Caveman: Why use many token when few token do trick
443 by tosh | 249 comments on Hacker News.
Sunday, 5 April 2026
New top story on Hacker News: Ask HN: Is there any interest in a native Qt/C++ Discord client?
Ask HN: Is there any interest in a native Qt/C++ Discord client?
5 by txtsd | 9 comments on Hacker News.
I've been building a third-party cross-platform Discord client called kind (kind is not discord) in C++ and Qt 6. No Electron, no web wrapper. A proper native app for Windows, macOS, and Linux. The UI always loads instantly. On first load, things take as long to appear as Discord's network responses. On subsequent loads, everything comes from cache and is validated against REST in the background. It feels as fast as opening a plaintext file. It's further along than I expected when I started. What's working right now: gateway with exponential backoff and reconnect, REST with per-route rate limiting, SQLite-backed cache with async reads/writes, full Discord permission resolution, and a composable block renderer that handles every Discord message type including embeds, attachments, reactions, stickers, and components. There's a full markdown parser, an async image cache with memory LRU and disk persistence, an unread and mute state system that survives restarts, and 370 passing unit and integration tests. Voice is a post-launch problem. So are Nitro features. Is there actually an audience for this outside of Linux power users? I know that's where the pain is most acute, but I'm genuinely curious whether Windows users would switch for the performance alone or whether the official client is good enough there that it doesn't matter.
5 by txtsd | 9 comments on Hacker News.
I've been building a third-party cross-platform Discord client called kind (kind is not discord) in C++ and Qt 6. No Electron, no web wrapper. A proper native app for Windows, macOS, and Linux. The UI always loads instantly. On first load, things take as long to appear as Discord's network responses. On subsequent loads, everything comes from cache and is validated against REST in the background. It feels as fast as opening a plaintext file. It's further along than I expected when I started. What's working right now: gateway with exponential backoff and reconnect, REST with per-route rate limiting, SQLite-backed cache with async reads/writes, full Discord permission resolution, and a composable block renderer that handles every Discord message type including embeds, attachments, reactions, stickers, and components. There's a full markdown parser, an async image cache with memory LRU and disk persistence, an unread and mute state system that survives restarts, and 370 passing unit and integration tests. Voice is a post-launch problem. So are Nitro features. Is there actually an audience for this outside of Linux power users? I know that's where the pain is most acute, but I'm genuinely curious whether Windows users would switch for the performance alone or whether the official client is good enough there that it doesn't matter.
Saturday, 4 April 2026
Thursday, 2 April 2026
Wednesday, 1 April 2026
New top story on Hacker News: Show HN: Zerobox – Sandbox any command with file and network restrictions
Show HN: Zerobox – Sandbox any command with file and network restrictions
13 by afshinmeh | 5 comments on Hacker News.
I'm excited to introduce Zerobox, a cross-platform, single binary process sandboxing CLI written in Rust. It uses the sandboxing crates from the OpenAI Codex repo and adds additional functionalities like secret injection, SDK, etc. Watch the demo: https://www.youtube.com/watch?v=wZiPm9BOPCg Zerobox follows the same sandboxing policy as Deno which is deny by default. The only operation that the command can run is reading files, all writes and network I/O are blocked by default. No VMs, no Docker, no remote servers. Want to block reads to /etc? zerobox --deny-read=/etc -- cat /etc/passwd cat: /etc/passwd: Operation not permitted How it works: Zerobox wraps any commands/programs, runs an MITM proxy and uses the native sandboxing solutions on each operating system (e.g BubbleWrap on Linux) to run the given process in a sandbox. The MITM proxy has two jobs: blocking network calls and injecting credentials at the network level. Think of it this way, I want to inject "Bearer OPENAI_API_KEY" but I don't want my sandboxed command to know about it, Zerobox does that by replacing "OPENAI_API_KEY" with a placeholder, then replaces it when the actual outbound network call is made, see this example: zerobox --secret OPENAI_API_KEY=$OPENAI_API_KEY --secret-host OPENAI_API_KEY=api.openai.com -- bun agent.ts Zerobox is different than other sandboxing solutions in the sense that it would allow you to easily sandbox any commands locally and it works the same on all platforms. I've been exploring different sandboxing solutions, including Firecracker VMs locally, and this is the closest I was able to get when it comes to sandboxing commands locally. The next thing I'm exploring is `zerobox claude` or `zerobox openclaw` which would wrap the entire agent and preload the correct policy profiles. I'd love to hear your feedback, especially if you are running AI Agents (e.g. OpenClaw), MCPs, AI Tools locally.
13 by afshinmeh | 5 comments on Hacker News.
I'm excited to introduce Zerobox, a cross-platform, single binary process sandboxing CLI written in Rust. It uses the sandboxing crates from the OpenAI Codex repo and adds additional functionalities like secret injection, SDK, etc. Watch the demo: https://www.youtube.com/watch?v=wZiPm9BOPCg Zerobox follows the same sandboxing policy as Deno which is deny by default. The only operation that the command can run is reading files, all writes and network I/O are blocked by default. No VMs, no Docker, no remote servers. Want to block reads to /etc? zerobox --deny-read=/etc -- cat /etc/passwd cat: /etc/passwd: Operation not permitted How it works: Zerobox wraps any commands/programs, runs an MITM proxy and uses the native sandboxing solutions on each operating system (e.g BubbleWrap on Linux) to run the given process in a sandbox. The MITM proxy has two jobs: blocking network calls and injecting credentials at the network level. Think of it this way, I want to inject "Bearer OPENAI_API_KEY" but I don't want my sandboxed command to know about it, Zerobox does that by replacing "OPENAI_API_KEY" with a placeholder, then replaces it when the actual outbound network call is made, see this example: zerobox --secret OPENAI_API_KEY=$OPENAI_API_KEY --secret-host OPENAI_API_KEY=api.openai.com -- bun agent.ts Zerobox is different than other sandboxing solutions in the sense that it would allow you to easily sandbox any commands locally and it works the same on all platforms. I've been exploring different sandboxing solutions, including Firecracker VMs locally, and this is the closest I was able to get when it comes to sandboxing commands locally. The next thing I'm exploring is `zerobox claude` or `zerobox openclaw` which would wrap the entire agent and preload the correct policy profiles. I'd love to hear your feedback, especially if you are running AI Agents (e.g. OpenClaw), MCPs, AI Tools locally.
Subscribe to:
Comments (Atom)