. There's probably not a wide scale market for them, but I think developers, software engineers, UX/UI designers and testers could get a lot of use out of them.

If this is something you might find useful, I'd love your thoughts and feedback on what I've created. There is a fully functional, free "Core" version of each app on the site you can test out and demo videos showing the "Pro" features. If you really love the Pro features, I've set up a 20% discount for this community: Use code HN20 at checkout.

Thanks for taking a look!

Website: https://mintlogic.net

I run a lot of agentic coding sessions in parallel, each in its own git worktree. Every worktree points at the same local Postgres though, so the moment one branch runs a migration it changes the schema out from under the others. I'd end up with agents tripping over each other, or me babysitting which branch "owned" the DB at any given moment.

I made this to fix it. I hope you might find it helpful too.

Shows a searchable list of abandoned plugins (no updates in over 12 months) and known vulnerabilities on those plugins.

Hey HN, I have built a game server orchestrator from scratch, As a solo-dev it took me 3+ years and almost 10 hours daily to finally complete it since i started in the beginning of 2023. Im 26 years old now!.

The complexity and stuff i had to research to complete this project i couldnt have imagined them even in my dreams, but hey, here it is, my greatest professional achievement until now.

Down below I will try to break down just some of the core and most important features of my game server orchestrator.

1. CORE PINNING & CCD CACHE ALIGNMENT

I had to research and understand CPU cache layouts. I found out that if my game containers, which utilize docker run, span across different core complex dies (CCDs) or share SMT sibling threads with a busy neighbor, L3 cache thrashing ruins single-core tick efficiency.

Then what I did is that I pinned all non game-server processes strictly on core 0 and its SMT sibling core 12 using GRUB:

I disabled the 1000Hz timer interrupts to prevent context switching so as to not pollute the L3 cache.

I also offloaded the rcu to cores 0 and 12 so as to avoid any micro interruptions on the game containers and leave 100% of the performance to the game containers.

  GRUB_CMDLINE_LINUX_DEFAULT="nomodeset isolcpus=1-11,13-23 nohz_full=1-11,13-23 rcu_nocbs=1-11,13-23"

As for the game containers, as i mentioned i utilize docker run directly since swarm is not needed and would actually be bad design, I have the orchestrator service which utilizes and algorithm to calculate which CCD core is best to pin the game server container on:

  // Zen 4 core complex die (CCD) mapping in C#
  int siblingOffset = totalHardwareThreads / 2;
  int coresPerCcd = siblingOffset / 2;
  int getCcdId(int i) => ((i % siblingOffset) < coresPerCcd) ? 0 : 1;
  int getSibling(int i) => (i < siblingOffset) ? (i + siblingOffset) : (i - siblingOffset);

I also set the memory limit and the memory reservation to be equal (--memory == --memory-reservation), in order to make the kernel lock that RAM memory physically RAM and block swap usage to avoid the noisy-neighbour problem.

Since, as can be seen, the orchestrator tries to find the most performant threads for a game server, this means that the host node will get its cpu fragmented, specifically for this case I have an algorithm that simulates on the host node the best place for each running game container then relocates some or all of the container dynamically, live, without restarting the container or disconnecting any active player using:

  docker update --cpuset-cpus="{cpuSet}" {containerName}

2. EBPF/XDP + NFTABLES utilization for preventing ddos attacks, since game servers get constantly bombarded by ddos attacks, bots or otherwise specially targeted for many different reasons, could be whats called a script kid or sometimes even salty gamers, xd.

In the beginning i tried to use UFW but ended up get rid of it since it conflicts with docker, which it took me quite some time to realize it in the beginning since i was still doing research on how things work on the network-level.

In order to have the best protection I decided to have specific, per port connection rate limits. If the limits are hit I use a blacklist which the offenders ip is registered on, with a specific timer, then immediately register those blacklisted ips on the eBPF map. These IPs are dynamically added and removed from each list/map when the ban expires.

There is AnonymousPipeClientStream edge case though, a lot of games have many different mods and plugins which can increase the rate of packets, even though I have tried my best to account for this in the default rate limit rules I have set, also allow the game server owners to actually adjust these limits if needed, cloudflare-style, by providing 4 profiles: Standard, Loose, Strict, UnderAttack.

have optimized the standard one as best as I could, based on real life data, and it should be enough for 99% of the servers, the other profiles could be utilized in other rare cases for heavily modded servers for example.

So the best approach for ddos mitigation is using nftables with per game server port limits have per game port nftables limits which

I have also bumped the rmem_max/wmem_max buffers to 16MB so that specific game-container threads dont block when registering the map data directly into ram, by default the write buffer is tiny around 200 KB, by doing this the player ticks are processed quicker.

Since the user needs to manage the game files, uploading/downloading/editing/deleting etc etc, I use fireqos to prioritize game traffic, meaning game traffic gets the fast-lane and is never throttled by the actions that the clients does using their file manager making sure that the game stays ping spike free.

I also use TCP BBR Congestion Control instead of the default Linux CUBIC which is unoptimized and causes rubber-banding because it assumes that if there is packet-loss between the game server and the player there must be network congestion which as a result reduces transmission speed, which in turn causes lag spikes. What BBR Congestion Control does is that it measures the actual bandwidth between the game server and the player and sends the data packets at a speed which the player can consume and as a result avoids rubber-banding.

I also use fq, fair queueing, in order to avoid a single game server owner from using all the bandwidth in case for example someone decides to upload or download huge files.

# BBR Congestion Control net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr

  # UDP/TCP Buffer Expansion
  net.core.rmem_max = 16777216
  net.core.wmem_max = 16777216
  net.core.rmem_default = 16777216
  net.core.wmem_default = 16777216

3. SSR CACHE POISON solution.

In order to avoid angular ssr cache poisoning i have two endpoints, /graphql - public and read-only data which are directly cached on cloudflare, this endpoint rejects immediately any auth header, by rejecting the entire request, in order to prevent cache-poisoning and prevent any state sharing between requests. The second endpoint is /secure handles any authenticated data and does not cache anything. Also all my web services, like the front end, api, database calls use my private wireguard mesh which adds a layer of security. Also during SSR in Node.js I have skipped the TLS handshakes entirely which adds a bit of latency by using the local Docker swarm network for direct access to my api.

-----

Since as I mentioned im a solo-dev, im bootstrapping this entirely out of my own pocket, I have two bare-metal nodes, one in Europe and the other on Central USA.

Today, my goal is to see how my orchestrator handles real world usage before i scale up, so I invite anyone to spin up a game server by using my free trials and try to break my system.

If anyone wishes, he can go directly on https://ray-hosting.com/en-US/free-trial and register to automatically claim the free trial. It requires a credit card though, solely for abuse protection. OR, if you dont want to put your card down which is understandable, i can spin up a trial for you from my admin panel directly after you register so that you can test my system's abilities, just drop a comment here since I will be watching the thread today. I would really love to hear honest thoughts and opinions on the architecture, deployment speed, or any other thing you want to discuss.

PS: im not a native english-speaker so I had a hard time putting this together, lol, btw, I do have a lot more stuff to talk about my platform but for now this drained me. Lol, thank you very much for reading.

I miss music visualizers. What should we add?

I've always thought Google was boring, so I decided to make search fun again, even though I'm a vibe-coder.

Hi,

Created a tool that lets you type your idea and it can generate a 3blue1brown style video on this.

The demo is free to use - https://crafty-resilient-grebe.instavm.site/

Github open sourced as well - https://github.com/instavm/manim-studio

If you feel its cumbersome to set up manim locally, you can now just prompt this tool and it will create the video you need, be as descriptive as you like.

Shoutout to the original Manim - https://github.com/ManimCommunity/manim

Happy manim-ing!