Unlurker|Replay|About
Fran Sans – font inspired by San Francisco light rail displays (emilysneddon.com)
Typography nerds are some of my favourite nerds. Font specimen pages are so often screaming with design language and intention, they push and prod to evoke and present. Maybe the secret has something to do with the lack of priority to the actual content; just present the font gosh-darn! Looks nicely executed within the confines of the inspiration. very cool
FYI no lower case, also "contact the author for licensing". (The article is a neat story of digging into the history of the displays which are about to be going out of service, as well as some practical aspects of the font design - it's just not casually available.)
> Back at the SFMTA, Armando told me the Breda vehicles are being replaced, and with them their destination displays will be swapped for newer LED dot-matrix units that are more efficient and easier to maintain. By the end of 2025 the signs that inspired Fran Sans will disappear from the city, taking with them a small but distinctive part of the city’s voice. :-(
Start here for more of the actual font: https://emilysneddon.com/fransans
Both of these pages seem to me like they're designed for mobile-only usage. I'm sitting here with a 4k screen, browser maximized, and all text is, like, huuuuge! And the worst part? You can't zoom! Seems kind of user-hostile to me …
Native Secure Enclave backed SSH keys on macOS (gist.github.com)
Does anybody know if there is something similar for gpg keys? E.g. for commit signing? That is, natively with the Secure Enclave, not exportable.
Time to up my game and finish adding new features to KeyMux, which supports enclave keys for SSH, SSL, and PGP, including in mixed-use scenarios, such as secure enclave-backed SSL peer authentication to a Vault server for SSH authentication with a non-exportable Vault private key: https://keymux.com/ ( https://apps.apple.com/us/app/keymux/id6448807557 )
Oh, this is neat! I wonder if apple just added support for the secure enclave as a provider or if this might help fix the bad experience of yubikeys on the mac. Last time I tried it, the distributed ssh and ssh-agent didn't play well with security keys
If I understand correctly, this means you can't back up the private key, correct? It's in the Secure Enclave, so if you lose your laptop, you also lose the key? Since it looks like export only really exports the public key not the private one? Probably not the worst thing, you most likely have another way to get into the remote machine, or an admin who can reset you, but still feels like a hole. Or am I missing something? ps. It amuses me that my Mac won't let me type Secure Enclave without automatically capitalizing it. Edit: I understand good security is having multiple keys, I was simply asking if this one can be backed up. OP answered below and is updating their webpage accordingly.
If you set this up on two devices, you can put both their public keys into authorized_keys at least.
Strictly speaking people should be using multiple keys so if a device is lost/stolen, you're not left high and dry. Ideally one per device, especially if they don't support some kind of secure enclave. I keep one in a yubikey protected by a PIN that sits in a safety deposit box, too. This way if I have my laptop, phone, and day-to-day yubikey is a house that suddenly burns down, I'm still ok.
You're not really supposed to 'export' keys. Any time you move a key you risk exposing it. The idea of PKI is that only public keys move, the private key stays in one place, ideally never seen.
It's much safer to export a key one time and import it into a new machine, or store it in a secure backup, than to keep it just hanging out on disk for eternity, and potentially get scooped up by whatever malware happens to run on your machine.
I've been in the security space for 25 years, and understand the theory of PKI. But I've also been in the ops space for 30 years, and understand that if you don't balance security theory with operational practice, critical business functions can fail. Ideally yes, the private key is never seen. In reality, it needs to be backed up in a secure place so it can be restored in the event of a failure.
Check out `man sc_auth`. There's also an exportable variant where the private key is encrypted using the secure enclave as opposed to generated on the secure enclave: % sc_auth create-ctk-identity -l ssh-exportable -k p-256 -t bio % sc_auth list-ctk-identities p-256 A581E5404ED157C4C73FFDBDFC1339E0D873FCAE bio ssh-exportable ssh-exportable 23.11.26, 19:50 YES % sc_auth export-ctk-identity -h A581E5404ED157C4C73FFDBDFC1339E0D873FCAE -f ssh-exportable.pem Enter a password which will be used to protect the exported items: Verify password: You can then re-import it on another device % sc_auth import-ctk-identities -f ssh-exportable.pem.p12 -t bio Enter PKCS12 file password: I'll add this to the guide
How is this method any different from encrypting the private key without any secure enclave? Isn't it just using a password derived key?
“ This is might be considered secure but is convenient for key backup.” Might want to clean up that sentence.
Inability to export the private key is no different from using an YubiKey? You can't "backup" the private key they generate either.
Which makes yubikey impossible to use with geographically distributed backups. You need the backup available at all times for when you want to register with any new service. This is why you should use a device which allows exporting the seed, like e.g. multi purpose hardware crypto wallets.
Are you talking about SSH or a different setting? With SSH, you can always share the primary and backup pub keys, even if you don't have the backup key handy.
No I got distracted by the word yubikey. Arguably not the same subject. :)
Yeah, that is why you should not generate it on a YubiKey. You need to have: - an offline master private key backup (air-gapped) - primary YubiKey (daily use) - backup YubiKey (locked away) - revocation certificate (separate storage) (it is your kill-switch) Having a second YubiKey enrolled is the standard practice. What people do wrong is: - They generate directly on YubiKey - They only use one device - They do not create a revocation certificate - They have no offline backups You generate your GPG keys on a secured system, load the subkeys (not the master because it is not used for daily cryptography) into the YubiKeys, and then remove the secret keys from this system where you generated the keys.
I can understand revocation for GPG, but is revocation ever used for SSH? I could understand it if SSH certificates are used, but honestly I've never encountered an org using SSH's cert system.
Well, revocation does not exist in the SSH ecosystem, but it is implemented and used at the infrastructure level, so in a limited and indirect way, yeah. OpenSSH has a built-in key revocation mechanism (KRL), and there are SSH certificates (with a CA) and certificate revocation, and there is ad-hoc "revocation" by removing keys from the "authorized_keys" file. If you use your GPG key for SSH, the servers that have your public key do not automatically know that your GPG key was revoked, and SSH authentication will proceed unless you remove the public key from the server OR the server uses an SSH CA/KRL model. All in all, SSH supports real revocation, but it must be enforced by the server. It is different from GPG where revocation follows the key, not the server. I have not used KRL myself, but I know how it works. You can generate a new empty KRL, then add keys to revoke, and then to distribute the KRL to servers by configuring OpenSSH to use the KRL file, by adding "RevokedKeys /etc/ssh/revoked_keys.krl" to "/etc/ssh/sshd_config". The pros of KRL is that they scale better than manual removal for multiple servers, and you can revoke entire CA ranges instead of individual keys if using SSH certificates which is recommended for large setups.
> whether the ssh service is configured to allow or deny passwords. Given the consistent use of "password" instead of "passphrase", I think they meant an exfil'ed encrypted key is vulnerable to no-rate-limit bruteforcing, in contrast with hardware-backed keys.
Right, but my context is that devs often use no passsphrase at all. If someone can get a copy, they have instant access to whatever it has access to. They don't need to even break encryption since the key has none if none has been applied. My stance is simply, at least add a passphrase to the key (though some call it a password).
gotcha, thanks for clarifying!
Are consumers just tech debt to Microsoft? (birchtree.me)
Not rick roll: https://www.youtube.com/watch?v=HZSkM-QEeUg
No, Microsoft products are the tech debt everywhere
Someone should come up with an alternative
I am, unironically, considering this for my dad's computer: https://chromeos.google/products/chromeos-flex/
ChromeOS just works, go for it.
Nobody seems to want to use Copilot, but Microsoft is in a great position when AGI "drop-in office workers" become a thing. They can just provision however many virtual coworkers to a Microsoft Teams instance and you'll be handing off documents and chatting with the AGI workers pretty much as you would any other remote worker. Microsoft doesn't have to be first or best here. Just owning the plumbing of so many present-day workplaces with Teams and Office will make it hard to beat them.
Why don't we see companies adopting this setup with offshore workers if it's that "seamless" and easy to get started?
> Microsoft is in a great position when AGI "drop-in office workers" become a thing While I don't disagree with you here, that's a helluva big bet. It'll have to happen soon enough that other companies aren't able to pivot in time, and despite what Altman says, I just don't see it happening at that timescale.
> While I don't disagree with you here, that's a helluva big bet. And yet, one that Microsoft has the best chances. Apple has all but zero presence in BigCorp outside of social media and creative teams. Google has its Workspaces thing plus its web wannabe-equivalents to Office, but that's it. And AWS is an infrastructure provider. Microsoft in contrast? They're everywhere and most importantly, whatever is in Office 365 automatically has the "compliant" checkboxes ticked for auditors. And MS can easily ride the time until AGI or something coming reasonably close to it is marketable on that moat.
"Apple has all but zero presence in BigCorp outside of social media and creative teams" Bad take. Apple has a strong presence within the tech and digital agency world. At every company i've worked for (3 tech companies, 1 digital agency), the Macbook is the default issued workstation unless you formally request a Windows laptop. Some roles, like finance, tax, 3D design, favor Windows but that is generally because certain software they depend on only exists in the Windows world. Microsoft totally dominates non-tech companies though.
For the average office task they don’t seem far off being competent, at least to the average workers quality. Ai builder with gpt5 + workflow triggers is very capable already. 1-2 more model generation hops needed plus a bit more “agent” plumbing before its game over for the excel and word jobs.
Which average office tasks would those be? Writing project proposals? Putting budget numbers into a shared spreadsheet? Composing a progress report? Preparing presentation slides for an executive status update meeting? Writing performance reviews? Taking mandatory compliance training? Going to planning meetings? One or two of these, I could see. Automated progress reports would be nice. But a lot of them aren’t about document generation, but about human accountability, about being a person who commits to something in writing. Automating away paper pushers means all the accountability lands on their bosses, leaving them nowhere to hide. It will be quite something if we manage to rewrite the corporate social context like this.
Looking like 2028-2030 but it's a moving target. Since we're basically getting flying cars next year at the World Cup, I guess it's going to be after flying cars.
I prefer fusion power as the go-to vapourware technology. It’s been “10-20 years out” for 70 years and counting. I don’t see any reason to believe that “AGI office workers” will be ready to go by 2030. All signs right now are pointing to a looming plateau in their capabilities.
Fusion has halved the "interval until we get it" on those 50 years. AGI has doubled the "interval until we get it" twice already since 2022. Those things are not the same kind of vaporware.
> VSCode (polished, fast, ...) and Explorer (paleolithically slow, In what world is VSCode fast when its startup time is multiples of Explorer (which had in recent news decided to preload itself to mask that issue) and they are the result of exactly the same fundamental shift from native to web native
VSCode starts up the same as any other IDE, and is responsive and snappy when using it. Explorer starts up about 100 times slower than any other file explorer, and is exceptionally while using it too.
The competition is IntelliJ, which can be slow as molasses.
The web/webapps/mobile helped lead to this era of "desktop PCs" (to include laptops) where the browser mattered more than the OS. It allowed Apple to become resurgent in the desktop market because OS compatibility mattered less than ever. It's not weird that it led to Apple regaining _some_ market share because clearly there was demand for the Apple/MacOS/OS X experience that may have been tempered by incompatibility in the pre-webapp days. What _is_ weird, and nonintuitive, is that the (by all accounts) higher-cost vendor would be seen as ascendent in this market. All the more weird for two reasons: 1. The Apple experience, at least on the OS side, matters less and less in the webapp world. 2. Apple isn't trying, either! They're seemingly doing their best to abandon and alienate their desktop OS users. A decade or more of stagnation or regression in features and usability, capped off by Tahoe this year. It feels like Apple and Microsoft are just waiting for the desktop OS to die, waiting for mobile to take it over; so we can all just shut up and stop asking for filesystems and terminals so they can sell us iPads and Surfaces, and they can finally be free of this ancient burden of selling desktop computer OSes. And the consumers keep buying the stupid things, demanding product in a market that the vendors don't want any part of.
> 1. The Apple experience, at least on the OS side, matters less and less in the webapp world. I see it the opposite. At least for iPhone owners Universal Clipboard and file sharing with Airdrop are killer apps.
As an Apple Stan, I don’t understand what you’re referring to. MacOS is light years ahead of Windows in so many arenas, I’m not really sure what you could be referring to when you say “stagnation”. Every OS ever released has issues at launch, not sure if that’s what you mean by “regression”. But man… windows has been garbage for the better part of 2 decades now.
Snapping and switching windows is light-years ahead of Windows? It only recently became a little more reasonable, and even then they still kept that idiotic full screen mechanic.
After two decades of relentless effort, Apple has finally managed to make Spotlight as broken and useless as Windows Search where it doesn't find local files and just returns web results.
It's telling that to defend Apple against the charge of stagnation you immediately attacked Windows.
They only attacked Windows at the very end of their statement.
And I mean... They're not wrong. I use a Mac for work, but also use windows and Linux machines. The best experience hands down when it comes to specific things would be Linux, for very niche things because it's way less clunky than it used to and people have figured things out in the meantime. My mac is the only system that I can mount (without too much pain because people have figured it out) any filesystem, I can virtually open every document from Mac to Windows to Linux. I have something close to package control with homebrew. The M chips are ridiculously good at both being decently performant while low energy consumption. Sure it has its host of issues and I would be the first one in line to dunk on Apple for many many... many many, reasons, but there are things to like with their laptops... In comparison, recently, Windows has been more and more aggressive towards their users and their data, attempting to lock people in for some spreadsheet editor... Gone are the days of Lotus1-2-3...
And the second sentence.
> Microsoft has never been a consumer tech company. Windows 95 was definitely consumer tech. Windows XP was about making the Windows NT line accessible for home users going forward. Weirdly, Windows Phone was aimed at consumers at a time when they really could have leveraged integrations with products like Exchange and Office to stand out.
They already had Windows CE and ActiveSync, the bane of many an IT support worker. It might be they expected phones to remain consumer-only, and the business world to keep using PDAs.
I'm young, I'll take that bet. In 25 years windows will still have greater than 50% consumer computer marketshare out of sheer momentum.
I'd be very surprised if "consumer computer" will be anything but a niche thing in 25 years.
It might be just a remote UI over "Windows Cloud Eternal" at that point but if by then we've moved to "Apple Forever OS" or "The Eternal Year of the Linux Desktop" I'll make a balanced diet out of hats
Author is using Microsoft and Windows interchangeably, this post is only about Windows. Gaming is a bigger business for Microsoft than Windows and that can only ever be consumer focused. There's no mention of Xbox, nor an awareness that Microsoft published games are playable on the Steam Machine.
I don't think gaming is really bigger than windows. Gaming revenue is 23B in 2025 and Windows+Devices is 17B, so just in this metrics they're already close; but you have to factor how much of their 120B Office+Productivity line on their annual report only exist because people use Windows. If you take LinkedIn and Dynamics out of the equation you get approximately 100B in Office, Teams, SharePoint and stuff like that and people only use these product at scale because they're on Windows.
Yes, the article should really be titled "Is Windows just tech debt to Microsoft?" and could have been published five or six years ago.
It would be a short article. “Yah”
Microsoft has definitely angered consumers in the gaming space. Look what they've done to Minecraft, or the formerly beloved studios they bought out. The Game Pass price hike was not well-received.
Yeah there's lots of complaining but until they move to linux, stop buying their games and cancel their subscriptions nothing will change in the enshittification path.
This more recently happened to IBM (as a computer manufacturer). If your platform is not accessible to hobbyists, the next generation will not be familiar with it, and when they go get a job, it probably won't be with the technology they don't know. Then, assuming there is a credible alternative, the inaccessible technology will die out in a generation, as we've seen with IBM mainframes.
Yes, many companies even start with hobbyist tools. IBM proves that going all B2B is not a good idea. The other end of the problem is Apple which is a consumer company, but they prohibit companies to use their hardware for building new things. Both approaches suck for consumers and/or startups, but Apple's approach at least works for them from a business perspective.
The “CTO” at my small employer used this book to explain why we needed to stick with Perl and Oracle 9i in 2020.
It sounds like your CTO took the opposite message of the book. Well the modern interpretation anyway. But can't really argue with not rewriting working code, even the Oracle licensing is probably is probably nothing in terms of cost. Might wanna update to a supported version though.
Dark Mode Sucks (tomechangosubanana.com)
This post makes me want to start a site to collect the worst-ever takes shared on HN. Right now this would be at the top of the list. ;)
I rarely flag articles, but this one was garbage and made the cut.
Ok you don't like dark mode. I love dark mode, and I don't like light mode. Everything is dark mode on my machines, day and night. I find it stupid to have so much light beamed into my face, and I prefer to only light up the useful signal. The letters and numbers, and graphs. The 99% of background is of no interest and as such it doesn't need to send light to my face.
Just make it configurable. It's not that hard. The only thing I want to hear less about than light vs dark, tabs vs spaces, is the dripping condescension of morning people. Make it configurable and let people be.
My current problem in Windows is there’s at least 3 system functions, PowerToys and screensaver places vying for control somewhere that I have to manually turn on the Dark theme on when signing in every morning.
Without taking an extreme or absolutist stance on this issue, I generally agree with the author here. Dark mode should be reserved for after sunset and before sunrise. The eyes are adapted to see daylight levels of light during daytime. If your ambient lighting and screen don't match this, then you're not using your body in the way it's evolved to function. What we need more of are screens with anti-glare and a wide range of brightness levels. What might have a worse impact on your eyesight is the effects of Myopia, which is being exacerbated by basically every portable device with a screen. Anyone who has the technological literacy to enable dark mode (and advocate for it) is likely someone who gets above-average screen time and is therefore someone at a higher risk of myopia.
It absolutely depends on what you do, for any work involving computer imagery, a dark surround, i.e., dark UI, around the area of interest, e.g., 3D Viewport, 2D Canvas is a must so that to not bias the work. This one of the main reason why Adobe Photoshop, Adobe Lightroom, Autodesk Maya, Blender, The Foundry Nuke, Autodesk Flame, Baselight Filmlight, etc... all have dark themed UI.
Raycast for Windows Is Here (raycast.com)
I feel the same way about macOS, I used it for several years for various jobs and now will literally not accept a job offer if they force another Macbook on me. Point is, if you're selling something to Windows users, don't say their choice of OS sucks.
I used to be a diehard Mac guy but now I insist on having a Linux workstation. My preference is Suse but I’d settle for Ubuntu if it means I don’t have to use MacOS.
Same tbh. macOS is my last resort, I find so much of it incredibly frustrating, from the literal constant permission nannying, the unrepentant "We broke your shit, deal with it" that comes with many many updates, the horrendous UI of Tahoe, it's the worst. Apple might have great (though boring) laptop hardware, but jeez louise does macOS ruin the whole thing.
I had so many issues with it, but the one that annoyed me the most is app icons in the menu bar being hidden behind the physical notch, meaning I couldn't see them unless I was connected to a second screen. It showed me the whole "Apple is amazing at design" stereotype was just that. Oh, and the Music app would launch whenever I hit the play key, even with Spotify open in a tab. Not once did I ever want to open Music.
>I think people who do this think that people who use Windows perceive that the Mac experience is smoother, and may have some sort of Mac envy. There's an irony in this due to this: >b) WSL-based, VSCode-using devs who are one step away from just using Linux. These are the folk who fifteen years ago would have been using what was then still OSX. But these folk don't use Windows as Windows: they use it as a semi-Unix. The people still doing the "hurr durr wind0ze suxx" routine are the ones stuck 15 years in the past. Modern Windows is an entirely different and vastly more capable beast and it still runs huge swathes of the enterprise world. The best technologists I know don't really care all that much which desktop platform you stick them on anymore since most of what they really need is either available everywhere or running on a backend that isn't their desktop anyway.
> Modern Windows is an entirely different and vastly more capable beast and it still runs huge swathes of the enterprise world. Okay, but what does it actually do that Linux doesn't? What's the selling point, why should I make the switch from Linux to Windows?
This is a strange take. Should we never ever change UI because grandpa can’t learn the updates?
This is reductive black and white thinking that simply refuses to deal with the real problem that I clearly illustrated. Microsoft windows is a critical tool that society continues to build dependence on. The poorly executed redesigns of key windows features has consequences unlike the vast majority of software systems. With Microsofts great power, comes great responsibility.
73% of AI startups are just prompt engineering (pub.towardsai.net)
Why is this post published in November 2025 talking about GPT-4? I'm suspicious of their methodology: > Open DevTools (F12), go to the Network tab, and interact with their AI feature. If you see: api.openai.com, api.anthropic.com, api.cohere.ai You’re looking at a wrapper. They might have middleware, but the AI isn’t theirs. But... everyone knows that you shouldn't make requests directly to those hosts from your web frontend because doing so exposes your API key in a way that can be stolen by attackers. If you have "middleware" that's likely to solve that particular problem - but then how can you investigate by intercepting traffic? Something doesn't smell right about this investigation. It does later say: > I found 12 companies that left API keys in their frontend code. So that's 12 companies, but what about the rest?
That's a big llm smell when it mentions old models like GPT-4
I can believe that many startups are doing prompt engineering and agents but in a sense this like saying 90% of startups are using cloud providers mainly AWS and Azure. There is absolutely no point of reinventing the wheel to create a generic LLM, spend fortune to run GPUs while there are providers giving this power cheaply
In addition, there may be value in getting to market quickly with existing LLM providers, proving out the concept, then building / training specialized models if needed once you have traction. See: https://en.wikipedia.org/wiki/Lean_startup
For me, 2023 was an entire year of weekly demos that now looking back at were basically a "Look at this dank prompt I wrote" followed by thunderous applause from the audience (which was mostly, but not exclusively, upper management) Hell man, I attended a session at an AWS event last year that was entirely the presenter opening Claud and writing random prompts to help with AWS stuff... Like thanks dude... That was a great use of an hour. I left 15 minutes in. We have a team that's been working on an "Agent" for about 6 months now. Started as prompt engineering, then they were like "no we need to add more value" developed a ton of tools and integrations and "connectors" and evals etc. The last couple of weeks were a "repivot" going back full circle to "Lets simplify all that by prompt engineering and give it a sandbox environment to run publicly documented CLIs. You know, like Claude Code" The funny thing is I know where it's going next...
But did it work? This is the sticking point with me now. I've seen slides, architecture diagrams, job descriptions, roadmaps and other docs now from about a dozen different companies doing AI Agent projects. And while it's completely feasible to build the systems they're describing, what I have not seen yet is evidence of any of them working . When you press them on this, they have all sorts of ideas like a judge LLM that takes the outputs, comes up with modified SOPs and feeds those into the prompts of the mixture-of-experts LLMs. But I don't think that works, I've tried closing that loop and you get LLMs flailing around?
But ... what else should they be doing? What's the expectation here? For example, in the 90's, a startup that offered a nice UI for a legacy console based system, would have been a great idea. What's wrong with that?
They should be creating tiny domain specific models, because someday OpenAI will stop selling dollars for a nickel.
IMO nothing wrong with it. Just misleading to call yourself an AI company when you actually make a CRUD app. I think if these companies were honest about what they’re doing nobody would be upset. There’s an obvious deliberate attempt to give an impression of technical complexity/competence that isn’t there. I assume it works because the ecosystem is, as you say, so new. Non-technical observers have trouble distinguishing between LLM companies and CRUD companies
I don’t have a problem with a company calling themselves an AI company if they use OpenAI behind the scenes. The thing that annoys me is when clearly non-AI companies try to brand themselves as AI: like how Long Island Iced Tea tried to brand themselves as a blockchain company or WeWork tried to brand themselves as a tech company. If we’re complaining about AI startups not building their own in house LLMs, that really just seems like people who are not in the arena criticizing those who are.
So, what is an AI company? What do they sell? AI models? agents? Are they building these from scratch or using some pre-trained base models/agents?
Actual AI. Not being "AI" users. Being LLM users would be fine but they pretend they do AI.
What’s actual AI in this context?
> Yeah, TBH my BS detector is going off because this article never explains how he is able to intercept these calls. You mean, except for explaining what he's doing 4-5 times? He was literally repeating himself restating it. Half the article is about the various indicators he used. THERE'S EXAMPLES OF THEM. There's this bit: > Monitored their network traffic for 60-second sessions > Decompiled and analyzed their JavaScript bundles Also there's this whole explanation: > The giveaways when I monitored outbound traffic: > Requests to api.openai.com every time a user interacted with their "AI" > Request headers containing OpenAI-Organization identifiers > Response times matching OpenAI’s API latency patterns (150–400ms for most queries) > Token usage patterns identical to GPT-4’s pricing tiers > Characteristic exponential backoff on rate limits (OpenAI’s signature pattern) Also there's these bits: > The Methodology (Free on GitHub next week): > - The complete scraping infrastructure > - API fingerprinting techniques > - Response time patterns for every major AI AP One time he even repeats himself by stating what he's doing as playwright pseudocode, in case plain English isn't enough. This was also really funny: > One company’s “revolutionary natural language understanding engine” was literally this: [clientside code with prompt + direct openai API call]. And there's also this bit at the end of the article: > The truth is just an F12 away. There's more because LITERALLY HALF THE ARTICLE IS HIM DOING THE THING YOU COMPLAIN HE DIDN'T DO. In case it's still not clear, he was capturing local traffic while automating with playwright as well as analyzing clientside JS.
>Response times matching OpenAI’s API latency patterns (150–400ms for most queries) This also matches the latency of a large number of DB queries and non-OpenAI LLM inference requests. >Token usage patterns identical to GPT-4’s pricing tiers What? Yes this totally smells real. He also mentions backoff patterns, which I'm not sure how he'd disambiguate extremely standard backoff in a normal API. Given the ridiculousness of these claims, I believe there's a reason he didn't include the fingerprinting methodology in this article.
> Monitored their network traffic for 60-second sessions How can he monitor what's going on between a startup's backend and OpenAI's server? > The truth is just an F12 away That's just not how this works. You can see the network traffic between your browser and some service. In 12 cases that was OpenAI or similar. Fine. But that's not 73%. What about the rest? He literally has a diagram claiming that the startups contact an LLM service behind the scenes . That's what's not described, how does he measure that? You are not bothered by the only sign that the author even exist is this one article and the previous one? Together with the claim to be a startup founder? Anybody can claim that. It doesn't automatically provide credibility.
I believe he's saying that a large number of the startups he tested did not have their own backend to mediate. It was literally direct front-end calls to openai. And if this sounds insane, remember that openai actually supports this: https://platform.openai.com/docs/api-reference/realtime-sessions Presumably OpenAI didn't add that for fun, either, so there must be non-zero demand for it.
I'm always more interested in the 'less is more' strategy, taking things away from the already hyper-complicated stack, reviewing first principles and simplifying for the same effectiveness. This is ever more rare.
I think this sense of “less is more” roughly means refactoring? I think the reason these go south so often is because we’re likely moving complexity around rather than removing it. Removing a layer from the stack means making a different layer more complex to take over for it.
Mount Proton Drive on Linux using rclone and systemd (github.com/dadtronics)
As a (previous) customer of Proton from many years and a user of their drive product, you should be aware that earlier this year the drive API endpoints began to block their own VPN egress quite often for rate limiting. They also block many cloud provider’s egress. They also don’t officially support rclone, and their changing API spec often breaks the compatibility. I saw the writing on the wall and migrated rapidly earlier this year ahead of crypto product launches ahead of the email fiasco. It was hard to get data back out, even then. Proton still stands for privacy. But the dark patterns for lock-in I can do without. Hetzner Storage boxes with rclone and the “crypt” option are a drop-in replacement, at ~$40 for 20TB. That’s where I went instead.
The state of things isn't great IMHO. Im not sure I trust any of EncFS, CryFS, and gocryptfs. Many leak metadata and/or have serious security concerns.
Metadata leakage is a fundamental issue when you go from block to object. I can think of some schemes that would help but they’re all kinda nasty lol
Of course, and I didnt intend to downplay the efforts of those projects. Just pointing out that they don't meet the requirements of most threat models.
↙ time adjusted for second-chance
Spectral rendering, part 2: Real-time rendering (momentsingraphics.de)
Not a ton of info on it, but ran into this graphics of a galaxy, all rendered with some form of spectral rendering. Thought it was super cool. https://bsky.app/profile/altunenes.bsky.social/post/3m5z6vr2svk2u Distantly reminds me the decades I spent with galaxy as my xscreensaver. https://manpages.debian.org/jessie/xscreensaver-data/galaxy.6x.en.html
Apparently (from a layman's perspective) the difference between conventional RGB ray tracing and spectral ray tracing is this: RGB assumes all light sources consist of three RGB lights, where the brightness of red, green, and blue varies. E.g. a yellow light would always be a red and a green light. In contrast, spectral rendering allows light sources with arbitrary spectra. A pure yellow light (~580 nm) is different from a red+green light. The physical difference is this: If you shine, for example, a pure yellow light on a scene, everything looks yellow, just more or less dark. But if you shine a red+green (impure yellow) light on a scene, green objects will be green and red objects will be red. Not everything will appear as a shade of yellow. Conventional RGB rendering can only model the latter case. This means some light sources, like high-pressure sodium lamps, cannot be accurately rendered with RGB rendering: red and green surfaces would look too bright. (Also note that the linked post has also a part 1 and 3, accessible via "next/previous post" at the bottom.)
It also becomes important for rendering glass and other highly refractive substances. Some conventional RGB rendering engines can mimic dispersion, but with spectral rendering you get it "for free."
I was sure it must have been invented already! I've been trying to look for this idea without knowing it's called "spectral rendering", looking for "absorptive rendering" or similar instead, which led me to dead ends. The technique is very interesting and I would love to see it together with semi-transparent materials — I have been suspecting for some time that a method like that could allow cheap OIT out of the box?
Court filings allege Meta downplayed risks to children and misled the public (time.com)
Social media is going to be seen to future generations the way we currently see tobacco and alcohol. Look at what social media has done to the wellbeing of teen girls. There's been a dramatic decline in the mental health of teen girls. All those filters, OF fans, stars with eating disorders (just look at the Wicked cast), is literally killing teen girls with social anxiety.
It's even more egregious in this case because Meta's employees were turning a blind eye to child sexual exploitation that they knew fine well their work was enabling. Maybe those fat bonuses and generous stock options wiped away the feelings of guilt, if these Silicon Valley sociopaths even felt any in the first place.
We’re all just trying to get our nut.
Look, most of us here know that meta is a terrible company that has done terrible things. But what is actually being done about it? So far just some token fines and petty wrist slaps. What’s really the plan here? Because they’re not going to stop.
Where? In the U.S.? Forget it. The U.S. is a plutocracy; any resemblance to democracy is just make-up. In the EU? They might get there, but anytime the EU acts on something, it will take decades of talking. In the rest of the world? Only China is willing and capable to face American plutocrats. Everyone else is scared of them.
> But what is actually being done about it? Serious question: What exactly do you want to see done? I mean real specifics, not just the angry mob pitchfork calls for corporate death penalty or throwing Mark Zuckerberg in jail.
Isn’t this what we have RICO for? > she was shocked to learn that the company had a “17x” strike policy for accounts that reportedly engaged in the “trafficking of humans for sex.” There’s no way in hell this isn’t just tacitly incentivized the facilitation of trafficking activities through the site.
Other shareholders in jail also. If my dog bites somebody, I'm on the hook. It should be no different with companies. We have to create incentives to not invest in troublesome companies. Fines are inadequate, they incentivize buying shares in troublesome companies and then selling them before the harm comes to light.
Amend Section 230 so that it does not apply to content that is served algorithmically. Social media companies can either allow us to select what content we want to see by giving us a chronological feed of the people/topics we follow or they can serve us content according to some algorithm designed to keep us on their platform longer. The former is neutral and deserves protection, but the latter is editorial. Once they take on that editorial role of deciding what content we see, they should become liable for the content they put in front of us.
This would be a huge step in the right direction.
Just FYI. For a very long time, strong alcohol ads were banned on TV, and the same with tobacco. I don't watch regular TV, anymore, so I don't know if it still is in place. Mentioning "banning advertising" on HN is bound to draw downvotes. A significant number of HN members make money directly, or indirectly, from digital advertising. It's like walking into a mosque, and demanding they allow drinking. Won't end well.
In this case, the suggestion of banning advertising is drawing downvotes from me because I see it as politically unrealistic. At least in my state, there isn’t even a ban on advertising online gambling!! It is quite a stretch to think we could move from there to banning any kind of advertising. It has nothing to do with the fact that a bunch of HN readers make money from ads. I don’t.
Every cig exec lied under oath and only received monetary fines.
Cigarette makers were a dying cry of the old aristocracy. Silicon Valley is the rallying cry of the new aristocracy. While I don’t quite believe they’ll achieve their Feudal dreams in the near-medium future. I do expect the US to transition to a much more explicitly an oligarchic republic as a large, with the pretense of “Government of the people, by the people, for the people” is largely pushed to the side. Only solution seems to be to drop out of society to whatever degree possible.
Editing Code in Emacs (redpenguin101.github.io)
My favorite way to move around in Emacs, and to move text around, is via avy-mode: https://github.com/abo-abo/avy . If you have not experienced avy-mode, give it a try, I think you will wonder how you ever got along without it.
I really like this, it's a bit hardcore, but for someone that really cares about efficiency (whether it is worth it or not - debatable), this is great. Though I have one minor nit against one point, that I've seen basically in every similar article: > This means no arrow keys and no mouse I use Neovim daily, and there is no denying that 98% of the time, using mouse is less efficient than doing a fancy search or jump. But for the remaining 2%, it's provably true that mouse is better - like, selecting an arbitrary block of code (without {} or any keyword to hang on). So I always recommend leaving the mouse enabled. Just use it when it makes sense.
Meh. I'm not a fan of modal interfaces. But if it works for you, then knock yourself out. I appreciate the write-up here. I'll give it a try to see if I can see what the author is talking about. The overwhelming majority of code I write now is in snippets inside text documents (think Knuthian Literate Programming) so I don't know how that would work w/ the author's modal setup. But they went to the trouble of documenting it, and it seems sort of like what `vi` people are always yammering about. Seems a decent idea to try to understand it.
In my opinion there's no reason to stick to the "old school" / classic emacs controls. They're archaic at this point. I am an experienced emacs user and I still use CUA mode, arrow keys, and I wrote a package which completely overhauls built-in "word jumping" commands (called bbww on melpa.) You don't need to worry about upholding traditional emacs orthodoxy
Disagree with this just because it makes everything else easier. The more you stick to common key bindings, the more intuitive various packages will be. Eg navigating lines vs blocks in a magit diff block is C-n and N respectively. Copying a full hash is M-w. All these bindings are intuitive “overlays” on conventional bindings. Emacs shines when packages combine to form a whole greater than the sum of its parts. Changing basic key bindings is the quickest way to vitiate that symbiosis. Unfortunately. And while they may be old school, traditional, and orthodox, they are by no means idiosyncratic. They’re widely supported: readline , bash, everywhere on macos, even modern browsers. Eg you can actually paste in bash: try killing something with C-w or C-k, and paste it back using C-y. Or transpose arguments using C-M-t. Navigate suggestions in Firefox using C-n and C-p. Bash even supports undo using C-/. All to say: learning emacs movement keys pays off.
Racket v9.0 (blog.racket-lang.org)
From the Idris 2 documentation: >> Can Idris 2 compile itself? > Yes, Idris 2 is implemented in Idris 2. By default, it targets Chez Scheme, > so you can bootstrap from the generated Scheme code, as described in Section > Getting Started. Also, check this talk: https://www.youtube.com/watch?v=h9YAOaBWuIk
well, i wouldn't call that beeing bootstrapped. in this case the generated scheme code is just a strange form of executable file that happens to need ChezScheme to be executed. i.e. an ELF64 idris2 linux binary vs. an idris2.scm file that needs ChezScheme to come alive. as for Idris2 implemented in Idris2: well, yes, that's true for the current version of Idris2. but the first version of Idris2 was written in Idris1. and the first version of Idris1 was written in Haskell.
What was the name of the class?
Might have been Waterloo's Introduction to Functional Programming (CS 135). I have TA'd (technically ISA'd) that course several times and helped countless students in office hours. The struggling students didn't just hate Racket, they hated the whole HTDP philosophy of following a "design recipe" and writing documentation prior to implementing a function. Most of those struggling students essentially waited till the last minute to do the documentation, completely flouting the intention of the course. I don't know if the strong students had the intended approach since they were never in office hours asking for help!
It could be following PLAI: https://plai.org/
But that's not normally run as an introductory course, which is what OP mentioned Racket being used for.
 Top