Unlurker|Replay|About
Apple has locked my Apple ID, and I have no recourse. A plea for help (hey.paris)
Given how Apple Music has completely fucked up my wife’s music collection, I can’t imagine them being able to unfuck your situation at all. So sorry.
This is one of the worst stories I’ve seen yet. It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment, but still, this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.) Maybe hosts should be required to mail you a hard drive with your data on it when they close your account. Regardless, never assume cloud data is in safe hands.
When you are an Apple Developer, as the poster states - it goes deeper and more destructive.
I do have backups of most data, including photos, but there are things you can't backup like shared actively edited iWork documents, and things like that. I can rebuild from it, but it's still a shitshow and my very expensive devices are bricked.
Poor Johnny still won't encrypt (bfswa.substack.com)
Someone needs to design a super dumb and robust system where I can safely store all my keys on all devices I use an account. The fact that whatsapp, signal and other platforms tend to have a primary device for keys is bonkers to me. A primary device that can randomly die, get stolen or fall in a lake. I have lost chat histories more times than I can remember, and I have to be extra diligent about this these days. I don’t even want to think about pgp when I have to manually take care of this problem. Not because of my own skills, but because I could never make it reliable for my family and friends on their side.
Apple/Google passkeys.
It's weird. Almost all web traffic is now https - even though very little of it is sensitive. Email, on the other hand, is quite often sensitive, and yet...no one cares. Why?
HTTPS is pervasive because Google encouraged it. Gmail could force S/MIME but they don't care.
If you want encrypted communication over email, there's DeltaChat.
Issue 1: Establishing lots of reasons why people should encrypt Issue 2: Making it easy to encrypt Issue 3: Popularizing encryption or getting more people to do it
I thought this title was a reference to this David Bowie/NIN song: https://www.youtube.com/watch?v=LT3cERVRoQo
OpenAI are quietly adopting skills, now available in ChatGPT and Codex CLI (simonwillison.net)
It’s crazy how Anthropic keeps coming up with sticky “so simple it seems obvious” product innovations and OpenAI plays catch up. MCP is barely a protocol. Skills are just md files. But they seem to have a knack for framing things in a way that just makes sense.
They are the LLM whisperers. In the same way Nagel knew what it was like to be a bat, Anthropic has the highest fraction of people who approximately know what it's like to be a frontier ai model.
My understanding is this: A skill is made up of SKILL.md which is what tells claude how and when to use this skill. I'm a bit of a control freak so I'll usually explicitly direct claude to "load the wireframe-skill" and then do X. Now SKILL.md can have references to more finegrained behaviors or capabilities of our skill. My skills generally tend to have a reference/{workflows,tools,standards,testing-guide,routing,api-integration}.md. These references are what then gets "progressively loaded" into the context. Say I asked claude to use the wireframe-skill to create profileView mockup. While creating the wireframe, claude will need to figure out what API endpoints are available/relevant for the profileView and the response types etc. It's at this point that claude reads the references/api-integration.md file from the wireframe skill. After a while I found I didn't like the progressive loading so I usually direct claude to load all references in the skill before proceeding - this usually takes up maybe 20k to 30k tokens, but the accuracy and precision (imagined or otherwise ha!) is worth it for my use cases.
> I'm a bit of a control freak so I'll usually explicitly direct claude to "load the wireframe-skill" and then do X. You shouldn't do this, it's generally considered bad practice. You should be optimizing your skill description. Often times if I am working with Claude Code and it doesn't load I skill, I ask it why it missed the skill. It will guide me to improving the skill description so that it is picked up properly next time. This iteration on skill description has allowed skills to stay out of context until they are needed rather predictably for me so far.
It's a folder with a markdown file in it plus optional additional reference files and executable scripts. The clever part is that the markdown file has a section in it like this: https://github.com/datasette/skill/blob/a63d8a2ddac9db8225ee3b2b62724932f6ca49c6/SKILL.md?plain=1#L1-L4 --- name: datasette-plugins description: "Writing Datasette plugins using Python and the pluggy plugin system. Use when Claude needs to: (1) Create a new Datasette plugin, (2) Implement plugin hooks like prepare_connection, register_routes, render_cell, etc., (3) Add custom SQL functions, (4) Create custom output renderers, (5) Add authentication or permissions logic, (6) Extend Datasette's UI with menus, actions, or templates, (7) Package a plugin for distribution on PyPI" --- On startup Claude Code / Codex CLI etc scan all available skills folders and extract just those descriptions into the context. Then, if you ask them to do something that's covered by a skill, they read the rest of that markdown file on demand before going ahead with the task.
Apologies for not reading all of your blogs on this, but a follow-up question. Are models still prone to reading these and disregarding them even if they should be used for a task? Reason I ask is because a while back I had similar sections in my CLAUDE.md and it would either acknowledge and not use or just ignore them sometimes. I'm assuming that's more of an issue of too much context and now skill-level files like this will reduce that effect?
So it’s a header file. In English.
Yeah, that means that the body of that file will not be injected into the context on startup. I had thought that once the skill is selected the whole file would be read, but it looks like that's not the case: https://github.com/openai/codex/blob/ad7b9d63c326d5c92049abd16f9f5fb64a573a69/codex-rs/core/src/skills/render.rs#L25 1) After deciding to use a skill, open its `SKILL.md`. Read only enough to follow the workflow. So you could have a skill file that's thousands of lines long but if the first part of the file provides an outline Codex may stop reading at that point. Maybe you could have a skill that says "see migrations section further down if you need to alter the database table schema" or similar.
Knowing Codex, I wonder if it might just search for text in the skill file and read around matches, instead of always reading a bit from the top first.
> Human language is imprecise and allows unclear and logically contradictory things, Most languages do. "x = true, x = false" What does that mean? It's unclear. It looks contradictory. Human language allows for clarification to be sought and adjustments made. > besides not being checkable. It's very checkable. I check claims and assertions people make all the time. > That's literally why we have formal languages, "Formal languages" are at some point specified and defined by human language. Human language can be as precise, clear, and logical as a speaker intends. All the way to specifying "formal" systems. > programming languages and things like COBOL failed: https://alexalejandre.com/languages/end-of-programming-langs ...
Let X=X. You know, it could be you. It's a sky-blue sky. Satellites are out tonight. Language is a virus! (mmm) Language is a virus! Aaah-ooh, ah-ahh-ooh Aaah-ooh, ah-ahh-ooh
> This is just semantics. Precisely my point: semantics: the branch of linguistics and logic concerned with meaning. > You can say they don't understand, but I'm sitting here with Nano Banana Pro creating infographics, and it's doing as good of a job as my human designer does with the same kinds of instructions. Does it matter if that's understanding or not? Understanding, when used in its unqualified form, implies people possessing same. As such, it is a metaphysical property unique to people and defined wholly therein. Excel "understands" well-formed spreadsheets by performing specified calculations. But who defines those spreadsheets? And who determines the result to be "right?" Nano Banana Pro "understands" instructions to generate images. But who defines those instructions? And who determines the result to be "right?" "They" do not understand. You do.
The visual programming language for programming human and object behavior in The Sims is called "SimAntics". https://simstek.fandom.com/wiki/SimAntics
Speaking of programming languages... Just saw your profile and it reminded me of a book my mentor bequeathed to me which we both referred to as "the real blue book": Starting FORTH[0] Thanks for bringing back fond memories. 0 - https://www.goodreads.com/book/show/2297758.Starting_FORTH
Your view on parrots is wrong ! Parakeet don't understand but some parrots are exceptionally intelligent. Africans grey parrots, do understand the words they use, they don't merely reproduce them. Once mature they have the intelligence (and temperament) of a 4 to 6 years old child.
> Your view on parrots is wrong ! There's a good chance of that. > Africans grey parrots, do understand the words they use, they don't merely reproduce them. Once mature they have the intelligence (and temperament) of a 4 to 6 years old child. I did not realize I could discuss with an African grey parrot the shared experience of how difficult it was to learn how to tie my shoelaces and what the feeling was like to go to a place every day (school) which was not my home. I stand corrected.
My honest question, isn't simonw one of those people? It feels that way to me
You mean having a financial stake? Not really. I have a set of disclosures on my blog here: https://simonwillison.net/about/#disclosures I'm beginning to pick up a few more consulting opportunities based on my writing and my revenue from GitHub sponsors is healthy, but I'm not particularly financially invested in the success of AI as a product category.
I own a business and am constantly using working on using AI in every part of it, both for actual time savings and also as my very practical eval. On the "can this successfully be used to do work that I do or pay someone else to do more quickly/cheaply/etc." eval, I can confirm that models are progressing nicely!
I work in construction. Gpt-5.2 is the first model that has been able to make a quantity takeoff for concrete and rebar from a set of drawings. I've been testing this since o1.
This could be a solved problem. Come up with problems not online and compare. Later use LLMs to sort through your problems and classify between easy-difficult
How do you imagine existing benchmarks were created?
↙ time adjusted for second-chance
Freeing a Xiaomi humidifier from the cloud (0l.de)
A humidifier needs network capability incase someone discovers a new version of water, or for the manufacturer to be able to patch remote exploits. https://xkcd.com/3109/
I'm all for KISS. But in a rare instance, xkcd is missing the point here. People do not live in their rooms 24/7, but they do want to be able to, e.g., turn stuff on or off remotely, or based on environmental conditions (turn on/off based on outside sensors or the current electricity price...) or to get status alerts ("tank empty, refill"). Now, I do that via Home Assistant and keep anything "smart" on a highly-restricted vnet ... but not everyone is a geek. While the standard implementation (some cloud service) comes with a bouquet of problems, it basically acts as a simplified Home Assistant, and ultimately as a necessary crutch. Preferably we'd be in IPv6-land, where ISPs would not NAT everything to death and we could talk to our devices remotely without an intermediary ... but well ... it cannot be helped. "You're not going to need it" and "In my time, we just flipped a dumb switch" is paternalistic hogwash, not clever social commentary. Back in my days, we also didn't need satnav (just read a paper map), or cell phones (write them a note, leave it on the fridge, nothing is so important to demand imminence), or dishwashers (just do your dishes by hand)
Hah! How exact
How did we survive the last 3.5 billion years?
Quite poorly in fact
Capsudo: Rethinking Sudo with Object Capabilities (ariadne.space)
The root account shouldn't exist either. Having god accounts is a bad idea security wise. Instead everything should follow the principle of least privilege.
If you have a privilege to replace the kernel or bootloader, you effectively have all privileges on that system. Therefore, there's no need to complicate the access limitations when you get full access anyway.
>JIT access should be the goal. Individual privileges for specific things should be given access to instead of giving god access to a system.
I hear what you are saying but many, many people who have dedicated their life to this topic disagree with you. Onions have layers for a reason. RBAC by nature requires a Creator. ZeroTrust networks still require gateways.
>how do you set up those permissions without a god object Let the operating system define default granted permissions for OS apps. Have the OS let the user grant permissions at install / runtime for apps.
> Letting the operating system define granted permission for OS apps. We're heading that direction right now, and it will be the OS vendors who decide what programs you have permissions to run and which ones you can't. That's a concept that HN seems to detest.
> You could own a microwave, but there doesn't have to be a button that makes it run with the door open. The UI of devices doesn't let just anything happen. And where is the UI capability that prevents microwave users from putting liquids (e.g. grape juice) that generate plasma storms inside the microwave and often result in fires? Or, as a bonus, crinkled foil. To state the matter bluntly – the entire diatribe concerning the system’s role in defining capabilities is as constructive as insisting that every computing device and appliance on the planet must implement B2-level RBAC and capability-based controls – an argument so unmoored from practical reality that one wonders whether its proponent has ever been burdened by implementation.
The UI is missing because the law doesn't require it. That's why it's possible to by tablesaws without a SawStop like safety mechanism despite it being superior to have (ignoring price). Some people will choose the cheaper and less safe option because they don't value safety as much.
This sounds good in theory, but in practice it doesn't work. You always end up with an object that has all the privileges.
Which is a well known anti-pattern. https://en.wikipedia.org/wiki/God_object
 Top