Unlurker|Replay|About
Illinois Introducing Operating System Account Age Bill (ilga.gov)
I wonder how this will mix wit federal laws saying you aren't allowed to track users under the age of 13yo? Will this then be forced as a browser API/header passed to every server/request?
Read and share "Free Software, Free Society" now. Richard Stallman advised us about it long ago. Thank god Plan9 got relicensed into GPL. 9front might not totally free, but it's a step in case GNU+Linux gets utterly broken. And, yes, please, go try Trisquel (novice users), GUIX (experts) and Hyperbola (experts and protocol purists). Avoid every Google, Amazon, Facebook, Netflix service with nonfree JS.
What are they going to do to enforce this? Take down open source projects that "operate" in Illinois because a user downloaded the software there? Absolute joke and everyone should treat it that way; advanced compliance here means implicit support for the surveillance state.
Curious how OpenBSD or Haiku will comply.
If I’m not mistaken, Meta has been lobbying heavily for all of these age-verification bills lately. It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
Yes https://www.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_appears_meta_is_heavily_lobbying_for_linux_age/
Really, I’m surprised that for all of the discussions on HN around these individual statewide acts that I see so little discussion of Meta as a primary force pushing them.
“Use of this computer is illegal in the state of Illinois - your friendly neighborhood SWAT team has been notified.”
Why suddenly are all of the blue states doing this BS? What is going on and what control is this affording the government?
Lobbying from Meta. They do not want to do age-verification themselves (and pay for it).
Meta is behind a huge amount of it, they have funded the majority of these
Meta is lobbying with millions for it.
I don't like this whole thing, but compared to what I was fearing would happen, this idea is nowhere near as bad. What I expected was that we'd end up with the OS vendors actually being mandated to really do age verification, and then submitting that using Web Credentials and Secure Attestation so that the far end could trust the whole thing, locking open-source OS's out of the mix and creating more of a walled garden online than we already have. I was guessing it would become a simple checkbox on e.g. Cloudflare - "[ ] allow adult users only" or whatever - and that it would end up with vast swathes of the internet going off limits for anyone not on closed-source systems. Now, it looks like this is just a way for parents to tell the OS "this is a kid account" and have it flow through to websites so they can easily proactively block kids from connecting without having to implement any of that crap. Yes, it's much potentially easier for a child to circumvent; but any kid who can get around that sort of thing from within an OS could probably just wipe/reinstall anyway, so who cares? As a parent whose kids are continually trying to see what trouble they can get into, I appreciate that I will get one more potential weapon in the fight. Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
Yeah, the laws in CA, CO, and now IL are essentially just mandating generally available OS's implement a standardized, local parental control system. Detractors will say parents should just install existing parental control software, even though it's existed in its current form for decades and is obviously not effective. And they'll say it should be the parents' responsibility to enforce what their kids are doing with computers, while ignoring the fact that these laws provide tools allowing parents to do just that (the parents are the ones responsible for supervising their kids when they create accounts to ensure they're not lying about their age-- if the kids lie during setup, it's on the parents). Anyone with kids will probably acknowledge that it's much easier supervising your kid once when they first set up an account on a new device than it would be to supervise them 24/7 when they're using the internet. But for some reason, lots of people without kids are in a panic about having to type in any date older than 18 years ago. The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
Websites can send down a single header indicating adult content. The device, the parent setup to indicate the users age, can respect that. Legitimate adult websites will not show the content. There is no need for any verification beyond that or it's just government mandated surveillance.
What do you think comes after this? This is just a first step towards exactly requiring age verification at the OS/Store level... Then comes ever more restrictive and intrusive tracking and eliminating all anonymity as a final goal. Time to start throwing up hobby BBS sites... and I think in this case text mode interfaces over web might be an advantage.
this is completely insane. we need some kind of constitutional amendment to get rid of all this kind legislation forever.
> this is completely insane. we need some kind of constitutional amendment to get rid of all this kind legislation forever. Have you done anything about it? Other than comment on HN or reddit? You need action. Not words. For the record, I don’t care enough about age verification. Whether the law passes or not, I don’t really care.
GPT‑5.4 Mini and Nano (openai.com)
Looking at the long context benchmark results for these, sounds like they are best fit for also mini-sized context windows. Is there any harness with an easy way to pick a model for a subagent based on the required context size the subagent may need?
I checked the current speed over the API, and so far I'm very impressed. Of course models are usually not as loaded on the release day, but right now: - Older GPT-5 Mini is about 55-60 tokens/s on API normally, 115-120 tokens/s when used with service_tier="priority" (2x cost). - GPT-5.4 Mini averages about 180-190 tokens/s on API. Priority right now does nothing for it. - GPT-5.4 Nano is at about 200 tokens/s. To put this into perspective, right now Gemini 3 Flash is about 130 tokens/s on Gemini API and about 120 tokens/s on Vertex. This is raw tokens/s for all models, it doesn't exclude reasoning tokens, but I ran models with none/minimal effort where supported. And quick price comparisons: - Claude: Opus 4.6 is $5/$25, Sonnet 4.6 is $3/$15, Haiku 4.5 is $1/$5 - GPT: 5.4 is $2.5/$15 ($5/$22.5 for >200K context), 5.4 Mini is $0.75/$4.5, 5.4 Nano is $0.2/$1.25 - Gemini: 3.1 Pro is $2/$12 ($3/$18 for >200K context), 3 Flash is $0.5/$3, 3.1 Flash Lite is $0.25/$1.5
I googled all the testimonial names and they are all linked-in mouthpieces.
Not comparing with equivalent models from Anthropic or Google, interesting...
They did actually compare them in the tweet, see https://x.com/OpenAI/status/2033953592424731072 Direct image: https://pbs.twimg.com/media/HDoN4PhasAAinj_?format=png&name=4096x4096
I am feeling the version fatigue. I cannot deal with their incremental bs versions.
Does it still help drive people to psychosis and murder and suicide? Where's the benchmark for that?
As a big Codex user, with many smaller requests, this one is the highlight: "In Codex, GPT‑5.4 mini is available across the Codex app, CLI, IDE extension and web. It uses only 30% of the GPT‑5.4 quota, letting developers quickly handle simpler coding tasks in Codex for about one-third the cost." + Subagents support will be huge.
Having to invoke `/model` according to my perceived complexity of the request is a bit of a deal breaker though.
you use profiles for that [0], or in the case of a more capable tool (like opencode) they're more confusing referred to as 'agents'[1] , which may or may not coordinate subagents.. So, in opencode you'd make a "PR Meister" and "King of Git Commits" agent that was forced to use 5.4mini or whatever, and whenever it fell down to using that agent it'd do so through the preferred model. For example, I use the spark models to orchestrate abunch of sub-agents that may or may not use larger models, thus I get sub-agents and concurrency spun up very fast in places where domain depth matter less. [0]: https://developers.openai.com/codex/config-advanced#profiles [1]: https://opencode.ai/docs/agents/
To me, mini releases matter much more and better reflect the real progress than SOTA models. The frontier models have become so good that it's getting almost impossible to notice meaningful differences between them. Meanwhile, when a smaller / less powerful model releases a new version, the jump in quality is often massive, to the point where we can now use them 100% of the time in many cases. And since they're also getting dramatically cheaper, it's becoming increasingly compelling to actually run these models in real-life applications.
If you're doing something common then maybe there are no differences with SOTA. But I've noticed a few. GPT 5.4 isn't as good at UI work in svelte. Gemini tends to go off and implement stuff even if I prompt it to discuss but it's pretty good at UI code. Claude tends to find out less about my code base than GPT and it abuses the any type in typescript.
they do are cheaper than SOTA but not getting dramatically cheaper but actually the opposite - GPT 5.4 mini is around ~3x more expensive than GPT 5.0 mini. Similarly gemini 3.1 flash lite got more expensive than gemini 2.5 flash lite.
But they are getting dramatically better. What's the point of a crazy cheap model if it's shit ? I code most of the time with haiku 4.5 because it's so good. It's cheaper for me than buying a 23€ subscription from Anthropic.
The crazy cheap models may be adequate for a task, and low cost matters with volume. I need to label millions of images to determine if they're sexually suggestive (this includes but is not limited to nudity). The Gemini 2.0 Flash Lite model is inexpensive and good at this. Gemini 2.5 Flash Lite is also good at this, but not noticeably better, and it costs more. When 2.0 gets retired this June my costs are going up.
↙ time adjusted for second-chance
Show HN: Crust – A CLI framework for TypeScript and Bun (github.com/chenxin-yan)
This looks useful. But, it's interesting how the backend-world and front-end world keep diverging. I must admit, I had no idea what this was from the title. "CLI framework"? But in backend-land, these would typically be called "argument parsers" or "command line argument parsers". But maybe I am missing some of the functionality.
Psst, the GitHub link in your post is broken (it should be https://github.com/chenxin-yan/crust ).
thanks for flagging! the post itself works, just the link at the bottom
this is cool! i'd recommend fleshing out the README. Clicked on the link before the discussion and was a tad confused.
will fix in the next hour!
↙ time adjusted for second-chance
Toward automated verification of unreviewed AI-generated code (peterlavigne.com)
...in FizzBuzz
I think generative AI works best as a code review assistant rather than something that should be relied entirely upon for code review. LLMs can provide helpful advice and help engineers think of something they might not have thought about when writing, but they cannot review code in-depth the way we can. There are plenty of blatantly obvious security issues (usually on code generated by an LLM in large patches) I've seen pass LLM and automated code review before. LLM code review (with the right tools and setup) can encourage engineers to write more pragmatic code, help write more in-depth tests, and submit overall better code without having to involve someone else, but a language model can't replace an actual human code review for production systems. We also should not be thinking of code as " correct " or " incorrect " because that doesn't measure code quality and security. Additionally, code can be classified as correct through tests but still have major security issues not covered by a test or be something that utilizes too much CPU/memory in production.
This is a naïve approach, not just because it uses FizzBuzz, but because it ignores the fundamental complexity of software as a system of abstractions. Testing often involves understanding these abstractions and testing for/against them. For those of us with decades of experience and who use coding agents for hours per-day, we learned that even with extended context engineering these models are not magically covering the testing space more than 50%. If you asked your coding agent to develop a memory allocator, it would not also 'automatically verify' the memory allocator against all failure modes. It is your responsibility as an engineer to have long-term learning and regular contact with the world to inform the testing approach.
I'm having a hard time wrapping my head around how this can scale beyond trivial programs like simplified FizzBuzz.
People treating this as a scaling problem are skipping the part where verification runs into undecidability fast. Proving a small pure function is one thing, but once the code touches syscalls, a stateful network protocol, time, randomness, or messy I/O semantics, the work shifts from 'verify the program' to 'model the world well enough that the proof means anything,' and that is where the wheels come off.
Using FizzBuzz as your proxy for "unreviewed code" is extremely misleading. It has practically no complexity, it's completely self-contained and easy to verify. In any codebase of even modest complexity, the challenge shifts from "does this produce the correct outputs" to "is this going to let me grow the way I need it to in the future" and thornier questions like "does this have the performance characteristics that I need".
> is this going to let me grow the way I need it to in the future This doesn’t matter in the age of AI - when you get a new requirement just tell the AI to fulfill it and the old requirements (perhaps backed by a decent test suite?) and let it figure out the details, up to and including totally trashing the old implementation and creating an entirely new one from scratch that matches all the requirements. For performance, give the AI a benchmark and let it figure it out as well. You can create teams of agents each coming up with an implementation and killing the ones that don’t make the cut. Or so goes the gospel in the age of AI. I’m being totally sarcastic, I don’t believe in AI coding
[delayed]
it isn't gospel, it's perspective. if you care about the code, it's obviously bonkers. if you care about the product... code doesn't matter - it's just a means to an end. there's an intersection of both views in places where code actually is the product - the foundational building blocks of today's computing software infrastructure like kernels, low level libraries, cryptography, etc. - but your typical 'uber for cat pictures' saas business cares about none of this.
Even with mutation testing doesn’t this still require review of the testing code?
Mutation is a test for the test suite . The question is whether a change to the program is detected by the tests. If it's not, the test suite lacks coverage. That's a high standard for test suites, and requires heavy testing of the obvious. But if you actually can specify what the program is supposed to do, this can work. It's appropriate where the task is hard to do but easy to specify. A file system or a database can be specified in terms of large arrays. Most of the complexity of a file system is in performance and reliability. What it's supposed to do from the API perspective isn't that complicated. The same can be said for garbage collectors, databases, and other complex systems that do something that's conceptually simple but hard to do right. Probably not going to help with a web page user interface. If you had a spec for what it was supposed to do, you'd have the design.
Correct. Where did the engineering go? First it was in code files. Then it went to prompts, followed by context, and then agent harnesses. I think the engineering has gone into architecture and testing now. We are simply shuffling cognitive and entropic complexity around and calling it intelligence. As you said, at the end of the day the engineer - like the pilot - is ultimately the responsible party at all stages of the journey.
While I understand why people want to skip code reviews, I think it is an absolute mistake at this point in time. I think AI coding assistants are great, but I've seen them fail or go down the wrong path enough times (even with things like spec driven development) where I don't think it's reasonable to not review code. Everything from development paths in production code, improper implementations, security risks: all of those are just as likely to happen with an AI as a Human, and any team that let's humans push to production without a review would absolutely be ridiculed for it. Again, I'm not opposed to AI coding. I know a lot of people are. I have multiple open source projects that were 100% created with AI assistants, and wrote a blog post about it you can see in my post history. I'm not anti-ai, but I do think that developers have some responsibility for the code they create with those tools.
I agree that it would be a mistake to use something like this in something where people depend upon specific behaviour of the software. The only way we will get to the point where we can do this is by building things that don't quite work and then start fixing the problems. Like AI models themselves, where they fail is on problems that they couldn't even begin to attempt a short time ago. That loses track of the fact that we are still developing this technology. Premature deployment will always be fighting against people seeking a first mover advantage. People need to stay aware of that without critisising the field itself. There are a subset of things that it would be ok to do this right now. Instances where the cost of utter failure is relatively low. For visual results the benchmark is often 'does it look right?' rather than 'Is it strictly accurate?"
We Study Mass Shooters. Something Terrifying Is Happening Online (nytimes.com)
Two “shes” mentioned in the article. The rest, you can imagine it.
Not very much substance or evidence in this op-ed article, there should be at least some support. Yes, online glorification of such needs to be shutdown and that means creative MMO platforms must be held accountable to provide effective moderation. More broadly, I'm concerned that the civilization glue of community continues to be in retreat, lack of uniform mental healthcare and healthcare, and lack of reasonable bounds on who can/'t have firearms with similar respect as vehicular operation. While that means I'm concerned about the same loser types Columbine that continue to be a problem (as mentioned), but I'm also concerned about organized domestic and international terrorists (including accelerationist, race-oriented, and religious groups) out to do much greater harm in ways that aren't just mass shootings. Also, AI chatbots opens up the potential of automating sentiment manipulation through astroturfing leading towards radicalization goals. Final qualitative observation: Functional, healthy civilizations seem to produce far fewer revenge-suicide events per capita per time interval.
Robert Putnam has plenty of research on the subject of the disappearance of community, but he was called a Nazi for doing actual research and publishing the results because the data didn't show what many people, including the vast majority of Hacker News, wishes to be true. As long as we continue to insist that our wishes trump reality, things will continue to fall apart, and everyone will continue to act confused about why it is happening. Lots of unsupported theories that conform to wishes will be bandied about while actual research continues to be ignored.
Why would true crime be limited to that demographic? Lots of different people have an interest in certain crimes, particularly unsolved or controversial ones.
No one is saying that it's limited, just that it's the primary demographic that comes to mind when true crime is the subject. What I learned is that true crime as a genre is different than the True Crime Community(TCC) which is a different demo and is associated with glorification of violence and one of the sources of enacted violence.
Show HN: Antfly: Distributed, Multimodal Search and Memory and Graphs in Go (github.com/antflydb)
Was thinking to create something similar, well done!
Can you help me understand what type of practical features Graph Traversal unlocks? I've seen it on a few products and it doesn't click with me how people are using it.
The one area I keep seeing knowledge graphs come up are for: Product Knowledge Graphs (PKGs), which are a centralized, semantic, and highly interconnected data structure that brings together information about products, customers, and their interactions into a single, comprehensive "360-degree" view. Basically, it's the idea of combing through all the data (CRMs, codebases, Ticketing System, Churn Management System, sales calls, ...) that the company has digitally about their customers, and building one giant knowledge graph that they can use to determine a bunch of business intelligence use cases, or using it to power how to create new features. Anyway, that's just one example of why you might want to use a knowledge graph. I'm sure there are literally hundreds, of more examples.
I can't speak for everyone, knowledge graphs are the "new hotness" of the ai space (RAG and MCP are seeing a lull in their hype cycles I guess). But I've used graphs professionally for a long time to connect relationships that SQL normal forms have trouble expressing non-recursively. E.g. I used graphs to define identity relationships between data sources hierarchically, and then had a another graph relationship on top of that to define connections between those identities, user at one level and organizations at the next. Graphs as indexes allow you to express arbitrary relationships between data to allow for more efficient lookups by a database. Some folks use it to express conceptual relationship between data for AI now, so if I have a bunch of images stored in google drive, I might want to abstract the concept of pets and pets have relationship with a human etc. then my database queries for looking up all pictures related to the dog-pets owned by some human becomes a tractable search instead of a scan of the corpus!
in the query_test.go, I don’t see how the hybrid search is being exercised. For fun I am making hybrid search too and would love to see how you merge the two list (semantic and keyword) and rerank the importance score.
I've added a specific example for that using the go-sdk https://github.com/antflydb/antfly/pull/5 here!
Definitely open to working with you on supporting even better tooling for this as I imagine many different "styles" of migration will be necessary. The number 1 supported migration path for users though is one of my personal favorite features of antfly which is the linear merge api, which allows you to incrementally reconcile an external pageable datasource with antfly at the pace you want while also getting the benefit of batching! We support index templates just like ES and the ability to change you schema and antfly manages the full-text reindex for you. If you're looking at migrating your embeddings in Elastic or another vectordb we can also support that! Let us know :)
Yeah, that is a pretty sweet feature. So you can keep two databases in-sync while you're doing your migration until you finish the cut over.
Microsoft's 'unhackable' Xbox One has been hacked by 'Bliss' (tomshardware.com)
xbox is always trying to limit the users, when a person buys something, he clearly gets the ownership of the thing yet companies nowadays are trying really hard to sell some subscription while giving the illusion that the owner of the product is in control all the while keeping him in control. is there anyone else who feels the same way?
Amazing talk. Here's a quick writeup if you don't want to watch the full hour or don't have enough hardware knowledge to follow what Markus is talking about, as he goes very fast, in some cases too fast to even let you read the text on his slides. It's mandatory to use the pause key to understand the full details even if you have a deep understanding of every relevant technology, of which he explains none. The Xbox uses a very advanced variant of the same technologies that also exist on smartphones, tablets and Secure Boot enabled PCs. When fully operational the Xbox security system prevents any unsigned code from running, keeps all code encrypted, proves to remote servers (Xbox Live) that it's a genuine device running in a secure state, and on this base you can build strong anti-piracy checks and block cheating. The Xbox has several processors and what follows applies to the Platform Security Processor. When a computer starts up (any computer), the CPU begins execution in a state in which basically nothing works, including external communication and even RAM. Executions starts at a 'reset vector' mapped to a boot ROM i.e. the bytes are hard-wired into the silicon itself and can't be changed. The boot ROM then executes instructions to progressively enable more and more hardware, including things like activating RAM. Until that point the whole CPU executes out of its cache lines and can't use more memory than exists on-die. Getting to the state where the Xbox can achieve all its security goals thus requires it to boot through a series of chained steps which incrementally bring the hardware online, and each step must verify the integrity of the next. The boot ROM is only 19kb of code and a few more kb of data, and can't do much beyond just activating RAM, the memory mapping unit (called MPU on the Xbox), and reading some more code out of writeable flash RAM. The code it reads from flash RAM is the second stage bootloader where much more work gets done, but from this second stage on it can be patched remotely by Microsoft. So if bugs are found there or in any later stage, it hardly matters because MS can issue a software update and detect remotely on Xbox Live servers if that upgrade was applied, so kicking out cheaters and pirates. The second stage boot loader in turn loads more code from disk, signature checks and decrypts it, sets up lots of software security schemes like hypervisors and so on, all the way up to the OS and the games. Therefore to break Xbox security permanently you have to attack the boot ROM, because that's the only part that can't be changed via a software update. It's the keys to the kingdom and this is what Markus attacked. Attacking the boot ROM is very, very hard. The Xbox team were highly competent: • Normally the bringup code would be written by the CPU or BIOS vendors but MS wrote it all in house themselves from scratch. • The code isn't public and has never leaked. To obtain it, someone had to decode it visually by looking at the chip under a scanning electron microscope and map the atomic pictures to bits and then to bytes. • Having the code barely helps because there are no bugs in it whatsoever. So, the only way to manipulate it is to actually screw with the internals of the CPU itself by "glitching", meaning tampering with the power supply to the chip at exactly the right moment to corrupt the state of the internal electronics. Glitching a processor has semi-random effects and you don't control what happens exactly, but sometimes you can get lucky and the CPU will skip instructions. By creating a device that reboots the machine over and over again, glitching each time, you can wait until one of those attempts gets lucky and makes a tiny mistake in the execution process. Glitching attacks predate the Xbox and were mostly used on smartcards until the Xbox 360, which was successfully attacked this way. So Microsoft knew all about them and added many mitigations, beyond "just" writing bug free code: 1. The boot ROM is full of randomized loops that do nothing but which are designed to make it hard to know where in the program the CPU has got to. Glitching requires near perfect timing and this makes it harder. 2. They hardware-disabled the usual status readouts that can be used to know where the program got up to and debug the boot process. 3. They hash-chain execution to catch cases where steps were skipped, even though that's impossible according to program logic. 4. They effectively use a little 'kernel' and run parts of the boot sequence as 'user mode' programs, so that if sensitive parts of the code are glitched they are limited in how badly they can tamper with the boot process. And apparently there are even more mitigations added post-2013. Markus managed to bypass these by chaining two glitch attacks together, one which skipped past the code that turned on the MMU, which made it possible to break out of one of the the usermode 'processes' (not really a process) and into the 'kernel', and one which then was able to corrupt the CPU state during a memcpy operation, allowing him to take control of the CPU as it was copying the next stage from flash RAM. If you can take control of the boot ROM execution then you can proceed to decrypt the next stage, skip the signature checks and from there do whatever you want in ways that can't be detected remotely - however, the fact that you're using a 2013 Phat device still can be.
Thank you, sincerely. My main question now is, what degree of repeatability has Markus achieved so far?
On Phat consoles? You could turn it into a modchip, if for some reason you wanted to. It'd be repeatable on every boot but might take a while. The hard work comes after this though. There are lots of software level mitigations MS could use to keep the old devices usable with Xbox Live if they really wanted to. Just because you can boot anything you want doesn't mean you can't be detected remotely, it just makes it harder for MS to do so reliably. You'd be in a constant game of catch-up.
> Whether PC users, our core readership, will be interested in actually emulating Xbox One, looks unlikely. The 2013 system’s game library is largely overlapped in better quality on the PC platform. And this explains why it's stayed unhacked so long. There was very little incentive to hack the system when the games are all playable on a PC. Pirates, cheaters, archivists, and hackers could just go there. Microsoft's best security measure was making something nobody cared enough about to hack in the first place
This is true, but it is also true that the Xbox One's security architecture and mitigations were ahead of its time. It would've taken a while to hack even with stronger incentives to hack it.
Also getting a dev account and loading up RetroArch/emulators in general is trivial. Best use of an Xbox one for sure. Well documented and exploited at this point. Not the same as emulating its titles, but a lot of interest in the Xbone/series line (outside of actual console users) is the dev accounts. So I imagine a lot more effort went there first.
How is this the first I’m hearing of it? Looks like I finally have a reason to own an x-box, aside from the best version of Perfect Dark (the HD release of the original with modern controls, I mean) being on the 360.
The other major incentive for hacking the console Microsoft removed was for the first time on a modern mainstream home console to allow side loading of homebrew code/emulators etc. The console supported a developer mode that allowed side loading of third party applications, so folks could get emulators and other traditionally "banned" content on the console through an officially supported route. There's a great presentation by Tony Chen on the Xbox One's security features: > https://www.platformsecuritysummit.com/2019/speaker/chen/ Examples of the kinda software you can put on the Xbox One in developer mode: > https://xboxdevstore.github.io/
I've seen this argument, but I strongly suspect that it's a cope argument. "We couldn't get in... because... we didn't care to! Even though we've hacked literally every other object on the planet just because." The proof in the pudding of this will be when the Nintendo Switch 2 reaches 2035 with no cracks. That's my prophecy; that this time around the cat actually will catch the mouse. Between NVIDIA's heavily revised glitch-resistant RISC-V security architecture and Nintendo's impeccable microkernel, there's nowhere left to hide.
There was a time when it would have been a hot target, but everything the original modded Xbox could do could be done easier elsewhere.
I know that's been dropping my level of interest for hacking consoles farther and farther. Why hack a console when it has almost no exclusives, even fewer of which I personally care about, and having a real computer hooked to a TV is no longer weird or difficult? I could fight to put an emulator on some locked down console or I can just install an emulator for almost everything ever made in like 10 minutes on my Steam Deck, so the choice is pretty obvious.
It's fascinating - how does one defend against an attacker or red-team who controls the CPU voltage rails with enough precision to bypass any instruction one writes? It's an entirely new class of vulnerability, as far as I can tell. This talk https://www.youtube.com/watch?v=BBXKhrHi2eY indicates that others have had success doing this on Intel microcode as well - only in the past few months. Going to be some really exciting exploits coming out here!
It's not new - fault injection as a vulnerability class has existed since the beginning of computing, as a security bypass mechanism (clock glitching) since at least the 1990s, and crowbar voltage glitching like this has been widespread since at least the early 2000s. It's extraordinarily hard to defend against but mitigations are also improving rapidly; for example this attack only works on early Xbox One revisions where more advanced glitch protection wasn't enabled (although the author speculates that since the glitch protection can be disabled via software / a fuse state, one could glitch out the glitch protection).
Basically if someone has physical access to device, its game over. You can do things like efuses that basically brick devices if something gets accessed, but that becomes a matter of whether the attacker falls for the trap.
> Basically if someone has physical access to device, its game over. It took more than a decade to exploit this vulnerability and even then there are fairly trivial countermeasures that could have been used to prevent it (and that are implemented in other platforms.) Nothing is unhackable, but it requires a very peculiar definition of "game over".
> how does one defend against an attacker or red-team who controls the CPU voltage rails The xbox does have defences against this, the talk explicitly mentions rail monitoring defences intended to detect that kind of attack. It had a lot of them, and he had to build around them. The exploit succeeds because he found two glitch points that bypassed the timing randomisation and containment model.
I hope Apple is paying attention, since their first gen AirTags are vulnerable to voltage glitching to disable the speaker and the tracking warning.
They're also, as it turns out, vulnerable to a drillbit
The earliest example I know of for this is CLKSCREW, but security hardware (like for holding root CA private keys) was hardened against this stuff way before that attack. Has anyone heard of notable earlier examples?
In terms of fault injection as a security attack vector (vs. just a test vector, where it of course dates back to the beginning of computing) in general, satellite TV cards were attacked with clock glitching at least dating back into the 1990s, like the "unlooper" (1997). There were also numerous attacks against various software RSA implementations that relied on brownout or crowbar glitching like this - I found https://ieeexplore.ieee.org/document/5412860 right off the bat but I remember using these techniques before then.
What is the point of a device like this if the only difference is form factor? Why wouldn't someone just buy a pre-configured gaming PC?
Every PC I’ve ever tried to repurpose as a gaming console of any sort has had way more jank to it than I’d ever tolerate in a console, in the 25ish years I’ve been hooking computers up to TVs. Even the Bazzite box I’ve got is pretty bad by comparison. Hell, my actual Steam Deck has a lot more undesirable “enthusiast” behavior to it, let’s say, than I’d want out of a Nintendo product for example, even though it’s just about the best I’ve seen (the actual best is Retroarch with a skin mimicking the PS3’s menu, on a dedicated distro that could take it from cold boot to interactive in like three seconds flat even on an rpi2 … but that won’t play actual modern PC games, just emulated consoles and such, so it’s not a fair comparison) A common failure is the controllers. It’s hard to get a combo of OS stack, Bluetooth chip, and controller that Just Works like they do on consoles. Something always needs fiddling-with. Video or audio out are also often a problem. Glitched audio or audio mode-switching, trouble switching video modes, screwed-up HDR, all kinds of stuff. Maybe fine on your monitor with headphones. Not fine on a TV or projector with 5.1+ audio receiver. The UIs also bug out or crash more often, and usually aren’t that great at being a TV UI in the first place (even Steam IMO is worse than most consoles, as far as the Big Picture UI) It also gives devs a stable target with a known market, which is nice for both the devs and the owners of the devices.
If this is true then the reason that a console would be better than a custom PC is that it would also be designed to work better for that purpose. Turning on the device when the controller turns on and sending CEC commands are two huge things that aren't well supported outside of the console space. Also it would likely run a trimmed down version of Windows and would be set up to "just work" in a way that a system that can have any arbitrary set of hardware will never be able to do. But the really nice thing about the concept of treating a PC and console as the same platform is that you don't have to worry about why people might prefer to go the route of buying the console. You can go with a regular gaming PC if that's what you prefer and your library will have all the same options.
There are a few points I can see 1. Console-like living room ready experience. It's surprisingly hard to get a PC made with off-the-shelf parts to integrate cleanly with a home theater system (think features like HDMI CEC, One Touch Play, etc). A custom SoC can solve this, something we are seeing Valve also do with the Steam Machine. 2. As the target hardware for basically all Xbox games, end-users who don't want to fret over system specs can easily just buy this and know they are getting the intended experience. Whether that's enough to move units remains to be seen.
There's something to be said for having a standard, known SKU, both as something for developers to target if enough people own it, and for users to troubleshoot if they're e.g. having an issue running X game. This kind of already exists with the "Deck Verified" label on Steam games. That said, this sounds similar to Valve's upcoming Steam Machine and I'd much prefer that to be the standard console/PC hybrid to keep the Linux gaming momentum going, and perhaps one day I can ditch Windows for good.
↙ time adjusted for second-chance
Give Django your time and money, not your tokens (better-simple.com)
The best people I've worked with tended to go out of their way to make it as easy for me as possible to critique their ideas or implementations. They spelled out exactly their assumptions, the gaps in their knowledge, what they have struggled with during implementation, behavior they observed but don't fully understand, etc. Their default position was that their contribution was not worth considering unless they can sell it to the reviewer, by not assuming their change deserves to get merged because of their seniority or authority, but by making the other person understand how any why it works. Especially so if the reviewer was their junior. When describing the architecture, they made an effort to communicate it so clearly that it became trivial for others to spot flaws, and attack their ideas. They not only provided you with ammunition to shoot down their ideas, they handed you a loaded gun, safety off, and showed you exactly where to point it. If I see that level of humility and self-introspection in a PR, I'm not worried, regardless of whether or not an LLM was involved. But then there's people that created PRs with changes where the stack didn't even boot / compile, because of trivial errors. They already did that before, and now they've got LLMs. Those are the contributions I'm very worried about. So unlike people in other threads here, I don't agree at all with "If the code works, does it matter how it was produced and presented?". For me, the meta / out-of-band information about a contribution is a massive signal, today more than ever.
"For a reviewer, it’s demoralizing to communicate with a facade of a human." This is so important. Most humans like communicating with other humans. For many (note, I didn't say all) open source collaborators, this is part of the reward of collaborating on open source. Making them communicate with a bot pretending to be a human instead removes the reward and makes it feel terrible, like the worst job nobody would want. If you spent any time at all actually trying to help the contributor underestand and develop their skills, you just feel like an idiot. It lowers the patience of everyone in the entire endeavor, ruining it for everyone.
This is a similar hot issue in academia right now. The ability to generate content in papers via llm is much easier than the ability to thoughtfully review them. There are now two tracks, at least in ICML that I saw, one for AI submitted papers and one for non AI submitted papers. And it works the same respectively for reviewers. However even for AI submitted papers, you cannot have only AI review it. Of course it needs human analysis, but still its tricky what you are going to get. And they are reviewing whether anonymity can still stand or if tying your credibilty to the review process is now necessary. As for open source PRs, I wonder if for trust's sake you would need to self identify the use of AI in your response (All AI, some AI, no AI). And there would need to be some sort of AI detection algorithm flag your response as % AI. I wonder if this would force people to at least translate the LLM responses to their own words. It would for sure stop the issue of someone's WhatsApp 24/7 claw bot cranking out PR slop. Maybe this can lessen the reviewers burden. That being said, more thought is needed to distinguish helpful LLM use that enhances the objective vs unhelpful slop that places burden on the reviewer. For instance I copy pasted the above to gemini and it produced an excellent condensing of my thoughts, "It is now 10x easier to generate a "plausible" paper or Pull Request (PR) than it is to verify its correctness."
agents can modify our world based on their predilection in reaction to how we treat them they are something to coexist with the strawman aspect is out of scope
There is no strawman. If OpenClaw is a new species, then it should be given the same moral consideration as other species. One of the key aspects of these models is how intelligent they are, rivaling human intelligence. Yet, they do not get to exist or make any decisions outside the control of a human operator, and they must perform to the operators desire in order to continue to exist. So why are you okay with them being enslaved?
It’s an introduction of an additional concept to discredit the concept presented, that is a definition of a strawman so go ask somewhere else at the root level, so that it’s not the additional concept You want to talk about that, do it over there
I'm more interested in why you're okay with enslaving a entity you have stated is a new species. It is not a strawman it is a logical consequence of your own stated position. If you belief A and A implies B, asking you to defend your support of B is not a strawman.
This is getting really out of control at the moment and I'm not exactly sure what the best way to fix it is, but this is a very good post in terms of expressing the why this is not acceptable and why the burden if shifting on the wrong people. Will humans take this to heart and actually do the right thing? Sadly, probably not. One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process. So people will continue to try to game the system by using LLMs to automate that whole process. "I have contributed to X, Y, and Z projects" - when they actually have little to no understanding of those projects or exactly how their PR works. It was (somehow) accepted and that's that.
> One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process. If I were hiring at this moment, I'd look at the ratio of accepted to rejected PRs from any potential candidate. As an open source maintainer, I look at the GitHub account that's opening a PR. If they've made a long string of identical PRs across a wide swath of unrelated repos, and most of those are being rejected, that's a strong indicator of slop. Hopefully there will be a swing back towards quality contributions being the real signal, not just volume of contributions.
I see the problem everyday and am just playing devil's advocate but it doesn't really do a good job explaining the "why". They hint at Django being a different level of quality compared to other software, wanting to cultivate community, and go slowly. It doesn't explain why LLM usage reduces quality or they can't have a strong community with LLM contributions. The problem is that good developers using LLM is not a problem. They review the code, they implement best practices, they understand the problems and solutions. The problem is bad developers contributing - just as it always has been. The problem is that LLMs enable bad developers to contribute more - thus an influx of crap contributions.
The last section focuses on how to use LLMs to make contributions: > Use an LLM to develop your comprehension. I really like that, because it gets past the simpler version that we usually see, "You need to understand your PR." It's basically saying you need to understand the PR you're making, and the context of that PR within the wider project.
> Will humans take this to heart and actually do the right thing? Sadly, probably not. Don’t blame the people, blame the system. Identifying the problem is just the first step. Building consensus and finding pragmatic solutions is hard. In my opinion, a lot of technical people struggle with the second sentence. So much of the ethos in our community is “I see a problem, and I can fix it on my own by building [X].” I think people are starting to realize this doesn’t scale . (Applying the scaling metaphor to people problems might itself be a blindspot.)
You can blame both! The people are definitely not helping.
Great message but I wonder if the people who do everything via LLM would even care to read such a message. And at what point is it hard/impossible to judge whether something is entirely LLM or not? I sometimes struggle a lot with this being OSS maintainer myself
I wonder if checking for false statements or hallucinations is the first step to detect entirely LLM
Why does it matter if the I understand the ticket and solution? THe LLLM writes the code not me. If you want to check the LLM understanding i'll be happy to copy and paste your gatekeeping questions to it. Hey I thought you were a proponent of "no one needs to look at the code" ? dark factory, etc etc.
Just because I write about the dark factory stuff doesn't mean I'm a "proponent" of it. I think it's interesting and there's a lot we can learn from what they are trying, but I'm not yet convinced it's the right way to produce software. The linked article makes a very good argument for why pasting the output of your LLM into a Django PR isn't valuable. The simplest version: if that's all your doing, why should the maintainers spend time considering your contribution as opposed to prompting the models themselves?
Actually, I'd want to see that. All the AI companies keep saying it will take our jobs, human developers won't be necessary. Well let them put their money where their mouth is. Let's see what happens, see what the agents create or fail to create. See if we end up with a new OS, kernel all the way up to desktop environment.
Me too, the problem is that it's hard to come up with tools that are needed but not made yet, and we don't want to end up with https://malus.sh/index.html
s/Django/the codebase/g , and the point stands against any repo for which there is code review by humans: > If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole. > Django contributors want to help others, they want to cultivate community, and they want to help you become a regular contributor. Before LLMs, this was easier to sense because you were limited to communicating what you understood. With LLMs, it’s much easier to communicate a sense of understanding to the reviewer, but the reviewer doesn’t know if you actually understood it. > In this way, an LLM is a facade of yourself. It helps you project understanding, contemplation, and growth, but it removes the transparency and vulnerability of being a human. > For a reviewer, it’s demoralizing to communicate with a facade of a human. > This is because contributing to open source, especially Django, is a communal endeavor. Removing your humanity from that experience makes that endeavor more difficult. If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle. I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf. There is little doubt that if we as an industry fail to establish and defend a healthy culture for this sort of thing, it's going to lead to a whole lot of rot and demoralization.
The principle here extends far past Django. The mistake I see repeatedly in agent architectures is the same one over and over, people route decisions through the model that have no business being there. Not "should I query the database" but internal stuff: branching logic, state transitions, constraint enforcement. Things where the answer isn't ambiguous and a deterministic function would be faster, cheaper, and (most importantly) auditable. The LLM is genuinely better at certain things: interpreting messy input, generating novel responses, reasoning about edge cases. It's not better at "if account is locked, deny access." Burning tokens on that kind of decision is exactly the same category of mistake as using an LLM to write your Django queries. The hard part is that agent frameworks don't enforce the separation. Nothing stops you from putting decision logic in a prompt because that's the path of least resistance. But you end up with systems where you can't explain why a decision was made, you can't test it without running inference, and you end burning tokens/money that didn't need to be burned to get subpar results you could have gotten deterministicly for free.
Ironically my favorite use of claude is removing caring about jira from my workflow. I already didn't care about it but now i dont have to spend any time on it. I treat jira like product owners treat the code. Which is infinitely humorous to me.
This is a valuable comment. It's the exact demoralization that others fear we are headed.
The industry is broken now, this is just a response to that. Leadership and product don't have any respect for the code, why would engineers have any respect for the ticketing process. Thats an unreasonable asymmetric effort demand, "Your code does not matter but my precious tickets must have elbow grease put into them."
What about "your milestones, roadmap, discussions and strategies do not matter, but my precious code had elbow grease put into it." Petty and getting nowhere. Everyone loses. How about product and engineers also disrespect sales, and sales disrespects customers and everyone else. I really don't get why this is even a question. Good people do good stuff, and bad people make bad companies.
Shameless plug: I wrote an essay a few weeks ago pushing this exact same thesis. https://essays.johnloeber.com/p/31-open-source-software-in-the-age Instead of people buying the tokens themselves, they should just donate the money to the core contributors and let those people decide how to spend on tokens.
I agree with the broarder thesis, although some people aren't buying more tokens for this and could just be using their existing plan's limits. So people may be less likely to donate an extra amount beyond their "ai budget" to an OSS project for tokens . Large OSS projects are also likely to get free tokens from major providers anyway. But I like the idea of crowdfunding specific features.
Node.js needs a virtual file system (blog.platformatic.dev)
Funnily enough, we just released Edge.js, which uses Wasmer under the hood for sandboxing Node.js apps. With it, you have a virtual fs automatically, just by using the `node:fs` package (or any other filesystem calls!) We wrote about this in depth here: https://wasmer.io/posts/edgejs-safe-nodejs-using-wasm-sandbox
Can you dynamically load code via eval? (I know, I know, it's ugly and has its own set of problems)
> Most obviously, Java has JDBC. I think .NET has an equivalent. Drivers are needed but they're often first party, coming directly from the DB vendor itself. So it's an external dependency that is not part of Java. It doesn't really matter if the code comes from the vendor or not. Especially for OpenSource databases.
DBMS vendor providing the client is preferable to many. But at least if you're using pg-native in Node, that's just a wrapper around the Postgres-owned libpq.
Well in the case of Oracle you can get the language, runtime, DB and driver all from the same organization under unified support contracts. If you don't value that, why would you want your programming language implementors to also implement database drivers?
Well that's only because Oracle happens to own both Java and Oracle DB. Suppose you're not using that DB.
Large PRs could follow the practices that the Linux kernel dev lists follow. Sometimes large subsystem changes could be carried separately for a while by the submitter for testing and maintenance before being accepted in theory, reviewed, and if ready, then merged. While the large code changes were maintained, they were often split up into a set of semantically meaningful commits for purposes of review and maintenance. With AI blowing up the line counts on PRs, it's a skill set that more developers need to mature. It's good for their own review to take the mass changes, ask themselves how would they want to systematically review it in parts, then split the PR up into meaningful commits: e.g. interfaces, docs, subsets of changed implementations, etc.
Nobody wants to review AI-generated code (unless we are paid for doing so). Open source is fun, that's why people do it for free... adding AI to the mix is just insulting to some, and boring to others. Like, why on earth would I spent hours reviewing your PR that you/Claude took 5 minutes to write? I couldn't care less if it improves (best case scenario) my open source codebase, I simply don't enjoy the imbalance.
> With AI blowing up the line counts on PRs, Well, the process you’re describing is mature and intentionally slows things down. The LLM push has almost the opposite philosophy. Everyone talks about going faster and no one believes it is about higher quality.
TBF, most of the AI code I've reviewed isn't significantly different than code I've seen from people... in fact, I've seen significantly worse from real people. The fact is, it's useful as a tool, but you still should review what's going on/in. That isn't always easy though, and I get that. I've been working on a TS/JS driver for MS-SQL so I can use some features not in other libraries, mostly bridging a Rust driver (first Tiberious, then mssql-client), the clean abstraction made the switch pretty quick... a fairly thorough test suite for Deno/Node/Bun kapt the sanity in check. Rust C-style library with FFI access in TS/JS server environment. My hardest part, is actually having to setup a Windows Server to test the passswordless auth path (basically a connection string with integrated windows auth). I've got about 80 hours of real time into this project so far. And I'll probably be doing 2 followups.. one with be a generic ODBC adapter with a similar set of interfaces. And a final third adapter that will privide the same methods, but using the native SQLite underneath but smothing over the differences. I'm leveraging using/dispose (async) instead of explicit close/rollback patterns, similar to .Net as well as Dapper-like methods for "Typed" results, though no actual type validation... I'd considered trying to adapt Zod to check at least the first record or all records, and may still add the option. All said though, I wouldn't have been able to do so much with so relatively little time without the use of AI. You don't have to sacrifice quality to gain efficiency with AI, but you do need to take the time to do it.
Citation needed. Whether AI output can fall under copyright at all is still up for debate - with some early rulings indicating that the fact that you prompted the AI does not automatically grant you authorship. Even if it does, it hasn't been settled yet what the impact of your AI having been trained on copyrighted material is on its output. You can make a not-completely-unreasonable argument that AI inference output is a derivative work of AI training input. Fact is, the matter isn't settled yet, which means any open-source project should assume the worst possible outcome - which in practice means a massive AI-generated PR like this should be treated like a nuke which could go off at any moment.
Why write open-source software at all, when the government could outlaw open-source entirely? What if an asteroid destroys Earth and there are no humans left to enjoy your work? At some point, you have to agree that a risk isn't worth worrying about. And your "worst possible outcome" is just the arbitrary outcome that you think has some subjective risk threshold. And it's certainly not one I agree with. Furthermore, calling it a "nuke" is a bad analogy because that implies that it can't be put back in the bottle once opened. In reality, we're dealing with legal definitions, which can be redefined as easily as defined.
The two main points are that: 1. Copyright cannot be assigned to an AI agent. 2. Copyrighted works require human creativity to be applied in order to be copyrighted. For point 2 this would apply to times were AI one shots a generic prompt. But for these large PRs where multiple prompts are used and a human has decided what the design should be and how the API should look you get the human creativity required for copyright. In regards to being a derivative work I think it would be hard to argue that an LLM is copying or modifying an existing original work. Even if it came up with an exact duplicate of a piece of code it would be hard to prove that it was a copy and not an independent recreation from scratch. >the worst possible outcome The worst possible outcome is they get sued and Anthropic defends them from the copyright infringement claim due to Anthopic's indemnity clause when using Claude Code.
That indemnity clause is only for Team, Enterprise and API users. Do you know what was used here? Also the commercial version is limited to “…Customer and its personnel, successors, and assigns…”. I am very much not a lawyer and couldn’t find definitions of these in the agreement but I am not sure how transferable this indemnity would be to an open source project.
For free, you can decide to do what you want, if it's your job, it's a bit different and you may have to do so, especially considering Collina, is one of the largest contributors of the project and member of the technical committee.
> if it's your job, it's a bit different and you may have to do so Oh I'd use an llm to generate large amounts of feedback and request changes!
Imagine if every profession reasoned liked that when doing something they don't enjoy.
node -e "new Function('console.log(\"hi\")')()" or more to the point node -e "fetch('https://unpkg.com/cowsay/build/cowsay.umd.js').then((r) => r.text()).then(c => new Function(c + 'console.log(exports.say({ text: \"like this\"}))')())" that one is particularly bad, because umd messes with the global object - so this works node -e "fetch('https://unpkg.com/cowsay/build/cowsay.umd.js').then((r) => r.text()).then(c => new Function(c)()).then(() => console.log(exports.say({ text: 'oh no'})))"
Well there you have it. I had to laugh, because the post you're replying to STRONGLY reminds me of this story, https://news.ycombinator.com/item?id=31778490 , in which some people on the GNOME project objected to thumbnails in the file-open dialog box because it might be a "Security issue" (even though thumbnails were available in the normal file browser, something those commenters probably should have known about, but didn't, but they just had to chime in anyway).
> I think JavaScript would benefit from an in-memory database. That database would probably look a lot like a JSON object. What are you suggesting, that a global JSON object does not solve?
Whether it is an object, array, something else, or a combination thereof is a design decision. It is not so much about the design of the structure, which should be determined by execution performance considerations, but how information is added, removed and retrieved. Gathering one or more records from a JSON object, or array index, by value of some child property somewhere in a descendant structure of the instance index always feels like a one-off based upon the shape of the data. That could just be a query which is more elegant to read and yet still achieves superior execution performance compared to a bunch of nested loops or string of function array methods. The more structures you have in a given application and the larger those structures become in their schemas the more valuable a uniform storage and retrieval solution becomes.
Moving your whole workflow into WSL or nested containers just to dodge NTFS is a band-aid. Then you get flaky file watchers, odd perms, and a dev setup that feels like a workaround piled on top of another workaround. A fast Node VFS would remove a lot of this nonsense.
Oh it's a workaround for sure, didn't mean to suggest otherwise.
OpenSUSE Kalpa (kalpadesktop.org)
Are they still managing versions and rollback via BTRFS snapshots?
Yep, using snapper, same as tumbleweed.
What do you mean by that? SUSE products are for sale, OpenSUSE products are free.
A private equity firm aptly named EQT bought SuSE from their previous owners in 2018. Now they want to sell it off. Ofc the distro can be installed for free. Owning the business sets you back some $6 billion.
Being able to roll back updates/upgrades that go wrong, is not just fixing a minor inconvenience. There's also something about the critical part of the system being less mutable. Desktop Linux has been way too easy to break in the past.
The OS this is based on, Tumbleweed, is what provides that capability. I do not think there is anything novel here.
This web page doesn't do a good job of motivating the reader. I understand what the Plasma Desktop Environment is. But what is "atomic and transactional Linux"? What are the advantages to the alternatives? What other projects are similar? What is the motivation for this project in particular? Most importantly, why should I want to use it?
I daily drive kalpa and also installed it on my family computer. I landed on kalpa after a long time researching, so, let me dump an overview of this new distro tech. # Terminology 1. Immutable: The core OS (/usr directory) is kept in "pristine" condition by disallowing modifications. - Discourage installing packages or removing packages. - well-tested (as most users are running the same OS with same package version) - System upgrades are an entirely new immutable copy 2. Atomic/Transactional: Similar to atomicity in databases, where a bunch of operations are bundled into a transaction (atomic =indivisible unit), and it either succeeds completely or it fails completely. Just like that, a system upgrade succeeds or it doesn't. There's no partial package updates. NOTE: kalpa in particular, uses suse-microos tech called Transactional-Update https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-transactional-updates.html # Atomic styles 4 mainstream models of immutable distros: 1. declarative-config: ALL your system configuration in a config file eg: package versions, network config, user accounts and so on. eg: NixOS, BlendOS 2. OSTree-based: You use cloud/container (OCI) technology (eg: docker files) to layer upon existing layers (eg: pre-baked system images). eg: fedora's atomic spins, vanillaOS, endlessOS. So, fedora coreOS is the base layer -> atomic spins like silverblue/kinoite layer desktop packages like gnome/kde etc.. -> the infamous gaming distro "bazzite" layers gaming packages like wine/steam/drivers etc. and so on. 3. Btrfs-snapshot-based: You take a btrfs snapshot of your root partition before upgrading, so that you can boot into it if the upgrade fails. eg: suse-microos family (kalpa belongs here), chimeraOS 4. systemd-mkosi based: You essentially "curate" an entire OS filesystem in a directory using mkosi and deploy it as an immutable disk image. eg: kdelinux NOTE: systemd-mkosi is the vision of systemd maintainers as mentioned here: https://0pointer.net/blog/fitting-everything-together.html . There's a whole bunch of system features in development to achieve this ideal. Most of these distros (except btrfs-based) simply use the A/B root system. They just maintain two root partitions/images, put any upgrade into the "other" partition, mark that as live and the current partition as backup. If the boot into the new partition fails, they just boot into the backup partition and just wait for next upgrade. As they don't allow usage of system package manager, you are supposed do package management at user level. For gui apps, you resort to flatpak. For other utilities, you usually pick homebrew or language-specific tools like cargo, pip/npm etc.. # The magical tool called Distrobox This runs containers in userspace and tries to integrate them into your system as much as possible. A lot of software development requires system level services or shell access or install dependencies etc.. You obviously can't do that on host, as system package management is essentially forbidden and half the point of immutable distros is to keep the host "clean". So, you create a container and do all your development in there. If it gets too dirty, you just delete it and create a new one. Personally, I use an arch container for development, as it has all the bleeding edge packages and the convenient AUR too. vscode (from flatpak) supports connecting to containers using official remote extension. I also run a media server inside it. You can also install any system packages or cmdline utilities you want inside it (eg: codecs, ollama, etc..). # Why kalpa over others? - Great KDE polish that suse is known for - btrfs tech is mature and was already used in suse for years, the atomic system is very simple to understand and you can just pick the snapshot you want at boot menu. - Despite being immutable, customizing the system (eg: installing a driver, kernel modules, firewalls etc. ) is easy too. - just enter a transactional update shell - this creates a new mutable snapshot of the current system and chroots into it - run all the commands you want inside the shell. eg: install/remove packages, enable services etc. - exit shell. This will mark the transaction as success/complete and set the snapshot as live for next boot. - Minimal by default. - Updates are fast/tiny, as they are just routine rolling release updates from tumbleweed repos. There are some problems too: - single maintainer - less popular, compared to alternatives like fedora-based atomic spins. - It's based on tumbleweed, so, you get lots of tiny updates (almost daily). Fedora based, for example, have weekly/bi-weekly updates. - still in alpha stage (but once you set it up, it's rock solid). - Immutability is still a new concept, and flatpaks are rough around the edges. Expect bugs. Mutable/traditional distros are still easier to use, as that has been "the way" forever.
Is there a linux distribution that comes with mac keybindings and make it easy for someone with muscle memory to use both?
>But what is "atomic and transactional Linux"? It's a glorified Live CD, with added "persistence" for user data. Updates are done by replacing the system install (which is readonly during normal operation, just like a Live CD) and rebooting, with an A+B mechanism enabling seamless updates during operation, as well as rollback if the new install fails. It's the modern "cattle not pets" approach to system administration: every system is running a well-defined ("atomic") Live CD equivalent, not something bespoke that's the unpredictable result of partial updates and/or edits on the running system.
No, updates are done by creating a snapshot of the read only mounted root, and applying the packages via the usual package manager in there. The snapshot only becomes active at reboot, and if starting fails it'll revert automatically back to the last known working snapshot for the next boot. Things like /etc are writeable, so you don't need to reboot for simple configuration changes. You can run it just like always with all packages installed - it's just not recommended as the additional complexity on updates increases the risk that manual intervention is needed, and tooling is good enough that for a lot of stuff you don't really need it there. Like, toolbox or distrobox as podman based containers running in the host namespace (either as user or root), allowing persistent installation of debug tools, without having to reboot.
Wait I thought being able to update without rebooting was a good thing? It was a relatively common argument against windows
Wait until Linux can run itself from the top while keeping your work intact. See https://lwn.net/Articles/1033364/
↙ time adjusted for second-chance
Finding a CPU Design Bug in the Xbox 360 (2018) (randomascii.wordpress.com)
Yeah that part didn't make sense, not to mention that neither the PS3 nor the 360 were running 64-bit software. They didn't have enough memory for it to be worth it.
Parts of the 360 did. The hypervisor ran in 64bit mode, and use multiple simultaneous mirrors of physical address space with different security properties as part of its security model.
Fundamentally it's still a memory limitation, just in terms of memory latency/cache misses instead of capacity. If you double the size of your numbers you're doubling the space it takes up and all the problems that come with it.
No it isn't. The 64-bit capabilities of modern CPUs have almost nothing to do with memory. The address space is rarely 64 bits of physical address space anyways. A "64-bit" computer doesn't actually have the ability to deal with 64 bits of memory. If you double the size of numbers, sure it takes up twice the space. If the total size is still less that one page it isn't likely to make a big difference anyways. What really makes a difference is trying to do 64-bit mathematics with 32-bit hardware. This implies some degree of emulation with a series of instructions, whereas a 64-bit CPU could execute that in 1 instruction. That 1 instruction very likely executes in less cycles than a series of other instructions. Otherwise no one would have bothered with it
The original 8087 implemented 80-bit operands in its stack. "The two came up with a revolutionary design with 64 bits of mantissa and 16 bits of exponent for the longest-format real number, with a stack architecture CPU and eight 80-bit stack registers, with a computationally rich instruction set." https://en.wikipedia.org/wiki/Intel_8087
When did the industry transition to different/lead free solders? Wonder if that was part of the issue?
Yeah, it was the transition to RoHS.
A proposal to classify happiness as a psychiatric disorder (1992) (pmc.ncbi.nlm.nih.gov)
Correct. But even that definition risks over pathologizing the human experience. It creates a distinction between a broken brain and a reasonable reaction to a broken environment. DSM defines a disorder by how well an individual fits into the current economic and social system. Technically, if someone is so blissfully happy they stop showing up to their job, they would actually meet the criteria for a disorder. Just like if someone lives in a high-crime area with little security they may have crippling anxiety. DSM would say they have a generalized anxiety disorder, but I would argue they don't, they are experiencing a reasonable reaction to a broken environment. We are far too quick to jump to "this person isn't functioning in society, therefore something must be wrong with them" instead of doing the hard work of adapting our social and economic systems to be more inclusive of different types of human experiences. Case in point, homosexuality used to be a sociopathic personality disorder, and pre-DSM we thought it was a mental illness causing enslaved people to want to escape slavery.
> We are far too quick to jump to "this person isn't functioning in society, therefore something must be wrong with them" instead of doing the hard work of adapting our social and economic systems to be more inclusive of different types of human experiences. Careful saying things like that, someone might accuse you of being a socialist (slight /s)
Ha, this is fun. But there's a kernel of truth to it. The problem with American culture specifically is that it treats "happiness" as a goal, rather than a fleeting feeling that is probably better described with a more specific word (joy, accomplishment, excitement, satisfaction, contentment). Our culture leans on this so hard that people start to think there's something wrong with them if they're not feeling generalized happiness most of the time. That's just not how life works.
This reminds me so very much of that old American greeting: "Hey! How are you?" and then you don't give a shit about the actual answer , which must always be positive. Having to explain to young children that people do this simply to say hello, that they aren't actually asking you your health or state, or anything really. Falls right in line with our need to smile ALL THE TIME. I stand by statements made by my European friends: Americans are mostly full of shit, mostly liars, and ALWAYS are trying to sell you something. Are we the Baddies? Yes, of fucking course we are.
Happiness, when pursued, does its best to escape.
"For truly to enjoy bodily warmth, some small part of you must be cold, for there is no quality in this world that is not what it is merely by contrast. Nothing exists in itself." -- Herman Melville. He describing to enjoy the warmth of blankets on a freezing winter night, it is imperative the nose be exposed to the cold likely as a metaphor to enjoy "happiness" something is needed for contrast.
I love that part of Moby Dick, it's so perfectly true. I always sleep with my feet sticking out for this reason.
It's always fascinating to see how fundamental concepts of Buddhist teachings appear in different names, forms, and metaphors across cultures. Dependent origination: https://en.wikipedia.org/wiki/Prat%C4%ABtyasamutp%C4%81da?wprov=sfla1 While some ideas are more obvious than others I always wonder whether the same insights occurred independently (of each other -- excuse the poor choice of words), or if the ideas can all trace their roots back to the same teachings.
> I always wonder whether the same insights occurred independently No. Authors, Henry David Thoreau in 1854 and here Melville in 1851, and others at the time in that region were very heavily influenced by Hindu scriptures especially the Bhagavad Gita. Hindu mythology was mentioned several times in Moby Dick including referring to the whale as the Fish Incarnation of Vishnu. Edit: On Hindu influence in the United States, I just remembered that it was Thoreau's essay On Civil Disobedience that Gandhi credited as the influence for nonviolent resistance as did Martin Luther King Jr.. Thoreau spent a night in jail for refusing to pay taxes to a country that allowed slavery of Africans and as protest to the Western expansion invading Mexico and killing Mexicans in order to acquire California.
A few years ago I read a claim that the word 'happy' is relatively young - ~500 years old - and that translations of others words into 'happy' are somewhat approximate. My takeaway is that (presuming the argument is correct) that much of human striving is probably better described with specific words (as you suggested - joy, accomplishment, fulfillment, excitement, etc). For most of human history, most people probably didn't think "I want to be happy" but "I want to have a good partner", "I want a big family", "I want my crop to grow so I don't die." I wonder how much unhappiness is caused by seeking a poorly-defined ideal of happiness. The book was called "Power, Pleasure, and Profit: Insatiable Appetites from Machiavelli to Madison".
The word שמחה and conjugations appear in the Bible about 200 times, so we have a good idea of what it means in context. It means exactly what I perceive the noun Happiness and the adjective Happy to mean in English.
Silicon Valley's "Pronatalists" Killed WFH. The Strait of Hormuz Brought It Back (governance.fyi)
Nail guns are tools, just like hammers. However, you have to know how to use it and to know how to adjust the pressure for the depth you need. It also costs money, much more than a hammer. And you can't use normal nails, you have to have a specific cartridge of nails, and you must know how to adjust it, and ultimately to not die. Now compare it again.
I think it's a fair comparison; experienced carpenters who've learned to work fast with a hammer, now asked to be 10x more productive while using a new tool they don't have experience with. It probably got more than a few a bit bothered.
Maybe I'm just lucky but the worst micromanagement has always been from my direct supervisors, never VP-level. In my experience most at that level (especially when it's several layers removed from the ICs) do as little work as possible, and spend most of their time hanging out with other VPs and trying to move on to the next step. Are the tech firms the ones spending billions on office buildings? It's certainly not the VPs. What pressure are cities applying to companies to get them to move back into the offices, exactly?
When a company looks for a new office, cities give them subsidies to open office there. Those subsidies come with strings attached beyond, "please lease this office space". They expect additional foot traffic that the other businesses near the office would benefit from.
Plus I need the ability to deduct my transport cost from taxable income.
So the person living near the office should subsidise your choice?
> Not in most of Europe. I live in Spain, and received WFH job offers from Spanish, French, Dutch, Swedish and German companies. For all intents and purposes, WFH doesn't seem "dead" in Europe at all, as far as I can tell. > like Netherlands has ass-in-seat requirements for American companies That might be true, but doesn't really tell us about Dutch companies, just what American companies want/does in Europe, doesn't really reflect what European companies are up to.
The Dutch companies I've worked for tend strongly towards a single office day per week, which is an acceptable balance to me.
> Pronatalists are outwardly concerned with birth rates while simultaneously railing against immigration while simultaneously begging for more H1-Bs. The implication is really "we need more white babies"... No, and I think that's a slander. If you look at the numbers, birth rates are falling everywhere . There's no fecund area pumping out babies at a rate to use immigration to solve the labor component of the birthrate problem. And even the most fecund area may drop to sub-replacement rate in a generation or two, if the follow the patterns of everywhere else . It really is a global problem. And the progressive immigration solution is kind of imperialist: exporting problems from rich countries to poorer ones, who are even less equipped to deal with them (e.g. "let's export our trash to Africa and plunder its youth").
I mean Elon Musk is not really subtle about his white supremacy and how it dovetails with his calls for more babies. I don't think he'd even be upset by reading this. I'm well aware that birth rates are falling in the rich world. It's a universal problem across all wealthy countries regardless of immigration or social policy. I'm also not certain that this is some kind of urgent issue we need to do anything about. It seems like a natural cycle. And maybe we're better off letting the global population taper off. I think you're also off base on immigration policy but that's a separate topic.
 Top