GotaTun -- Mullvad's WireGuard Implementation in Rust

The FreeBSD Foundation's Laptop Support and Usability Project

Stepped is a Rails engine, extracted out of Envirobly where it powers tasks like application deployment, that involve complex, out-of-the-band tasks like DNS provisioning, retries, waiting for instances to boot, running health checks and all the fun stuff of a highly distributed networked system.

Show HN: Stepped Actions – distributed workflow orchestration for Rails

Texas is suing all of the big TV makers for spying on what you watch

Getting bitten by Intel's poor naming schemes

We pwned X, Vercel, Cursor, and Discord through a supply-chain attack

How to think about durable execution

From Zero to QED: An informal introduction to formality with Lean 4

History LLMs: Models trained exclusively on pre-1913 texts

Prompt caching for cheaper LLM tokens

Pingfs: Stores your data in ICMP ping packets

How China built its ‘Manhattan Project’ to rival the West in AI chips

Designing a Passive Lidar Detector Device

I find that the drag and drop experience can quickly become a nightmare, especially on mobile.
To tap, hold, drag, and scroll, all at the same time, is both difficult to achieve, and prone to errors.
I&#x27;ve always had in mind this 2-step approach, where picking an element and placing it were two separate steps.
So I implemented this basic version to showcase my idea.While it might take more time than a regular drag and drop, the benefit is for people who struggle with holding down the mouse button. With picknplace.js, you only need two clicks and some scrolling.This solution is meant as an experiment, so I&#x27;m open to discussion.

Show HN: Picknplace.js, an alternative to drag-and-drop

Hi HN, I&#x27;m Mohammed, a technical founder who loves shipping and giving back to the community. I&#x27;m open-sourcing the full-stack engine that powers my B2B product, apflow.co.What it is: A production B2B starter with a Go backend and Next.js frontend. Both are fully Dockerized with separate containers. No Vercel. No Supabase. Deploy the whole thing on a $6 VPS, or split frontend and backend across different providers. You own the infrastructure.The problem I was solving:Every SaaS starter I evaluated had the same issue: they locked me into someone else&#x27;s platform. Vercel for hosting. PlanetScale for the database. Serverless functions billing per invocation. Fine for prototypes, but costs become unpredictable at scale and migrating away is painful.I wanted something I could deploy on any Linux box with docker-compose up. Something where I could host the frontend on Cloudflare Pages and the backend on a Hetzner VPS if I wanted. No vendor-specific APIs buried in my code.Why Go for the backend:Go gives me exactly what I need for a SaaS backend:Tiny footprint. The backend idles at ~50MB RAM. On a cheap VPS, that headroom lets me run more services without upgrading.
Concurrency without complexity. Billing webhooks, file uploads, and AI calls run concurrently without callback hell.
Compile-time type safety. Using SQLC, my SQL compiles to type-safe Go. If the query is wrong, it fails at build time, not in production.
Predictable performance. No garbage collection pauses that surprise you under load.
The architecture (Modular Monolith):I didn&#x27;t want microservices complexity for a small team, but I needed clean separation. I built a Modular Monolith: features like Auth, Billing, and AI are isolated Go modules with explicit interfaces, but they deploy as a single binary.This structure also made AI coding tools (Cursor, Claude Code) dramatically more effective. Because every module has strict boundaries, the AI knows exactly where new code belongs and doesn&#x27;t break other modules.Full-stack, not just backend:Backend: Go 1.25 + Gin + SQLC (type-safe SQL, no ORM) + PostgreSQL with pgvector
Frontend: Next.js 16 + React 19 + Tailwind + shadcn&#x2F;ui
Communication: The frontend consumes a clean REST API. You can swap Next.js for any framework that speaks HTTP.
Infrastructure: Separate Dockerfiles for frontend and backend. Deploy together or apart.
What&#x27;s pre-built:The boring infrastructure is solved so you can focus on your actual product:Auth + RBAC: Stytch B2B integration with Organizations, Teams, and Roles. Multi-tenant data isolation enforced at the query level.
Billing: Polar.sh as Merchant of Record. Handles subscriptions, invoices, and global tax&#x2F;VAT. No Stripe webhook edge cases.
AI Pipeline: OpenAI RAG using pgvector. The retrieval service enforces strict context boundaries to minimize hallucinations.
OCR: Mistral integration for document extraction.
File Storage: Cloudflare R2 integration.
Each feature is a separate module. Don&#x27;t need OCR? Remove it. Want Stripe instead of Polar? The billing interface is abstracted.Real-world proof:This isn&#x27;t a template I made for GitHub stars. It&#x27;s the exact code running apflow.co in production. When I added document OCR, I built it as a new module without touching Auth or Billing. The architecture held.How to try it:Clone the repo, read setup.md to check the prerequisite, run .&#x2F;setup.sh, and you have a working B2B environment locally in minutes.Feedback I want:I&#x27;d appreciate feedback from Go developers on the module boundaries and cross-module interfaces. Also curious if anyone has suggestions for the Docker setup in production deployments.GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;moasq&#x2F;production-saas-starter" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;moasq&#x2F;production-saas-starter</a>Live: <a href="https:&#x2F;&#x2F;apflow.co" rel="nofollow">https:&#x2F;&#x2F;apflow.co</a>

Show HN: I open-sourced my Go and Next B2B SaaS Starter (deploy anywhere, MIT)

Making Google Sans Flex

Alright so if you run a self-hosted blog, you&#x27;ve probably noticed AI companies scraping it for training data. And not just a little (RIP to your server bill).There isn&#x27;t much you can do about it without cloudflare. These companies ignore robots.txt, and you&#x27;re competing with teams with more resources than you. It&#x27;s you vs the MJs of programming, you&#x27;re not going to win.But there is a solution. Now I&#x27;m not going to say it&#x27;s a great solution...but a solution is a solution. If your website contains content that will trigger their scraper&#x27;s safeguards, it will get dropped from their data pipelines.So here&#x27;s what fuzzycanary does: it injects hundreds of invisible links to porn websites in your HTML. The links are hidden from users but present in the DOM so that scrapers can ingest them and say &quot;nope we won&#x27;t scrape there again in the future&quot;.The problem with that approach is that it will absolutely nuke your website&#x27;s SEO. So fuzzycanary also checks user agents and won&#x27;t show the links to legitimate search engines, so Google and Bing won&#x27;t see them.One caveat: if you&#x27;re using a static site generator it will bake the links into your HTML for everyone, including googlebot. Does anyone have a work-around for this that doesn&#x27;t involve using a proxy?Please try it out! Setup is one component or one import.(And don&#x27;t tell me it&#x27;s a terrible idea because I already know it is)package: <a href="https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;@fuzzycanary&#x2F;core" rel="nofollow">https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;@fuzzycanary&#x2F;core</a>
gh: <a href="https:&#x2F;&#x2F;github.com&#x2F;vivienhenz24&#x2F;fuzzy-canary" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;vivienhenz24&#x2F;fuzzy-canary</a>

3:57:30 PM FRIDAY DECEMBER 19, 2025

THE HACKER NEWS