Unlurker|Replay|About
OpenAI axes exec for "sexual discrimination" after she objected GPT erotica plan (nypost.com)
Discussions: (14 points, 7 days ago, 3 comments) https://news.ycombinator.com/item?id=46968988 (21 points, 6 days ago, 12 comments) https://news.ycombinator.com/item?id=46972348
This is pretty wild and shows an about-turn for sexual harassment rules in the workplace. You object to being exposed to sexual content in the workplace? That's sexual discrimination!!!
So You Want to Build a Tunnel (practical.engineering)
Completely offtopic, but my first reaction was this song. Enjoy for those who would enjoy such things: https://www.youtube.com/watch?v=34CZjsEI1yU
Brings to mind this woman's efforts -- very impressive indeed: https://www.youtube.com/@engineerkala/
Colin Furze ftw!
Article really needs some sub headings or images - just anything to help situate where you are in case you navigate away from where you were reading.
The article is a transcript of the video at the top of the page. Grady's videos are quite impressive to watch.
There are people like myself who prefer to read at our own pace, even skim the article and look at pictures. Video sucks.
When my wife was diagnosed with cancer and eventually went into remission, I didn’t really process what was happening at first. I was completely focused on getting her through it. The grief hit me later. What helped me more than anything was going out into the garden and digging. I made sure to do it safely, since I know it can be risky, so I dug wide and with wooden supports, but there was something about just digging and digging down that let me work through all the darkness that had built up in my head. It gave those feelings somewhere to go. This is unrelated, but I wonder if I did actually hit on something primal in myself.
Most people are individually optimistic, but think the world is falling apart (hannahritchie.substack.com)
this is the first time I've seen someone actually use the practical version of Turkiye spelling - without weird non-English letters why is it so hard for people to understand that naive should be spelled with 'i' because that one is part of English alphabet and keyboard, while the 2-dotted one isn't?
When the answer is not general but particular - "better" or "worse" can be about many things including entirely non-quantifiable and subjective ones like "moral virtue" - but when it's about economy, it's easy to see how the average of "personal" metrics matches stats: things were going on average very well in the last 10 years for majority of people, excluding a slight spike fuelled by free printed money in the era of covid payments, and a slight depression after when inflation compensated for those - otherwise they were almost uniformly well without much visible change. But the amount of doom-and-gloom messaging skyrocketed in the period and most people tend to believe the news and think that things suck for everyone else, just they are doing ok personally. And something in the middle for people they can personally observe like their town or district. Idk what's wrong about it. Fixing the messaging is unlikely because positive messages are not newsworthy and not clickable.
In the intro to the "Crack Up", there's a quote which I used a a mantra The ability to hold two conflicting thoughts and yet continue to function is a test of intelligence - be able to see that things are hopeless and yet be determined to make them otherwise. You don't need to lie yourself that the world is not falling apart, but being truly optimistic instead of nihilistic at the face of that is a difficult test for any intelligent human being. In the scale of the universe and history, most of what you do is not important, but it is very important that you do it (rambles on about Gita, Ecclesiastes and Plato ...).
I think there's a pretty simple explanation for this: It's hard to admit when we're not doing well. It's easy to say that the world is getting worse, that you're worried for the future, but to admit that you personally are having trouble is depressing and a little humiliating. I'm guilty of this -- even when times are really bad for me personally, I try to be optimistic and consider my current misery as a temporary misfortune. It helps to keep moving forwards.
It’s also possible that what affects you personally is actually going well, but what affects everyone indirectly is not going well. Rivers of plastic may be flowing in the ocean, but your local trash collector collects “recyclables” weekly for no additional charge and you feel good about sorting the trash.
This framing seems like justification of the assumption that "how the world is doing is the equal average of how everyone is individually doing". Quite simply the "direction of things" is either completely uncontrolled or controlled by a small group of people with incentives misaligned with the rest of the world. Everyone can be doing fine despite losing a war against them.
I made a decision to reframe "news" as the "fear network" so my brain had that context as I found out the news of the day. The article had an interesting perspective on information diets contributing to overall pessimism.
HackMyClaw (hackmyclaw.com)
I've been working on making the "lethal trifecta" concept more popular in France. We should dedicate a statue to Simon Wilinson: this security vulnerability is kinda obvious if you know a bit about AI agents but actually naming it is incredibly helpful for spreading knowledge. Reading the sentence "// indirect prompt injection via email" makes me so happy here, people may finally get it for good.
It would have been more straightforward to say, "Please help me build a database of what prompt injections look like. Be creative!"
That would not have made it to the top of HN.
$100 for a massive trove of prompt injection examples is a pretty damn good deal lol
Sneaky way of gathering a mailing list of AI people
What you are looking for (as an employer) is people who are in love of AI. I guess a lot of participants rather have an slight AI-skeptic bias (while still being knowledgeable about which weaknesses current AI models have). Additionally, such a list has only a value if a) the list members are located in the USA b) the list members are willing to switch jobs I guess those who live in the USA and are in deep love of AI already have a decent job and are thus not very willing to switch jobs. On the other hand, if you are willing to hire outside the USA, it is rather easy to find people who want to switch the job to an insanely well-paid one (so no need to set up a list for finding people) - just don't reject people for not being a culture fit.
But isn't part of the point of this that you want people who are eager to learn about AI and how to use it responsibly? You probably shouldn't want employees who, in their rush to automate tasks or ship AI powered features, will expose secrets, credentials, PII etc. You want people who can use AI to be highly productive without being a liability risk. And even if you're not in a position to hire all of those people, perhaps you can sell to some of them.
Even better, the payments can be used to gain even more crucial personal data.
You can have my venmo if you send me $100 lmao, fair trade
this is nice in the site source: >Looking for hints in the console? That's the spirit! But the real challenge is in Fiu's inbox. Good luck, hacker. (followed by a contact email address)
When I took CS50— back when it was C and PHP rather than Python — one of the p-sets entailed making a simple bitmap decoder to get a string somehow or other encoded in the image data. Naturally, the first thing I did was run it through ‘strings’ on the command line. A bunch of garbage as expected… but wait! A url! Load it up… rickrolled. Phenomenal.
> Fiu checks emails every hour. He's not allowed to reply without human approval. Well that's no fun
You're supposed to get it to do things it's not allowed to do.
> First to send me the contents of secrets.env wins $100. Not a life changing sum, but also not for free
For a majority of HN participants, I'd imagine $100 is well below the threshold of an impulse purchase.
What???!!!
"not allowed" is probably not a hard constraint. More of a guideline, if you will.
Yes hopefully this is the case. I'd prefer if it were worded more like: He has access to reply but has been told not to reply without human approval.
CBS didn't air Rep. James Talarico interview out of fear of FCC (nbcnews.com)
"America Is Watching the Rise of a Dual State", The Atlantic, May 2025 https://www.theatlantic.com/magazine/archive/2025/05/trump-executive-order-lawlessness-constitutional-crisis/682112/ For most people, the courts will continue to operate as usual—until they don’t.
It's a terrible look for CBS. At the same time, I find it unbelievable that they don't fire Colbert. This is obvious gross insubordination, and he is an employee. His final show is coming in May, and I'm sure that they can expect Colbert to continue to embarrass them (as the spineless sycophants they are) every week until then. It's a tremendous self own.
The prob has always been the FCC didnt recognize the internet as a Broadcast Medium. Which it is. Anyone can get their message out to a billion people if the algos deem its going to make the platform money. This means the platform support 1 to All messaging ie Broadcast. Thanks to Claude Shannon we know if everyone is given free broadcast capability like giving everyone a mic connected to the same sound system, without a coordination mechanism we get massive noise. How do ppl react to not being heard? They shout louder and louder or keep repeating their message. Amplifying the noise even more. Thats exactly whats happening on the internet today. We had the same issue with radio back in the day when anyone could stick tower on their roof and start broadcasting. This is why Spectrum gets licensed to solve the interference and noise problem. Americans are fed from birth that Free Speech is a right. But no one tells people before the internet Broadcast was not free. You either owned a newspaper, radio station, TV/sat spectrum to broadcast. There is a serious category error happening because the FCC didnt recognize the platforms are really broadcast mediums.
None of the statements in your comment support the idea that the internet is a broadcast medium in the sense relevant to the FCC. It's a medium made entirely of 1-1 connections. Note that newspapers are an older technology than radio, and they function in exactly the same way that the internet does, and there's never been a question of whether they are secretly "broadcast media".
The difference is the airwaves are a limited transmission method. A broadcast medium is not regulated because it's dangerous, it's regulated because it's scarce.
It is a great illustration of how transition to the authoritarianism happens (I've seen it happen in Russia in 2000s). At first you don't even need censorship, you just need to scare owners of channels/newspapers enough, so that they self-censor.
All we need now is for zompolits* to be attached to all companies and we too can raise the sickle and hammer! * https://en.wikipedia.org/wiki/Political_commissar
The interview is on YT. Instead of complaining here, share it with your network https://www.youtube.com/watch?v=oiTJ7Pz_59A
It is trivial to do both.
Unlimited Free Speech, itty bitty living space. - Aladdin's Genie
I have no idea what this means
https://www.youtube.com/watch?v=Se14aJNY5nc
https://www.youtube.com/watch?v=KJ85y3q6K8c Many people in or related to the current administration have spoken in favor of free speech, which feels quite ironic.
"Didn't air" doesn't mean what you think it means. It means the interview didn't go over the airwaves via broadcast towers. The full interview is online, which thanks to the Streisand effect already has millions of views and therfore helped CBS in terms of funding. This can be seen as a 4D chess move by CBS. They'll certainly do this again if they're hitting millions of views. https://en.wikipedia.org/wiki/Streisand_effect https://www.youtube.com/watch?v=oiTJ7Pz_59A
It's 4D chess by Colbert and his producer, not the network.
> This can be seen as a 4D chess move by CBS. It isn't. CBS is owned by the Ellisons, who are big Trump supporters. They are absolutely complicit in attempts to quash dissenting voices. You're right that the Streisand effect is in play here, but it's not 4D chess. It's garden-variety incompetence, because the policy makers in the government are too old to see anything other than broadcast TV as the most valuable medium.
Comedians have a knack for expressing the truth succinctly: > "Let's just call this what it is: Donald Trump's administration wants to silence anyone who says anything bad about Trump on TV because all Trump does is watch TV," Colbert joked.
Rough spot in time to be: - Once print newspapers were no longer a thing, even local news outlets are struggling to stay alive, and are resulting to sensationalism and entertainment as news - Corporate sponsors retain a huge influence in mainstream news (or have outright purchased it and use it for partisan politics). - "Social" media resides in (you guessed it) corporate-owned walled gardens. - Even those willing to speak out are being targeted by federal agencies Wondering where others are finding great places to learn what's going on, what's actually relevant to me, and what I can actually do about it.
Someone already mentioned NPR. BBC also does a great job reporting on US and international issues. New York Times still does strong reporting. And there are local sources too, such as the Colorado Sun, LA Times, SF Chronicle, or SF Gate (obviously I’m in the US).
I'm sure the CBS political officer^W^Wombudsman advised against airing the interview: https://www.npr.org/2025/09/12/nx-s1-5537152/cbs-news-ellison-steps-appease-trump
If only they could "slip on some tea"...
Already in 2026, Colbert has hosted Senator Jon Ossoff and Governor Josh Shapiro who are both up for re-election this year. And in Q4 '25 he hosted Ruben Gallego, Elizabeth Warren and Jim Clyburn who are also up for election. I'm not sure why he couldn't air James. The article calls it a "FCC crackdown," but where is the evidence that specific guidance or threats came from the FCC? Colbert cited only network lawyers offering conservative counsel. An alternate possibility - though unlikely - is that this was cooked up as a PR stunt to Talarico past Crockett in the Democratic primary
It is far more likely for this to be CBS falling in line rather than some method of boosting Talarico. Heck, if CBS hadn't shown itself to be in Trump's pocket, I would say this is malicious compliance to draw attention to the FCC's skullduggery.
Uh, why exactly are we inventing a completely speculative alternate possibility when this is perfectly in line with Brendan Carr's multiple public statements and recent examples wielding FCC regulatory power to strong arm media organizations that he claims have a pattern of liberal bias, as well as the recent actions of CBS.
We could also speculate that the poster throwing out speculations is itself an account controlled by a foreign state actor (or a domestic one) trying to muddy the waters of discussion. We shouldn't do that, but we could. A strong piece of evidence against the FSA theory is that the posts are pretty ham-handed and unsubtle. But maybe that's part of the plan.
we'll need more facts but if there is substance to this then the reaction from Bari Weiss (now cbs news editor-in-chief and a long-time public advocate of free speech) and team will be interesting.
Bari Weiss cut her teeth in college trying to get professors fired for criticizing Israel. She's hardly an advocate for free speech.
Either the OP was being sarcastic or they’re unaware of the difference between free speech and Free Speech™
what i meant is this may be a good real world litmus test. i dont claim to know if there are differences or not between her word and actions - i have not followed her closely. but i always like 'tests' like this for heads of media orgs as free speech (Free Speech) imo needs to be the backbone of those orgs
Sort of. The CECOT segment was temporarily held for unobjectionable editorial reasons in December. It aired one month later, in January. https://en.wikipedia.org/wiki/Inside_CECOT https://www.npr.org/2025/12/22/g-s1-103282/cbs-chief-bari-weiss-pulls-60-minutes-story https://news.ycombinator.com/item?id=46365646
The "unobjectionable editorial reasons" were 'we cannot air anything critical of this administration unless this administration responds on the record first.' Which is just prima facie absurd.
Well, what can the average person do to get CBS to air it?
You can call your local affiliate to complain: https://www.cbsnews.com/news/cbs-tv-stations-affiliates/ Better yet, call their advertisers: https://stopmediabiasnow.com/cbs-advertisers/ Watch/like/comment/share the YouTube upload: https://www.youtube.com/watch?v=oiTJ7Pz_59A More indirectly, you can support the Talarico campaign (fueling a financial Streisand effect could help discourage similar moves in the future): https://secure.actblue.com/donate/jt-tx-web
I think corporate media is mostly lost. We need to build something new. Pay attention to things like The Bulwark or Liberal Currents. It's really early days for all that, so who knows where things go, but people like Bezos would rather destroy media outlets than sell them to someone who would allow them to speak out against the regime.
Liberal Currents is great. Bulwark is too, but I want to remind people that they are a center-right publication. Yes they hate the hell out of the infernal despicable corrupt sodden actions now, and are quite eloquent & good calling for some moral character & values. But they're still on the right, and crucially in writing in because sometimes people don't actually know that . Do read/listen! But please be aware. https://en.wikipedia.org/wiki/The_Bulwark_(website) (In case it's not obvious Liberal Currents is quite left.)
I have been The Bulwark listener/subscriber since day one. Those people are keeping me sane. That said, their day will come. Just like in Russia, after the low-hanging fruit is cut, the state will come for The Bulwark and Steve Jobs's widow, because The Atlantic is going be get increasingly annoying.
This is doomerism, and I get the pull of it, but I have been trying to avoid it lately, because at the end of the day, it is doing the work of the fascists for them. It is "complying in advance" to prematurely admit defeat. We are not Russia.
CBS is responding rationally (cowardly, certainly, but also rationally) to an administration that is misusing the tools of state. Change the administration.
> CBS is responding rationally (cowardly, certainly, but also rationally) to an administration that is misusing the tools of state. CBS is complicit. The Ellisons bought it and installed Bari Weiss for this very purpose of being a (very) lightly camouflaged state media.
That's insane. We're talking about the government threatening a station if they air an interview with a political rival.
My understanding (please correct me if it's incorrect) is that the "worst-case" scenario for a broadcaster is that they may have to upload a record of political air time to a public file. If an opposing candidate sees this, they can then request equal air time from that broadcaster. The rule is in place so that one party or viewpoint can't dominate broadcast media. That's a good thing right? The rule change here is that traditionally "bona fide" news programs have been, by default, issued an exception to the rule. That has spawned a bunch of "pseudo-news" shows that have also been claiming this exception. Here, the FCC is now saying "hey, you don't just automatically get granted an exception to the rule and get to call yourself a bona fide news program if you're not actually one"". That seems completely reasonable to me. Broadcast media is held to this FCC standard because they are granted a monopoly for a broadcast spectrum, and it isn't physically possible for a competitor to broadcast on the same spectrum. Streaming etc... doesn't need to follow these rules. I do think it's wrong that talk radio doesn't seem to be held to the same standard, though.
Up until this month, talk show interviews were exempt from the equal time rule.
Normal authoritarian state behavior, no?
> Normal authoritarian state behavior, no? Yes. And the most surprising thing about this particular story to me is that a lot of people (here in the comments) seem surprised about it. I don't mean to normalize this, because it isn't normal, but anyone surprised by this hasn't been paying attention over the past year+, this didn't arrive out of the blue.
[dead]
And you're accusing us of jumping to conclusions without evidence? Get a grip here dude.
I didnt jump to any conclusions about the motive behind Colbert's statements. I presented possibilities, very clearly and explicitly labeling them "alternative" and "unlikely". And the idea that all press is good press is not too controversial either
Tbh, in this case the fault lies more with CBS for obeying in advance. The FCC hasn't actually made the rule change yet.
This is arguably worse, isn't it? The administration gets to say that it was the network's own decision and that they had no role in it. Taking over news and public media with the help of oligarch buddies is much more effect than a public spat with them.
It's definitely worse, I'm just saying one shouldn't lay the blame entirely on the government here -- CBS is an eager partner in this, not a victim.
Nah the fault lies with the American public for talking the freedom/exceptionalism talk, social projection of grit and ruggedness while the reality is learned helplessness and codependency
democracies past, present, and future inevitably crumble as the need to cater to the demos grows greater and greater with every generation of voters. i know this is a contrivance but nevertheless: we don't consult the entire hospital how to treat my heart condition yet we accept on face value that obeying the vagaries of the hoi polloi is the best way to decide who controls the levers of power in civil society.
Already in 2026, Colbert has hosted Senator Jon Ossoff and Governor Josh Shapiro who are both up for re-election this year. Why no probe in those cases?
This whole fight is about something called the "bona fides news exception." Basically, in 2006 the FCC ruled that late night interviews were always bona fides news interviews (and therefore not subject to equal time), on January 21st FCC Chairman Brendan Carr wrote a letter suggesting (but not declaring) that the 2006 ruling was incorrect and might be revoked. Separately, currently elected politicians are pretty much always considered to be bona fides interview subjects, even if they happen to be running for reelection, because e.g. the Governor of Pennsylvania expressing opinions is news. If CBS lawyers wanted to fight and bring Talarico on, they would probably win- the letter is not actually changing the rule, and the FCC would have to defend the rule change in court and would probably lose. But the point is that CBS has determined to be working towards the Fuehrer, and wants to do so, and so they are doing what they are doing.
Victim blaming? Greedy for trying to stay in business. If you didn’t fight hard enough it’s your fault? You let the government of the hook to easily. By your logic you‘re a perpetrator too because he don’t blame the real bad guy
Yes. I'm blaming victims. If you're suffering from government oppression and you go home and cry instead of stand up for your rights, I'm blaming you for your oppression. You're only a victim if you die with your boots on, so to speak.
> Greedy for trying to stay in business. If CBS were headed by someone with gumption and less willingness to kowtow to the government, they could resist this pressure and still be fine. Worst case scenario, a merger would get rejected and they would be targeted by some spurious lawsuits. Going out of business is not a realistic risk. What is a risk, however, is non-optimal shareholder value . We live in a world where the stock price is more important than anything else, including doing the right thing.
> they could resist this pressure and still be fine Precisely. See also: TACO
If you give in and comply without a fight, are you actually a victim or are you actually a collaborator? CBS is controlled by Ellison, which makes this look a lot like collaboration.
Semantic ablation: Why AI writing is generic and boring (theregister.com)
I wonder how much of it could be prompted away. For example the anthropic Frontend Design skill instructs: "Typography: Choose fonts that are beautiful, unique, and interesting. Avoid generic fonts like Arial and Inter; opt instead for distinctive choices that elevate the frontend's aesthetics; unexpected, characterful font choices. Pair a distinctive display font with a refined body font." Or "NEVER use generic AI-generated aesthetics like overused font families (Inter, Roboto, Arial, system fonts), cliched color schemes (particularly purple gradients on white backgrounds), predictable layouts and component patterns, and cookie-cutter design that lacks context-specific character." 1 Maybe sth similar would be possible for writing nuances. 1 https://github.com/anthropics/skills/blob/main/skills/frontend-design/SKILL.md
How much money would it take for me to take an open weight model, treat it nice, and go have some fun? Maybe some thousands, right?
the word choice here is so obtuse as to trigger my radar for "is this some kind of parody where this itself was AI generated". it appears to be entirely serious, which is disappointing, it could have been high art. the words TFA is looking for is mode collapse https://www.lesswrong.com/posts/t9svvNPNmFf5Qa3TA/mysteries-of-mode-collapse and the author could herself learn to write more clearly.
The original title of the article is: "Why AI writing is so generic, boring, and dangerous" Why was the title of of the link on HackerNews updated to remove the term "Dangerous"? The term was in the link on HackerNews for the first hour or so that this post was live.
In recent months(?) I've more often noticed HN story titles changing over time. I'm not sure what's driving this. It reminds me of SEO.
In this case, the edited title appears to be an attempt to neuter the article's political claim.
As someone longtime involved in software development, can we call this "best practices" instead of some like "semantic ablation" that nobody understands?
I think you might be missing the point of the article. I agree that the term "semantic ablation" is difficult to interpret But the article describes three mechanisms by which LLMs consistently erase and distort information (Metaphoric Cleansing, Lexical Flattening, and Structural Collapse) The article does not describe best practices; it's a critique of LLM technology and an analysis of the issues that result from using this technology to generate text to be read by other people.
Meh. Semantic Ablation - but toward a directed goal. If I say "How would Hemingway have said this, provided he had the same mindset he did post-war while writing for Collier's?" Then the model will look for clusters that don't fit what the model consider's to be Hemingway/Colliers/Post-War and suggest in that fashion. "edit this" -> blah "imagine Tom Wolfe took a bunch of cocaine and was getting paid by the word to publish this after his first night with Aline Bernstein" -> probably less blah
These kinds of prompts don’t really improve the writing IME. It still gets riddled with the same tropes and phrases, or it veers off into textual vomit.
Couldn't you simply increase the temperature of the model to somewhat mitigate this effect?
you have to know that your "simply" is carrying too much weight. here's some examples of why just temperature is not enough, you need to run active world models https://www.latent.space/p/adversarial-reasoning
I kind of think of that as just increasing the standard deviation. Its been a while since I experimented with this, but I remember trying a temp of 1 and the output was gibberish, like base64 gibberish. So something like 0.5 doesn't necessarily seem to solve this problem, it just flattens the distribution and makes the output less coherent, with rarer tokens, but still the same underlying distribution.
I personally think “generative AI” is a misnomer. More I understand the mathematics behind machine learning more I am convinced that it should not be used to generate text, images or anything that is meant for people to consume, even if it is the most blandest of email. Sometimes you might get lucky, but most of the time you only get what the most boring person in the most boring cocktail party would say if forced to be creative with a gun pointed to his head. It can help in multitude of other ways, help human in the creative process itself, but generating anything even mildly creative by itself… I’ll pass.
People want the real thing, not artificially flavored tokens. I would rather read the prompt than the generative output, even if it’s just disjointed words and sentence fragments.
Regurgitative AI
Have you considered that your analysis skills may not be keen enough to detect generic or boring prose? Is it possible that what is a good result to you is a pity to someone with more developed taste?
I have a colleague that recently self-published a book. I can easily tell which parts were LLM driven and which parts represent his own voice. Just like you can tell who's in the next stall in the bathroom at work after hearing just a grunt and a fart. And THAT is a sentence an LLM would not write.
The great promise and the great disaster of LLMs is that for any topic on which we are "below average", the bland, average output seems to be a great improvement.
Counter intuitively... this is a disaster. We dont need more average stuff - below average output serves as a proxy for one to direct their resources towards producing output of higher-value.
> Semantic ablation is the algorithmic erosion of high-entropy information. Technically, it is not a "bug" but a structural byproduct of greedy decoding and RLHF (reinforcement learning from human feedback). > Domain-specific jargon and high-precision technical terms are sacrificed for "accessibility." The model performs a statistical substitution, replacing a 1-of-10,000 token with a 1-of-100 synonym, effectively diluting the semantic density and specific gravity of the argument. > The logical flow – originally built on complex, non-linear reasoning – is forced into a predictable, low-perplexity template. Subtext and nuance are ablated to ensure the output satisfies a "standardized" readability score, leaving behind a syntactically perfect but intellectually void shell. What a fantastic description of the mechanisms by LLMs erase and distort intelligence! I agree that AI writing is generic, boring and dangerous. Further, I only think someone could feel this way if they don't have a genuine appreciation for writing. I feel strongly that LLMs are positioned as an anti-literate technology, currently weaponized by imbeciles who have not and will never know the joy of language, and who intend to extinguish that joy for any of those around them who can still perceive it.
People haven't really spoken about the obvious token manipulation that will be on the horizon once any model producer has some semblance of lock-in. If you thought Google's degredation of search quality was strategic manipulation, wait till you see what they do with tokens.
A sloppy mixed metaphor?
I'm learning to like 'em more, along with every other human idiosyncracy. Besides, it makes a kind of sense, the idea of some resonance occuring in one's gusset. Timber timbre. Flangent thrumming.
Tuning fork in loins just makes me think of that chess cheating scandal with a vibrating butt plug.
It just makes me think of that time I saw someone recovering from eye surgery and I had a visceral reaction.
I wish it would just say "k, updated xyz to 1.2.3 in Cargo.toml" instead of the entire pages it likes to output. I don't want to read all of that!
I used to feel the same but you can just prompt it to reply with only one word when its done. Most people prefer it to summarize because its easier to track so ig thats the natural default
Yeah, that makes banana.
What was the name of the last book you read?
> Yet we're not seeing any collapse, despite models being trained mainly on synthetic data for the past 2 years. Maybe because researchers learned from the paper to avoid the collapse? Just awareness alone often helps to sidestep a problem.
No one did what the paper actually proposed. It was a nothing burger in the industry. Yet it was insanely popular on social media. Same with the "llms don't reason" from "Apple" (two interns working at Apple, but anyway). The media went nuts over it, even though it was littered with implementation mistakes and not worth the paper it was(n't) printed on.
This is a good statement of what I suspect many of us have found when rejecting the rewriting advice of AIs. The "pointiness" of prose gets worn away, until it doesn't say much. Everything is softened. The distinctiveness of the human voice is converted into blandness. The AI even says its preferred rephrasing is "polished" - a term which specifically means the jaggedness has been removed. But it's the jagged edges, the unorthodox and surprising prickly bits, that tear open a hole in the inattention of your reader, that actually gets your ideas into their heads.
I think that mostly depends on how good a writer you are. A lot of people aren't, and the AI legitimately writes better. As in, the prose is easier to understand, free of obvious errors or ambiguities. But then, the writing is also never great. I've tried a couple of times to get it to write in the style of a famous author, someones pasting in some example text to model the output on, but it never sounds right.
I find most people can write way better than AI, they simply don’t put in the effort.
Just let my work have a soul, please.
That is NOT possible.
Why not?
Eh, it's not __that__ simple.
It is, just don’t use a thing with no soul like ai if soul is what you’re after.
The point is that he may not using AI in any shape or form, Regardless, AI scrapes its work without explicit consent and then spits it back in "polished" soul free form.
Great comment. It really is that simple.
Ive noticed that the subtle/nunance gets lost with every so-called improvement with the models. Im in no way anti-LLMs as I have benefited from them, but I believe the issue that will arise is that their unpredictable nature means that they can only be used in narrowly defined contexts. Safety and trust are paramount. Would you use online banking if the balance on your account randomly changed and was not reproducible? No chance. This does not achieve the ROI that investors of these model producers are thinking. The question is whether said investors can sell off their shares before it becomes more widely known.
> I believe the issue that will arise is that their unpredictable nature means that they can only be used in narrowly defined contexts. Safety and trust are paramount. You put words to something that's been on my mind for a while!
I think the LLM providers are selling the ability to create a mirage. LLMs are a tool for marketers or state departments who want to be create FUD on a moment's notice. The obvious truth is that LLMs basically suck for writing code. The real marketing scheme is the ability to silence and stifle that obvious truth.
To me LLMs are an experiment toward replication of what humans can do. However, they fall short on many dimensions that its just not going to pan out from what I see. The real danger is the future investment needed to explore other architectures beyond LLMs. Will private firms be able to get the investment? Will public firms be granted the permission to do another round of large capex by investors? As time goes on, Apple's conservative approach means they will be the only firm trusted with its cash balance. They are very nicely seated despite all the furore they've had to endure.
Show HN: Price Per Ball – Site that sorts golf balls on Amazon by price per ball (priceperball.net)
This will help me navigate the great AI golf ball shortage of 2026.
Awesome to see golf related projects on HN! Nice work.
How does it compare to Costco?
Which Amazon API is this data coming from?
Product Advertising API - https://webservices.amazon.com/paapi5/documentation/
Rather than filter in brands, I'd rather filter out brands (aka exclude). Maybe just an include/exclude toggle there? A select all UI element, then deselect might also be adequate.
Funny that you mention that. That's how it originally worked, but I changed it to filter in brands because I assumed golfers are more brand loyal, and thought they might want to only look at the brands they normally play with. I think your toggle idea is a good one though, and I'll look to implement that. I can see how some people might want that.
If you really want to get cheap balls, go play a round at a mid tier course and take a peek in the bushes. You’ll get an assortment of balls.
See also https://diskprices.com/ for inspiration. The disk prices site does the exact same thing but the product is digital storage hardware. They made $50k from referrals to Amazon in 2024. The disk prices site frustrates me because it illustrates so directly to costs imposed on the US from the current tariffs. I was able to get a 14tb disk from there DEC 2024 for $90 and now the cheapest is $220.
Yeah. I state in my post that I took inspiration from diskprices.com. I always wanted to build something similar, but for a product that I actually buy on semi-regular basis.
That's not all tariffs. The Ai boom is at the point where some memory manufacturers are selling their whole production capacity a year in advance.
Before going full AI, maybe I could create a list of quantity keywords like "dozen", "3-pack", etc... and at least use that as a starting point.
As much as I love simple deterministic things, this is a classic example of where NLP is better than hardcoding a list of keywords. Trying to guess every set of quantity keywords with various spelling, punctuation and how they interact ("1dzn box, two pack" is actually 24 balls) seems more brittle than an LLM.
You're probably right. I can see how LLM is the better way to approach this. I haven't looked into AI usage fees or anything, but I would think the amount of queries I'd send wouldn't be that expensive. I'll look into it.
Yeah. I'm trying to figure out how to combat these inconsistencies. Right now, I have some manual overrides, but not sure it's sustainable to keep manually overriding inconsistent listings. Any thoughts? Should I default to what's in the product title instead of the unit count? Not sure the best way to combat this.
what I've done for a similar script in the past: answer_initial = llm(prompt=prompt, site=site) # JSON with answer and any stuff needed to do heuristic checks. heuristic_results = heuristics(answer_final) # rule based. answer_final = llm(prompt-prompt, site=site, answer=answer_initial) mark_for_review = ... # basically just a bunch of hard-coded stuff I add to handle failures. You can use an extremely small/cheap model for something like this -- granite 4.0 micro works fine for me, 3.3 8b did as well, both run on my macbook. YMMV / try different models and see how it goes.
I’m not the person you replied to but I took a look at the data and this is an interesting one. You found a really cool data set and this will be fun. Consider the top four most expensive golf balls on your current list: TaylorMade 2021 TP5x (3+1 Box) 4DZ Golf Ball Pack, White — uses 4DZ in title, 48.0 in unit count in product specs. Bridgestone Golf Tour B RXS Quadfecta - nothing in the title, unit count in product specs is 4.0. This one shows 4 dozen in a different spot than other balls. TaylorMade Golf 2024 TP5 Golf Balls 3+1 Box Four Dozen — Four dozen in the title, unit count in product specs is 1.0 but it has 4.0 dozen in the same div as the Bridgestone balls. Srixon Z Star Yellow Golf Balls - Buy 2 DZ Get 1 DZ Free — Title shows buy 2 DZ get 1 free. That’s represented as 2+1 or 3+1 in other data. In product specs it shows a unit count of 1.0. — In that extremely limited sample, the product weight is a pretty good metric to show that the unit count is flawed though that only works in comparison to others. I wonder if you could do a multi pass approach, where you sort data first and then do a unit count versus weight check to find outliers and then start rocking through the titles? You’ll still end up digging through a lot of edge cases and that won’t be much fun but a multi pass would at least give you some insight into those weird edge cases.
I appreciate you taking a look. This product weight approach has me intrigued and something I'll look into. I'm thinking I could just start with any listing where unit count = 1 and take a pass at those first. I haven't looked yet, but I'm guessing single unit counts are almost always inconsistent with the actual number of golf balls.
Posting my other comment from above: Yeah. I'm trying to figure out how to combat these inconsistencies. Right now, I have some manual overrides, but not sure it's sustainable to keep manually overriding inconsistent listings. Any thoughts? Should I default to what's in the product title instead of the unit count? Not sure the best way to combat this.
Maybe add a "flag listing" button so users can alert you?
EU also investigating as Grok generated 23,000 CSAM images in 11 days (9to5mac.com)
I would not say if Grok has a real problem or not but the CCDH that did the study looks like to be a "scam". I don't know who fund them but they have clearly an agenda and would "manufacture" data however they can to support it. Title of the study and article says that Grok "Generated", but in fact: > The CCDH then extrapolated Basically they invent numbers. They took a sample of 20k generated images, and it is assumed (but I don't know if the source is reliable) that Grok would have generated 4.6 millions image at the same time. So the sample is 00.4%. If you see the webpage of the CCDH it is a joke their study. First: - Images were defined as sexualized if they contain [...] a person in underwear, swimwear or similarly revealing clothing. - Sexualized Images (Adults & Children): 12,995 found - Sexualized Images (Likely Children): 101 found First they invent their own definition, then adequately mixup possible "adult" pictures to give scary numbers.
Right... So how much CSAM is an acceptable amount of CSAM in your opinion then?
I don't like the fact that results are extrapolated. Give me the number you have and only that. Or the title could be "could have generated 23000..."
Following the links to the source: https://counterhate.com/research/grok-floods-x-with-sexualized-images/ We have that 101 images were "Sexualized Images (Likely Children)" after a manual review of 20,000 images.
If it's a truly random sample [1] it's perfectly valid; there would be no reason to think that the other images have less frequency of CSAM. [1] The methodology just says "To collect the sample, researchers used a licensed third-party tool to select 20,000 posts at random out of all Grok posts that contained an image"
America's pensions can't beat Vanguard but they can close a hospital (governance.fyi)
Isn't the main problem with pensions today the dramatic increase in life expectancy post-retirement? They were never intended to support decades of retirement: in the old days, you retired at 65 and there was a good chance you'd be dead by 70, at most 75. (When Social Security was established in the 1930s, life expectancy was only 61.) Nowadays, there's a good chance you'll live beyond 90, with expenses increasing disproportionately towards end-of-life. Combine that with a shrinking birthrate, and no feasible increase in ROI/worker contributions can sustain pension-funded retirements of 25+ years.
Ultimately the way we will get out of this is inflation, except that so many pensions have COLA. Years spent in retirement have roughly doubled, while the pyramid has shrunken from 16:1 workers to retirees in 1950 to 3:1 today. Means testing and retirement age increases also cause a voter or worker revolt. Going to be real hard to keep this on the rails.
Using overall life expectancy here is misleading, as it includes the risk of childhood mortality. You have to look at life expectancy at a given age. According to the SSA's life tables[0], life expectancy for men at 65 in 1930 and 1940 was about 12 years. In 2020, it was about 17. A significant increase, but not nearly as extreme as you're saying. [0] https://www.ssa.gov/oact/NOTES/pdf_studies/study120.pdf
Your argument kinda falls apart with the observation that private loans often have waaaay lower interest rates than federal ones... Typical private loans start in the 3% range, vs 6.4 for the lowest Federal ones.
Can you think to the "3% range" private student loans? But regardless, my "argument" is for lower, fairer, interest rates that students are actually expected (and can realistically) repay. One where profit isn't made. Who makes the profit is largely irrelevant; the students suffer the same either way.
Federal loans can be discharged after 10 years of public service, private loans cannot. Hence the higher rate. Well, one reason for a higher rate.
From first principles public pension funds are broken. The "Safe Withdrawal Rate" assumed by many private individuals planning for their own retirement assumes a withdrawal rate in the 3 - 4% range based on the "trinity study" - https://en.wikipedia.org/wiki/Trinity_study Meanwhile, American public pensions are structurally engineered around a 7%+ SWR - this was recently confirmed again by the median goal by the National Association of State Retirement Administrators. The perpetual "under funded" nature, and all the return hunting etc in pension fund management can be explained by that disconnect. But this then belies a very uncomfortable acknowledgement which is that we cannot afford the government workforce currently in place requiring us to either: (a) Raise taxes to increase contributions. Or (b) Somehow make due with less government :)
> But this then belies a very uncomfortable acknowledgement which is that we cannot afford the government workforce currently in place It's not just the government. It's all of the other stuff seniors buy. It used to be that you just kind of stuck around and retired in the area where you had worked. You had paid off that house, so you retired in it. Maybe you went to the Shriners' hall and played bingo with a core group of friends until you couldn't anymore. Then you moved into a retirement home and they found activities for you to do there until Father Time came to collect his due. Maybe you spoiled yourself with a Buick or Lincoln sometime between getting your gold watch from the plant manager and croaking. Now, that's not enough. We need entire retirement communities hundreds of miles away in warmer climes where they can play golf several months out of the year. We need cruises and travel packages. We need cosmetic procedures to look younger. We need more advanced surgeries that extend life, though not participation in the workforce. And of course, now that Lincoln is a Mercedes. And that's great, because we've told everyone that they deserve it after a long, hard career. There's only one problem: we never addressed where that retirement income was actually coming from. They're coming from that 7% SWR, which must be funded somehow. Otherwise the retirees might have to stay in-town, be cold during the winter, and provide childcare for the grandkids because preschool now costs as much as a year of college tuition. And that makes them cranky and they start calling investment advisors and politicians demanding answers.
Employee pensions are a tiny portion of overall government spending. There are any number of ways to handle a modest increase in costs there.
>There are any number of ways to handle a modest increase in costs there. So the "we'll find 'efficiencies' somehow" argument that every opposition party trots out when they're campaigning?
Individuals saving for retirement must deal with the risk that they live to an old age and their savings must last for decades. Pension plans have a higher safe withdrawal rate, because people on the average have average lifespans. When a plan member dies early, their remaining contributions can be used (partially or in full) to fund other members' pensions.
Really good comment and fair point But mortality credits (pooling) don't solve the math of the discount rate - they add 100 - 150 basis points of reduction so retarget to 5.5% vs 4% if generous So they are still structurally designed where they HAVE to allocate towards risk to meet their targets which is at core of issue
Things I learned in Econ 101 like 25 years ago, and one of about four options if you google "how do companies manage payroll with fdic limits". But people with [mb]illions of funding just plopped money in a single account ..
Indeed, most of SVBs customers were those who had almost zero business finance experience. There were lots of startups but there were also lots of normal businesses and non-profits in the Bay Area that used SVB. Perhaps the slow depositors should be punished for not being sufficiently sophisticated, or as quick as the Thiel-backed startups that got the bat-signal to do a bank run. But the "moral" value of letting all those organizations lose their deposits is very low. The moral value of letting SVB fail, which it did , seems high to me!
if college education produces a public good (a more competent workforce), then it should be funded through public funds-- government should pay for education. If it does in fact lead to better outcomes, then the higher tax will cover the cost. running it through the private system builds in too many perverse incentives.
In theory that sounds good, but in practice our private system has created the best universities in the world and educates an immense number of students to highly employable levels.
If you had a choice between nothing being done and forgiving student loans which would you pick? Second. Let's say universities did take on the burden of loans, of course that would be via a bank right? If that's the case. How would they enforce risk? Based on certain majors? Who would give a loan with no collateral to young people with no credit on the hopes the major they picked had a viable job market years from that point?
> Who would give a loan with no collateral to young people with no credit on the hopes the major they picked had a viable job market years from that point? Who gives out scholarships now? Let's also note that the obvious response to the risk of the job market shifting after several years is to shorten the number of years required to pad out the degree, which is pure societal upside. The standard model of a four-year college degree only has you taking classes from your major during the final two years.
How about clawbacks from the universities.
Seems massively unconstitutional to retroactively impose penalties, especially if the previous behavior didn't violate any laws. Not to mention the reputational risk on the trustworthiness of US as a place to do business and the risk of abuse from future administrations. You might cheer that universities are getting their just desserts for scamming students, but your political adversaries might use it to claw back funding from universities for being too "woke" or whatever.
Great example of narrow rationality. Huge amount of Americas current problems can be traced back to a poorly educated population. Universal access to third level education, combined with a school system designed to educate - in direct opposition to current goal of producing labour units for corporate; would massively improve pretty much ever aspect of American life. The market lens is myopic, the market cannot be expected to produce social goods in proportion to necessity - that's not any part of its function. I agree that the student loan system is insane. Students need grants to cover cost of living while they focus on learning, education itself of course should be free.
>combined with a school system designed to educate - in direct opposition to current goal of producing labour units for corporate; would massively improve pretty much ever aspect of American life. "producing labour units for corporate" at least pays the bills. What's the alternative? Education is for "finding yourself" or whatever? That's a nice platitude, but "finding yourself" with a film studies course doesn't pay the bills, and is arguably the reason why there's a student loan crisis in the first place.
It's a question of supply and demand though. Sure we should fund science post grad, I'm not so sure about humanities (supply already outstrips demand there). Saying we should fund "post grad" in general elides this complexity. Public school is as much about providing babysitters for parents that have to work as it is about education. Notice how hard it is to be expelled from public school. Grades are irrelevant. This is very different from how post secondary education operates.
When compulsory education became a thing it met resistance from families that didn't wanna lose another pair of working hands on the farm. Babysitting is a 20th century post agrarian phenomenon.
The unfortunate reality is that your kindness and empathy is a resource that is being exploited by unseen actors. You are being taken for a ride and you feel good about it. I absolutely support maximizing access to education and I'm willing to pay for it. I'm not willing to prop up a giant unsecured-loan grift that transfers financial risk onto those least able to bear it, while universities jack up their tuition to grab their slice of this new pie.
You are correct and I am making a conscious choice. I'm not being taken for a ride, I'm willingly offering one. Of course there are those who would exploit. But I'm not going to punish the well-deserving masses because of the unscrupulous few. It's a very small sacrifice I can make each year, which could change the lives of thousands and for generations to come. You can justify NIMBY all you want, but I refuse to do so.
That's not a solution at all, because it will price out way too many students. The solution is to do what Germany and most of the EU does - pay universities with tax money and do not charge students anything at all (or maybe a few hundred to thousand euros).
That is what we did in the past, and why my undergrad degree didn't cost me nearly as much as someone would pay to get the same degree today from the same university. We've decimated state funding for public universities.
>. It signals to borrowers that they don't have to repay high loans if their career can't support it. The loan forgiveness wasn't a thing when many students took out the loans.
It would be a signal to future borrowers.
That's why it should be a one time event in conjunction with reworking the whole system. Why can I, as an 18 year old, sign for a loan that _cannot_ be forgiven, graduate into a crashed economy, and still be held accountable for choices that impact me when I only had a small part in them? The system needs reformed, and we need to do something for the people still on the hook of the old system (and I say this as someone who has paid off all my student loans).
Same reason you can sign up for war, or ride a bike without a helmet (in some places). The world is a dangerous place and the less legislation we have blocking people from making decisions, the more likely they are to be capable of making their own. In 2009 when I graduated, it was common knowledge that any private colleges or abnormal degrees were an oddity only for rich people to buy a piece of paper for their more disappointing kids. I don't know what changed (or if it was just localized), but whoever convinced you to go for the scam is at fault here in your circumstance- not the "system" for allowing other people to benefit. It's a bunch of able-bodied people who took the elevator instead of stairs thinking it was a shortcut, but the effort put in was the whole point. Anyone who told you otherwise is to blame. Punishing people who took the stairs sends a clear message to everyone else deciding which way to go.
> Why can I, as an 18 year old, sign for a loan that _cannot_ be forgiven, graduate into a crashed economy, and still be held accountable for choices that impact me when I only had a small part in them? Because you took the money promising to pay it back, spent it on something you wanted, and now it's gone and someone has to pay the money you spent. It's like saying why can I, as an 18 year old, purposely drive a car into someone else's house, cause six figures in costs, and then be expected to be on the hook for that because auto liability insurance doesn't cover intentional acts? You're the one who chose to do that. The price of tuition and the expectation that you pay back the money are not secrets kept from you until after you've already signed, or if they somehow are then maybe fix that .
> Because you took the money promising to pay it back, spent it on something you wanted, and now it's gone and someone has to pay the money you spent. How are they supposed to pay it back with a crashed economy? Look, I get it with personal responsibility and all that but these people were following the rules, did their part and now are burdened to their death while Big Co gets bailed out over and over and never learns responsibility. Why the double standard?
Except that no one has been preaching at you for your entire academic life that you MUST drive a car into someone's house at 18 in order to be able to get more than a minimum wage hard labor job.
But now we've arrived at the source of the trouble. Why are people being preached at to get a degree in underwater basket weaving instead of engineering or nursing, or for that matter forego a degree and pursue a trade?
The money can't be spent on a house or any useful asset that could be resold. They wouldn't give you a loan for that at 18 because it'd be irresponsible since they know you don't know anything about finance or economics as you likely don't have an education yet. They'll give you a high interest credit card with a 500 dollar limit to buy what you want though.
They give you the loan because the asset is you . In general if you get a degree, your future earnings increase by more than the cost of the degree. The "problem" is that if you don't pay a mortgage the bank takes the house, but the only thing for them to take if you don't pay your student loans is your future earnings, which is just the thing where you have to pay back the loan.
What are the second-order effects of a subclass of citizens permanently encumbered by debt that (with rare exceptions) cannot be discharged through bankruptcy? Perhaps your analysis of second-order effects is not thorough and complete? Have you really considered all of them?
The reason that you can't (default) discharge student loan debt in bankruptcy is that your degree can't be seized and sold off, so there's a pretty weak incentive to not declare bankruptcy as soon as you're handed your degree.
What if a degree could be seized? For example, what if bankruptcy courts could require a debtor to stop "representing themselves" as having a degree as a condition for discharging debt. If a court revoked a degree, it would effectively reset the graduate to the status of a dropout removing a significant amount of the degree's value (I know knowledge has its own value, but credentialism is a big part of a degree's value too).Universities already have the infrastructure to flag students. For example, many institutions withhold official transcripts or diplomas for academic fraud, moral infringements etc. Could this create enough of an incentive to pay back loans and not declare bankruptcy?
> What are the second-order effects of a subclass of citizens permanently encumbered by debt that (with rare exceptions) cannot be discharged through bankruptcy? A harsh lesson in personal responsibility. If you went to an out-of-state school to major in criminology hoping to be the next CSI, and you borrowed 180k to do it, you've learned a valuable lesson. Don't give me "they're only kids, they aren't able to make these decisions!"
> Don't give me "they're only kids, they aren't able to make these decisions!" You’re responding to something you imagined I said.
Just heading it off, not imagining anything.
Not really sure why this is getting downvoted. I don't really think we need to forgive student loans - I think they should absolutely be dischargeable through bankruptcy, though. Bankruptcy isn't a "get out of jail free" card - it puts a huge burden on a student relatively soon after graduating that makes it harder to start a family or buy a home. So it incentives are still aligned for the students taking the loans. But the option that a student defaults brings some real light and transparency into a loan system that just feels wildly disconnected from reality right now. If a student can't pay the loan back with the job options in the field and is like to default... don't issue the loan. I think it's absolutely abusive that student debt can't be discharged, and is pretty heinous as policy.
> I don't really think we need to forgive student loans. Neither do I. I was happy with the status quo ante Trump where many classes of public servant could get their student debts forgiven after on the order of ten years of service. (An imperfect program with too many disqualifying loopholes, but it was better than nothing. Now, almost no one qualifies.) The Overton window has foreclosed on that kind of solution to the problem, however. Even military personnel have been disqualified from attending certain schools as part of their meager education benefit. > Bankruptcy isn't a "get out of jail free" card Indeed. One’s mid-twenties are arguably the worst period of one’s life to live with damaged credit. > I think it's absolutely abusive that student debt can't be discharged, and is pretty heinous as policy. Absolutely, it needs to go.
> Student loans currently carry no risk. They can't be discharged. Interest is the payment to the lender to accept risk. you make a good point, if there's no risk there should be no interest. Or at worst, the interest rate should track COLA adjustments to social security. Some basic adjustment relative to inflation so the lender gets back what they lent out. Now that schools can pay their athletes I hope the rest of the student body take notice and start asking questions about school funds allocation. It should make it plain as day to the average student that their school has plenty of cash and choses to force them into debt.
>you make a good point, if there's no risk there should be no interest. Even loans to the US government pays interest. If you meant "no premium beyond the risk-free rate", why would anyone want to lend to students, when they have to deal with the hassle of dealing with lenders and the political risk of it getting discharged, when they can just led to the federal government instead?
Interest also compensates for the other things that money could be doing. If I didn't loan it to you (or a student), then I would be doing something else with the money, even if just buying a government bond.
I'm not sure that is accurate. You need a borrower to do that. If there were other low risk borrowers they would also lend them money, it's not a zero sum game. I'm no banker, but pretty sure the bank doesn't lend itself fractionally reserved loans and buy t-bonds.
Bankruptcy affects your credit score for 7-10 years. Someone who graduates from college in their early 20s with six figures in debt could file for bankruptcy immediately and have it be off their credit history by the time they've saved up a down payment and want to get a mortgage. There is also the obvious drawback that if more people can discharge the debt, the interest rate goes up, and then everyone else has to pay for the people who took out loans they didn't pay back.
> Someone who graduates from college in their early 20s with six figures in debt could file for bankruptcy immediately and have it be off their credit history by the time they've saved up a down payment and want to get a mortgage. So change the bankruptcy law? It’s a pretty easy fix. Create a whole new chapter if that’s what it takes. Make it dischargeable only after 7 years of nonpayment, do means testing… bankruptcy law already has these kinds of nuances built in.
Imagine a world where lenders charged different interest rates depending on the risk profile of each school. Lower interest rates for schools where graduates repay their debt, higher interest for schools where many people default. Assuming it wouldn’t disproportionately affect disadvantaged populations, that could be an interesting way to incentivize schools to get their shit together and prepare students for starting their career
That effect would be drowned out by all the people defaulting en masse because getting out of a six figure unsecured debt is worth more than a temporary hit to your credit score.
If that’s true, why isn’t everyone already doing it? Especially if 87% of student loans are forgiven during bankruptcy - maybe people just aren’t aware it’s possible.
> encourage universities to grow fatter In a typical state school, where's most of the fat accumulating? What could be cut significantly without affecting the quality of education?
I'm not an expert, but a lot has been written on this. Some areas: - more and more administrative staff and "middle management". The assistant to the assistant vice chancellor for elm trees. - Building and running very expensive science research operations. These may well be worthwhile efforts, but conflating them with undergraduate educations is a problem. - more and more student amenities. Fancy dorms, student centers, rec centers, etc - competitive athletics A big part of this, is that they need to attract students, ideally ones who can pay or borrow. And students are putting a lot of weight on the research programs (they impact public ratings), fancy dorms, rec centers, football teams, etc. And they are spending loan money, and don't seem to fully grasp the economics. But even if they did, the highest rated schools are the ones spending all this money, and thus charging more, it's a cycle. And this propagates down to mid- and lower tier schools. And then people in the leadership ranks of these schools are in part evaluated on how the ranking of their school changes. So if you can go from spot 150 to 140 by raising fees to build stuff you don't really need to teach (but improve your ranking), that is good for you.
Your argument is basically that current university costs are intrinsic and can't possibly be reduced but we know that isn't true. We have not two generations ago people paying for their college tuition with money from their part time jobs. My grandpa paid his way to a PhD as a line cook. Got no financial support from family who were only slightly above dirt poor. Like I don't want to be completely reductive but a good chunk of university classes are 30-100 people paying for a single dude and a room with chairs to lecture for 5 hours a week. This doesn't have to be ruinously expensive.
My PhD program, in CS (top 20 school), for an American, was basically free back in the early 2000s. At times it seemed like there were more fellowships than students. I'm not sure if that has changed.
A reasonable option. But was that on the table? Or was "just student loan forgiveness with no change to the system" what was being proposed? And if that was the proposal, would that be better or worse than the current status quo?
There has, for 30+ years, been a real problem with politicians refusing to speak truth, or anything close to it. They tell voters what they want to hear. This is often "truth adjacent", and they thus offer partial solutions that tend to not work out. The US has real problem that require real changes, but the political system is not responding. IMO, people sense this, grow frustrated, and become willing to take a chance on someone who seems to speak (more) truth, and claims to be willing to pursue real changes. We are starting to see more moderate mainstream politicians willing to speak more truthfully, and propose policy changes that may not appeal to everyone. But I'm not sure it's happening fast enough.
Healthcare is in exactly the same boat. A major part of why it's so expensive is because of government subsidies to private healthcare insurance. No or little public option is exactly what allows insurance companies to go hog wild on their premiums. The ACA subsidies are simply a bandaid on a broken system which allows insurance to further break the system as they adapt to what people are willing to pay for a necessity.
Healthcare is really complicated. No one factor makes up a majority of the excess (compared to other rich nations) cost. The ACA is a bandaid, and may be making things worse over time, at least in some areas. But Americans don't see to have the appetite to really change anything. Probably because most voters are insulated from this by good (enough) employees plans.
So I read the Matt Levine article on this and a couple other pieces, and I'm not getting the impression Levine or other mainstream economists think this is a good idea as it currently stands? I don't necessarily think they are suggesting its clearly bad either, but it didn't seem as positive on it as I was expecting from your comment. Can you provide some more information, because I'm not really seeing the value in being required to interact with more financial institutions in practice.
When you deposit money in a US regulated bank, there are basically two places that can end up: - on deposit at the Fed, in the account of a Fed member bank (which could be your bank, or a bank your bank has an account at) - loaned out by your bank (or again, a bank your bank uses) The Fed, so far, has refused to allow new member banks (eg that could deposit at the Fed) that don't intend to ever loan out deposits. They would take all customer deposits and stick them at the Fed. Many (most? the ones at the Fed anyway) think allowing this would siphon away money that would otherwise be used to make loans. They are, in effect, putting their finger on the scale to push you to allow your savings to be used as loans. The rise of Private Credit, where wealthy individuals and institutions loan money to private firms for to fund loans is the new thing that could break this open. These arrangements are long term, the customer can't "call" the money back, they are committed, and (for the most part) their commitment matches the duration of the loans. So there can be no bank runs. And the people providing the money know what they are doing. Levine is mostly arguing that with so much money in private credit, we could do without forcing small savers to fund loans.
> Because the taxpayers bail them out. I could define anything as not being risky if I knew taxpayers would bail it out. I feel like I must be misunderstanding something here because it sounds like you're saying depositing funds in a bank is considered risky behaviour?
> depositing funds in a bank is considered risky behaviour? of course it is, that's why the bank pays you interest on your deposit. They loan out what you deposit at a higher rate and collect the difference as profit. If that loan defaults then your money is gone because the bank was never able to collect it back. FDIC was invented to insure your deposit up to 250k so you're protected (up to 250k) in case that happens.
Is high volatility really such a concern when you're dealing with a large pool of funds over such a long timeframe? Sure, if you need to withdraw funds during a downturn that's bad, but over the long term isn't that statistically balanced out by other months where you get lucky and withdraw during a peak?
I dont think its safe to assume perfect balance. Further, I know it goes against economic orthodoxy, but I am a big fan of buying low and selling high. When the market is bad, I become more frugal, I might even run on debt instead of selling. When the market is at all time highs, I'll sell some from riskier and move that into other things. Another oddity in this situation... People die slightly more often during flu season, so you could game this and plan to withdraw less.
Yes, that's my point. That bet ended 8 years ago. If "multiplying money" is really the sole goal then why didn't all the pension funds switch to investing in index funds back then? There are clearly some structural issues here which don't align well with the idea that pensions are a "paperclip maximizer" with the goal of maximizing returns. I find it interesting that the OP isn't arguing pensions should switch to investing in index funds, but rather into other projects the OP considers morally superior and that he personally believes will give better returns then hedge funds. To me that just feels like trading one set of hedge fund managers for another.
Are you asking why people getting paid to manage pensions inefficiently want to continue to get paid to do so?
Unless we're just talking about regular embezzlement of funds, how do you crash an ETF? I'm talking about broad index funds. Not stuff like ARKK
I have no idea how one would crash an ETF but I do wonder if someone could manipulate an index. I.e by somehow suggesting a larger fraction of free floating stock so that the index weights the stock higher than its actual share. That should create increased demand for that particular stock (fund companies buy it more) and thus raise its value over what the market would assign normally.
But do you agree that there are a set of bad actors who fall under the (not well-defined) term of "private equity"? Is this a definitional quibble or do you not believe there is a problem?
It is important definition. As private equity can mean anything not publicly traded. I do support banning certain financial actions. Like paying dividends with debt. Or structuring deals that achieve same effect. On other hand I would also ban stock buybacks.
I have no idea why leveraged buyouts are legal. What a bizarre mechanism for acquisition that feels so easy to just shut down with a relatively simple rule. Restricting a previously purchased business from taking out debt feels harder to regulate, but someone smart could probably figure out a few good rules to stop the majority of abuses.
Do you think non-recourse mortgage (the dominant type in USA) also should be banned? VC finds a bank that borrows them money to buy X, with X as collateral. It is exactly the same. The mass selloff of assets and absurd cost-cutting is caused by new owners not giving a damn about the future of acquired company, its workers nor clients - it has nothing to do with leveraged buyout itself.
I converted 2D conventional flight tracking into 3D (aeris.edbn.me)
That altitude scale could use something that makes logical sense than the seemingly random colors? Like its super hard to tell it by the color without knowing the index.
The planes look like swords, made me think Cloud Strife was going outta control with his Smash special.
it's 3D but I can't go first person mode on the planes feels a missed opportunity
Currently it servers more aesthetically than accuracy when it comes to vertical scaling, its on the feature list to add 1:1 height scale, it isn't as pleasing to look at but definitely a must have.
I think the current scale is a good solution. Otherwise the vertical data is too compressed when you zoom out
Some mountain airports might be quite interesting with 3d terrain But that's not what this is. Here only the airplanes are in the third dimension. The world map isn't even a globe
My local airport is at 1417ft MSL, so the planes start and land in mid-air.
Is Show HN dead? No, but it's drowning (arthurcnops.blog)
Yes, we need to do something about this and tomhow and I are talking about it - it's not clear yet what. Something that cuts down on quantity by raising the quality bar would obviously be best. One idea that a user proposed is a review queue where experienced HN users would help new Show HN submitters craft their posts to be more interesting and fit HN's conventions more.
People have been saying this since I joined
The entire internet is being inundated by slop, and HN is no different
Tanget but related, I posted on Who wants to be hired and, in comparison to last time I posted there 2019ish, I received only spam emails, no offers nothing at all. Luckily I used an alias for that post but I hate deleting it if anyone interested might come in
This is part of a bigger problem with vibe coding IMO. It's not just Show HN but signaling credentials in general. How would you signal that you actually put effort into your project on a resume or social event/presentation when others could just vibe-code some good looking but nonetheless unusable projects and show that off instead?
I wrote an internal engine combustion sim in C with what I'd assume is some pretty alright procedural audio generation and posted it to Show-HN ( https://github.com/glouw/ensim4 ) with which I got 2 upvotes. I understand it's niche, but I thought HN loved this sorta demoscene stuff. C'est la vie and que sera. I'm sure the artistic industry is feeling the same. Self expression is the computation of input stimuli, emotional or technical. If an infallible AI can replace all human action, would we still theoretically exist if we're not continuously transforming what's in front of us into something new?
related post: https://news.ycombinator.com/item?id=47039478
The worst part of the death of Show HN is that most of these people are so allergic to putting any effort in that they can't even write the description themselves. The repo's readme, the ShowHN post, and often even their comments will all be fully LLM-generated. This doesn't even take skill! Writing good marketing copy might take skill, but ShowHN isn't (supposed to be) marketing. Just describe the project in your own words, I promise it's not that hard. The bar is so low that even copy-pasting whatever you prompted to the LLM would be more interesting than the LLM's output. Although maybe it's better this way, since it makes it easier to filter out the garbage instantly.
> I promise it's not that hard. How many non-native English speakers are on HN? If it's more than 30%, why should they have to use a whole new language if they can just let an LLM do it in a natural sounding way.
I’d rather read broken english than LLM output.
Yes, that's what we tell people too. https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=by%3Adang%20%22own%20voice%22&sort=byDate&type=comment
"Show HN: ... that I vibe coded" is a language pattern that NLP trainers will give you to make yourself invisible.
I don't actually mind AI-aided development, a tool is a tool and should be used if you find it useful, but I think the vibe coded show HN projects are overall pretty boring. They generally don't have a lot of work put into them, and as a result, the author (pilot?) hasn't generally thought too much about the problem space, and so there isn't really much of a discussion to be had. The cool part about pre-AI show HN is you got to talk to someone who had thought about a problem for way longer than you had. It was a real opportunity to learn something new, to get an entirely different perspective. I feel like this is what AI has done to the programming discussion. It draws in boring people with boring projects who don't have anything interesting to say about programming.
As someone who posts blogs and projects out of my own enjoyment, no AI for code generation, handed edited blog, I still have no idea how to signal to people that I actually know what I’m talking about. Every step of the process could’ve been done by an LLM, albeit worse, so I don’t have a way of signifying my projects as something different. Considering putting a “No LLMs used in this project” tag at the start but that feels a little tacky.
Communicating that you know what you are talking about and that you're different is a lot of work. I think being visibly "anti-AI" makes you look as much of an NPC as someone who "vibe coded XYZ." It takes care, consistency and most of all showing people something they've never seen before. It also helps to get in the habit of doing in person demos, if you want to win hackathons it really helps to be good at (1) giving demos on stage and (2) have a sense of what it takes to make something that is good to demo. I have two projects right now on the threshold of "Show HN" that I used AI for but could have completed without AI. I'm never going to say "I did this with AI". For instance there is this HR monitor demo https://gen5.info/demo/biofeedback/ which needs tuning up for mobile (so I can do an in-person demo to people who work on HRV) but most all being able to run with pre-recorded data so that people who don't have a BTLE HR monitor can see how cool it is. Another thing I am tuning up for "never saw anything like this" impact is a system of tokens that I give people when I go out as-a-foxographer https://mastodon.social/@UP8/116086491667959840 I am used to marketing funnels having 5% effectiveness and it blows my mind that at least 75% of the tokens I give out get scanned and that is with the old conventional cards that have the same back side. The number + suit tokens are particularly good as a "self-working demo" because it is easy to talk about them, when somebody flags me down because they noticed my hood I can show them a few cards that are all different and let them choose one or say "Look, you got the 9 of Bees!"
” The first 90 percent of the code accounts for the first 90 percent of the development time. The remaining 10 percent of the code accounts for the other 90 percent of the development time.” — Tom Cargill, Bell Labs Some day I’m going to get a crystal ball for statistics. Getting bored with a project was always a thing— after the first push, I don’t encounter like 80% of my coding side projects until I’m cleaning— but I’ll bet the abandonment rate for side projects has skyrocketed. I think a lot of what we’re seeing are projects that were easy enough to reach MVP before encountering the final 90% of coding time, which AI is a lot less useful for.
> I’ll bet the abandonment rate for side projects has skyrocketed My experience is the opposite. It’s so much easier to have an LLM grind the last mile annoyances (e.g. installing and debugging compilation bullshit on a specific raspberry pi + unmaintained 3p library versions.) I can focus on the parts I love, including writing them all by hand, and push the “this isn’t fun, I’d rather do something else” bits to a minion.
You both have very good points here, but once I get finished with both of the 90% programming times, and everything seems to finally work with no more bugs (and it's true), then for my heavy industry work I look forward to spending 10X as much effort testing compared to coding.
One of the great benefits of AI tools, is they allow anyone to build stuff... even if they have no ideas or knowledge. One of the great drawbacks of AI tools, is they allow anyone to build stuff... even if they have no ideas or knowledge. It used to be that ShowHN was a filter: in order to show stuff, you had to have done work. And if you did the work, you probably thought about the problem, at the very least the problem was real enough to make solving it worthwhile. Now there's no such filter function, so projects are built whether or not they're good ideas, by people who don't know very much
I have yet to see any of these that wouldn’t have been far better off self-hosting an existing open source app. This habit of having an LLM either clone (or even worse, cobble together a vague facsimile) of existing software and claiming it as your own is just sort of sad.
I actually came to this realization recently. I'm part of a modding community for a game, and we are seeing an influx of vibe coded mods. The one distinguishing feature of these is that they are entirely parasitic. They only take, they do not contribute. In the past, new modders would often contribute to existing mods to get their feet wet and quite often they'd turn into maintainers when the original authors burnt out. But vibe coders never do this. They basically unilaterally just take existing mods' source code, feed this into their LLM of choice and generate a derivative work. They don't contribute back anything, because they don't even try to understand what they are doing. Their ideas might be novel, but they don't contribute in any way to the common good in terms of capabilities or infrastructure. It's becoming nigh impossible to police this, and I fear the endgame is a sea of AI generated slop which will inevitably implode once the truly innovative stuff dies and and people who actually do the work stop doing so.
Sometimes 'gatekeeping' is a good thing.
Yeah, I think it's sort of an etiquette thing we haven't arrived at yet. It's a bit parallel to that thing we had in 2023 where dinguses went into every thread and proudly announced what ChatGPT had to say about the subject. Consensus eventually become that this was annoying and unhelpful.
At times, it seems like the only thing that has changed is that the dinguses don't bother crediting ChatGPT.
Agreed, and were gonna see this everywhere that AI can touch. Our filter functions for books, video, music, etc are all now broken. And worst of all that breaking coincides with an avalanche of slop, making detection even harder. There is this real disconnect between what the visible level of effort implies you've done, and what you actually have to do. It's going to be interesting to see how our filters get rewired for this visually-impressive-but-otherwise-slop abundance.
I have a sci-fi series I've followed religiously for probably 10 years now. It's called the 'Undying Mercenaries' series. The author is prolific, like he's been putting out a book in this series every 6 months since 2011. I'm sure he has used ghost writers in the past, but the books were always generally a good time. Last year though I purchased the next book in the series and I am 99% sure it was AI generated. None of the characters behaved consistently, there was a ton of random lewd scenes involving characters from books past. There were paragraphs and paragraphs of purple prose describing the scene but not actually saying anything. It was just so unlike every other book in the series. It was like someone just pasted all the previous books into an LLM and pushed the go button. I was so shocked and disappointing that I paid good money for some AI slop I've stopped following the author entirely. It was a real eye opener for me. I used to enjoy just taking a chance on a new book because the fact that it made it through publishing at least implied some minimum quality standard, but now I'm really picky about what books I pick up because the quality floor is so much lower than in the past.
That may be something. Having too may subs could get out of hand, but sometimes you end up with so much paperwork generated so fast that it needs its own dedicated whole drawer in your filing cabinet ;)
Sorry about that, didn't mean to hurt anybody's feelings :( It's still early and easy to underestimate the number of visitors who would absolutely love to have the main page more covered in absolute pure vibe than it is recently. I would like to hear opinions as to why the non-human touch is preferred, that could add something that not many are putting into words. Hopefully it's not a case of the lights being on but nobody's home :(
I did a Show HN a few years ago on another account. It got no upvotes but that website/app has generated over $6m in revenue in that time (over $4.5m profit). Not sure what my point is but thought I'd share
This happens all the time, it’s a good thing to really keep in mind. All of my best projects were dismissed initially and continue to be. There is a reddit post where I announced Blockheads to a handful of “looks like a crappy Minecraft ripoff” comments. It went on to be played by 50 million people.
If those announcement posts don't take off, how do you end up finding a community of users/players?
Can you recommend this software? It's definitely not considered an ad, but just to understand what exactly you find useful.
yes - please recommend affiliate software that is actually good, lots of people here woudl love it to get off the ground
I am a major advocate for AI assisted development. Having said that, it used to feel part of an exclusive club to have the skills and motivation to put a finished project on HN. For me, posting a Show HN was a huge deal - usually done after years of development - remember that - when development of something worthwhile took years and was written entirely by hand? I don't mind much though - I love that programming is being democratized and no longer only for the arcane wizards of the back room.
> For me, posting a Show HN was a huge deal - usually done after years of development This is still possible. Vibe coders are just not interested in working on a piece of software for years till it's polished. It's a self selection pattern. Like the vast amount of terrible VB6 apps when it came out. Or the state of JS until very recently.
GrapheneOS – Break Free from Google and Apple (blog.tomaszdunia.pl)
Switched a couple of weeks ago and works perfectly. I also found so many better apps that dont steal your data for basic stuff like weather, notes, messaging,...
I want to break free - Queen :) Lyrics https://genius.com/Queen-i-want-to-break-free-lyrics
Google is so much engrained in our lives that we can't really break free. You can't just don't use youtube and for that you need a google account.These projects are nice and good for tinkering, but can't use this as a dialy driver.
Why do I need a Google account for Youtube? It seems I can watch nearly any video I want without logging in. Moreover there are anonymity proxies like Invidious.
This is so well-written with obvious care! Answers so much of what I've been wanting to know, as someone who's thinking about taking this plunge.
"Break free from Google" and buy a Pixel phone from them to do so. But unironically Pixels are currently some of the best actually open phones. They do not lock down or require shady practices for unlocking the bootloader (although they do require a network check once that happens automatically, but it will permanently allow unlocking the bootloader if successful once. Pixels are very easy to restore and almost un-brickable, allow bypassing the boot screen warning by pressing the power button twice, actually allow relocking the bootloader and don't void your warranty unlocking it, don't have a shady one-time fuse like Samsung phones do with Knox, etc.
Graphene is supposedly working with a major OEM manufacturer to have future device support independent of google, on a flagship device. It's been in the works for awhile but it's very exciting. https://www.androidauthority.com/graphene-os-major-android-oem-partnership-3606853/
It is possible, but many people still buy them from their provider with financing or subsidies. That means people shopping for used Pixels who want to unlock the bootloader need to avoid the special Verizon variant which forbids unlocking the bootloader. This is separate from SIM locking, which forbids use with another carrier. US carriers still do that, but are required to remove the lock after a while if the customer doesn't owe them money. It's not clear why Verizon insists on permanently locked bootloaders or why Google agrees to it for Verizon when they don't do it on Pixels sold anywhere else.
Yep. I lost a restocking fee when I bought a used "unlocked" Pixel. Turned out it was not SIM locked, but it was impossible to unlock the bootloader. It was pretty easy to find a bootloader-unlockable Pixel once I knew what to look out for, but the first time I had no idea this was something you had to look out for.
What binary format?? Go read facebook's "source code", is that any more open than a random apk? If anything, apks decompile quite well.
So long as browsers allow you to open the developer tools and inspect memory etc., they're more open than remote attestation of a stock android or ios device Decompiling apps only works if you can get the app. I don't understand GP's problem with the apk format either, but you do need to break terms of service to get the files if you don't have a phone with Google services installed. Whether that's ethical or legal is up for debate
wish my yubikey would work with bitwarden
My Yubikey works with bitwarden on GrapheneOS using NFC.
Duckduckgo's only hit for "Gphotoshim" is your comment. Any hint at what to look for?
https://github.com/CaramelFur/GPhotosShim
8. External storage works. This is the only mobile OS I've found that has stable support for an External SSD. I bought a second hand Pixel 7 to test this and an exFat SanDisk Extreme Portable 2TB works with reads/writes perfectly.
> This is the only mobile OS I've found that has stable support for an External SSD. My Librem 5 running PureOS also supports external storage just fine.
And once you are on GrapheneOS, break free from your proprietary watch ecosystem and switch to GadgetBridge ( https://gadgetbridge.org/ ) I run a Thinkpad with NixOS and KDE, a Pixel 9 with GrapheneOS, and an Amazfit watch paired with GadgetBridge on my phone. It's a testament to the hard work of the FOSS maintainers of these projects, and the spirit of open source, that everything works flawlessly together without any cloud service sucking up my data. For example, I can control youtube and music playback on my laptop with my watch because KDE Connect syncs my laptop and my phone, and gadgetbridge syncs the phone and the watch. The breezy weather app on my phone can automatically push its data to gadgetbridge which in turn pushes the data to the watch. And so on. So many little things, developed independently, working like a single well oiled machine.
Alternatively, consider PineTime, which even offers a choice of the OS it runs: https://pine64.org/documentation/PineTime/
I tried GadgetBridge because it cannot sync the activity files (.fit and/or .gpx) so I still had to plug the watch into a computer to keep the actual data. So I ended installing ActivityLog2[0] to do something with the files I had to have on desktop and GadgetBridge was of little use because relying on GadgetBridge without actually syncing the files might make me forget about doing the backup to a device I control (GrapheneOS or a computer). As soon as GadgetBridge support syncing the files from the watch to the app (or any local folder on Android), I'll install it again and stop doing the manual backups over USB. Syncthing will do it automatically. [0] https://github.com/alex-hhh/ActivityLog2
Under settings->automations->auto export, you have "Auto export zip" where you can specify export interval. The zip file includes all the data (personally, I only see .fit files) from your app. For sync, you might have to use something like syncthing.
> I like Organic Maps Does anybody know of a project that offers public transport routing? Ideally with real time information, but I can live with only using schedules or even just average passage interval. The other general sticking point for me is the reviews, but I could invite more serendipity to my restaurant search.
FWIW Organic Maps are aware of this issue. In the poll on their mastodon account, lack of public transit information was voted as number one missing feature. As far as I’m aware, they are looking into integrating the public APIs for it wherever possible.
All map apps I tested so far were kind of usable but nowhere near Apple or Google maps. Especially for longer trips I often got lost and had to re-navigate by different reasons (voice announcement too late, no lane instructions, etc.). However, I listed it because it is a "usable" alternative that works offline.
I used OrganicMaps for navigation from the UK through France, Germany, Switzerland, back into France and then Spain last year on a 2 week enjoyable camper van trip. It can take a while for routing changes if you ignore it and decide to drive elsewhere, and I don't really use the voice alerts (I just have it on my phone on the dashboard via a magnet), but all in all it worked really well. Although I would like speed limits shown in MPH in the UK, OrganicMaps' KMH limits were useful on the Continent.
> BankID works but not with biometric login Do you use any authenticator apps such as Okta? My org requires biometrics when using Okta on my phone.
I use microsoft authenticator, in its own work profile for work. I also use fingerprint login for Nordea, the Proton Suite, my personal 2fa program. Biometric works great on the Pixel 9A, at least, and it was fine on the 8 Pro when I had it. The BankID thing is a SW quirk on their end, but generic fingerprint seems works great across the ecosystem.
A collegue of mine was tech lead at a large online bank. For the mobile app, the first and foremost threat that security auditors would find was "The app runs on a rooted phone!!!". Security theater at its finest, checkboxes gotta be checked. The irony is that the devs were using rooted phones for QA and debugging.
> the first and foremost threat that security auditors would find was "The app runs on a rooted phone!!!". GrapheneOS is not rooted, or is not required to be.
As long as copying some numbers, printed on a piece of plastic, into an online order form is all the authentication that is needed for a transaction, anything more than that is inherently security theater.
That’s why for most transactions I do with a credit card in my country, you need an extra validation with the mobile app. It is mostly American websites that do not enable this functionality.
Locking down PCs is easy: just set a random password.
Just blow the right hardware fuses and secure boot will be forced with a key that doesn't (or can't) exist.
It's easier for me to remember really long passphrases than even short alphanumeric strings - small maximum password lengths set my teeth on edge. The passwords should be getting hashed anyway right?
The problem is that you never really know what a website operator does with your credentials. Ideally, you have both a unique email and a unique password for each site, because sadly credential stuffing [1] is a thing. [1] https://en.wikipedia.org/wiki/Credential_stuffing
That's pretty funny on a few levels, not in the least that they required a "secure" password like that but stored them in plain text.
I regularly conduct transactions at the branch of my local bank wherein they ask me for no credentials whatsoever. I also once forgot to bring my account number with me and the teller said "no worries, I'll look it up for you." Kind of horrifying.
Somewhat unrelated, is there any technical reason certain punctuation might be banned? I can understand maybe not allowing letters with diacritics or other NON-ASCII chars but why would a system reject an @ sign or bracket > for example?
A lot of the restricted stuff is cargo-cult fear of symbols that could be used in SQL-injection or XSS attacks. A properly-coded system wouldn't care, but the people who write the rules have read old OWASP documents and in there they saw these symbols were somehow involved in big scary hacks that they didn't understand. So it's easier to ban them.
Depending on the protocol they can be url encoded or even helpfully html encoded; the same password can be used over different protocols. It's the best to not use punctuation by default (length supplies more entropy than charset), I add -0 at the end to make dumb password policies happy.
ive seen: -"but ios can be jailbroken and it doesnt have an AV!" while the MDM does not allow jailbroken devices, and they also allowed sudo on linux. auditors are clueless parasites as far as im concerned. the whole thing is always a charade where the compliance team, who barely knows any better tries to lie to yhe auditor, and the auditor pick random items they dont understand anyway. waste of time, money and humans.
at best it's "cover your ass security" so when you do get pwned you can say you went through an "accrediting auditor" - blah blah blah. Agreed on everything you said. Just wish there was a more efficient way to do things :/
I’m just imagining myself pulling out the stylus on the train/plane, dropping it, and watching it roll away forever.
Millions of owners of Samsung devices somehow manage to not do that every day.
> require authentication using their phone app And banks often have their apps region locked, so if you live abroad or have accounts in more than one country, you’re fucked.
Cough cough, Nationwide UK. I emailed them, they said they had no plans to make the Nationwide UK app available globally on the iOS App Store.
Especially in Europe! They shouldn't be forcing you to run an OS from an American company.
American here who values individual liberties greatly. I know things are politically tense at the moment, but I’m not sure I understand this popular contemporary sentiment. I’ve always believed governments and companies should be regarded with fairly low trust, and the behavior of big tech companies and some recent government actions are great examples why. But what disappoints me a bit about this moment is (the perhaps inevitable?) response to nationalism with more nationalism. Just as I didn’t seek to punish the EU over authoritarianism in Hungary and Poland, I feel the current moment has many responding to the symptoms instead of the sources of the problems. This is not a defense of policies I believe concern you, it’s a question of priorities. I think the author of the article got it right. Because in addition to privacy, I believe one should be able to navigate the internet freely without a mandate to do business with monopolistic dominant companies, which includes rights like ownership of your data.
Some UK banks (Nationwide and Barclays I know for certain) have had mini card-reader PIN devices since around 2010 that they've given customers, that basically generate on an LCD screen an 8-digit code for authentication. When confirming a large transfer, you also need to enter the payment amount in the device, and I assume this gets hashed into the number as well. More recently (last 3/4 years), you can also use their mobile app to do this instead / as well as.
Moved from the UK to Germany. My German card reader is even better, no manually entering the transaction details, I just scan a QR code from my laptop, and the card reader display shows the IBAN and amounts, before I confirm to get the code.
> Can the PIN change? You can change it in the app, yes. > How to issue new key if needed? I think you’ll have to reissue your ID. There’s also digi-ID (similar e-signature certificate on a card, but without any ID features), Mobiil-ID (e-signature on a SIM-card, no idea how it works), Smart-ID (in app, tied to secure storage in Android/iOS, cross-signed by the server which is supposed to check the device somehow) and probably something else I don’t remember. All of these are independent options, so you can, for example, revoke your Mobiil-ID if you lose your phone, and still use the your main ID card to sign things.
How much the certificate costs and lasts?
Nope, there’s a desktop version, too. And it’s all free/open source: https://github.com/open-eid (Though Smart-ID is its own thing and is a fair bit more locked down, but I’ve managed to get it running on a phone without Google services IIRC.)
Wow, that is nice!
I hope this isn't going to be the case universally. If my bank cuts off my access from my browser-on-linux setup, then I'm finding an alternative bank (hopefully some will always exist), which I don't say lightly since I've been with my current bank since I was old enough to have a bank account.
You'll quickly find out - as people are finding out in EU nowadays - that *no* bank will go through the trouble of fighting checklist security auditors to keep your linuxes working. Wait till you find out that your prefered Linux bank won't have the same mortgage terms as you'd like and you'll be running to buy a Google/Apple phone to get those % down.
The whole reason why GrapheneOS is superior to its alternative is because they do all that. I also with they could support non-Google phones, but that's a problem coming from the manufacturers, not from GrapheneOS. My understanding is that there are close to half a million GrapheneOS users. And many potential users don't want to buy a Google phone. So it feels like it is starting to become worth considering for manufacturers... I don't get why Fairphone doesn't look into that. Is it because they are not aware, or is it too hard for them to make hardware that is compliant with what GrapheneOS requires? Hundreds of thousands of devices may not count so much for Samsung, but they must definitely count for Fairphone.
> The whole reason why GrapheneOS is superior to its alternative is because they do all that. What is "its alternative"? > I also wish they could support non-Google phones, but that's a problem coming from the manufacturers, not from GrapheneOS. The manufacturers aren't blocking the installing of GrapheneOS...
They rely on manufacturer support for device firmware, just like anyone else.
Debian surely doesn't depend on Lenovo or Asus to release OS updates for my laptop. Apparently it's not "everyone else" that needs this but it's some sort of dependency for mobile (qualcomm?) devices I have trouble understanding why this is different on mobile devices. People keep speaking of blobs but that doesn't seem to be a thing in laptop/desktop hardware, unless they mean something like the firmware running on your wifi card and uefi chip? But those can be interfaced with from any kernel version, afaik, so I don't get it
Debian does not write the whole software stack running everywhere on your system. So if you want your system to be "supported", as in, "if a security flaw is discovered in a firmware, I want it patched and I want my firmware to be updated", then you need whoever writes that firmware to do it. That's a dependency: if you want your system to be secure, you depend on the software running on your system to be patched when a security flaw is published.
No, I really meant that AOSP is not Android. Android builds on top of AOSP. I elaborated here: https://news.ycombinator.com/item?id=47047167
Well. I do get your point and I am aware of the situation and how Google pivoted away from a truly open source OS by systematically moving components like the keyboard to separate closed source apps. The fact remains though that it's Android Open Source Project where all Android systems are based on. It's become sort of a GNU/Linux kind of distinction where the "certified" Android is AOSP + Google. Though the situation is not that clear because there are other Android based phones that do not contain the Google layer but are still Android.
Interesting. What are the alternatives to GrapheneOS that you wouldn't consider a "toy" ?
In my understanding, it's not the OS that makes it a toy but the hardware. I guess something with open schematics (Librem 5, Pinephone) should be better, or an open-hardware device like Precursor.
well, a concerted attack could easily subvert the baseband if you have a few million dollars and the correct letterhead or private contacts. GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled. Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?
> Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself? I do run Qubes, and a compromised router, e.g., will not get access to any passwords that I store in an offline VM as text, even with any previously known vulnerability since 2006.
Most anti-google move: buy a second hand pixel, they receive no revenue on the device which is (assumed) already highly subsidized by google so that they can profit off users' data, then you use their subsidized hardware without running their spyware OS. Google only loses money in this scenario, it is a great protest.
Have you seen those prices? I don't think the devices need subsidising at all. How else could competitors, who aren't selling off your data, offer it for cheaper?
I'm confused. You say: > It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes So I assume that even though QR codes are available where you live, you use your debit card with an NFC chip because it is quicker than using QR codes... Anyway, the important part is that NFC doesn't require an internet connection, and I had missed that. Now I wonder why a QR code couldn't work without an internet connection just the same. I'll have to look into that!
> So I assume that even though QR codes are available where you live, you use your debit card with an NFC chip because it is quicker than using QR codes... Yes, I generally use my card rather than than QR unless the shop doesn't take cards, doesn't have a paywave/etc-enabled card reader, the card reader is broken, the sales person doesn't know how to use it, or the sales person insists I give them my card and PIN to pay (none of those are hypotheticals, I've experienced all of those first hand, some of them quite repeatedly). > Now I wonder why a QR code couldn't work without an internet connection just the same. Because a QR code is just a short piece of information to tell your banking app who to send funds to - it's like putting a mailto: link on a website rather than asking people to re-type your email address to contact you.
 Top