Show HN: An LLM-Powered Tool to Catch PCB Schematic Mistakes
Hacker News (score: 16)Description
More from Hacker
Syd – An offline-first, AI-augmented workstation for blue teams
Syd – An offline-first, AI-augmented workstation for blue teams Hi HN, I’m Paul. I’m building Syd, an offline-first forensic workstation that orchestrates tools like YARA and Nmap through a GUI, using a local LLM to analyze the results without leaking data. It runs completely offline on localhost—no data is ever sent to the cloud, making it safe for sensitive investigations.<p>Here's a demo: <a href="https://www.youtube.com/watch?v=8dQV3JbLrRE" rel="nofollow">https://www.youtube.com/watch?v=8dQV3JbLrRE</a>.<p>I built this because while tools like YARA are powerful, managing rule sets and decoding hex strings is slow. AI is great at explaining malware signatures, but I couldn't use ChatGPT for my work because pasting potential malware or sensitive logs into a web form is a massive security risk. I needed the intelligence of an LLM but with the privacy of an air-gapped machine.<p>Under the hood, it’s built on Python 3. I use subprocess to manage the heavy lifting of the scanning engines so the UI (built with CustomTkinter) doesn't freeze. The "secret sauce" isn't the AI itself, but the parser I wrote that converts the unstructured text output from YARA into a structured JSON format that the local LLM can actually understand and reason about.<p>I’ve been using it to triage files for my own learning. In one case, Syd flagged a file matching a "SilentBanker" rule and the AI pointed out specific API calls for keylogging, saving me about 20 minutes of manual hex-editing. In the demo video linked, you can see this workflow: scanning a directory, hitting on a custom YARA rule, and having the local AI immediately analyze the strings.<p>Through this process, I learned that "AI wrappers" are easy, but AI orchestration is hard—getting the tools to output clean data for the LLM is the real challenge. I'd love to hear if there are other static analysis tools (like PEStudio or Capa) you consider essential for a workstation like this, or how you currently handle the privacy risk of using AI for log analysis.
Show HN: Tusk Drift – Open-source tool for automating API tests
Show HN: Tusk Drift – Open-source tool for automating API tests Hey HN, I'm Marcel from Tusk. We’re launching Tusk Drift, an open source tool that generates a full API test suite by recording and replaying live traffic.<p>How it works:<p>1. Records traces from live traffic (what gets captured)<p>2. Replays traces as API tests with mocked responses (how replay works)<p>3. Detects deviations between actual vs. expected output (what you get)<p>Unlike traditional mocking libraries, which require you to manually emulate how dependencies behave, Tusk Drift automatically records what these dependencies respond with based on actual user behavior and maintains recordings over time. The reason we built this is because of painful past experiences with brittle API test suites and regressions that would only be caught in prod.<p>Our SDK instruments your Node service, similar to OpenTelemetry. It captures all inbound requests and outbound calls like database queries, HTTP requests, and auth token generation. When Drift is triggered, it replays the inbound API call while intercepting outbound requests and serving them from recorded data. Drift’s tests are therefore idempotent, side-effect free, and fast (typically <100 ms per test). Think of it as a unit test but for your API.<p>Our Cloud platform does the following automatically:<p>- Updates the test suite of recorded traces to maintain freshness<p>- Matches relevant Drift tests to your PR’s changes when running tests in CI<p>- Surfaces unintended deviations, does root cause analysis, and suggests code fixes<p>We’re excited to see this use case finally unlocked. The release of Claude Sonnet 4.5 and similar coding models have made it possible to go from failing test to root cause reliably. Also, the ability to do accurate test matching and deviation classification means running a tool like this in CI no longer contributes to poor DevEx (imagine the time otherwise spent reviewing test results).<p>Limitations:<p>- You can specify PII redaction rules but there is no default mode for this at the moment. I recommend first enabling Drift on dev/staging, adding transforms (<a href="https://docs.usetusk.ai/api-tests/pii-redaction/basic-concepts">https://docs.usetusk.ai/api-tests/pii-redaction/basic-concep...</a>), and monitoring for a week before enabling on prod.<p>- Expect a 1-2% throughput overhead. Transforms result in a 1.0% increase in tail latency when a small number of transforms are registered; its impact scales linearly with the number of transforms registered.<p>- Currently only supports Node backends. Python SDK is coming next.<p>- Instrumentation limited to the following packages (more to come): <a href="https://github.com/Use-Tusk/drift-node-sdk?tab=readme-ov-file#requirements" rel="nofollow">https://github.com/Use-Tusk/drift-node-sdk?tab=readme-ov-fil...</a><p>Let me know if you have questions or feedback.<p>Demo repo: <a href="https://github.com/Use-Tusk/drift-node-demo" rel="nofollow">https://github.com/Use-Tusk/drift-node-demo</a>
GT – Experimental multiplexing tensor framework for distributed GPU computing
GT – Experimental multiplexing tensor framework for distributed GPU computing
Show HN: An open source access logs analytics script to block bot attacks
Show HN: An open source access logs analytics script to block bot attacks This is a small PoC Python project for web server access logs analyzing to classify and dynamically block bad bots, such as L7 (application-level) DDoS bots, web scrappers and so on.<p>We'll be happy to gather initial feedback on usability and features, especialy from people having good or bad experience wit bots.<p>*Requirements*<p>The analyzer relies on 3 Tempesta FW specific features which you still can get with other HTTP servers or accelerators:<p>1. JA5 client fingerprinting (<a href="https://tempesta-tech.com/knowledge-base/Traffic-Filtering-by-Fingerprints/" rel="nofollow">https://tempesta-tech.com/knowledge-base/Traffic-Filtering-b...</a>). This is a HTTP and TLS layers fingerprinting, similar to JA4 (<a href="https://blog.foxio.io/ja4%2B-network-fingerprinting" rel="nofollow">https://blog.foxio.io/ja4%2B-network-fingerprinting</a>) and JA3 fingerprints. The last is also available in Envoy (<a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto.html" rel="nofollow">https://www.envoyproxy.io/docs/envoy/latest/api-v3/extension...</a>) or Nginx module (<a href="https://github.com/fooinha/nginx-ssl-ja3" rel="nofollow">https://github.com/fooinha/nginx-ssl-ja3</a>), so check the documentation for your web server<p>2. Access logs are directly written to Clickhouse analytics database, which can cunsume large data batches and quickly run analytic queries. For other web proxies beside Tempesta FW, you typically need to build a custom pipeline to load access logs into Clickhouse. Such pipeliens aren't so rare though.<p>3. Abbility to block web clients by IP or JA5 hashes. IP blocking is probably available in any HTTP proxy.<p>*How does it work*<p>This is a daemon, which<p>1. Learns normal traffic profiles: means and standard deviations for client requests per second, error responses, bytes per second and so on. Also it remembers client IPs and fingerprints.<p>2. If it sees a spike in z-score (<a href="https://en.wikipedia.org/wiki/Standard_score" rel="nofollow">https://en.wikipedia.org/wiki/Standard_score</a>) for traffic characteristics or can be triggered manually. Next, it goes in data model search mode<p>3. For example, the first model could be top 100 JA5 HTTP hashes, which produce the most error responses per second (typical for password crackers). Or it could be top 1000 IP addresses generating the most requests per second (L7 DDoS). Next, this model is going to be verified<p>4. The daemon repeats the query, but for some time, long enough history, in the past to see if in the past we saw a hige fraction of clients in both the query results. If yes, then the model is bad and we got to previous step to try another one. If not, then we (likely) has found the representative query.<p>5. Transfer the IP addresses or JA5 hashes from the query results into the web proxy blocking configuration and reload the proxy configuration (on-the-fly).
No other tools from this source yet.