Unlurker|Replay|About
↙ time adjusted for second-chance
Valve reveals it’s the architect behind a push to bring Windows games to Arm (theverge.com)
Can someone tell me how much more power efficient is ARM actually? Like under load when gaming, not in a phone that sleeps most of the time. I've heard both claims, that it's still a huge difference and that for new AMD Zen it's basically the same.
The instruction set has marginal impact. But many power efficient chips happen to be using the ARM instruction set today.
It's workload-dependent. On-paper, ARM is more power-efficient at idle and simple ops, but slows down dramatically when trying to translate/compose SIMD instructions.
Everything valve doing for linux is making such a huge impact. The HL3 memes don't even seem fair to use anymore. I don't even want to un-seriously make joke fun of them at this point. They are just genuinely doing so much for the community.
Valve is one of the few companies regularly seen on HN where the headline is something like "[company] is secretly doing something really great" as opposed to "[company] is secretly doing something evil"
People complain about the gambling/loot box stuff, and yeah there's legit ethical concerns there. But overall Valve just seems straightforwardly less shitty towards the consumer than other major companies in their space, by a long shot.
Honestly dreading the day Gabe has to pass on the torch. Under him valve is such a consumer focused company
He lives on a yacht and fills his days diving and doing marine research. I'm pretty sure Valve is mostly running itself.
From what Ive read his son is pretty actively involved day to day already at valve.
And Valve has been deeply rewarded as a result. The stance that you must abuse customers to maximize economic success will be looked back upon as the stupidity it is.
When I read what you wrote, I immediately asked myself "Doesn't Gabe have children who could have been raised with the same values? Maybe that..." and then I caught myself thinking exactly the same way as many others before me, and the reason why we have so many shitty politicians in positions of power today. I hope Gabe has setup Valve in such a way that they can pass on his mentality as a whole inside the business practices themselves. I think, after all these years, he must have surely thought about what leaving would look like for Valve. Considering this is a guy who seemingly thinks in decades, I feel maybe even optimistically calm about it.
Maybe that's why he stays most of the time away from valve? It's his way of training the company into functioning without him, only intervening occasionally when necessary.
Just musing along with you here but I think it's really hard for anything like that to happen. What seems at least halfway likely is that Valve won't be the same post-Gabe. But there will be other companies that end up with a similar ethos, and we can support those companies as best we can. I'm a huge fan of the OSS model of keeping your core business fully unrelated to OSS but allowing and encouraging the use and contribution to OSS by people on your payroll because it really is a rising tide effect. There are just too many stories of a cool project becoming a company only to eventually reverse-robinhood the project into a closed source for-profit product.
Corporate structure and tools to be used in combination with social controls (i.e. culture) by the true believers can do the job.
There's pretty strong rumours that they actually have been working on a new Half-Life. People are hoping it releases with their new hardware in 2026.
Yes, I too have dabbled in that strongest of drugs called hopium.
Are the rumors still hinting at a VR-only experience as they did a couple of years ago when Half-Life: Alyx released, or is that no longer the speculation? Because that would be unfortunate for me, I'd have to play with a bucket in hand.
I believe for the next Half-Life, latest rumors indicate it is actually back to 2D. During the press event last month, they were also pretty clear that no VR game is currently in development at Valve. A huge missed opportunity imo, but maybe playing HL3 on a theater sized screen is nice enough.
From interviews with the Alyx devs, it really sounded like the only reason they didn't call it HL3 was fear of not living up to the name. Given the org structure at Valve, it's going to take someone with massive hubris to say "I can be the one to lead the HL3 project." That or Gabe getting off his megayacht to lead it (or tell someone their project is worthy of being called HL3).
They decided to make it a prequel for fear of not living up to the name, the decision was made much earlier. If you're at all familiar with the contents of Alyx and the Half-Life franchise it wouldn't have made any sense to call it HL3.
pretty sure they don't have a totally flat org structure anymore but I might be wrong
Seems unlikely with the steam machine coming? I haven't heard any sign of it specifically being frame only
Valve recently said outright that they have no VR titles in development. https://www.roadtovr.com/valve-no-first-party-vr-game-in-development-half-life/
Imagine HL3, Portal 3 et L4D3 but all linux only. oh my
Unfortunately for Linux, the recent ram price increases are reason not to move (if thinking about a new pc).
> Unfortunately for Linux, the recent ram price increases are reason not to move (if thinking about a new pc). Can you elaborate on why high RAM prices mean Linux is less attractive? Do you believe a usable Linux environment uses more RAM than a usable Windows 11 environment?
Why would you need a new PC to swap operating systems?
A killer app is a great way to sell a "console". Windows port can come later.
Doubt it, considering Deadlock still only has Windows builds a year into alpha. https://steamdb.info/app/1422450/depots/
To be fair, without the HL3 memes, would Valve ever become as massive as they are now without them constantly teasing and playing into it? (answer: probably, but I would like to believe that this is one of the greatest unintended marketing tactics of the 21st century).
Valve had total dominance over PC gaming before HL3 even became a meme.
Any leads on when the next generation of Steam Deck will be released? Hoping it could be sometime in 2025, but suspect it will be more like 2026. Over the holidays I was playing GTA: San Andreas on a Nintendo Switch. It's fun but so underpowered for a game released in 2004 (Yes, 21 years ago! Damn..). I'm really craving something more. As a sidenote, it's really cool Valve allows installing SteamOS on any hardware. There are some alternative comparable form-factor devices: * Lenovo Legion Go S * Asus ROG Ally But I have yet to see any of these in real life, so not sure how good or bad they really are. Source: https://www.pcmag.com/picks/the-best-handheld-gaming-devices
Just get a Steam Deck. it's an incredible value for what you get and for what it can do. I'm no expert, but I do pay as close attention as I can to what's going on with gaming hardware because of my limited budget, and I'm guessing Steam Deck 2 is more like Q1 2028, not any time sooner. I'm ok with that. I play all the games I want on my Steam Deck OLED, and I see plenty of life left in it, even this "late" in the game.
Does anyone know what the limfac is? The machine code produced is of course different on different CPU arches, but isn't this handled at the compiler level? I.e. lower level than game devs worry about. The exception I see is if SIMD intrinsics.
> isn't this handled at the compiler level? I.e. lower level than game devs worry about. But game devs (at least of a certain type) are notorious for thinking about low-level hardware performance right from the start. As a class I'm pretty sure game devs use godbolt much, much more than your typical developer.
Because the title mislead me. It turned out that 0 windows games are receiving funding to add ARM compatibility.
Your errant interpretation of the title would imply that Valve was funding individual game developers to support valve? This would be a fool’s errand, compared to the much more obvious interpretation that valve is funding a compatibility layer that would enable broad support for ARM.
That's a geopolitical question. ARM is Western RISC is China / Eastern Valve is just trying to outflank Microsoft here. And they're doing a magnificent job of it. Microsoft has on at least half a dozen occasions tried to draw a box around Valve to control their attempts to grow beyond the platform. And moreover to keep gaming gravitas on Windows. Windows Store, ActiveX, Xbox, major acquisitions ... they've failed to stop Valve's moves almost every time. Linux, Steam Box, Steam Machine - there's now incredible momentum with a huge community with more stickiness than almost any other platform. Microsoft is losing the war. The ARM vs RISC battle will happen, but we're not there yet. There also isn't enough proliferation for it to be strategic to Valve.
> RISC is China/Eastern RISC-V was developed at UC Berkeley. It's roughly as Western as West realistically gets, short of being made in Hawaii. > That's a geopolitical question Sure, but that's not actually about where RISC-V is from. It's that it's a purposely open platform -- so much so that its governing body literally moved to Switzerland. The reason it's a geopolitical question is more to do with what we did to their supply chains with sanctions on companies like Huawei and ZTE, and what COVID did to everyone's supply chains independently of that. Both of those things made it really evident that some domestic supply chains are critical. (On both sides -- see: the CHIPS Act) Where RISC-V comes back in is that open source doesn't really have a functioning concept of export restrictions. Which makes it an attractive contingency plan to develop further in the event of sanctions happening again, since these measures can and have extended to chip licenses.
*RISC-V ARM is a RISC: https://en.wikipedia.org/wiki/Reduced_instruction_set_computer
kinda funny that Microsoft has tried and failed multiple times to make Windows on ARM work and then valve is probably going to succeed, to Microsoft's detriment
Why don't they just ask Copilot to do it?
> and modern multiplayer games with anti-cheat simply do not work through a translation layer, something Valve hopes will change in the future. Although this is true for most games it is worth noting that it isn't universally true. Usermode anti-cheat does sometimes work verbatim in Wine, and some anti-cheat software has Proton support, though not all developers elect to enable it.
Arc Raiders is a great example of a modern and popular multiplayer game that works with proton. I haven't heard about it having a problem with cheating.
Anticheat devs could REALLY benefit by having some data scientists involved. Any player responding to ingame events (enemy appeared) with sub 80ms reaction times consistently should be an automatic ban. Is it ever? No. Given good enough data a good team of data scientists would be able to make a great set of rules using statistical analysis that effectively ban anyone playing at a level beyond human. In the chess of fps that is cs, even a pro will make the wrong read based on their teams limited info of the game state. A random wallhacker making perfect reads with limited info over several matches IS flaggable...if you can capture and process the data and compare it to (mostly) legitimate player data.
"Any player responding to ingame events (enemy appeared) with sub 80ms reaction times consistently should be an automatic ban." Can you define what "reacting" means exactly in a shooter, that you can spot it in game data reliable to apply automatic bans?
Tomorrow the cheats will be back with human looking reaction speeds and inhuman decision making that is indistinguishable from expert players.
Speaking of Anti-Cheat and secure boot, you need SB for Battlefield 6. The game won't start without it. So it's happening! I don't hate the lack of cheating compared to older Battlefield games if I am going to be honest.
Lack of cheating in BF6? Afaik there have been wallhacks and aimbots since the open beta.
> Speaking of Anti-Cheat and secure boot, you need SB for Battlefield 6. The game won't start without it. So it's happening! I'm curious, does anyone know how exactly they check for this? How was it actually made unspoofable?
The basic explanation is that it prevents binaries that are not signed by default from being loaded during the boot process. It only restricts the booting process in the uefi stage. If an executable has been modified, then it will not load due to secure boot. Technically there is nothing stopping you from modifying say winload.efi and signing it with your own key then adding that key to your bios keystore so that it will pass secure boot checks and still use secure boot. I think the biggest thing is that the anticheat devs are using Microsoft's CA to check if your efi executable was signed by Microsoft. If that was the case then its all good and you are allowed to play the game you paid money for. I haven't tested a self-signed secure boot for battlefield 6, I know some games literally do not care if you signed your own stuff, only if secure boot is actually enabled edit: Someone else confirmed they require TPM to be enabled too meaning yeah, they are using remote attestation to verify the validity of the signed binary
They also require TPM, which I think facilitates remote attestation for secure boot.
That sounds like it does prevent cheating? But maybe doesn’t prevent ALL cheats. Or do you mean they work so poorly that it doesn’t make any difference at all?
It makes cheating harder and the timeline to a cheat product gets longer than the iteration speed of anticheat. Kind of like fancy locks don't prevent break ins, just take longer to pick and require more specialised tools.
Other options exist but it’s not an option for these real-time games like FPS’s. I get it. If you don’t need real-time packets and can deal with the old school architecture of pulses, there’s things you can do on the network to ensure security. You do this too on real-time UDP it’s just a bit trickier. Prediction and analysis pattern discovery is really the only options thus far. But I could be blowing smoke and know nothing about the layers of kernel integration these malware have developed.
> But I could be blowing smoke and know nothing about the layers of kernel integration these malware have developed. Kernel level? The SOTA cheats use custom hardware that uses DMA to spy on the game state. There are now also purely external cheating devices that use video capture and mouse emulation to fully simulate a human.
It's telling that Valve uses a user space anti-cheat (VAC) for Counter-Strike 2, but the competitive community overwhelmingly rejects that and ops to use a third-party Windows-only kernel mode anti-cheat (FACEIT).
Eh, some employers also have root for your work PC, that’s different from asking to install a rootkit on your personal PC.
/r/rust, the subreddit for the Rust language, regularly (every 1-2 days at most) gets posts meant for /r/playrust, the subreddit for the Rust game. I genuinely don't know how people manage to get as far as posting without noticing where they are.
It is hard to perceive that which you are not aware exists even with obvious evidence in your face
It’s probably because the “create a Reddit post” form doesn’t require you to even visit the subreddit you are posting to. It DOES show you the rules/sidebar of the subreddit you are about to post to (for /r/rust it includes a link to /r/playrust for the gamers) but apparently many aren’t seeing that.
I wonder if Apple's GPT (Game Porting Toolkit) could added to the macOS Steam client as a compatibility tool, like Proton is in the Linux client.
Apple's GPTK only supports D3D12 -> Metal. In addition, it's ambiguous if 3rd parties can distribute the D3DMetal dylib, as there's no license.
GPTK is mostly a bunch of developer tools for converting to Metal, and the closest it gets to anything like Proton is an "evaluation environment" that is nothing close to Proton's performance. Proton is mostly Wine, and Wine on macOS uses MoltenVK, so it's probably easier to just port Proton.
Direct3D -> Vulkan -> Metal is quite the translation layer sandwich, I wonder if that would have a meaningful impact on performance
If apple wanted to show that they have good hardware they wouldn't gimp the iPad pro with iOS. They really don't care.
Currently, someone interested in an iPad and needing the power of a MB, will have to buy both. If they stopped restricting the iPad, those people would only have to buy an iPad. And as someone without a single interest in an iPad, I would worry that removing the iPad limitations would increase its market-share and lead to Apple reducing even more their interest in the MB, which would be terrible news to me.
I used to understand/agree with this point, but over the past few years i've transitioned to my ipad pro for mobile usage and it has become my daily driver for mobile computing. When i need macos for anything, i typically will use Jump to connect and do something real quick, but that's rare. I'm starting to not understand why i wouldn't just want an ipad pro running a touch friendly (and i mean it would have to be VERY touch friendly) version of macos. again, i would have normally agreed with you, but that line is starting to blur for me...
Are you looking for Crossover? It's a bit annoying to not run Steam natively (no cmd+H to hide, etc) but it's got a lot of support. Performance is decent on my M2 mini, and even cross-platform stuff like Baldurs Gate 3 is comparable performance to native. Especially anything that Mac Steam natively calls out lack of 32bit support has good support.
CodeWeavers, the developers of Crossover, also do most of the development on proton under contract for Valve. This is speculation but I suspect there's something in that contract that prevents Valve from competing with Crossover on MacOS.
Yep. I know Apple has little motivation to support such a project but it would be great to see them work with Valve on this. Having the majority of Steam games "just work" on modern Macs, like they do on the Steam Deck, would be fantastic.
Apple leadership cares more about "games on the Mac App Store built for Metal on a Mac" than it cares about "games on the Mac". This won't change until leadership changes.
It does not matter what Apple wants if Steam ships their own compatibility layer.
I think it's more than "little motivation" if we're being honest. Right now Valve is quietly targeting MS' attempt to create a walled garden for gaming on Windows and (probably) cut them out. Their very clever approach has been a full end-run around the OS by using Proton, which I'm sure genuinely thrilled Apple... as long as Valve is only doing that to MS. Why would Apple ever invite Valve to potentially do the same to them?
> Why would Apple ever invite Valve to potentially do the same to them? apple on a desktop/laptop is not a primary gaming platform; edge cases, at best mobile gaming is a different story, but at the end of the day apple is making money off of hardware sales first and foremost, esp. w/r/t laptops and phones.
Apples biggest weakness is games. But it has a pretty large install base when compared to Linux (not counting phones or servers here).Seems like a win/win. Apple gets to address their weaknesses and Valve gets a large target market. I actually see it as the reverse. Valve might be going for the whole pie and want to carve out a niche for their Steam Box. Inviting Apple to the party might detract from that effort. Or at the very least distract from their main focus.
> Apple gets to address their weaknesses and Valve gets a large target market. I don't think Apple wants any non-Apple store addressing their weaknesses, especially a solution as competent and well-funded as Steam. If Valve gains Apple-user mindshare on Mac, what prevents them from expanding to iPhones and iPads in the EU, and likely elsewhere if anti-monopoly laws get entrenched? IIRC, Services is the fastest growing revenue source at Apple.
That’s a fair point. I don’t think they care about steam competing on the desktop but mobile is another ballgame entirely.
Games are not a weakness for Apple. They have all the gaming revenue they seem to care about with mobile. They just don't have proper/immediate motivation to apply that effort to desktop. I'm not sure i even care anymore. I'm a valve fanboi at this point, until Gabe leaves and they go corporate.
Especially looking at Apples recent gaming history. When Cyberpunk, AC, and a couple other AAA titles came to macOS, Apple made a big deal of them being in the mac app store, specifically. They didn't go out of their way to call out that they run on mac, you can get them from Steam, etc. The big deal was they are in the app store. That's where Apple wants mac gaming to happen so they can get their 30% cut. I wish that weren't the case, but Apple's gonna Apple.
App stores for desktop computers have pretty consistently failed except for Steam. I don't think I've installed anything from the App store on my Mini, instead I have just dropped all kinds of images into my Applications folder. The Windows store is about as marginal as it can get. My corporate desktop at work is locked down with the Windows store disabled, they made it so I can elevate and do almost anything I need to do with developers but I can't touch Policy Editor stuff and can't unlock it. I miss WSL2 but that's the only thing I miss. I install all sorts of things for work and just install them the way we did before there was Windows 8. In the Windows 8 era my home computer always got the metadata database corrupted fror the store pretty quickly even though I didn't use it very much. The only thing I really wanted from it was the application to use my scanner back when I had an HP printer. It was obvious that it was possible to rebuild that database because it got fixed temporarily whenever it did one of the 6 month updates but people I talked to in Microsoft Support said I should nuke my account and spend hours reconfiguring all the applications that I actually use just so I can use this one crapplet. Switched to Epson and they have their own installer/updater that works like a normal Windows application. [1] I don't think the machine I built that started on Win 10 has any problems with the store but all I really know or care about is that WSL2 works and it does. Microsoft dreams that you might buy games from the Windows store but it has an air of unreality to it. If Microsoft tried pulling Activision games out of Steam you know it would just force them to write off the Activision acquisition earlier rather than later.
↙ time adjusted for second-chance
Boston's subway system replacing 1890s-era wooden catenary system (mbta.com)
I really like those service diagrams to show which stations are closed and how to get around them.
Hold a chain at its ends, and let it hang down naturally. What is that shape called? A catenary and its equation is y = a cosh(x/a). Maybe you all knew that factoid already, but I learned the name of shape only recently.
Boston subway to replace cable duct that worked for 130+ years
The part relevant to the editorialized headline: “The MBTA will perform work in December to replace the wooden overhead catenary wire “trough” in the Green Line tunnel, which is original to the tunnel’s construction in the late 1890s. The trough houses the Green Line’s overhead wires and will be replaced with a modern, more durable, metal trough.”
> dates back to the late 1890s and will be replaced with a modern, more durable, metal trough. I think any infrastructure that has lasted over 130 years is already quite durable.
It's probably not the same wood since 1890. Requires more repairs and replacements.
It could be. A lot of wood has been around for longer than that. Wood is easier to damage so I expect some has been replaced over the years, but there is no reason to think it wouldn't last in that application.
I think there's a good chance it is. Not out in the sun, not in contact with ground/moisture, pretty consistent temperature. Wood can last a very long time under those conditions.
It's been a decade+ since I used to catch the Green line at Park St, but at that time it was the noisiest, squealiest station that I regularly used. Not surprising to learn that parts of that station are left over from the 1890s.
It's deafening
It's what, $2.40? I don't think they need to make it fare free.
Free fares would significantly increase ridership, no?
Probably not. For most people cost is not the issue of why they don't ride. Free would increase a little, but most people are not riding because the service isn't there. Service can be one of Frequency, speed, or ability to get to the destination. Transit needs to: Get you from where you are, to where you want to be, when you want to go, in a reasonable amount of time, for a reasonable cost. If you lack any of those things and transit isn't useful. Generally cost is the only part of transit that is reasonable (but not always) and so it isn't something to focus on. People who ask for free transit are really saying transit is for the poor and "normal people" should just drive.
Yes, and reduce its revenue that it needs to properly run and upgrade its existing infrastructure. Why do you think they charge in the first palce?
Because governments aren't allowed to simply provide services for free anymore. It is inconceivable that something like moving around on mass transit would be free at point of use.
Ghostty Is Now Non-Profit (mitchellh.com)
I love Mitchell’s X post awhile back: “What the monetization strategy of Ghostty?” “My monetization strategy is that my bank account has 10 digits in it…” lol, epic.
I'm making an effort to support Open Source projects that I use everyday; much in the way I support creators on YouTube via Patreon with small monthly commitments, so it's a welcome opportunity that GhosTTY has made that easy to accomplish.
This seems really nice. Wasn't aware of hack club but that just looks like a wonderful construction and organization. In a world of VC backed open source projects with big profit motivations, it's refreshing to see things like this. Definitely going to give ghostty another try!
Really nice to see a solidly valuable project develop a sustainable foundation instead of turning into yet another VC-backed devtools startup that will inevitably die in a few years.
Good. Maybe they'll add search to the terminal now. /s
https://twitter.com/mitchellh/status/1993728538344906978 - "Ghostty on macOS now has search [...] GTK to follow soon" - November 26th 2025
GTK is also merged. Main branch has search. Its also exposed via libghostty for embedders.
"sustainable foundation" it's still one guy funding it, no? seems as sustainable as before
You can't build a house without the foundation (pun intended). I said in the linked post that I remain the largest donor, but this helps lay bricks such that we can build a sustainable community that doesn't rely on me financially or technically. There simply wasn't a vehicle before that others could even join in financially. Now there is. All of the above was mentioned in the post. If you want more details, please read it. I assume you didn't. I'll begin some donor reach out and donor relationship work eventually. The past few months has been enough work simply coordinating this process, meeting with accountants and lawyers to figure out the right path forward, meeting with other software foundations to determine proper processes etc. I'm going to take a breather, then hop back in. :)
Nine additional people funding it as of this announcement: https://hcb.hackclub.com/ghostty/transactions
I wasn't aware of Hack Club before and wow, their fiscal sponsorship program is enormous: https://hackclub.com/fiscal-sponsorship/directory/ - looks like they cover more than 2,500 organizations! The Python Software Foundation acts as a fiscal sponsor for a much smaller set of orgs (20 listed on https://www.python.org/psf/fiscal-sponsorees/ ) and it keeps our accounting team pretty busy just looking after those. Hack Club must have this down to a very fine art. I wrote a bit more about PSF fiscal sponsorship here: https://simonwillison.net/2024/Sep/18/board-of-the-python-software-foundation/#acting-as-a-fiscal-sponsor
Hack Club builds software, so the students naturally built a banking product to scale their fiscal sponsorship: https://hackclub.com/fiscal-sponsorship/ I was working with Hack Club students on an experimental VPN client ( https://github.com/hackclub/burrow ) but never got the momentum to finish it. Made some great friends, though! It's a really fantastic organization. The students have one big global Slack instance. If you're a student and on here, you should also be in there: https://hackclub.com/slack/
Micron to exit consumer memory business amid global supply shortage (reuters.com)
Terrible news, I prefer to buy US made chips if I can and Micron was a decent vendor
How the heck is this going to pan out? Memory prices are already crazy high and forecasts say there is going to be no respite till end of 2026. Are people just going to stop buying devices and computers? The downstream effects of this (in a scenario where every device needs memory) are bonkers.
what's the use of "AI" if no-one can afford computers or phones?
There are a decent number of players in the SSD business, but not many at the top trading blows for max performance and Best Buy’s. This will not be good for the consumer market. Seems like everything is consolidating.
TSA's New $45 Fee at U.S. Airports Unfairly Punishes Families in the Fine Print (thetravel.com)
Question from a European: I assume that most people flying within the US would use their driver's license as ID. Given how long this "REAL ID" standard has been in effect, why have the non compliant IDs not expired yet? Do some states not issue REAL ID compliant licenses? (Apologies if this is a stupid question, I'm not familiar with how these things work in the US)
States will give you a real ID if you can prove you are a US citizen. This article is covertly trying to argue for easier travel for illegal aliens
In my state you still have a choice to pay more for a REAL ID, or just get a plain old drivers license.
Are there some onerous requirements for REAL IDs which require it to be more expensive, or is this a short-sighted money making scheme for the states?
To get a real ID you need to prove your citizenship, which is usually some combination of your birth certificate and/or passport or other IDs. Not really a big deal
Stop talking (gurkan.in)
I'd say - Stop proposing strong solutions until either the room is ready, or you've found or founded the right room
> If no one asked and no one is on the hook to change anything: Stop talking. It seems like a matter of knowing who to talk to about what. I don't think the solution is to stop talking to everyone. Presenting a rationale for something worthy of addressing (need/problem/opportunity) needs to be communicated somehow, and convincingly. In person, in writing, or a simple business case. From my non-tech background, priorities are fluid, and things that are rationalized as urgent and important are given resources and attention. If there is someone like the author spinning wheels in frustration, then maybe there's a problem with the organization aligning everyone on goals/objectives/outcomes -> leading to misaligned solutions being raised, and deaf ears. Or, maybe there's no opportunity to raise solutions with the right people.
I know some people that need to apply this advice. Majority shouldn't, this is just a mitigation for a specific personality trait
Bad idea. I want people working around me to notice, be uncomfortable and especially speak up if something is amiss. Unless you work in a malignant environment, this should be normal behavior.
Based on the results (not to mention the Green Mile "I'm tired boss" look on most people's faces), I'd imagine most workplaces are malignant environments.
This so obviously AI slop > So the survival skill isn’t knowing what should be improved; it’s knowing when to shut up. Not out of apathy, but out of resource management, for self-preservation. The not $x but $y pattern. Honestly, I use to write like this probably before LLMs - and didn’t notice how cliched it was. But now if I notice myself using that pattern, I rewrite it. This isn’t coming from my own thought process so it’s hard for me to think about how I would rewrite someone else’s work today, maybe - Survival depends on having a sense of when to stay quiet. It is a deliberate choice to conserve energy and protect your stability.
How is something "obviously AI" for being written how you, a human, used to write?
They must be AI then
This contributed nothing to the conversation. Your AI divining rod isn't interesting.
And neither does AI slop. All it needs is a bunch of emojis and em dashes…
This is terrible advice that will hurt your career progression. The problem isn't that people speak out too much. It's that basically no one is proactive enough to speak out. In my experience the people who speak are the people who get promoted.
Knowing when to shut up is great advice and knowing how the wind is blowing. If I know their is an edict from the top down to be an “AI first company”, no matter how much I disagree with an initiative that comes from on high, I’m going to shut up and be all in. “The avalanche has already started. It is too late for the pebbles to vote.” The last time I worked for a product company was as at a startup where I was the second technical hire by the then new CTO who was building up the technical staff internally. The founders bootstrapped the company through an outside consulting company. There I had a relationship with the CTO where I could just say “that’s a really bad idea” and he would listen. Fast forward a few years and I was working for a shitty consulting company, I kept my head down for a year, let them fail after I was sure they wouldn’t listen to me and started interviewing and only stayed a year. My career progression isn’t dependent on the job I have at the moment.
Everyone can talk and give opinions. The real question is if you can actually make a difference. I tell people there's a gap between knowing how to do something and actually doing it. And that gap is a big part of our engineering skills. If I'm not going to change something, I'd rather not talk or give opinions. Related: https://strangestloop.io/essays/things-that-arent-doing-the-thing
I’m in the situation the article is talking about where I’m both suggesting advice and willing to do the work. But it requires me to have some allotted time and the boss says we don’t have the resources even 1 hour a week. It’s like we’re moving chopped wood from the forest to the village and I suggest building a wheelbarrow but the boss says what we don’t have time for that we gotta move all this chopped wood. It’s crushing to have a job that could be very interesting but the tooling and processes sap all of that out.
Aye, someone full of ideas for other people to take ownership of isn't actually being helpful (unless that's explicitly their job)
Yes, it is, 100%. One does not even need an AI detector; it's obvious from the first sentence: "brought a lot of context, more scars, and more pattern recognition." "Like a lineman sees a frayed cable." Lol. This is the sloppiest slop there is. But you got downvoted for pointing out that it was slop. I got similarly downvoted a couple days ago. Hackernews folk seem uninterested in having it pointed out when AI is being used to generate posts. I'd guess it's some combination of a) they like using AI themselves, and b) they can't distinguish AI themselves. And they turn to all manner of excuse like "AI detectors do not work" or "non-native speakers need a way to produce articles, too". It's a crappy time to be a humanist, or really to care about anything, it seems.
> But you got downvoted for pointing out that it was slop. I got similarly downvoted a couple days ago. [...] "A man wrapped up in himself makes a very small bundle." - Benjamin Franklin
That might be because the thing is whole-cloth generated from AI, but given that the author has a .in email address, it also might be that English is not their first language but they want to reach a broader audience with their message so they used AI to translate it into the lingua franca of modern technical and scientific discussion (which is, this is always funny to me, not franca ). AI generators do a better job of conversational output than traditional language translators (although there is a risk that if you can't read the target language as a non-native speaker, it can distort or destroy the message).
As someone struggling to learn a second language, I would have a lot more sympathy from someone using bad incorrect English than someone passing off AI Slop as their own.
"AI detectors" are snake oil. https://mitsloanedtech.mit.edu/ai/teach/ai-detectors-dont-work/
What are your thoughts on the AI-generated image detectors?
Prompt Injection via Poetry (wired.com)
Wordcels, rise up!
>I mean you can't social engineer a human using poetry? A significant amount of human history is about various ways people were socially engineered via poetry.
Influence and social engineering are two completely different things. I don't know of an example of a person being compelled to do a very specific task or divulge secrets based on reading a poem. Do you?
I think they mean just in general and historically. Both can be used and work together. Imagine some handsome travelling gentleman (who's actually a soldier) woos a local bar maiden with some fancy words and poetry. Oh wow he's so educated and dreamy~! Then he proceeds to chat with her and gets her to divulge a bunch of info about local troops movements she has seen and etc. That's my take on it at least.
Launch HN: Phind 3 (YC S22) – Every answer is a mini-app
hey michael, long term phind user here. phind became absolute sh*t. almost every answer is wrong. web search should be on by default to get accurate info. but even then is ends up hallucinating a lot. if every response starts with "You're absolutely right -- ..." you know phind is hallucinating and you can immediately close the tab.
hey, sorry to hear that. web search is on by default, but we had some teething issues with it in the last hour. it should be fully fixed now. can you send some links that failed?
The problem is I don't think every answer needs a mini-app. I'd argue there are very few answers that do. For example, it feels like Google's featured snippet (quick answer box) but expanded. But the thing is, many people don't like the feature snippet, and there's a reason it doesn't appear for many queries - it doesn't contribute meaningfully to those. This functionality is doing exactly the opposite of the process of building good web apps: Rather than "unpacking functionality" and making it specific for an audience, it "packs" all functionality into a generalized use case, at the cost of becoming extremely mediocre for each use case, which makes it precisely worse than any other tool you'd use for that job. As a specific example, I clicked your apartments in LES search ( https://www.phind.com/search/find-me-options-for-a-72e019ce-9524-4611-82d8-9f556d30cac2 ) and it shows us just 4 listings...? It shows some arbitrary subset of all things I could find on StreetEasy, and then provides a subset of the search functionality, losing things such as days on market, neighborhood, etc. It's a cool demo, but "on-demand software" is exactly "Solution-In-Search-of-a-Problem". The difficult part you need to ask is, like feature snippet, what are the questions worth solving with this, and is the pain point big enough that it's worth solving?
Thanks for the feedback, and I agree that it is very much early days for this product category. To be clear, our goal is to make the software specific for an audience: you. What's exciting, though, is that models are rapidly improving at building on-demand software and this will directly benefit Phind. There are still many edge cases, but I think it will get better quickly.
Hi, I just clicked the link and it's showing up for me. Could you refresh?
While I initially noted it as not showing up, after a while, things did appear, but what I'm getting isn't what I would consider usable, and in particular, the requested areas for values and variables do _not_ appear at the side as requested and it's not workable for my needs/expectations.
I agree that this answer was a bit wacky. Phind Fast is the fast and free model. Selecting Phind Large, GPT-5.1, and Claude models would be better for a modeling task like this.
Reverse engineering a $1B Legal AI tool exposed 100k+ confidential files (alexschapiro.com)
Who is Margolis, and are they happy that OP publicly announced accessing all their confidential files? Clever work by OP. Surely there is automatic prober tool that already hacked this product?
Of course there will be no accountability or punishment.
I work for a finance firm and everyone is wondering why we can store reams of client data with SaaS Company X, but not upload a trust document or tax return to AI SaaS Company Y. My argument is we're in the Wild West with AI and this stuff is being built so fast with so many evolving tools that corners are being cut even when they don't realize it. This article demonstrates that, but it does sort of beg the question as to why not trust one vs the other when they both promise the same safeguards.
> My argument is we're in the Wild West with AI and this stuff is being built so fast with so many evolving tools that corners are being cut even when they don't realize it. The funny thing is that this exploit (from the OP) has nothing to do with AI and could be <insert any SaaS company> that integrates into another service.
And nobody seems to pay attention to the fact that modern copiers cache copies on a local disk and if the machines are leased and swapped out the next party that takes possession has access to those copies if nobody bothered to address it.
This was the plot of Grisham's book The Firm in 1991
I'm always a bit surprised how long it can take to triage and fix these pretty glaring security vulnerabilities. October 27, 2025 disclosure and November 4, 2025 email confirmation seems like a long time to have their entire client file system exposed. Sure the actual bug ended up being (what I imagine to be) a <1hr fix plus the time for QA testing to make sure it didn't break anything. Is the issue that people aren't checking their security@ email addresses? People are on holiday? These emails get so much spam it's really hard to separate the noise from the legit signal? I'm genuinely curious.
Well we have 600 people in the global response center I work at. And the priority issue count is currently 26000. That means its serious enough that its been assigned to some one. There are tens of thousands of unassigned issues cuz the traige teams are swamped. People dont realize as systems get more complex issues increase. They never decreases. And the chimp troupes response has always been a Story - we can handle it.
In my experience, it comes down to project management and organizational structure problems. Companies hire a "security team" and put them behind the security@ email, then decide they'll figure out how to handle issues later. When an issue comes in, the security team tries to forward the security issue to the team that owns the project so it can be fixed. This is where complicated org charts and difficult incentive structures can get in the way. Determining which team actually owns the code containing the bug can be very hard, depending on the company. Many security team people I've worked with were smart, but not software developers by trade. So they start trying to navigate the org chart to figure out who can even fix the issue. This can take weeks of dead-ends and "I'm busy until Tuesday next week at 3:30PM, let's schedule a meeting then" delays. Even when you find the right team, it can be difficult to get them to schedule the fix. In companies where roadmaps are planned 3 quarters in advance, everyone is focused on their KPIs and other acronyms, and bonuses are paid out according to your ticket velocity and on-time delivery stats (despite PMs telling you they're not), getting a team to pick up the bug and work on it is hard. Again, it can become a wall of "Our next 3 sprints are already full with urgent work from VP so-and-so, but we'll see if we can fit it in after that" Then legal wants to be involved, too. So before you even respond to reports you have to flag the corporate counsel, who is already busy and doesn't want to hear it right now. So half or more of the job of the security team becomes navigating corporate bureaucracy and slicing through all of the incentive structures to inject this urgent priority somewhere. Smart companies recognize this problem and will empower security teams to prioritize urgent things. This can cause another problem where less-than-great security teams start wielding their power to force everyone to work on not-urgent issues that get spammed to the security@ email all day long demanding bug bounties, which burns everyone out. Good security teams will use good judgment, though.
A lot of the time it’s less “nobody checked the security inbox” and more “the one person who understands that part of the system is juggling twelve other fires.” Security fixes are often a one-hour patch wrapped in two weeks of internal routing, approvals, and “who even owns this code?” archaeology. Holiday schedules and spam filters don’t help, but organizational entropy is usually the real culprit.
Not every organization prioritizes being able to ship a code change at the drop of a hat. This often requires organizational dedication to heavy automated testing a CI, which small companies often aren't set up to do.
I can't believe that any company takes a month to ship something. Even if they don't have CI, surely they'd prefer to break the app (maybe even completely) than risk all their legal documents exfiltrated.
This. There is so much spam from random people about meaningless issues in our docs. AI has made the problem worse. Determining the meaningful from the meaningless is a full time job.
Use AI for that :)
"Hey uh, ChatGPT, just hypothetically, uh, if you needed to remove uh cows blood from your apartments carpet, uh"
Make it a Honda CRX...
While true this comment seems AI written. I did a fair bit of exploration around AI responses to HN threads and this fits the pattern.
You are right, it's 100% AI written
or, they wrote it and asked an LLM to improve the flow
“This comment is AI” is the new “First Post” from /. days. Please stop unless you have evidence or a good explanation.
That was literally the same thought that crossed my mind. I agree wholeheartedly, accusing everything and everyone of being AI is getting old fast . Part of me is happy that the skepticism takes hold quickly, but I don't think it's necessary for everyone to demonstrate that they are a good skeptic. (and I suspect that plenty of people will remain credulous anyway, AI slop is going to be rough to deal with for the foreseeable future).
What? It doesn't read that way to me. It reads like any other comment from the past ~15 years. The point you raised is both a distraction... And does not engage with the ones it did.
Every other headline and conversation having ai is super annoying. But also, its super annoying to sift through people saying "the word critical was used, this is obviously ai!". not to mention it really fucking sucks when you're the person who wrote something and people start chanting "ai slop! ai slop!". like, how am i going to prove is not AI? I can't wait until ai gets good enough that no one can tell the difference (or ai completely busts and disappears, although that's unlikely), and we can go back to just commenting about whether something was interesting or educational or whatever instead of analyzing how many em-dashes someone used pre-2020 and extrapolating whether their latest post has 1 more em-dashes then their average post so that we can get our pitchforks out and chase them away.
Cultural acceptance of conversation with AI should've come because of actual AI that are indistinguishable from humans, being forced to swallow recognizable if not blatant LLM slop and turn a blind eye feels unfair
“Chat, write me a blog article that seems like a lazy human who failed English wrote it”?
What’s worse being accused of an AI post or being defended because your post is so bad that AI wouldn’t have written it?
↙ time adjusted for second-chance
Show HN: Fresh – A new terminal editor built in Rust (sinelaw.github.io)
Shameless plug: I did a series a couple years back, before AI was this huge, about writing a Vim-like editor in Rust, in case you want to play with it in the future: https://www.youtube.com/playlist?list=PL9KpW-9Hl_het1V3_dLhG_0K99a9043ac
selection is broken on mac eg cntrl+shift+right switches terminal tabs
That (security ) is something I also worry about. I'd like to get off npm if only for this reason. It's a hack to get started. The other thing it gives you is the ability to easily upgrade and uninstall so just a script to copy stuff is not on par.
Thing is… who is regularly running `npm update` or `cargo update` to keep local software up to date? I wouldn’t, because I might be in a repo and it starts upgrading all my local dependencies, and I’m not gonna add a text editor as a dev dependency. I’ll happily take the binary, or a tar.gz with the binary in it, though. (Btw I love how it’s following the old DOS aesthetic)
The npm distribution here is just the binary, you run npm install again and it upgrades to the latest binary. That's convenient
I did it because not everybody has cargo installed. I'm using cargo-dist to create this npm package.
consider wget or curl if possible (why not if npm was...)
I've been wanting a generic package manager for a while that is cross-platform. I wonder how one could find funding for such a project. Thinking about users from various OS' installing tools and software from your niche package manager, yeah that bad boy is going to grind to a halt if you have no key funding.
1D Conway's Life glider found, 3.7B cells long (conwaylife.com)
I love it that there are people obsessed enough to spend their time on this and our society can support it.
1D spaceship* glider is a specific spaceship, but name for "moving pattern" is spaceship
Their own wiki points out they're sometimes used interchangably. https://conwaylife.com/wiki/Spaceship
This seems like a great task as a test for AI. The result is easily verify-able, yet the techniques to design such a glider are very complex and some might not have been discovered yet.
It's already being done. Has been done for decades now. Definitely wouldn't be a good use of an LLM-type model if that's what you're proposing If you look at the placement of Journal of Cellular Automata in SciMago's Shape of Science visualization[0] you'll see that it's completely surrounded by machine learning/AI journals [0] https://www.scimagojr.com/shapeofscience/
Reading a long explanation on a GoL forum is a great way to experience what it’s like for my spouse to listen to my work conversations on Zoom. This jargon is fantastic.
More or less like this? https://www.youtube.com/watch?v=eMJk4y9NGvE
Me: oh cool, this is interesting, I don’t quite understand what exactly that means, let me read the thread to learn more… The thread: > Replacing ECCA1 by version with step after the direction change could save something like 1% of the ecca1 bits size. Compiling agnosticized program instead of fixed lane program by ecca1 could save something like 1% as well (just guesses). Build of smaller ECCA1 would shorten binary portion, but it would be hardly seen in the ship size. > Using agnosticized recipe in the fuse portion would definitely reduce its size. Better cordership seed and better salvo for gpse90 would help… Dear lord I had no idea there’s this much jargon in the game of life community. Gonna be reading the wiki for hours
That's because it's not "game of life jargon", it's "cellular automata" jargon. Which is a field of math and comes along with a bunch of math jargon from related fields.
mmmh I don't think so. I've read several papers on cellular automata and I don't recognize the terms
I searched several of these terms and they are all specifically jargon of game of life enthusiasts, (i.e. search reaults are all on fansites related to game of life) not general cellular automata jargon.
“History Doesn't Repeat Itself, but It Often Rhymes” – Mark Twain Looking forward to the impending AI and crypto crash and have people run GoL simulations on expensive computer systems like it's 1972 again.
Off-topic, but like a lot of quotes attributed to Twain, there’s no evidence he said that. https://quoteinvestigator.com/2014/01/12/history-rhymes/
Someone figured out how to create a glider that starts and ends as a long string of cells on a single line. Gliders are figures in the game of life that move themselves in a direction by repeated patterns that result in movement. For more game of life/glider context you can read the pretty decent Wikipedia articles: Conway's game of life: https://en.wikipedia.org/wiki/Conway%27s_Game_of_Life Gliders: https://en.wikipedia.org/wiki/Glider_(Conway%27s_Game_of_Life)
As noted by others, the title is mistaken; this is a spaceship, not a glider. (As explained in the Wikipedia article, "glider" refers to a specific 5-cell pattern discovered very early on.) > So finally 2/133076755768 ship of starting bounding box 3707300605x1 is here My understanding is that 2/133076755768 is the speed, in (number of cells translated) / (number of generations to repeat).
spaceship* glider is one specific spaceship, but name for moving patterns is spaceship
So it starts as a line, explodes into a huge 2D complex mess, and eventually, after many generation, returns to form the same 3.7B cells long line? That's kind of amazing. I wish someone unpacked the units of abstraction/compilation that must surely exist here. Surely they aren't developing this with 1 or 0 as the abstraction level!
I asked AI to explain it to me, here is what it produced from the explanation in the thread, it still has some jargon, but a lot more understandable. It doesn't fit in here, so I'll just post a condensed version: ## 11. Short summary You have a one-dimensional spaceship project using slow salvos and multiple layers of construction arms. Arm 1: Uses blinker fuses on a line to generate gliders with any needed p2 phase. Arm 2 (binary): Encodes bits as presence/absence of a second glider to modify an anchor stack and emit gliders; can in principle realize p8 recipes. Arm 3 (ECCA1): A p1 pattern that interprets a compact “program” and builds/cleans the western side, creates ECCA2 and other needed seeds. Arm 4 (ECCA2): A more advanced interpreter that does: * Massive cleanup, * Stops the tape reading and guns, * Cleans periodic debris with corderfleets, * Destroys all temporary helper gadgets, and * Converts everything back into a one-dimensional starting pattern so the spaceship can repeat. All of this is supported by a bunch of custom search/compilation tools (pslmake modifications, gSoD, corderfleet search, etc.) that find workable slow salvos and seeds.
I’m not sure where our guidelines/norms are on this kind of thing, but I get the sense that most of us feel very capable of pasting articles into LLMs ourselves. What we’re less capable of—and the reason we look to each other here instead—is distinguishing where the LLM’s errors or misinterpretations lie. The gross mistakes are often easy enough to spot, but the subtle misstatements get masked by its overconfidence. Luckily for us, a lot of the same people actually doing the work on the stuff we care about tend to hang out around here. And often, they’re kind enough to duck in and share. It’d be a shame and a real loss if the slop noise came to drown out the signal here.
> I asked AI to explain it to me, We all know how to do that, but that's not why were here.
See here: https://conwaylife.com/forums/viewtopic.php?f=2&t=2040&start=200#p222219 It’s also a relatively sparse line, as the number of live cells is less than a hundredth of the line’s extent: https://conwaylife.com/wiki/Unidimensional_spaceship_1
How many steps is the period? How far does it travel in that period? What direction does it go? Does it clean up after itself?
Only about 1.5% of the human genome is protein coding. The human genome is about 3 billion base pairs long.
Game of life indeed!
Critical RCE Vulnerabilities in React and Next.js (wiz.io)
When Reuters has an article that says "Reuters Business - Interest rates going up", do you think Reuters made the interest rates go up themselves or that they are reporting on the interest rates?
Reuters isn’t a bank. Wiz is a security company so they have a greater responsibility to distinguish between their own original work and discoveries made by other researchers.
> In any case, the "tell" is the syntactic structure (as Chomsky would say) and certain phrases used in the post. What certain phrases? (p.s. You don't need to link me to the HN guidelines, by the way. It just comes off as condescending. I'm on the site, I know where to find the guidelines, and you quoted the guideline in question verbatim. I don't understand why people do this. And if this little blurb makes you upset, you're probably one of the people condescendingly linking to super obvious shit, and you should stop. if you wouldn't cite it in real life or in a professional email, don't cite it on an informal message board unless someone asks)
Dear jfindper, I hope this professional email finds you well. Would you mind reading about HN's approach to comments and site guidelines? https://news.ycombinator.com/newswelcome.html Please don't fulminate. Please don't sneer, including at the rest of the community. Kind regards, A. Webshitter
> in case you aren't aware as to where to find them The guidelines are linked at the bottom of every page, and directly underneath the comment box on new accounts. I also, perhaps surprisingly, know how to google "hn guidelines". Or ask chatgpt. Or reply "where's that piece of information from?". > I think that's a doubly reasonable thing to do, given that your account is new, too. People link the guidelines and, like, wikipedia to accounts that are 10 years old with 30,000 karma. It's a weird quirk of HN. If you're talking to someone in real life, or professional emails, or whatever and you provide citations for commonly known things/definitions/etc.... you're being condescending.
If you haven't already, would you mind reading about HN's approach to comments and site guidelines? https://news.ycombinator.com/newswelcome.html Please don't fulminate. Please don't sneer, including at the rest of the community.
> If you're talking to someone in real life, or professional emails, or whatever and you provide citations for commonly known things/definitions/etc.... you're being condescending. If you're commenting on a public forum and you provide citations for commonly known things/definitions/etc., you're supplying the source of your claims for people who may be unaware. You are not the only reader of their comment (nor this one), even if it is in direct reply to yours.
RCE Vulnerability in React and Next.js (github.com/vercel)
Next.js/RSC has become the new PHP :) I guess now we'll see more bots scanning websites for "/_next" path rather than "/wp-content".
static builds save the day.
Anyone know how Tanstack Start isn't affected?
TanStack Start has its own implementation of Server Functions: https://tanstack.com/start/latest/docs/framework/solid/guide/server-functions . It doesn't use React Server Functions, in part because it intends to be agnostic of the rendering framework (it currently supports React and Solid). To be fair, they also haven't released (even experimental) RSC support yet, so maybe they lucked out on timing here.
We collaborated with many industry partners to proactively deploy mitigations due to the severity of the issue. We still strongly recommend everyone to upgrade their Next, React, and other React meta-frameworks (peer)dependencies immediately.
Does AWS WAF have a mitigation in place?
No. You cannot find all vulnerable code by grepping for ”use server”, for instance.
So that’s your “it’s not related to use server” argument? That seems like it could be a quote from their hardening guide.
Where else would it be? What would an RCE of the client even mean?
it would be an RCE on your own machine :D
MinIO is now in maintenance-mode (github.com/minio)
As a note ceph (rook on kubernetes) which is distributed blockstorage has a built in s3 endpoint support
Is there a good overview of recent Open Source Rugpulls in the vein of killedbygoogle.com somewhere?
I've been using Minio in ZeroFS' [0] CI (a POSIX compliant filesystem that works on top of s3). I guess I'll switch to MicroCeph [1]. [0] https://github.com/Barre/ZeroFS [1] https://canonical-microceph.readthedocs-hosted.com/stable/
I'm quite interested in a k8s-native file-system that makes use of local persistent volumes. I'm running cockroachDB in my cluster (not yet with local persistent volumes.. but getting closer). Anyone have any suggestions?
So how are HN reviews of GarageHQ? Or any others?
Garage works well for its limited feature set, but it doesn't have very active development. Apparently they're working on a management UI. Seaweedfs is more mature and has many interfaces (S3, webdav, SFTP, REST, fuse mount). It's most appropriate for storing lots of small files. I prefer the command line interface and data/synchronization model of Garage, though. It's easier to manage, probably because the developers aren't biting off more than they can chew.
I havn't tested it since a while, but it was pretty good and a lot simpler than MinIO. Like in the old MinIO days, an S3 object is a file on the filesystem, not some replicated blocks. You could always rebuild the full object store content with a few rsync. I appreciate the simplicity. My main concern was that you couldn't configure it easily through files, you had to use CLI, which wasn't very convenient. I hope this has changed.
Objects in Garage are broken up into 1MB (default) blocks, and compressed with zstandard. So, it would be difficult to reconstruct the files. I don't know if that was a recent change since you looked at it. Configuration is still through the CLI, though it's fairly simple. If your usecase is similar to the way that the Deuxfleurs organization uses it -- several heterogeneous, geographically distributed nodes that are more or less set-it-and-forget-it -- then it's probably a good fit.
Just watch them harass fork users with proprietary stacks as they used to: https://github.com/minio/minio/issues/13308#issuecomment-929254690 https://github.com/minio/minio/discussions/13571#discussioncomment-1583482
Oh no, I used MinIO once or twice for some unlicensed software. Should I contact a MinIO salesman to purchase an enterprise license ASAP or is it fine if I license my kids and advent of code solutions under the AGPLv3 license ?
Minio is more or less feature complete for most use cases. Actually the last big update of minio removed features (the UI). I am using minio for 5 years and haven't messed with it or used any new thingie for the last 5 years (i.e since I installed it); I only update to new versions. So if the minio maintainers (or anybody that forks the project and wants to work it) can fix any security issues that may occur I don't see any problems with using it.
I used it for my experiments in Docker. I once or two used the UI, I always connected through python.
What a story. EOL the open source foundation of your commercial product, to which many people contributed, to turn it into a closed source "A-Ff*ing-I Store" .. seriously what the ...
This is why I don't bother with AGPL released by a company (use or contribute). Choosing AGPL with contributors giving up rights is a huge red flag for "hey, we are going to rug pull". Just AGPL by companies without even allowing contributor rights is saying, "hey, we are going to attempt to squeeze profit out and don't want competition on our SaaS offering." I wish companies would stop trying to get free code out of the open source community. There have been so many rug pulls it should be expected now.
I still don't understand what the difference is. What is an AI Stor (e missing on purpose because that is how it is branded: https://www.min.io/product/aistor )
Looks like AI slop Replication A trusted identity provider is a key component to single sign on. Uh, what? It’s probably just Minio but it costs more money.
It can store things for AI workloads (and non-AI workloads, but who’s counting…)
? Its like GET <namespace>/object, PUT <namespace>/object. To me its the most obvious mapping of HTTP to immutable object key value storage you could imagine. It is bad that the control plane responses can be malformed XML (e.g keys are not escaped right if you put XML control characters in object paths) but that can be forgiven as an oversight. Its not perfect but I don't think its a strange API at all.
!!! I’ve seen a lot of bad takes and this is one of them. Listing keys is weird (is it V1 or V2)? The authentication relies on an obtuse and idiosyncratic signature algorithm. And S3 in practice responds with malformed XML, as you point out. I have trouble liking it over WebDAV, as a protocol.
That may be what S3 is like , but what the S3 API is is this: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3 My browser prints that out to 413 pages with a naive print preview. You can squeeze it to 350 pretty reasonably with a bit of scaling before it starts getting to awfully small type on the page. Yes, there's a simple API with simple capabilities struggling to get out there, but pointing that out is merely the first step on the thousand-mile journey of determining what, exactly , that is. "Everybody uses 10% of Microsoft Word, the problem is, they all use a different 10%", basically. If you sat down with even 5 relevant stakeholders and tried to define that "simple API" you'd be shocked what you discover and how badly Hyrum's Law will bite you even at that scale.
That page crashes Safari for me on iOS.
Garage is a popular alternative to Minio. https://garagehq.deuxfleurs.fr I hadn't heard of RustFS and it looks interesting, although I nearly clicked away based on the sheer volume of marketing wank on their main page. The GitHub repo is here: https://github.com/rustfs/rustfs
Yeah, that page is horrendous and looks super sketchy. It looks like a very professional fishing attempt to get unsuspecting developers to download malware. They have a lot of obviously fake quotes from non-existent people at positions that don’t even mention what company it is. The pictures are misgendered and even contain pictures of kids. Feels like the whole page is AI generated.
I think you are correct, but you probably misunderstood the parent. My understanding of what they meant by "retroactively apply a restrictive license" is to apply a restrictive license to previous commits that were already distributed using a FOSS license (the FOSS part being implied by the new license being "restrictive" and because these discussions are usually around license changes for previously FOSS projects such as Terraform). As allowing redistribution under at least the same license is usually a requirement for a license to be considered FOSS, you can't really change the license of an existing version as anyone who has acquired the version under the previous license can still redistribute it under the same terms. Edit: s/commit/version/, added "under the same terms" at the end, add that the new license being "restrictive" contributes to the implication that the previous license was FOSS
Right but depending on the exact license, can the copyright holder revoke your right to redistribute?
Is this just the open source portion? Minio is now a fully paid product then?
Basically officially killing off the open source version.
VA staff flag dangerous errors in Oracle-built electronic health record (washingtonpost.com)
I'm amazed that city, county, state, and federal tech projects never want to clone best-of-show systems instead of starting from scratch. City needs a web site? Clone the best one you can find amongst the tens of thousands of cities already doing that. County jail needs tracking of inmate transports? Clone the best one you can find amongst the thousands of counties already doing that. State needs a sales tax system? Clone whatever other state system is the best. VA needs a system for hospital records? Don't develop from scratch, start by cloning the best system you can find amongst the thousands of existing hospital networks, and customize from there.
A lot of government procurement is bound by strict "competitive bidding" laws that seek to give everyome and their grandmother a fair shake at the contract, in the name of avoiding graft, corruption, and bribery. This has led to somewhat of an arms race where government workers desperately collaborate with contractors to find a way to sidestep or subvert the bid process and other contractors aggressively seek to inspect and enforce the process. Developing in-house governmental talent, institutional knowledge, and capacity is of course strictly off the table, as it would reduce opportunities for private profit in basic government services.
Every user I’ve heard coming from a Cerner facility has said that Cerner is an unmitigated disaster. It almost makes sense that the only way to get a customer was to essentially lobby and force your way into a government contract for it, and it’s still an unmitigated disaster. My heart goes out to those that are going to get fucked over by this piss-poor deployment and be actually, physically harmed by bad EMR decisions and implementation choices.
Every single time I've heard about an org onboarding Cerner, it was a disaster. One wonders how they can possibly still be in business.
Oracle acquired them. So, now you have the full power of Oracle standing behind them to convince customers to adopt it, and the same power to keep customers from migrating.
I once flagged a bug in Epic, the big EHR system. The system had somehow mixed up kilograms and pounds. For example, a normal adult male weight of 150lbs would be ~68kg, But accidentally save it without converting and get 150kg. Convert back and it becomes 330lbs. Suddenly our reasonably slim man becomes grossly obese. It's not just wrong, it's extremely dangerous. In an emergency situations, where morphine is commonly administered for extreme pain, the dosage needed to relieve the pain of a 330lb man would kill a 150lb man. Granted the responder at the patient's side would probably realize something is amiss, but a pharmacist in another room filling an order wouldn't have the context, and could make the error.
Opiates are not weight based dosed for adults. Typically pain protocols start at fixed doses based on prior opioid use and titrate up for effect. Also was this a bug in Epic proper or a site specific customization?
I expect GP mistook metformin-associated lactic acidosis in a patient with kidney disease as something metformin-caused. A separate but coincident IV misadministration could be an exacerbating factor. It would have been a rare case, but a plausible explanation for the misunderstanding. Metformin is relatively kidney safe and not administered by IV. Thank you for clarifying that for anyone that may currently on or considering Metformin. It would be great if medical professionals were infallible communicators and had time to verify understanding, but they are human and we need more doctors and less time-pressure by profit extracting private equity. Disclaimer: I am not a doctor.
Also even when medical professionals communicate flawlessly, they're communicating to non-professionals who will necessarily encode their understanding in an imperfect mental model that will likely degrade over time.
Mapping the US healthcare system’s financial flows (healthisotherpeople.substack.com)
This chart breaks it down by spending, it does nothing about determining the effectiveness of said spending. How much actual care per $ spent? I've been on a mock jury for a personal injury lawsuit--and it was obvious to a couple of us that the smoking gun presented by the defense clearly showed she was running up the bill on something minor. We were pointing out the problem--did that sway the majority? No. The general opinion seemed to be she was owed something for what had happened--and they had failed on the voir dire, they asked about my background, didn't ask anything about family. Oops--I knew it would end up all going to the lawyer and doctors, nothing to her (the proposed amount was less than the bills she had run up.) I played it fair and didn't speak up about what would happen. And all the national systems have a fox guarding the henhouse problem. Provide proper treatment for the expensive stuff or lower the standards? So long as you make a sufficient portion of the electorate think you're doing a good job the reality is the standards get lowered. And cook the books in pretending it's fair. (Two examples that come to mind: Including "fairness" in the measure of health system quality--automatic selection for UHC, and comparing infant mortality (they admitted the comparison was not valid, did it anyway.) The reality is the biggest "cause" of infant mortality in the developed world is how the medical world falls on the stillbirth/infant mortality line. Even elsewhere--Cuba gets it's good infant mortality numbers by setting a minimum birth weight. The ones that were born too early and never had a chance get classed as stillbirths.)
Amazing, every single dollar goes to care! Not a single dollar to overhead! Where are these insurance companies' profit margins coming from? How do they even pay their executives' salaries? Boy have I been mistaken about how inefficient the American system is
> Amazing, every single dollar goes to care! Not a single dollar to overhead! Where are these insurance companies' profit margins coming from? they kinda have it on chart but without overhead numbers: insurance collects 1T of payments, than for business segments, they pay around 60% of that as medical expenses, and for individual plans it is more like 40% of medical expenses, meaning for individual plans insurance corps have 60% profit margin.
Sweet. Let's charge 49 cents per million dollars of unrealized capital gains per month, it's not significant and less of a burden than 49 cents per month for healthcare.
[delayed]
It's a truism that America's system was never designed -- it's a patchwork of different pieces that each pay for some people in some situations. But I've been reading about our system, since I fell down a rabbit hole a couple years ago. Things are bad, yes, but there are actually interesting ideas out there, and real efforts at reform that are being tried. For example, did you know Maryland has a different way of funding hospitals than most other states? [0] And that other states are interested in copying it? [0] https://www.vox.com/policy-and-politics/2020/1/22/21055118/maryland-health-care-global-hospital-budget
There are already numerous and simple policy levers that actually affect costs and cannot be gamed. Such as the age you become eligible for Medicare. You don't have to reach for anything innovative like global hospital budgets. I'm skeptical of your category of reforms - you really mean, "benign-looking administrative decisions," because if you're not making any hard choices, you're not making reforms. I would hardly call it "real efforts."
Sure, but fighting the impulse to solve problems at the Federal level that could/should be solved at the State level doesn’t preclude individual states from building multi-state solutions together.
More of these exist than people realize - and are a great way to "latch on" to the success of another program.
I've spent the majority of my adult life in Washington State and I've witnessed this firsthand. This place used to have a unique vibe that was more purplish-blue "granola hippies with guns that just want to be left alone." Progressivism mixed with an Old West libertarian streak. There was a GOP minority, and the red east and blue west played off against each other and kept things reasonably center-left. Now it's a one-party state, and the legislature might as well be the state Parliament, taking its marching orders straight from the DNC. The Governor is just as all-in on drinking the blue Kool-aid, and the state Supreme Court seems like it only exists to validate what the other two branches decide. And looking at places like Texas and Florida, seems like the same is happening on the other side of the aisle. What's infuriating is there are conservatives in blue states and liberals in red states getting just steamrolled to the point of "why should I even vote or participate, when I'm just going to get told to sit down and shut up?" That's not healthy for democracy. The rights of the minority exist for a reason and you can't just vote things away because you have 50.01 percent of the vote.
Yeah, it seems very unfair. If Party A has 60% of the seats in the state legislature, and Party B has 40%, then intuitively it feels like Party A should get 60% of what it wants. But as you said, Party A actually gets more like 100% of what it wants. This is a thing where having more parties would really help. If there were (say) 4 parties, each with ~25% of the seats, then they would have to bargain with each other and form coalitions, which I think would be a really healthy process for democracy.
↙ time adjusted for second-chance
How to Synthesize a House Loop (loopmaster.xyz)
I was surprised at the audible difference it made to reset the RNG seed for the hi-hat noise function every time it triggered. I’m curious what the justification for doing this is—does the randomness arise from the geometry of the hi-hat itself and not the way you hit it? Is the idea to imitate the sound of sample-based percussion?
My understanding is that because it's a very small sample, it's basically a combination of a subset of sine waves, and because we're very sensitive to the nuances of high-pitched sounds, even small changes in that space make a lot of difference. Every RNG seed produces a different sounding hihat, and if you don't reset it, it continues producing different hihats, which is unnatural. Another explanation is also to resemble sample-based audio, but perhaps it's all of these things combined.
I've watched a lot of live coding tools out of interest for the last few years, and as much as I'd like to adopt them in my music making it's not clear to me what they can add to my production repertoire compared to the existing tools (DAWs, hardware instruments, playing by hand, etc). The coding aspect is novel I'll admit, and something an audience may find interesting, but I've yet to hear any examples of live coded music (or even coded music) that I'd actually want to listen to. They almost always take the form of some bog-standard house music or techno, which I don't find that enjoyable. Additionally, the technique is fun for demonstrating how sound synthesis works (like in the OP article), but anything more complex or nuanced is never explored or attempted. Sequencing a nuanced instrumental part (or multiple) requires a lot of moment-to-moment detail, dynamics, and variation. Something that is tedious to sequence and simply doesn't play to this formats' strengths. So again, I want to integrate this skill into my music production tool set, but aside from the novelty of coding live, it doesn't appear well-suited to making interesting music in real time. And for offline sequencing there are better, more sophisticated tools, like DAWs or trackers.
I've seen a couple of TikToks with someone doing live coding with this same tool and it was really cool to watch because they really knew it well, but like you said it was bog-standard house/techno.
100% agree. I think this format of composition is going to encourage a highly repetitive structure to your music. Good programming languages constrain and prevent the construction of bad programs. Applying that to music is effectively going to give you quantization of every dimension of composition. I'm sure its possible to break out of that but you are fighting an uphill battle.
The ease of quantization in the DAW is pretty easy to do as well. So I am not sure that would be unique to music / live coding sessions.
It is unique because everything is quantized. I've never used these tools but I am assuming you could give it some level of randomness but as someone who has performed and recorded a non-quantized performance is not random. So sure, it's super easy to quantize in your daw but it is a tool to be applied when needed, not something that is on all the time by default.
What‘s going on with all these code-2-music tools these days? See other front page discussion about strudel.cc [1]. Did I enter an established bubble or is there a rising trend? It‘s incredible, though, what people are able to obtain with it, especially when built-up during a live session [2]. [1] https://news.ycombinator.com/item?id=46052478 [2] Nice example: https://m.youtube.com/watch?v=GWXCCBsOMSg
My guess is we are either at the top or rising to the top of cyclical curve of the trend.
Congressional lawmakers 47% pts better at picking stocks (nber.org)
But they hold influence as congresspeople. Announcing their favor or disfavor for a thing influences people and corporations. The market would swing more from their announcements and citizens would invest or divest along party lines. Neither are good economics. At minimum they shouldn't be allowed to trade individual stock. I don't think this stops workarounds but it's the least we could do.
That creates more trading opportunities tbh and eventually the market will calibrate. Similar has happened to trump and his tarrifs plus all those truth/xitter messages.
Every single one of these scoundrels will stand up at a college graduation and exhort the virtues of public service and sacrifice for country. But somehow they all manage to get rich in the midst of their own service and sacrifice. They shouldn't be allowed to trade stocks. When you do so, corruption is inevitable. It should be an expected price of public service that you remove yourself from most other ambitions. I'd hope that if they were required to live off of their (rapidly depreciating) savings and income, like most Americans, they might consider some of their legislative choices differently.
I would rather congressional representatives be paid more and have much stricter rules (with sufficient oversight and penalties), than what we have now. Also the "revolving door" where congress members become lobbyists when they leave is no good. Not to mention that campaign fundraising starts the day they swear in, so they become beholden to their donors. Bribes, campaign contributions, what's the difference? Federal US politician incentives are pretty much designed for corruption.
Literally laughed out loud about this. You might have missed some of the things that prominent leaders with "skill, knowledge, and expertise" have been doing: https://www.kennedy.senate.gov/public/2025/9/kennedy-calls-for-better-inspection-of-foreign-seafood-sold-in-the-us-the-shrimp-was-radioactive https://edition.cnn.com/2015/02/26/politics/james-inhofe-snowball-climate-change Or an even older one: https://rollcall.com/2018/02/16/flashback-friday-a-series-of-tubes/ We are definitely not sending our brightest.
- literally a Kennedy - has BA from Harvard - has law degree That’s not an ordinary person even if we think his health views are dumb.
> We elect leaders - people with skills, knowledge, and expertise. I admire your optimism but saying it doesn't make it so. We elect people able to convince others they should be elected. Often that means they possess the ability to convince others they have the skills, knowledge, and expertise you describe. If you think that's the same thing as actually having skills, knowledge, and expertise, well, I have bad news for you...
Optimism would be believing people on the street are as capable as Us senators.
Good way to make sure that the most capable people absolutely never go into politics.
Do people really think that all of the most capable people are motivated by money? I've made several career moves in my life which have prioritized things other than my salary or financial security. I don't feel this is that rare.
Someone really needs to do a meta-analysis of these results because a paper from a few years ago showed that members of congress underperform at stock picking: https://www.nber.org/system/files/working_papers/w26975/w26975.pdf Both papers could be true if congresspeople are worse than the public at picking stocks, but congressional leaders are just better than the average congressperson
It would also be interesting to compare overall stock-picking "ability“ across party lines. Real-estate investing is another corruption vector. One way to bribe a politician is to sell them a house at a million dollar discount. The optics become that the politician is a “savvy real-estate investor".
But we should be concerned shouldn't we? These people are exempt from laws, they and their presecessors made, for which they will happily condemn the common person and profit again when you pay for your crime. They should be more accountable, not less.
These people are exempt from laws, they and their presecessors made Well, that's the problem, right there. We shouldn't be thinking about making new laws that they also won't subject themselves to. We should be thinking about shoring up the rule of law, and ensuring that they are always held accountable. Unfortunately, today's partisan politics prevents that from happening. The partisans - on BOTH sides - behave as if it's more important that their own side appear faultless and all guilt falls on their opponent. So partisans ensure that those on their own side will get a free pass.
Agreed. The whole idea that they are in it for the “service” is a really naive idea. If we want honest hardworking and qualified people to do the job the salaries should be in the 500k to 1.5m (senate) range. Then knock out the corruption.
i'd support that if and only if it required congresspeople to divest from individual stocks. with perhaps some compromise like...maybe they could hold "total market" index funds, or are only able to trade once a year, or etc
You aren't being punished, nobody is forcing you to run for Congress.
And if you consider "I'm not as rich as I am physically capable of being" to be "punishment", you have absurd priorities and should not be in congress. There's so much more to life and the world than the number on your portfolio for christs sake.
Only if you theorize that power corruption is a step function, and that there isn't survivor bias and influence during the process of getting to the point where you can even win an election. Running an election campaign as anyone but a filthy rich person means you have to accept a brown bag at the beginning with a lot of implied conditions. Sortition means it's at least possible you get someone who isn't looking for the brown bag.
>Sortition means it's at least possible you get someone who isn't looking for the brown bag. I mean sure, but sortition has tons of it's own problems, and it's actually pretty easy to reduce the requirement to take a bag before you can run a campaign, because this is something every other democratic country manages. The US is the only country that allows you to run campaign adverts years ahead of time. That's expensive. The US has no limits to campaign contributions in the first place, and no ceiling on campaign spending. The US has loudly declared that it is right and just that the mega rich oil Baron can pay for literally every single campaign if they want, and unilaterally control who has access to his funds for getting elected. The US Supreme court has declared that it is a good thing that the oil baron can always outspend average people to get their needs heard. Maybe fix the part of our country where we allowed the supreme court to insist that more money should give you more access and control over government. Maybe fix the part where half the country insists that we should elect "Businessmen" who will run a country like a "Business" because that's somehow a good thing, and that having someone who has direct business interests that are contrary to the interest of the general public run said government is a good way to do things. It's like thinking that Pharma adverts are bad and so we should destroy the pharma industry. Like, no, chill, just ban pharma adverts like the rest of the world.
 Top