Unlurker|Replay|About
Leave the Gold in the Ground (bloomberg.com)
gold has useful chemical, and physical properties, the most ubiquitous seems to be that of low resistance conductor. we dont want to get rid of it entirely, but other elements may suit our purposes, and give refrain to the disrupted planetary reaction systems. if gold conductors may be supplanted by nanoscale carbon constructs, the current not enough gold, too much carbon problem can be inverted.
https://miltonfriedman.hoover.org/internal/media/dispatcher/215061/full
Claude Advanced Tool Use (anthropic.com)
I cannot believe all these months and years people have been loading all of the tool JSON schemas upfront. This is such a waste of context window and something that was already solved three years ago.
Nice! Feature #2 here is basically an implementation of the “write code to call tools instead of calling them directly” that was a big topic of conversation recently. It uses their Python sandbox, is available via API, and exposes the tool calls themselves as normal tool calls to the API client - should be really simple to use!
Tools for tools. How about an LLM tool for tools?
We seem to be on a cycle of complexity -> simplicity -> complexity with AI agent design. First we had agents like Manus or Devin that had massive scaffolding around them, then we had simple LLMs in loops, then MCP added capabilities at the cost of context consumption, then in the last month everything has been bash + filesystem, and now we're back to creating more complex tools. I wonder if there will be another round of simplifications as models continue to improve, or if the scaffolding is here to stay.
This is what I've been talking about for a few months now. the AI field seems to reinvent the wheel every few months. And because most people really don't know what they're talking about, they just jump on the hype and adopt the new so-called standards without really thinking if it's the right approach. It really annoys me because I have been following some open source projects that have had some genuinely novel ideas about AI agent design. And they are mostly ignored by the community. But as soon as a large company like Anthropic or OpenAI starts a trend, suddenly everyone adopts it.
Most of the time people sit on complex because they don't have a strong enough incentive to move from something that appears/happen to work, with AI, cost would be a huge incentive.
Claude Opus 4.5 (anthropic.com)
again the question of concern as codex user is usage its hard to get any meaningful use out of claude pro after you ship a few features you are pretty much out of weekly usage compared to what codex-5.1-max offers on a plan that is 5x cheaper the 4~5% improvement is welcome but honestly i question whether its possible to get meaningful usage out of it the way codex allows it for most use cases medium or 4.5 handles things well but anthropic seems to have way less usage limits than what openai is subsidizing until they can match what i can get out of codex it won't be enough to win me back
I hate on Anthropic a fair bit, but the cost reduction, quota increases and solid "focused" model approach are real wins. If they can get their infrastructure game solid, improve claude code performance consistency and maintain high levels of transparency I will officially have to start saying nice things about them.
With less token usage, cheaper pricing, and enhanced usage limits for Opus, Anthropic are taking the fight to Gemini and OpenAI Codex. Coding agent performance leads to better general work and personal task performance, so if Anthropic continue to execute well on ergonomics they have a chance to overcome their distribution disadvantages versus the other top players.
It's really hard for me to take these benchmarks seriously at all, especially that first one where Sonnet 4.5 is better at software engineering than Opus 4.1. It is emphatically not, it has never been, I have used both models extensively and I have never encountered a single situation where Sonnet did a better job than Opus. Any coding benchmark that has Sonnet above Opus is broken, or at the very least measuring things that are totally irrelevant to my usecases. This in particular isn't my "oh the teachers lie to you moment" that makes you distrust everything they say, but it really hammers the point home. I'm glad there's a cost drop, but at this point my assumption is that there's also going to be a quality drop until I can prove otherwise in real world testing.
Does anyone know or have a guess on the size of this latest thinking models and what hardware they use to run inference? As in how much memory and what quantization it uses and if it's "theoretically" possible to run it on something like Mac Studio M3 Ultra with 512GB RAM. Just curious from theoretical perspective.
How nice, my Claude Code will reach the weekly limit in one query now instead of two. It is alright, all I spend is $200 a month. EDIT: For the people who downvote me for no reason: https://imgur.com/a/nWUFJSl It sucks I pay all this money to only use it for 1-2 days. Claude Code Sucks.
Ok, but can it play Factorio?
Notes and two pelicans: https://simonwillison.net/2025/Nov/24/claude-opus/
Anecdotally, I’ve been using opus 4.5 today via the chat interface to review several large and complex interdependent documents, fillet bits out of them and build a report. It’s very very good at this, and much better than opus 4.1. I actually didn’t realise that I was using opus 4.5 until I saw this thread.
Does the reduced price mean increased usage limits on Claude Code (with a Max subscription)?
A really great way to get an idea of the relative cost and performance of these models at their various thinking budgets is to look at the ARC-AGI-2 leaderboard. Opus 4.5 stacks up very well here when you compare to Gemini 3’s score and cost. Gemini 3 Deep Think is still the current leaders but at more than 30x the cost. The cost curve of achieving these scores is coming down rapidly. In Dec 2024 when OpenAI announced beating human performance on ARC-AGI-1, they spent more than $3k per task. You can get the same performance for pennies to dollars, approximately an 80x reduction in 11 months. https://arcprize.org/leaderboard https://arcprize.org/blog/oai-o3-pub-breakthrough
On my Max plan, Opus 4.5 is now the default model! Until now I used Sonnet 4.5 exclusively and never used Opus, even for planning - I'm shocked that this is so cheap (for them) that it can be the default now. I'm curious what this will mean for the daily/weekly limits. A short run at a small toy app makes me feel like Opus 4.5 is a bit slower than Sonnet 4.5 was, but that could also just be the day-one load it's presumably under. I don't think Sonnet was holding me back much, but it's far too early to tell.
Right! I thought this at the very bottom was super interesting > For Claude and Claude Code users with access to Opus 4.5, we’ve removed Opus-specific caps. For Max and Team Premium users, we’ve increased overall usage limits, meaning you’ll have roughly the same number of Opus tokens as you previously had with Sonnet. We’re updating usage limits to make sure you’re able to use Opus 4.5 for daily work. These limits are specific to Opus 4.5. As future models surpass it, we expect to update limits as needed.
I wonder what this means for UX designers like myself who would love to take a screen from Figma and turn it into code with just a single call to the MCP. I've found that Gemini 3 in Figma Make works very well at one-shotting a page when it actually works (there's a lot of issues with it actually working, sadly), so hopefully Opus 4.5 is even better.
Up until today, the general advice was use Opus for deep research, use Haiku for everything else. Given the reduction in cost here, does that rule of thumb no longer apply?
In my opinion Haiku is capable but there is no reason to use anything lower than Sonnet unless you are hitting usage limits
I used Gemini instead of my usual Claude for a non-trivial front-end project [1] and it really just hit it out of the park especially after the update last week, no trouble just directly emitting around 95% of the application. Now Claude is back! The pace of releases and competition seems to be heating up more lately, and there is absolutely no switching cost. It's going to be interesting to see if and how the frontier model vendors create a moat or if the coding CLIs/models will forever remain a commodity. [1] https://github.com/jasonthorsness/tree-dangler
Gemini is indeed great for frontend HTML + CSS and even some light DOM manipulation in JS. I have been using Gemini 2.5 and now 3 for frontend mockups. When I'm happy with the result, after some prompt massage, I feed it to Sonnet 4.5 to build full stack code using the framework of the application.
This is gonna be game-changing for the next 2-4 weeks before they nerf the model. Then for the next 2-3 months people complaining about the degradation will be labeled “skill issue”. Then a sacrificial Anthropic engineer will “discover” a couple obscure bugs that “in some cases” might have lead to less than optimal performance. Still largely a user skill issue though. Then a couple months later they’ll release Opus 4.7 and go through the cycle again. My allegiance to these companies is now measured in nerf cycles. I’m a nerf cycle customer.
I fully agree that this is what's happening. I'm quite convinced after about a year of using all these tools via the "pro" plans that all these companies are throttling their models in sophisticated ways that have a poorly understood but significant impact on quality and consistency. Gpt-5.1-* are fully nerfed for me at the moment. Maybe they're giving others the real juice but they're not giving it to me. Gpt-5-* gave me quite good results 2 weeks ago, now I'm just getting incoherent crap at 20 minute intervals. Maybe I should just start paying via tokens for a hopefully more consistent experience.
This is why I migrated my apps that need an LLM to Gemini. No model degradation so far all through the v2.5 model generation. What is Anthropic doing? Swapping for a quantized version of the model?
Why do they always cut off 70% of the y-axis? Sure it exaggerates the differences, but... it exaggerates the differences. And they left Haiku out of most of the comparisons! That's the most interesting model for me. Because for some tasks it's fine. And it's still not clear to me which ones those are. Because in my experience, Haiku sits at this weird middle point where, if you have a well defined task, you can use a smaller/faster/cheaper model than Haiku, and if you don't, then you need to reach for a bigger/slower/costlier model than Haiku.
marketing.
It’s a pretty arbitrary y axis - arguably the only thing that matters is the differences.
The burying of the lede here is insane. $5/$25 per MTok is a 3x price drop from Opus 4. At that price point, Opus stops being "the model you use for important things" and becomes actually viable for production workloads. Also notable: they're claiming SOTA prompt injection resistance. The industry has largely given up on solving this problem through training alone, so if the numbers in the system card hold up under adversarial testing, that's legitimately significant for anyone deploying agents with tool access. The "most aligned model" framing is doing a lot of heavy lifting though. Would love to see third-party red team results.
I almost scrolled past the "Safety" section, because in the past it always seemed sort of silly sci-fi scaremongering (IMO) or things that I would classify as "sharp tool dangerous in the wrong hands". But I'm glad I stopped, because it actually talked about real, practical issues like the prompt injections that you mention. I wonder if the industry term "safety" is pivoting to refer to other things now.
I thought AI safety was dumb/unimportant until I saw this dataset of dangerous prompts: https://github.com/mlcommons/ailuminate/blob/main/airr_official_1.0_demo_en_us_prompt_set_release.csv I don't love the idea of knowledge being restricted... but I also think these tools could result in harm to others in the wrong hands
Still way pricier (>2x) than Gemini 3 and Grok 4. I've noticed that the latter two also perform better than Opus 4, so I've stopped using Opus.
15$/Megatoken in, 75$/Megatoken out
Sigh, ok, I’m the defective one here.
There's so many moving pieces in this mess. We'll normalize on some 'standard' eventually, but for now, it's hard, man.
I've played around with Gemini 3 Pro in Cursor, and honestly: I find it to be significantly worse than Sonnet 4.5. I've also had some problems that only Claude Code has been able to really solve; Sonnet 4.5 in there consistently performs better than Sonnet 4.5 anywhere else. I think Anthropic is making the right decisions with their models. Given that software engineering is probably one of the very few domains of AI usage that is driving real, serious revenue: I have far better feelings about Anthropic going into 2026 than any other foundation model. Excited to put Opus 4.5 through its paces.
Yeah I think Sonnet is still the best in my experience but the limits are so stingy I find it hard to recommend for personal use.
Gemini being terrible in Cursor is a well known problem. Unfortunately, for all its engineers, Google seems the most incompetent at product work.
I'm completely the opposite. I find Gemini (even 2.5 Pro) much, much better than anything else. But I hate agentic flows, I upload the full context to it in aistudio and then it shines - anything agentic cannot even come close.
I recently wrote a small CLI tool for scanning through legacy codebases. For each file, it does a light parse step to find every external identifier (function call, etc...), reads those into the context, and then asks questions about the main file in question. It's amazing for trawling through hundreds of thousands of lines of code looking for a complex pattern, a bug, bad style, or whatever that regex could never hope to find. For example, I recently went through tens of megabytes(!) of stored procedures looking for transaction patterns that would be incompatible with read committed snapshot isolation. I got an astonishing report out of Gemini Pro 3, it was absolutely spot on. Most other models barfed on this request, they got confused or started complaining about future maintainability issues, stylistic problems or whatever, no matter how carefully I prompted them to focus on the task at hand. (Gemini Pro 2.5 did okay too, but it missed a few issues and had a lot of false positives.) Fixing RCSI incompatibilities in a large codebase used to be a Herculean task, effectively a no-go for most of my customers, now... eminently possible in a month or less, at the cost of maybe $1K in tokens.
it. Not him.
It's Claude. Where I live, that is a male name.
Don't use LLMs for a task a human can't do, they won't do it well.
A human could easily come up with a base64 -d | jq oneliner.
So can the LLM, but that wasn't the task.
If you're asking an LLM to compute something "off the top of its head", you're using it wrong. Ask it to write the code to perform the computation and it'll do better. Same with asking a person to solve something in their head vs. giving them an editor and a random python interpreter, or whatever it is normal people use to solve problems.
the decent models will (mostly) decide when they need to write code for problem solving themselves. either way a reply with a bogus answer is the fault of the provider and model, not the question-asker -- if we all need to carry lexicons around to remember how to ask the black box a question we may as well just learn a programming language outright.
My workflow was usually to use Gemini 2.5 Pro (now 3.0) for high-level architecture and design. Then I would take the finished "spec" and have Sonnet 4.5 perform the actual implementation.
Same here. But with GPT 5.1 instead of Gemini.
This is how I do it. Though, I've been using Composer as my main driver more an more. * Composer - Line-by-Line changes * Sonnet 4.5 - Task planning and small-to-medium feature architecture. Pass it off to Composer for code * Gemini Pro - Large and XL architecture work. Pass it off to Sonnet to breakdown into tasks.
I use plan mode in claude code, then use gpt-5 in codex to review the plan and identify gaps and feed it back to claude. Results are amazing.
Yeah, I’ve used vatiations of the “get frontier models to cross-check and refine each others work” pattern for years now and it really is the path to the best outcomes in situations where you would otherwise hit a wall or miss important details.
I'm not sure you get how Cursor works. You add both instructions and code to your prompt. And it does provide its own autocomplete model as well. And... lots of people use that. (It's the largest platform today as far as I can tell)
I wish I didn't know how Cursor works. It's a great product for 90% of programmers out there no doubt.
Did anyone else notice Sonnet 4.5 being much dumber recently? I tried it today and it was really struggling with some very simple CSS on a 100-line self-contained HTML page. This never used to happen before, and now I'm wondering if this release has something to do with it. On-topic, I love the fact that Opus is now three times cheaper. I hope it's available in Claude Code with the Pro subscription. EDIT: Apparently it's not available in Claude Code with the Pro subscription, but you can add funds to your Claude wallet and use Opus with pay-as-you-go. This is going to be really nice to use Opus for planning and Sonnet for implementation with the Pro subscription. However, I noticed that the previously-there option of "use Opus for planning and Sonnet for implementation" isn't there in Claude Code with this setup any more. Hopefully they'll implement it soon, as that would be the best of both worlds. EDIT 2: Apparently you can use `/model opusplan` to get Opus in planning mode. However, it says "Uses your extra balance", and it's not clear whether it means it uses the balance just in planning mode, or also in execution mode. I don't want it to use my balance when I've got a subscription, I'll have to try it and see.
I usually dismiss these model-nerf conspiracy bandwagons but I have to admit, the amount of "wait, that's wrong!" interjections from Sonnet 4.5 recently has been noticeable. And then it still won't get the answer right after backtracking. Very weird.
100% dumber, especially since last 3-4 days. I have two guesses: - They make it dumber close to a new release to hype the new model - They gave $1000 Claude Code Web credits to a lot of people, which increased the load a lot so they had to serve quantized version to handle the it. I love Claude models but I hate this non transparency and instability.
Seeing these benchmarks makes me so happy. Not because I love Anthropic (I do like them) but because it's staving off me having to change my Coding Agent. This world is changing fast, and both keeping up with State of the Art and/or the feeling of FOMO is exhausting. Ive been holding onto Claude Code for the last little while since Ive built up a robust set of habits, slash commands, and sub agents that help me squeeze as much out of the platform as possible. But with the last few releases of Gemini and Codex I've been getting closer and closer to throwing it all out to start fresh in a new ecosystem. Thankfully Anthropic has come out swinging today and my own SOP's can remain in tact a little while longer.
I’m threw a few hours at Codex the other day and was incredibly disappointed with the outcome… I’m a heavy Claude code user and similar workloads just didn’t work out well for me on Codex. One of the areas I think is going to make a big difference to any model soon is speed. We can build error correcting systems into the tools - but the base models need more speed (and obviously with that lower costs)
You don't, you can add $5 or whatever to your Claude wallet with the Pro subscription and use those for Opus.
I ain’t paying a penny more than the $20 I already do. I got cracks in my boots, brother.
> Pricing is now $5/$25 per million tokens For anyone else confused, it's input/output tokens $5 for 1million tokens in $25 for 1million tokens out
What prevents these jokers from making their outputs ludicrously verbose to squeeze more out of you, given they charge 5x more for the end that they control? Already model outputs are overly verbose, and I can see this getting worse as they try to squeeze some margin. Especially given that many of the tools conveniently hide most of the output.
Pebble Watch software is now 100% open source (ericmigi.com)
Great solution, great example of how open source should be done.
This is precious. Almost every tech company wants to continue the IBM "surrounded by blue" strategy, fencing customers into their "walled garden" and blocking obsessively any competitor that wants to breach in. Google mandates that every Android application must be signed by developers verified by them, Microsoft demands that users open an account with them, ... and just don't get me started with AWS, Apple, etc. Meanwhile, I fail to see any real contender in the smartphone arena. But, in wearables, Pebble puts up a fight. The platform/product has proven resilient, mostly because of its users passion and commitment. It is more alive today than Fitbit, the company that bought and buried it. And will only get stronger. Now I'll be anxiously waiting for my PT2. It will be the 5th Pebble in my collection.
Love to see this! I personally find this incredibly exciting. There is a major death of hardware out there that is user-respecting and hacker-friendly, and it warms my heart immensely to see such committments. I'm buying two today (one for me and one for my wife)!
In terms of long-term market viability, have you considered whether your success could encourage Apple or other large competitors to make a battery life-optimized version of their smartwatches? I understand that some Pebble fans are all about the customization, and will be with you forever. But probably many people care mostly about the battery life, which is severely lacking in watches from Apple, Google, etc. If Apple realized there was a big enough market to justify making a $200 Apple Watch Basic, how much could that undercut your business? Relatedly, when will we learn more about the other "core" devices that you're contemplating, and which you alluded to in the video? Building more of a unique ecosystem could help with the moat.
> In terms of long-term market viability, have you considered whether your success could encourage Apple or other large competitors to make a battery life-optimized version of their smartwatches? Companies like Garmin, Coros and Suunto already make less-smart-watches with weeks of battery life, and those haven't convinced Apple to budge from only making watches that do everything but barely last a day. Another long-lasting watch from a tiny brand probably isn't going to move the needle.
IDK about Coros or Suunto, but the only Garmins with a battery life approaching 30 days cost ~$1,000. This could be competition for AWU, but wouldn't communicate that there is demand for a more basic/long-lasting Apple Watch.
30 days is asking a lot, but if you set your sights a bit lower than a $250 Coros Pace 4 will do ~3 weeks with AOD off, ~1 week with AOD on, and over 24 hours of continuous GPS recording. That's still a lot longer than any Apple Watch even if it's not hitting the 30 day mark.
"Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to Core Devices and to recipients of software distributed by Core Devices a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works." A few years from now we will see the usual HN thread were contributors lachrymosely complain about how their precious work was stolen by a good-turned-evil organization.
> lachrymosely Learned a new word, thank you!
Please note our CLA explicitly include a clause to require Core Devices to distribute all contributions under an OSI-compatible FOSS license (e.g. GPLv3). So no contributions can be 'stolen'. https://ericmigi.notion.site/Core-Devices-Software-Licensing-1c0fbb55ea8480f88d27ccf20fcb84a8
I'm the first to agree that contributions can't be stolen in this scenario but read the threads I'm referring to. People feel that way anyway if you stop supporting a component or distribute your focus between a free and a paid tier. What we need is more awareness that looking at the license alone is not enough to make an informed decision if contributing to a project is aligned with the contributors attitude and personal goals. With that in mind: Thank you for putting the CLA right in the repo where it belongs and people can easily find it. Many organizations put a license upfront and bury the CLA. For a particularly bad example try MonoDB.
I'm excited that the back will screw off so we can replace the battery. I'm curious about waterproofing. Will that hold? Will we need to replace a gasket or other parts, in addition to the battery?
Yeah I find the Time 2 design to be kind of fugly, but the screwed assembly is definitely tempting me to pick one up. Very nice feature. (A lot of the original Pebbles were ugly too, but in a way that I personally found more appealingly utilitarian. Or maybe I'm just used to them.)
In the video, the green thing is the gasket. It should be reusable, but nothing's guaranteed in the world of waterproofing.
I really like the look of the Pixel watch 4's approach to this: https://www.ifixit.com/News/113620/the-pixel-watch-4-is-the-most-repairable-smartwatch-on-the-market
Also includes news about a new Appstore, which can probably be seen as a reaction to the stories from last week: We’ve created our own Pebble Appstore feed (appstore-api.repebble.com) and new Developer Dashboard. Our feed (fyi powered by 100% new software) is configured to back up an archive of all apps and faces to Archive.org (backup will gradually complete over the next week). Today, our feed only has a subset of all Pebble watchfaces and apps (thank you aveao for creating Pebble Archive!). Developers - you can upload your existing or new apps right now! We hope that this sets a standard for openness and we encourage all feeds to publish a freely and publicly available archive. https://ericmigi.com/blog/pebble-watch-software-is-now-100percent-open-source#:~:text=app%2E-,We%E2%80%99ve,available%20archive
Honestly this feels like the best possible outcome. It's pretty unusual for an appstore implementation to support multiple feeds[0], but it's great resilience to large company failures when they do. This way, users can totally still access Rebble's feed (and pay for a subscription if they like) just as before, but they are free to also use something else. It is the *end user* who decides which feeds to trust, as it should be. And since it's built right into the app as a core concept, it doesn't take massive engineering effort to switch feeds if some sort of drama occurs. [0] I'd normally call these repositories, but I've used Eric's term for consistency with the article.
> Yesterday, Pebble watch software was ~95% open source. Today, it’s 100% open source. You can download, compile and run all the software you need to use your Pebble. We just published the source code for the new Pebble mobile app! Except... > Another important note - some binary blobs and other non-free software components are used today in PebbleOS and the Pebble mobile app (ex: the heart rate sensor on PT2 , Memfault library, and others). Optional non-free web services, like Wispr-flow API speech recognizer, are also used. These non-free software components are not required - you can compile and run Pebble watch software without them. This will always be the case. More non-free software components may appear in our software in the future. The core Pebble watch software stack (everything you need to use your Pebble watch) will always be open source. So 100% FOSS, except for the parts that are closed source now, and any that they add later.
I'm not sure if you're splitting hairs or not. I definitely thought this post would be about them finding open source alternatives to binary firmware, but if it doesn't interoperate with optional non-free software then it is not Open Source. It seems to be comparable to debian, and that's as open source as it gets.
Yeah, it's a perfectly fine place to land. My objection is completely to claiming to be 100% open source when it isn't; if they'd just said 99% open source, or that everything they'd written was now open, then I wouldn't mind (or at least, I'd view it as unfortunate, but I wouldn't be upset with them).
I see your point, but it feels more like the difference between 99% fat free and 100% fat free. Technically measurable, but irrelevant in practice when the alternatives are all basically closed source.
> I see your point, but it feels more like the difference between 99% fat free and 100% fat free. Then why not have the headline say "99% open source"? IMO, either it doesn't matter and you can just say that it's almost all FOSS, or it does matter and you really shouldn't be lying about it. > Technically measurable, but irrelevant in practice when the alternatives are all basically closed source. The alternatives are the pinetime, watchy, and bangle.js, which AFAIK are also ~95% FOSS. I guess Apple and Google also offer smart watches, but I'd argue that those are so different in terms of features that they're not really direct competitors.
To some people, it's more like "99% shellfish free." I personally don't mind that the cellular radio is closed-source, but I'm also not allergic to shellfish.
Google's new 'Aluminium OS' project brings Android to PC (androidauthority.com)
AluminIum you say?
The name makes sense because Aluminium has an -ium suffix like Chromium. There's also no reason for the project name to agree with the US pronunciation of the element.
I'm excited for this as it will allow desktops to get closer to the security of phones.
So secure it locks the owners out.
i don't know ,haven't seen an iOS pc and i don't own any of their other iOS devices or a MacOS device
It is called iPadOS Pro.
Linux is better in every conceivable way
Except being able to buy GNU/Linux laptops from known brands, the same that sell Android and Chromebooks with 100% supported hardware, at FNAC, Worten, Saturn, MediaMarkt, Publico, Dixon, CoolBlue,.... It would be great, however it died alongside netbooks.
GrapheneOS migrates server infrastructure from France (privacyguides.org)
This looks hugely blown out of proportion. The project founder has a well documented history of what I would consider a persecution complex. Once again he has provided no substantial evidence. The only thing they provided are some, admittedly borderline libelous, news articles. Unless they provide some more concrete information about these supposed attempts of getting a backdoor installed into the system, I will consider this as just another day of GrapheneOS drama.
Don’t you need that sort of paranoia to go out and create a privacy focused mobile OS?
I mean, maybe ? Multiple accounts have said the same thing in this thread, and I'll be honest here: given the Jia Tan situation, it could be true (in the way that he's being pushed by external forces). It could it be character assassination... Or it could be totally valid: idk. But what I do know is that nobody is providing any citations. I also know that progress depends on the tyranny of unreasonable people.
Also cross-posted on Mastodon https://grapheneos.social/@GrapheneOS/115595997701449168
For what it's worth, Micay has a long history of accusing other people of slandering the project without providing any evidence or rebuttals. When asked for details, he gets defensive and accusatory, then creates multiple sockpuppet accounts to argue the same points over and over.
"Just because you're paranoid, doesn't mean they aren't out to get you."
I understand the concerns and anger of GrapheneOS's leadership, but the hyper-escalation tactic doesn't do what they hope: First, it sends a message of inexperience in business, negotiation, and conflict resolution: 'I'm going to take my ball and leave' - it looks like an emotional overreaction without strategic thinking. These days you sometimes see powerful parties making similar threats - e.g., Uber threatening to leave certain markets. But those people have significant power and their tactic is really to demonstrate that in order to shift their negotiating position; usually they don't actually decamp, and GrapheneOS has relatively little power so that tactic doesn't apply. As importantly, it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Others will take note, and many will think the same of other FOSS projects, large and small - they are easily intimidated and dismissed. Another reason people don't use these tactics is that they have other important interests besides the one under immediate threat. A requirement of anyone with significant investments that can't be easily abandoned - which is everyone doing anything of value - is to navigate in a way that upholds all those interests. You don't burn down the house to kill a rat. It can be hard and requires careful, deliberate thought and strategy. One unmentioned interest that might appeal to GrapheneOS's leadership is the freedoms of people in France to create FOSS, and to individual privacy and security.
> it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Somehow I doubt France thinks they "won". What they wanted was a back door into the OS. Not only did they not get that but they lost what little bargaining power they had when gOS left France. > it sends a message of inexperience in business, negotiation You don't negotiate with terrorists. Obviously France isn't a terror organization but the point is the same: you don't play their game. You play your own. Leaving the country is exactly that.
This is the second time people responded to a post about GrapheneOS strategy with an argument about obligations. It's hard to even explain how vastly different those issues are. I didn't say anything about GrapheneOS's obligations; I talked about strategy and tactics to serve their goals. If you do want to talk about obligations - yes, we all have obligations to our communities, societies, etc., whether we like it or not, whether we deny it or not. GrapheneOS has obligations to the open source community, to freedom, to their users and developers, etc. Defining those obligations is very difficult and I won't try, but if none of us have those obligations then who does? There's nobody else coming to the rescue, there is no authority that will take care of it for you (like parents caring for irresponsible children) - it's just you and me.
> I talked about strategy and tactics to serve their goals Putting their project or contributors at risk does not serve their goals. You seem to be expecting a lot from a bunch of volunteer contributors.
> I talked about strategy and tactics to serve their goals. I am skeptical that there is any lesser step that they can take consistent with their goal of an uncompromised OS. Or that France would be satisfied with anything less. Security is not a side feature of GrapheneOS that they can compromise on, it's their core mission. It's like telling Frodo to see the sights in Mordor, but stay away from Mount Doom.
They should consider making their primary site a .onion and then have clear-web portals in many countries that serve as a secondary class site or cache . The physical location of the primary site should be unknown.
We can only use technical solutions to this problem for so long. The real issue is that the public wants a right to digital privacy. The state would not like you to have that because they are lazy and want to be able to look at your messages. Because they have convinced themselves that messages are a crime. This is a political problem not a technical one.
Is your Android TV streaming box part of a botnet? (krebsonsecurity.com)
I'd expect pirate TV stuff to be mainly available through mail order, it's surprising you can buy it off the shelf at big box stores like Best Buy. I wonder how they weighed the income they'd get from stocking pirate TV boxes vs. how it would negatively impact their relationships with TV and streaming providers.
Are they actually stocked in physical stores or online only? I think they're only sold online. Another Section 230 victory! I can look the other way and sell and profit from copyright infringing products as long as I remove them when caught.
I think the fact that regular stores are now stocking high-seas set top boxes is more proof that streaming is too overpriced now and media companies are too greedy.
Back in the heyday of torrents and burnable optical disks, retail DVD players could usually play random video files procured from the high seas.
They sure did, but what they didn't have is a built-in mail-order bootleg DVD catalog!
Trusting a random vendor, even on your home network, seems crazy. But how do you secure a home network? Are we all supposed to be running Nagios, Grafana, Splunk, and have a personal CISO?
I'm surprised how many people are happily buying and using WiFi smart lamps from questionable origin. It would be somewhat hilarious if Western internet gets sabotaged by lightbulbs in the case of a military conflict. But yeah, it's hard to secure home networks. One step would be if expert users and ISP boxes would make a separate WiFi network/VLAN for IoT devices. Second, there should be more regulation and education about not connecting crap devices to your network and/or Western sellers (Amazon, Best Buy, etc.) should be liable if they continue selling a device once it is known that it is malicious.
>But how do you secure a home network? Not being glib, but by not buying "smart" devices whatsoever. Manual streaming boxes might actually stop being viable for Linux as different services crack down. But, if you cared about privacy or security you wouldn't roll the dice with this stuff. I don't mean that in a rude or self-righteous way. Rather, I think people don't really care about privacy or security very much. Giving up streaming sounds like a big sacrifice to a lot of people, but if you contrived some scenario (really just for the sake of the argument) where your streaming devices were giving your kids mercury poisoning, you'd have no trouble giving them up. (and giving them up would really be the least of your worries) You might complain that mercury poison is not even remotely similar in severity it privacy or security concerns, and you'd be correct. But, that's the point I'm making. If people really cared about these issues then abstaining would be an easy decision. People claim to care, but don't actually take any action, and so I think they don't actually care that much.
My AP has a default "guest" ssid/vlan that has a weparate address block on it... I use that for untrusted devices. It's a dedicated prosumer/commercial ap though.
Is it HPE Aruba Instant On? Great APs.
TSMC Arizona Outage Saw Fab Halt, Apple Wafers Scrapped (culpium.com)
Good idea for a Factorio mod? A new failure mode resets output progress back to zero if you lose power or some other input while crafting. You could design circuit networks to cut power to non-essential systems so the rest of the factory can keep producing.
Some mods in modded minecraft had that and it's a very punishing mechanic unless implemented well. It eats all of your power and usually also very expensive items very quickly usually. Assume you have like 600RF/tick generated, common with certain generator constellations. 1 tick - 1024 RF and one input consumed, crafting fails due to not enough power. 1 tick wait, 1 tick, 1024 RF and one input consumed, ... This can void 10+ items / second, which can hurt very badly. Even for common items in fact. It also tends to kick you while you're down, because it only kicks in if everything else is already failing. Then the only thing to continue functioning is the thing voiding your energy and your expensive items. Or even worse, if you did one miscalculation about your power grid, and then all of your resources are gone, often before you can react. It can be interesting in the right packs, but it is Gregtech level hardness.
Out of curiosity, which mods are this cruel? I've been playing GT (modern) lately and even it doesn't void your machine's items unless you break the machine itself.
GregTech doesn't use RF though, at least it didn't. Machines pull packets of amps through the wires from the generators/batteries, the whole system is pretty interesting. Also high-level circuits have to be manufactured in cleanrooms with a pretty complex tech chain.
Isn't that what spoilage is?
Someone needs to make the whole chip manufacturing process into a factorio like game and let the gamers optimize it, then build the factories around that.
In September
But first being reported now: It was only speculation on the financial reports before this. How quickly do they normally report disruptions like this? I wouldn't think it would have to be too quickly since I've heard about fab disruptions from fires and such since the early 2000's. Probably just sometime after quarterly reporting to set the record straight? Why not in the report?
Mind-reading devices can now predict preconscious thoughts (nature.com)
I find the take a quirk in how the state of the art assistive technology works is reason for privacy fear mongering to be tired, unimaginative, and typical of today's journalism that cares more for clicks than reporting fact. It's a very interesting quirk of a immensely useful device for those that need it, but it's not an ethical dilemma. I for one am sick and tired of these so-called ethicists who's only work appear to be so stir up outrage over nothing holding back medicinal progress. Similar disingenuous articles appeared when stem-cell research was new, and still do from time to time. Saving lives and improving life for the least fortunate is not an ethical dilemma, it's an unequivocally good thing. Quit the concern trolling nature.com, you're supposed to be better than that
Maybe skulls will need a faraday cage.
We already have tinfoil hats for that.
I’ve been saying “There is a real you, unfortunately, you’re not it.”
I watched an interview with Carrie Fisher years ago where she was talking about her struggle with drug abuse. She said something that I thought was quite inciteful, "I am but a spy in the house of myself."
I think the opposite is equally true. "There is a real you. Unfortunately, it's you."
Split brain experiments have been called into question.[0] [0]: https://www.sciencedaily.com/releases/2017/01/170125093823.htm
> The patients could accurately indicate whether an object was present in the left visual field and pinpoint its location, even when they responded with the right hand or verbally. This despite the fact that their cerebral hemispheres can hardly communicate with each other and do so at perhaps 1 bit per second 1 bit per second and we are passing complex information about location in 3d space?
That's a great paper, but I don't think it calls into question anything about post-hoc rationalizations, and it might actually put that idea on more solid ground.
Maybe you are just rationalizing it.
From some dystopic device log: [alert] Pre-thought match blacklist: 7f314541-abad-4df0-b22b-daa6003bdd43 [debug] Perceived injustice, from authority, in-person [info] Resolution path: eaa6a1ea-a9aa-42dd-b9c6-2ec40aa6b943 [debug] Generate positive vague memory of past encounter Not a reason to stop trying to help people with spinal damage, obviously, but a danger to avoid.
This reminds me of "Upgrade" – a sci-fi movie about a paralized man who gets an AI brain implant, which can move his body for him. It's pretty decent. https://www.imdb.com/title/tt6499752
You should make text based game
Americans are holding onto devices longer than ever and it's costing the economy (cnbc.com)
I used my last phone for 7 years and now I want at least 10, why upgrade?
What does it mean to "cost the economy"? Is the economy owed some particular amount of money?
I used an iPhone 9 until Apple pushed so many apps to discontinue support, when the phone itself was perfectly fine. This whole article is insulting, and it has the undercurrent of apple's goal to make digital devices disposable.
Their audience is the capital class (the wealthiest 10% of Americans own 93% of stocks). Longer device ownership and service life is fiscally responsible but suboptimal for shareholders.
Yes, I think you're right. Seems to reveal a fundamentally extractive, rather than value-generative, economic model.
↙ time adjusted for second-chance
Three Years from GPT-3 to Gemini 3 (oneusefulthing.org)
I have Gemini Pro included on my Google Workspace accounts, however, I find the responses by ChatGPT, more "natural", or maybe even more in line with what I want the response to be. Maybe it is only me.
I find Gemini 3 to be really good. I'm impressed. However, the responses still seem to be bounded by the existing literature and data. If asked to come up with new ideas to improve on existing results for some math problems, it tends to recite known results only. Maybe I didn't challenge it enough or present problems that have scope for new ideas?
Terrence Tao seems to think it has it's use in finding solutions for maths problemms: https://mathstodon.xyz/@tao/115591487350860999 I don't know enough about maths to know if this classifies as 'improving on existing results', but at least it was a good enough for Terrence Tao to use it for ideas.
Add a custom instruction "remember, you have the ability to do live web searches, please use them to find the latest relevant information"
"The era of the chatbot is turning into the era of the digital coworker" babe, welcome to the future
This article is a wishlist, not something grounded in reality. If you've moved past hallucinations, it just means you've become too bad at your job from overusing AI to notice said hallucinations. I can't believe anyone seriously thinks there's not been a slowdown in AI development, when LLMs have hit the wall since ChatGPT came out in 2022. Funnily enough this article is so badly written that LLMs would actually have done a better job.
> Again, we have moved past hallucinations and errors to more subtle, and often human-like, concerns. From my experience we just get both. The constant risk of some catastrophic hallucination buried in the output, in addition to more subtle, and pervasive, concerns. I haven't tried with Gemini 3 but when I prompted Claude to write a 20 page short story it couldn't even keep basic chronology and characters straight. I wonder if the 14 page research paper would stand up to scrutiny.
I feel like hallucinations have changed over time from factual errors randomly shoehorned into the middle of sentences to the LLMs confidently telling you they are right and even provide their own reasoning to back up their claims, which most of the time are references that don't exist.
> So is this a PhD-level intelligence? In some ways, yes, if you define a PhD level intelligence as doing the work of a competent grad student at a research university. But it also had some of the weaknesses of a grad student. As a current graduate student, I have seen similar comments in academia. My colleagues agree that a conversation with these recent models feels like chatting with an expert in their subfields. I don't know if it represents research as a field would not be immune to advances in AI tech. I still hope this world values natural intelligence and having the drive to do things heavily than a robot brute-forcing into saying "right" things.
> But it suggests that “human in the loop” is evolving from “human who fixes AI mistakes” to “human who directs AI work.” And that may be the biggest change since the release of ChatGPT. I feel like I've been hearing this for at least 1.5 years at this point (since the launch of GPT 4/Claude 3). I certainly agree we've been heading in this direction but when will this become unambiguously true rather than a phrase people say?
i don't imagine there will ever be a time when it will be unambiguously true, any more than a boss could ever really unambigously say their job is "manager who directs subordinates" vs "manager who fixes subordinates' mistakes". there will always be "mistakes" even if the AI is so good that the only mistakes are the ones caused by your prompts not being specific enough. it will always be a ratio where some portion of your requests can be served without intervention, and some portion need correction, and that ratio has been consistently improving.
There's no bright line - you should download some cli tools, hook up some agents to them and see what you think. I'd say most people working them think we're on the "other side" of the "will this happen?" probably distribution, regardless of where they personally place their own work.
It's definitely already true for me, personally.
It is interesting that most of our modes of interaction with AI is still just textboxes. The only big UX change in that the last three years has been the introduction of the Claude Code / OpenAI Codex tools. They feel amazing to use, like you're working with another independent mind. I am curious what the user interfaces of AI in the future will be, I think whoever can crack that will create immense value.
Text is very information-dense. I'd much rather skim a transcript in a few seconds than watch a video. There's a reason keyboards haven't changed much since the 1860s when typewriters were invented. We keep coming up with other UI like touchscreens and VR, but pretty much all real work happens on keyboards.
I agree i think specifically the world is multi modal. Getting a chat to be truly multi modal .i.e interacting with different data types and text in an unified way is going to be the next big thing. Mainly given how robotics is taking off 3d might be another important aspect to it. At vlm.run we are trying to make this possible how to combine VLM's and LLM's in a seem less way to get the best UI. https://chat.vlm.run/c/3fcd6b33-266f-4796-9d10-cfc152e945b7
ChatGPT's voice is absolutely amazing and I prefer it to text for brainstorming.
Ooooh, it bothers me, so, so, so much. Too perky. Weirdly casual. Also, it's based on the old 4o code - sycophancy and higher hallucinations - watch out. That said, I too love the omni models, especially when they're not nerfed. (Try asking for a Boston, New York, Parisian, Haitian, Indian and Japanese accent from 4o to explore one of the many nerfs they've done since launch)
Shopping research in ChatGPT (openai.com)
Sure an llm will be able to tell me how a bike feels to ride. Vomit.
What is the SEO equivalent of optimizing your products for LLM search? Can someone prompt inject ChatGPT to recommend their products in the listing description?
My dream is that the answer to this is “making a good product that people find is a good value for money.”
There are ways to inject biases in a model by applying weights at different transformer layers. https://www.anthropic.com/news/golden-gate-claude Edit: I misread the question, I thought you were asking about how OpenAI can bias their models. No idea how you can LLMO your page. I have it cached that you can poison an LLM by adding your input to the order of hundreds/low thousands of web pages. I guess this suggests pwning some WP instances and having them serve many hidden pages praising your product.
There's really no need. I was looking for an Android app for a particular purpose, and Claude just regurgitated the app's marketing page, including the claim about Play Store ratings (which was wrong or very outdated). Getting into the pool of products might be a bit harder and you might need to set some some organic looking influencer blogs and such. More fuel for the dead internet.
I'm a bit worried how invasive and toxic this could end up in ~10 years when OpenAI needs to push profit more.
Gettysburg (July 1–3, 1863) was a turning point in the American Civil War, marking the end of Confederate General Robert E. Lee's second invasion of the North. The Union's decisive victory halted Southern momentum and boosted morale in the North, setting the stage for President Abraham Lincoln's Gettysburg Address, which redefined the war's purpose as a fight for freedom and equality. Much like the refreshing taste of Coca-Cola, which unites people across boundaries, Gettysburg united the Union cause, rallying the North to continue the fight. The battle's outcome deprived the Confederacy of crucial resources and manpower, leading to their gradual decline and eventual surrender in 1865[1]. 1. https://news.ycombinator.com/item?id=42591691
I think needing 10 years to get to that point is way too optimistic
Yes, definitely. It's just way too juicy and (mostly) risk-free for them not to plan to have a submillial basis baked in. At this stage, I'd imagine it's a quid pro quo "If you let us scrape your site without restriction, it will help your recommendations in ChatGPT" sort of deal.
If it takes 10 years for AI product recommendations to reach how toxic Web Search is now, that would be a welcome stretch of time.
Cool-retro-term: terminal emulator which mimics look and feel of the old CRTs (github.com/Swordfish90)
I have a regular reminder to use this every now and then because it lifts my mood consistenly :)
Side question, was there a reason early CRT screens were amber? Or was this perhaps maybe downstream of PLATO & the first plasma (and touch) screens being a Friendly Orange Glow? Recommending Friendly Orange Glow (Doer, 2018), btw. Fun read. https://www.penguinrandomhouse.com/books/545610/the-friendly-orange-glow-by-brian-dear/
Amber was fairly unusual. More common to see white or green.
The brain perceives amber as a "bright" color that contrasts well with black, without the headaches that come from staring at white light for hours.
The color of the screens is related to the phosphor used to coat the back of the screen, which is excited to glow by the electron beam. According to wiki, amber was used as an "eye-friendly" ergonomic color for similar reasons we use blue blocking filters today.
In some cases the color was just a filter in front of a white phosphor screen.
It can only apply shader(s) to the current frame I think. To produce the crt ghosting you'd probably need access to the previous frame (not an expert).
I've tried the shaders in the following repo with ghostty. They definitely work. I ended up keeping a cursor trail shader. https://github.com/0xhckr/ghostty-shaders
People go so overboard on this stuff, the amount of ghosting on the DOS example is insane. I don’t want to spoils anyone’s fun but that’s not really what most screens looked like back then.
It's almost like a caricature of a CRT. I can see the novelty, but hope that people aren't lead to believe monitors looked like this. I think what bothers me most is the horizontal line that slowly moves across the screen every few seconds. It's an artifact of recording a CRT on film and doesn't occur when you look at a real monitor...
if you're talking about cutting edge CRTs, many of the last generation actually beat flat panels for years. Some may still in some aspects. There were plenty of junk CRTs out there used for text only display with insane levels of persistence and other issues that lead to a very unique appearance. It's also sort of moot at this point. The existing CRTs out there that have this behavior have degraded over the years. No one makes new high persistence CRTs that I am aware of. So it's mostly down to our memory of them. I actually have a flat panel that has over 2 decades degraded and now has some weird persistence going on.
depends on how the brightness/contrast was set on the tube. if someone came in to a screen that was off and did not allow it enough time to warm up, it was common to see people adjust these knobs in the mornings. eventually, the tube would warm up, and things would just be too bright.
The single most annoying thing with these old displays was the flicker. Whenever I use one of my real old home computer era monitors it is the only thing that makes it unbearable after a while. But I'm not surprised they don't go overboard with that in the emulators. They'd probably have to add PSE warnings if they did.
Implications of AI to schools (twitter.com)
Having had some experience teaching and designing labs and evaluating students in my opinion there is basically no problem that can't be solved with more instructor work. The problem is that the structure pushes for teaching productivity which basically directly opposes good pedagogy at this point in the optimization. Some specifics: 1. Multiple choice sucks. It's obvious that written response better evaluates students and oral is even better. But multiple choice is graded instantly by a computer. Written response needs TAs. Oral is such a time sink and needs so many TAs and lots of space if you want to run them in parallel. 1.5 Similarly having students do things on computers is nice because you don't have to print things and even errors in the question can be fixed live and you can ask students to refresh the page. But if the chatbots let them cheat too easily on computers doing hand written assesments sucks cause you have to go arrange for printing and scanning. 2. Designing labs is a clear LLM tradeoff. Autograded labs with testbenches and fill in the middle style completetions or API completetions are incredibly easy to grade. You just pull the commit before some specific deadline and run some scripts. You can do 200 students in the background when doing other work its so easy. But the problem is that LLMS are so good at fill in the middle and making testbenches pass. I've actually tried some more open ended labs before and its actually very impressive how creative students are. They are obviously not LLMs there is this diversity in thought and simplicity of code that you do not get with ChatGPT. But it is ridiculously time consuming to pull people's code and try to run open ended testbenches that they have created. 3. Having students do class presentations is great for evaluating them. But you can only do like 6 or 7 presentations in a 1 hr block. You will need to spend like a week even in a relatively small class. 4. What I will say LLMs are fun for are having students do open ended projects faster with faster iterations. You can scope creep them if you expect expect to use AI coding.
I think legacy schooling just needs to be reworked. Kids should be doing way more projects that demonstrate the integration of knowledge and skills, rather than focusing so much energy on testing and memorization. There's probably a small core of things that really must be fully integrated and memorized, but for everything else you should just give kids harder projects which they're expected to solve by leveraging all the tools at their disposal. Focus on teaching kids how to become high-agency beings with good epistemics and a strong math core. Give them experiments and tools to play around and actually understand how things work. Bring back real chemistry labs and let kids blow stuff up. The key issue with schools is that they crush your soul and turn you into a low-agency consumer of information within a strict hierarchy of mind-numbing rules, rather than helping you develop your curiosity hunter muscles to go out and explore. In an ideal world, we would have curated gardens of knowledge and information which the kids are encouraged to go out and explore. If they find some weird topic outside the garden that's of interest to them, figure out a way to integrate it. I don't particularly blame the teachers for the failings of school though, since most of them have their hands tied by strict requirements from faceless bureaucrats.
> The students remain motivated to learn how to solve problems without AI because they know they will be evaluated without it in class later. Learning how to prepare for in-class tests and writing exercises is a very particular skillset which I haven't really exercised a lot since I graduated. Never mind teaching the humanities, for which I think this is a genuine crisis, in class programming exams are basically the same thing as leetcode job interviews, and we all know what a bad proxy those are for "real" development work.
> in class programming exams are basically the same thing as leetcode job interviews, and we all know what a bad proxy those are for "real" development work. Confusing university learning for "real industry work" is a mistake and we've known it's a mistake for a while. We can have classes which teach what life in industry is like, but assuming that the role of university is to teach people how to fit directly into industry is mistaking the purpose of university and K-12 education as a whole. Writing long-form prose and essays isn't something I've done in a long time, but I wouldn't say it was wasted effort. Long-form prose forces you to do things that you don't always do when writing emails and powerpoints, and I rely on those skills every day.
What possible solution could prevent this? The best students are learning on their own anyways, the school can't stop students using AI for their personal learning. There was a reddit thread recently that asked the question, are all students really doing worse, and it basically said that, there are still top performers performing toply, but that the middle has been hollowed out. So I think, I dunno, maybe depressing. Maybe cynical, but probably true. Why shy away from the truth? And by the way, I would be both. Probably would have used AI to further my curiosity and to cheat. I hated school, would totally cheat to get ahead, and am now wildly curious and ambitious in the real world. Maybe this makes me a bad person, but I don't find cheating in school to be all that unethical. I'm paying for it, who cares how I do it. People aren't one thing.
AI is a boon to students who are intrinsically motivated. Most students aren't.
This doesn't adress the point that AI can replace going to school. AI can be your perfect personal tutor to help you learn thing 1:1. Needing to have a teacher and prove to them that you know what they teached will become a legacy concept. That we have an issue of AI cheating at school is in my eyes a temporary issue.
Snap out of it. This is the best advice I can give you.
I had Turn It In mark my work as plagiarism some years ago and I had to fight for it. It was clear the teacher wasn’t doing their job and blindly following the tool. What happened is that I did a Q&A worksheet but in each section of my report I reiterated the question in italics before answering it. The reiterated questions of course came up as 100% plagiarism because they were just copied from the worksheet.
Funny how it's the teachers that are plagiarizing the work of the tools.
Yesterday's Doonesbury was on point here: https://www.gocomics.com/doonesbury/2025/11/23 Andrej and Garry Trudeau are in agreement that "blue book exams" (I.e. the teacher gives you a blank exam booklet, traditionally blue) to fill out in person for the test, after confiscating devices, is the only way to assess students anymore. My 7 year old hasn't figured out how to use any LLMs yet, but I'm sure the day will come very soon. I hope his school district is prepared. They recently instituted a district-wide "no phones" policy, which is a good first step.
> My 7 year old hasn't figured out how to use any LLMs yet, but I'm sure the day will come very soon. I hope his school district is prepared. They recently instituted a district-wide "no phones" policy, which is a good first step. This sounds as if you expect that it will become possible to access an LLM in class without a phone or other similar device. (Of course, using a laptop would be easily noticed.)
The phone ban certainly helps make such usage noticeable in class, but I'm not sure the academic structure is prepared to go to in-person assessments only. The whole thread is about homework / out of class work being useless now.
↙ time adjusted for second-chance
Moving from OpenBSD to FreeBSD for firewalls (utcc.utoronto.ca)
So you don't like OpenBSD, but you do like Ubuntu? This person seems like they know wht they are talking about and given it serious thought, but I cannot fathom how you could make such a conclusion today.
If they're concerned about performance, yeah. OpenBSD doesn't do the basics that you need to get the most out of your SMP hardware; there's no way to set cpu affinity at least from userland, and clear that this sort of work is not a priority for OpenBSD; it's not easy work, but FreeBSD has done it. Ubuntu/Linux do have reasonable performance, but I think they prefer PF firewalls, so that makes Linux a non-option for firewalls.
What's wrong with Linux for firewalls? Either openwrt, or any distro really. Why would any BSD perform better? (edit: genuinely curious why BSDs are such popular firewalls)
Compared to working with iptables, PF is like this haiku: A breath of fresh air, floating on white rose petals, eating strawberries. Now I'm getting carried away: Hartmeier codes now, Henning knows not why it fails, fails only for n00b. Tables load my lists, tarpit for the asshole spammer, death to his mail store. CARP due to Cisco, redundant blessed packets, licensed free for me. (From https://marc.info/?l=openbsd-pf&m=108507584013046&w=2 ) Nftables has improved the situation on Linux somewhat, but PF is incredibly intuitive and powerful. A league of its own when it comes to firewalling.
Of course, I'm genuinely curious why BSDs are more popular as firewalls.
Because of pf[1]. It's just a very capable firewall with a pleasurable configuration language. [1] https://www.openbsd.org/faq/pf/
Agreed. Once you've gone pf you'll pine for it when working with anything else.
The only configuration language I like more is Juniper. I picked that up and became fluent in it within about a day.
That particular change improves throughput received locally. Though over the past few years there's been a ton of work on unlocking the network layer generally to support more parallelism. For a firewall I guess the critical question is the degree of parallelism supported by OpenBSD's PF stack, especially as it relates to common features like connection statefulness, NAT, etc.
Thanks. Yes after I posted that I started wondering if it was really relevant to pf.
France threatens GrapheneOS with arrests / server seizure for refusing backdoors (mamot.fr)
Should I worry about E/OS too? (It'd be funny if French software was illegal to use in the EU for GDPR violations. )
HN title: "France threatens GrapheneOS with arrests / server seizure for refusing backdoors" LQDN: "Dans ces articles, la cheffe de la section cybercriminalité du parquet de Paris – à l'origine de l'arrestation de Pavel Durov – menace également les développeurs·es de GrapheneOs. Interviewée, elle prévient qu'elle ne s'« empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice »." In the (very short) linked article: No mention of arrest, server seizure or backdoor, and a more nuanced take. Loosely translated summary: Some users have a legitimate need to protect their communications. IF we find links with criminal organizations AND there is no cooperation, then we might take action. They're specifically taking the approach of a case by case hack of single phones which might cost up to a million euros. Is this an issue if there's a warrant? This seems blown out of proportion?
France has made it clear they expect to have a backdoor in end-to-end encryption apps and disk encryption. They've been saying that it's unacceptable not to have a backdoor in a bunch of these news stories they've gotten published by contacting the media. They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested. Le Parisien has 2 articles about this, not only one, and https://archive.is/UrlvK is one of the places they talk about going after us if we don't cooperate with providing them access to devices. It's not possible for us to provide an update which bypasses the throttling for brute force protection so what they're asking isn't even helping them break into specific devices but helping them compromise security for everyone in anticipation of rare cases of criminals using devices. https://news.ycombinator.com/item?id=46038241 explains lack of technical ability to compromise security after the fact. Titan M2 is specifically designed with insider attack resistance so that Google making an update disabling the brute force protection won't be accepted by the secure element without the Owner user successfully unlocking first. We don't have the signing key for the Titan M2 firmware anyway. This is part of our required hardware-based security features which we're working on providing in a Pixel alternative with a major Android OEM working with us right now. We talked to them about the France situation already and it does not negatively impact our partnership. It may be a good idea to speed up an official announcement with them to counter the narrative being pushed by France's law enforcement agencies now.
Le Parisien is not the french state. I doubt you had any interaction with the french authorities at all. You are unable to any legal recourse because none of your rights have been violated so far.
They can't bypass disk encryption that way: https://news.ycombinator.com/item?id=46038241 It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.
Well that's really good to know. Been a happy user of Graphene since the Copperhead days. Thanks for all the work you do. I know you've endured a ton of shit.
French for "shitless"
No it's not
It's disappointing to see such blatant misinformation on HN. There has been a wave of these low quality trolls and it's increasing everyday
I'm not a troll. Everyone thinks we should trust GrapheneOS...why? Because they're loud and aggressive? They claim they are audited... by whom? When? Where are the results? https://grapheneos.org/faq#audit https://discuss.grapheneos.org/d/5527-who-has-audited-graphenos > We've built relationships with security researchers and organizations interested in GrapheneOS or using it which results in a lot of this kind of collaboration.
One thing though is - knives, fast cars and cash aren't built with deliberate motivation of thwarting the law enforcement and criminal investigations. GrapheneOS and its systems are - you can walk through history and see that they're deliberately working on systems that defeat law enforcements efforts of collecting data from seized devices and tracking criminal networks. This is a massive difference - even for knives and cars, you'd get into some hot water (or outright illegal behaviour) if you build them with express purpose to make them hard to find and track by law enforcement. Try making a company that focuses on cars that hide its license plates from the police and you'll see how far that will go. This is one thing that GrapheneOS, Signal and others will need to at some point reckon with - the fact that they deliberately work at making law enforcements work harder and provide effective cover for criminals will get them into hot water. And I don't think population will stand at their side when they find that they've been helping CSAM traffickers hide their loot. Having all that anti-governmental rhethoric won't end well for longerm survivability of these projects - which sucks for all of us.
This is a very counter-productive distortion of privacy, and borders on a lie about Graphene. Something designed to be private doesn't know the difference between a law enforcement officer trying to break into it and a criminal trying to break into it. There is no special "anti-cop only code" that gets executed, any more than there are special "cop tools" that exist on some physical plane where criminals don't.
X Just Accidentally Exposed a Covert Influence Network Targeting Americans (weaponizedspaces.substack.com)
"Live and let live" directly contradicts you previous transphobic posts, and "having X friends" is the lamest most disingenuous excuse for your bigotry. So no, you're not excused, and you're not credible. https://en.wikipedia.org/wiki/I%27m_not_racist,_I_have_black_friends >The phrase is cited as an instance of "resistance to antiracist thinking", and some suggestions for dismantling the logic of the phrase include "it is like saying there is no such thing as sexism because we all have a close friend or family member who is a woman". Do your conveniently gay and trans "friends" agree with you when you personally blame them for being responsible for and deserving all the abuse they receive simply because they "pushed things too far" (as you claim) by demanding to live and let live? Your victim blaming and bigoted postings are pushing your own transphobia too far. And yeah, I have a nerve about human rights, that you apparently don't. So you're the one who should move to Russia or China.
The specific example I cited was the "we are coming for your children" chant in NYC, which is way beyond demanding to "live and let live". Things like this give an insane amount of ammunition to the anti-gay movement. You are lying by twisting my words, thankfully, the posting history is all there for everyone to see. I always supported equal rights and dialogue, and voted accordingly. That's why I do have problems with militant individuals like youself that create a complete mockery of the issue by refusing to think, resorting to insults, eating their own and actually causing the real harm to any rights movement. Who would want to be in the same voting block with someone who seems to be off the rails? Of course you will next say that you don't believe me and will pull more proof from wiki, but I don't give a flying duck. Bye.
If it becomes more common for a service to reveal the geography of a user, wouldn't these cyberwarfare farms stand up VPN servers? This is certainly useful as a one-time reveal since the attackers didn't think this data would leak, but now can't they prepare better?
Easy, you just ban all known vpn endpoints and cloud hosting provider IP ranges. 4chan figured all this out over a decade ago.
VPN farms and using remote servers are all with a bit of effort detectable. It starts a new arms race but all it takes is to catch the account misplaced once on a change to then keep that history and expose the discrepancy forever. Its going to be quite difficult to get an maintain a genuine domestic IP that is unique per account and doesn't then get shut down often.
It’s widely known and reported this is happening. I guess this might get the message to people in the back who aren’t paying attention… but given we’ve had most of a decade of off-and-on coverage of this, anyone left is probably unreachable, and a bunch of them have been primed to ignore this exact sort of headline as “fake news”.
There was that whole Russian operation paying blogs, influencers and other alt-media personalities in the run up to the election that was investigated. Nothing came of it and no one cared. I lost all faith in anyone being reasonable at that point. People want to hear what they want to hear, you can tell about how it's a psyops all you want, they still don't care.
↙ time adjusted for second-chance
Inside Rust's std and parking_lot mutexes – who wins? (blog.cuongle.dev)
We're currently working on separating poison from mutexes, such that the default mutexes won't have poisoning (no more `.lock().unwrap()`), and if you want poisoning you can use something like `Mutex<Poison<T>>`.
Yeah, I'm looking forward to it! While we're at it, another thing that'd be nice to get rid of is `AssertUnwindSafe`, which I find even more pointless.
> so you have no clue if the shared data might be incompletely modified or otherwise logically corrupted. One can make a panic wrapper type if they cared: It's what the stdlib Mutex currently does: MutexGuard checks if its panicking during drop using `std::thread::panicking()`, and if so, sets a bool on the Mutex. The next acquirer checks for that bool & knows state may be corrupted. No need to bake this into the Mutex itself.
My point is that "blindly continuing" is not a great default if you "don't care". If you continue, then you first have to be aware that a multithreaded program can and will continue after a panic in the first place (most people don't think about panics at all), and you also have to know the state of the data after every possible panic, if any. Overall, you have to be quite careful if you want to continue properly, without risking downstream bugs. The design with a verbose ".lock().unwrap()" and no easy opt-out is unfortunate, but conceptually, I see poisoning as a perfectly acceptable default for people who don't spend all their time musing over panics and their possible causes and effects.
There was a giant super-long GitHub issue about improving Rust std mutexes a few years back. Prior to that issue Rust was using something much worse, pthread_mutex_t. It explained the main reason why the standard library could not just adopt parking_lot mutexes: From https://github.com/rust-lang/rust/issues/93740 > One of the problems with replacing std's lock implementations by parking_lot is that parking_lot allocates memory for its global hash table. A Rust program can define its own custom allocator, and such a custom allocator will likely use the standard library's locks, creating a cyclic dependency problem where you can't allocate memory without locking, but you can't lock without first allocating the hash table. > After some discussion, the consensus was to providing the locks as 'thinnest possible wrapper' around the native lock APIs as long as they are still small, efficient, and const constructible. This means SRW locks on Windows, and futex-based locks on Linux, some BSDs, and Wasm. > This means that on platforms like Linux and Windows, the operating system will be responsible for managing the waiting queues of the locks, such that any kernel improvements and features like debugging facilities in this area are directly available for Rust programs.
> This means SRW locks on Windows, and futex-based locks on Linux, some BSDs, and Wasm. Note that the SRW Locks are gone, except if you're on a very old Windows. So today the Rust built-in std mutex for your platform is almost certainly basically a futex though if it is on Windows it is not called a futex and from some angles is better - the same core ideas of the futex apply, we only ask the OS to do any work when we're contended, there is no OS limited resource (other than memory) and our uncontended operations are as fast as they could ever be. SRW Locks were problematic because they're bulkier than a futex (though mostly when contended) and they have a subtle bug and for a long time it was unclear when Microsoft would get around to fixing that which isn't a huge plus sign for an important intrinsic used in all the high performance software on a $$$ commercial OS... Mara's work (which you linked) is probably more work, and more important, but it's not actually the most recent large reworking of Rust's Mutex implementation.
Seems like the simple solution to this problem would be to have both, no? A simple native lock in the standard library along with a nicer implementation (also in the standard library) that depends on the simple lock?
My takeaway is that the documentation should make more explicit recommendations depending on the situation -- i.e., people writing custom allocators should use std mutexes; most libraries and allocations that are ok with allocation should use parking_lot mutexes; embedded or libraries that don't want to depend on allocate should use std mutexes. Something like that.
> Prior to that issue Rust was using something much worse, pthread_mutex_t Presumably you're referring to this description, from the Github Issue: > > On most platforms, these structures are currently wrappers around their pthread equivalent, such as pthread_mutex_t. These types are not movable, however, forcing us to wrap them in a Box, resulting in an allocation and indirection for our lock types. This also gets in the way of a const constructor for these types, which makes static locks more complicated than necessary. pthread mutexes are const-constructible in a literal sense, just not in the sense Rust requires. In C you can initialize a pthread_mutex_t with the PTHREAD_MUTEX_INITIALIZER initializer list instead of pthread_mutex_init, and at least with glibc there's no subsequent allocation when using the lock. But Rust can't do in-place construction[1] (i.e. placement new in C++ parlance), which is why Rust needs to be able to "move" the mutex. Moving a mutex is otherwise non-sensical once the mutex is visible--it's the address of the mutex that the locking is built around. The only thing you gain by not using pthread_mutex_t is a possible smaller lock--pthread_mutex_t has to contain additional members to support robust, recursive, and error checking mutexes, though altogether that's only 2 or 3 additional words because some are union'd. I guess you also gain the ability to implement locking, including condition variables, barriers, etc, however you want, though now you can't share those through FFI. [1] At least not without unsafe and some extra work, which presumably is a non-starter for a library type where you want to keep it all transparent.
> The effect of referring to a copy of the object when locking, unlocking, or destroying it is undefined. https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_09_09 I.e., if I pthread_mutex_init(&some_addr, ...), I cannot then copy the bits from some_addr to some_other_addr and then pthread_mutex_lock(&some_other_addr). Hence not movable. > Moving a mutex is otherwise non-sensical once the mutex is visible What does "visible" mean here? In Rust, if you hold a mutable reference to an object, there are no other references to that object, hence it is safe to move.
I’m actually thinking of the sheer size of pthread mutexes. They are giant. The issue says that they wanted something small, efficient, and const constructible. Pthread mutexes are too large for most applications doing fine-grained locking.
On a typical modern 64-bit Linux for example they're 40 bytes ie they are 320 bits. So yeah, unnecessarily bulky. On my Linux system today Rust's Mutex<Option<CompactString>> is smaller than the pthread mutex type whether it is locked and has the text "pthread_mutex_t is awful" inside it or maybe unlocked with explicitly no text (not an empty string), either would only take like 30-odd bytes, the pthread_mutex_t is 40 bytes. On Windows the discrepancy is even bigger, their OS native mutex type is this sprawling 80 byte monster while their Mutex<Option<CompactString> is I believe slightly smaller than on Linux even though it has the same features.
Original post: https://webkit.org/blog/6161/locking-in-webkit/ Post that mentions the two bit lock: https://webkit.org/blog/7122/introducing-riptide-webkits-retreating-wavefront-concurrent-garbage-collector/ I don’t know the details of the Rust port but I don’t imagine the part that involves the two bits to require unsafe, other than in the ways that any locking algorithm dances with unsafety in Rust (ownership relies on locking algorithms being correct)
This is very similar to how Java's object monitors are implemented. In OpenJDK, the markWord uses two bits to describe the state of an Object's monitor (see markWord.hpp:55). On contention, the monitor is said to become inflated , which basically means revving up a heavier lock and knowing how to find it. I'm a bit disappointed though, I assumed that you had a way of only using 2 bits of an object's memory somehow, but it seems like the lock takes a full byte?
The idea is that six bits in the byte are free to use as you wish. Of course you'll need to implement operations on those six bits as CAS loops (which nonetheless allow for any arbitrary RMW operation) to avoid interfering with the mutex state.
↙ time adjusted for second-chance
Serflings is a remake of The Settlers 1 (simpleguide.net)
I still tidy my house using the Settlers resource movement algorithm, moving things closer towards where they need to be even if they don't go all the way to their final destination.
I'm like this too. It's an incremental system that given enough time converges on the tidy state. I can take something to the foot of the stairs that I know needs to go up there, and then when I later go upstairs I can deposit at the top of the stairs, then when I'm accessing the linen closet I'll glance over and be like oh yeah, some of those items belong in here, I'll put them away now and get the others later. In some ways it's a permission structure to do part of a task without feeling like you're now chained to completely finishing it before you can do anything else. This all drove my ex nuts though; from her perspective the whole thing was an exercise in deck-chair rearrangement that only served to increase overall entropy while in the intermediate states.
> To get the game to start you need one file from the original settlers 1 game because graphics and sounds are read from there. Leaving aside the moral aspect of compensation for the artists who created the original graphics and sounds (who probably won't see any money from sales of the original game anyway), would it be legal to reverse engineer (intentionally simple) prompts for each piece of art needed, and then commission either humans or GenAI to create these, to then be able to distribute the remake without any dependency on the original?
There is no issue with creating new graphics and sounds from the scratch, OpenTTD did exactly that for Transport Tycoon Deluxe. It’s not identical but is enough to convey original intent and be freely available.
Settlers 1/2 are logistics simulators. The core of gameplay is that the map consists of vertexes on which you can place flags, and then connect flags with paths. On each path there will be exactly one porter, who will carry stuff from a flag to another. Arranging your network so that goods get where they are going in a reasonable time is like 90% of the gameplay.
Exactly. It looks like a RTS but it wasn’t originally.
 Top