pokitdog.com

Show HN: Starglyphs - A constellation puzzle game based on Euler paths

I am a big Dragon Age fan and sunk hundreds of hours into Inquisition. It had this minigame called astrariums where you had to solve these shapes based on constellation guides by tracing stars. I'm a hobby game dev and wondered if I could procedurally generate these puzzles so they were always solvable. Turns out you can, so I built a space puzzle game around it with a colorful aesthetic. I released it in web form here but I'm currently working on getting it on Steam and mobile.

Show HN: CI/Lock – signed evidence of what your CI ran

I helped create Witness, donated it to the CNCF/in-toto ecosystem, and worked on the NIST 800-204D "pipeline observer" guidance. CI/Lock is the next version of that work, and it's under the Apache 2.0 license.Here's the gap it closes. In March, two supply-chain attacks hit within a week of each other. Someone force-pushed 75 of 76 version tags in aquasecurity/trivy-action, so every pipeline that had pinned to a tag (the thing we all tell people to do) pulled credential-stealing code on its next run. It read secrets from/proc/<pid>/environ and sent them to a typosquat. A few days later, two litellm releases on PyPI carried a stealer in a .pth file, which Python runs on startup. You didn't have to import it. If the package touched the machine, the code already ran.Both attacks had the same shape: CI ran code it had no reason to trust, with credentials it had no reason to hold, and afterward nobody could prove what actually executed. You could read the workflow file. You couldn't prove what ran.CI/Lock wraps a command and records what really happened: the command, the files it reads, the environment, and the artifacts it produces. Then it signs that as an in-toto/DSSE attestation. It's a notary standing next to each build step.<pre><code> cilock run -- go build -o app ./... cilock verify ./app -p release.policy.signed -k policy.pub </code></pre> The policy is signed by a person, with their key, and it says what's allowed to ship. One line matters most to me: the agent writing your code this week (Claude Code, Codex, Cursor) can run the build, gather the evidence, and draft the release, but it can't sign the policy, so it can't decide what ships. "The agent did it" is not provenance.What's changed since I left Witness:Keyless by default. In GitHub Actions it signs off the runner's OIDC token. No login, no stored secret, no long-lived key to leak. You don't stand up Fulcio or a timestamp authority yourself; one flag derives the hosted endpoints. You can also bring your own key and storage, or run fully offline.It records what ran, not what you declared. ptrace by default (portable, no root), plus an eBPF backend that traces at the kernel boundary; it logs which one fired. Every file each process opens lands in the attestation, so a Rego policy can fail the build on the credential-sweep pattern, like a read of /proc/self/environ. Tracing added about 36% to an npm install in our tests.Per-file digests get committed to an RFC 6962 Merkle root, so you get a real inclusion proof per artifact and a 29,000-file npm install doesn't turn into a 10 MB envelope.It speaks Witness in both directions. Anything Witness produced verifies under cilock, and cilock's shared attestors verify back under Witness, so it drops in next to what you already run. There are 50-plus attestors, each its own Go module, so you can build a binary with only the ones you use.What it is not: cilock is forensic, not a runtime IPS. Detection happens after a step runs, so if that step exfiltrates secrets while it executes, the exfiltration already happened. Cilock blocks the release and leaves a tamper-evident record of it. It watches network egress (connect and sendto syscalls, destination, DNS, TLS SNI) but doesn't block traffic inline the way Harden-Runner does. The trace mode is Linux-only and opt-in.Install:<pre><code> go install github.com/aflock-ai/rookery/cilock/cmd/cilock@latest </code></pre> Your first signed build takes about a minute. Code is at github.com/aflock-ai/rookery.I'll be in the thread today. Ask me anything about the attestation format, the keyless trust model, or how it relates to Witness.dev

These new CIVIVI knives look like everyday carry met modern art

Today we’re checking out five new CIVIVI knives for July 2026, from playful everyday-carry designs to a limited-edition model ...

The best multi-tools for everyday carry, camping, and repairs

Having a good multi-tool nearby can make quick work of small fixes that would otherwise turn into a whole thing. Tightening a loose screw, opening a stubborn package, or handling something quick ...

Walmart’s $8 ‘Everyday Carry’ Pocket Knife Is a Highly Rated Alternative to the Name Brands

The Arena Media Brands, LLC and respective content providers may receive compensation for some links to products and services on this website. It's not every day that you can purchase a highly rated ...

Why younger concealed carriers are choosing differently than the generation that normalized everyday carry before them

The generation that made everyday carry mainstream prized reliability, routine, and a fairly fixed idea of what a carry gun ...

Smart EDC tools for when you cannot carry a knife

Gideons Tactical explores smart EDC tools designed for situations where knives are not an option.

This Spyderco Pocket Knife With ‘Next-Level’ Build Quality Is Nearly 40% Off on Amazon

View post: Amazon Is Selling This 6-Pack of Heavy-Duty Totes for $20 Ahead of Prime Day 2026 Spyderco’s Tenacious Folding Pocket Knife is on sale on Amazon for just $59, a hefty 39% discount from its ...

These Prime Day EDC Deals Are All Under $50—Including a Civivi Knife at a 30-Day Low

The Civivi Baklash is at its lowest price in 30 days at just $37. I love the black-on-black blade and handle combo which ...

Rough Edge EDC: Trivisa Koala hits trifecta — small, functional, stylish

EL PASO, Texas (KTSM) – Small but highly functional. Those are a couple of things I tend to look for in a pocket knife. And if it also looks great, that is the proverbial trifecta. Recently got a little knife from a brand I had never heard of before and it may fit the bill […]

11 New Pocket Knives, Multi-Tools and EDC Items You Might Have Missed

One of Blade Show’s biggest winners headlines the week, but it’s hardly the only standout in the latest crop of cutting-edge ...

20% Off an Heirloom-Quality Benchmade, Plus Every Other Pocket Knife Deal to Shop this Prime Day

After all, why shouldn’t you pick up a new EDC?

RMU Proves Every Pack Should Be Lined With Gold: Roll Top EDC Backpack Review

We stopped at the top of the Eiger Trail. Below, the slopes of the Kleine Scheidegg ski resort stretched toward the town of Grindelwald, visible in the distance. Above, the towering peak of the ...

Army says M7 ‘production line has changed to the XM8’ carbine

When it comes to the production of the Army’s newest small arms, the priority has shifted from the M7 rifle to the lighter XM8 carbine, an Army spokesperson told Task & Purpose.“The production line has changed to the XM8,” said David Patterson Jr., director of public affairs for the Army’s Capability Program Executive Ground, which oversees weapons development, helmets, sensors and other equipment for soldiers.The M7 rifle and XM8 carbine are part of the Army’s Next Generation Squad Weapon p

Women finish Ranger School in better physiological condition than men, study finds

Men who went through the Army’s grueling Ranger School at Fort Benning, Georgia, experienced greater hormonal changes than women who took part in the course, according to a recent study by the service.The findings are from the U.S. Army Research Institute of Environmental Medicine, whose researchers looked at men and women who participated in the 61-day leadership course. The study focused on how stressors impact the body’s physiological responses, like metabolic and sex hormones, iron levels an

Pray for your product to work, because you are on your own after paying them

I wanted to buy directly by them to be fair to the producers, but it was a bad idea. Bought two identical white G5 flashlights a year ago. One is working fine at the moment, the other stopped working the first months, seemed like it charged but no way of making it work. Had it laying arround until a few days ago, when I emailed support to ask for a solution. They asked for a video, confirmed the problem, and sent me a discount link to buy another telling me that it was to pay for the shipping

Took it on a night hike with the lantern cone and it worked perfectly.

Took it on a night hike with the lantern cone and it worked perfectly. ==>https://www.ultrafire.com/products/uf-h7-rechargeable-edc-flashlight-2500lm

This Badass, Surprisingly Affordable Survival Kit Ensures You Never Get Stranded on the Highway Again

Emergency preparedness shouldn’t be an afterthought — it’s better to be ready and not need your kit than the other way around. This idea is well-known in the adventure community, but it’s especially ...

10 essential Harbor Freight finds for your survival kit

Cliff, The Urban Prepper, reviews affordable and practical gear from Harbor Freight that can be effectively integrated into a ...

The Best Bug-Out Bags to Have on Hand for Emergencies

If you purchase an independently reviewed product or service through a link on our website, Rolling Stone may receive an affiliate commission. With everything from natural disasters to communicable ...