Unlurker|Replay|About
Iran says it will target US tech companies in Middle East (thehill.com)
Better for public relations than hitting oil and gas, if they manage no casualties. I'm sure some people will paraphrase Radoslav Sikorski: "Thank you, Iran!"
> The statement named Cisco, HP, Intel, Oracle, Microsoft, Apple, Google, Meta, IBM, Dell, Palantir, Nvidia, JP Morgan, Tesla, GE, Spire Solution, G42 and Boeing https://www.intellinews.com/irgc-threatens-to-strike-us-tech-companies-in-retaliation-for-assassinations-434840/#google_vignette
Do any of those US tech companies have large manufacturing footprints in the region? Intel has a couple of fabs in Israel, but presumably those are on the smaller side? Nvidia's work in the region is mostly R&D, isn't it? In any case, though manufacturing may not be too badly affected, if the Iranians can pull this off, they would discourage further investment in Israel and raise the economic costs of the war for the US, which would be an geostrategic Iranian win of the "low hanging fruit" variety.
as if they weren't targeting anything valuable already.
as if they started the war, as if they killed their leaders themselves. Ofc they are being boomed in the desert, have not lost anything. US and Isreal has the most valuable things or only them considered human beings? Oh, rest of the people living in the world, they should be grateful to US and Isreal to let them live.
Oh yes, Iran is the innocent one here. Poor Iran. Poor, poor jihadist Iran.
yes, poor Iran, placed itself in the middle of US Airbases.
The iranian government/IRGC isn't innocent but remember that its the regular people, the working class of Iran that is actually suffering further because of hostilities initiated by US/Israel
Has anyone else been having major reliability issues in me-south-1 since the attacks there? I've had to field several inquiries at work where the answer seems to be "sorry, there's a war on -- pick a different region".
Yes. Both me-south-1 and me-central-1 have been _heavily_ impacted/disrupted for nearly a month now due to drone strikes on infra.
OkCupid gave 3M dating-app photos to facial recognition firm, FTC says (arstechnica.com)
Counting the number of comments in this thread 50 minutes later (2 including mine), I can just extrapolate most of HNers have an OKCupid account
At this point, nearly every online service should be considered hostile. If they can make a small amount of money by compromising your privacy or your identity, they will. If they can make a small amount of money by stealing your attention and addicting you, they will. Are there exceptions? I'm sure. Will I be erring sometimes by being cautious? Definitely. But, there is really not much of an alternative these days.
I have long wondered about the market size for privacy-focused apps. Sure, plenty of people don't know or don't care to value that, but if there are enough, maybe you could have a whole set of apps that emphasize they are not seeking world domination or selling out to the highest bidder, and a major selling point for using them would be that they are not < your expected chat/dating/photo/social site >. Am I too idealistic? If such apps are not aggressively seeking hyper growth, it seems like these more trustworthy services could be deployed to cheap servers and let people use them for cheap without having to resort to selling user data.
↙ time adjusted for second-chance
The Claude Code Source Leak: fake tools, frustration regexes, undercover mode (alex000kim.com)
> The multi-agent coordinator mode in coordinatorMode.ts is also worth a look. The whole orchestration algorithm is a prompt, not code. So much for langchain and langraph!! I mean if Anthropic themselves arent using it and using a prompt then what’s the big deal about langchain
You didn't even use it yet.
The name "Undercover mode" and the line `The phrase "Claude Code" or any mention that you are an AI` sound spooky, but after reading the source my first knee-jerk reaction wouldn't be "this is for pretending to be human" given that the file is largely about hiding Anthropic internal information such as code names. I encourage looking at the source itself in order to draw your conclusions, it's very short: https://github.com/alex000kim/claude-code/blob/main/src/utils/undercover.ts
> my first knee-jerk reaction wouldn't be "this is for pretending to be human"... "Write commit messages as a human developer would — describe only what the code change does."
That line isn't in the file I linked, care to share the context? Seems pretty innocuous on its own.
Anyone else have CI checks that source map files are missing from the build folder? Another trick is to grep the build folder for several function/variable names that you expect to be minified away.
I don't understand the part about undercover mode. How is this different from disabling claude attribution in commits (and optionally telling claude to act human?) On that note, this article is also pretty obviously AI-generated and it's unfortunate the author didn't clean it up.
It's people overreacting, the purpose of it is simple, don't leak any codenames, project names, file names, etc when touching external / public facing code that you are maintaining using bleeding edge versions of Claude Code. It does read weird in that they want it to write as if a developer wrote a commit, but it might be to avoid it outputting debug information in a commit message.
Guys I’m somewhat suspicious of all the leaks from Anthropic and think it may be intentional. Remember the leaked blog about Mythos?
> The obvious concern, raised repeatedly in the HN thread: this means AI-authored commits and PRs from Anthropic employees in open source projects will have no indication that an AI wrote them. It’s one thing to hide internal codenames. It’s another to have the AI actively pretend to be human. I don’t get it. What does this mean? I can use Claude code now without anyone knowing it is Claude code.
technically you're correct, but look at the prompt https://github.com/alex000kim/claude-code/blob/main/src/utils/undercover.ts#L39-L69 it's written to _actively_ avoid any signs of AI generated code when "in a PUBLIC/OPEN-SOURCE repository". Also, it's not about you. Undercover mode only activates for Anthropic employees (it's gated on USER_TYPE === 'ant', which is a build-time flag baked into internal builds).
I don’t know what you mean. It just informs to not use internal code names.
It also says don't announce that you are AI in any way including asking it to not say "Co-authored by Claude". I read the file myself. I'm still inclined to think people might be overreacting to that bit since it seems to be for anthropic-only to prevent leaking internal info. But I did read the prompt and it did say hide the fact that you are AI.
Why does that matter though
I agree with you, I think people are overthinking this.
I think it means OSS projects should start unilaterally banning submissions from people working for Anthropic.
Why? What does this have to do with the leak
Undercover mode is the most concerning part here tbh.
why
Well, as a general rule, I don't do business with people who lie to me. You've got a business, and you sent me junk mail, but you made it look like some official government thing to get me to open it? I'm done, just because you lied on the envelope . I don't care how badly I need your service. There's a dozen other places that can provide it; I'll pick one of them rather than you, because you've shown yourself to be dishonest right out of the gate. Same thing with an AI (or a business that creates an AI). You're willing to lie about who you are (or have your tool do so)? What else are you willing to lie to me about? I don't have time in my life for that. I'm out right here.
What’s the lie? It’s just asking to not reveal internal names
>Claude Code also uses Axios for HTTP. Interesting based on the other news that is out.
What version?
Cohere Transcribe: Speech Recognition (cohere.com)
Multimodels are way better
To clarify, this is SOTA in its size category, right? It's not better than Parakeet, for example?
Well, to clarify, it is both larger than parakeet in parameter count (parakeet is available in 0.6B and 1.1B), since it's 2B params, and also performs better than it on the benchmarks that hugging face publishes on the openASR leaderboard
Ahh thanks, I confused my parameter count, thanks. I guess Parakeet is 0.6B, I was somehow thinking 6B.
I had to set-up fireflies for our company recently. Cool tool, but I'm sending dozens of internal meetings to an american company. Our ISO inspector wouldn't be pleased to know. This is a good option. Will check it out.
There are many open source STT models that can run locally on Mac with good performance, such as whisper and Parakeet
> Limitations >Timestamps/Speaker diarization. The model does not feature either of these. What a shame. Is whisperx still the best choice if you want timestamps/diarization?
I would try Qwen-ASR: https://qwen.ai/blog?id=qwen3asr See the very bottom of the page for a transcription with timestamps.
For podcasts there is this https://news.ycombinator.com/item?id=47584376
Dumb question, but if this is "open source" is there source code somewhere? Or does that term mean something different in the world of models that must be trained to be useful?
Most use definition is just awailable weigths. This kids make sense because "compiling" (training) the model cost inhibitly much, and we can still benefit from the artifacts.
My worry is that ASR will end up like OCR. If the multi modal large AI system is good enough (latency wise), the advantage of domain understanding eats the other technlogies alive. In OCR, even when the characters are poorly scanned, the deep domain understanding these large multi modal AIs have allows it to understand what the document actually meant - this is going to be order id because in the million invoices I have seen before order id is normally below order date - etc. The same issue is going to be there in ASR also is my worry.
This is exactly the case today. Multimodal LLMs like gpt-4o-transcribe are way better than traditional ASR, not only because of deeper understanding but because of the ability to actually prompt it with your company's specific terminology, org chart, etc. For example, if the prompt includes that Caitlin is an accountant and Kaitlyn is an engineer, if you transcribe "Tell Kaitlyn to review my PR" it will know who you're referring to. That's something WER doesn't really capture. BTW, I built an open-source Mac tool for using gpt-4o-transcribe with an OpenAI API key and custom prompts: https://github.com/corlinp/voibe
Securing Elliptic Curve Cryptocurrencies Against Quantum Vulnerabilities [pdf] (quantumai.google)
Dup? https://news.ycombinator.com/item?id=47582418
Is there any field with as big of gap between theory and experiment than QC? You read papers like this and think they will be harvesting all Satoshi's coins in a couple years and then you remember that nobody has even factored 21 yet on a real quantum computer.
Y2K Oh wait: thousands of programmers started working on this in the early 90s so that there would be so few failures people thought it was a scam. The entire financial and government infrastructure was based on ecdsa until the shift to pqc. The consequences of not preparing are literal threats to global economy. That can’t be understated. The cost to switch to (hybrid) pqc is essentially zero when compared to the costs for not doing it.
Fusion power comes to mind.
It's interesting, solar panels were in this category in the 1980s and self-driving cars were in the 2010s, and both have had the gap between theory and practice significantly narrowed since.
↙ time adjusted for second-chance
A Love Letter to 'Girl Games' (aftermath.site)
What about Rimworld or Dwarf Fortress?
Don't Starve has a certain point-and-clickiness about it. There's one player character and a lot of noticing objects of interest and clicking to pick them up. That's probably important.
Bringing up books is particularly funny considering that reading, writing, editing, and publishing of said books are all things that are dominated by women. And yeah most romance novels are trashy, but it's not like milslop Clancyfics are better. Most people just want some shallow entertainment and that's fine .
I'm struggling to think of a medium other than video games that isn't dominated by women. ... and actually, wasn't it the case that before the discovery of the "whale" brain-hack to crack open a few (mostly) men's bank accounts, most of the gaming market was women , for broad definitions of "a game", both by player count and revenue? Even comic books, I'm pretty sure it's only the American superhero-type comics that're mainly "for guys"—if we expand it to include stuff like manga and Euro comics, then the overall audience leans female, right? Books are overwhelmingly dominated by women. > And yeah most romance novels are trashy, but it's not like milslop Clancyfics are better. Most people just want some shallow entertainment and that's fine. Romance is a poor term because it's used to launder literal werewolf "dubcon" porn under the same label as something like Jane Austen novels. That's probably useful to marketers and for sales, but it makes it impossible to make productive use of the label without further qualifiers for anyone who's trying to actually communicate using the term. (Meanwhile, yeah, much of what actually sells in that genre [and, again, the term is terrible and overloaded] leans pretty hard into being trash. So does pornhub, or Mr Beast videos, or whatever. So what? It's fine to enjoy them, but it's also fine for folks looking for excellent works of art to mostly avoid them in that search. Meanwhile tons of the modern "literary fiction" and poetry market is by and tuned for an audience of women, in fact I'd be surprised if most of those two categories weren't that, but of course few people actually read lit-fic and especially poetry these days) ---------------------------- BUT, the post is actually less about all that than about how older "girl games" are missing from game history and ignored in things like game-making tutorials and instruction. I'd venture that "boy games" that are similarly low-narrative and/or lean toward being more of an activity than a game (bear with me on the terminology, I'm not interested in turning this post into gatekeeping "what is a game" but I think you understand what I mean, yes? The distinction is here useful) also get left out (I can think of a few[0]), plus the factor where a lot of these were licensed games, which doesn't usually help. I'm not so sure this is as much sexism as that narrative games and clear, tight, goal-oriented game loops are both major factors in games having artistic "staying power" or influence, and in lending themselves to "baby's first video game" tutorials (the latter, especially, for that), and are both really, really hard to accomplish in a video game without resorting to a lot of the usual stuff (violence, largely). This is fundamental to how games are built which is that... ...games necessarily objectify the shit out of literally everything in them. This makes satisfactorily modeling things like realistic relationships extremely hard , and even the games that do it remarkably well are prone to feeling kinda weird as a result (see also: Action Button's rightly-famous Tokimeki Memorial review on Youtube). This is why a lot of relationship-focused games end up as visual novels, where they can be contained to basically a choose-your-own-adventure book format. It's incredibly difficult to build a game-loop around relationship mechanics, and have it be any good at all. This is how you end up with so many "girl games" on the "wrong" side of the "what actually is a video game?" discourse (ugh): it's really hard to build "proper" game mechanics around a lot of the aspects of those "girl games" that appeal to girls in the first place . Take a dress-up "game": in the most-minimal form (and a form which does exist in the wild!) you're not looking at something that's much more game-like, apparently, than MSPaint. Try to add a dress-up mechanic to a "traditional" game and you end up with something that's a pretty superficial veneer over bog-standard mechanics (stat-boosting item equipping, or something like the FFX-2 "dress sphere" system) or is purely aesthetic and has no "actual" "game" effects. It might be fine to include those anyway! But they're never going to feel especially integral to the game. How do you make dress-up itself a video game ? You kinda... don't. You attach it to a sandbox, maybe, and let the player develop their own game (goals, narrative) with it, just like toys in a toybox . Like The Sims... which was a smash-hit among women. Go figure. Is a toy box a game? Kinda no. Do the contents become vital components of a game when a child plays with them? Often, yes! What is a game? Do we call what kids do with toys, often, "games"? Yep. Is soccer a game? Is chess? Yes and yes. What do soccer and chess have in common with a girl developing stories around her real, actual dolls and such, and dressing them up different ways? Not a fucking lot , but we may use "game" for all of them. ... and so we've come full circle from "romance is a shitty term for a genre of books, and often not very useful for communication": "video game" is a shitty term and often not very useful for communication. The game can be what the player brings to a "toy box" that lets them dress up characters and move them around. Maybe it's fair to call a program "a game" if its main intent is to facilitate that, even if it lacks things like a traditional "game loop" or strong extrinsic goals or motivations (which would let us get away with saying that MSPaint could, situationally, be a toy in service of a game , but doesn't belong in even a very-generously-defined category of "video games" itself, should such distinctions matter for whatever purpose we have in employing the term in the first place). But a video game can also be an "e-sport", on (kinda) the complete opposite end of a certain spectrum. These things have almost nothing to do with one another aside from that they happen on a computer and are supposed to be some variety of entertaining or fun. "Video games" are both those things, and everything in between , it seems. Not sure how useful it is to lump all that stuff under the one term, but so far efforts to carve out distinctions have been poorly-received, so we're stuck with "all these things are video games even though they're so wildly different that very often their fandoms have no overlap whatsoever, on substantial grounds, not just surface appearance or marketing". [0] Long ago I had this DOS CAD program for kids called, as I recall, "KidCAD". It was entirely useless for any "serious" work, all it was, was effectively a rudimentary line-rendered digital lego set. Leaning into the kinds of distinctions the linked article uses, I think it's fair to call it a "boy game" in those terms, like a dress-up game is a "girl game". It also had zero built-in narrative and no "game loop" whatsoever. Guess how much attention it gets in game history, and how easy it is to find anything about it now? LOL.
I think we agree largely. My inclusion of Conan there as an example is a stand in for any male dominated slop fiction. Whether that's milslop Tom Clancy stuff, or Warhammer novels, Video Game adaptions, etc. There are millions of books for boys/men that are total slop. So its not really that its books for men vs women. If it was just things that are for men is considered good, then we would be heralding Tom Clancy as a modern day Shakespeare.
Italy blocks US use of Sicily air base for Middle East war (politico.eu)
Italy didn't join Spain in this: it's just that using the Sigonella airbase for military purpose requires parliament approval, which was not scheduled on time. Meanwhile, five US military flights took off from the other base of Aviano, Northern Italy. Aviano hosts the 31° Fighter Wing (F-16 jets) and B61-4 nuclear weapons, while Sigonella has Mq-9 Reaper drones and Ep-3 surveillance airplanes. For context, the other main US bases in Italy are: Ghedi (Lombardia region), Camp Darby (Tuscany region), Camp Ederle (Veneto region), the two harbors of Naples and Gaeta, and some other communications infrastructures. By the way, Camp Darby is the largest US weapons and ammunition warehouse in Europe.
Yeah. From the Italian defense minister: > Someone is trying to get the message across that Italy has decided to suspend the use of bases for U.S. assets. > Something that's simply false, because the bases are active, in use, and nothing has changed. > The Government continues to do what all Italian Governments have always done in full adherence to the commitments made in Parliament and to the line reiterated in the Supreme Defense Council as well, in continuity with all previous Councils over the decades. > International agreements clearly regulate and distinguish what requires specific Government authorization (for which it has been decided to always involve Parliament), without which it is not possible to grant anything, and what is instead considered technically authorized because it is included in the agreements. > A minister only has to ensure they are respected. > There is no third option. > Finally, I want to reiterate that there is no cooling or tension with the U.S., because they know the rules that have governed their presence in Italy since 1954 just as well as we do. https://x.com/GuidoCrosetto/status/2038945070833897586
The “CEO” of Italy is a she.
To be fair she wants to be referred to as "il primo ministro" with the masculine article.
To continue the metaphor, there are some that are comfortable having a hornet's nest in their bedroom and others that will take the initiative to remove it
And yet others who try to think of a way to remove it other than to use the baseball bat everybody agreed would be a bad idea.
That is a misleading headline. Italy refused landing to flights outside normal operations without a prior request. We don't know how the Italian government would respond to a request if the US took the time to make one.
So, EU members will keep preaching peace and humanity and still keep doing contrary to that.
I really wish that people would distinguish between "Americans" and "the US government" (and between the latter and the Trump regime) more clearly. I am Turkish and when I am associated with the behaviour of the Turkish government (which happens when I am abroad), it is very unpleasant. I lived in the States for 7 years and have many friends there. I am guessing they would similarly find this association unpleasant.
Americans should stop voting in governments like this then.
> I don't think very many leaders think like that. Iran's missile attack on Diego Garcia (unexpectedly long range, more than we thought they had functional) puts Rome in missile range. They're definitely thinking about that right now.
most of the EU were always in range. Thats how ballistic missiles work. Hence why we had the nuclear deal that trump binned. https://www.theguardian.com/world/2012/jul/03/iran-tests-long-range-missiles I know that hegseth has obliterated the planning and intelligence capability of the us military, but the news has less excuse.
Tell HN: Chrome says "suspicious download" when trying to download yt-dlp
I tried to reproduce this on their download page for the latest release[1]. Only the windows exe gets the warning, the other releases (macos, linux, etc) all download just fine. That makes me think it's an automated system that messed up, not an attempt at anticompetitive behavior. [1] https://github.com/yt-dlp/yt-dlp/releases/tag/2026.03.17
This entire thread it almost entirely proof that HN is now reddit. No facts, no consideration, just accusation and crowd think > Comments should get more thoughtful and substantive, not less, as a topic gets more divisive. none of that here > Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative. not followed here > Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith. none of that there > Eschew flamebait. Avoid generic tangents. Omit internet tropes. Lots of that here The system is clearly automated. As others have pointed out, they've been able to download without incident. As other have also pointed out, Firefox also warns. The warning is reasonable, claiming that something isn't downloaded often is true, until it isn't. A few more downloads and the warning will likely go away. Nothing to see here except a Google hater mis-interpreting something and the posting ragebait.
You are wrong. There is at least one collaboration here that I can see. Download any other `.tar.gz`, Chrome says nothing. Do it with `yt-dlp`, chrome says it can harm your computer. Why?
The heuristics powering this, as well as the Windows Defender whitelisting, are terrible. My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem. Users are not incentivized to use the program with the warning. But removing the warning requires many people to ignore the warning. This is a big problem for anyone writing Windows software. An indie developer or small open source project is not going to do well with this.
This is also happening on linux for me.
EV no longer skips smartscreen either nowadays. I understand that was abused, so it's treated as the same as OV. Having a certificate allows the cert itself to accumulate trust (rather than each binary independently doing so) and provides better UX and I suspect an initial small boost to trust signal, but doesn't bypass the initial distrust. There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.
> EV no longer skips smartscreen either nowadays. I understand that was abused EV was always going to be abused. It started out promising to be a human verified, $10k cert that meant you were GUARANTEED to be who it said you were. Now I can get one for a couple hundred bucks. The solution is to separate identity from encryption. They never should have been linked.
it'll just cause a lot more people to become aware of it and cause mirrors to pop up everywhere.
RIAA already tried to take down the Github repo for youtube-dl (basically the original yt-dlp was forked from) back in October 2020. But outcry from among others EFF got it reinstated just one month later. Google is probably on the fence about this because they saw how it went last time. The slow killing of adblockers in Chrome seems to be something they are getting away with, so maybe that will make them bolder once things have moved along far enough that there's no way back.
Good code will still win (greptile.com)
I find most developers fall into one of two camps: 1. You treat your code as a means to an end to make a product for a user. 2. You treat the code itself as your craft, with the product being a vector for your craft. The people who typically have the most negative things to say about AI fall into camp #2 where AI is automating a large part of what they considered their art while enabling people in group #1 to iterate on their product faster. Personally, I fall into the first camp. No one has ever made a purchasing decision based on how good your code is. The general public does not care about anything other than the capabilities and limitations of your product. Sure, if you vibe code a massive bug into your product then that'll manifest as an outcome that impacts the user negatively. With that said, I do have respect for people in the latter camp. But they're generally best fit for projects where that level of craftsmanship is actually useful (think: mission critical software, libraries us other devs depend on, etc). I just feel like it's hard to talk about this stuff if we're not clear on which types of projects we're talking about.
> No one has ever made a purchasing decision based on how good your code is. absolutely false. > The general public does not care about anything other than the capabilities and limitations of your product. also false. People may not know that the reason they like your product is because the code is so good, but everyone likes software that is mostly free from bugs, performs extremely well, helps them do their work quickly, and is obviously created by people the care deeply about the quality of the product they produce (you know, the kind that acutally read bug reports, and fix problems quickly). The longer your product exists the more important the quality of the code will be. This obsession so many have with "get it out the door in 5 seconds" is only going to continue the parade of garbage software that is slow as a dog, and uses gigabytes of memory to perform simple tasks. You don't have to pick on camp over the other. In my opinion, if you want to make a good product for a user, you should also treat the code you produce for them as your craft. There is no substitute for high quality work.
> No one has ever made a purchasing decision based on how good your code is. There are two reasons for this. One is that the people who make purchasing decisions are often not the people who suffer from your bad code. If the user is not the customer, then your software can be shitty to the point of being a constant headache, because the user is powerless to replace it. The other reason is that there's no such thing as "free market" anymore. We've been sold the idea that "if someone does it better, then they'll win", but that's a fragile idea that needs constant protection from bad actors. The last time that protection was enacted was when the DOJ went against Microsoft. > Sure, if you vibe code a massive bug into your product then that'll manifest as an outcome that impacts the user negatively. Any semblance of accountability for that has been diluted so much that it's not worth mentioning. A bug someone wrote into some cloud service can end up causing huge real-world damage in people's lives, but those people are so far removed from the suits that made the important decisions that they're powerless to change anything and won't ever see that damage redressed in any way. So yeah, I'm in camp #2 and I'm bitter about AI, because it's just accelerating and exacerbating the enshittification. Someone on the HN wrote recently that everyone who's foaming at the mouth about how AI helps us ship faster is forgetting that velocity is a vector -- it's not just about how fast you're going, but also in what direction. I'd go further and say that I'm not even convinced we're moving that much faster. We're just cranking out the code faster, but if we actually had to review that code properly and make all the necessary fixes, I'm pretty sure we would end up with a net loss of velocity.
This is a very useful insight. It nicely identifies part of the reason for the stark bifurcation of opinion on AI. Unfortunately, many of the comments below it are emotional and dismissive, pointing out its explanatory limitations, rather than considering its useful, probative value.
I think "make a product" is the important point of disagreement here. AI can generate code that users are willing to pay for, but for how long? The debate is around the long-term impact of these short-term gains. Code _is_ a means to an end, but well-engineered code is a more reliable means than what AI currently generates. These are ends of a spectrum and we're all on it somewhere. You ever notice how everyone who drives slower than you is a moron and everyone who drives faster than you is a maniac? Your two camps have a similar bias.
> No one has ever made a purchasing decision based on how good your code is. If you have buggy software, people don’t use it if there are alternatives. They don’t care about the code but hard to maintain, buggy code will eventually translate to users trying other products.
It's perfectly possible to write very clean code with AI, it just takes a lot more time and prompting.
This is just cope to avoid feeling any shame for shipping slop to users.
This is like when people decided that everyone was either "introvert" or "extrovert" and then everyone started making decisions about how to live their life based on this extremely reductive dichotomy. There are products that are made better when the code itself is better. I would argue that the vast majority of products are expected to be reliable, so it would make sense that reliable code makes for better product. That's not being a code craftsman, it's being a good product designer and depending on your industry, sometimes even being a good businessman. Or, again, depending on your industry, not being callous about destroying people's lives in the various ways that bad code can.
I’m an introvert. I make sure that all my “welcome to the company” presentations are in green. I am also an extrovert in that I add more green than required.
Sloppy technical design ends up manifesting in bugs, experiential jank, and instability. There are some types of software (e.g. websites especially), where a bit of jank and is generally acceptable. Sessions are relatively short, and your users can reload the webpage if things stop working. The technical rigor of these codebases tends to be poor, but it's generally fine. Then there's software which is very sensitive to issues (e.g. a multi-player game server, a driver, or anything that's highly concurrent). The technical rigor here needs to be very high, because a single mistake can be devastating. This type of software attracts people who want to take pride in their code, because the quality really does matter. I think these people are feeling threatened by LLMs. Not so much because an LLM is going to outperform them, but because an LLM will (currently) make poor technical design decisions that will eventually add up to the ruin of high-rigor software.
> the quality really does matter. If this level of quality/rigor does matter for something like a game, do you think the market will enforce this? If low rigor leads to a poor product, won't it sell less than a good product in this market? Shouldn't the market just naturally weed out the AI slop over time, assuming it's true that "quality really does matter"? Or were you thinking about "matter" in some other sense than business/product success?
Yes, both the article and GP are making that exact point about it mattering from a customer's perspective.
I'm in camp 1 too. I've maintained projects developed with that mindset. It's fine! Your job is to make the thing work, not take on its quality as part of your personal identity. If it's harder to work with, it's harder to work with, it's not the end of the world. At least it exists, which it probably wouldn't have if developed with "camp 2" tendencies. I think camp 2 would rather see one beautiful thing than ten useful things.
I think I fall in camp 1.5 (I don't fall in camp 1 or camp 2) as in I can see value in prototyping (with AI) and sometimes make quick scripts when I need them, but long term I would like to grow with an idea and build something genuinely nice from those prototypes, even manually writing the code as I found personally, AI codebases are an hassle to manage and have many bugs especially within important things (@iamcalledrob message here sums it up brilliantly as well) > I think camp 2 would rather see one beautiful thing than ten useful things. Both beautiful and useful are subjective (imo). Steve job's adding calligraphy to computer fonts could've considered a thing of beauty which derived from his personal relation to calligraphy, but it also is an really useful thing. It's my personal opinion that some of the most valuable innovations are both useful and beautiful (elegant). Of course, there are rough hacks sometimes but those are beautiful in their own way as well. Once again, both beauty and usefulness is subjective. (If you measure Usefulness with the profit earned within a purely capitalistic lens, what happens is that you might do layoffs and you might degrade customer service to get to that measure, which ultimately reduces the usefulness. profit is a very lousy measure of usefulness in my opinion. We all need profit though but doing solely everything for profit also feels a bit greedy to me.)
> At least it exists, which it probably wouldn't have if developed with "camp 2" tendencies. Ah yes, if you aren't shitting code out the door as fast as possible, you're probably not shipping anything at all.
That isn't a fair reading.
> The people who typically have the most negative things to say about AI fall into camp #2 where AI is automating a large part of what they considered their art while enabling people in group #1 to iterate on their product faster. I am in both camps. Always have been. Code janitors about to be in high demand. We’ve always been pretty popular with leadership and it’s gonna get even more important. Treat code design and architecture as the thing that lets your slop canons (90% of engineers even pre-ai) move fast without breaking things My output is org velocity.
I agree and I like how you describe it. The phrase from Django, "perfectionists with deadlines", also resonates with me.
> Treat code design and architecture as the thing that lets your slop canons (90% of engineers even pre-ai) move fast without breaking things I'm currently of the opinion that humans should be laser focused on the data model. If you've got the right data model, the code is simpler. If you've got the relevant logical objects and events in the database with the right expressivity, you have a lot of optionality for pivoting as the architecture evolves. It's about that solid foundation - and of course lots of tests on the other side.
How do you even converge on the right data model without refining code? Elegant code and elegant data model are the exact same thing!
It's called "systems analysis". Programmers are generally pretty terrible at it because it requires holistic, big-picture thinking. But it used to take up the bulk of the design activity for a new enterprise system.
The public doesn't care about the code itself, they absolutely care about the quality and experience of using the software. But you can have an extremely well designed product that functions flawlessly from the perspective of the user, but under the hood it's all spaghetti code. My point was that consuming software as a user of the product can be quite different from the experience of writing that software. Facebook is a great example of this, there's some gnarly old spaghetti code under the hood just from the years of legacy code but those are largely invisible to the user and their experience of the product. I'd just be careful to separate code elegance from product experience, since they are different. Related? Yeah, sure. But they're not the same thing.
I have yet to meet anyone whose problem with AI is that the code is not aesthetically pleasing, but that would actually be an indicator to me that people are using these things responsibly. My own two cents: there's an inherent tension with assistants and agents as productivity tools. The more you "let them rip", the higher the potential productivity benefits. And the less you will understand the outputs, or even if they built the "correct thing", which in many cases is something you can only crystalize an understanding about by doing the thing. So I'm happy for all the people who don't care about code quality in terms of its aesthetic properties who are really enjoying the AI-era, that's great. But if your workload is not shifting from write-heavy to read-heavy, you inevitably will be responsible for a major outage or quality issue. And moreso, anyone like this should ask why anyone should feel the need to employ you for your services in the future, since your job amounts to "telling the LLM what to do and accepting it's output uncritically".
Facebook.com is a monstrosity though, and their mobile apps as well are slow and often broken. And the younger generations are using other networks, Facebook is in trouble.
Does performance not matter? What if your AI uses an O(n) algorithm in a function when an O(log n) implementation exists? The output would still be "correct"
> Does performance not matter? Performance can be a direct target in a feedback loop and optimised away. That's the easy part. Taking an idea and poof-ing a working implementation is the hard part.
Also most performance optimisations exit at the microservice architecture level, or db and io level
If "good code" == "useful code", then yes. People forget that good engineering isn't "the strongest bridge", but the cheapest bridge that just barely won't fail under conditions.
Um, ackshually, real civil/structural engineers—at least, those in the global north—design bridges, roads, and buildings with huge tolerances (multiple times the expected loads) because unexpected shit happens and you don't want to suffer catastrophic failure when conditions are just outside of your typical use case and have a Tacoma Narrows Bridge type situation on your hands.
Engineers don't build the cheapest bridge that just barely won't fail. They build the cheapest bridge that satisfies thousands of pages of regulatory requirements maintained and enforced by dozens of different government entities. Those regulations range from safety, to aesthetic, to environmental, to economic, to arcane. Left to their own devices, engineers would build the cheapest bridge they could sell that hopefully won't collapse. And no care for the impact on any stakeholder other than the one paying them.
> Left to their own devices, engineers would build the cheapest bridge they could sell that hopefully won't collapse. I don't know any real (i.e. non-software) engineers, but I would love to ask them whether what you said is true. For years now, I've been convinced that we should've stuck with calling ourselves "software developers", rather than trying to crib the respectability of engineering without understanding what makes that discipline respectable. Our toxic little industry would benefit a lot from looking at other fields, like medicine, and taking steps to become more responsible for the outcomes of our work.
There is nothing special about roman concrete compared to moderns concrete. Modern concrete is much better The difference is that they didn't have rebar. And so they built gravity stable structures. Heavy and costly as fuck. A modern steel and concrete structure is much lighter and much cheaper to produce. It does mean a nodern structure doesn't last as long but also the roman stuff we see is what survived the test of time, not what crumbled.
> There is nothing special about roman concrete compared to moderns concrete. Modern concrete is much better Roman concrete is special because it is much more self-healing than modern concrete. This makes it more durable than modern concrete. However, that comes at the cost of being much less strong, set much slower and require rare ingredients. Roman concrete also doesn’t play nice with steel reinforcement.
Good code wasn't winning even before the ai slop era! The pattern was always: ship fast, fix/document later, but when "later" comes "don't touch what is working". To date nothing changed yet, I bet it won't change even in the future.
& I have thus far made a large portion of my living off of fixing bad code "later". … but lately, the rate at which some dev with an LLM can just churn out new bad code has just shot through the roof. I can still be struggling to pick apart the last piece of slop, trying to figure out "okay, if someone with a brain had written this, what would the inputs & outputs be?" and "what is it that production actually needs and relies on, and what causes problems, and how can we get the code from point A to point B without more outages"; but in the meantime, someone has spit out 8 more modules of the same "quality". So sure, the basic tenants haven't changed, but these days I feel like I'm drowning in outages & bugs.
Oracle slashes 30k jobs (rollingout.com)
Ethical Dillemas. You found the cure of cancer. If you release it now, you'd giving back humanity millions of LifeYears, but if you release it in a few years, Larry Elison won't be able to take advantage of it. How do you proceed?
This was leaked weeks ago https://www.livemint.com/companies/news/oracle-layoffs-tech-giant-to-slash-30-000-jobs-as-banks-pull-out-from-financing-ai-data-centres-11769996619410.html
where do you pull 50 percent number for oracle?
Even if the number is 10% they want the company to take risks. Big tech shareholders number one goal is not becoming IBM
anyone can get any random shower thought funded by this logic. Thats not how investing works.
I was going to type you a sympathetic message and took a peek at your profile, and...well that's quite a resume you got there!
Heh thank you. It was a few years ago that this happened, when they were doing the big RTO.
One of my past employers tried to give laid off employees a dignified send offs including not immediately revoking their access. The number of people who snap and make rash decisions to try to exfiltrate data, plant backdoor logins for themselves, or sabotage company work in those hours was a much larger number than I would have guessed prior to seeing it.
Yeah, I'm confident that didn't happen
> A job today isn’t (and shouldn’t be) any guarantee of a job tomorrow. Also relationships, kids and stability. Spend all your life in perpetual anxiety, rent all your life, you will own nothing and be happy! Also, here’s a bowl of insect protein while we’re at it.
You want the government to force employers to provide a social safety net rather than the government providing it directly? The problem isn't that people can be fired, it's that their food, housing, and medical care are all dependent on or provided through their employer.
The bulk of the comments in here are focused on comparing Larry Ellison to a lawn mower, so I'll try a new tack and say that I'm genuinely confused at what the value prop of Oracle is. Given the history of their business model being licensing of important databases that are hard to switch off of, I've actually made a point to avoid using Oracle as much as possible (even so far as to leave MySQL when they acquired it, and I've never started a fresh project in Java, which they used to drive a lawsuit they had with Google). From my chair, they make an expensive database they try to sell to golf executives. There are innumerable equal (better?), free alternatives, and most startups are founded by broke coders in bedrooms that choose those instead and stick with the devil they know. And they have an un-competitive cloud service? Enlighten me on what I would use Oracle for, I'm genuinely curious.
moat
You are missing the business model - buy has-been platforms and frameworks and charge big bucks for maintenance. Customers eventually manage to migrate off you, but it is fine cause you buy some other has-been stack and then overcharge for that.
Also, their inability to make a NewSQL DB rivaling Spanner or Cockroach (they basically just had to clone one of these or acquire Cockroach) puts them out of any serious competition for the future of databases. Their "Oracle Autonomous DB" ain't it.
In a world of continuous change, at least we can always rely on oracle being consistently evil.
maybeeee SPARC based Solaris? Probably not a major usecase nowadays (Oracle bought Sun for Java, not for Sun) but it seems to be limping along
> Oracle bought Sun for Java, not for Sun My recollection is that they also qanted Sun's storage hardware products, to sell alongside their existing DB software.
There's more to it than just pure databases. They have a pretty large vertical of SaaS apps, specifically ERP. Oracle Saas (their ERP platform) is used by thousands of customers - these are systems implemented with SI's and run super critical functions like payroll, manufacturing, etc really hard to rip out once they're put in place. This has been fueling their growth for some time, and seems like OCI is picking up now from a pure infra POV. But yeah I don't think I'd ever use any Oracle components voluntarily or at the very least find ways to have exit paths
Yeah, many of these comments are extremely misinformed. Oracle has been an application software vendor for a long time. For example, Oracle sell Opera. Opera manages hotels, both individual and chains. And integrates with their amusement park management software. People complain about them, but software like that is much closer to an sdk than a finished product. It is generally customized for each buyer for their needs. And the quality of the customization is more on the buyer than on Oracle. Oracle have a giant suite of these products for POS, guest experiences, amusement parks, hospitality, marketing (b2b and b2c), etc. And companies buy from Oracle because they're not good at making software and because you do leverage some economies of scale.
Short answer: today I think there is genuinely nothing that anyone should use oracle for, but their database used to be seriously far ahead of the competition. A very long time ago (circa 2000) there were basically 2 databases that worked for use cases where you needed high availability and vertical scalability and those were Oracle and Sybase and Oracle was really the only game in town if you actually wanted certain features like online backups and certain replication configurations. At the time, MySQL existed and was popular for things like websites but had really hard scalability caps[1] and no replication so if you wanted HA you were forced to go to oracle pretty much. Postgres also wasn't competitive above certain sizes of tables that seem pretty modest now but felt big back then, and you used to need to shut postgres access down periodically to do backups and vacuum the tables so you couldn't use it for any sort of always-on type of use case. Oracle also had a lot of features that now we would use other free or cloud-hosted services for like message queues. [1] in particular if you had multiple concurrent readers they would permanently starve writers so you could get to a situation where everyone could read your data but you could never update. This was due to a priority inversion bug in how they used to lock tables.
Java and VirtualBox. But both are free.
For others like me who might be skeptical to hear throughput in any metric other than seconds (and is used to large numbers in hours/days being used to inflate), I think millions per hour is actually quite high for 1998. Assume that means 5_000_000/hour. 5M/hr => 83k/min => 1400/s. That is impressive for late 90s. I was generous on what "millions per hour" meant, but even if its 2.5M/hr that would be 700/s, which is still quite good.
Those are big numbers especially for non-enterprise DBs in the 90s. MySQL's big breakthrough(not specifically talking about perf) was innodb in 2010. Just 15+ years ago Postgres had major issues with concurrency as we think about it today. And just 10+ years ago a LOT of DB drivers weren't thread safe and had their own issues dealing with concurrency. So nearly 30 years ago? Fuhgeddaboudit.
Kind of, but there are some subtle differences in my opinion. Oracle is top-to-bottom evil, whose business model basically boils down to screwing over their clients and everyone else at every possible opportunity, comparable to the likes of McKinsey or Accenture. IBM is a bit more nuanced. My wife grew up in an IBM town and a lot of her family and her friends’ families used to work there in the 70s and 80s. People, especially the engineers, used to take pride in their work there.
I think of IBM and GE as being cut from the same cloth back then- they treated their people well and dominated their markets.
but what would be the blast radius for ZFS? Most enterprises don't seem to be running ZFS with Linux, and the only large target using FreeBSD I can think of is Netflix, but AFAIR they don't use ZFS either. Oracle sues when there's $$$ to make, but I don't think ZFS would warrant them much.
> the only large target using FreeBSD I can think of is Netflix, but AFAIR they don't use ZFS either. I can't quite remember, but I think they might have mentioned using ZFS rather than UFS for the OS, but I'm pretty sure they're not using it for the CDN data partitions. I love ZFS, but for CDN nodes, I think it would be more harmful than helpful; especially how ARC is separate from the FreeBSD 'Unified Buffer Cache', and how much work Netflix has done to reduce the number of times data hits RAM on the way from disk to the user. > Oracle sues when there's $$$ to make, but I don't think ZFS would warrant them much. (Agreeing with you), if they are using ZFS for the OS and Oracle makes ZFS toxic, it shouldn't take long to ditch it.
As a European, this seems normal? When someone is fired, they generally stop working immediately while getting paid through the notice period.
The way this email is worded this would more likely be classified as a Redundancy as opposed to a Firing. So different laws/rules would apply
It's crazy to me that companies are allowed to do this, given that staff are generally expected to be accommodating and give notice when they quit.
Expected, yes, required, not at all. It is completely legal to just stop showing up one day.
6+ months' notice with a severance package equal to at least an annual salary.
Giving any kind of notice about layoffs while expecting employees to continue working is just bad for everyone. The employees stress out about whether they're going to be impacted. Nobody gets much work done as they update their resumes and prepare for the worst. The best people start looking for other opportunities and find them. If specific employees are told they're going to be laid off, some seek revenge. Much better to immediately notify those impacted, revoke their access, give them generous severance instead of expecting them to work, and let everyone else know they're safe.
I can do a lot of job hunting with a year of severance. Valid point about employees on visas though.
Maybe they could be kept on the payroll without access to actually work. But the real problem is any law that would deport someone 30 days after they were laid off, even if they had been working for years. That should be 6 months minimum.
Many of the startups I work with. We’re helping save the oceans and land. Purpose and profit are dream scenarios for me. It’s difficult in a capitalist economy but it exists.
Are those startups self funded or funded by VCs? If they are funded by VCs, it doesn’t matter what your company wants.
37signals, vanguard, costco, proton, fastmail, mullvad vpn, framework, automattic, valve, patagonia, lego, linear, hetzner, tarsnap, ...
Valve takes 30% of revenue from developers because they have cornered the distribution market. Their margins on the steam store are probably second only to the apple store's, another heinously immoral product.
More victims of AI. Not actually of "AI is replacing jobs", more "oh shit we are spending too much and the product isn't good enough for us to ever make a return on our absurd over-investment".
How to tell you we are running out of money because of AI without spooking the investors ?
> That said, I guess it can be argued that Cerner and NetSuite being on the chopping block can be attributed to AI because now procurement has the choice to either build in-house via an Anthropic or OpenAI SI like Accenture or TCS or they can negotiate better purchasing terms from a best-in-breed product in HRM and ERP like SAP instead. Cerner isn't an EHR, it's an EMR. EHR == Electronic Health Record. Your FitBit data is an Electronic Health Record. EMR == Electronic Medical Record. Your doctor's records, how much blood thinner that nurse is supposed to give grandpa, and whether or not he's a fall risk are things you'd put in an EMR. You can't just vibecode your way to replacing an EMR. Cerner Millennium has a shrinking, but substantial, footprint at healthcare systems across the country and around the globe. There are 25+ years of bugfixes, caveats, architecture, and other pieces of knowledge to be tracked and accounted for, and you must do so, because if you don't, people under the care of doctors could die. It's also worth noting that the DoD uses Millennium for active service members, and I think they also use it for TriCare. American taxpayers are on the hook for dealing with the problems that Oracle's cost cuts will produce.
> You can't just vibecode your way to replacing an (sic) EMR Absolutely, but you can now demand a market leader like Epic to give you a significantly better discount (eg. 20-30% over the 10% you may have previously been offered). And that is the crux of the "SaaSpocalypse" and why you are seeing targeted layoffs in Oracle specifically for their ERP and EHR products. > It's also worth noting that the DoD uses Millennium for active service members, and I think they also use it for TriCare. American taxpayers are on the hook for dealing with the problems that Oracle's cost cuts will produce Absolutely, but they were already on the hook for that before Cerner became a part of Oracle.
> One of the ideal things that companies can do is not hire people This, but unironically. Companies that make money without hiring anyone provide the most "value". Simultaneously we should stop calling business owners "job creators". They're actually "job minimizers". They only hire people when there's no other choice.
Make money? Seems kind of corpofascistic. That’s profit that should be shared with workers. If no employees it could be distributed to unions.
Ok go for it.
My only problem with this is: Some of my best people are those that "I gave them a chance." I'd only hire perfect people from my tribe if I had to have them forever.
And what about those who you have a chance to and they didn’t cut it? Their life is ruined by being fired.
Microsoft: Copilot is for entertainment purposes only (microsoft.com)
That one line is…doing A LOT of legal work.
I can't help but be reminded of Joe Pesci in Goodfellas: "Funny how? I mean, funny like I’m a clown? I amuse you? I make you laugh? I’m here to fuckin’ amuse you? What do you mean funny, funny how?"
I've read the claim that he ad-libbed a lot of that too.
My employer does not allow me using software with entertainment function on company hardver. Now what?! Do I have to uninstall Windows?
Not really since the clause in full is "Copilot is for entertainment purposes only. It can make mistakes, and it may not work as intended. Don’t rely on Copilot for important advice. Use Copilot at your own risk." Are you saying that the business version cannot make mistakes and can be relied upon for important advice?
No, I’m saying that MS have different terms for their business and personal offerings (as do OpenAI and Anthropic). To be fair to them, MS are quite open about accuracy for the business offerings, see here as one example: https://learn.microsoft.com/en-us/copilot/microsoft-365/microsoft-365-copilot-application-card
FYI: This is only for the "Cortana replacement" Copilot, not the other Copilots. This language doesn't appear in GitHub Copilot's Consumer Agreement, for example.
Maybe they shouldn't name everything Copilot.
Anthropic does a somewhat similar thing. If you visit their ToS (the one for Max/Pro plans) from a European IP address, they replace one section with this: Non-commercial use only. You agree not to use our Services for any commercial or business purposes and we (and our Providers) have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity. It's funny that a plan called "Pro" cannot be used professionally. https://www.anthropic.com/legal/consumer-terms
Software in general has disclaimed any warranties or fitness for purpose for as long as I can remember. This is nothing new.
Well, there's your rationale as to why AI cannot replace you. When sh!t hits the fan, Anthropic will immediately point to this clause. Who knows, maybe a court would see it as valid. Meanwhile, your customer (and thus, your management) is looking for someone to blame for excrement making contact with the impellers. And that someone's gonna be you.
But you have limited funds to take in a lawsuit realistically the worst they can do is fire you, it's not like being blameable somehow makes you more valuable.
In the Uk there seem to be separate commercial and consumer terms. In the UK the consumer terms say its subject to English law and the courts of the UK jurisdiction you live in. The commercial terms say that in the UK, Switzerland and the EEA there will be binding arbitration by an arbitrator in Ireland appointed by the President of the Law Society of Ireland.
The UK commercial terms explicitly do not apply to individual user plans. The US also has a separate terms sheet for commercial plans. We are comparing like for like - an individual user using a Claude Pro subscription. A US user can use it for commercial use and be in compliance with the terms, the UK user cannot.
If it is for entertainment purposes only, why am I not laughing when I use it?
Some people find being whipped while bound in leather to be entertaining.
But according to the Birmingham modifications of 1973, subsection 12.b, stroke 7a, a player so conceding is not deemed to have actually conceded unless they be within a finite number of hops from Mornington Crescent station at the time of the concession.
No, as part of the Cameron rules of 2016, concession means concession, regardless of anything else (including whether or not it’s a good idea).
Some 20 years ago there was a story about a guy who was opening a bank account. The bank sent the contract, the guy ameneded it with things like "you will give le unlimited credit that I do not need to repay" (if my memory serves me right). He signed, sent both copies, got his bank signed copy back Went yo the bank, the bank sued him, he won (the judge told the bank that when you play dirty games you sometimes loose) and they ultimately settled.
https://www.rt.com/business/man-outsmarts-banks-wins-court-221/ I can never find an article that mentions the final outcome.
When the contract is purposefully obtuse and hard to understand, that should be a valid legal defense. When it's huge, falls upon people that can't justify a lawyer, and keeps changing all the time, one shouldn't even need to claim it. It should be automatically invalid.
Contract language is obtuse and hard to understand precisely because of previous challenges over meaning. There are stock phrasings and clauses in contracts that have established (by precident) legal meanings. That's why contracts seem to be walls of boilerplate. If you just wrote them in "plain language" there would be far too much ambiguity and arguing over what was really meant or implied or agreed to.
RubyGems Fracture Incident Report (rubycentral.org)
I can see a lot of time was put into the report, and it helps to have the detail, but in my mind it glosses over one of the most important parts: The dispute in the stewardship of the bundler and rubygems open-source projects. As I understand it, Ruby Central controlled the rubygems and bundler github organizations, but did not "own" the projects in the traditional sense - the individual contributers have copyright on the code, and potentially even trademark rights. By then removing access of core maintainers to those projects, they removed access to something they don't "own" themselves. This is all complicated by the fact that controlling a github organization or repo is different from owning the trademark or copyright. But some of the original maintainers clearly felt they had more of a right to those projects than Ruby Central did. I believe not clarifying this before making these access changes was the biggest mistake that Ruby Central made, and it's not even mentioned in this report.
> individual contributers have copyright on the code, and potentially even trademark They're not the original authors of Rubygems so it's doubtful they have anything more than copyright on the code they contributed.
I don't have much skin in the game but as a passerby, I agree that the report obviously was made with a lot of time/effort but wouldn't dramatically change someone's view of Ruby Central or assure anyone this won't happen again. This is like writing an outage postmortem without really getting to the root cause and identifying what can be done to prevent in the future.
I think part of that is that it was written from the perspective of the bug that caused the outage ;)
This incident involved many people over a rather long time scale, and it was important to detangle how people perceived events from how they actually unfolded. The subject matter is deeply subjective, and multiple failed attempts at writing this doc came as a result of aiming for objectivity, for blameless representation. Therefore, those named in this report are: - Full-time employees of Ruby Central - Part-time consultants who were involved in access discussions - Anyone who made an access change from September 10th-18th, 2025 - Those who have already been publicly identified in the discourse Volunteer groups, including the Ruby Central Board and the Open Source Software (OSS) Committee, are listed, but their actions are represented as a group. Individual quotes from the OSS Committee are used without direct attribution when they represent a general consensus. Some execution failures and mistakes are individual, but the purpose of having a foundation and having an institution is that it can rise above individual limitations and provide robust, fault-tolerant systems. Therefore, these are our mistakes, collectively. And collectively we'll learn from them, but only if we face what happened, what we meant to do, and where we fell short. The hope is that by sharing this, we can provide some closure to the community and increase transparency The undeniable effect of masking specific comments made by OSS committee members is to protect three members (2 current, 1 former) of Shopify's technical leadership around Ruby and Rails, who have all since left the committee. The one who left Shopify went to 37signals after.
You’d think that name, Shopify, would appear three times, once per employee/committee member. Or just once, to say the entire OSS committee was employed by Shopify, if we’re still identifying the group strictly as a group. Either would be fine.
They are still trying to sue Andre, that is by definition claiming he did something illegal. The rest is just fluff to cover their insincerity (IMO).
The document didn't mention a lawsuit and I was just responding to the above comment with only the context of the postmortem and pointing out that this particular article didn't claim anything illegal happened. You and some others here might have much more context that I or other readers of this postmortem don't have. I seem to remember there were some threats of legal action related to unauthorized access after this kerfuffle but I a) don't know what is going on with that, b) don't know what the law actually says about that and c) don't know if that is what you are referring to. If so, I think it is different than what the original comment alleged which was more about moonlighting/using proprietary information/competing. I think that topic is extremely complicated (e.g. I am not so sure moonlighting for a competitor while an employee is necessarily protected in California...) but that wasn't alleged in the postmortem anyway.
A couple of gentle corrections: > The document didn't mention a lawsuit and I was just responding to the above comment with only the context of the postmortem and pointing out that this particular article didn't claim anything illegal happened. You are correct that they did not make any claims, but the article did insinuate illegal behavior on the part of André and Samuel by selectively juxtaposing facts to imply wrongdoing without ever directly stating or saying that their behavior was illegal. For example: 1. André's first commit on RV is placed on the same bullet point as the Ruby Central-funded maintainer offsite, which implies Ruby Central's travel money subsidized a competing project's creation. 2. The `rubygems-github-backup` access token covering "all repos, including private repos" is introduced in the same timeline section as RV development, without any allegation it was used for RV. 3. The "Incident Lessons" section recommends adding an "Outside Business Activities" declaration policy, which only reads as a "lesson" if André's undisclosed side project is being framed as the problem in need of remediation. 4. The report states André "had intimate knowledge of the foundation roadmap" and "did not tell anyone in Ruby Central about this work until it launched". This frames nondisclosure of a lawful side project as a transgression. However, Ruby Central passed on this work, and even if they didn't, André has no obligation to tell Ruby Central about his work! 5. André's proposal to have his consultancy analyze RubyGems.org download logs is presented alongside an OSS Committee member raising PII and "reputational risk" concerns, casting a perfectly sensible rejected business proposal as something suspect. By my count, Ruby Central makes roughly 10 insinuations throughout the report, but not once do they actually claim any of these constitute a transgression. > I think that topic is extremely complicated (e.g. I am not so sure moonlighting for a competitor while an employee is necessarily protected in California...) California is actually quite clear on this! Bus. & Prof. Code § 16600 voids non-compete agreements, and California courts have consistently read it broadly enough that working on a competing project during employment is protected. The line is whether you used your employer's proprietary information or resources to do it, not whether you competed. The report does not allege that Samuel or André used Ruby Central's proprietary information, and given how thoroughly they documented everything else, I'd expect them to have said so if they had evidence of it. Ruby Central is insinuating that working on RV in the first place is a problem, not that they crossed any legal or contractual line.
That attitude is exactly the problem. Shopify does not 'keep the ship afloat' they are just a corporation using open source systems as the foundation of their business. Competition is not by definition the backing of a 'conflict of interest', it legally refers to a person or entity with a stake in a particular outcome having control of the means to achieve that which are not legally sound , ie compromise their judgment. I think Shopify's judgement of what 'is good for the Ruby community' is severely compromised by their corporate interests, and probably by their boards political interests as well. Hence, why they are trying so hard to justify removing Andre.
Do you have any idea how expensive it is to keep the infrastructure running? RubyCentral's operating expenses are in the millions every year and exceed their revenue. Andre's removal is easily justifiable by his own (lengthy history of) sketchy behavior. Since when is "open source" something businesses shouldn't be allowed to get value from or even have a stake in? These things are MIT licensed. That's free as in speech AND beer. If you don't like the freedoms of the license and how other people use them, don't use the license. If you don't like someone's stewardship, fork and maintain your own.
Responding to your first paragraph, the rest wasn’t constructive. Shopify paying for infrastructure related to Ruby is an investment, not charity. Hosting gems costs money and a healthy community depends on that gem hosting. Spotify, in turn, depends on that healthy community to produce and maintain gems, train future employees, stuff like that. They’re not paying that money for fun, it is to protect their interests. And all of the above would be true even if the OSS committee wasn’t 100% Shopify affiliated. That’s gravy.
Those who write the code have more of a right than those who pay the bills. Anyone can write a check. A select few have the acumen and experience to actually write the code. You can't unilaterally declare someone "sketchy" and then kick them out in the name of conveience.
No I'm calling him sketchy because that's the sentiment anyone who has been around in the community long enough and dealt with Andre has about him. This is very openly discussed and documented and not just in the aftermath of this event. People having concerns about Andre's behavior around his money and his open source contributions can't even be called an open secret. The narrative that one side of this is pushing that this is some little guys vs evil corporate overlords problem is short-circuiting so many peoples' ability to rationalize about this topic. This is about the personal failings to communicate and organize among a very small group of highly skilled, highly productive people. It's also about how they have fallen into camps and try to apply institutional and social leverage in order to influence millions of bystanders in order to maintain/wrest control. Each credibly accusing the other of doing it for their own benefit. Nobody is in the right here. If you can't engage with that as your starting point, you aren't serious about this conversation and are just spouting one side's propaganda.
Open source CAD in the browser (Solvespace) (solvespace.com)
So stoked to see the movement on this project. Once lofts are possible, it'll be so over for FreeCAD
Chambers aren't available so I wouldn't hold you breath waiting for lofts
FreeCAD is amazing these days. It has completely replaced my use of Autodesk Fusion 360 for woodworking projects. It is capable and the UI is understandable. Its feature depth is incredible. FreeCAD is becoming like Blender and Inkspace - incredibly robust and capable and equivalent in most cases to the commercial alternatives. I find the rendering side of things under developed though.
FreeCAD strains on larger assemblies and tighter parametric constraints, and feature depth doesn't hide slow updates or sketch import glitches.
Claude Code users hitting usage limits 'way faster than expected' (theregister.com)
Still on 2.1.87, exclusively Opus for coding — haven't hit this yet. Wondering if the bug is personal vs team plan specific? I'm sure it's more complex, but why not improve internal implicit caching and pass the savings on? Presumably Anthropic already benefits from caching repeated prompt prefixes internally — just do that better, extend the TTL window, and let users benefit. Explicit caching stays for production use cases with semi-static prompts where you want control. The current 5-min default TTL + 2x penalty for 1-hour cache feels punitive for an interactive coding tool.
It seems like Anthropic is constantly changing the rules and pulling out rugs, and always entirely by surprise. I’m not sure if they’re incompetent or just careless, but I stopped paying them because of this a while ago, and my days are much more interesting and enjoyable using my own brain instead.
As long as they keep losing money and are reliant on investments to pay their operating expenses, they are going to be thrashing about in search of a sustainable business model and I don't blame them.
I have found that: - If I ask Claude to go and build a product idea out for me from scratch, it can get quite far, but then I will hit quota limits on the pro plan ($20pm). - I have not drunk the Kool-aid and tried to indulge in ClaudeMaxxing (Max plan at $200pm). I need to sleep and touch grass from time to time. - I don't bother with a Claude.md in my projects. I just raw-dog context. - If I have a big codebase, and I'm very clear about what code changes I want to make Claude do, I can easily get a lot of changes made without getting near my quota. It's like Mr Miyagi making precision edits to that Bonsai Tree in Karate Kid. My last bit of advice - use the tool, but don't let the tool use you.
Hit this myself recently, along with a bunch of overloaded errors. I think it's growing pains for where we are with AI right now. As the tooling matures I think we'll see better support for mixing models — local and cloud, picking the right one for the task. Run the cheap stuff locally, use the expensive cloud models only when you actually need them. That would go a long way toward managing costs. There's also the dependency risk people aren't talking about enough. These providers can change pricing whenever they want. A tool you've built your entire workflow around can become inaccessible overnight just because the economics shifted. It's the vendor lock-in problem all over again but with less predictability.
Recently after noticing how quickly limits are consumed and reading others complaints about same issue on reddit I was wondering how much about this is real error or bug hidden somewhere and how much it's about testing what threshold of constraining limits will be tolerated without cancelling accounts. Eventually, in case of "shit hits the fan" situation it can be always dismissed by waving hands and apologizing (or not) about some abstract "bug". The lack of transparency and accountability behind all of this is incredible in my perception.
It is also interesting to observe that your most valuable accounts in this kind of pricing model are the ones that are least used and therefore are not confronted by the limits. Heavy users canceling their accounts in frustration is a win for Anthropic not a punishment, at least a short term.
I suspect that Claude had a bug that undercounted tokens and they fixed it.
I wonder if that was why they were offering the bonus off hours limits. Ease people in to the transition.
i don't use local llms. it's mostly the closed source subscriptions that are not private, it really is a choice. there are many cloud providers of zero data retention llm APIs, and even cryptographic attestation. they are not throttled, you can get an agreed rate limit.
Would you mind naming some of your favorite providers?
 Top