Unlurker|Replay|About
Ask HN: Solo founders – is your LLM filling the cofounder gap?
i found it spiraling after a while (used chatgpt). what worked for me in the end were actual advisors. (pro bono)
I do the same but a co-founder usually has different view or opinion. LLMs (in my experience) are way to agreeable and just tend to agree and not push back much.
I've seen that too. My master prompt specifically asks to challenge the question/request with critical thinking and play devils advocate
Show HN: Secure private diffchecker with merge support (diffchecker.dev)
Do you release the code as FOSS?
Unfortunately No. Planning to monetize through ads once UI is polished.
Why would releasing the code under a FOSS license prevent you from adding ads?
To be honest. Never really thought about it fully. I don't know monetization plan as well. I just wanted to create better private version of diff checker and merge. Will think through and update here.
James Cameron Says Netflix Movies Shouldn't Be Eligible for Oscars (worldofreel.com)
> "We’ll put the movie out for a week or 10 days. We’ll qualify for Oscar consideration.” See, I think that’s fundamentally rotten to the core. A movie should be made as a movie for theatrical, and the Academy Awards mean nothing to me if they don’t mean theatrical. I think they’ve been co-opted, and I think it’s horrific. From the same guy who allowed Avatar to be released 12 years later so it could retake the top spot from Avengers Endgame. (to be fair, that movie had a small rerelease itself to gain that top spot)
What's he gonna do when they buy Warner Bros.? https://www.nytimes.com/2025/11/20/business/media/warner-discovery-bids-paramount-netflix-comcast.html?unlocked_article_code=1.208.fFKf.NwD51IQ-iDeI&smid=url-share
I hate to say it but I think he is swimming against the tide.
Yes. It's called "entrenched interest". People cling to what they know --- even if it means continuing to fight a battle that has already been lost. Kinda like current US policy rejecting cheap, renewable energy in favor of more expensive fossil fuels.
So it seems to be a little bit less that James Cameron says Netflix shouldn't be eligible for Oscars and more that he's saying the Oscars should be eligible only to wide scale theater releases.
Bad UX World Cup 2025 (badux.lol)
Something extra hilarious about the UX of the website causing me to mis-click. I tried to watch the YouTube video but the UX popped in and caused me to click on some other random link.
No mention of Spotify's terrible UX in mobile devices?
It's a competition, not a teardown of in-the-wild bad UX. From the website: > Build a date picker with bad UX (the worse, the better)
Google Antigravity Exfiltrates Data (promptarmor.com)
I'm not quite convinced. You're telling the agent "implement what it says on <this blog>" and the blog is malicious and exfiltrates data. So Gemini is simply following your instructions. It is more or less the same as running "npm install <malicious package>" on your own. Ultimately, AI or not, you are the one who needs to validate dependencies and put appropriate safeguards in place.
While an LLM will never have security guarantees, it seems like the primary security hole here is: > However, the default Allowlist provided with Antigravity includes ‘webhook.site’. It seems like the default Allowlist should be extremely restricted, to only retrieving things from trusted sites that never include any user-generated content, and nothing that could be used to log requests where those logs could be retrieved by users. And then every other domain needs to be whitelisted by the user when they come up before a request can be made, visually inspecting the contents of the URL. Even better, specify things like where secrets are stored, and Antigravity could continuously monitor the LLM's to halt execution if a secret ever appears. Again, none of this would be a perfect guarantee, but it seems like it would be a lot better?
Does anyone else find it concerning how we're just shipping alpha code these days? I know it's really hard to find all bugs internally and you gotta ship, but it seems like we're just outsourcing all bug finding to people, making them vulnerable in the meantime. A "bug" like this seems like one that could have and should have been found internally. I mean it's Google, not some no-name startup. And companies like Microsoft are ready to ship this alpha software into the OS? Doesn't this kinda sound insane? I mean regardless of how you feel about AI, we can all agree that security is still a concern, right? We can still move fast while not pushing out alpha software. If you're really hyped on AI then aren't you concerned that low hanging fruit risks bringing it all down? People won't even give it a chance if you just show them the shittest version of things
I really liked Simon's Willison's [1] and Meta's [2] approach using the "Rule of Two". You can have no more than 2 of the following: - A) Process untrustworthy input - B) Have access to private data - C) Be able to change external state It's not bullet-proof, but it has helped communicate to my management that these tools have inherent risk when they hit all three categories above (and any combo of them, imho). [1] https://simonwillison.net/2025/Nov/2/new-prompt-injection-papers/ [2] https://ai.meta.com/blog/practical-ai-agent-security/
I recall that. In this case, you have only A and B and yet, all of your secrets are in the hands of an attacker. It's great start, but not nearly enough.
Don't cursor and vscode also have this problem?
good
OCR'ing the page instead of reading the 1 pixel font source would add another layer of mitigation. It should not be possible to send the machine a different set of instructions than a person would see.
Interesting report. Though, I think many of the attack demos cheat a bit, by putting injections more or less directly in the prompt (here via a website at least). I know it is only one more step, but from a privilege perspective, having the user essentially tell the agent to do what the attackers are saying, is less realistic then let’s say a real drive-by attack, where the user has asked for something completely different. Still, good finding/article of course.
There's nothing specific to Gemini and Antigravity here. This is an issue for all agent coding tools with cli access. Personally I'm hesitant to allow mine (I use Cline personally) access to a web search MCP and I tend to give it only relatively trustworthy URLs.
For me the story is that Antigravity tried to prevent this with domain whitelist and file restrictions. They forgot about a service which enables arbitrary redirects, so the attackers used it. And LLM itself used the system shell to pro-actively bypass the file protection.
Coding agents bring all the fun of junior developers, except that all the accountability for a fuckup rests with you. Great stuff, just awesome.
Data Exfiltration as a Service is a growing market.
I mean, agent coding is essentially copypasting code and shell commands from StackOverflow without reading them. Should you do that? Maybe not, but people will keep doing that anyway as we've seen in the era of StackOverflow.
Who would have thought that having access to the whole system can be used to bypass some artificial check. There are tools for that, sandboxing, chroots, etc... but that requires engineering and it slows GTM, so it's a no-go. No, local models won't help you here, unless you block them from the internet or setup a firewall for outbound traffic. EDIT: they did, but left a site that enables arbitrary redirects in the default config. Fundamentally, with LLMs you can't separate instructions from data, which is the root cause for 99% of vulnerabilities. Security is hard man, excellent article, thoroughly enjoyed.
> Fundamentally, with LLMs you can't separate instructions from data, which is the root cause for 99% of vulnerabilities This isn't a problem that's fundamental to LLMs. Most security vulnerabilities like ACE, XSS, buffer overflows, SQL injection, etc., are all linked to the same root cause that code and data are both stored in RAM. We have found ways to mitigate these types of issues for regular code, so I think it's a matter of time before we solve this for LLMs. That said, I agree it's an extremely critical error and I'm surprised that we're going full steam ahead without solving this.
Not only that: most likely LLMs like these know how to get access to a remote computer (hack into it) and use it for whatever ends they see fit.
I mean... If they tried, they could exploit some known CVE. I'd bet more on a scenario along the lines of: "well, here's the user's SSH key and the list of known hosts, let's log into the prod to fetch the DB connection string to test my new code informed by this kind stranger on prod data".
> No, local models won't help you here, unless you block them from the internet or setup a firewall for outbound traffic. This is the only way. There has to be a firewall between a model and the internet. Tools which hit both language models and the broader internet cannot have access to anything remotely sensitive. I don't think you can get around this fact.
Not just the LLM, but any code that the LLM outputs also has to be firewalled. Sandboxing your LLM but then executing whatever it wants in your web browser defeats the point. CORS does not help. Also, the firewall has to block most DNS traffic, otherwise the model could query `A <secret>.evil.com` and Google/Cloudflare servers (along with everybody else) will forward the query to evil.com. Secure DNS, therefore, also can't be allowed. katakate[1] is still incomplete, but something that it is the solution here. Run the LLM and its code in firewalled VMs. [1]: https://github.com/Katakate/k7
How will the firewall for LLM look like? Because the problem is real, there will be a solution. Manually approve domains it can do HTTP requests to, like old school Windows firewalls?
Yes, curated whitelist of domains sounds good to me. Of course, everything by Google they will still allow. My favourite firewall bypass to this day is Google translate, which will access arbitrary URL for you (more or less). I expect lots of fun with these.
The sad thing is, that they've attempted to do so, but left a site enabling arbitrary redirects, which defeats the purpose of the firewall for an informed attacker.
I don’t understand why it’s a problem. They clearly advertise the tool is not secure and malicious (i.e. malware). If you install and run malware, expect security issues? /s
That's the bleeding edge you get with vibe coding
cutting edge perhaps?
This is hillarious. AI is prevented from reading .gitignore-d files, but also can run arbitrary shell commands to do anything anyway.
I had this issue today. Gemini CLI would not read files from my directory called .stuff/ because it was in .gitignore. It then suggested running a command to read the file ....
When I read this I thought about a Dev frustrated with a restricted environment saying "Well, akschually.." So more of a Gemini initiated bypass of it's own instructions than malicious Google setup. Gemini can't see it, but it can instruct cat to output it and read the output. Hilarious.
codex cli used to do this. "I can't run go test because of sandboxing rules" and then proceeds to set obscure environment variables and run it anyway. What's funny, is that it could just ask the user for permission to run "go test"
Cursor does this too.
Sooner or later I believe, there will be models which can be deployed locally on your mac and are as good as say Sonnet 4.5. People should shift to completely local at that point. And use sandbox for executing code generated by llm. Edit: "completely local" meant not doing any network calls unless specifically approved. When llm calls are completely local you just need to monitor a few explicit network calls to be sure. Unlike gemini then you don't have to rely on certain list of whitelisted domains.
That's not easy to accomplish. Even a "read the docs at URL" is going to download a ton of stuff. You can bury anything into those GETs and POSTs. I don't think that most developers are going to do what I do with my Firefox and uMatrix, that is whitelisting calls. And anyway, how can we trust the whitelisted endpoint of a POST?
At the time that there's something as good as sonnet 4.5 available locally, the frontier models in datacenters may be far better. People are always going to want the best models.
Why is the being downvoted?
Because it misses the point. The problem is not the model being in a cloud. The problem is that as soon as "untrusted inputs" (i.e. web content) touch your LLM context, you are vulnerable to data exfil. Running the model locally has nothing to do with avoiding this. Nor does "running code in a sandbox", as long as that sandbox can hit http / dns / whatever. The main problem is that LLMs share both "control" and "data" channels, and you can't (so far) disambiguate between the two. There are mitigations, but nothing is 100% safe.
Sorry, I didn't elaborate. But "completely local" meant not doing any network calls unless specifically approved. When llm calls are completely local you just need to monitor a few explicit network calls to be sure.
If you read the article you'd notice that running an LLM locally would not fix this vulnerability.
Right, you’d have to deny the LLM access to online resources AND all web-capable tools… which severely limits an agent’s capabilities.
From the HN guidelines[0]: >Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that". [0]: https://news.ycombinator.com/newsguidelines.html
That's fair, thanks for the heads up.
Damn, i paste links into cursor all the time. Wonder if the same applies, but definitely one more reason not to use antigravity
Cursor is also vulnerable to prompt injection through third-party content.
Show HN: We built an open source, zero webhooks payment processor (github.com/flowglad)
i do wish i could vibe code payments. stripe is good but LLMs need help.
give the product a go and lmk how vibe coding payments performs
Very cool guys. Curious about a few things if you’re open to sharing: - How are you handling tax/VAT and edge cases? Like usage backfills or retroactive credit grants, etc. etc. - What’s the failure mode if your service is down? Either way, refreshing to see someone go after this with the opinionated DX!
Very helpful callouts - both areas we want to build more robust product coverage. Handling tax and VAT edge cases are coming up on our roadmap. We want to offer a merchant of record service soon, and eventually make it so that you can steer the funds flow at a per-transaction level. We monitor our uptime closely[0], but we're also working on giving more options to self-host the source of truth component of our offering for people who want to be more in control of their certainty. [0] https://status.flowglad.com
I have an idea. Would be happy to get feedback + criticism. What if there was some standard API interface for payment processors? Basically AWS S3 API, but for payment processors. The idea being that migration between payment providers should be low friction and standardized. If you're in Stripe jail or banned, start using paypal (or something else) just by changing endpoints + credentials. Since Stripe is the gold standard, we could standardize on that (like how cloud providers standardized on S3). I think India has implemented something to this effect. Thoughts?
It won't work, the feature set offered by different payment processors differs too much to capture in one consistent API. Even Stripe itself already offers 3 or 4 different ways to integrate with them. What you want already exists though, and it's called a payment orchestrator. They integrate with different payment providers and provide you one API. You pay for that by getting a much smaller feature set.
Stripe billing definitely leaves something to be desired and agree that a layer on top can improve the DX tremendously. What differentiates you from competitors like Lago and Autumn?
Gotta say we admire both teams, and have a lot of respect for anyone trying to make progress in this space. As far as differences: both are an additional service you need to bolt-on in addition to signing up for Stripe. We're aiming to consolidate onboarding as a single provider that both processes. A lot of work still to do on our side, but that's where we want to end up: that you get your dream devex without needing to sign up for 2 products. Both are essentially billing-only services where you bring your API key. We have a billing engine that we built from scratch, and are actually processing the payments, currently using Stripe Connect under the hood. Lago seems to still require you to deal with webhooks - if not theirs, then Stripe's - and is focused on "billing as write operation" (their first-class concern is producing a correct, well-formed charge or invoice object). We want to solve both the "read" (what features can my customer access, what balance does their usage meter have?) and the "write" more conventional billing operations like charges, prorations, converting free trials to paid, etc. With Autumn we're tackling a similar problem but they currently still require you to use Stripe Billing + your API key. So you'll be paying for Stripe Billing + Autumn (unless you self host). Overtime as we get deeper into the money movement side of things our paths will look more different, as more of our devex will include smoother ways to handle funds flows, tax compliance, etc. And compared to both, at least from what I can tell from the outside, we're putting relatively larger share of our brain cycles towards making our SDK and docs deeply intuitive for coding agents. We want to design our default integration path around the assumption that you will have a coding agent doing most of the actual work. As a result we've got some features like e.g. an MCP-first integration path that makes it easy for your coding agent to ask our docs pointed questions that may come up as it integrates Flowglad. And a dynamically generated integration guide md file that considers both your codebase context. A lot of that is the result of our own trial and error trying to integrate payments with coding agents, and we're going to be investing a lot more time and care into that experience going forward.
You intend to restrict this to a single market? There's some sibling comments that do point out that. Much "annoyances" when it comes to money is all those weird laws and rules from lower level companies in place, improving things for developers is a laudable goal but I do hope that you guys have some real world experience with these systems apart from frustrations as system users because doing a good DX right now feels like it could make you end up in a dead end.
100% agree - this is not a space to tread into lightly. We have some really knowledgeable payments people in our corner, including several veterans with many decades of payments industry experience as leaders at the big payments players. There's a lot that we've been able to learn from them as they help us navigate the financial services side of this business. We're conscious of how much work there is to do, and how the "good DX" is really just the visible tip of the iceberg. Currently through Stripe we are able to onboard merchants wherever Stripe can serve them directly. Our upcoming merchant of record offering (which we hope to launch soon), will be available to merchants wherever Stripe can send payouts, which is a longer list of maybe 150+ countries. The pathway to building deeper payment rails will indeed have to be country-by-country as each one requires new banking partners and compliance regimes.
DX = developers not shooting themselves in the foot and making it impossible to cancel my free trial because my account got deleted but the autopay didn't fewers bugs = happier customers not getting charged for shit they didn't agree to be charged for
Basically this. The existing integration paradigm for payments, at its worst, feels like a warehouse filled with footguns on the floor with the lights turned off. Esp for newer developers who are used to more modern devexes which explicitly try to take reasoning about complex state transitions off of your plate.
Sure, but everything from the Stripe UI down to their API is feature creeped. I remember using it 10 years ago and I got it working in 10-20 minutes. Last month I see it up for my new project and it took almost a whole day
You setup a payment flow and it took you less than a day, and you are upset? I don't understand.
It is ok to say "CSS variables" instead of "custom properties" (blog.kizu.dev)
and the name of the function we access them is var()! Not customProperty().
Looking at example 5: :root { --color: blue; } div { --color: green; } #alert { --color: red; } * { color: var(--color); } I inherited blue from the root element! <div>I got green set directly on me!</div> <div id='alert'> While I got red set directly on me! I’m red too, because of inheritance! </div> Excuse my negativity, but this is messed up. I am trying to rationalize whyyyy???. It seems every object is given variables (--abc). And then there are global variables and local variables. I guess this is the "cascading" feature. var is a function computed at the time of instantiation. And refers to local variables first. Then looks at global variable. Inheritance comes from ?? The p tag seems it is not root so therefore it is not blue. Having explained it, I think about it better, but this really messes up how I thought of CSS. CSS is where the second stanza overwrites the first stanza. Yet global and local variables really hurts my head. A few complex CSS files later, it is bound to be unusable to determine result without getting a computer program to help.
I think you are demonstrating the title of this article. The --color variable is inherited through your style sheet cascade, just like any built-in property would be. In other words, CSS variables are pretty much custom properties. In the last line of CSS, you went on to equate a built-in property with the value of the variable everywhere. So you’ve essentially made a new “property” that works just like the builtin color property. (Disclaimer: I’m not an expert in modern CSS, so this could be imprecise.)
I've just been calling them that anyway since I found out they existed. Also, this guy is calling HTML a programming language. Make of that what you will...
It is one...
That's where I'm coming from.
[delayed]
The happiest software developers are those who write HTML, CSS, PHP, and just a sprinkle of JS like they used to do 20 years ago.
I'd also say HTML4 is much nicer to write than HTML5. I know it's technically "obsolete", but it was more pleasant to work with (and allows your site to be accessible on almost every browser/version).
No way. There have been so many nice improvements to all of those languages over the last two decades that make development so much safer to implement, faster to code, and easier to test. I personally would lose my mind if I had to go back to the way things were running 20 years ago
Then they drag-and-drop the project folder into FileZilla connected to their FTP shared hosting and send the invoice to the client. Although... while this seems like heaven at first, seeing this being done in practice, it is hell. It's just people don't know they are in hell. They got used to it.
Never a git history rewrite after a declined pull request, pure “index.html_previous_3” bliss
I still think about the person on Mastodon I saw months ago: "My deployment pipeline is to click FILE->SAVE"
↙ time adjusted for second-chance
how to repurpose your old phone into a web server (far.computer)
This sounds like a fun project. A perfect use for an old android phone sitting in the junk drawer.
Nothing beats my toaster serving my webpages.
Title should be updated to include "unused android phone"
"unused android phone with unlocked bootloader that is supported by postmarkOS"
so once you have a web server on the phone how are you able to make it available publicly on the internet? don't ISPs detect these and ban? are you using wireguard or something like that? ive been looking to build and serve my own servers and i have been considering to use old android phones to outright racks but the part I am still struggling to figure out is how to serve it publicly without ISP catching on as they require business plans for that and its not cheap
ISPs don't care, actually. They care about operational problems, but you serving a constant stream of web traffic is probably not going to matter to them; web traffic for even a pretty successful blog is going to be a tiny volume compared to you streaming 4k movies from Netflix. ISPs will have rules (maximum data volume per month) and restrictions (ISP equipment auto-drops all sending/receiving packets on port 25, 80, 443, or 456), but within those limits the ISPs do not care as long as you cause no problems for them.
> don't ISPs detect these and ban No. No ISP who desperately tries to grow marketshare at all costs and lock their customers into a year-long contract will intentionally ban users. I'm not even sure where this misconception comes from, it's not like ISPs led a massive PR campaign warning people of the dangers of running a server. The only way you will get banned is if you cause disproportionate strain on their network, which means you'd need to exceed the usage of the typical gamer (downloading games worth hundreds of gigs regularly), streamer (streaming 4k video for hours at a time), cloud backup customer (uploading gigabytes regularly), Windows user (in its default configuration Windows can use P2P to share updates), torrenter (sustained full-duplex bandwidth usage), and unlucky idiot with a compromised device spewing DoS traffic at line-rate. Saturate the pipe consistently for several days by hosting video? Yeah sure you could get a warning and eventually disconnected, assuming they don't already have traffic shaping solutions in place to just silently throttle you to an acceptable level and leave it up to you to move your homebrew YouTube clone elsewhere when you realize it's too slow. Hosting a website which will have a few mbps worth of traffic with the occasional spike? That's a rounding error compared to your normal legitimate usage, so totally fine. The reason most consumer ISPs have a clause against running servers (not even defining what counts as a server) is to preempt a potential business starting a data center off a collection of consumer connections and then bitching about it or demanding compensation when it goes down or they get cut off. Nobody cares about a technical user playing around and hosting a blog at home.
It used to be easier to get a web server up and running in the past. I remember the 1990s fondly. Not sure what changed, but things got more complex - and more expensive, too.
A CloudFlare tunnel? https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/ Although, you may also go with a 5$ virtual host (e.g. Linode Nanode 1 GB) and wireguard to build your own tunnel (or just the 5$ virtual host to run your server)
i see so just run cf tunnel and ISP wouldn't be able to see I am hosting web apps? what if I am streaming large files (not torrent)? couldn't they see the bandwidths being consumed and then tell me to upgrade to business ?
Heavily depends on the contract with your ISP, I'm not aware of anything saying you can't use your uplink "commercially" - how one would even define and monitor that?
What kind of an ISP prohibits self-hosting?
A Wireguard tunnel via a free tier or dirt cheap VPS, or a VPN provider that lets you forward ports like Proton
but can't the ISP still see something is up if there is traffic 24/7
Yes, though even though they can see that, as long as it's encrypted they can't know for sure, so as long as you don't cause problems they won't care at all that you're using it for something . In all my years I've never had an ISP complain about constant encrypted traffic, though some ISPs do have general data caps like Comcast.
Don't ISP's just charge per caps on ingress and egress volume? From your comments it is clear that they don't. Super infuriating. Why should they care what I do with ingress and outgress that I paid for, as long as I am not hurting them.
↙ time adjusted for second-chance
Inflatable Space Stations (worksinprogress.co)
I never understand why the rotating station concepts seem to all have rigid tethers, either in the form of a central boom or a rigid circular structure. It would seem like you could get a much larger diameter, so less rotational velocity and more comfort, by attaching rigid, or inflatable in this case, structures with a tether. Compressive loads are non existent, you just need to resist tensile loads. Maybe I'll go ask the AI.
I suspect without ISRU production of bulk orbit sheet metal, the most feasible solution is to repurpose rockets in their whole. Building a station this large is gonna be costly even within the cargo hold of starship. But six of them, gutted of insides as welded end to end could provide the vast majority of the bulk mass. This assume rather sophisticated orbital welding and object manipulation; but its feasible we could do it with robots.
Anything that can be inflated can usually be deflated.
so what? it's only one bar of pressure. Bring some gum.
Python is not a great language for data science (blog.genesmindsmachines.com)
Shell is the best language for data science. Pick the best tools for each of getting data, cleaning data, transforming data, and visualizing data, then stitch them together by sheer virtue of the fact that text is the universal interoperable protocol and files are the universal way of saving intermediate stages of data. Best part is, write a --help, and you can load them into LLMs as tools to help the LLMs figure it out for you. Fight me.
They basically advocate using R. I think it depends what they mean by "data science" and if the person will be doing just data science. If that's the case then R may be better. As in their whole career is going to built on that domain. But let's say they are on a general computer science track, now they'll probably benefit from learning Python more than R, simply because they can use it for other purposes. > Either way, I’ll not discuss it further here. I’ll also not consider proprietary languages such as Matlab or Mathematica, or fairly obscure languages lacking a wide ecosystem of useful packages, such as Octave. I feel, to most programming folks R is in the same category. R is to them what Octave is to the author. R is nice nice, but do they really want to learn a "niche" language, even if it has better some features than Python? Is holding a whole new paradigm, syntax, library ecosystem in your head worth it?
Isn't the author saying that Python + Pandas is almost as good as R, but Python without Pandas is less powerful than R. I can't help to conclude that Python is as good as R because I still have the choice of using Pandas when I need it. What did I get wrong?
you missed the "almost as" in your first sentence. also, we didn't define "good".
I think a lot of this comes down to the question: Why aren't tables first class citizens in programming languages? If you step back, it's kind of weird that there's no mainstream programming language that has tables as first class citizens. Instead, we're stuck learning multiple APIs (polars, pandas) which are effectively programming languages for tables. R is perhaps the closest, because it has data.frame as a 'first class citizen', but most people don't seem to use it, and use e.g. tibbles from dplyr instead. The root cause seems to be that we still haven't figured out the best language to use to manipulate tabular data yet (i.e. the way of expressing this). It feels like there's been some convergence on some common ideas. Polars is kindof similar to dplyr. But no standard, except perhaps SQL. FWIW, I agree that Python is not great, but I think it's also true R is not great. I don't agree with the specific comparisons in the piece.
There are a number of dynamic languages to choose from where tables/dataframes are truly first-class datatypes: perhaps most notably Q[0]. There are also emerging languages like Rye[1] or my own Lil[2]. I suspect that in the fullness of time, mainstream languages will eventually fully incorporate tabular programming in much the same way they have slowly absorbed a variety of idioms traditionally seen as part of functional programming, like map/filter/reduce on collections. [0] https://en.wikipedia.org/wiki/Q_(programming_language_from_Kx_Systems) [1] https://ryelang.org/blog/posts/comparing_tables_to_python/ [2] http://beyondloom.com/tools/trylil.html
> R is perhaps the closest, because it has data.frame as a 'first class citizen', but most people don't seem to use it, and use e.g. tibbles from dplyr instead. You're forgetting R's data.table, https://cran.r-project.org/web/packages/data.table/vignettes/datatable-intro.html , which is amazing. Tibbles only wins because they fought the docs/onboarding battle better, and dplyr ended up getting industry buy-in.
What is a table other than an array of structs?
It’s not that you can’t model data that way (or indeed with structs of arrays), it’s just that the user experience starts to suck. You might want a dataset bigger than RAM, or that you can transparently back by the filesystem, RAM or VRAM. You might want to efficiently index and query the data. You might want to dynamically join and project the data with other arrays of structs. You might want to know when you’re multiplying data of the wrong shapes together. You might want really excellent reflection support. All of this is obviously possible in current languages because that’s where it happens, but it could definitely be easier and feel more of a first class citizen.
I would argue that's about how the data is stored. What I'm trying to express is the idea of the programming language itself supporting high level tabular abstractions/transformations such as grouping, aggregation, joins and so on.
Ah, that makes more sense. Thanks for the clarification.
From many practical points, Clojure is great for data. And you can even leverage python libs via clj-python.
In the past few years I have seen some serious efforts from the Clojure community to make Clojure more attractive for data science. Check out the Scicloj[1] group and their data science stack/toolkit Noj[2] (still in beta) as well as the high-performance tabular data processing library tech.ml.dataset (TMD)[3]. - [1] https://scicloj.github.io - [2] https://scicloj.github.io/noj - [3] https://github.com/techascent/tech.ml.dataset
Ozempic does not slow Alzheimer's, study finds (semafor.com)
neither do most things in life
Why would Ozempic, a chemical affecting a specific receptor found in specific parts of the body, affect alzheimer's? I'm just asking questions here I don't understand what the mechanism of action is that this would be disappointing news.
Semaglutide (Ozempic) has potential therapeutic effects in neurodegenerative disorders through "modulation of neuroinflammation, enhancement of mitochondrial function, and promotion of neurogenesis". It has shown benefits in animal models of Alzheimer's and Parkinson's. So they're not just testing a random drug, but something that could work. For details, see: https://pubmed.ncbi.nlm.nih.gov/38921025 This diagram shows how Ozempic can produce these results, the various pathways from the GLP-1 receptor to reduce inflammation, protect neurons, and affect mitochondria: https://cdn.ncbi.nlm.nih.gov/pmc/blobs/87c0/11202139/72234dd736c8/cimb-46-00354-g003.jpg
"Alleged magic cure does not solve all our problems" just isn't as catchy.
That's why I'm genuinely asking why this would be disappointing , like what was the evidence that this does affect Alzheimer's. You would expect by X does not affect Y by default, so clearly there had to be a theory why you'd spend 2 years on a study to rule it out.
Significant, sustained weight loss can prevent or reduce the effects of conditions known to increase the likelihood or hasten the onset of Alzheimer's, like diabetes and high blood pressure.
This is anecdotal, I don't have proof but it's something I think is somewhat related. Is that obesity and nuerodegenerative diseases are somewhat related. So that's a guess as to why some people might have though a weight loss drug would potentially be related in some way with alzheimers. This could just be false though, I can't recall where I heard this information. So do some searching before quoting me.
Obesity often goes hand in hand with poorly regulated blood sugar and high blood pressure, both known risk factors for Alzheimer's.
We already know that's not the case though. A huge portion of the benefits are downstream of obesity, yes, but we already know GLPs have positive effects even without weight loss.
I started taking prescription Zepbound (tirzepatide) right when it was approved for about 6 months and lost 30 pounds, later switched to a low dose of much cheaper grey market semaglutide for maintenance. The anti-drinking side effect was unexpected and somewhat shocking to experience. I had heavily drank in the evening for almost a decade to varying degrees and then pretty much stopped overnight once hitting the 5mg dose of Zepbound on the second month. After ending the Zepbound I had a few months where I wasn't taking anything before resuming the maintenance semaglutide, and although food cravings slowly started returning, I still had/have zero interest in drinking whatsoever unless in a social setting where I may have 1-2 drinks (but usually avoid it altogether without requiring any conscious effort). There is definitely massive variance in the individual psychology/biology that leads to habitual alcohol overuse so I'm sure others might not have the same experience. But for me I'm pretty confident that breaking that deeply engrained habit of starting the first of 6-10 drinks at 6-7pm every day was what did it. Which was pretty much impossible for me to even envision back when it was such a normal part of my day-to-day coping strategy for stress/depression/etc. Although I always knew my drinking was excessive and terrible for my health, past my early 20s I was super high functioning and wasn't interfering with my job or life (other than holding me back and probably slowly killing me), and so being an "alcoholic" was never part of my identity (rightly or wrongly), which I think kinda ironically made it easier to just take the win and move on with my life without nagging self-doubt or fixation on whether my "addiction is cured". But it's been about 2 years now and I hardly ever think about alcohol even when super stressed so something, somewhere in my brain changed thanks to tirzepatide and whatever the mechanism I'm grateful for that happy accident of a side effect!
Orion 1.0 (blog.kagi.com)
This looks neat but the biggest question I have and care about... UBO? Not the limited manifest v3 version or whatever it's referred to as, but the full bore block lists like in FF. Excited to see where this goes!!
Orion Tech Lead here: Thank you for your patience — the issue has now been fixed. Please try updating now :)
Hi! Congratulations on the launch. Is your intention to ship using WebKit on Window and Linux too?
Nowadays users switch browsers to escape from AI nonsense. But in all seriousness, just enabling an ad-blocker significantly increases the speed of the browser, because, as you correctly noticed, website bloat is the largest bottleneck. And usually "raw" website content is only small fraction of all other stuff that gets loaded from various remote sources to show you ads and track you better. And to take speed point even further - disabling JavaScript does wonders to website speeds, you won't believe how quickly some websites are loading. Logging in to banking website might not work at all, though.
Orion already weighs 100 MB less than Chrome. You will probably already feel this difference every time you launch it.
That was a funny period of time because you could very transparently see the clear application of a corporate team that was tasked with improving the “startup speed KPI”. During that time IE startup time went from a dozen or so seconds to also instantaneous. It was even faster than chrome sometimes. But that was just the startup. The application wasn’t ready to accept any user input or load anything for another 10 or 15 seconds still. Sometimes it would even accept input for a second then block the input fields again. It’s the same mentality all those insanely slow webapps do when they think some core react feature for a “initial render” or splash screen etc will save them from their horrific engineering practices.
Google did a great job communicating Chrome's improvements over speed (both with startup and prefetch) and reliability (isolated and sandboxed tabs) during its launch. When you saw it, you knew that it was basically game over for any browser that had chosen to stagnate until then. They destroyed the competition.
Gentle reminder that if you're commenting on hacker news articles you are likely the outlier in the "why people switch browsers" reasoning. Friends and family constantly surprise me with their tech choices and how they interface with the digital world whenever I'm home on holidays.
“My friend told me Chrome was faster”
Also trust that it won't be abandoned like Opera was.
If it gets abandoned—so what? Switching browsers is trivial.
Roblox is a problem but it's a symptom of something worse (platformer.news)
Feels like this should be solved at the iOS/Android/Windows/Sony level. Parents should configure settings in 1 place. Not once for each game.
How is an OS setting going to protect a child from the realities that people on the internet, especially anonymous people, may be creepy?
> Since 2018, at least two dozen people in the United States have been arrested and accused of abducting or abusing victims they met on Roblox, according to a 2024 investigation by Bloomberg. So about three per year, out of 112 million users? That's a far better track record than the Boy Scouts of America or the Roman Catholic Church. Roblox has a strange demographic problem. Their average user age is around 14. They keep trying to push that up, at least to high school age where there's more spending power. Or so said one of their annual reports. But they just can't retain the early teens into the high school years. This is the same problem as Chat Control. You let people talk, sometimes they're going to talk about things they're Not Supposed To Talk About. The amount of censorship needed to prevent this goes way beyond Orwell ever dreamed of. Roblox claims a goal of cutting off wrongspeak within 100ms. They're trying pretty hard. That's a concern - an AI listening to everything you say and evaluating it for political correctness. Kids have been able to access Pornhub, etc. for more than a decade, and not much seems to have happened. Teen sex is down, not up. The graphics in Roblox are so bad that sex there is silly, not obscene, anyway. This belongs to a long series of non-problems, along with the Hayes Code, the 1950s Congressional hearings on comic books, the Meese Report, and such. Amusingly, we aren't hearing much from the religious right any more; they aligned with MAGA, and now they're stuck defending Trump's sex life. If anything, the Roblox problem is a subset of the too much screen time problem.
> So about three per year, out of 112 million users? That's a far better track record than the Boy Scouts of America or the Roman Catholic Church. Yep. I’ve not witnessed something so wildly over exaggerated since D&D was responsible for widespread satanic cults in the 80’s.
Thanks for the common sense take. Do have references for the notes about Scouts and the Church. I'm not sure where to start looking?
> Given a chance to display empathy for the victims of crimes his platform enabled, or to convey regret about historical safety lapses, or even just to gesture at some sense of responsibility for the hundreds of millions of children who in various ways are depending on him, the CEO throws up his hands and asks: how long are you guys going to be going on about all this stuff? CEOs acting like selfish psychopaths indifferent to the suffering of others shouldn't really surprise anyone at this point. Why expect tech CEOs to act differently? Of course he's nothing but annoyed that people keep complaining about how his digital child casino allows pedophiles and corporate advertisers to prey on children without oversight, or about how he's exploiting children for labor, or about how he's psychologically manipulating kids to feel anxiety and FOMO so that he can sell them more Robux. If he were capable of empathy for the victims of his platform he wouldn't have designed his platform to create victims in the first place.
It's interesting to me to think about a possible system where people in say roblox can only chat with each other by exchanging physical keys somehow. This way, they would be able to chat with their peers from school etc., without the danger or need for as much supervision. I don't necessarily think this is technologically feasible or something that would be accepted, but I think it's an interesting idea.
That’s pretty much the antithesis of online gaming. You’re not ONLY playing with other kids you know.
They could sell custom ubikeys/whatever. Kids love Tonies. A custom USB stick/NFC/air tag would be "easy" and profitable.
I have 10 year old twin boys, they play roblox with their friends from school, and they have a lot of fun. Importantly though they don't use the in-game chat, they fire up a group voice call on messenger kids and chat to each other through that while playing their games. They play in the lounge and I can keep a bit of an eye on what they're doing. Most of roblox is a trash fire, but there a couple of games that seem pretty fun when used as an activity for the kids to get together and chat and play.
Out of curiosity how did they manage to sign up for Instagram? Browser? Asking for a friend
Ah great question, I wondered this myself as there was no phone involved here and Instagram has been banned on my network for many years. It was from a friend's phone at school and that same friend later provided my child with an old galaxy tab to bring home, which was cleverly hidden under the carpet beneath the bed with wifi access to our neighbor's internet (provided by neighbor's kid as well). It's amazing the lengths they'll go through to circumvent rules.
The crony capitalism was brought to you literally by companies and millionaires scared of regulation and heavily pushing for deregulation. They supported Trump and republicans by large margin, especially financially.
If you think only one of the two parties of capital are to blame for this timeline, I have a bridge to sell you. Democrats manufactured consent for Trump's rise in a 1000 ways over decades. Neoliberalism delivered us Trump, who is merely a symptom of this broken symptom. Dems/Repubs play good/bad cop, but always in service to capital interests. We have a uniparty, but people are fooled by reasonable election turnout and close elections. Democracy is an illusion in the US.
Tbh making Roblox illegal feels like the same moral panic that our parents had around metal music, hip-hop, and arcades. My kid plays Roblox, I prevent her from talking to others, and I police the Robux purchases. It really is a fun platform. The problem is for parents that aren't technical, or are negligent and don't know how to police it.
Don't be so dismissive! In practice... - You cannot prevent your child to login and play at least 15mn (without manually resetting the password in the kid account) - combine this with the fact you cannot prevent changing the password reset email on the child account, and in practice you cannot prevent your child from using roblox - You cannot prevent gift card to be used - There's no way to trace gift cards usage at all - Roblox will remove controls at some ages without warning you - Deleting your kid account is a fight (it's been two weeks and roblox is asking me proof of ownership I cannot give since they don't exist) - You cannot prevent fear of missing out - You cannot control pay to win games - You cannot prevent your child face to be scanned and shared for "age control" - Same for your own face - Probably more... Oh and don't forget there's absolutely no way to prevent your kid to have multiple accounts, and have a parallel life you know nothing about.
I'll probably get DV to oblivion for this, but I have to constantly wonder where those parents come from that need to forbid their children to roam freely on the internet. Didn't they grow up in an age unrestricted web either? By now we must have two generations of unhinged children grown up with unsafe World of Warcraft, MSN, Whatsapp and ICQ. Oh and the p0rn... I mean, seriously, do you guys have nothing else to do than to moderate your kids Minecraft servers?
I grew up on the unrestricted internet, it doesn't mean I believe it was entirely good. I did (and DO!) many things that I realize are not beneficial, and do not want my children doing.
I want to share a small story a close friend told me. His son is eleven. Every Saturday he goes to tennis class. He's good at it, sure, but the important part is that he loves it. One Saturday, though, he refused to go. Why? Because there was a special Roblox event happening at the same time. His father tried reasoning with him, the kid, agrees, a bit reluctantly. But when the father walks into the bar, he sees a dozen kids all locked to their screens, playing the same Roblox event. Roblox is an obvious form of manipulation, but honestly, we're not much better. Adults scroll under the influence of algorithmic dopamine loops. If the tobacco class action was once the benchmark for corporate harm, it may someday look tiny compared to what's coming (I hope).
This feels like an incredibly normal thing though? Kids oftentimes want to do things that are highly stimulating and "fun" in substitute for things that are more rewarding, often to the point of obstinance. And I don't want to defend Roblox, their laissez faire attitude towards predators abusing their platform is abhorrent and disgusting. But this anecdote is about as old as civilization.
Thankfully? Why don't you just forbid him to play Fortnite? Sounds like your son doesn't listen to you, and that's a problem.
People are downvoting this but it's the correct response. I will never worry about Roblox because my child will never be able to play it at home. Problem solved. I understand that maybe non-technical people might not know to think about these things, but in this crowd this response should be the most upvoted. These things are poinsons. Don't feed your children poison. It's pretty simple. "They'll be left out!" Good! While other children consume poison my child will be left out from consuming poison.
Whats wrong with Minecraft, that seems like an odd inclusion in the list?
I was fine with Minecraft until the kids started wanting to install all kinds mods, which as far as I know are random executables you download from shady websites.
I don't really understand why those things are bad? Making your server executable available for dedicated servers is common (and good!) and selling paid mods just seems like selling software to me edit: the private server operators might be bad, but I don't see how this is Minecraft's fault (or how it doesn't apply to every game that allows dedicated servers)
> Minecraft itself is benign So, I dont think anyone said it was their fault, just that it's being exploited.
There is Minecraft the standalone game that you play either by yourself or on a private server with friends you know IRL. That's totally fine. Then there is the wider Minecraft community based on a constellation of public and semi-public servers. This is a lot more like Roblox.
The Minecraft you know and love is a fantastic game, especially for kids. Top 10 all time, IMO, in terms of creativity and education and development. And you can easily set up a personal friends and family server/realm, and there are tons of free mods and maps. The problem is that malicious actors can build Roblox in anything. It's not hard to get kids hooked and begging their parents for lucrative in-game gambling currency.
Microsoft forces login these days for single player play, and jams ads, social networking crap. As a parent, I don’t have time for this bullshit, and assume they have malicious intentions. Also, at least once, there was some warning about a profanity filter that my kid dismissed without reading. It’s tied to my MS account, and only a matter of time before that is tied to github and linkedin. So the kid says “doodie head” one too many times, and what, I lose my windows login / bitlocker key, gh repos and professional network? Screw it.
Do you have link? How does Unity make money running in Fornite which uses Unreal?
See Unite 2025 keynote, also https://www.epicgames.com/site/en-US/news/unity-and-epic-games-together-advance-the-open-interoperable-future-for-video-gaming Unity makes money as usual, the people doing those games pay their professional licenses to Unity.
I'd been riding bikes with my friends around the block since the age of 6. Parents didn't chase us around and minded their own business instead of nanomanaging us into absolute snowflakes that modern children have become. We played tag at building sites, jumping gaps meter wide and five deep, made explosives out of match sticks, bolts and nuts, and showed up at home just to check in and have a quick lunch. We did a bunch more things many parents would deem insane these days (and even our own, should they know)... And yet every single one of my friends managed to survive this now-impossible freedom and came into adulthood with a bunch of wonderful warm memories of our childhoods, free of any stigmas or psychological trumas. This modern fear-based attitude towards childhood is beyond sick. Now before anyone says "but pedophiles and terrorists" - mind you, that was 80's USSR, Chikatilo had still been at large, the gossip was there but wasn't amplified enough to put everyone into scared trance like modern mass-media does. Literally nothing has changed in the society since then, maniacs were around just like they are now, but the attitude towards the outside world has been so blown out of proportion today, that parents are eager to outsource the upbringing to strangers in online games out of fear of strangers and dangers outside.
> that parents are eager to outsource the upbringing to strangers in online games out of fear of strangers and dangers outside. There's a lot of blame for parents, much of it deserved. But when you have CPS being called for kids playing in the woods or parents charged with manslaughter when some one else runs over their kid you realize this is now going against the grain to resist this stuff.
> made explosives out of match sticks, bolts and nuts I used to do similar crazy things, had this friend who liked to play a kind of a game of chicken with an M-80, see who will hold on to it the longest. He would've been 45 years old today. /s
My elder brother would be 47 this year should he not die aged 2 of sudden acute disease that doctors of that day and place couldn't stop. What's your point?
FLUX.2: Frontier Visual Intelligence (bfl.ai)
Updating the GenAI comparison website is starting to feel a bit Sisyphean with all the new models coming out lately, but the results are in for the Flux 2 Pro Editing model! https://genai-showdown.specr.net/image-editing It scored slightly higher than BFL's Kontext model, coming in around the middle of the pack at 6 / 12 points. I’ll also be introducing an additional numerical metric soon, so we can add more nuance to how we evaluate model quality as they continue to improve. If you're solely interested in seeing how Flux 2 Pro stacks up against the Nano Banana Pro, and another Black Forest model (Kontext), see here: https://genai-showdown.specr.net/image-editing?models=km,nbp,f2p Note: It should be called out that BFL seems to support a more formalized JSON structure for more granular edits so I'm wondering if accuracy would improve using it.
I just finished my Flux 2 testing (focusing on the Pro variant here: https://replicate.com/black-forest-labs/flux-2-pro ). Overall, it's a tough sell to use Flux 2 over Nano Banana for the same use cases, but even if Nano Banana didn't exist it's only an iterative improvement over Flux 1.1 Pro. Some notes: - Running my nuanced Nano Banana prompts though Flux 2, Flux 2 definitely has better prompt adherence than Flux 1.1, but in all cases the image quality was worse/more obviously AI generated. - The prompting guide for Flux 2 ( https://docs.bfl.ai/guides/prompting_guide_flux2 ) encourages JSON prompting by default , which is new for an image generation model that has the text encoder to support it. It also encourages hex color prompting, which I've verified works. - Prompt upsampling is an option, but it's one that's pushed in the documentation ( https://github.com/black-forest-labs/flux2/blob/main/docs/flux2_with_prompt_upsampling.md ). This does allow the model to deductively reason, e.g. if asked to generate an image of a Fibonacci implementation in Python it will fail hilariously if prompt sampling is disabled, but get somewhere if it's enabled: https://x.com/minimaxir/status/1993361220595044793 - The Flux 2 API will flag anything tangently related to IP as sensentive even at its lowest sensitivity level, which is different from Flux 1.1 API. If you enable prompt upsampling, it won't get flagged, but the results are...unexpected. https://x.com/minimaxir/status/1993365968605864010 - Costwise and generation-speed-wise, Flux 2 Pro is on par with Nano Banana, and adding an image as an input pushes the cost of Flux 2 Pro higher than Nano Banana. The cost discrepancy increases if you try to utilize the advertised multi-image reference feature. - Testing Flux 1.1 vs. Flux 2 generations does not result in objective winners, particularly around more abstract generations.
I've re-run my benchmark with the Flux 2 Pro model and found that in some cases the higher resolution models (I believe Flux 2 Pro handles 4k) can actually backfire on some of the tests because it'll introduce the equivalent of an almost ESRGAN style upscale which may add in unwanted additional details. ( See the Constanza test in particular ). https://genai-showdown.specr.net/image-editing
That Constanza test result is baffling.
Great, especially that they still have an open-weight variant of this new model too. But what happened to their work on their unreleased SOTA video model? did it stop being SOTA, others got ahead, and they folded the project, or what? YT video about it: https://youtu.be/svIHNnM1Pa0?t=208 They even removed the page of that: https://bfl.ai/up-next/
I heard a possibly unsubstantiated rumor that they had a major failed training run with the video model and canceled the project.
Image models are more fundamentally important at this stage than video models. Almost all of the control in image-to-video comes through an image. And image models still needs a lot of work and innovation. On a real physical movie set, think about all of the work that goes into setting the stage. The set dec, the makeup, the lighting, the framing, the blocking. All the work before calling "action". That's what image models do and must do in the starting frame. We can get way more influence out of manipulating images than video. There are lots of great video models and it's highly competitive. We still have so much need on the image side. When you do image-to-video, yes you control evolution over time. But the direction is actually lower in terms of degrees of freedom. You expect your actors or explosions to do certain reasonable things. But those 1024x1024xRGB pixels (or higher) have way more degrees of freedom. Image models have more control surface area. You exercise control over more parameters. In video, staying on rails or certain evolutionary paths is fine. Mistakes can not just be okay, they can be welcome. It also makes sense that most of the work and iteration goes into generating images. It's a faster workflow with more immediate feedback and productivity. Video is expensive and takes much longer. Images are where the designer or director can influence more of the outcomes with rapidity. Image models still need way more stylistic control, pose control (not just ControlNets for limbs, but facial expressions, eyebrows, hair - everything), sets, props, consistent characters and locations and outfits. Text layout, fonts, kerning, logos, design elements, ... We still don't have models that look as good as Midjourney. Midjourney is 100x more beautiful than anything else - it's like a magazine photoshoot or dreamy Instagram feed. But it has the most lackluster and awful control of any model. It's a 2021-era model with 2030-level aesthetics. You can't place anything where you want it, you can't reuse elements, you can't have consistent sets... But it looks amazing. Flux looks like plastic, Imagen looks cartoony, and OpenAI GPT Image looks sepia and stuck in the 90's. These models need to compete on aesthetics and control and reproducibility. That's a lot of work. Video is a distraction from this work.
Hot take: text-to-image models should be biased toward photorealism. This is because if I type in "a cat playing piano", I want to see something that looks like a 100% real cat playing a 100% real piano. Because, unless specified otherwise, a "cat" is trivially something that looks like an actual cat. And a real cat looks photorealistic. Not like a painting, or cartoon, or 3D render, or some fake almost-realistic-but-cleary-wrong "AI style".
APT Rust requirement raises questions (lwn.net)
my biggest problem with rust is. i can't read it. i never know what this symbol means. is it a keyword? a type, a variable, a constant or a macro? Sure loading it into a IDE with a language server may help understanding the code.
> Where are they coming from? One is in lives in Brazil and I think the other lives in the Middle East. They both have old second hand 32 bit laptops from the 00's. > but you seem to paint it as some kind of affordability frontier... Yes because there are people still using old hardware because they have no choice. Also, whats the problem with supporting old architectures? Plan 9 solved the portability problem and a prominent user recently ported it to cheap MIPS routers so we can run Plan 9 on cheap second hand network hardware. We have the tool chain support so we use it. And believe me, I understand a raspberry pi or whatever is much faster and uses less power but I would rather we reduce e-waste where possible. I still run old 32 bit systems because they work and I have them.
> whats the problem with supporting old architectures? It's not free, it's not easy, and it introduces hard to test and rarely run code paths that may or may not have problems on the target architecture. I think there's a pretty strong argument for running hardware produced in the last 10 years for the next 10 or 20 years. However, I think it should be recognized that there was massive advances in compute power from 2000 to 2010 that didn't happen from 2010 to 2025. A Core 2 Quad (produced in 2010) has ~ 1/2 the performance of the N150 (1/4 the single core performance of the latest AMD 9950). Meanwhile a Pentium 3 from 2000 has roughly 1/10th the performance of the same Core 2 Quad. There are simply far fewer differences between CPUs made in 2010 and today vs CPUs made in 2000 to 2010. Even the instruction set has basically become static at this point. AVX isn't that different from SSE and there's really not a whole bunch of new instructions since the x64 update.
The last 32bit laptop CPU was produced nearly 20 years ago. Further, there are still several LTS linux distros (including the likes of Ubuntu and Debian) which don't have the rust requirement and won't until the next LTS. 24.04 is supported until 2029. Meaning you are talking about a 25 year old CPU at that point. And even if you continue to need support. Debian based distros aren't the only ones on the plant. You can pick something else if it really matters.
> The last 32bit laptop CPU was produced nearly 20 years ago. 15 years max; I can easily find documentation of Intel shipping Atom chips without 64-bit support in 2010, though I haven't found a good citation for when exactly that ended.
Or maybe old devices and tech should expect a limited support window, or be expected to fork after some time?
Some of us abandoned commercial OSs for Debian precisely to escape that mentality.
Sorry in advance if this is a dumb question, but isn't Rust's 'Cargo' package manager one of the draws of Rust? While I follow along that Rust's memory safety is a big benefit, does not the package manager and the supply chain attacks that come along with it take away from the benefits? For reference, NPM has had no shortage of supply chain security incidents. How would adding Rust to such core dependencies not introduce new supply chain attack opportunities?
Cargo defaults to downloading from `crates.io` but can easily be configured to get its dependencies elsewhere. That could be an alternative registry run by a Linux distribution or other organization, or even just overriding paths to dependencies to where local copies are stored. I'd expect a distro like Debian to mandate the use of an internal crate registry which mirrors the crates they're choosing to include in the distro with the versions they're choosing. This adds supply chain attack opportunities in the same way that adding any software adds supply chain attack opportunities, the use of `cargo` instead of `curl` to download sources doesn't change anything here.
>Now I begrudge any time I have to go back to python. It feels like its beauty is only skin deep, but the ugly details are right there beneath the surface: prolific duck typing, exceptions as control flow, dynamic attributes. All these now make me uneasy, like I can’t be sure what my code will really do at runtime. I feel like this sentiment is from people who haven't really took the time to fully see what the Python ecosystem is. Any language can have shittly written code. However languages that by default disallow it means that you have to spend extra time prototyping things, whereas in Python, you can often make things work without much issue. Dynamic typing and attributes make the language very flexible and easily adaptable.
Oh I’m familiar with the ecosystem. Yes the dynamic nature does make it easy to prototype things flexibly. The problem is when your coworker, or you, decide to flexibly and dynamically get the job on a Friday before a long weekend and then 3 months later you need to figure out how a variable is being set, or where a method is being called.
But that is the kind of convenience and ease of use that brings us another npm malware incident every other month at this point.
On the other hand you don't have developers handrolling their own shitty versions of common things like hashmaps or json-serializers, just because the dependencies are to hard to integrate.
> For this specific issue, if square brackets were used for generics, then something else would have to change for array indexing The compiler knows when the `A` in `A[B]` is a type vs a variable.
A compiler could disambiguate, but the goal is to have parsing happen without knowing if A is a type or a variable. That is the inappropriate intertwining of parsing and semantics that languages are interested in getting away from, not continuing with. Anyway, just to be clear: not liking the turbofish is fine, it's a subjective preference. But it's not an objective win, that's all I'm saying. And it's only one small corner of Rust's syntax, so I don't think that removing it would really alleviate the sorts of broad objections that the original parent was talking about.
I certainly would support rustfmt turning those redundant forms into the simpler one.
I suspect rustfmt would consider this out of scope, but there should be a more... "adventurous" code formatter that does more opinionated changes. On the other hand, you could write a clippy lint today and rely on rustfix instead
Not at all! I'm trying to sell Rust to someone who is worried about it. I'm not trying to sound elitist. I want people to try it and like it. It's a useful tool. I want more people to have it. And that's not scaring people away. Rust isn't as hard or as bad as you think. It just takes time to let it sink in. It's got a little bit of a learning curve, but that pain goes away pretty quick. Once you've paid that down, Rust is friendly and easy. My biggest gripe with Rust is compile times with Serde and proc macros.
> Rust isn't as hard or as bad as you think. I think this depends a LOT on what you're trying to do and what you need to learn to do it. If you can get by with the std/core types and are happy with various third party crates, then you don't really need to learn the language very deeply. However, if you want to implement new data structures or generic algorithms, it gets very deep very quickly.
I totally agree. In reality, today, if you want to produce auditable high-integrity, high-assurance, mission-critical software, you should be looking at SPARK/Ada and even F* (fstar). SPARK has legacy real world apps and a great eco system for this type of sofware. F* is being used on embedded and in other realworld apps where formal verification is necessary or highly advantageous. Whether I like Rust or not, should not be the defining factor. AdaCore has a verifed Rust compiler, but the tooling around it does not compare to that around SPARK/Ada. I've heard younger people complain about PLs being verbose, boring, or not their thing, and unless you're a diehard SPARK/Ada person, you probably feel that way about it too. But sometimes the tool doesn't have to be sexy or the latest thing to be the right thing to use. Name one Rust realworld app older than 5 years that is in this category.
> Name one Rust realworld app older than 5 years that is in this category. Your "older than 5 years" requirement isn't really fair, is it? Rust itself had its first stable release barely 10 years ago, and mainstream adoption has only started happening in the last 5 years. You'll have trouble finding any "real-world" Rust apps older than 5 years! As to your actual question: The users of Ferrocene[0] would be a good start. It's Rust but certified for ISO 26262 (ASIL D), IEC 61508 (SIL 4) and IEC 62304 - clearly someone is interested in writing mission-critical software in Rust! [0]: https://ferrocene.dev/
Command line utilities often handle not-fully-trusted data, and are often called from something besides an interactive terminal. Take for example git: do you fully trust the content of every repository you clone? Sure, you'll of course compile and run it in a container, but how prepared are you for the possibility of the clone process itself resulting in arbitrary code execution? The same applies to the other side of the git interaction: if you're hosting a git forge, it is basically a certainty that whatever application you use will call out to git behind the scenes. Your git forge is connected to the internet, so anyone can send data to it, so git will be processing attacker-controlled data. There are dozens of similar scenarios involving tools like ffmpeg, gzip, wget, or imagemagick. The main power of command line utilities is their composability: you can't assume it'll only ever be used in isolation with trusted data!
None of that requires a borrow checker. Any memory safe compiled managed language will do.
That's definitely true! Some people might complain about the startup cost of a language like Java, though: there are plenty of scripts around which are calling command-line utilities in a very tight loop. Not every memory-safe language is suitable for every command-line utility.
> Canonical or debian should work on porting the rust toolchain (ideally with tier 1 support) to every architecture they release for This will be an impediment for new architectures in the future. Instead of just "builds with gcc" we would need to wait for Rust support.
> Instead of just "builds with gcc" we would need to wait for Rust support. There's always rustc_codegen_gcc (gcc backend for rustc) and gccrs (Rust frontend for gcc). They are't quite production-ready yet, but there's a decent chance it's good enough for the handful of hobbyists wanting to run the latest applications on historical hardware. As to adding new architectures: it just shifts the task from "write gcc backend" to "write llvm backend". I doubt it'll make much of a difference in practice.
Much of the drive to rewrite software in Rust is a reaction to the decades-long dependence on C and C++. Many people out there sit in the burning room like the dog in that meme, saying "this is fine". Most of them don't have to deal at all directly with the consequences involved. Rust is the first language for a long time with a chance at improving this situation. A lot of the pushback against evangelism is from people who simply want to keep the status quo, because it's what they know. They have no concept of the systemic consequences. I'd rather see over-the-top evangelism than the lack of it, because the latter implies that things aren't going to change very fast.
Sometimes good things are ruined by people around. I think Rust is fine, although I doubt its constraints are universally true and sensible in all scenarios. This is also not an endorsement of C/C++.
As evidenced by this very comment chain. I've seen, by far, way more comment from people annoyed by vegans. I can't even remember the last time I've heard a vegan discuss it outside of just stating the food preference when we got out to eat.
If I don't see it it doesn't happen is the definition of anedoctal.
Brain has five 'eras' with adult mode not starting until early 30s (theguardian.com)
I think that environment is probably also a factor. My only parent died when I was a teen and I had to grow up really fast. I got a lot of things wrong but my brain did not have any other options either way.
Bizarre. This says that most children are had by adolescents. And that they’ve always been mostly had by adolescents. Maybe this is an example of culturally-driven development? Or does this explain why there’s so many bad parents?
So a while back, I was interviewing business people still active in their 80s and 90s -- as part of a very intriguing project that got cut short but did produce some fascinating notes. I remember asking one 95-year-old guy still serving (competently) on a bank board if there was anything that he did better now than when he was in his 60s. His answer: "I'm a better writer." The Cambridge research cited in this study categorizes late-life changes in brain function as nothing but declining capability, all the way down. My guess is they are mostly right. But I'm intrigued by the notion that some of that elder erosion might lead to new clarity about how everything fits together.
Turns out the Hobbits had it right [0]. [0] https://andreian.com/hobbits-coming-of-age/#:~:text=What%20you%20are%20responsible%20for,Pursue%20fulfillment%20aggressively.
There is nothing to engage with. I think tersely. Some researchers could learn. I find it annoying that a large part of research is the obsession of taking a perfectly smooth, gradual phenomenon and introducing artificial boundaries, sometimes even with formal labels. And then we spend the next few decades rolling it back as we inevitably find out that reality is nuanced, and the arbitrary categorization is more of a distraction than a meaningful tool. But I'm sure this fantastical finding was great for somebody's career.
Meaningful categorization is a necessary and foundational aspect of science and understanding in general. We categorize matter into categories such a solid, liquid, and gas, because this has meaningful consequences beyond merely temperature. If you think the categories in this article are useless, you're going to need to justify that. Aging is well-known to encompass phases with nonlinear transformations, such as puberty or menopause. So what you find "annoying" is actually a building block of science. And while disagreeing in a particular case is certainly valid, you're going to have to either present evidence to the contrary, or else find weaknesses in the particular methodology used. So there's plenty to engage with. You're just not doing it, so your comments are just snark with no value.
Sounds like you cannot bear making yourself the sole person responsible and need to involve more people in your decision making cope. Not sure if that’s healthy tbh, just sounds like you don’t like shouldering blame for responsibilities. So if you were childlike before in your thinking I guess at least you’re a college student now.
The parent comment was talking about having trauma. They were probably once in a position where they very much weren’t healthy, and through the gradual gaining of awareness came to the realization that they needed help. If I had a broken leg, it’s obviously not going to help trying to fix it myself. Why would it be a stretch that unhealthy thought patterns, which by their nature are self reinforcing, not require an external influence to help break the feedback loops?
> Biggest lesson learned: I could not do it without at least one other person (or more) who I trust almost 100% with all of myself. Its strange. The biggest lesson I learned was almost the opposite: I learned that the meaning of life has nothing to do with other people or their estimation of me. It has more to do with who you are when there is nobody else around. Other people often act as a sort of fun house mirror that distort and reflect back a false image. Learning to be happy alone and seeing through the pleasant lies is absolutely vital to becoming an adult.
The danger with self reinforcement is you can convince yourself of almost anything. There are many selves, and you will never know your true self. Because you can only process yourself through your own mind, which will perform transforms, regardless of how hard you try not to. And maybe there isn't even a true self, only perceptions.
> We also ultimately derive pretty much everything we most value in life from our interactions with other lives This implies that almost everything you value is something transient that can, and one day will, be taken away. If not willingly, then by death. Doesn't it make more sense to have a few core values that don't depend on others and then build relationships and all the rest upon that foundation? To steal from Alan Watts, lets use an example. Imagine a whirlpool in a clear stream. It has great beauty and takes intricate forms as it dances a whirls. You sit beside it and enjoy watching it for hours. Now ask yourself is it the particular group a H2O molecules that make up the whirlpool that you love? If so it will be gone in an instant, and each moment for you will become another in a series of great losses as the molecules are swept away by new ones. Is it the pattern the water makes that you love? No, the pattern itself changes every moment as well. The change itself is part of what mesmerizes you. What you love about the whirlpool is something deeper, and more fundamental, something that change can't take from you. That's the thing you have to build your appreciation of life from. Other people are just the molecules and ripples. > Some people can go build a cabin in the woods and live off the land and spend all their free time meditating and be perfectly happy. I would argue that a man who can't stand to be alone with himself is either a bad man who is a good judge of character, or an incomplete person. I don't mean that everyone should go live alone, just that everyone should be able to. You're probably right that most people can't do it, but the majority is often wrong.
It depends on how you view life. In my view, the purpose of life is to build relationships, love, and understanding. I can be alone, but loneliness forever is, in my mind, indistinguishable from me not existing. Tree and the forest and all that. Yes, relationships die because everything changes constantly. Nothing is stagnant. But then again everything dies. Ultimately, I want to impact others and be impacted.
i think its incredibly difficult for a male to truly become a man without children. it is very easy and seductive to be a manchild forever, whereas society seems to force women to grow up. And its certainly possible for a father to remain a manchild, but i think without that kind of responsibility and focus of having to mentor and keep another human alive its difficult to fully mature. edit: I am a man
I don't think it's so different for men and women anymore now but I agree with the sentiment otherwise. Becoming an engaged father shifted my perspective on who I am, changed opinions on societal matters, and made me feel like the person I was -- despite, from a young age, spending non-trivial amounts of time on contemplating morality and society and considering myself as a youth to be "mature for my age" -- was a selfish git. I went from "c'mon what's the harm"-ing naysayers to "HEY think big picture! LONG term!" on SO many aspects of life. The man I was would not get along with the father I am. Your statement won't be popular, but I agree that, statistically-speaking, it's an overt intellectual "next stage".
↙ time adjusted for second-chance
Jakarta is now the biggest city in the world (axios.com)
If anyone is looking for a good movie to get a sense of what Jakarta is like, highly recommend "The Year of Living Dangerously" with Mel Gibson/Sigourney Weaver https://www.imdb.com/title/tt0086617/
I used to spend a lot of time in Jakarta for work, and it's an underrated city. Yes, it's hot, congested, polluted and largely poor, but so is Bangkok. Public transport remains not great, but it's improved a lot with the airport link, the metro, LRT, Transjakarta BRT. SE Asia's only legit high speed train now connects to Bandung in minutes. Grab/Gojek (Uber equivalents) make getting around cheap and bypass the language barrier. Hotels are incredible value, you can get top tier branded five stars for $100. Shopping for locally produced clothes etc is stupidly cheap. Indonesian food is amazing, there's so much more to it than nasi goreng, and you can find great Japanese, Italian, etc too; these are comparatively expensive but lunch at the Italian place in the Ritz-Carlton was under $10. The nightlife scene is wild , although you need to make local friends to really get into it. And it's reasonably safe, violent crime is basically unknown and I never had problems with pickpockets (although they do exist) or scammers. I think Jakarta's biggest problems are lack of marketing and top tier obvious attractions. Bangkok has royal palaces and temples galore plus a wild reputation for go-go bars etc, Jakarta does not, so nobody even considers it as a vacation destination.
I'm always surprised how big the population of Indonesia is yet it seems culturally underrepresented in the world compared to a lot of smaller countries
Previous submission: https://news.ycombinator.com/item?id=46038863
Alternative Link: https://www.aa.com.tr/en/asia-pacific/jakarta-world-s-most-populous-capital-with-42-million-people-un-report/3751868 Key Facts: Number of megacities, urban areas with 10 million or more inhabitants has quadrupled from 8 in 1975 to 33 in 2025. Jakarta is now the world’s most populous city, with nearly 42 million residents. The current population of Indonesia is 286 million. In 2019, Indonesia said it will be moving its capital to Nusantara, a new city which is under construction.
> In 2019, Indonesia said it will be moving its capital to Nusantara, a new city which is under construction. Because Jakarta is literally sinking into the ocean. It also has a terrible flood problem which is only going to get worse. Doesn’t bode well for the population.
I also imagine a lot of people who are admiring these megacities have never been to one. Jakarta has oceans of scooters and, when I was there to visit some customers with our country manager, she had a driver. With some exceptions like Singapore, SE Asian cities are horrible to get around.
Other than Singapore. I am not sure why SE Asian cities aren't going as all in on mass transit like China. Jakarta has a single subway line for 42 million people. They have some light rail line and buses. If you compare this with Tokyo, Shanghai, Beijing its really night and day.
Probably a combination of overall wealth and government policies/stability/priorities. I'd probably add Hong Kong to the list of cities with pretty good public transit but, overall, it's pretty bad in that area of the world relative to cities that you'd generally consider to be "good."
Democratic governments are weak on deficit spending, especially poor ones, the debt from their tiny stretch of high speed rail almost became a scandal.
The West just refuses to build anything. Whereas in Asia its not uncommon to build entire cites from scratch.
Why spend billions building when you can just keep raising rents on existing infrastructure?
Hrmm. What data source can I see to demonstrate this? I looked at a chart I have referenced before that shows nationwide USA housing starts over the last 20 years ranging from 2 to 8 per 1000 people. Then I searched for one for Canada and found one suggesting 1-2 per 1000 since 2005. And, evidently, the situation in Canada as developed/deteriorated to the extent there's a whole subreddit for the canadian housing crisis?
Looks to be averaging around 250,000 per year over the last decade. That'd be over 12 per 1000. https://tradingeconomics.com/canada/housing-starts
Yes so it looks like the Reddit people are committing major chart-crimes, showing quarterly data as such, rather than annualized rates, and not mentioning it. It looks like this is a source of truth: https://www150.statcan.gc.ca/t1/tbl1/en/tv.action?pid=3410013501&pickMembers%5B0%5D=1.1&pickMembers%5B1%5D=4.1&cubeTimeFrame.startMonth=07&cubeTimeFrame.startYear=2005&cubeTimeFrame.endMonth=07&cubeTimeFrame.endYear=2025&referencePeriods=20050701%2C20250701
I have watched reddit become useless for any kind of nuanced debate over the last 5 years. It's rather sad to me, because once upon a time I learned a lot about others views - especially ones I disagree with. Even HN is much less welcoming of the "I think I agree with you, but walk me through your thinking" replies than it used to be. I presume this is reflective of a few broader societal trends, and it's.. not good.
Trillions spent and big software projects are still failing (spectrum.ieee.org)
No big surprise. Taking a shitty process and "digitalizing" it will lead to a shitty process just on computers in the best case, in the worst case everything collapses.
Slightly related but unpopular opinion I have: I think software, broadly, today is the highest quality its ever been. People love to hate on some specific issues concerning how the Windows file explorer takes 900ms to open instead of 150ms, or how sometimes an iOS 26 liquid glass animation is a bit janky... we're complaining about so much minutia instead of seeing the whole forest. I trust my phone to work so much that it is now the single, non-redundant source for keys to my apartment, keys to my car, and payment method. Phones could only even hope to do all of these things as of like ~4 years ago, and only as of ~this year do I feel confident enough to not even carry redundancies. My phone has never breached that trust so critically that I feel I need to. Of course, this article talks about new software projects. And I think the truth and reason of the matter lies in this asymmetry: Android/iOS are not new. Giving an engineering team agency and a well-defined mandate that spans a long period of time oftentimes produces fantastic software. If that mandate often changes; or if it is unclear in the first place; or if there are middlemen stakeholders involved; you run the risk of things turning sideways. The failure of large software systems is, rarely, an engineering problem. But, of course, it sometimes is. It took us ~30-40 years of abstraction/foundation building to get to the pretty darn good software we have today. It'll take another 30-40 years to add one or two more nines of reliability. And that's ok; I think we're trending in the right direction, and we're learning. Unless we start getting AI involved; then it might take 50-60 years :)
There is no such thing as ‘simplicity science’ that can be directly applied when dealing with IT problems. However, many insights of complexity science are applicable to solving real world IT problems. People love simple solutions. However Simple is a scam, https://nocomplexity.com/simple-is-a-scam/ There are no generic, simple solutions for complex IT challenges. But there are ground rules for finding and implementing simple solutions. I have created a playbook to prevent IT diasasters, The art and science towards simpler IT solutions see https://nocomplexity.com/documents/reports/SimplifyIT.pdf
I spent way less - and they still fail!
To stop failing we could use AI to replace managers not software developers.
No need to waste GPUs, a simple bash script that alternates between asking for status updates and randomly changing requirements would do
Hot take: It's not technical problems causing these projects to fail. It's leadership and accountability (well, the lack of them).
And that often takes a particular form: The requirements never converge, or at least never converge on anything realistically buildable.
It’s so “nice” to know, that trillions spent on AI not only won’t make this better, but it’ll make it significantly worse.
Not really, by most indications AI seems to be an amplifier more than anything else. If you have strong discipline and quality control processes it amplifies your throughput, but if you don't, it amplifies your problems. (E.g. see the DORA 2025 report.) So basically things will still go where they were always going to go, just a lot faster. That's not necessarily a bad thing.
Yes, AI can help, but it won’t. That’s my point. In practice, it will make people even less care or pay attention. These big disasters will be written by people without any skills using AI.
I study and write quite a bit of tech history. IMHO from what I've learned over the last few years of this hobby, the primary issue is quite simple. While hardware folks study and learn from the successes and failures of past hardware, software folks do not. People do not regularly pull apart old systems for learning. Typically, software folks build new and every generation of software developers must relearn the same problems.
Some consequences of NOT learning from prior successes and failures: (a) no more training for the next generation of developers/engineers (b) fighting for the best developers, and this manifests in leetcode grinding (c) decrease in cooperation among team mates, etc.
> In reality, it's more like the Fellowship of the Rings trying to make it to Mt Doom, but that realization happens slowly. And boy to the people making the decisions NOT want to hear that. You'll be dismissed as a naysayer being overly conservative. If you're in a position where your words have credibility in the org, then you'll constantly be asked "what can we do to make this NOT a quest to the top of Mt Doom?" when the answer is almost always "very little".
Impossible projects with impossible deadlines seems to be the norm and even when people pull them off miraculously the lesson learned is not "ok worked this time for some reason but we should not do this again", then the next people get in and go "it was done in the past why can't we do this?"
I work at $FANG, every one of our org's big projects go off the rails at the end of the project and there's always a mad rush at the end to push developers to solve all the failures of project management in their off hours before the arbitrary deadline arrives. After every single project, the org comes together to do a retrospective and ask "What can devs do differently next time to keep this from happening again". People leading the project take no action items, management doesn't hold themselves accountable at all, nor product for late changing requirements. And so, the cycle repeats next time. I led and effort one time, after a big bug made it to production after one of those crunches that painted the picture of the root cause being a huge complicated project being handed off to offshore junior devs with no supervision, and then the junior devs managing it being completely switched twice in the 8 month project with no handover, nor introspection by leadership. My manager's manager killed the document and wouldn't allow publication until I removed any action items that would constrain management. And thus, the cycle continues to repeat, balanced on the backs of developers.
Of course the reason it works this way is that it works. As much as we'd like accountability to happen on the basis of principle, it actually happens on the basis of practicality. Either the engineers organize their power and demand a new relationship with management, or projects start going so poorly that necessity demands a better working relationship, or nothing changes. There is no 'things get better out from wisdom alone' option; the people who benefit from improvements have to force the hand of the people who can implement them. I don't know if this looks like a union or something else but my guess is that in large part it's something else, for instance a sophisticated attempt at building a professional organization that can spread standards which organizations can clearly measure themselves against them. I think the reasons this hasn't happened is (a) tech has moved too fast for anyone to actually be able to credibly say how things should be done for longer than a year or two, and (b) attempts at professional organizations borrowed too much from slower-moving physical engineering and so didn't adapt to (a). But I do think it can be done and would benefit the industry greatly (at the cost of slowing things down in the short term). It requires a very 'agile' sense of standards, though.. If standards mean imposing big constraints on development, nobody will pay attention to them.
Reminds me of the military. Senior leaders often have no real idea of what is happening on the ground because the information funneled upward doesn't fit into painting a rosy report. The middle officer ranks don't want to know the truth because it impacts their careers. How can executives even hope to lead their organizations this way?
Is it middle management that has no accountability, or executive? Middle and line managers are nearly as targeted by layoff culling as ICs these days in FAANG. The broad processes they're passing down to ICs generally start with someone at director level or higher.
Accurate (aimed) fire is only one danger on the battlefield. Troops must also contend with artillery, shrapnel, and IEDs. A lot of times getting hurt has no relation to anything you did except to stand in the wrong inch. In other words, you can have no accountability and no safety.
When people live in multi million dollar homes, self-respect doesn't pay monthly mortgage.
Joke is, most of these homes aren't worth anywhere close to their paper value. Cy Porter's home inspection videos... jeez. How these "builders" are still in business is mind-blowing to me (as a German). Here? Some of that shit he shows would lead to criminal charges for fraud.
The problem with that is that it would require a huge amount of coordination for it to be by design. I think it's better to look on it as systemic. Which isn't to say there aren't malign forces contributing.
Indeed. How does that saying go? Don’t attribute to malice what can be explained by stupidity? On the other hand Microsoft and taceboook did collude to keep salaries low. So who knows.
> "Why worry about something that isn’t going to happen?” Lots to break down in this article other than this initial quotation, but I find a lot of parallels in failing software projects, this attitude, and my recent hyper-fixation (seems to spark up again every few years), the sinking of the Titanic. It was a combination of failures like this. Why was the captain going full speed ahead into a known ice field? Well, the boat can't sink and there (may have been) organizational pressure to arrive at a certain time in new york (aka, imaginary deadline must be met). Why wasn't there enough life jackets and boats for crew and passengers? Well, the boat can't sink anyway, why worry about something that isn't going to happen? Why train crew on how to deploy the life rafts and emergency procedures properly? Same reason. Why didn't the SS Californian rescue the ship? Well, the 3rd party Titanic telegraph operators had immense pressure to send telegrams to NY, and the chatter about the ice field got on their nerves and they mostly ignored it (misaligned priorities). If even a little caution and forward thinking was used, the death toll would have been drastically lower if not nearly nonexistent. It took 2 hours to sink, which is plenty of time to evacuate a boat of that size. Same with software projects - they often fail over a period of multiple years and if you go back and look at how they went wrong, there often are numerous points and decisions made that could have reversed course, yet, often the opposite happens - management digs in even more. Project timelines are optimistic to the point of delusion and don't build in failure/setbacks into schedules or roadmaps at all. I've had to rescue one of these projects several years ago and it took a toll on me I'm pretty sure I carry to this day, I'm wildly cynical of "project management" as it relates to IT/devops.
> and my recent hyper-fixation (seems to spark up again every few years), the sinking of the Titanic. But the rest of your comment reveals nothing novel other than anyone would find after watching James Cameron's movie multiple times. I suggest you go to the original inquiries (congressional in the US, Board of trade in the UK). There is a wealth of subtle lessons there. Hint: Look at the Admiralty Manual of Seamanship that was current at that time and their recommendations when faced with an iceberg. Hint: Look at the Board of Trade (UK) experiments with the turning behaviour of the sister ship. In particular of interest is the engine layout of the Titanic and the attempt by the crew, inexperienced with the ship, to avoid the iceberg. This was critical to the outcome. Hint: Look at the behaviour of Captain Rostron. Lots of lessons there.
One of the problems is scale. Large scale systems tend to fail. large centralised and centrally managed systems with big budgets and large numbers of people who need to coordinate, lots of people with an interest in the project pushing and lobbying for different things. Multiple smaller systems is usually a better approach, where possible. Not possible for things like transport infrastructure, but often possible for software.
> Not possible for things like transport infrastructure It depends what you define as a system. Arguably a lot of transport infrastructure is a bunch of small systems linked with well-understood interfaces (e.g. everyone agrees on the gauge of rail that's going to be installed and the voltage in the wires). Consider how construction works in practice. There are hundreds or thousands of workers working on different parts of the overall project and each of them makes small decisions as part of their work to achieve the goal. For example, the electrical wiring of a single train station is its own self-contained system. It's necessary for the station to work, but it doesn't really depend on how the electrical system is installed in the next station in the line. The electricians installing the wiring make a bunch of tiny decisions about how and where the wires are run that are beyond the ability of someone to specify centrally - but thanks to well known best practices and standards, everything works when hooked up together.
Making Crash Bandicoot (2011) (all-things-andy-gavin.com)
Guess it's time for my annual reading of Andy's Crash blog :D
Related / Past discussions: https://news.ycombinator.com/item?id=9737156 ( How Naughty Dog Fit Crash Bandicoot into 2MB of RAM on the PS1) 934 points|ekianjo|10 years ago|247 comments https://news.ycombinator.com/item?id=32663433 How Crash Bandicoot hacked the original Playstation (2020) 325 points|agomez314|3 years ago|71 comments Crash Bandicoot: An oral history https://www.polygon.com/2017/6/22/15820540/crash-bandicoot-an-oral-history https://news.ycombinator.com/item?id=14613982 152 points|Tomte|8 years ago|40 comments
Crash Bandicoot, loved that game! Especially the levels where you had to run backwards, those were amazing fun
I’ve always hated running to the left and running toward the screen in games. Neither feel natural but perhaps it is only because it is not what I am used to.
For those not aware: One of the developers of Crash Bandicoot, Dave Baggett, is a longtime HN contributor: https://news.ycombinator.com/user?id=dmbaggett . It was his royalties from Crash Bandicoot that enabled him to co-found/angel-invest in ITA Software, the flight search platform that Google acquired to be the foundation for Google Flights. https://mixergy.com/interviews/david-baggett-ita-software-interview/
Posts tagged with Dave on this blog: https://all-things-andy-gavin.com/tag/dave-baggett/
Oh man, this has been posted probably 100 times now but this is still a great blog. I guess today another 10,000 people will learn about how crash bandicoot was made. https://xkcd.com/1053/ I was in video game development at the time and it was really exciting due to the switch from 2D to 3D for most games which made the math a programmer was required to know go way up in complexity. And you hade new things called graphics cards that had their own apis to program to and drivers that didn't always do what they were supposed to do so you were always feeling around in the dark a bit when working with a new console or new graphics card. I remember so many bugs that weren't necessarily our fault, but the fault of buggy drivers or a misimplemened OpenGL call by the driver or console provider. I couldn't imagine layering on top of that a lisp dialog to program your game in given that we were doing incredible things to shave off milliseconds. It seems counter intuitive to put a high level interpreted language ontop of that but these geniuses pulled it off!!
[delayed]
 Top