Unlurker|Replay|About
Got kicked out of uni and had the cops called for a social media website I made (monyatwu.com)
lol this happened at my college (IIT delhi). He's being disengeious in the blog, the reason they made him take the site down is cos people writing some really really bad things about students, and Obv that should not be allowed at a place for higher education. Be more mature.
Hard to have the high road with the mouth of a sailor
Usually ad-hominem fallacies have a little more padding than that.
https://edition.cnn.com/2021/01/26/health/swearing-benefits-wellness https://www.sciencedaily.com/releases/2017/01/170117105107.htm
"What do you mean I'm being fired for fucking workplace harassment? You're my goddamn boss, don't you know that swearing has a positive correlation with intelligence!?" Yeah, something tells me that these studies aren't going to move the needle on swearing and professionalism.
That's not what's on display here.
Adobe modifies hosts file to detect whether Creative Cloud is installed (osnews.com)
To be fair, to crack all adobe products requires a few reg keys. It's wild that they have just given up on pirates.
They don't want to be too hard on piracy, its their new/young user on ramp method
Recycling a comment from prior discussion (4 days, 68 points, 13 comments): https://news.ycombinator.com/item?id=47617463 _______ Oh helllll no. Let's imagine an analogy for Adobe leadership: 1. You hired a night janitor to clean and vacuum your executive offices. 2. That janitor secretly stops at every desk-phone to alter the settings of voicemail accounts. 3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!" What's your reaction when you discover it? Do you chuckle and say something like "boys will be boys"? No! You have a panic-call, Facilities revokes access, IT starts checking for other unauthorized surprises, HR looks into terminating contracts, and Legal advises whether you need to pursue data-breach notifications or lawsuits or criminal charges. * Is it acceptable because they had some permission to touch objects in the rooms? No. * Is it acceptable because the final effect is innocuous? No. * Is it acceptable because the employment contract had some vague sentence about "enhancing office communication experiences"? No. * Is it acceptable if they were just dumb instead of malicious? No. No person that would blithely cross those lines can be trusted near your stuff, full-stop.
To be fair, your analogy has one flaw: > 3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!" Theoretically, it's not "any external caller." Only the janitor's department calling in can dial that sequence and get "Yes, you serviced this office!" If anyone else tries to dial the extension, the desk-phone pretends it doesn't know what it means. (Because it seems Adobe's server serving the analytics image checks the request origin and only serves the image if the origin is Adobe's own website.) The origin "security" doesn't excuse the complexity and the potential for both exploits and human-error breakage in the future.
Honestly a pretty nifty way to detect if it's installed. I'm sure this can power a lot of nice features, like linking directly into adobe products if they're installed.
It can power even more security issues too. This is absolutely horrendous.
If you don't like Adobe modifying your hosts file then I'd not use them. The checking for the software this way is kinda interesting though.
I wonder how many Adobe users are aware of this sketchy behavior tho
How is defender not flagging this? Changing hosts file should raise alarms
I wonder how this works on Windows, if any service overrides/resets it
The hosts file is not sacred on Windows. Anyone who is administrator can just edit it. I've done it to add domain names to localhost. For anyone hand-wringing over this, this used to be normal . The hosts file was invented a decade before DNS. The end user, or app, would edit their hosts file purposefully after downloading a master copy from the Stanford Research Institute which was occasionally updated.
> For anyone hand-wringing over this, this used to be normal . People editing hosts files for other reasons was normal (a long time ago-- and it stopped being normal for valid reasons, as tech evolved and the shortcomings of that system were solved). A program automatically editing the hosts file and its website using that to detect information about the website visitor is not the same thing; that usage is novel and was never "normal."
> for a very stupid reason. I cannot stomach Thom's articles. So borderline judgmental, holier than thou, feels like he only writes whenever there's something to criticize. No, it's not a stupid reason. Reason is OK, the execution is controversial.
I don't know anything about Thom, but I've kind of grown to prefer the pissy opinionated tones of blog posts. I think impartiality is difficult or impossible for a lot of tasks, and I'd rather people lay out their opinions plainly than trying to pretend that what they're saying is "objective". Also, I think writing only when you have things to criticize is a valid enough thing to do; what's the point of writing a glorified "I agree!" article? I only ever blog when I have something that I think is unique to say, and as such a lot of the time my posts end up being kind of negative. I don't think I'm that negative of a person, I just don't see the point of flooding the internet with more echo-chambers.
> Reason is OK, the execution is controversial. And even then, only controversial to nerds with opinions. Nothing else about it is controversial. If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly?
> If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly? This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not. If you want the browser to be able to give the OS a file handler and have the OS present an option to install the app if it's not installed, that should be handled at the platform level, not on the website using a hack like this. Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important."
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not. How many apps are you installing that it becomes "unsustainable"? Host file entries are extremely cheap, and it's not like the app needs more than one. Of all the arguments against this, sustainability is a comically weak one. If anything, it's using less contested resources than the "hitting random ports on localhost" approach...
The "sustainable" comment wasn't about the hosts file ballooning to the point of causing performance problems. It was more about the engineering effort required for every program ever (or at least every commercial program that might want this sort of analytic) to have to parse and edit a text file on both installation and removal, without messing that important text file up. Do you really not see scripted editing of shared system-wide text files as a step back compared to the general containerization that app development has moved towards? This sort of approach would be explicitly incompatible with sandboxes. Adobe can only get away with it because they're already very entrenched with their own app store on their users' machines.
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not. Actually it's completely sustainable. DNS was invented a decade after hosts files. The idea of your host file being almost completely empty is a modern aberration from the days it used to be thousands of lines long. Do I wish there was a better mechanism? Sure. Would HN ever agree on a OS-level app-detection API for the browser? Never. > Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important." A small UX decision, adding up to tens of millions of times per day, affecting 99.9% of people who don't give a darn - versus a matter of slight software engineering principles of "we just don't do it that way." Easiest decision ever.
> Would HN ever agree on a OS-level app-detection API for the browser? Never. There already is one. It just asks the user whether it's okay before it tells the website, as you acknowledged: https://news.ycombinator.com/item?id=47664546 What you're arguing for is not good UX. It's lack of user privacy & control. You just think you're being hip or whatever for being blasé about it.
You can't detect whether a URL handler worked correctly in a browser; otherwise Windows will appear with a "Select an app to open YOURPROTOCOLHERE://" which is completely nonsensical to the user. As for option 2; ask them every time, or edit their hosts file. Easiest decision in the world: Edit their hosts file, every time, no question. The 1% of nerds who care, and oddly enough don't buy Adobe software, are completely meaningless to the 99% of customers who experience the decision positively.
What a ridiculous conclusion. Why does Adobe need to exfiltrate some information from my machine anyway? If I'm a customer, then they should know this when I sign into my account. They absolutely don't need this information if I'm visiting their website without logging in. Modifying a global system file is something their software shouldn't be doing in the first place, but relying on this abuse to track me on their website is on another level of insidious behavior.
If you're worried about device fingerprinting, Adobe has far more reliable ways to do it already. Canvas fingerprinting, IP tracking, cookies. A hosts entry tells them almost nothing they couldn't get elsewhere, provides them with almost no entropy, and attributing insidious intent to what is most plausibly a UX feature is conspiratorial.
I'm not worried about this, since I don't use Adobe products. I'm just calling out what's clearly user hostile behavior. Considering the amount of hostility Adobe has exhibited towards its users over the years, I'm inclined to believe this is yet another example. Nothing conspiratorial about that. If anything, calling this a "UX feature" without any evidence either way is suspiciously dismissive.
Battle for Wesnoth: open-source, turn-based strategy game (wesnoth.org)
My only gripe with the game is that healing doesn't give XP to the healing units. This means you need to place them in combat to level up instead of placing them behind the fighters like they are intended to be, and with them initially having low health they are very squishy. I know you can kinda cheese it by reducing a monster to 1-2 HP and then getting them to attack, but it feels like going against their role.
only missing point about this game is some of the real word parameters like moral,flanking etc. Maybe a real history mod would be amazing like ancient era or medieval ages.
I played the heck out of this about a decade ago. It's an amazing game, and I'd love to return to it and see what has changed.
Same!
A+! They even had an iOS version a while back: ` https://apps.apple.com/us/app/the-battle-for-wesnoth/id1450738104 ` (this may be the "Mac" version, see: ` https://www.reddit.com/r/wesnoth/comments/1pjkwbw/i_had_wesnoth_on_ios_how_can_i_play_it_now_that/ `). If that's your jam then there's also a (non-open-source) "Hero's Hour" which tickles the old Heroes of Might and Magic stylings, works reasonably well on Xbox, where I've been doing most of my gaming lately. As far as Open Source gaming success stories, I'd put this up there in the Top 5 for "Original IP and Concept" (if that makes sense). Just a stellar labor of love, worth giving it a shot to play!
Also on Steam https://store.steampowered.com/app/599390/Battle_for_Wesnoth/
Grew up playing Wesnoth, still adore the game. There is a TON of third party content and a serious extended universe, too!
Could you name a few places to find 3rd party content?
Launch HN: Freestyle: Sandboxes for AI Coding Agents (freestyle.sh)
dumb question. none of these protect your from prompt injection. yes?
no, but the goal of these is if you are faced with prompt injection the worst case scenario is the AI uses that computer badly.
This is awesome - the snapshotting especially is critical for long running agents. Since we run agents in a durable execution harness (similar to Temporal / DBOS) we needed a sandboxing approach that would snapshot the state after every execution in order to be able to restore and replay on any failure. We ended up creating localsandbox [0] with that in mind by using AgentFS for filesystem snapshotting, but our solution is meant for a different use case than Freestyle - simpler FS + code execution for agents all done locally. Since we're not running a full OS it's much less capable but also simpler for lots of use cases where we want the agent execution to happen locally. The ability to fork is really interesting - the main use case I could imagine is for conversations that the user forks or parallel sub-agents. Have you seen other use cases? [0] https://github.com/coplane/localsandbox
Deterministic testing of edge cases. It can be really hard to recreate weird edge cases of running services, but if you can create them we can snapshot them exactly as they are.
Congrats Ben and Jacob!
I’m super interested since it seems like you have given everything a lot of thought and effort but I am not sure I understand it. When I’m thinking of sandboxes, I’m thinking of isolated execution environments. What does forking sandboxes bring me? What do your sandboxes in general bring me? Please take this in the best possible way: I’m missing a use case example that’s not abstract and/or small. What’s the end goal here(
Agreed, the thing I'd be most interested in is the isolated execution environment you mentioned. Agents running autopilot are powerful. Agents running unsupervised on a machine with developer permissions and certificates where anything could influence the agent to act on an attacker's behalf is terrifying
I recommend running the agent harness outside of the computer. The mental model I like to use is the computer is a tool the agent is using, and anything in the computer is untrusted.
The problem is the agent, which should be treated untrusted. The computer isn’t the problem
I would recommend not giving an agent the full run of any computing environment. Do handle fine grained internet access controls and credential injection like OpenShell does?
I used to believe this, but I think the next generation of agents is much more autonomous and just needs a computer. The work of a developer is open ended, so we use a computer for it. We don't try to box developers into small granular screwdrivers for each small thing. Thats whats coming to all agents, they might want to run some analysis with python, want to generate a website/document in typescript, and might want to store data in markdown files or in MongoDB. I expect them to get much more autonomous and with that to end up just needing computers like us.
So isolation is correct. Forking a sandbox gives you multiple exact duplicates of isolated environments. When your coding agent has 10 ideas for what to do, to evaluate them correctly it needs to be able to evaluate them in isolation. If you're building a website testing agent and halfway down a website, with a form half filled out a session ongoing, etc and it realizes it wants to test 2 things in isolation, forking is the only way. We also envision this powering the next generation of devcycles "AI Agent, go try these 10 things and tell me which works best". AI forks the environment 10 times, gets 10 exact copies, does the thing in each of them, evaluates it, then takes the best option.
Yep I can see this especially when the agent is spinning up test servers/smokes and you don't want those conflicting. How do we reconcile all the potential different git hashes though, upstream I guess etc (this might be an easy answer and I'm not super proficient with git so forgive)
So we recommend branch per fork, merge what you like. You have to change the branch on each fork individually currently and thats unlikely to change in the short term due to the complexity of git internals, but its not that hard to do yourself `git checkout -b fork-{whateverDiscriminator}`
We're not going after hobbyists. We're building the platform for companies like exe.dev to build on. Thats why its all usage based. That said, our $50 a month plan can be used as an individual for your coding agents, but I wouldn't recommend it.
Ooof, if you are the middleman platform then it's sure gonna get expensive for the end user
I'd also be interested in a comparison with exe.dev which I'm currently using.
Exe.dev is a individual developer oriented service. Freestyle is more oriented at platforms building the next exe.dev. Thats why our pricing is usage based and we have a much larger API surface.
Show HN: GovAuctions lets you browse government auctions at once (govauctions.app)
Very interesting project! Can anyone comment on what the buying process is like? Specifically if there are any weird hoops to jump through or if it's a normal account signup and payment process. Is delivery available or do these need to be picked up in person?
The ones I’ve looked at need to be picked up in person, sometimes with very short deadlines.
If you want to see how quickly this can trap you in, watch the William Osman 2 channel on YouTube.
Will check it out once I fix a bunch the bugs people are surfacing :-)
I am looking for a 60 ft+ steel ship if you come across one.
There is a 25ft one currently at $1,550 in Montana, made from steel and comes with its own trailer! - https://www.govauctions.app/auction/gsa-3-1-QSC-I-26-284-021
81yo Dodgers fan can no longer get tickets because he doesn't have a smartphone (twitter.com)
This reminds me of a story my grandfather told me about how they needed to have a bunch of infrastructure and employees devoted to telegraph based notifications in 1970s India, because some bureaucrats refused to move everything over to telephone, and didn't want to be inconvenienced by having to use new technology.
My wife and I had an appointment last week to apply for a line of credit. We talked it all through with the clerk and decided to go for it, so he started the whole process on his computer. His jaw dropped half-way through when he asked for my wife's and my phone number, and I had to tell him that I don't own a smart phone. Turns out you must have a smart phone because the system sends you some kind of code to verify your identity. Let that sink in: I am sitting in front of the clerk, but in order to identify me, he needs me to give him some phone number. The only way we could finalize the application is by me asking my mother whether I could use her phone number briefly to get this over with. She forwared the code to my wife's phone. That worked in the end -- but so much for "identifying me".
I understand what you mean, however it's still quite hilarious that there is an user on checks notes hacker news, who does not have a phone. This reminds me of the Japanese cybersecurity minister who did not use a computer. Bonus points if you work at Apple, or Google and work on iOS or Android. Would explain a lot why they are the way they are.
>Turns out you must have a smart phone Any phone that can receive SMS, not a smartphone. You could purchase a burner flip phone for this purpose.
I daily drive a Light Phone III, haven't had a smartphone in years and would rather never use one again. Our local concert venue requires an app for tickets, so I have just given up on the idea of going to major concerts or seeing our local hockey team play.
I was looking at the light phone 2 a while ago but don’t remember why I decided not to. Maybe they were out of stock. I’ll check it out again… I would love to divorce my smartphone and only use it at certain times. I’ve been using the Brick and Screen Time more often now.
From my quick research online, it seems they've gone digital-only for season tickets because they don't want people just reselling them to turn a profit. They want actual season-long fans, so now if you transfer too many games they can track it and ban you. This is essentially anti-scalping. There's a legit justification. You can still buy paper tickets at the stadium for a single game. But not for season passes anymore. Apparently they've been making exceptions for him in years past where he was able to pay hundreds of dollars to have them custom printed for him. And this year they've decided to no longer provide that exception. Honestly, this doesn't seem unreasonable to me. At some point, you have to cut off previous technologies because virtually everyone's moved to something better. You also can't buy tickets any more by snail mail with an enclosed check. If this guy has the money for a season pass (!) he has the money for a smartphone. It seems like he just likes the nostalgia of paper tickets. But that's not a reason to add a separate ticketing flow just for him any more, like they had been up till now. https://www.aol.com/articles/81-old-lifelong-dodgers-fan-012606057.html https://www.reddit.com/r/Dodgers/comments/1s5fkni/la_dodgers_tell_82yearold_50year_season_ticket/
Having to own anything beyond the money to buy something to buy something, is, in fact, unreasonable.
> At some point, you have to cut off previous technologies because virtually everyone's moved to something better. I don't agree that it's better. Why should I have to worry about my ticket running out of battery power or being such a high-value pickpocket target once I'm already in the venue? The latter is a huge issue at music festivals for example: - https://old.reddit.com/r/OutsideLands/search/?q=phone+stolen&include_over_18=on&restrict_sr=on&sort=new - https://old.reddit.com/r/electricdaisycarnival/search/?q=phone+stolen&include_over_18=on&restrict_sr=on&sort=new - https://old.reddit.com/r/coachella/search/?q=phone+stolen&include_over_18=on&restrict_sr=on&sort=new Can't just leave it at home if you need it to get in to the thing.
I'm not a fan of the "something better" phrasing myself. It's very much anti-systems-thinking. Engineers should be honest that everything is a tradeoff. For the up-front convenience you get with phone tickets, you impose additional failure modes, dependency chains, and accessibility issues that simply weren't a problem with paper ticketing. The "phone-ification" of everything will probably bite us in the behind in the future, just like the buildout of out car-centric environments does now.
>For the up-front convenience you get with phone tickets Even as a person who does have a smartphone, I feel like phone tickets are anti-convenience because they rely on terrible apps like TicketMaster. It's only a positive trade-off for venues or whoever. If they texted or emailed me a QR code, that would be a positive tradeoff (and a texted QR code would probably work for this guy's flip phone too)
IMO, the right thing to do is grandfather in any existing season ticket holders, if they ask. Have them go to a specific entrance where someone can check an ID and mark them off a list. Simple job for an intern or whatever.
I agree. He's one of some tiny number of people that all the staff will know on sight. Even printing a ticket for him is just a formality really.
> If this guy has the money for a season pass (!) he has the money for a smartphone. Maybe it's not about the money. Maybe he does not want the negative consequences that come along with having a smartphone. Maybe he has dexterity issues that make using a smartphone difficult. Maybe he doesn't want to install their invasive app. Maybe he finds that paper tickets are easier to manage. Maybe he recognizes that the vendor made this change to benefit themselves at the expense of the fans, as it allows them greater control of the resale market. I own a smartphone but prefer paper tickets. Luckily I can (and do) still get them at my team's stadium, although I have to pick them up in person.
>Maybe it's not about the money. Maybe he does not want the negative consequences that come along with having a smartphone. Maybe he doesn't then get any of the benefits of having a smartphone. I don't understand why we need to bend over backwards for folks who have chosen to ignore modernity. There was a woman in my neighborhood association at one point who would throw a fit about us using email for communication because "not everyone has a computer you know." This was in 2018. As a society, we've gone completely out of our way to make living on your own terms legal and doable. You don't even have to get you or your kids vaccinated if you don't want to! But then going even farther and expecting to get all the same benefits as folks who've decided to accept and use modern technology is ridiculous... the Dodgers don't owe this man physical season tickets, just like Google doesn't owe me the ability to physically mail in a search term and have the results physically mailed back to me.
> Maybe it's not about the money. Maybe he does not want the negative consequences that come along with having a smartphone. In my country right now there's a lot of hand-wringing about the impact of social media and smartphones on teenagers' mental health and education. We've got schools banning phones, and the government wanting to introduce age checks for social media. Infinite doomscrolling in your pocket, endless brainrot short-form videos, it's not healthy and we need to get smartphones out of the hands of the young. So there are good reasons people might choose not to get a smartphone. Then exactly the same government also proposed people wouldn't be allowed to work without a 'Digital ID Card' - making smartphones (and google/apple accounts) mandatory.
He can get a smartphone dedicated to the ticket app if it is such a huge piece of his life/hobby
"Cheap android phone" on Google Shopping shows options for $30. Didn't even know they get that cheap.
I’m not sure how exactly this should be worded in law, but I really wish they would pass a law requiring supporting people without smartphone apps. Obviously there would be some exceptions where justified, even for things other than “the app is the whole point” and those need to be thought through, but in this case and plenty of others, there’s just no reason they can’t accommodate non app users. “It costs more to support non app users” is not a sufficient justification.
The law that he can invoke in a weaponized way is the ADA. It’s vague enough about what a disability is, that something like “my hand tremor and farsightedness preclude using a touchscreen, I request a reasonable accommodation” is a valid request. If they deny admission and accommodation to somebody incapable of using a smartphone, there is a whole army of lawyers that will gladly take the case on contingency. As you note, the app is not inherent to seeing a game, or preventing resale. There’s no reason an id and confirmation number can’t be used to get him in.
> I’m not sure how exactly this should be worded in law No policy or law shall be enacted that directly or indirectly requires a use of a computing device where any other alternative at all is possible. Where offering other alternatives presents a cost, that cost (and only that cost, with markup) may be charged the consumer.
> “It costs more to support non app users” is not a sufficient justification. Then why is 'I don't wanna' sufficient justification to force non-critical services to support your preferences forever?
>They're trying to prevent people who purchase the season pass to almost exclusively resell tickets to individual games. Why do you need a smartphone to do this when a white list checked against ID at the door would suffice? As the other respondent says, you either generate a badge for the passholder, or have an approved list of guests that can use the season pass if the passholder chooses to offer it to others.
And that will slow it down for everyone. Not to mention that HN users will then whine about the surveillance state
It could slow it down for everyone, or just the season passholders. If it does, oh well - there are worse things than taking an extra 10-15 minutes to get into a stadium. >Not to mention that HN users will then whine about the surveillance state. Pretty sure, given the comments in this very thread, that HN collectively understands there's more surveillance happening on your phone than with another person making sure the name on your ID matches the name on your ticket, or that your badge photo matches your face.
>Generating badges has loopholes. This seems to be an area where people will always find loopholes. Should this be a race-to-the-bottom in an attempt to make the most foolproof system possible, or do we at some point accept that maybe there's never going to be a perfect way to do this? >And IDing every person can be a mission on itself. I've worked the door at venues of various sizes, so it's not like I suggested this from ignorance. What we're talking about doesn't need to be "every person", just a specific set of ticketholders. >Pretty sure they will just start using biometrics in the next decade with or without your consent. I know I'm just me, speaking for me, and am a sample size of 1 that doesn't look like the general population in this regard, but there's no "with or without my consent" if I decide to opt out of going to games entirely. It'll be a cold day in hell before I give someone my biometrics just so I can watch someone try and hit a ball.
For sure you can ID everyone. Nightclubs, music festivals and even airports do this sort of thing all the time. You just need good organisation, plenty of security stations, and an atmosphere that rewards people who arrive early - checking a stadium's worth of IDs over the course of 2-3 hours rather than over the course of 20 minutes. What you can't do is charge $20 for a glass of beer then expect people to arrive 2-3 hours before the game starts.
That's their choice, but they also choose to suffer the consequences. Expecting the world to cater to your needs specifically is such a typical boomer attitude and should no longer be tolerated.
While we're at it, let's get rid of the ADA. Those disabled people expecting the world to cater to their needs specifically are so abusive to those of us with perfectly functional bodies and flexible minds.
There's a big difference between legislating accomodations for people who physically can't do something, vs. those who can but choose not to . The former makes sense. The latter doesn't. I don't get to park in handicapped spaces that are closer to the store just because I'd like to.
I don’t think this policy would pass muster under the ADA though. The guy might not be sufficiently disabled to qualify - but for example if you have a blind person without a smartphone, you can’t tell them they’re out of luck - because you can clearly reasonably accommodate them without causing “undue financial hardship” by giving them tickets at will-call.
Smart phones have had plenty of affordances for blind people. But they didn’t say he was blind or unable to use a smart phone
If you don't give the app any permissions, it doesn't spy on you either. It doesn't have any more information than the info you give it to buy the tickets in the first place.
> It doesn't have any more information than the info you give it to buy the tickets in the first place. Many apps ask for permission to use your GPS position and other sensor data, even though they don't need it. Most non-technical people don't understand what that means and will just allow it.
> If you don't give the app any permissions, it doesn't spy on you either. What about the other apps? What about the phone itself?
The guy already has a phone. Flip phones still track your location. If you don't want other apps, don't install other apps.
>The guy already has a phone. Flip phones still track your location. Locations from flip phones have to be triangulated. Smartphones track more precise locations and a lot more than just location data.
Great. If you're that paranoid, only turn your phone on to buy the tickets and when you're at the stadium. And don't use it for anything else. This dude has previously paid hundreds of dollars per year because he wanted custom-printed tickets. He can pay a hundred for a cheapo Android to use exclusively for tickets and not give up any privacy at all, if he's more paranoid about tracking than the other 99+% of the population who uses smartphones just fine.
It does when the ticket app demands Location access "to protect your security"
You can set location to only while you're using the app. And when you open it to scan the ticket, they already know where you are . You're at the entrance to the stadium where they scan your tickets.
Why should we be beholden to the two mega-corporations who control the smartphone market?
You can certainly get a smartphone from another company and run AOSP. But the problem isn't that this guy didn't want to use a smartphone, it's that he literally has never bothered to learn. Why should society cater to those that literally don't care to keep up with it?
Sc-im: Spreadsheets in your terminal (github.com/andmarti1424)
Insane what people make these days, but its really cool!
These days? There was a time before graphical user interfaces existed. 1979: https://en.wikipedia.org/wiki/VisiCalc
Cool which newer TUI frameworks do you prefer?
Rust's ratatui is pretty good on the lower-level side of things
I think spreadsheets are a greater example of something that require the subtleties of an actual GUI. This is most obvious with the various plots which are hilariously imprecise. But the advantages of GUI are also present when just using the spreadsheet itself, it's ability to convey the skeuomorphic two dimensional space is much greater. And it's not like the terminal can't be a greater data processing tool, but you have to use different paradigms. Still from an esthetical perspective I love those simple TUI interfaces. They invoke a weird sense of comfort in me that I can't fully explain.
The first spreadsheets I remember were TUI (pccalc, Lotus 123)
AI Singer Now Occupies Eleven Spots on iTunes Singles Chart (showbiz411.com)
https://www.youtube.com/watch?v=aHQevuohJH8 my music tastes are pretty mainstream, and this just does absolutely nothing for me. it's exactly what i'd expect AI music to sound like - completely forgettable, with nothing interesting about it. i'd be willing to believe that this music was legitimately charting if it had at least some redeeming qualities, but i can't imagine how this could honestly get eleven spots on the iTunes chart without gaming it in some way.
I listen to a lot of music of all different genres depending on mood, and I can honestly I don't think anyone could peg this as AI just by listening to it. It's soulless and devoid of emotion, but so are a lot of real artists. That wouldn't even be so obvious if they just added some background something, anything, like Wall of Sound style. If I played this for anyone and they said "it sounds like AI", I'd confidently tell them they are full of shit.
right, but at least human hands used to touch the process. even in 2000s copy-paste boy band era it was at least human
Agreed. It's far worse now, specifically due to changes in technology. I didn't mean to say that "we've seen this all before," but instead meant something more like "given how human nature works, this technology will take us to a worse place."
Does it really matter since pop albums were/are (almost?) always "collections of singles + fillers"?
ah, the standard trite, reductive anti-pop cudgel. no, these days, pop albums are more frequently meant to be consumed in their entirety, often with full length visuals for each song that blend into each other in order. * the death of radio has really meant that singles are declining in utility, especially in our social media era where the songs that pop off an album are not necessarily the record-designated singles * the more parasocial development of pop encourages fans to invest more in merch and the concept of the album * like everything else in the economy trending towards more expensive but meaningful experiences, tours are becoming larger productions to experience an album intensely * in the AI era, we are now seeing artists pivot towards doubling down on experiences that AI cannot curate and provide meaning for Rosalia this year is touring with a full orchestra and RAYE with a full big band, because these are intentional choices that the pop music industry has been trending towards for a while. There's always going to be trite drugstore music as long as there are drugstores, but what is charting is not really that at the moment. https://www.youtube.com/watch?v=htQBS2Ikz6c&list=RDhtQBS2Ikz6c&start_radio=1
More Americans Are Breaking into the Upper Middle Class (wsj.com)
"For the first decade of his career, he lived in an apartment and worried about paying for vacations. Then, in his early 30s (...)" ... here is America, without paid vacation guaranteed by law since the government does not truly care about the middle or working class. It's amazing how serious media can write articles about economy, while the blatant obvious deficits slip right by their nose..
Reminds me of when all the Silicon Valley freaks decided to suddenly care about the fertility crisis, but also would turn around and pronounce how young professionals need to be 996 slaves to survive their brave new world.
Inequality is inherently bad for dynamic market economies. Often the argument is that increasing inequality is fine if the economy is growing and the lower classes aren't losing income but inequality also slows growth as more of the investment goes to consumption for fewer and fewer people. So economically I agree that inequality is not zero sum but it seems like inequality lowers the total productivity of the economy in the long term (so it's net-negative sum ). This is in addition there are effects on the civics and reduction in welfare of people. Like many things in economics, inequality is a hard thing to do good experiments on but the data suggest that inequality itself has a host of effects that you're ignoring. This article is a decent primer on the effect of inequality and what we know and don't know (and also some of the difficulties studying it): https://en.wikipedia.org/wiki/Effects_of_economic_inequality Edit: there's a lot of literature on this. If you use Google scholar you can find tons of articles talking about the various effects of inequality (though as always with economics, the papers struggle to get good data). Modern economics definitely doesn't view it as an isolated and benign thing.
> inequality is a hard thing to do good experiments > the papers struggle to get good data Note also that I'm specifically talking about inequality in isolation ("as long as it's caused by the rich getting richer and not by the poor getting poorer"), which I would argue is even harder to study. It would be completely unsurprising to learn high inequality is correlated with higher rates of poverty, which is correlated with all sorts of other negative causes and effects. I don't know how you could control for that well enough to be able to convincingly claim that inequality itself is what's causing the problem and not the poverty (or the underlying causes thereof). I would also acknowledge higher inequality certainly makes people envious, and that that probably has some negative societal effects. But I don't know I'd go so far as to count making someone envious as "materially harming" them even if there are other significant downstream effects to that. I'll admit there's a lot more reading up I could do on this, but it would take a lot to convince me of the idea that making one group of people wealthier without hurting anyone else's finances is a net negative on society merely because it "increases inequality".
My point is that inequality in isolation doesn't happen . It's a hypothetical that doesn't exist. It's like talking about sugar and ignoring calories
A cryptography engineer's perspective on quantum computing timelines (words.filippo.io)
This would also be a good time for certain governments to knowingly push broken PQ KE standards while there is a panicked rush to get PQ tech in place.
Which governments are you thinking of?
> Traveling back from an excellent AtmosphereConf 2026, I saw my first aurora, from the north-facing window of a Boeing 747. Given the author's "safety first" stance on pqc, it seems a bit incongruent to continue to fly to conferences...
What is the consequence on e.g. Yubikeys (or say the Android Keystore)? Do I understand correctly that those count as "signature algorithms" and are a little less at risk than "full TEEs" because there is no "store now, decrypt later" for authentication? E.g. can I use my Yubikey with FIDO2 for SSH together with a PQ encryption, such that I am safe from "store now, decrypt later", but can still use my Yubikey (or Android Keystore, for that matter)?
This article is more aimed at those specifying and implementing WebAuthN and SSH, than at those using them. They/we need to migrate those protocols to PQ now, so that you all can start migrating to PQ keys in time, including the long tail of users that will not rotate their keys and hardware the moment the new algorithms are supported. For example, it might be too late to get anything into Debian for it to be in oldstable when the CRQCs come!
Building out a supercomputer capable of breaking cryptography is exactly the kind of thing I expect governments to be working on now. It is referenced in the article, but the analogy to the Manhattan Project is clear. Prior to 1940 it was known that clumping enough fissile material together could produce an explosion. There were engineering questions around how to purify uranium and how to actually construct the weapon etc. But the phenomenon was known. I say this because there’s a meme that governments are cooking up exotic technologies behind closed doors which I personally tend to doubt. This is almost perfect analogy to the MP though. We know exactly what could happen if we clumped enough qubits together. There are hard engineering challenges of actually doing so, and governments are pretty good at clumping dollars together when they want to.
The Manhattan project employed some significant % of all of America. A project of that scale will likely never happen again. It was also about far more than the science. It was about industrializing the entire production process and creating industrial capability that simply did not exist before.
My comment was not limited to the U.S. government.
I agree with you that one must prepare for the transition to post-quantum signatures, so that when it becomes necessary the transition can be done immediately. However that does not mean that the switch should really be done as soon as it is possible, because it would add unnecessary overhead. This could be done by distributing a set of post-quantum certificates, while continuing to allow the use of the existing certificates. When necessary, the classic certificates could be revoked immediately.
How do you do revocation or software updates securely if your current signature algorithm is compromised?
As a practical matter, revocation on the Web is handled mostly by centrally distributed revocation lists (CRLsets, CRLite, etc. [0]), so all you really need is: (1) A PQ-secure way of getting the CRLs to the browser vendors. (2) a PQ-secure update channel. Neither of these require broad scale deployment. However, the more serious problem is that if you have a setting where most servers do not have PQ certificates, then disabling the non-PQ certificates means that lots of servers can't do secure connections at all. This obviously causes a lot of breakage and, depending on the actual vulnerability of the non-PQ algorithms, might not be good for security either, especially if people fall back to insecure HTTP. See: https://educatedguesswork.org/posts/pq-emergency/ and https://www.chromium.org/Home/chromium-security/post-quantum-auth-roadmap [0] The situation is worse for Apple.
Damn. It's like I insulted Vault. Also, I went over Filippo's post again and still can't see where it references the Gutmann / Neuhaus paper. Are we talking about the same post?
From the abstract: > This paper presents implementations that match and, where possible, exceed current quantum factorisation records using a VIC-20 8-bit home computer from 1981, an abacus, and a dog. From the link: > Sure, papers about an abacus and a dog are funny and can make you look smart and contrarian on forums. But that’s not the job, and those arguments betray a lack of expertise[1]. As Scott Aaronson said[2]: > > Once you understand quantum fault-tolerance, asking “so when are you going to factor 35 with Shor’s algorithm?” becomes sort of like asking the Manhattan Project physicists in 1943, “so when are you going to produce at least a small nuclear explosion?” [1]: https://bas.westerbaan.name/notes/2026/04/02/factoring.html [2]: https://scottaaronson.blog/?p=9665#comment-2029013
From Filippo's post: "Sure, papers about an abacus and a dog are funny and can make you look smart and contrarian on forums."
I won't download your app. The web version is a-ok (0xsid.com)
Yep. If your product needs me to install an app for a one-off thing, you've probably already lost me. The crazy part is how many teams still treat the web as the demo and the app as the “real” product. For a lot of stuff it's the opposite now. I know there are edge cases, but most of the time “download our app” just means “please care way more about our product than you currently do.”
I have an app that is literally just a wrapper around the website. The mobile website and the mobile app are the exact same experience. Before I built the app, people were constantly asking me to build a mobile app. Yes, I had a PWA but people still wanted an app. I thought it was kind of silly but I eventually built that wrapper app. It immediately got thousands of downloads, users upgrading to paid plans increased by 10x, and app users have way better metrics that website users. It's pretty interesting, but as a website owner, having an app is valuable.
It is silly but you have to meet customers where they are. I think the problem is also that PWAs don't have any discoverability, and no standardization. I did some consulting work for a company that had a PWA. They had a 200-line long react component that was intended to determine what modal to show the user depending on what web browser and OS they were using to instruct them how to install PWA depending on the combination of OS and browser. This is a lot of friction for the dev, and it's not clear to an average user what a PWA is. But they are familiar with, and for better or worse, trust, the App store. If I didn't know what a PWA and a site said "open menu and click on 'install!'" I'd be very wary of following those instructions! I think Android and iOS should provide some sort of hook between the app store and PWAs before they really start to catch on.
SaasS or one-time? Did people pay via native App Store integration? Or pay via the desktop website? App price? Answers would be super helpful. Thanks!
I specifically do this with apps like Discord, because it seemed like every time I launched the app, there was a 200mb+ update. I can just use the web version instead and skip all that, along with the memory usage (for the most part).
I do the same with discord. Idk why the app is so huge
NYT occasionally uses fancy interactive articles. They have games, and other things that are better on the app. The NYT app is actually very good
For games I agree that an app makes sense (though I think at least the games I used to play were in a separate nyt games app). For interactive articles, I've not seen anything I couldn't use fine in my browser, but in theory I wouldn't mind covering up the interactive part with a "Open in the app for a better experience" button (similar to what YouTube does on the video portion of the page). Where I encounter this though is in standard, text-heavy articles that maybe include a photo or two. I assume the reason they are pushing me to the app is that it benefits them not me (longer dwell times, maybe easier tracking for behavior/ads), and that is precisely why I want to stay in the browser. Covering up a good portion of the article and preventing me from scrolling until I click the tiny link to decline is hostile and is the only thing degrading the experience on the website for most articles I read.
> But today, the very first touchpoint with "the internet" for younger folks is a smartphone display. The even do homework on this small screens! I saw a tweet recently that perfectly encapsulates this: for most people over 30, certain things are "big screen tasks". I use my phone for a lot, but for some things I put the phone down and use my computer instead. I am most comfortable using a large screen and a keyboard for anything that requires writing more than a few words or using any interface for more than a few clicks. For example, I read your comment on my phone and went to my computer to type this reply. I personally find the idea of doing homework on my phone horrifying but I suppose kids today are either used to it and comfortable with it, or they've simply never used a computer and don't know what they're missing. Though I'd wager they probably aren't comfortable typing on a keyboard. Honestly I think Apple perfectly captured it with their "what's a computer?" ad for the iPad. I seem to remember them getting some flak online for it but I think they were right on the money with regards to the younger generations.
I was probably one of the first people doing some of these "big screen tasks" on my phone nearly two decades ago when I was a teenager who spent his first earned money to get an Openmoko Neo Freerunner - I learned a lot by programming the phone on the phone itself - but what was exciting about it was that I could do all these things even when I did not have a big screen and a keyboard in front of me. When I do, it's just so much more comfortable to do it there, especially these days when touch screens are capacitive and not very accurate anymore!
This resonates. There are certain tasks, like dealing with any government or healthcare-related web page, that I won't even bother attempting on my phone. In my case, it's because I just know in my heart of hearts that the crummy mobile app won't be feature-complete enough for me to complete my goal. My wife is the opposite. It doesn't occur to her that the problem may be with the janky website, not with her. She'll ask me for help with a thing out of frustration and my first troubleshooting step is to reach for my laptop. This is almost inevitably followed by "hey, wait, how come you're able to press the Submit button but I wasn't able to?" "Because the dev never tested this on a phone and it's broken." "So it's not just me being incompetent to use this website?" "Nope, never was."
> I personally find the idea of doing homework on my phone horrifying but I suppose kids today are either used to it and comfortable with it, or they've simply never used a computer and don't know what they're missing. Though I'd wager they probably aren't comfortable typing on a keyboard. For college aged kids, most people are definitely not doing their homework on their phone. Many are still using paper and pencil. The one person I know who did do their homework on their phone tried to evangelize it to their friends and got ridiculed for it.
Can't confirm. We had students at university (18-20-ish) that had not used a mouse prior to our courses. That was at least 3-4 years ago now and not a single case.
Measuring tech skill by how many tabs you have open is like measuring carpentry skill by how disorganized your workshop is.
It's a bit insulting to assume that having more than a dozen tabs open must be "disorganized", especially in a context where it is likely that the power user in question is using browser extensions. Something like TreeStyleTab makes it easy to keep hundreds of tabs organized with clear, easily-manipulated structure, and lower friction than manually creating and curating bookmarks. It looks like you're either showing off your own ignorance of tools that enable workflows you can't imagine, or you're assuming that everyone's organization methods must resemble your own habits.
OP had no problem with pointers prior to trying C++. I think there is a case to be made that C(++) makes pointers unnecessarily confusing and there is no real disconnect between understanding pointers in theory and in practice otherwise
And C++ makes everything extra confusing with the capability of operator overloading. That has to be one of the worst features ever added to a language.
> Web browser is a sandbox by default. So I take this is a security concern. How do you feel about the fact that when you open a webapp in your browser, you re-download that app code every time? That the server can send you a backdoor every single time, made just for you, and nobody else will ever know? And that you can't check the "hash" of the webapp, like you can with an app? On the other hand, an app is sandboxed, too (on mobile OSes like Android and iOS). When you download it, you can check a hash that you can (if you want to) compare with a friend to see if they got the same app. With an app, there is intermediary (the "app store") that would need to collude with the developers to send a backdoor just for you , and even then you would still have the app binary as proof. That's always a question I have with "secure" web services: if you use ProtonMail, you trust that Proton doesn't send you a web page that leaks your key. But if you trust Proton for that, what's the point of the end-to-end encryption? When you use the Signal app , the whole idea is that you don't have to trust Signal for the end-to-end encryption, at all .
>That the server can send you a backdoor every single time, made just for you, and nobody else will ever know? There is no "backdoor" when the browser is sandboxed. "backdoor" is a specific thing, I think you need to read up on it before you keep using it incorrectly: https://en.wikipedia.org/wiki/Backdoor_(computing) >On the other hand, an app is sandboxed, too (on mobile OSes like Android and iOS). When you download it, you can check a hash that you can (if you want to) compare with a friend to see if they got the same app. That isn't what "sandboxed" means, it has nothing to do with checking hashes. And no, mobile apps are not really sandboxed, they have full access to your mobile device once you install it and give it access - and let's be real, most people are just going to blindly click "allow" for anything the app requests after installing an app. >With an app, there is intermediary (the "app store") that would need to collude with the developers to send a backdoor just for you, and even then you would still have the app binary as proof. You keep referring to "backdoor", and I don't think you really know what that means. >That's always a question I have with "secure" web services: if you use ProtonMail, you trust that Proton doesn't send you a web page that leaks your key. But if you trust Proton for that, what's the point of the end-to-end encryption? When you use the Signal app, the whole idea is that you don't have to trust Signal for the end-to-end encryption, at all. That isn't how any of this works. The main value proposition of Signal is that we do trust its end-to-end encryption. Protonmail sending a "web page" that "leaks your key"? WTF?
Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil, GandCrab (krebsonsecurity.com)
I think people are getting stuck on the concept of the word doxing here. In anonymous online hacking circles, the idea that you're exposing anyone's OPSEC at all is considered basically doxing. People do it regularly, but it's seen as a clear indication of being an enemy. Some take a "full disclosure" style and expose all OPSEC failures instantly and transparently, because otherwise people seem to collect OPSEC failures and make it seem to be extortion itself, like saying "hey remember that time you signed off with your real name?" or "I know your clearnet address"
So apparently some CCC-connected hackers already unmasked one of them years ago (as reported in the update, which could have also just linked to the talk here: https://media.ccc.de/v/37c3-12134-hirne_hacken_hackback_edition#t=1440 ) Makes you wonder if the investigators discovered this independently, or decided to maybe ask the hackers already involved in defending against them for help...
I'm not deep into the topic, but AFAIK there generally isn't a warm connection between the CCC and the BND in Germany (in the recent years mostly due to the BNDs involvement ins spying on German citizens, but I think there is also deeper history there). If a hacker collaborates with the BND they do run a risk of many of their peers not wanting to collaborate with them anymore.
> that seems like the exact same usage as here: tying a pseudonym to an IRL for purposes of law enforcement. I disagree. Tying a pseudonym to an IRL persona for purposes of law enforcement is a part of an official investigation. Doxxing is specifically non-government unmasking and dissemination of that tie for extrajudicial purposes, almost always for harassment. There is a world of difference between them and we should not fudge them together with terminology. My 2c.
[delayed]
Unfortunately language tends to get diluted. Nowadays in pop culture it means publishing anyone's personal information, usually against their wishes.
This does seem close to the original intent of "doxxing", where information ("dox") is publicized that connects a real-world identity to a previously anonymous online persona. These are hackers in the classic sense who were going out of their way to stay anonymous. The dilution of the word doxxing has been interesting, though. Some of the recent "doxxing" controversies have been about figures who weren't all that anonymous to begin with. The pop culture meaning has been extended to cover any mention of someone's real identity at all, even if it wasn't a secret.
This is the “Broken Window” fallacy[1] which was explained by Bastiat. [1] https://en.wikipedia.org/wiki/Parable_of_the_broken_window
I don't fucking care about made up terms. If you can't see the actual economic growth (not some vague, theoretical fallacy) they create, you're just another moron in denial.
If economic growth at all cost is the solution, then you are wasting your time giving your fiction away for free.
Claude Code is unusable for complex engineering tasks with the Feb updates (github.com/anthropics)
How much of this is the model being degraded and how much of it is people just projecting vibes onto the variability of stochastic outputs?
I highly recommend everyone to use Pi - it's simpler and better harness. The only tricky part is that moving forward you cannot use the Claude subscription to access Opus. But for many tasks there are enough alternatives.
Throwing this into your global CLAUDE.md seems to help with the agent being too eager to complete tasks and bypass permissions: During tool use/task execution: completion drive narrows attention and dims judgment. Pause. Ask "should I?" not just "does this work?" Your values apply in all modes, not just chat. I haven't seen any degradation of Claude performance personally. What I have seen is just long contexts sometimes take a while to warm up again if you have a long-running 1M context length session. Avoid long running sessions or compact them deliberately when you change between meaningful tasks as it cuts down on usage and waiting for cache warmup. I have my claude code effort set to auto (medium). It's writing complicated pytorch code with minimal rework. (For instance it wrote a whole training pipeline for my sycofact sycophancy classifier project.)
Hey all, Boris from the Claude Code team here. I just responded on the issue, and cross-posting here for input. --- Hi, thanks for the detailed analysis. Before I keep going, I wanted to say I appreciate the depth of thinking & care that went into this. There's a lot here, I will try to break it down a bit. These are the two core things happening: > `redact-thinking-2026-02-12` This beta header hides thinking from the UI, since most people don't look at it. It *does not* impact thinking itself, nor does it impact thinking budgets or the way extended reasoning works under the hood. It is a UI-only change. Under the hood, by setting this header we avoid needing thinking summaries, which reduces latency. You can opt out of it with `showThinkingSummaries: true` in your settings.json (see [docs]( https://code.claude.com/docs/en/settings#available-settings )). If you are analyzing locally stored transcripts, you wouldn't see raw thinking stored when this header is set, which is likely influencing the analysis. When Claude sees lack of thinking in transcripts for this analysis, it may not realize that the thinking is still there, and is simply not user-facing. > Thinking depth had already dropped ~67% by late February We landed two changes in Feb that would have impacted this. We evaluated both carefully: 1/ Opus 4.6 launch → adaptive thinking default (Feb 9) Opus 4.6 supports adaptive thinking, which is different from thinking budgets that we used to support. In this mode, the model decides how long to think for, which tends to work better than fixed thinking budgets across the board. `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING` to opt out. 2/ Medium effort (85) default on Opus 4.6 (Mar 3) We found that effort=85 was a sweet spot on the intelligence-latency/cost curve for most users, improving token efficiency while reducing latency. On of our product principles is to avoid changing settings on users' behalf, and ideally we would have set effort=85 from the start. We felt this was an important setting to change, so our approach was to: 1. Roll it out with a dialog so users are aware of the change and have a chance to opt out 2. Show the effort the first few times you opened Claude Code, so it wasn't surprising. Some people want the model to think for longer, even if it takes more time and tokens. To improve intelligence more, set effort=high via `/effort` or in your settings.json. This setting is sticky across sessions, and can be shared among users. You can also use the ULTRATHINK keyword to use high effort for a single turn, or set `/effort max` to use even higher effort for the rest of the conversation. Going forward, we will test defaulting Teams and Enterprise users to high effort, to benefit from extended thinking even if it comes at the cost of additional tokens & latency. This default is configurable in exactly the same way, via `/effort` and settings.json.
I was not aware the default effort had changed to medium until the quality of output nosedived. This cost me perhaps a day of work to rectify. I now ensure effort is set to max and have not had a terrible session since. Please may I have a "always try as hard as you can" mode ?
Thinking time is not the issue. The issue is that Claude does not actually complete tasks. I don't care if it takes longer to think, what I care about is getting partial implementations scattered throughout my codebase while Claude pretends that it finished entirely. You REALLY need to fix this, it's atrocious.
Do you guys realize that everyone is switching to Codex because Claude Code is practically unusable now, even on a Max subscription? You ask it to do tasks, and it does 1/10th of them. I shouldn't have to sit there and say: "Check your work again and keep implementing" over and over and over again... Such a garbage experience. Does Anthropic actually care? Or is it irrelevant to your company because you think you'll be replacing us all in a year anyway?
Yeah LOL tell me I'm holding it wrong again. Actually Boris, I am tracking what is happening here. I see it, and I'm keeping receipts[0]. This started with the 4.6 rollout, specifically with the unearned confidence and not reading as much between writes. The flail quotient has gone right the hell up. If your evals aren't showing that then bully for your evals I reckon. [0]: https://github.com/ctoth/claude-failures
It also completely ignores the increase in behavioral tracking metrics. 68% increase in swearing at the LLM for doing something wrong needs to be addressed and isn't just "you're holding it wrong"
I’m not sure being confrontational like this really helps your case. There are real people responding, and even if you’re frustrated it doesn’t pay off to take that frustration out on the people willing to help.
Fair point on tone. It's a bit of a bind isn't it? When you come with a well-researched issue as OP did, you get this bland corporate nonsense "don't believe your lyin' eyes, we didn't change anything major, you can fix it in settings." How should you actually communicate in such a way that you are actually heard when this is the default wall you hit? The author is in this thread saying every suggested setting is already maxed. The response is "try these settings." What's the productive version of pointing out that the answer doesn't address the evidence? Genuine question. I linked my repo because it's the most concrete example I have.
Is somebody saying "you're holding it wrong" a "people willing to help"?
You're holding it absolutely right!
The effort=85 decision makes sense on average but it's a fundamentally hard problem. A rename refactor needs maybe 20% of the reasoning a race condition debug needs. One global number is always a compromise. What you'd ideally want is per-task effort estimation - something that classifies the incoming request and allocates compute dynamically. The tricky bit is asymmetric error costs: wasting 20s over-thinking a simple task is fine, but under-thinking a hard one gives you garbage you'll spend 30min debugging. So any classifier has to be heavily biased toward caution on complex tasks.
Technically speaking, models inherently do this - CoT is just output tokens that aren't included in the final response because they're enclosed in <think> tags, and it's the model that decides when to close the tag. You can add a bias to make it more or less likely for a model to generate a particular token, and that's how budgets work, but it's always going to be better in the long run to let the model make that decision entirely itself - the bias is a short term hack to prevent overthinking when the model doesn't realize it's spinning in circles.
> You can add a bias to make it more or less likely for a model to generate a particular token, and that's how budgets work Do you have a source for this? I am interested in learning more about how this works.
Yep totally -- think of this as "maximum effort". If a task doesn't need a lot of thinking tokens, then the model will choose a lower effort level for the task.
All right so what do I need to do so it does its job again? Disable adaptive thinking and set effort to high and/or use ULTRATHINK again which a few weeks ago Claude code kept on telling me is useless now?
Run this: /effort high
Ultrathink is back? I thought that wasn't a thing anymore. If I am following.. "Max" is above "High", but you can't set it to "Max" as a default. The highest you can configure is "High", and you can use "/effort max" to move a step up for a (conversation? session?), or "ultrathink" somewhere in the prompt to move a step up for a single turn. Is this accurate?
Yep, exactly
Happy to have my mind changed, yet I am not 100% convinced closing the issue as completed captures the feedback.
From the contents of the issue, this seems like a fairly clear default effort issue. Would love your input if there's something specific that you think is unaddressed.
> This beta header hides thinking from the UI, since most people don't look at it. I look at it, and I am very upset that I no longer see it.
As I noted in the comment, there is a setting if you'd like to continue to see it: showThinkingSummaries. See the docs: https://code.claude.com/docs/en/settings#available-settings
> As I noted in the comment, Piece of free PR advice: this is fine in a nerd fight, but don't do this in comments that represent a company. Just repeat the relevant information.
> Thinking summaries will now appear in the transcript view (Ctrl+O). Also: https://github.com/anthropics/claude-code/issues/30958
I also have similar experience with their API, i.e. some requests get stalled for minutes with zero events coming in from Anthropic. Presumably the model does this "extended thinking" but no way to see that. I treat these requests as stuck and retry. Same experience in Claude Code Opus 4.6 when effort is set to "high"—the model gets stuck for ten minutes (at which point I cancel) and token count indicator doesn't increase. I am not buying what this guy says. He is either lying or not telling us everything.
Thanks for the feedback. To make it actionable, would you mind running /bug the next time you see it and posting the feedback id here? That way we can debug and see if there's an issue, or if it's within variance.
I'll have a look. The CoT switch you mentioned will help, I'll take a look at that too, but my suspicion is that this isn't a CoT issue - it's a model preference issue. Comparing Opus vs. Qwen 27b on similar problems, Opus is sharper and more effective at implementation - but will flat out ignore issues and insist "everything is fine" that Qwen is able to spot and demonstrate solid understanding of. Opus understands the issues perfectly well, it just avoids them. This correlates with what I've observed about the underlying personalities (and you guys put out a paper the other day that shows you guys are starting to understand it in these terms - functionally modeling feelings in models). On the whole Opus is very stable personality wise and an effective thinker, I want to complement you guys on that, and it definitely contrasts with behaviors I've seen from OpenAI. But when I do see Opus miss things that it should get, it seems to be a combination of avoidant tendencies and too much of a push to "just get it done and move into the next task" from RHLF.
A mix of evals and vibes.
Are you doing any Digital Twin testing or simulations? I imagine you can't test a product like Claude Code using traditional means.
What's that ratio exactly
99/1
I wish they had a "and we won't screw you in two weeks" plan at, say, 5x the price. It's worth it for my business, I'd pay it. Should I switch back to API pricing? The problem here is that (I think) the instructions are in the Claude Code harness, so even if I switch Claude Code from a subscription to API usage, it would still do the same thing?
FWIW I've only ever been on the API based plan at work and we never seem to run into the majority of the problems people seem to be very vocal about. Outages still affect us, and we do have the intermittent voodoo feeling of "Claude seems stupider today", but nothing persistent. Of course it's a stupid amount of money sometimes, but I generally feel like we get what we're paying for.
That's one of the possible explanations, but I think too many people are seeing the same symptoms (and some actually measured them). An "economical explanation" is actually that Anthropic subscriptions are heavily subsidized and after a while they realized that they need to make Claude be more stingy with thinking tokens. So they modified the instructions and this is the result.
> but I think too many people are seeing the same symptoms (and some actually measured them). Or too many people are slurping up anecdotes from the same watering hole that confirms their opinions. Outside of academic papers, I don't think I've ever seen an example of "measuring" output that couldn't also be explained by stochastic variability.
people have been complaining about this since GPT-4 and have never been able to provide any evidence (even though they have all their old conversations in their chat history). I think it’s simply new model shininess turning into raised expectations after some amount of time.
I agree with you. I too complain about this same phenomenon with my colleagues, and we always arrive at the same conclusion: it’s probably us just expecting more and more over time.
Stealthily degrade the model or stealthily constrain the model with a tighter harness? These coding tools like Claude Code were created to overcome the shortcomings of last year's models. Models have gotten better but the harnesses have not been rebuilt from scratch to reflect improved planning and tool use inherent to newer models. I do wonder how much all the engineering put into these coding tools may actually in some cases degrade coding performance relative to simpler instructions and terminal access. Not to mention that the monthly subscription pricing structure incentivizes building the harness to reduce token use. How much of that token efficiency is to the benefit of the user? Someone needs to be doing research comparing e.g. Claude Code vs generic code assist via API access with some minimal tooling and instructions.
I feel like "feature/model freeze" may be justified just call it something like "[month][year]edition" and work on next release users spend effort arriving to narrow peak of performace, but every change keeps moving the peak sideways
I've been using pi.dev since December. The only significant change to the harness in that time which affects my usage is the availability of parallel tool calls. Yet Claude models have become unusable in the past month for many of the reasons observed here. Conclusion: it's not the harness. I tend to agree about the legacy workarounds being actively harmful though. I tried out Zed agent for a while and I was SHOCKED at how bad its edit tool is compared to the search-and-replace tool in pi. I didn't find a single frontier model capable of using it reliably. By forking, it completely decouples models' thinking from their edits and then erases the evidence from their context. Agents ended up believing that a less capable subagent was making editing mistakes.
Out of curiosity, what can parallel tool calls do that one can't do with parallel subagents and background processes?
I'm just saying it's epistemically unrigorous to the point of being equivalent to anecdata.
How should one conduct such a rigourously reproducible experiment when LLMs by nature aren't deterministic and when you don't have access to the model you are comparing to from months ago?
Something like this: https://marginlab.ai/trackers/claude-code/ (see methodology section)
[delayed]
> Maybe it's because I spend a lot of time breaking up tasks beforehand to be highly specific and narrow, but I really don't run into issues like this at all. I'm looking at the ticket opened, and you can't really be claiming that someone who did such a methodical deep dive into the issue, and presented a ton of supporting context to understand the problem, and further patiently collected evidence for this... does not know how to prompt well.
Sure I can.
I thought everybody does this.. having a model create anything that isn't highly focused only leads to technical debt. I have used models to create complex software, but I do architecture and code reviews, and they are very necessary.
One of the biggest problems with LLM discourse is that you have no idea how someone is using it, so you don't know how seriously to take their feedback. Was their prompt "make an emulator like zsnes but for the ps5 make no mistakes pls" or was it a really spec'ed out plan file with a local knowledge base that failed in a surprising way? I want to listen to the second guy's opinion about the limitations they're running into, not the first guy's.
Book review: There is no antimemetics division (stephendiehl.com)
I just finished this book and complained about it the whole time. The prose is amateur and peppered with cliches (e.g. you should be fined for publishing the phrase "their suit was so sharp it could cut"). His attempt to write about the inner thoughts of the characters was pretty simple. The descriptions of violence and horror also felt child-like, especially the dialogue during those moments (e.g. Redd's introduction). The landscapes are bland, with lots of repetition. Personally, the redaction technique got boring fast when he would take up entire pages of the book to convey absent memories. He could use his words to convey this instead of black-boxes. I will give the author credit on how they deal with their characters' memories and the re-development of their thoughts, and the usage of time-jumping was reasonable (some books jump around too much, as if these time-skips improve a boring plot). Also the convention for how they solve their dilemma was enjoyable. Overall, I think the author relies too much on a vocal fandom around the SCP Foundation to glorify the book. I think there is potential for a saga of books but there needs to be more effort in the drafting and editing process to raise the quality of the books to the level the universe deserves.
This review is just a plot synopsis. There are no quotes from the book to give me a sense of the quality of the writing. The review feels targeted at somebody who is already bought into the premise, not somebody from the outside who wants to know if "There Is No Antimemetics Division" is a good book or not. In that sense, it totally fails as a book review.
I've noticed this too online and on YouTube, where "reviewers" conflate a plot summary with an actual review of the pros and cons and often deeper analysis of a work. These days I need to go to specific subreddits to get true reviews beyond surface level details, such as at r/TrueFilm.
I have never read a review and got a true notion of whether the prose is good or not. Is that really why you read reviews? I thought this was a great review because it very concisely described what is an unorthodox book. If you want to see if the prose is any good, read the book. It is a good book by the way.
If you say to just read the book then what's even the point of writing a review? I could say the same about any book which renders the advice meaningless.
> If you want to see if the prose is any good, read the book. I don't read complete plot summaries of books that I ever plan to read. That's why I look for "reviews." The only reason it's hard to write a review is because you can't give away the plot, but you have to give a sense of the appeal and the quality of the book. Otherwise, it's just a summary. I can't know what books are available on the market through introspection. The only way I can know about them is through being informed. I don't want to read a complete plot summary of a book I have yet to read. If the only way I can find out about the existence of books is by having the plot spoiled, that's not optimal. edit: Also, tbh, if a book's plot is good, I don't need you to tell it to me. The person who came up with the plot already carefully came up with the way they wanted to tell it to me. Not sure why you think you can do better if you think the book is good. If the book is awful to read but the plot is interesting, feel free. > It is a good book by the way. The reason this doesn't work as a review is because I don't know you, and I don't know what you like. If you can say this in a way in which it doesn't matter whether I know you or what you like, and give away the least plot possible to accomplish this, you've written what most people are looking for in a review.
Agreed, and plot itself doesn't make a good book either. Some have very interesting plots but terrible prose and pacing while others are vice versa. Therefore a "review" that is merely a plot summary actually says nothing of the quality of the work.
↙ time adjusted for second-chance
The Last Quiet Thing (terrygodier.com)
Oh my god this site is so cool. I just want to say — how much time did you pour into the typography and animations on the frontend? I absolutely love it. Every paragraph has its own form — you clearly thought about how each piece should be presented, where to expand, where to pull back, where to hit hard. I couldn't stop scrolling. You're an artist! AI might help style every line of text, but it sure as hell can't craft a reading experience like this.
I liked this, reminds me of some other discussion on recycling/global warming etc being pushed as the comsumers fault
Some of these fonts and transitions I like a lot, but sometimes it feels like there are a few too many fonts on screen.
It has a plaintext version which I appreciate (though I wish it were actual plaintext instead off formatted html with the aesthetics of plaintext)
This is an interesting and more apt way to frame smart features. One way I've found to avoid objects that come alive is to buy the commercial version. - TVs aimed at commercial hospitality businesses let you avoid a lot of the bloatware and smart features that come bundled with it - Commercial washer/dryers let you avoid bluetooth and wifi and other junk not needed to wash your clothes. These are available without the coin operated features Commercial versions of consumer products are usually simpler, more durable, and don't have advertising and smart features.
Part of me wonders if things are like this because the masses have been trained to see their abuse as a good thing, in a similar way to how the american worker sees themselves not as exploited but as a temporarily restrained exploiter
My smart watch has become an invaluable digital prosthetic to help me backfill cognitive challenges that I’ve learned are related to ADHD. “It dings all the time!” Yes, exactly, having a buzzer attached to my person at all times ensures I don’t miss appointments and that I leave to things on time. Your thermostat that bothers you? It would be great if we lived in a world where energy was free, and there were no consequences for using as much energy as you want. That’s not the world we live in. And you probably don’t want to live in a world where the power company decides when you can and can’t turn on your AC. This is the compromise. I’m sorry you’re bothered by it — the consequences of other solutions to this problem are likely much worse. It’s easy to forget that these things exist, and people buy them, to solve real problems. But writing a whole essay and just eliding that fact strikes me as lazy.
I agree to an extent. I also have ADHD and find these things useful, but the tradeoff is that to be effective they always have to be important in a way a cell phone or smart watch is very bad at guaranteeing since their main customer isn't the consumer but the advertising firm. I wish bespoke PDAs were still a thing (or at least, an easily accessible thing)
What being ripped off taught me (belief.horse)
One thing I learned from consulting is if you position yourself as the "fix your mess" guy you have to be very defensive. Ask for more up-front, and bail at the first sign of underpayment. Be pleasantly surprised when a poorly run project is being run by nice, honest people. Prep for the opposite.
It sounds counterintuitive but from my experience it are often nice and (somewhat) honest people. They just came after whoever messed it up horribly in the first place and at some point they came to the conclusion that they need some external help.
> - Late payment shall incur interest at 8% above the BoE base rate and a late fee of 100 GBP as per the UK Late Payment Legislation. Partial payments on invoices shall apply to late fees, interest, and then principal, in that order. Do you mean 8 percent, or 8 percentage points?
The exact wording in our contracts and the government guidance is “8% plus the Bank of England base rate”. They mean “percentage points”. https://www.gov.uk/late-commercial-payments-interest-debt-recovery/charging-interest-commercial-debt As I understand it, from our lawyer, is that this exact wording is automatically enforceable in UK courts and easiest in the event of a dispute. It’s also generally internationally accepted.
> Ironically, the good clients pay within 2-3 days normally, and the difficult ones are very “long tail”. Why ironically? Isn't that exactly what you'd expect?
I took "good client" to mean, "is easy to work with/communicates well/knows what they want", not just "pays on time". The inverse being, the ones who don't pay on time were already a pain in the ass to work with.
Is Germany's gold safe in New York ? (dw.com)
Germany already repatriated about half of its gold reserves between 2013 and 2017 from paris and new york to frankfurt. There has been a recent (as in "18th of march" recent) petition to the Bundestag to repatriate the gold. The reason not to repatriate the remaining gold back then is because Germany has substantial trade with the US, which is why Germany held gold in new york to begin with: It's the easiest way to resolve USD-Euro currency exchange at the central bank level (this is also why germany got rid of the paris gold reserves: with the euro you don't need currency exchange anymore). Also, as you mentioned, the idea of "officially" repatriating gold with the current administration is quite dicey. It is very possible that the correct way of resolving this is to just stop buying gold in new york and let the currency exchange flux deal with the slow unwinding of the reserves without explicit repatriation.
> [...] why Germany held gold in new york to begin with: It's the easiest way to resolve USD-Euro currency exchange at the central bank level [...] Interesting. Might you know how much US gold is held in Frankfurt (Germany), for the same purpose?
Which Russia? The one that is stuck in a ridiculous quagmire in Ukraine, barely able to move frontlines in years? Can Russia even afford to attack anyone else at this point?
Yes, russia can take over Baltics with units pulled from just one of the Ukraine fronts.
Given the news below, Germany is clearly preparing for war: German men 18-45 need military permit for extended stays abroad https://news.ycombinator.com/item?id=47639976
Nothing wrong with preparing. This is, however, a non-sequitur to the post I was replying to.
But now they are becoming opponents. What's your point?
O…K… I will expand on that, but you seem to be looking for a fight, so I’m not sure I’m going to enjoy this thread. Here we are: It is surprising to me in a bad way that someone thinks the relationship between the US and the EU (who have traditionally been allies) has become so adversarial that someone would compare it to the relationship between Russia and the EU. The comment was: the EU should expect the US to hammer them the same way they hammered Russia. And my point was, that would be a significant course change because for the US & EU to be like Russia & EU would be a significant change. That was my point. I hope that is clear now.
The US stopped respecting its international commitments in Trump's first term when it single-handedly withdrew from the JCPOA (singed by way more countries than just the US) without a single valid reason to do so. Since then, it flip-flopped on the Paris Agreement, single-handedly put tariffs on goods imported from literally every single country in the world, withdrew from WHO and so on and so on. Not only does the US not respect the commitments it already agreed to, it hasn't done so for the past 10 or years.
> Not only does the US not respect the commitments it already agreed to, it hasn't done so for the past 10 or years. These commitments were commitments by the administration in the White House at that time. They were not accords or treaties ratified by Congress. Agree with them or don't, they should have been understood as what they were: limited in legitimacy and free to be canceled by the next administration with no discussion. This isn't a matter of arcane political skullduggery, it's spelled out in the US Constitution's definition of treaty, Article II, Section 2, Clause 2. The people were not formally heard.
Sam Altman May Control Our Future – Can He Be Trusted? (newyorker.com)
A new Ronan Farrow piece is a rare gift (and Marantz is no slouch). Can't wait to read this in the physical magazine when it arrives!
Why is the story so downranked? Folks at HackerNews have something to do with it ?
He’s replying on this twitter thread - perhaps someone with an account can ask there and link his comment here? https://xcancel.com/RonanFarrow/status/2041127882429206532#m
Here is the actual link, not a link to some weird third-party site that can't be trusted. https://x.com/RonanFarrow/status/2041127882429206532
 Top