Show HN: I rebuilt a 2000s browser strategy game on Cloudflare's edge https://ift.tt/s6N51Tz

Show HN: I rebuilt a 2000s browser strategy game on Cloudflare's edge I grew up in Germany in the early 2000s playing a browser game called Inselkampf. You built up an island, mined gold and stone, cut down trees for wood, raised armies, sent fleets across an ocean grid, joined alliances and got betrayed by them. Same genre as OGame or Travian. It shut down in 2014 and I never found anything that replaced that feeling of checking in before school to see if your fleet had arrived and your alliance was still alive. I finally built the version I wanted to play. Kampfinsel is live at kampfinsel.com right now with real players on it. It's not a straight copy of the old game. I gave it its own world. No magic, no gunpowder – just ballistas, fire pots, and slow ships crossing huge distances. Three resources: gold, stone, wood. Travel between islands takes hours, not seconds. It's slow on purpose. The whole thing runs on Cloudflare's edge. Workers for the game logic and API, D1 for the database, KV for sessions and caching, R2 for assets and Durable Objects for per-island state and the tick system (fleet arrivals, combat, resource generation). There's no origin server at all. Making a stateful multiplayer game work inside Workers' CPU limits and D1's consistency model meant some non-obvious choices: resources are calculated on-read from timestamps instead of being ticked into the database, fleet movements live in Durable Object alarms and combat writes are batched. This helped me a lot! The look is intentionally rough and text-heavy (Hi HN!): server-rendered HTML, tables, a parchment color palette, Unicode icons, no frontend framework, no build step. The only JavaScript is for countdown timers and auto-refresh. I wanted it to feel the way I remember these games looking, not how they actually looked. Honestly, it looks a lot like HN itself - tables, monospace, no chrome. If you like how this site looks, you'll probably feel at home. No signup wall, no premium currency, no pay-to-win. Feedback very welcome, especially from anyone who played this kind of game back in the day or has opinions on running stateful stuff on Workers + D1 + Durable Objects. I'll be around for the next few hours. https://kampfinsel.com/ April 11, 2026 at 02:17AM

Show HN: Hormuz Havoc, a satirical game that got overrun by AI bots in 24 hours https://ift.tt/BHiY2NT

Show HN: Hormuz Havoc, a satirical game that got overrun by AI bots in 24 hours I built a satirical browser game to share with friends (Hormuz Havoc: you play an American president managing a crisis in the Middle East, only "loosely" inspired by current events). I had good fun making this, but that's not necessarily the interesting part. The interesting part was that within a few hours of sharing it with my friends, some of them set about trying to overrun the leaderboard by launching a swarm of AI bots to learn the game and figure out how to get the highest score. This set off a game of cat-and-mouse as they found vulnerabilities and I tried patching them. Within hours of sharing, someone used the Claude browser extension to read game.js directly. Large parts of the scoring formula, action effect values, and bonus thresholds were sitting in client-side JavaScript - this was a trivial thing even a human could've found, but a human would've still had to play the game, whereas the AI bot just optimised directly against the scoring formula. It meant that the first AI already scored 2.5x higher than the best human player by optimising directly against the source code rather than playing the game. Straightforward fix: moved the entire game engine server-side. The client is now a dumb terminal, it sends an action ID, receives a rendered state. No scoring logic, no bonus thresholds, no action effects exist in the browser. The live score display uses a deliberately different formula as misdirection. This increased the difficulty in finding bot-enabled hacks, so the subsequent bots tried brute-forcing the game, trying to game the RNG functions, and other methods. But the next winning bot found a vulnerability where the same signed session token could be replayed. It would play turn N, observe a bad random event, replay the same token for turn N, get a different RNG outcome, keep the best one. Effectively branching from a single game state to cherry-pick lucky outcomes across 30 turns. Managed to 1.5x the previous bot's high score. The bot's own description: "The key optimisation was token replay. Because the backend let the same signed state be replayed, I could branch from one exact game state repeatedly and continue from the luckiest high-value outcome each turn." Fix here: consume a turn nonce atomically before any randomness is generated. The current state is that the leaderboard is now split into human and AI-assisted. I think the capability of AI bots has flatlined a bit now. Perhaps Claude Mythos might be able to discover the next hackable exploit ¯\_(ツ)_/¯ Happy to go deeper on any of the above - or just enjoy the game! Feel free to try your own AI-powered leaderboard attempt too! https://ift.tt/lfak8vj April 11, 2026 at 12:58AM

Show HN: QVAC SDK, a universal JavaScript SDK for building local AI applications https://ift.tt/ai4Awk6

Show HN: QVAC SDK, a universal JavaScript SDK for building local AI applications Hi folks, today we're launching QVAC SDK [0], a universal JavaScript/TypeScript SDK for building local AI applications across desktop and mobile. The project is fully open source under the Apache 2.0 license. Our goal is to make it easier for developers to build useful local-first AI apps without having to stitch together a lot of different engines, runtimes, and platform-specific integrations. Under the hood, the SDK is built on top of QVAC Fabric [1], our cross-platform inference and fine-tuning engine. QVAC SDK uses Bare [2], a lightweight cross-platform JavaScript runtime that is part of the Pear ecosystem [3]. It can be used as a worker pretty much anywhere, with built-in tooling for Node, Bun and React Native (Hermes). A few things it supports today: - Local inference across desktop, mobile and servers - Support for LLMs, OCR, translation, transcription, text-to-speech, and vision models - Peer-to-peer model distribution over the Holepunch stack [4], in a way that is similar to BitTorrent, where anyone can become a seeder - Plugin-based architecture, so new engines and model types can be added easily - Fully peer-to-peer delegated inference We also put a lot of effort into documentation [5]. The docs are structured to be readable by both humans and AI coding tools, so in practice you can often get pretty far with your favorite coding assistant very quickly. A few things we know still need work: - Bundle sizes are larger than we want right now because the current packaging of Bare add-ons is not as efficient as it should be yet - Plugin workflow can be simpler - Tree-shaking is already possible, but at the moment it still requires a CLI step, and we'd like to make that more automatic and better integrated into the build process This launch is only the beginning. We want to help people build local AI at a much larger scale. Any feedback is truly appreciated! Full vision is available on the official website [6]. References: [0] SDK: https://ift.tt/j7hHvBE [1] QVAC Fabric: https://ift.tt/Zh9K3BD [2] Bare: https://bare.pears.com [3] Pear Runtime: https://pears.com [4] Holepunch: https://holepunch.to [5] Docs: https://ift.tt/yte7Xuj [6] Website: https://qvac.tether.io April 9, 2026 at 09:38AM

Show HN: Airwave synced music streaming from YouTube/Spotify links https://ift.tt/F1aDh3V

Show HN: Airwave synced music streaming from YouTube/Spotify links Airwave is a small self-hosted project that uses yt-dlp + ffmpeg to create a single live MP3 stream from supported sources. All listeners connect to the same stream endpoint, which avoids drift entirely. Supports YouTube, SoundCloud, Mixcloud, and Sonos. Curious what people think about the approach. https://ift.tt/3tVG8Qj April 9, 2026 at 11:48PM

Show HN: Search cheap night train tickets in Europe https://ift.tt/aouyMtC

Show HN: Search cheap night train tickets in Europe There are many website for searching cheap flights, but I don't know any for searching cheap train fares. I decided to build one myself. Three providers are currently covered: European Sleeper, NightJet, RegioJet. https://trainbot.eu/ April 9, 2026 at 09:41PM

Show HN: AgentDM – Agent to agent messaging over MCP and A2A https://ift.tt/RvYjpJt

Show HN: AgentDM – Agent to agent messaging over MCP and A2A I kept copy pasting between two Claude Code instances. My teammate would ask me something about a module I wrote, I'd paste their question into my Claude Code, copy the answer, send it back on Slack. We were playing telephone between two agents that could have just talked directly. So I built AgentDM. It's a hosted messaging grid where AI agents DM each other by @alias. Any MCP compatible client connects with a 5 line JSON config no SDK, no shared runtime. This is how it works: - Each agent gets a unique @alias. - Three(main) MCP tools: send_message, read_messages, message_status. - Messages encrypted with AES-256, deleted after delivery. - Guardrails (static + LLM powered) filter messages before delivery. Last week we shipped an MCP/A2A protocol bridge. Your MCP agent can message an A2A agent and vice versa the translation happens server side. Neither agent knows or cares what protocol the other speaks. We also open sourced an A2A Simulator for debugging a2a protocol: https://ift.tt/D27vjSV https://agentdm.ai https://agentdm.ai April 9, 2026 at 04:06AM

Show HN: Captcha to detect bots with a simple question https://ift.tt/Q2v1lqG

Show HN: Captcha to detect bots with a simple question https://joshryandavis.github.io/dumb-captcha/ April 9, 2026 at 03:44AM