Once a patch for a security vulnerability is public, the patch itself can reveal the vulnerability before the CVE is published. VCamper uses a staged LLM pipeline to analyze a Git commit range and flag likely vulnerability patches, even when they look like routine changes.
It’s still a proof of concept, but on known cases like curl CVE-2025-0725 it got close to the published root cause from the patch alone.
This matters because LLMs could make it much harder to keep security fixes quiet: once the patch is public, the bug may be recoverable almost immediately. Quietly shipping a fix and hoping it stays under the radar may stop being a reliable strategy.
I've worked with data my entire career. We need to alt tab so much. What if we put it all on a canvas? Thats what I'm building with Kavla!
Right now working on a CLI that connects a user's local machine to a canvas via websockets. It's open source here: https://github.com/aleda145/kavla-cli
Next steps I want to do more stuff with agents. I have a feeling that the canvas is an awesome interace to see agents working.
Built with tldraw, duckdb and cloudflare
It allows you to get a wake up call from someone friendly, somewhere out there in the world.
It's got a handful of regular users and it's mostly me making the calls, but it's great fun to wake people up!
No phone number required - these are VoIP calls via the app.
Built it because I think it's cool.
Orange Words. My hobby project, a hacker news search system. It was initially created by hand and now I use AI augmented development. It's a good low risk environment for experimenting.
3 days ago, 220 comments: https://news.ycombinator.com/item?id=47700460
5 days ago, 51 comments: https://news.ycombinator.com/item?id=47679021
8 days ago, 21 comments: https://news.ycombinator.com/item?id=47639039
11 days ago, 22 comments: https://news.ycombinator.com/item?id=47600204
A tool to estimate if you should vibe an automation/app or just buy/delegate/grind instead