Unlurker|Replay|About
A simplified model of Fil-C (corsix.org)
Fil-C is one of the most unrated projects I've ever seen. All this "rewrite it in rust for safety" just sounds stupid when you can compile your C program completely memory safe.
Fil-C is much slower, no free lunch, if you want the language to be fast and memory safe you need to add restrictions to allow proper static analysis of the code.
[delayed]
It makes more sense for new software to be written in Rust, rather than a full rewrite of existing C/C++ software to Rust in the same codebase. Fil-C just does the job with existing software in C or C++ without an expensive and bug riddled re-write and serves as a quick protection layer against the common memory corruption bugs found in those languages.
Fil-C has two major downsides: it slows programs down and it doesn't interoperate with non-Fil-C code, not even libc. That second problem complicates using it on systems other than Linux (even BSDs and macOS) and integrating it with other safe languages.
You’re not wrong but both problems could be alleviated by sending patches :-)
> it slows programs down Interesting, how costly would be hardware acceleration support for Fil-C code.
Thanks for the love man! > "rewrite it in rust for safety" just sounds stupid To be fair, Fil-C is quite a bit slower than Rust, and uses more memory. On the other hand, Fil-C supports safe dynamic linking and is strictly safer than Rust. It's a trade off, so do what you feel
Minor nitpick. Or confusion on my part. In the filc_malloc function the call to calloc doesn't seem to allocate enough memory to store an AllocationRecord for each location in visible_bytes. Should it be: ar->invisible_bytes = calloc(length, sizeof(AllocationRecord));
Not here, lots of discussion: Fil-Qt: A Qt Base build with Fil-C experience (143 points, 3 months ago, 134 comments) https://news.ycombinator.com/item?id=46646080 Linux Sandboxes and Fil-C (343 points, 4 months ago, 156 comments) https://news.ycombinator.com/item?id=46259064 Ported freetype, fontconfig, harfbuzz, and graphite to Fil-C (67 points, 5 months ago, 56 comments) https://news.ycombinator.com/item?id=46090009 A Note on Fil-C (241 points, 5 months ago, 210 comments) https://news.ycombinator.com/item?id=45842494 Notes by djb on using Fil-C (365 points, 6 months ago, 246 comments) https://news.ycombinator.com/item?id=45788040 Fil-C: A memory-safe C implementation (283 points, 6 months ago, 135 comments) https://news.ycombinator.com/item?id=45735877 Fil's Unbelievable Garbage Collector (603 points, 7 months ago, 281 comments) https://news.ycombinator.com/item?id=45133938
↙ time adjusted for second-chance
I'm spending 3 months coding the old way (miguelconner.substack.com)
I like to write personal letters too. I also send emails. I do the former for fun. The latter to provide for my family. There is a reason old men take on hobbies like woodworking and fixing old cars and other stuff that has been replaced by technology.
I started using Zed as a half measure. I think I'll start using AI for planning and suggested implementation steps. I am seeing non technical people getting involved building apps with Claude. After the Openclaw and other Agentic obsession trends I just don't see it pragmatic to continue down the road of AI obsession. In most other aspects of life my skills were valuated because of my ability to care about details under the hood and the ability to get my hands dirty on new problems. Curious to see how the market adapts and how people find ways to communicate this ability for nuance.
That guy sounds so full of it just after reading the first few paragraphs... if had anywhere near this attitude before he got into LLMs, I would probably not have liked to be on a development team with him.
I've settled into a pattern of using agents for work (where throughput/results are the most important) and doing things the hard way for personal or learning projects (where the learning is more important).
It's easy to take for granted lots of experience programming before the advent of LLMs. This seems like a good strategy to develop understanding of software engineering. I remember writing BASIC on the Apple II back when it wasn't retro to do so!
Not the point of the article but > 15 years of Clojure experience My God I’m old.
So we’ve already grown nostalgic for the old days… skimming through an alien looking codebase, scratching your head trying to figure what crazy abstraction the last person who touched this code had in mind. Oh shit it was me? That made so much more sense back then… but it’s been 6 hours and I can’t figure out why this does not work anymore. So you read some docs but they are poorly written. So you find something on Google and try to hack that into your solution. But nope, now more stuff broke. There goes your day.
This is ominous and very depressing given what we've recently learned / reconfirmed about LLMs sapping our ability to persist through difficult problems: > There were 2 or 3 bugs that stumped me, and after 20 min or so of debugging I asked Claude for some advice. But most of the debugging was by hand! Twenty whole minutes. Us old-timers (I am 39) are chortling. I am not trying to knock the author specifically. But he was doing this for education, not for work. He should have spent more like 6 hours before desperately reaching for the LLM. I imagine after 1 hour he would have figured it out on his own.
I'm sure the author will encounter problems where the only way to solve them will be the marginal effort provided by a human. At that point he won't be just be solving problems to work his brain, but also to accomplish a goal.
Often when LLMs give me some command option or advice I haven’t seen before I try to independently verify it. And I’ve often been frustrated just how hard it is to find this info from the source documents. Though a lot of the time this is more an inefficiency of the documentation and Google rather than something only LLMs could do.
As the rate of 'hallucinations' seems to have dropped dramatically (at least IME as regards non-existent flags and the like), I'm more concerned with usage. I often use grep.app/GH code search to look for usage examples as a sanity check when things look "off", for exactly the reason you described--there's often a total lack of good documentation on things like that, especially on "younger" tools/stuff.
YES. I don't know how many multi WEEK sessions of debugging I've been through in my career. Frustrating, but so many valuable lessons learned in the process. LLMs are absolutely causing us to lose something very important.
But oh my god, do you remember how good it felt to finally fix it? The euphoria I felt after fixing bugs that I stayed up late working on is like nothing else.
> LLMs are absolutely causing us to lose something very important The time wasted thinking our craft matters more than solving real world problems? The amount of ceremony we're giving bugs here is insane. Paraphrasing some of y'all, > "I don't have to spend a day stepping through with a debugger hoping to repro" THAT IS NOT A PROBLEM! We're turning sand into magic, making the universe come alive. It's as if we just got electricity and the internet and some of us are still reminiscing about whale blubber smells and chemical extraction of kerosene. The job is to deliver value. Not miss how hard it used to be and how much time we wasted finding obscure cache invalidation bugs. Only algorithms and data structures are pure. Your business logic does not deserve the same reverence. It will not live forever - it's ephemeral, to solve a problem for now. In a hundred years, we'll have all new code. So stop worrying and embrace the tools and the speed up.
> The time wasted thinking our craft matters more than solving real world problems? This is both a strawman and a false dichotomy.
I mean to cause a stir! Let me invoke every logical fallacy and dirty rhetorical device I can if it draws attention. Too many of our engineering conversations are dominated by veneration of the old. Let me be hyperbolic so that you can see that we're starting to live in the future. The old ways of doing things are going to change. Whatever energy we're putting into this now is being spent on a temporary state of affairs.
I don’t miss multi week debugging sessions. Having a tool that instantly searches through the first 50 pages of google and comes up with a reasonable solution is just speeding up what I would have done manually anyways. Would I have learned more about (and around) the system I‘m building? Absolutely. I just prefer making my system work over anything else, so I don’t mind losing that.
The multi week debugging sessions weren't fun, but that doesn't mean they weren't valuable and important and a growth and learning opportunity that we now will no longer experience.
Seems like there's a good argument to be made that we'll have plenty of opportunities for valuable growth and learning, just about different things. Just like it's always been with technology. The machine does some of the stuff I used to do so now I do some different stuff.
IMO the more salient point is that bugs requiring multiple weeks of human work aren't going away! Claude has actually not been trained on, say, a mystifying and still poorly-explained Java concurrency bug I experienced in 2012, which cost a customer $150,000. Now in 2026 we have language-side tooling that mitigates that bug and Claude can actually help a lot with the rewrite. But we certainly don't have language tooling around the mysterious (but now perfectly well-explained) bug I experienced in 2017 around daylight saving's time and power industry peak/off-peak hours. I guess I haven't asked, but I can almost guarantee Claude would be no help there whatsoever. Just so many confusing things go wrong in real-world software, and it is asinine to think that Mythos finding a ton of convoluted memory errors in legacy native code means we've solved debugging. People should pay more attention to the conclusion of "Claude builds a C compiler" - eventually it wasn't able to make further progress, the code was too convoluted and the AI wasn't smart enough. What if that happens at your company in 2027, and all the devs are too atrophied to solve the problem themselves? I don't think we're "doomed" like some anti-AI folks. But I think a lot of companies - potentially even Anthropic! - are going to collapse very quickly under LLM-assisted technical debt.
If I told someone I spent a week debugging a problem these days I think I would get laughed out of the call. Even a day might hit somw chuckles. If you cant fix the bug just slop some code over it so its more hidden. This is all gonna be fascinating in 5-10 years.
This does depend on who you are; If you're a senior with 10+ years of experience, it's a failure of your abilities to cut your losses or know when to seek help if you take far too long debugging something. But for juniors, it's invaluable experience. And as a field we're already seeing problems resulting from the new generations of juniors being taught with modern web development, whose complexity is very obstructing of debugging.
There are definitely situations where you can't ask for help and you can't turn your back on the bug. I worked on a project that depended on an open source but deprecated/unmaintained Linux kernel module that we used for customers running RHEL[1]. There were a number of serious bugs causing panics that we encountered, but only for certain customers with high VFS workloads. I spent days to a week on each one, reading kernel code, writing userland utilities to repro the problem, and finally committing fixes to the module. I was the only one on the team up to the task. We couldn't tell the customers to upgrade, we couldn't write an alternative module in a reasonable timeframe, and they paid us a lot of money, so I did what I had to do. I'm sure there are lots of other examples like this out there. [1] Known for its use of ancient kernels with 10000 patches hand-picked by Red Hat. At least at the time (5-10 years ago).
Yep and after 6 hours don't reach for LLM, instead: * Ask someone to come over and look * Come back the next day, work on something else * Add comment # KNOWN-ISSUE: ...., and move on and forget about it. But year spent days on a bug at work before ha ha!
> Come back the next day, work on something else This is a tried and true way of working on puzzles and other hard problems. I generally have 2-4 important things in flight, so I find myself doing this a lot when I get stuck.
I did things the old way for 25 years and my carpal tunnels are wearing out. LLMs let me produce the same quality I always have with a lot less typing so not mad at that at all. I review and own every line I commit, and feel no desire to go back to the old way. What scares the shit out of me are all these new CS grads that admit they have never coded anything more complex than basic class assignments by hand, and just let LLMs push straight to main for everything and they get hired as senior engineers. It is like hiring an army of accountants that have never done math on paper and exclusively let turbotax do all the work. If you have never written and maintained a complex project by hand, you should not be allowed to be involved in the development of production bound code. But also, I feel this way about the industry long before LLMs. If you are not confident enough to run Linux on the computer in front of you, no senior sysadmin will hire you to go near their production systems. Job one of everyone I mentor is to build Linux from scratch, and if you want an LLM build all the tools to run one locally for yourself. You will be way more capable and employable if you do not skip straight to using magic you do not understand.
> LLMs let me produce the same quality I always have with a lot less typing If that's true, then you likely used to produce slop for code. :-( > I did things the old way for 25 years and my carpal tunnels are wearing out. You wrote so much code as to wear out your carpal tunner? Are you sure it isn't the documentation and the online chatter with your peers? :-( ... anyway, I know it's corny to say, but - you should have, and shoudl now, improve the ergonomics of your setup. Play with things like the depth of your keyboard on your desk, the height of the chair and the desk, with/without chair handrests, keyboard angle, etc. > Job one of everyone I mentor is to build Linux from scratch "from scratch" can mean any number of things.
From what I remember, typical new C++ debugged code speed is about 20-25K lines per year, lines that are non-blank, non-comment and not completely verifiable by compiler. E.g., standalone bracket or comma or semicolon are not lines of code, function header is too not a line of code, but computation, conditions and loops are. This is from old IBM statistics, I learned about it circa 2007. If we assume that there are 50 weeks per year, this gives us about 400-500 lines of code per week. Even at long average 65 chars per line, it goes not higher than 33K bytes per week. Your comment is about 1250 bytes long, if you write four such comments per day whole week, you would exceed that 33K bytes limit. I find this amusing.
LOL. If you look at their comment history, they sure are typing a lot of characters for their wrists.
Junior developers have always been a lot less effective than senior developers. We will need new senior developers so we will need to train junior developers. Maybe we train them by forcing them to do things the hard way. The slow way. By hand. Because if we let them do things the fast way they are going to cause some serious damage.
Who's going to be doing that? Employers were already refusing to hire juniors, even when 0.5-1 years' salary for a junior would be cheaper than spending the same on hiring a senior. They'll never accept intentionally "slower" development for the greater good.
internships for one. my last summer intern did everything the manual way, except for a chunk where I wanted him to get something done fast without having to learn all the underlying chunks
Even by pessimistic progress projections AI will be better than most at coding before this is a long term issue. And the output multiplier I'm seeing I suspect the number of SWEs needed to achieve the same task is going to start shrinking fast. I don't think SWE is a promising career to get started in today.
There’s certainly a lot of uncertainty. But pro-AI posts never seem to pin themselves down on whether code checked in will be read and understood by a human. Perhaps a lot of engineers work in “vibe-codeable” domains, but a huge amount of domains deal with money, health, financial reporting, etc. Then there are domains those domains use as infrastructure (OS, cloud, databases, networking, etc.) Even where it is non-critical, such as a social media site, whether that site runs and serves ads (and bills for them correctly) is critical for that company.
This is awesome! I myself did a 12 weeks batch at RC (W1'24) and had an absolute blast. Happy coding! Stay curious.
Huge fan of RC. Have a close friend that did it. I've been so close to applying multiple times in my life but the timing just never quite works out
Tesla tells HW3 owner to 'be patient' after 7 years of waiting for FSD (electrek.co)
> 3,000 owners from 29 countries signed up — representing over €6 million in FSD purchases. The math doesn't work out. It should be \euro 20,000,000 in FSD purchases, no?
The article is about a Dutch owner of an older Tesla who bought with the intention of using FSD (supervised) with HW3 but the government has not approved it's use for that model so the person can't use it. You can use FSD with HW3 in other countries like Canada.
There is something uncanny about the way you've phrased your comment, as if to suggest nothing about what Tesla did was wrong.
I was responding to the HN headline which doesn't clarify the context in which FSD is not available because I know people don't read articles. He could and should try to sue Tesla for the $6k refund which the article already says he's trying to do.
> People don't talk about these cars driving themselves enough imho It’s because driving on the freeway isn’t FSD, it’s a better version of cruise control, and other companies also offer similar capabilities. Within a city, the thing is a shitshow. It does random things all the time and it’s almost a larger cognitive burden on me to constantly be on the lookout for it to make mistake where I have to take over vs me just driving the car myself. For me specifically, it’s just impossible to drive because it fails to recognize curved streets and a couple of other irregularities just within blocks of where I live.
In a city not only does it do random things, when it does work it’s calibrated so poorly people behind me signal all the time because it’s too slow. On a freeway it’s only kind of usable. It switches lanes far too aggressively and for no reason, to the point that it makes the ride uncomfortable. What I really want is auto steer with lane switching when I signal, which for some reason I could never get working in any mode. It either doesn’t change lanes at all, or changes them arbitrarily of its own volition. And if I change lanes manually it turns off autosteer, which is too irritating to use in practice. Tesla self driving, in any mode, is a bad product. And I say this as a Tesla fan.
Weird. Works great in cities for me. It’s been more than fancy cruise control for awhile.
It is a great feature, but, ADAS is by definition not self-driving, no matter how capable it is at manipulating the controls. The lowest level of self driving is level 3, where the human is responsible for supervision less than 100% of the time but greater than 0% of the time. Tesla FSD is level 2 and requires the human driver to supervise operations of the ADAS system 100% of the time. https://www.faistgroup.com/site/assets/files/1657/j3016-levels-of-driving-automation-12-10.800x0-is.jpg While FSD's manipulation of controls is impressive -- it is missing a very critical component that is required for self driving: the ability to guarantee whether or not it can make a safe decision. Tesla's FSD still offloads this task to the human driver. Once they can do this more than zero percent of the time, they will have achieved level 3.
This system sounds worse than useless - automating the easy part of the task, while making the hard part harder.
It isn't useless. Like cruise control, you don't need full automation to make driving more comfortable. Hands-off level 2 systems are great for long distance travel. I turn them off when I'm navigating situations that require high levels of decision making, however, e.g. driving through a crowded parking garage.
I hear this a lot, and I'm genuinely curious why you think it might take more energy to be on alert for tricky situations. Wouldn't you already be doing that for your own manual driving?
Even if I take my hands off the wheel of my normal, non-self-driving car, I know it will keep going straight-ish for a second or two, and won't randomly slam on the brakes or swerve into a median. A "self-driving" tesla is an adversary you need to supervise to make sure it doesn't take actions you wouldn't expect of a normal car.
It's not just "tricky situations", sometimes FSD will do things that no normal driver would ever do, and it will do them inconsistently. Sometimes it's brilliant and sometimes it's drunk.
what do you think it is train drivers do?
Getting paid to babysit. Tesla asks you to pay to babysit.
Let’s say, hypothetically, that someone has gone thousands of miles on FSD without intervening. What information would need to exist to convince you of this?
More than a random Twitter feed and a news post from a company which is known to spread lies, that's for sure.
It only nags you if the cabin-facing camera can't tell whether you're keeping your eyes on the road now.
Which is why you put a sticker over it.
I guess that’s the point, FSD is not available. What you buy is lvl 4/5 available is lvl 2+. I think, this is a calculation to understand if an upgrade of hw3 to hw4 actually solves the problem or if hw3 must be updated to hw5. One upgrade is more economical than two, but I would be annoyed for sure as well.
The definition of what “Tesla FSD is has changed over time. Earlier buyers were promised more, so they have a stronger case on that basis as well.
Even "cat readme.txt" is not safe (blog.calif.io)
Even click-baity titles are not safe.
Is it a problem with "cat" or a terminal problem? If I wrote my own version of cat in C, simply reading and displaying a single TXT character at a time, wouldn't I see the same behavior?
As the article shows, it is a bug in iTerm2. cat is just one program that could trigger it, the key thing is outputting attacker controlled text to the terminal when the attacker can control what files (ie unzipping a folder that includes a specific executable file at a well chosen application that gets triggered to run when the readme is output to the terminal)
I guess traditional moratorium period for vulnerability publication is going to be fade away as we rely on AI to find it. If publicly accessible AI model with very cheap fee can find it, it's very natural to assume the attackers had found it already by the same method.
It’s a wrong way to look at things. Just because CIA can know your location (if they want to), would you share live location to everyone on the internet? LLM is a tool, but people still need to know — what where how.
All 12 moonwalkers had "lunar hay fever" from dust smelling like gunpowder (2018) (esa.int)
Photocopiers smell like ozone when they run if anyone’s forgotten the smell Those are similar but sweeter. If I sterilize a room with UV it has a very distinct smell like nothing else aside from lightening and stun guns. I would UV the bathroom right now but then I have to vent the entire house and its 34F outside right now.
Brushed DC motors (as in some drills, toothbrushes, etc.) emit ozone. Some light switches also create ozone-producing electrical arcing if you hold them perfectly between the on and off positions, or slowly cross the midpoint. (Less easy with the newer-style, less accessible rocker switches.)
The only thing you're doing by sterilizing your house like that is making your immune system weaker. Humans are built to withstand a constant assault on their immune systems. We couldn't have survived if we didn't.
Careful. The venn diagram bubble depicting your statement overlaps heavily with the anti-vaccine bubble. Its a bit naieve to claim that cleaning one's home will result in an extinction of enough microbes so as to be threatening to our immune system.
I don't think any of you should want to be smelling Ozone. Diatomic oxygen is already a highly reactive fuel that is killing us and giving us cancer every single day. The ozone species is even more oxidative. Oxygen is how we move about the energy gradient, but it's also killing us. Ozone is worse. "Air purifiers" with ionization are probably not worth the squeeze.
The permissible exposure limit for ozone is 0.1 PPM. The IDLH (Immediately Dangerous to Life and Health) level for ozone is five ppm. That's half of chlorine which is 10 ppm. Most major brand air purifiers put out a very minimal amount; the ionization is beneficial because it makes the really tiny (and thus most hazardous) particles clump and fall/stick to surfaces faster. It's the offbrand units that generate lots of ozone to make people think they're "doing something", and commercial ozone generators for car/room deodorizing, that you have to be extremely careful with. Those need to be set up and then the room left for hours for the ozone to react with stuff, and then ventilated thoroughly.
Is that required? Could the suit itself be used as a type of airlock, to leave outside things outside? For example, mounting yourself onto a wall, then the back/whatever of the suit opens to the inside, and you hop out? (yes, there would be some dust recovery required, but minimal in comparison)
The challenge with the "suits stay outside" model is that you basically need some kind of airlock between the suit hatch and the ship hatch. You might imagine both hatches get contaminated when the suit is detached. Then when you dock, that whole between-hatch space needs to be decontaminated before you can open the two hatches, because the outside of the suit hatch brought that stuff into the airlock. Someone else linked to this: https://en.wikipedia.org/wiki/Space_Exploration_Vehicle#Specifications_(2008_design) edit: in that context^ search for "SEV suitport design" find NASA has written some docs on the matter, eg https://ntrs.nasa.gov/api/citations/20130013652/downloads/20130013652.pdf
> mounting yourself onto a wall, then the back/whatever of the suit opens to the inside, and you hop out? Isn't there a plan for the Artemis lunar rover to be configured this way? The outside of the suit never comes inside the rover.
Sadly we underestimate the liveability of this Earth. Muskism makes people believe to the false premise that we can just buy a new planet, make it habitable with magical tech. Supported with pseudoscientific buzzwords like Terraforming etc. So we can recklessly consume this planet and jump to our new home when this one depletes. No need to care about our current home because it's a jumping board. Interesting as an old Sci-Fi fantasy so it attracts smart people, but if you really think about it's just lies and stupidity.
Musk was also into the solar panels and EVs so it's not all trash the planet. Even if living on Mars or Venus isn't practical we might develop interesting tech trying.
Wasn’t the solar panels thing just some financial fraud scheme?
Show HN: Smol machines – subsecond coldstart, portable virtual machines (github.com/smol-machines)
I see the alpine and python:3.12-alpine images in your cli docs. Where does these come from?is it from a docker like registry or are these built in? Can I create my own images? Or this this purely done with the smolfile? Is there a Ubuntu image available? Looks really nice btw. Hot resize mem/cpu would be nice. This could become a nice tech for a one-backend-per-customer infra orchestrator then.
What I really like about containers is quickly being able to spin one up without having to specify resources (e.g. RAM limit). I hope this would let me do that also.
smolvm is awesome. The team is highly responsive and very experienced. They clearly know what they’re doing. I’m currently evaluating smolvm for my project, https://withcave.ai , where I’m using Incus for isolation. The initial integration results look very promising!
This looks super awesome. Very excited for you potentially open sourcing it, as I’d like to customize/extend it a bit for certain use cases. Re: smolvm vs in use, I think even if smolvm works great for it, why not keep incus as an option for people who want to use cave on VMs that don’t have access to /dev/kvm (Eg the user can pick either incus or smolvm for their cave deployment)
> that was one of my inspirations Colins FreeBSD work or Emiles NetBSD work?
netBSD, I love that focus on a minimal and simple, reproducible binaries. You'll see that philosophy in this project as well (i hope). freeBSD focuses on features, which is great too.
Hello, I'm building a replacement for docker containers with a virtual machine with the ergonomics of containers + subsecond start times. I worked in AWS previously in the container space + with firecracker. I realized the container is an unnecessary layer that slowed things down + firecracker was a technology designed for AWS org structure + usecase. So I ended up building a hybrid taking the best of containers with the best of firecracker. Let me know your thoughts, thanks!
What were the biggest challenges in terms of designing the VM to have subsecond start times? And what are the current bottlenecks for deceasing the start time even further?
No special programming tricks were used. Linux was built in the 90s. Hardware improved more than a 1000x. Linux virtual machine startup times stayed relatively the same. Turns out we kept adding junk to the linux kernel + bootup operations. So all I did was cut and remove unnecessary parts until it still worked. This ended up also getting boot up times to under 1s. The kernel changes are the 10 commits I made, you can verify here: https://github.com/smol-machines/libkrunfw There's probably more fat to cut to be honest.
What percentage of this code was written by LLM/AI?
Hey mathematician, how much of this formula did you calculate with an abacus instead of a calculator?
I mean making any given VM stop on host A and appear on host B; e.g. standard Qemu/KVM: virsh migrate --live GuestName DestinationURL This is feasible when network storage is available and useful when a host needs to be drained for maintenance.
It's also feasible without network storage, --copy-storage-all will migrate all disks too.
Show HN: PanicLock – Close your MacBook lid disable TouchID –> password unlock (github.com/paniclock)
> in sensitive situations, law enforcement and border agents in many countries can compel a biometric unlock in ways they cannot with a password. If the threat model includes state-level actors, then disabling biometrics won't prevent data from being retrieved from physical memory. It would probably be wiser to enable disk encryption and have a panic button that powers down/hibernates the computer so that no unencrypted data remains on RAM. The website says shutdown "takes time" and "kills your session" but a hibernation button would take effect just as fast and would preserve the session.
Apple Silicon is at least much more difficult to attack in this way, though it might be possible.
a cop works for "the state," but he's definitely not a "state-level actor."
How do you define "state-level actor?" Police departments certainly have access to state and federal forensic resources to access unencrypted data in memory.
Hyperscalers have already outspent most famous US megaprojects (twitter.com)
Just wait until the DAOs become agentic!
> We're seeing exactly the same thing with AI, as there is massive investment creating a bubble without a payoff. ... And so far there's no evidence that all this investment has generated more profit for the users of AI. If you look around a bit, you will find evidence for both. Recent data finds pretty high success in GenAI adoption even as "formal ROI measurement" -- i.e. not based on "vibes" -- becomes common: https://knowledge.wharton.upenn.edu/special-report/2025-ai-adoption-report/ (tl;dr: about 75% report positive RoI.) The trustworthiness, salience and nuances of this report is worth discussing, but unfortunately reports like this gets no airtime in the HN and the media echo chamber. Preliminary evidence, but given this weird, entirely unprecedented technology is about 3+ years old and people are still figuring it out (something that report calls out) this is significant.
[delayed]
This tweet shows it as a percentage of US GDP: https://x.com/paulg/status/2045120274551423142 Makes it a little less dramatic. But also shows what a big **'n deal the railroads were!
[delayed]
> Lockheed Martin can, given peak rates seen in 2025, produce a new F-35 approximately every 36 hours ... it's a operating line at full rate production that could conceivably build a US Navy squadron every ~15 days, plus a complete logistics and training system, all on the front burner. That's amazing. I had no idea the US was still capable of things like that. I wonder if there's a way to get close to that, for things that aren't new and don't have a lot of active orders. Like have all the equipment setup but idle at some facility, keep an assembly teams ready and trained, then cycle through each weapon an activate a couple of these dormant manufacturing programs (at random!) every year, almost as a drill. So there's the capability to spin up, say F-22 production quickly when needed. Obviously it'd cost money. But it also costs a lot of money to have fighter jets when you're not actively fighting a way. Seems like manufacturing readiness would something an effective military would be smart to pay for.
We do—our automotive assembly lines. F-22 is more of a deterrent. If we need more, it’s failed.
The point is that ~£800,000/year is high, even possibly "very high" but it is not "most wealthy man in Britain" high, and certainly nowhere near "hire as many people as worked for Darcy".
Its more like making 800k per year today in India, where a lot of people make much less so you can have servants
NASA Force (nasaforce.gov)
> You will join a collaborative, mission-driven team where ideas are valued, contributions are recognized, and innovation is part of everyday work. Wow, gee wiz. I can’t wait to synergize in real time for action oriented solutions. /s This website feels like an HR person asked Claude to make a website. If you’re swayed by a simple website, you’re not high caliber talent.
Experience necessary. From Assessment 1, which you only get to after spending $16 ordering your college transcript... > I have 1 year of directly related specialized experience equivalent to at least the GS-13 level in the Federal service that included: Performing program/project management of space, aeronautical flight systems or experimental aircraft/aircraft systems that involve planning, researching, designing, developing, testing and evaluating, or completing cost analyses; Analyzing, designing, or operating space flight systems, aeronautical flight systems, experimental aircraft/aircraft systems, or structures operating throughout the earth's atmosphere; Developing requirements and integrating aerospace or flight/ground systems (e.g., payloads, hardware/software, scientific instruments, communication equipment, cargo, or any other specialized equipment).
They want my college transcript? From the early 00's? I would like to think I've grown a bit professionally since then.
Thanks. I did find a space jobs site last week, and some jobs looked like they aligned closely. That's probably why I was surprised the nasa reqs weren't as broad. I wasn't really looking for a change; I have 1 and 3 year olds and am fully remote, and the flexibility with sicknesses is really a benefit. I think it was mostly a shock to my system that I may never do anything "cool" with my life.
One way of viewing this is that to a moderate degree, NASA has largely been outsourced to SpaceX.
My 5090 couldn't handle that starfield at the beginning. I got a 1202 alarm just scrolling down..
My MBP M5 couldn't handle it with Firefox but it was fine on Safari, betting it's a WebGL issue or something
2027 White House proposed budget[1]: $18.8 billion 2026 White House proposed budget[2]: $18.8 billion [1] https://www.whitehouse.gov/wp-content/uploads/2026/04/budget_fy2027.pdf [2] https://www.whitehouse.gov/wp-content/uploads/2025/05/Fiscal-Year-2026-Discretionary-Budget-Request.pdf [2] is represented as deltas, explainer here https://spacenews.com/white-house-budget-proposal-would-phase-out-sls-and-orion-scale-back-iss-operations/
Congress passes the budget since they have the power of the purse. Presidents have requested all sorts of nonsense to appease the base.
Your statement that it's humans and dismissing botted activity is a blanket statement, whereas I never used absolute language. If it's a human getting up and rushing to to write about promoted ragebait content devolving a forum into an echo chamber, of course someone takes the bait and lists grievances in hysterical language unsolicited. Such emotionality is totally uncalled for on a tech forum, and proves my point.
[delayed]
Cool website, Big Balls. Where's our social security data?
Just in case a reader has blissfully managed to not-remember last year: https://www.cnn.com/2025/02/21/politics/doge-musk-edward-coristine-invs
Measuring Claude 4.7's tokenizer costs (claudecodecamp.com)
I find it interesting that folks are so focused on cost for AI models. Human time spent redirecting AI coding agents towards better strategies and reviewing work, remains dramatically more expensive than the token cost for AI coding, for anything other than hobby work (where you're not paying for the human labor). $200/month is an expensive hobby, but it's negligible as a business expense; SalesForce licenses cost far more. The key question is how well it a given model does the work, which is a lot harder to measure. But I think token costs are still an order of magnitude below the point where a US-based developer using AI for coding should be asking questions about price; at current price points, the cost/benefit question is dominated by what makes the best use of your limited time as an engineer.
That. We already shipped 3 things this year built using Claude. The biggest one was porting two native apps into one react native app - which was originally estimated to be a 6-7 month project for a 9 FTE team, and ended up being a 2 months project with 2 people. To me, the economic value of a claude subscription used right is in the range of 10-40k eur, depending on the type of work and the developer driving it. If Anthropic jacked the prices 100x today, I'd still buy the licenses for my guys. Edit: ok, if they charged 20k per month per seat I'd also start benchmarking the alternatives and local models, but for my business case, running a 700M budget, Claude brings disproportionate benefis, not just in time saved in developer costs, but also faster shipping times, reduced friction between various product and business teams, and so on. For the first time we generally say 'yes' to whichever frivolities our product teams come up with, and thats a nice feeling.
Who's going to review that output for accuracy? We'll leave performance and security as unnecessary luxuries in this age and time. In my experience, even Claude 4.6's output can't be trusted blindly it'll write flawed code and would write tests that would be testing that flawed code giving false sense of confidence and accomplishment only to be revealed upon closer inspection later. Additionally - it's age old known fact that code is always easier to write (even prior to AI) but is always tenfold difficult to read and understand (even if you were the original author yourself) so I'm not so sure this much generative output from probabilistic models would have been so flawless that nobody needs to read and understand that code. Too good to be true.
Yes 200 as a business expense is really not that bad. But a hobby is hard to justify.
It's not gonna stay that way. Token cost is being massively subsidized right now. Prices will have to start increasing at some point.
Seems like the real costs and numbers are very hidden right now. It’s all private companies and secret info how much anything costs and if anything is profitable.
IMHO there is a point where incremental model quality will hit diminishing returns. It is like comparing an 8K display to a 16K display because at normal viewing distance, the difference is imperceptible, but 16K comes at significant premium. The same applies to intelligence. Sure, some users might register a meaningful bump, but if 99% can't tell the difference in their day-to-day work, does it matter? A 20-30% cost increase needs to deliver a proportional leap in perceivable value.
It's more like, if it gets it right 99% of the time, that sounds incredible. Until it's making 100k decisions a day and many are dependent on previous results.
Human dev labor cost is still the high pole in the tent, even multiplying today's subsidized subscription cost by 10x. If the capability improvement trajectory continues, developers should prepare for a new economy where more productivity is achieved by fewer devs by shifting substantial labor budget to AI.
Your employer doesn’t pay the subscription cost, they pay per token. So it’s already way more than 10x the cost.
That's why you split tasks and do project management 101. That's how things worked pre-AI, and old problems are new problems again. When you run any bigger project, you have senior folks who tackle hardest parts of it, experienced folks who can churn out massive amounts of code, junior folks who target smaller/simpler/better scoped problems, etc. We don't default to tell the most senior engineer "you solve all of those problems". But they're often involved in evaluation/scoping down/breakdown of problem/supervising/correcting/etc. There's tons of analogies and decades of industry experience to apply here.
Yeah... you split tasks into consecutively smaller tasks until it's estimateable. I'm not saying that can't be done, but taking a large task that hasn't been broken down needs, you guessed it, a powerful agent. that's your senior engineer who can figure out the rote parts, the medium parts, and the thorny parts. the goal isn't to have an engineer do that. we should still be throwing powerful agents at a problem, they should just be delegating the work more efficiently. throwing either an engineer or an agent at any unexplored work means you just have to delegate the most experienced resource to, or suffer the consequences.
I don't completely agree. Estimation is nontrivial, but not necessarily a random guess. Teams of human engineers have been doing this for decades -- not always with great success, but better than random. Deciding whether to put an intern or your best staff engineer on a problem is a challenge known to any engineering manager and TPM.
or tech lead. or whoever. the point is, someone has to do the sizing. I think applying an underpowered agent to a task of unknown size is about as good as getting the intern to do it. Even EMs and TPMs are assigning people based on their previous experience, which generally boils down to "i've seen this task before and I know what's involved," "this task is small, and I know what's involved," or "this task is too big and needs to be understood better."
> At that point you are beholden to your shareholders No not really, you can issue two types of shares, the company founders can control a type of shares which has more voting power while other shareholders can get a different type of shares with less voting power. Facebook, Google has something similar.
No, they still have to act in the interest of shareholders even if they have no voting power.
See also HP. Pretty much only Costco left.
Costco is such a strange and stark case standing in opposition to this general rule. From everything I hear, I can only gather that the reason is because of extremely experienced and level-headed executive staff.
Claude Design (anthropic.com)
Sigh, same old, rusty design.
The labs team cooked hard with this. As a designer who's been using Claude Code a lot to make better prototypes, I still go back to mockups for comparing many iterations, collecting precise feedback with comments, and documenting decisions for decks or sharing with other departments like product marketing. This seems to solve for all of these use cases (or at least start to). It's also just a beautiful product. The interaction model, styling and integrations via exporting is all super thoughtful
Good for crunching out some prototypes, ideas and getting inspirations I guess. Two prompts - the initial one and one refinement - took about ten minutes and used up 90% of the token budget. I wonder what the real costs are. After the IPO, they will no longer be able to subsidize token costs. The question will then be whether it's still cheap enough just for prototypes, ideas and inspiration.
As long as tokens cost less than humans people will pay for them. If you're human you need to differentiate yourself bigly from what will quickly become mainstream AI slop.
True. I didn't expect it to provide novel designs. Maybe Anthropic should find a better replacement for 'Design'. In my example, I expected it to create UI elements for a business application / expert system. And it did fine. In fact, I believe its perfect for creating average and functional designs. Its a better way to test variations of UIs for expert systems. But I want to know what the actual costs are.
Sounds like you're talking about research AI and not generative AI. You can't learn artistic/creative techniques when you're not practicing those techniques. You can have a vision, but the AI will execute that vision, and you only get the end result without learning the techniques used to execute it.
Well, the research is sometimes 10x quicker with AI assistant. But not always. Building phase is maybe 20-100% quicker for me at least, depending on the complexity of the project. Green field without 15 years of legacy that is never allowed to break is many times faster, always has been.
Yes but that’s why you ask it to teach you what it just did. And then you fact-check with external resources on the side. That’s how learning works.
> Yes but that’s why you ask it to teach you what it just did. Are you really going to do that though? The whole point of using AI for coding is to crank shit out as fast as possible. If you’re gonna stop and try to “learn” everything, why not take that approach to begin with? You’re fooling yourself if you think “ok, give me the answer first then teach me” is the same as learning and being able to figure out the answer yourself.
I think we will have maybe 5 to 10 years of all this crap, devaluing human made art and human made products, vibe coding everything. But eventually it will all fall apart. Long term only a minority will be happy seeing AI generated crap everywhere and most people will pay for quality human made goods. Unfortunately it's going to be a tough few years until that happens, where it really does feel like the idiots are winning. THE IDIOTS ARE WINNING
where would these unemployed people find money for quality human made goods
Do you have examples of "natural" UI that you like?
Mind-reading brain implants. That's what he wants.
Can you post an imgur link of the output? Just wanted to see the designs versus what it'd be in Stitch.
I got you, send me an email on my profile.
You could have said the same thing about powerpoint vs high quality marketing departments. The "pros don't want this" argument doesn't really hold weight. This is for non-designers to crank out slop with less effort. They can still be swayed by all the shiny knobs to feel in control.
What do you mean by “slop?” This word is thrown around a lot for relatively competent outputs. It’s not 2023 anymore.
I reckon something like this has only been possible to develop because of how homogenous the internet has become in terms of design ever since the glass effect and drop-shadows took over in Web 2.0 and Twitter Bootstrap entered the scene. You'll get a competent UI with little effort but nothing truly unique or mind-blowing. Impressive technology, but that old skool artisanal weirdness of yore only becomes more valuable and nostalgic.
Having just checked my child in for their doctor appointment, 90% of web software would be dramatically improved by using very boring best practices and readable and accessible web practices.
> You'll get a competent UI with little effort but nothing truly unique or mind-blowing. The shelf-life of unique and mindblowing has reduced to a week (being generous) before it's copied by slop artists looking for a resume booster or funding, and months tops before it's part of training data for everyone. Unless you find it in that small time window everything will seem homogenous. It could just be a systemic result; unless you deliberately take the lonely road to parts of the internet where other people aren't, you will not see unique and mind blowing things. Which by definition you can't source from a place that has a lot of users, like social media or popular forums.
You know where this is all going ? In a direction where the AI model basically serves you everything live. No sites, no front end, just databases and model embodying them. I mean why even code anything in the future where it is cheap and fast enough to just come up with everything each time based on each user need. I am not saying it’s good but it’s lazy. And if one thing is for certain is that laziness prevails. Some even mistake it for progress. But then, is human programming language really the most optimal way for an ai to steer the silicon? Some kind of bare AI OS with kernel, drivers and there in the middle a fat specialised asic ai chip to orchestrate everything.
> There's no shame in being homogenous and obvious, though. The real world analog is this... The reason people (especially Americans) stay in Marriott property hotels is because they are homogenous. If all I want to do is travel to Phoenix, AZ for work I want to know that the hotel room has the same mattress, desk, TV, customer service, etc. There is real legitimate value to that. So I'll book the Courtyard in Phoenix because I know exactly what I'm going to get. On the other hand, when I'm traveling the Amalfi Coast in Italy, I want the Airbnb experience. Sure the bed is stiff, there's no A/C, and the 80 year old door frame is hard to close, but there is something magical about it.
McDonalds. Homogenous everywhere in the world. US, Italy, Japan, Brazil, same stuff. Good pizza in Italy, goos ramen in Japan, grilled Picanha in Brazil, that's why you go there and want it different/original. But in software UI this is often overdone. I want the pizzazz in my audio software in what it produces , not in how the UI looks like.
Personally, if I had to go to Phoenix, AZ for work and stay at a Marriott hotel, I think I would rather convince my boss that this business trip could be a zoom call, and during that zoom call I notice that participants have all sorts of fun virtual backgrounds, filters, emoji in their statuses etc. Because it turns out, the type who don’t want fun little differences are exactly the types who will gladly go on a business trip to Phoenix Arizona and stay at a Marriott hotel.
> all sorts of fun virtual backgrounds, filters, emoji in their statuses I don't want more pieces of flair in my life, thanks You generally won't get to know someone well enough to appreciate their unique aspects unless you see them in person at least sometimes, unless that person has the habit of letting their freak flag fly in all circumstances, which has its own downsides.
Israel escalates attacks on medics in Lebanon with deadly 'quadruple tap' (theguardian.com)
How long will the world continue to tolerate Israel's egregious war crimes?
Hezbollah is the main political party in Lebanon. Anything can be related to the main political party of a country. It's like saying you can legally kill Israeli medics because they are "related to Likud". In any case, killing medics is a violation of the Hague and Geneva conventions and the internal law. If this story is hard for you to take seriously, there's thousands more stories, videos and witnessings of war crimes by Israel in very recent history..
Just worth clearing the point about Hezbollah in that context. Hezbollah is not the “main” political party [1] It is a major part of the government but not the main. 1. https://en.wikipedia.org/wiki/List_of_political_parties_in_Lebanon If they were the main party then it was Lebanon who attacked Israel following the war with Iran and not Hezbollah. Lebanon is very pragmatic already and they actually have an army which isn’t Hezbollah.
In all your comments, you keep referring to the resistance groups fighting the Israeli occupation as terrorists, which I’m guessing makes you either an Israeli or pro-Israel. The IOF has been notoriously lying about killing and torturing civilians. Not only that, but even soldiers caught red-handed on video raping prisoners have not only gotten away scot-free but also been allowed to rejoin the army. Is there a reason why we should trust anything such a genocidal, morally corrupt organization has to say?
I refer to them as terrorists because of their actions. Simple test: What does the person allocating the target believe is at that location? If they believe it to be something of military value the force is military or insurgent. If they believe it to be civilian, of no military value, then the force is terrorist. The label occasionally gets thrown around incorrectly--just because it was a terrorist group doesn't make the attack on the USS Cole terrorism. However, it's usually quite good at distinguishing terrorist from freedom fighter. And where is this supposed rape caught on camera? The vast majority of the allegations against Israel have absolutely zero support and most of the rest are misrepresentations of events. Israel has punished people who were clearly wrong. And I would be surprised if there are zero improper incidents, no war is perfectly clean. The question is how they are handled.
Just a few months the OP was defending the IDF destroying hospitals and killing aid workers [1], making up stories [2] and basically saying Israel can do no wrong [3]. It's more than abundantly clear that no amount of evidence is enough, nor is any war crime far enough for them to admit when Israel is going too far. [1] https://news.ycombinator.com/item?id=47144548 [2] https://news.ycombinator.com/item?id=47145254 [3] https://news.ycombinator.com/item?id=46469455
Ever wondered why Israel has disproportionate amount of settlers in the West Bank, a land that doesn't belong to them? I bet that makes them a legitimate target.
Because of the ongoing terrorism. The settlers are their religious nuts. Israel doesn't like them, but it's not worth the political capital to do anything about it because they aren't the actual cause of the terror. When Israel gets a better outcome from being kind rather than being harsh you will see them be kind. But every good deed gets harshly punished, don't expect good deeds until that changes.
> they aren't the actual cause of the terror Are you sure? Here are some stats of settler attacks from the United Nations Office for the Coordination of Humanitarian Affairs: Year Total Incidents Daily Average 2021 540 1 incident / day 2022 852 2 incidents / day 2023 1,189–1,291 3 incidents / day 2024 1,420–1,449 4 incidents / day 2025 1,828 5 incidents / day
They are evil now and they will be nice when some goal is achieved, this does not make any sense.
Why are you insinuating if your argument is supposedly so damning? Just state it plainly.
The point is the primary function isn't medical. It's about parading in front of the cameras when their command centers are hit.
To clarify, - I'm under no confusion about what they're insinuating, that's not the point (see that below) - I'm looking for their reply specifically It's relatively easy to accuse, and to make up some story. It's a lot harder to provide substance and formulate a compelling argument. Is the number of medical facilities really outstanding? Why does that suggest they're combatant hideouts? Which of them are, all? Why does them hiding combatants render double, triple, quadruple tapping, or even just targeting these facilities morally justified or reasonable? All pretty important questions I'd say, none of which are answered by cowardly insinuations. Last time I checked, my internal moral compass rated actually killing healthcare workers on the battlefield a lot worse than combatants using them as potential collateral. One would assume most other people do too, hence why the above is news.
Oh wow! So they make dummy hospitals and put dummy meat bags of all sizes for camera time and social media post just to make Israel look bad when they hit those meat bags. That is some strategy.
"One high-profile journalist targeted in this way was Al Jazeera reporter Anas Al-Sharif, who was killed along with four colleagues in an Israeli airstrike earlier this month. After his death, the Israeli army quickly circulated documents claiming he had been a Hamas operative since 2013. "Yet even if taken at face value, the files showed his last contact with Hamas was in 2017 – years before the current war," said France 24." You think Israel shows every bit of intel they have???? The last thing they showed being 2017 doesn't say he was only Hamas for four years. The basic problem here is that all the terrorist groups over there call their propaganda people "reporters". In a sense they are, they are reporting on events. That does not make them not considered combatants, though. Israel has found terrorist affiliation for about half of the dead "reporters", but that doesn't make the others civilians. Hit a combatant, the person next to him is probably also a combatant.
You're using the term "terrorist" to describe people indigenous to the land that Israel stole. If you use logic, that makes Israel that terrorist group since they used violence to kick Palestinians out of their land and homes, not the other way around. Lookup the Jewish terrorist groups Irgu, Lehi, and Haganah. Lookup the assassination of Lord Moyne by Lehi and the 1946 Irgun bombing of the King David Hotel. The leaders of these terrorist groups eventually became Prime Ministers of Israel. While you're at it, lookup the attack by the Israeli military on the USS Liberty that killed 34 Americans.
>You're using the term "terrorist" to describe people indigenous to the land that Israel stole. If you use logic, that makes Israel that terrorist group since they used violence to kick Palestinians out of their land and homes, not the other way around. So, uh, ahem. The IRA... I don't think terrorism is a useful word anymore. It's become too muddied by rhetoric. Not to say that Israel isnn't terrorist too.
> ... the person next to him is probably also a combatant Absolutely, they could even be future combatants even if they are not now. That's why killing schoolgirls in Iran, reporters in Lebanon, etc. is justified, they are all potential terrorists. It definitely can not be proven otherwise that they are not. Why take a chance? /s
If you are as ignorant as me: "A double tap, or double-tap, is the practice of following a strike [...] with a deliberately timed second strike in the same place several minutes later, usually in an attempt to maximize the casualties of an attack." "Double-tap strikes have been used by Saudi Arabia during its military intervention in Yemen, by the United States in Pakistan, Yemen, and the Gulf of Mexico, by Israel in the 2014 Gaza War, the Gaza war (2023-present), and the 2026 Lebanon war. by Russia and the Ba'athist Syria in the Syrian civil war, and by Russia in the Russo-Ukrainian War, especially since the full-scale invasion in 2022." https://en.wikipedia.org/wiki/Double_tap_strike
The recent bombing of the bridge in Iran was apparently a double-tap strike by the US. https://en.wikipedia.org/wiki/2026_Karaj_B1_bridge_attack
 Top