HN Showcase
Back to browse
GitHub Repository

A zero-overhead CLI tool for capturing stdout/stderr output from a running process (and optionally its entire descendant tree) using eBPF tracepoints. Useful for attaching to processes that have already started, that redirect their output to `/dev/null`, that are buried inside a service manager, or that you simply don't want to restart.

6 starsC

Zero-overhead tool to capture stdout/stderr from a process using eBPF

by hparadiz·Mar 3, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidWizardryNiche Gem

eBPF-based live process I/O capture; clever kernel approach but narrow use case.

Strengths
  • Zero-overhead kernel tracing avoids slow userspace I/O redirection or process restart.
  • Works on running processes, buried in service managers, or redirected to /dev/null—genuinely hard problem.
  • Per-PID line buffering correctly reassembles output split across syscalls.
Weaknesses
  • Linux-only with strict kernel version requirement (5.8+) and CAP_BPF/CAP_PERFMON—high barrier to entry.
  • Solves a real but niche problem; most users restart processes or use strace/systemd logging instead.
Target Audience

DevOps engineers, sysadmins, debugging systems without access to restart processes

Similar To

strace · systemd journald · bpftrace

Similar Projects

Productivity●●Solid

Cappu – ADHD'er take on a different task manager

The core idea — one-tap, one-field capture and deferred processing — is simple and genuinely helpful for attention-challenged workflows; the app pairs that flow with Workspace and Timeline views so you can act from already-sorted items. It’s not reinventing GTD, but the mobile-first PWA, offline/local storage hints, and a focused UI show someone trimmed features ruthlessly for speed; the obvious tradeoffs are sync behind a paywall and the limitations of PWA distribution versus native apps.

Niche GemSlickShip It
arajnoha
104mo ago